User

A framework-agnostic auth/session primitive. Subclass User, plug in a cache driver, then read and write the session through bound methods (login, logout, get, set, can). Class-based — each instance owns its userData, permissions, and (optional) event listener. There’s no React adapter and no global store; for cross-module access to “the current user”, use the module-level getCurrentUser pointer.

Highlighted features

Subclass `User`

Inherit from User, declare your cacheDriver + optional overrides. Methods (login, logout, can) come free.

Pluggable storage

Cache driver is a 3-method interface (get, set, remove). Cookies, localStorage, IndexedDB, @mongez/cache — your choice.

Dot-notation permissions

user.can(“posts.create”) reads nested permission trees. Set the whole tree with setPermissions, query with paths.

Lifecycle events

boot, login, logout, change, keyChange all dispatch through @mongez/events. Drive UI re-renders, audit logs, side effects.

Install

npm install @mongez/user

yarn add @mongez/user

pnpm add @mongez/user

@mongez/events and @mongez/reinforcements install automatically. No peers to wire.

Quick peek

import { User as BaseUser, UserCacheDriverInterface } from "@mongez/user";

class AppUser extends BaseUser {
  protected cacheDriver: UserCacheDriverInterface = myDriver;
}

const user = new AppUser();
user.boot();                                        // hydrate from cache on reload
user.login({ id: 1, name: "Ada", accessToken: "eyJhbGc..." });
user.isLoggedIn();                                  // true
user.can("posts.create");                           // dot-notation permission check

Subclass User, plug in a cache driver, then read/write the session through bound methods.

Mental model

Concept	What it is
User	A typed user payload + bound methods. One instance per app, typically.
Cache driver	Three methods (`get` / `set` / `remove`) — anything that persists data.
Events	Optional pub/sub for `boot` / `login` / `logout` / `change` / `keyChange`.
Current user	Module global — `setCurrentUser` / `getCurrentUser`. Single shared slot.
Permissions	Plain object on the instance. Replaced via `setPermissions`, queried via `can(dot.path)`.

Class hierarchy

UserInterface  (type contract)
     │
     ▼
   User       (base class — abstract in practice)
     │
     ▼
  AppUser     (your subclass — declares cacheDriver and any overrides)

UserEventsListener is a separate class instantiated on user.events during boot() when events are enabled.

Scope boundaries

Concern	Lives in	Why
Login UI / forms / network calls	Your app	This library manages state, not transport
Storage primitive (cookies, localStorage, IDB)	The cache driver you supply	Keeps the package storage-agnostic
App-wide reactive state	`@mongez/atom`	A different abstraction. Compose if you need both
Event bus	`@mongez/events`	Shared dep; events dispatched there
Object/string utilities	`@mongez/reinforcements`	Used internally for dot-notation

Where to go next

Current user — setCurrentUser, getCurrentUser, module-level pointer
User manager — subclassing User, boot, login, logout
Permissions — setPermissions, can, dot-notation queries
Cache drivers — implementing UserCacheDriverInterface
Events — UserEventsListener, the five lifecycle hooks
Recipes — common patterns (token refresh, role gating)