way better auth middleware, enroll team server fn and pb fn
This commit is contained in:
yohlo
@@ -1,4 +1,4 @@
|
||||
import { createMiddleware, createServerFn } from "@tanstack/react-start";
|
||||
import { createMiddleware, createServerFn, ServerFnResponseType } from "@tanstack/react-start";
|
||||
import { getWebRequest } from "@tanstack/react-start/server";
|
||||
import { getSessionForSSR } from "supertokens-node/custom";
|
||||
import UserRoles from "supertokens-node/recipe/userroles";
|
||||
@@ -6,17 +6,18 @@ import UserMetadata from "supertokens-node/recipe/usermetadata";
|
||||
import { getSessionForStart } from "@/lib/supertokens/recipes/start-session";
|
||||
import { Logger } from "@/lib/logger";
|
||||
import z from "zod";
|
||||
import { refreshSession } from "supertokens-node/recipe/session";
|
||||
|
||||
const logger = new Logger('Middleware');
|
||||
|
||||
const verifySuperTokensSession = async (request: Request) => {
|
||||
const verifySuperTokensSession = async (request: Request, response?: ServerFnResponseType) => {
|
||||
const session = await getSessionForStart(request, { sessionRequired: false });
|
||||
|
||||
if (session?.needsRefresh) {
|
||||
logger.info("Session needs refresh");
|
||||
if (session?.needsRefresh && response) {
|
||||
logger.info("Session refreshing...");
|
||||
refreshSession(request, response);
|
||||
return { context: { needsRefresh: true } };
|
||||
}
|
||||
|
||||
const userAuthId = session?.userId;
|
||||
|
||||
if (!userAuthId) {
|
||||
@@ -34,7 +35,7 @@ const verifySuperTokensSession = async (request: Request) => {
|
||||
metadata,
|
||||
session: {
|
||||
accessTokenPayload: session.accessTokenPayload,
|
||||
sessionHandle: session.sessionHandle
|
||||
sessionHandle: session.sessionHandle,
|
||||
}
|
||||
}
|
||||
};
|
||||
@@ -42,35 +43,61 @@ const verifySuperTokensSession = async (request: Request) => {
|
||||
|
||||
export const superTokensRequestMiddleware = createMiddleware({ type: 'request' })
|
||||
.server(async ({ next, request }) => {
|
||||
const context = await verifySuperTokensSession(request);
|
||||
return next(context as any);
|
||||
const session = await verifySuperTokensSession(request);
|
||||
|
||||
if (!session.context.userAuthId) {
|
||||
logger.error('Unauthenticated user in API call.', session.context)
|
||||
throw new Error('Unauthenticated')
|
||||
}
|
||||
|
||||
const context = {
|
||||
userAuthId: session.context.userAuthId,
|
||||
roles: session.context.roles,
|
||||
metadata: session.context.metadata
|
||||
}
|
||||
|
||||
return next({ context })
|
||||
});
|
||||
|
||||
export const superTokensFunctionMiddleware = createMiddleware({ type: 'function' })
|
||||
.server(async ({ next }) => {
|
||||
.server(async ({ next, response }) => {
|
||||
const request = getWebRequest();
|
||||
const session = await verifySuperTokensSession(request, response);
|
||||
|
||||
const context = await verifySuperTokensSession(request);
|
||||
return next(context as any);
|
||||
})
|
||||
if (!session.context.userAuthId) {
|
||||
logger.error('Unauthenticated user in server function.', session.context)
|
||||
throw new Error('Unauthenticated')
|
||||
}
|
||||
|
||||
export const superTokensRoleFunctionMiddleware = createMiddleware({ type: 'function' })
|
||||
.server(async ({ next, context }) => {
|
||||
const { roles } = context as any;
|
||||
return next(({ context: { roles } }));
|
||||
const context = {
|
||||
userAuthId: session.context.userAuthId,
|
||||
roles: session.context.roles,
|
||||
metadata: session.context.metadata
|
||||
}
|
||||
return next({ context });
|
||||
})
|
||||
|
||||
export const superTokensAdminFunctionMiddleware = createMiddleware({ type: 'function' })
|
||||
.server(async ({ next }) => {
|
||||
.server(async ({ next, response }) => {
|
||||
const request = getWebRequest();
|
||||
const session = await verifySuperTokensSession(request);
|
||||
const session = await verifySuperTokensSession(request, response);
|
||||
|
||||
const { roles } = session?.context as any;
|
||||
if (roles?.includes('Admin')) {
|
||||
return next(({ context: { roles } }));
|
||||
if (!session.context.userAuthId) {
|
||||
logger.error('Unauthenticated user in admin function.', session.context)
|
||||
throw new Error('Unauthenticated')
|
||||
}
|
||||
|
||||
logger.error('User reached admin function without admin role', next);
|
||||
const context = {
|
||||
userAuthId: session.context.userAuthId,
|
||||
roles: session.context.roles,
|
||||
metadata: session.context.metadata
|
||||
}
|
||||
|
||||
if (context.roles?.includes('Admin')) {
|
||||
return next(({ context }));
|
||||
}
|
||||
|
||||
logger.error('Unauthorized user in admin function.', context);
|
||||
throw new Error('Unauthorized');
|
||||
})
|
||||
|
||||
@@ -79,23 +106,6 @@ export const fetchUserRoles = async (userAuthId: string) => {
|
||||
return response;
|
||||
}
|
||||
|
||||
export const fetchSuperTokensAuth = createServerFn({ method: 'GET' }).handler(async () => {
|
||||
const request = getWebRequest();
|
||||
const session = await getSessionForSSR(request);
|
||||
const userAuthId = session?.accessTokenPayload?.sub;
|
||||
|
||||
if (!userAuthId) return;
|
||||
const { roles } = await fetchUserRoles(userAuthId);
|
||||
const { metadata } = await UserMetadata.getUserMetadata(userAuthId);
|
||||
|
||||
return {
|
||||
userAuthId,
|
||||
hasToken: session.hasToken,
|
||||
roles,
|
||||
metadata
|
||||
}
|
||||
})
|
||||
|
||||
export const setUserMetadata = createServerFn({ method: 'POST' })
|
||||
.validator(z.object({
|
||||
first_name: z.string().min(3).max(20).regex(/^[a-zA-Z0-9\s]+$/, "First name must be 3-20 characters long and contain only letters and spaces"),
|
||||
|
||||
Reference in New Issue
Block a user