refactor(auth): absorb api-key package into @reloop/auth (expand) (#46)#55
Merged
Conversation
Move generation/hashing helpers to dependency-light @reloop/auth/apikey and validation to @reloop/auth/apikey/validate for the upcoming middleware plugin. Leave @reloop/apikey as a thin re-export shim so existing importers keep working; deletion lands in the contract ticket. Adds unit tests for generate/hash/key-start helpers and isolation coverage that the helpers graph excludes Redis/DB/Elysia. Characterization tripwire still passes via the shim.
Comment on lines
+14
to
+17
| export { | ||
| type ApiKeyValidationResult, | ||
| validateApiKey, | ||
| } from "@reloop/auth/apikey/validate"; |
There was a problem hiding this comment.
Shim Pulls New Runtime Package
When an existing service imports validateApiKey from @reloop/apikey, this shim now resolves through @reloop/auth/apikey/validate. Services that only declare @reloop/apikey can fail under isolated or production dependency resolution because the runtime import now requires the new @reloop/auth package path instead of the old standalone implementation.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
@reloop/apikeyinto the shared auth package (expand step).@reloop/auth/apikey— pure generate / hash / key-start / prefix helpers (no Redis/DB/Elysia).@reloop/auth/apikey/validate— hashed lookup + cache for the middleware plugin to consume next.@reloop/apikeybecomes a thin re-export shim; no importer changes in this PR.Stacked on #54 (#45). Closes #46.
Test plan
bun testinpackages/auth(helpers + isolation — 8 pass)bun run testinapps/backend/auth(tripwire via shim — 6 pass)tsc --noEmitfor@reloop/auth,@reloop/apikey,be-api-keyGreptile Summary
This PR folds API-key code into the shared auth package. The main changes are:
@reloop/auth/apikeyhelper entrypoint.@reloop/auth/apikey/validateRedis and DB validation entrypoint.@reloop/apikeychanged into a compatibility re-export shim.Confidence Score: 4/5
The changed shim is mostly safe, but its new runtime package hop can break stricter service installs.
@reloop/apikeyconsumers.packages/apikey/src/index.ts
Important Files Changed
@reloop/authsubpaths.Reviews (1): Last reviewed commit: "refactor(auth): absorb api-key package i..." | Re-trigger Greptile