chore(core): reorder param inputs (#1164)

Author: NathanFlurry

examples/better-auth-external-db/src/backend/registry.ts

@@ -16,10 +16,10 @@ interface Message {
 
 export const chatRoom = actor({
 	// onAuth runs on the server & before connecting to the actor
-	onAuth: async (c: OnAuthOptions) => {
+	onAuth: async (opts: OnAuthOptions) => {
 		// Access Better Auth session
 		const authResult = await auth.api.getSession({
-			headers: c.request.headers,
+			headers: opts.request.headers,
 		});
 		if (!authResult) throw new Unauthorized();
 

examples/tenant/README.md

@@ -70,29 +70,6 @@ This tenant system demonstrates:
 - **Dashboard Stats**: Access to basic member statistics only
 - **No Invoice Access**: Cannot view or manage billing information
 
-## Security Features
-
-### Authentication
-```typescript
-// Token-based authentication
-createConnState: async (c, { params }) => {
-  const token = params.token;
-  const { userId, role } = await authenticate(token);
-  return { userId, role };
-}
-```
-
-### Authorization
-```typescript
-// Server-side permission checks
-getInvoices: (c) => {
-  if (c.conn.role !== "admin") {
-    throw new UserError("Permission denied: Admin role required");
-  }
-  return c.state.invoices;
-}
-```
-
 ### Data Isolation
 - Organization-scoped data using actor keys
 - User context stored in connection state
@@ -217,4 +194,4 @@ To test the role-based access control:
 
 ## License
 
-Apache 2.0
+Apache 2.0

internal-docs/CONFIG_TYPES.md

@@ -4,13 +4,20 @@
 
 - All types must be included in `ActorTypes` so the user can hardcode types
 
-- If using input parameters for inferring types, they must be raw parameters. e.g.:
+- If using input parameters for inferring types, they must be raw parameters. They also must be the last parameter. e.g.:
 
     ```typescript
-    // It's hard for users to infer TConnParams
+    // DO NOT DO THIS:
+    // It's hard for users to infer TConnParams because they would have to import & use an extra type
     onAuth: (opts: OnAuthOpts<TConnParams>) => TAuthData,
-    // Because you would have to import & use an extra type
-    onAuth: (opts: OnAuthOpts<MyConnParam>) => TAuthData,
+
+    // DO NOT DO THIS:
+    // If you only want to access `opts`, you'll have to also define `params`
+    onAuth: (params: TConnParams, opts: OnAuthOpts) => TAuthData,
+
+    // DO THIS:
+    // This allows you to not accept `params` and only access `opts`
+    onAuth: (opts: OnAuthOpts, params: TConnParams) => TAuthData,
     ```
 
 - When inferring via return data, you must use a union. e.g.:

packages/core/fixtures/driver-test-suite/auth.ts

@@ -3,8 +3,8 @@ import { actor, UserError } from "@rivetkit/core";
 // Basic auth actor - requires API key
 export const authActor = actor({
 	state: { requests: 0 },
-	onAuth: (params) => {
-		const apiKey = (params as any)?.apiKey;
+	onAuth: (opts, params: { apiKey?: string } | undefined) => {
+		const apiKey = params?.apiKey;
 		if (!apiKey) {
 			throw new UserError("API key required", { code: "missing_auth" });
 		}
@@ -27,9 +27,9 @@ export const authActor = actor({
 // Intent-specific auth actor - checks different permissions for different intents
 export const intentAuthActor = actor({
 	state: { value: 0 },
-	onAuth: (params, { request, intents }) => {
+	onAuth: ({ request, intents }, params: { role: string }) => {
 		console.log("intents", intents, params);
-		const role = (params as any)?.role;
+		const role = params.role;
 
 		if (intents.has("create") && role !== "admin") {
 			throw new UserError("Admin role required for create operations", {
@@ -80,8 +80,8 @@ export const noAuthActor = actor({
 // Async auth actor - tests promise-based authentication
 export const asyncAuthActor = actor({
 	state: { count: 0 },
-	onAuth: async (params) => {
-		const token = (params as any)?.token;
+	onAuth: async (opts, params: { token?: string } | undefined) => {
+		const token = params?.token;
 		if (!token) {
 			throw new UserError("Token required", { code: "missing_token" });
 		}

packages/core/fixtures/driver-test-suite/conn-params.ts

@@ -3,9 +3,9 @@ import { actor } from "@rivetkit/core";
 export const counterWithParams = actor({
 	onAuth: () => {},
 	state: { count: 0, initializers: [] as string[] },
-	createConnState: (c, { params }: { params: { name?: string } }) => {
+	createConnState: (c, opts, params: { name?: string }) => {
 		return {
-			name: params?.name || "anonymous",
+			name: params.name || "anonymous",
 		};
 	},
 	onConnect: (c, conn) => {

packages/core/fixtures/driver-test-suite/conn-state.ts

@@ -16,7 +16,8 @@ export const connStateActor = actor({
 	// Define connection state
 	createConnState: (
 		c,
-		{ params }: { params?: { username?: string; role?: string } },
+		opts,
+		params: { username?: string; role?: string },
 	): ConnState => {
 		return {
 			username: params?.username || "anonymous",

packages/core/fixtures/driver-test-suite/lifecycle.ts

@@ -8,13 +8,13 @@ export const counterWithLifecycle = actor({
 		count: 0,
 		events: [] as string[],
 	},
-	createConnState: (c, params: ConnParams) => ({
+	createConnState: (c, opts, params: ConnParams) => ({
 		joinTime: Date.now(),
 	}),
 	onStart: (c) => {
 		c.state.events.push("onStart");
 	},
-	onBeforeConnect: (c, params) => {
+	onBeforeConnect: (c, opts, params: ConnParams) => {
 		if (params?.trackLifecycle) c.state.events.push("onBeforeConnect");
 	},
 	onConnect: (c, conn) => {

packages/core/fixtures/driver-test-suite/raw-http-auth.ts

@@ -5,8 +5,8 @@ export const rawHttpAuthActor = actor({
 	state: {
 		requestCount: 0,
 	},
-	onAuth: (params) => {
-		const apiKey = (params as any)?.apiKey;
+	onAuth: (opts, params: { apiKey?: string }) => {
+		const apiKey = params.apiKey;
 		if (!apiKey) {
 			throw new UserError("API key required", { code: "missing_auth" });
 		}

packages/core/fixtures/driver-test-suite/raw-websocket-auth.ts

@@ -11,8 +11,8 @@ export const rawWebSocketAuthActor = actor({
 		connectionCount: 0,
 		messageCount: 0,
 	},
-	onAuth: (params) => {
-		const apiKey = (params as any)?.apiKey;
+	onAuth: (opts, params: { apiKey?: string }) => {
+		const apiKey = params.apiKey;
 		if (!apiKey) {
 			throw new UserError("API key required", { code: "missing_auth" });
 		}

packages/core/fixtures/driver-test-suite/request-access-auth.ts

@@ -5,15 +5,7 @@ import { actor } from "@rivetkit/core";
  * onAuth runs on the HTTP server, not in the actor, so we test it separately
  */
 export const requestAccessAuthActor = actor({
-	onAuth: ({
-		request,
-		intents,
-		params,
-	}: {
-		request: Request;
-		intents: Set<string>;
-		params?: { trackRequest?: boolean };
-	}) => {
+	onAuth: ({ request, intents }, params: { trackRequest?: boolean }) => {
 		if (params?.trackRequest) {
 			// Extract request info and return it as auth data
 			const headers: Record<string, string> = {};