Sessions

Novel maintains a session for each client that comes in via a session cookie. This is handled by https://github.com/fastify/fastify-secure-session. Both application and admin context's are supported.

You can access this session via the request variable in your handler.

app/api/accounts/index.ts
export default async function Route (instance: FastifyInstance) {
    instance.get('/api/v1/account', handler);
    instance.authenticated();
    
    async function handler(request, reply) {
        console.log(request.session);
        reply.status(204);
    }
}

These sessions are the same in both cookie and api key contexts.

There are also additional request variables available to you for convenience.

request.account

This includes details on which user is accessing that request.

request.account = {
    id: string,
    role: string,
    verified: boolean,
};

request.org

This includes details on which organization is being used by the current request

request.org = {
    id: string,
}

Available under

export default function Route(instance) {
    instance.authenticated();
    instance.get('/your/route', handler);
    
    async function handler () {
        reply.send('ONLY FOR AUTHENTICATED USERS');
    }
}

also available under request via

await request.authenticated();

you can also provide an array of roles where the endpoint only responds to the session if they have the role.

API Session

When using an API key, you can respond to requests and scope routes under

export default function Route(instance) {
    instance.authorized();
    instance.get('/your/route', handler);
    
    async function handler () {
        reply.send('ONLY FOR AUTHENTICATED API KEYS');
    }
}

also available under request via

await request.authorized();

You can provide an array of scopes specific to the key if you need to have a more granular control.

Changelog

  • 2024-12-20 - Initial Documentation

Last updated

Was this helpful?