npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

smackza-auth-core

v1.2.0

Published

Shared authentication utilities for Smackza services

Downloads

8

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

hmaheshwari05hmaheshwari05

Keywords

authenticationfirebasemulti-tenantfastifysmackza

Readme

@smackza/auth-core

Shared authentication utilities for Smackza services, providing multi-tenant Firebase authentication, role-based access control, and header processing utilities.

Features

  • 🔥 Multi-tenant Firebase: Support for both admin and tenant-specific Firebase configurations
  • 🛡️ Role-based Access Control: Comprehensive RBAC with predefined roles and permissions
  • 🔧 Header Processing: Utilities for extracting and building authentication headers
  • Fastify Integration: Ready-to-use middleware for Fastify applications
  • 📝 TypeScript: Full TypeScript support with comprehensive type definitions
  • 🧪 Validated: Zod schemas for request validation

Installation

npm install @smackza/auth-core

Quick Start

Basic Fastify Integration

import { createFirebaseAuth, extractAuthHeaders, UserRole } from '@smackza/auth-core';

// Create Firebase auth decorator
const firebaseAuth = createFirebaseAuth({
  enableLogging: true,
  getRestaurantFirebaseConfig: async (restaurantId) => {
    // Your logic to get restaurant-specific Firebase config
    return await getConfigFromDatabase(restaurantId);
  }
});

// Use in route
app.register(async function (fastify) {
  fastify.get('/protected', {
    preHandler: firebaseAuth()
  }, async (request, reply) => {
    return { user: request.users };
  });
});

Header Processing

import { extractAuthHeaders, buildAdapterHeaders } from '@smackza/auth-core';

// Extract auth headers from request
const { authToken, loginSource } = extractAuthHeaders(req.headers);

// Build headers for API calls
const headers = buildAdapterHeaders(authToken, loginSource);

Role-based Access Control

import { requireRole, UserRole } from '@smackza/auth-core';

// Protect route with role requirement
const handler = requireRole([UserRole.RestaurantOwner], async (req, reply) => {
  return { message: 'Only restaurant owners can access this' };
});

API Reference

Authentication

extractAuthHeaders(headers)

Extract authentication headers from request headers.

buildAdapterHeaders(authToken?, loginSource?)

Build headers for adapter service calls.

requireRole(allowedRoles, handler)

Create role-protected route handler.

Firebase

MultiTenantFirebase.initializeForRequest(config, getConfig?)

Initialize Firebase for a specific request context.

verifyFirebaseToken(admin, token, restaurantId?)

Verify Firebase ID token and extract user claims.

Types

import {
  UserRole,
  UserInfo,
  AuthHeaders,
  AuthContext,
  RouteConfig
} from '@smackza/auth-core';

User Roles

  • SuperAdmin: Full system access
  • RestaurantOwner: Restaurant ownership access
  • RestaurantManager: Restaurant management access
  • RestaurantUser: Restaurant staff access
  • RestaurantEmployee: Restaurant employee access
  • Customer: Customer access
  • SameUser: Self-access authorization

Configuration

Multi-tenant Firebase

The package supports both admin and tenant-specific Firebase configurations:

const config = {
  restaurantId: 'uuid-here',
  loginSource: 'mobile', // or 'web'
  isAdminContext: false
};

const admin = await MultiTenantFirebase.initializeForRequest(
  config,
  getRestaurantFirebaseConfig
);

Public Routes

Define routes that bypass authentication:

const publicRoutes = [
  { type: 'exact', value: '/health', description: 'Health check' },
  { type: 'prefix', value: '/docs', description: 'Documentation' },
  { type: 'pattern', value: /^\/api\/v1\/auth/, description: 'Auth endpoints' }
];

Error Handling

The package provides comprehensive error handling:

import { UnauthorizedError, ForbiddenError, getFirebaseErrorMessage } from '@smackza/auth-core';

try {
  await verifyFirebaseToken(admin, token);
} catch (error) {
  const message = getFirebaseErrorMessage(error);
  reply.status(401).send({ error: message });
}

Migration from Existing Code

From Yum

// Before
import { FirebaseAuth } from '@api/decorators/firebase-auth';
import { extractAuthHeaders } from '@api/utils/auth';

// After
import { createFirebaseAuth, extractAuthHeaders } from '@smackza/auth-core';

From Yum-Clover-Adapter

// Before
import { verifyToken, UserRole } from '../auth/utils';

// After
import { verifyFirebaseToken, UserRole } from '@smackza/auth-core';

License

MIT