在 Manus 中运行任何 Skill
一键导入
一键导入
一键在 Manus 中运行任何 Skill
开始使用hive-auth
星标0
分支0
更新时间2026年2月13日 16:15
How authentication works in Hive framework
安装
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
SKILL.md
readonly菜单
How authentication works in Hive framework
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Hive framework structure and conventions. Apply when working with this codebase.
How to create external services in Hive framework
Database operations in Hive framework
How to create API endpoints in Hive framework
How to create event handlers in Hive framework
Schema mappings for auto-syncing embedded documents
| name | hive-auth |
| description | How authentication works in Hive framework |
| globs | ["src/resources/auth/**/*.js"] |
| alwaysApply | false |
Hive provides auth infrastructure but no built-in auth endpoints. You implement login/signup yourself.
tokens collection - stores access tokensattachUser middleware - loads user from tokenisAuthorized middleware - requires authallowNoAuth middleware - skips authaccess_token or Authorization: Bearer headertokens collectionusers collectionctx.state.user{
_id: string,
user: { _id: string },
token: string,
metadata: object (optional),
}
1. Create token helper:
// src/resources/auth/methods/createToken.js
import db from 'db';
import crypto from 'crypto';
const tokenService = db.services.tokens;
export default async (ctx, { userId, metadata }) => {
const token = crypto.randomBytes(32).toString('hex');
await tokenService.create({
token,
user: { _id: userId },
...(metadata && { metadata }),
});
ctx.cookies.set('access_token', token, {
httpOnly: false,
expires: new Date(Date.now() + 10 * 365 * 24 * 60 * 60 * 1000),
});
return { token };
};
2. Login endpoint:
// src/resources/auth/endpoints/login.js
import { z } from 'zod';
import db from 'db';
import bcrypt from 'bcrypt';
import createToken from '../methods/createToken';
export const handler = async (ctx) => {
const { email, password } = ctx.validatedData;
const user = await db.services.users.findOne(
{ email },
{ isIncludeSecureFields: true }
);
ctx.assert(user, 401, 'Invalid credentials');
const valid = await bcrypt.compare(password, user.password);
ctx.assert(valid, 401, 'Invalid credentials');
const { token } = await createToken(ctx, { userId: user._id });
return { user, token };
};
export const middlewares = ['allowNoAuth'];
export const endpoint = { url: '/login', method: 'post' };
export const requestSchema = z.object({
email: z.string().email(),
password: z.string(),
});
3. Logout endpoint:
// src/resources/auth/endpoints/logout.js
import { z } from 'zod';
import db from 'db';
export const handler = async (ctx) => {
await db.services.tokens.remove({ token: ctx.state.accessToken });
ctx.cookies.set('access_token', null);
return { success: true };
};
export const endpoint = { url: '/logout', method: 'post' };
export const requestSchema = z.object({});
// src/resources/users/users.schema.js
password: z.coerce.string().nullable().optional(),
// Hide from responses
export const secureFields = ['password'];
Browser (cookies):
await fetch('/auth/login', { method: 'POST', credentials: 'include', body });
API (header):
await fetch('/tasks', { headers: { Authorization: `Bearer ${token}` } });