Skip to content

feat: Authentication system with WebSocket integration, SSR support, and security enhancements#75

Draft
adiman9 wants to merge 9 commits intomainfrom
auth
Draft

feat: Authentication system with WebSocket integration, SSR support, and security enhancements#75
adiman9 wants to merge 9 commits intomainfrom
auth

Conversation

@adiman9
Copy link
Copy Markdown
Contributor

@adiman9 adiman9 commented Mar 29, 2026
edited
Loading

Summary

This PR introduces a comprehensive authentication system with WebSocket integration, SSR framework support, and enhanced security features for the Hyperstack platform.

Key Changes

🔐 Authentication System (hyperstack-auth + self host reference hyperstack-auth-server)

  • New hyperstack-auth crate with JWT token handling, claims management, and key verification
  • New hyperstack-auth-server for standalone auth service with configurable endpoints. Used as a reference to show how self hosters could add auth.
  • RS256 JWT signing with PEM key support
  • Token lifecycle management (issue, verify, refresh, revoke)
  • Multi-key support for seamless key rotation
  • Comprehensive audit logging and security metrics

🔒 Security Enhancements

  • Token Revocation: Immediate invalidation of compromised tokens
  • Key Rotation: Zero-downtime key rotation with backward compatibility
  • Rate Limiting: Per-client rate limiting on WebSocket connections
  • Audit Logging: Full audit trail for all auth events
  • Auth Enforcement: Mandatory WebSocket authentication with token validation

🌐 SSR Framework Support (@hyperstack/core)

  • Next.js App Router: Native SSR support with async token handling
  • TanStack Start: Integration with TanStack Start framework
  • Vite: SSR support for Vite-based applications
  • Server-side token refresh and connection management

🔌 WebSocket Improvements

  • Authentication middleware for WebSocket connections
  • Client authentication state tracking
  • Graceful reconnection with token refresh
  • Subscription-aware connection management
  • Usage tracking and metrics

📊 SDK Enhancements (hyperstack-sdk)

  • Automatic auth recovery on connection drops
  • Token refresh before expiry
  • Improved error handling with structured error types
  • Connection state machine with auth lifecycle

Testing

  • Unit tests for auth lifecycle
  • Integration tests for WebSocket auth flow
  • SSR handler tests
  • Token revocation and rotation tests

@vercel
Copy link
Copy Markdown

vercel bot commented Mar 29, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
hyperstack-docs Ready Ready Preview, Comment Mar 29, 2026 2:45am

Request Review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@adiman9