feat(frameworks): add @auth/fastify

.gitignore

@@ -113,6 +113,10 @@ docs/docs/reference/solidstart
 # Express
 docs/docs/reference/express
 
+# Fastify
+docs/docs/reference/fastify
+
+
 
 # Adapters
 docs/docs/reference/adapter

.prettierignore

@@ -42,6 +42,9 @@ packages/frameworks-sveltekit/vite.config.{js,ts}.timestamp-*
 # @auth/express
 packages/frameworks-express/providers
 
+# @auth/fastify
+packages/frameworks-fastify/providers
+
 # next-auth
 packages/next-auth/src/providers/oauth-types.ts
 packages/next-auth/css/index.css

docs/components/Code/index.tsx

@@ -14,12 +14,14 @@ Code.NextClient = NextClientCode
 Code.Svelte = SvelteCode
 // Code.Solid = SolidCode;
 Code.Express = ExpressCode
+Code.Fastify = FastifyCode
 
 const baseFrameworks = {
   [NextCode.name]: "Next.js",
   [SvelteCode.name]: "SvelteKit",
   [ExpressCode.name]: "Express",
   // [SolidCode.name]: "SolidStart",
+  [FastifyCode.name]: "Fastify",
 }
 
 const allFrameworks = {
@@ -28,6 +30,7 @@ const allFrameworks = {
   [SvelteCode.name]: "SvelteKit",
   // [SolidCode.name]: "SolidStart",
   [ExpressCode.name]: "Express",
+  [FastifyCode.name]: "Fastify",
 }
 
 const findTabIndex = (frameworks: Record<string, string>, tab: string) => {
@@ -124,3 +127,7 @@ function SvelteCode({ children }: ChildrenProps) {
 function ExpressCode({ children }: ChildrenProps) {
   return <Tabs.Tab>{children}</Tabs.Tab>
 }
+
+function FastifyCode({ children }: ChildrenProps) {
+  return <Tabs.Tab>{children}</Tabs.Tab>
+}

docs/pages/getting-started/installation.mdx

@@ -27,6 +27,13 @@ Start by installing the appropriate package for your framework.
     ```
 
   </Code.Express>
+  <Code.Fastify>
+
+    ```bash npm2yarn
+    npm install @auth/fastify
+    ```
+
+  </Code.Fastify>
 </Code>
 
 <Callout type="info">
@@ -148,6 +155,23 @@ app.use("/auth/*", ExpressAuth({ providers: [] }))
 Note this creates the Auth.js API, but does not yet protect resources. Continue on to [protecting resources](/getting-started/session-management/protecting) for more details.
 
   </Code.Express>
+  <Code.Fastify>
+
+1. Start by importing `FastifyAuth` registering it to your auth API route.
+
+```ts filename="./src/routes/auth.route.ts" {1, 7}
+import { FastifyAuth } from "@auth/fastify"
+import Fastify from "fastify"
+
+// If your app is served through a proxy
+// trust the proxy to allow us to read the `X-Forwarded-*` headers
+const fastify = Fastify({ trustProxy: true })
+fastify.register(FastifyAuth({ providers: [] }), { prefix: "/auth" })
+```
+
+Note this creates the Auth.js API, but does not yet protect resources. Continue on to [protecting resources](/getting-started/session-management/protecting) for more details.
+
+  </Code.Fastify>
 </Code>
 
 ### Setup Authentication Methods

docs/pages/getting-started/integrations.mdx

@@ -26,6 +26,7 @@ Here are the state of planned and released integrations under the `@auth/*` and
 | `@auth/sveltekit`      | Released (experimental) - [docs](https://sveltekit.authjs.dev)                   |
 | `@auth/express`        | Released (experimental) - [docs](https://express.authjs.dev)                     |
 | `@auth/solid-start`    | Released (experimental)                                                          |
+| `@auth/fastify`        | Released (experimental) - [docs](https://fastify.authjs.dev)                     |
 | `@auth/remix`          | Planned                                                                          |
 | `@auth/astro`          | Planned                                                                          |
 | `@auth/nuxt`           | Planned                                                                          |

docs/pages/getting-started/session-management/custom-pages.mdx

@@ -74,6 +74,27 @@ app.use(
 ```
 
 </Code.Express>
+<Code.Fastify>
+
+```ts filename="src/routes/auth.route.ts" {10-12}
+import { FastifyAuth } from "@auth/fastify"
+import Fastify from "fastify"
+import GitHub from "@auth/fastify/providers/github"
+
+const fastify = Fastify({ trustProxy: true })
+
+fastify.register(
+  FastifyAuth({
+    providers: [GitHub],
+    pages: {
+      signIn: "/signin",
+    },
+  }),
+  { prefix: "/auth" }
+)
+```
+
+</Code.Fastify>
 </Code>
 
 To continue setting up the custom page, checkout our [guide on custom pages](/guides/pages/signin).

docs/pages/getting-started/session-management/get-session.mdx

@@ -162,6 +162,31 @@ app.get("/", (req, res) => {
 ```
 
 </Code.Express>
+<Code.Fastify>
+
+```ts filename="app.ts"
+import { getSession } from "@auth/fastify"
+
+// Decorating the reply is not required but will optimise performance
+// Only decorate the reply with a value type like null, as reference types like objects are shared among all requests, creating a security risk.
+fastify.decorateReply("session", null)
+
+export async function authSession(req: FastifyRequest, reply: FastifyReply) {
+  reply.session = await getSession(req, authConfig)
+}
+
+fastify.addHook("preHandler", authSession)
+
+// Now in your route
+fastify.get("/", (req, reply) => {
+  const session = reply.session
+  reply.view("index", { user: session?.user })
+})
+```
+
+Note for TypeScript, you may want to augment the Fastify types to include the `session` property on the reply object.
+
+</Code.Fastify>
 </Code>
 
 If you'd like to extend your session with more fields from your OAuth provider, for example, please check out our ["extending the session" guide](/guides/extending-the-session).

docs/pages/getting-started/session-management/login.mdx

@@ -104,6 +104,11 @@ Just like in other frameworks, you can also pass a provider to the `signIn` func
 The Express package runs server-side and therefore it doesn't make sense to create a "SignIn button component". However, to signin or signout with Express, send a request to the appropriate [REST API Endpoints](/reference/core/types#authaction) from your client (i.e. `/auth/signin`, `/auth/signout`, etc.).
 
   </Code.Express>
+  <Code.Fastify>
+
+The Fastify package runs server-side and therefore it doesn't make sense to create a "SignIn button component". However, to signin or signout with Fastify, send a request to the appropriate [REST API Endpoints](/reference/core/types#authaction) from your client (i.e. `/auth/signin`, `/auth/signout`, etc.).
+
+  </Code.Fastify>
 </Code>
 
 You can also pass a provider to the `signIn` function which will attempt to login directly with that provider. Otherwise, when clicking this button in your application, the user will be redirected to the configured sign in page. If you did not setup a [custom sign in page](/guides/pages/signin), the user will be redirected to the default signin page at `/[basePath]/signin`.
@@ -281,6 +286,11 @@ Client-side is a bit simpler as we just need to import a button `on:click` handl
 The Express package runs server-side and therefore it doesn't make sense to create a "SignIn button component". However, to signin or signout with Express, send a request to the appropriate [REST API Endpoints](/reference/core/types#authaction) from your client (i.e. `/auth/signin`, `/auth/signout`, etc.).
 
 </Code.Express>
+<Code.Fastify>
+
+The Fastify package runs server-side and therefore it doesn't make sense to create a "SignIn button component". However, to signin or signout with Fastify, send a request to the appropriate [REST API Endpoints](/reference/core/types#authaction) from your client (i.e. `/auth/signin`, `/auth/signout`, etc.).
+
+</Code.Fastify>
 </Code>
 
 <Callout>

docs/pages/getting-started/session-management/protecting.mdx

@@ -135,6 +135,65 @@ app.use("/", root)
 ```
 
 </Code.Express>
+<Code.Fastify>
+
+You can protect routes by checking for the presence of a session and then redirect to a login page if the session is not present. This can either be done per route, or for a group of routes using a middleware such as the following:
+
+```ts filename="lib.ts"
+import { getSession } from "@auth/fastify"
+
+export async function authenticatedUser(
+  req: FastifyRequest,
+  reply: FastifyReply
+) {
+  reply.session ??= await getSession(req, authConfig)
+  if (!reply.session?.user) {
+    res.redirect("/login")
+  }
+}
+```
+
+To protect a single route, simply register the preHandler hook to the route as follows:
+
+```ts filename="app.ts"
+import { authenticatedUser } from "./lib.ts"
+
+// This route is protected
+fastify.get("/profile", { preHandler: [authenticatedUser] }, (req, reply) => {
+  const session = reply.session
+  reply.view("profile", { user: session?.user })
+})
+
+// This route is not protected
+fastify.get("/", (req, reply) => {
+  reply.view("index")
+})
+```
+
+To protect a group of routes, create a plugin and register the authenication hook and routes to the instance as follows:
+
+```ts filename="app.ts"
+import { authenticatedUser } from "./lib.ts"
+
+fastify.register(
+  async (instance) => {
+    // All routes on this instance will be protected because of the preHandler hook
+    instance.addHook("preHandler", authenticatedUser)
+
+    instance.get("/", (req, reply) => {
+      reply.view("protected")
+    })
+
+    // Example api route
+    instance.get("/me", (req, reply) => {
+      reply.send(reply.session?.user)
+    })
+  },
+  { prefix: "/protected" }
+)
+```
+
+</Code.Fastify>
 </Code>
 
 ### API Routes
@@ -208,6 +267,11 @@ export const GET: RequestHandler = async (event) => {
 API Routes are protected in the same way as any other route in Express, see [the examples above](/getting-started/session-management/protecting?framework=express#pages).
 
 </Code.Express>
+<Code.Fastify>
+
+API Routes are protected in the same way as any other route in Fastify, see [the examples above](/getting-started/session-management/protecting?framework=fastify#pages).
+
+</Code.Fastify>
 </Code>
 
 ### Next.js Middleware

docs/pages/reference/_meta.js

@@ -9,6 +9,7 @@ export default {
   sveltekit: "@auth/sveltekit",
   express: "@auth/express",
   "solid-start": "@auth/solid-start",
+  fastify: "@auth/fastify",
   warnings: "Warnings",
   errors: {
     title: "Errors",

docs/vercel.json

@@ -48,6 +48,11 @@
       "has": [{ "type": "host", "value": "express.authjs.dev" }],
       "destination": "https://authjs.dev/reference/express"
     },
+    {
+      "source": "/",
+      "has": [{ "type": "host", "value": "fastify.authjs.dev" }],
+      "destination": "https://authjs.dev/reference/fastify"
+    },
     {
       "source": "/:path(.*)",
       "has": [{ "type": "host", "value": "nextjs.authjs.dev" }],

packages/frameworks-fastify/README.md

@@ -0,0 +1,24 @@
+<p align="center">
+   <br/>
+   <a href="https://authjs.dev" target="_blank"><img width="150px" src="https://authjs.dev/img/logo/logo-sm.png" /></a>
+   <h3 align="center">Fastify Auth</a></h3>
+   <h4 align="center">Authentication for Fastify.</h4>
+   <p align="center" style="align: center;">
+      <a href="https://npm.im/next-auth">
+        <img src="https://img.shields.io/badge/TypeScript-blue?style=flat-square" alt="TypeScript" />
+      </a>
+      <a href="https://npm.im/@auth/fastify">
+        <img alt="npm" src="https://img.shields.io/npm/v/@auth/fastify?color=green&label=@auth/fastify&style=flat-square">
+      </a>
+      <a href="https://www.npmtrends.com/@auth/fastify">
+        <img src="https://img.shields.io/npm/dm/@auth/fastify?label=%20downloads&style=flat-square" alt="Downloads" />
+      </a>
+      <a href="https://github.com/nextauthjs/next-auth/stargazers">
+        <img src="https://img.shields.io/github/stars/nextauthjs/next-auth?style=flat-square" alt="Github Stars" />
+      </a>
+   </p>
+</p>F
+
+---
+
+Check out the documentation at [fastify.authjs.dev](https://fastify.authjs.dev).

packages/frameworks-fastify/package.json

@@ -0,0 +1,62 @@
+{
+  "name": "@auth/fastify",
+  "description": "Authentication for Fastify.",
+  "version": "0.0.1",
+  "type": "module",
+  "files": [
+    "*.js",
+    "*.d.ts*",
+    "lib",
+    "providers",
+    "src"
+  ],
+  "exports": {
+    ".": {
+      "types": "./index.d.ts",
+      "import": "./index.js"
+    },
+    "./providers": {
+      "types": "./providers/index.d.ts"
+    },
+    "./adapters": {
+      "types": "./adapters.d.ts"
+    },
+    "./providers/*": {
+      "types": "./providers/*.d.ts",
+      "import": "./providers/*.js"
+    },
+    "./package.json": "./package.json"
+  },
+  "scripts": {
+    "build": "pnpm clean && pnpm providers && tsc",
+    "clean": "rm -rf lib index.* src/lib/providers",
+    "test": "vitest run -c ../utils/vitest.config.ts",
+    "test:debug": "vitest --inspect --inspect-brk --pool threads --poolOptions.threads.singleThread run -c ../utils/vitest.config.ts",
+    "providers": "node ../utils/scripts/providers"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "@auth/core": "workspace:*",
+    "@fastify/formbody": "^7.4.0"
+  },
+  "devDependencies": {
+    "@auth/core": "workspace:experimental",
+    "fastify": "^4.25.2"
+  },
+  "peerDependencies": {
+    "fastify": "^4.25.2"
+  },
+  "keywords": [
+    "Fastify",
+    "Auth.js"
+  ],
+  "author": "Lachie Hill <lachiehill46@gmail.com>",
+  "contributors": [
+    "Rexford Essilfie <rexfordessilfie09@gmail.com",
+    "Lachie Hill <lachiehill46@gmail.com>"
+  ],
+  "repository": "https://github.com/nextauthjs/next-auth",
+  "license": "ISC"
+}

packages/frameworks-fastify/src/adapters.ts

@@ -0,0 +1 @@
+export type * from "@auth/core/adapters"