fastify-xauth-better

requireOrg()

Returns a preHandler that validates org membership and populates request.organization.

requireOrg()

Returns a preHandler middleware that resolves the organization from the request (URL path, header, or session), verifies the authenticated user is a member, and populates request.organization with the full org data plus the user's membership role. Must follow requireAuth() so that request.user is available.

Signature

instance.requireOrg(): (request: FastifyRequest, reply: FastifyReply) => Promise<void>

Params

requireOrg() takes no arguments. Organization ID resolution is configured at the instance level via organizations.orgIdFromUrl or organizations.orgIdHeader.

Returns

A preHandler function. Sets request.organization to:

{
  id: string
  name: string
  slug: string
  logo: string | null
  metadata: object | null
  createdAt: Date
  members: Member[]
  role: string   // the current user's membership role in this org
}

Throws

401 Unauthorized — request.user is not set
400 Bad Request — no organization ID could be resolved from the request
404 Not Found — org does not exist or the user cannot access it
403 Forbidden — user is not a member of the organization
500 Internal Server Error — Better Auth API failure

Examples

Protect a resource that belongs to an org

const userAuth = fastify.xauthbetter.get("user");

fastify.get("/orgs/:orgId/projects", {
  preHandler: [
    userAuth.requireAuth(),
    userAuth.requireOrg(),
  ],
}, async (request) => {
  // request.organization.id, .name, .role are all set
  return { org: request.organization.name };
});

Chain with requireOrgRole for role enforcement

fastify.put("/orgs/:orgId/settings", {
  preHandler: [
    userAuth.requireAuth(),
    userAuth.requireOrg(),
    userAuth.requireOrgRole(["owner", "admin"]),
  ],
}, async (request) => {
  return { updated: true };
});

AI Context

package: "@xenterprises/fastify-xauth-better"
method: fastify.xauthbetter.get(name).requireOrg()
use-when: Fastify preHandler factory that validates org membership and populates request.organization — must follow requireAuth()
usage: { preHandler: [auth.requireAuth(), auth.requireOrg()] }

Edit this pageorReport an issue

requireAuth()

Returns a Fastify preHandler middleware that enforces authentication for a route.

requireOrgRole(roles)

Returns a preHandler that enforces org-scoped role membership on request.organization.