Skip to main content

Purpose

@wacht/react-router/server exposes thin server-auth helpers on top of @wacht/backend. These helpers are request-based. They do not provide a middleware serialization layer like the Next.js package.

Imports

import {
  authenticateRequest,
  authFromHeaders,
  getAuth,
  requireAuth,
  wachtClient,
  createWachtServerClient,
} from '@wacht/react-router/server'

Exported helpers

getAuth(request, options?)

Returns normalized auth for the current request. 
const auth = await getAuth(request, {
  publishableKey: process.env.WACHT_PUBLISHABLE_KEY,
})

requireAuth(request, options?)

Loads auth and immediately applies auth.protect(). 
const auth = await requireAuth(request, {
  publishableKey: process.env.WACHT_PUBLISHABLE_KEY,
})

authenticateRequest(request, options?)

Returns both normalized auth and response headers that must be forwarded. 
const { auth, headers } = await authenticateRequest(request, options)
Use this when the request can rotate or exchange session state. You must merge headers into the final response. Example: 
const { auth, headers } = await authenticateRequest(request, {
  publishableKey: process.env.WACHT_PUBLISHABLE_KEY,
})

if (!auth.userId) {
  throw redirect('/sign-in', { headers })
}

return json({ userId: auth.userId }, { headers })

authFromHeaders(headers)

Deserializes normalized auth from headers that already contain the backend auth transport header. This is only useful if your request pipeline already persisted those headers.

Returned auth shape

The auth object is WachtAuth from @wacht/backend: 
type WachtAuth = {
  userId: string | null
  sessionId: string | null
  organizationId: string | null
  workspaceId: string | null
  organizationPermissions: string[]
  workspacePermissions: string[]
  has: (check: PermissionCheck) => boolean
  protect: (options?: ProtectOptions) => Promise<void>
}
This surface is normalized. It does not expose raw JWT claims.

Backend API client

const client = await wachtClient()

const client = createWachtServerClient({
  apiKey: process.env.WACHT_API_KEY,
  name: 'jobs',
})

Source references