-
Notifications
You must be signed in to change notification settings - Fork 1
Description
Problem
Backend-Service defines WXYCRole locally (keyof typeof WXYCRoles) with no compile-time link to @wxyc/shared. If a role is added or removed in shared, Backend-Service won't see a type error.
Approach
Add @wxyc/shared as a dependency and re-export WXYCRole, Authorization, and roleToAuthorization from the shared package, with a compile-time assertion that local roles are a subset of shared roles.
Key design decisions
-
One-directional assertion (
keyof typeof WXYCRoles extends SharedWXYCRole): shared includes "admin" which Backend-Service maps to "stationManager" vianormalizeRole()rather than defining as a separate better-auth role. -
ImplementedRoletype: Introduced to representkeyof typeof WXYCRoles(the 4 roles with better-auth access control implementations).normalizeRole()returnsImplementedRolesince it always maps to a role that exists inWXYCRoles.
Files Changed
| File | Change |
|---|---|
.npmrc |
New: GitHub Packages registry config |
shared/authentication/package.json |
Add @wxyc/shared dependency |
shared/authentication/src/auth.roles.ts |
Re-export WXYCRole from shared, add type assertion |
shared/authentication/tsup.config.ts |
Add @wxyc/shared to externals |
jest.unit.config.ts |
Add @wxyc/shared to transform, extend transform to .js |
tests/tsconfig.json |
Add allowJs: true |
.github/workflows/test.yml |
Add NPM_TOKEN env to install steps |
tests/unit/authentication/shared-type-compatibility.test.ts |
New: compatibility tests |
Prerequisites
The NPM_TOKEN GitHub Actions secret must be set in the Backend-Service repo for CI to install @wxyc/shared from GitHub Packages.
Part of
Compile-Time Authorization Enforcement plan (PR 5 of 5). See also dj-site PRs #135, #136, #260.