Pass treatPendingAsSignedOut to auth on clerkMiddleware

Author: LauraBeatris

.changeset/sixty-carpets-stare.md

@@ -0,0 +1,20 @@
+---
+'@clerk/astro': patch
+---
+
+Introduce `treatPendingAsSignedOut` option to `getAuth` and `auth` from `clerkMiddleware`
+
+```ts
+const { userId } = getAuth(req, locals, { treatPendingAsSignedOut: false })
+```
+
+```ts
+clerkMiddleware((auth, context) => {
+  const { redirectToSignIn, userId } = auth({ treatPendingAsSignedOut: false })
+
+  // Both `active` and `pending` sessions will be treated as authenticated when `treatPendingAsSignedOut` is false
+  if (!userId && isProtectedRoute(context.request)) {
+    return redirectToSignIn()
+  }
+})
+```

packages/astro/src/server/clerk-middleware.ts

@@ -5,6 +5,7 @@ import { isDevelopmentFromSecretKey } from '@clerk/shared/keys';
 import { handleNetlifyCacheInDevInstance } from '@clerk/shared/netlifyCacheHandler';
 import { isHttpOrHttps } from '@clerk/shared/proxy';
 import { handleValueOrFn } from '@clerk/shared/utils';
+import type { PendingSessionOptions } from '@clerk/types';
 import type { APIContext } from 'astro';
 
 import { authAsyncStorage } from '#async-local-storage';
@@ -244,8 +245,8 @@ function decorateAstroLocal(clerkRequest: ClerkRequest, context: APIContext, req
   context.locals.authStatus = status;
   context.locals.authMessage = message;
   context.locals.authReason = reason;
-  context.locals.auth = () => {
-    const authObject = getAuth(clerkRequest, context.locals);
+  context.locals.auth = ({ treatPendingAsSignedOut }: PendingSessionOptions = {}) => {
+    const authObject = getAuth(clerkRequest, context.locals, { treatPendingAsSignedOut });
 
     const clerkUrl = clerkRequest.clerkUrl;
 

packages/astro/src/server/get-auth.ts

@@ -36,18 +36,16 @@ export const createGetAuth = ({ noAuthStatusMessage }: { noAuthStatusMessage: st
       authReason,
     };
 
-    let authObject;
-
     if (authStatus !== AuthStatus.SignedIn) {
-      authObject = signedOutAuthObject(options);
+      return signedOutAuthObject(options);
     }
 
     const jwt = decodeJwt(authToken as string);
-    // @ts-expect-error -- Restrict parameter type of options to only list what's needed
-    authObject = signedInAuthObject(options, jwt.raw.text, jwt.payload);
+    // @ts-expect-error - TODO: Align types
+    const authObject = signedInAuthObject(options, jwt.raw.text, jwt.payload);
 
     if (treatPendingAsSignedOut && authObject.sessionStatus === 'pending') {
-      authObject = signedOutAuthObject(options);
+      return signedOutAuthObject(options);
     }
 
     return authObject;