saas

Author: hotlong

.mcp.json

@@ -0,0 +1,8 @@
+{
+  "mcpServers": {
+    "chrome-devtools": {
+      "command": "chrome-devtools-mcp",
+      "args": []
+    }
+  }
+}

apps/server/objectstack.config.ts

@@ -82,6 +82,7 @@ export default defineStack({
     new AuthPlugin({
       secret: process.env.AUTH_SECRET ?? 'dev-secret-please-change-in-production-min-32-chars',
       baseUrl,
+      plugins: { organization: true },
     }),
     new SecurityPlugin(),
     new AuditPlugin(),

framework.code-workspace

@@ -0,0 +1,11 @@
+{
+	"folders": [
+		{
+			"path": "."
+		},
+		{
+			"path": "../object-ui"
+		}
+	],
+	"settings": {}
+}

packages/plugins/plugin-auth/src/objects/sys-session.object.ts

@@ -65,6 +65,16 @@ export const SysSession = ObjectSchema.create({
       label: 'User Agent',
       required: false,
     }),
+
+    active_organization_id: Field.text({
+      label: 'Active Organization ID',
+      required: false,
+    }),
+
+    active_team_id: Field.text({
+      label: 'Active Team ID',
+      required: false,
+    }),
   },
 
   indexes: [

packages/plugins/plugin-hono-server/src/hono-plugin.ts

@@ -158,7 +158,7 @@ export class HonoServerPlugin implements Plugin {
                 // the better-auth `bearer()` plugin can deliver rotated
                 // session tokens to cross-origin clients (see plugin-auth).
                 // User-supplied exposeHeaders are merged with this default.
-                const defaultAllowHeaders = ['Content-Type', 'Authorization', 'X-Requested-With'];
+                const defaultAllowHeaders = ['Content-Type', 'Authorization', 'X-Requested-With', 'X-Tenant-ID'];
                 const defaultExposeHeaders = ['set-auth-token'];
                 const allowHeaders = corsOpts.allowHeaders ?? defaultAllowHeaders;
                 const exposeHeaders = Array.from(new Set([