@platform/security¶
Location: modules/platform/security/
Dependencies: @platform/core, @platform/socket, @platform/doc, @platform/schema
Overview¶
@platform/security handles all aspects of authentication and authorization within the platform. It provides:
- User entity — Zod-validated user documents stored via
@platform/doc. - Sign-in / sign-up — email/password and social login (Google, Facebook) flows.
- Auth UI components — ready-made pages and cards for authentication screens.
- Profile management — user profile display and editing.
- Server-side guards — middleware to protect socket services and REST routes.
- Publications — reactive user data accessible on the client.
Contexts¶
| Context | Entry point | Contents |
|---|---|---|
client |
src/client/index.ts |
Auth components, ProfileButton, securityUtil |
server |
src/server/index.ts |
Auth middleware, SecurityModule registration |
common |
src/common/index.ts |
User, Profile, SignInForm, SignUpForm schemas/types, publications, IUserService |
Common API¶
import {
User, UserSchema,
Profile, ProfileSchema,
SignInForm, SignInFormSchema,
SignUpForm, SignUpFormSchema,
UserStatusEnum,
userPublication, userAllPublication
} from '@platform/security/common'
| Export | Description |
|---|---|
User |
Authenticated user entity type |
UserSchema |
Zod schema for User |
Profile |
Public user profile type |
ProfileSchema |
Zod schema for Profile |
SignInForm |
Form data type for sign-in |
SignInFormSchema |
Zod schema for SignInForm |
SignUpForm |
Form data type for sign-up |
SignUpFormSchema |
Zod schema for SignUpForm |
UserStatusEnum |
Enum of possible user statuses (active, disabled, …) |
userPublication |
Publication definition for the current user |
userAllPublication |
Publication definition for all users (admin) |
IUserService |
Interface contract for the server user service |
Client API¶
Authentication UI¶
| Export | Description |
|---|---|
AuthPage |
Full-page authentication container (sign-in / sign-up) |
AuthCard |
Card component wrapping an auth form |
AuthButton |
Button that triggers sign-in or sign-up flow |
ProfileButton |
Avatar/menu button showing the current user's profile in the navbar |
Utilities¶
| Export | Description |
|---|---|
securityUtil |
Client helpers — check auth state, get current user, sign out |
Server API¶
The server context is registered via a SecurityModule that hooks into the Express and Socket.io instances provided by @platform/core and @platform/socket.
The server module: - Registers sign-in / sign-up routes on Express. - Sets up session/JWT middleware. - Exposes socket services for authenticated operations. - Publishes user data to subscribed clients.
Usage Example¶
// Client — show login or app depending on auth state
import { AuthPage, securityUtil } from '@platform/security/client'
function Root() {
const user = securityUtil.useCurrentUser()
if (!user) return <AuthPage />
return <App />
}
// Common — validate sign-in data with Zod
import { SignInFormSchema } from '@platform/security/common'
const result = SignInFormSchema.safeParse(formData)