Skip to content

Commit

Permalink
fix: issue with user and supervisor middleware check if exists in db
Browse files Browse the repository at this point in the history
  • Loading branch information
@HoreKk
HoreKk committed Feb 29, 2024
1 parent cf80258 commit e5bf6ed
Showing 1 changed file with 79 additions and 78 deletions.
157 changes: 79 additions & 78 deletions webapp/src/server/api/trpc.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,10 @@ import getPayloadClient from "~/payload/payloadClient";
import { jwtDecode } from "jwt-decode";

type PayloadJwtSession = {
id: number;
email: string;
iat: string;
exp: string;
id: number;
email: string;
iat: string;
exp: string;
} | null;

/**
Expand Down Expand Up @@ -52,26 +52,26 @@ type CreateContextOptions = Record<string, never>;
* @see https://trpc.io/docs/context
*/
export const createTRPCContext = async (_opts: CreateNextContextOptions) => {
const payload = await getPayloadClient({
seed: false,
});

const jwtCookie =
_opts.req.cookies[process.env.NEXT_PUBLIC_JWT_NAME ?? "cje-jwt"];

if (!jwtCookie) {
return {
payload,
session: null,
};
}

const session = jwtDecode<PayloadJwtSession>(jwtCookie);

return {
payload,
session,
};
const payload = await getPayloadClient({
seed: false,
});

const jwtCookie =
_opts.req.cookies[process.env.NEXT_PUBLIC_JWT_NAME ?? "cje-jwt"];

if (!jwtCookie) {
return {
payload,
session: null,
};
}

const session = jwtDecode<PayloadJwtSession>(jwtCookie);

return {
payload,
session,
};
};

/**
Expand All @@ -83,65 +83,65 @@ export const createTRPCContext = async (_opts: CreateNextContextOptions) => {
*/

const t = initTRPC.context<typeof createTRPCContext>().create({
transformer: superjson,
errorFormatter({ shape, error }) {
return {
...shape,
data: {
...shape.data,
zodError:
error.cause instanceof ZodError ? error.cause.flatten() : null,
},
};
},
transformer: superjson,
errorFormatter({ shape, error }) {
return {
...shape,
data: {
...shape.data,
zodError:
error.cause instanceof ZodError ? error.cause.flatten() : null,
},
};
},
});

const isAuthedAsSupervisor = t.middleware(async ({ next, ctx }) => {
const user = await ctx.payload.find({
collection: "users",
where: {
email: {
equals: ctx.session?.email,
},
},
});

if (ctx.session?.email === undefined || !user) {
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not authorized to perform this action",
});
}

return next({
ctx: {
session: ctx.session,
},
});
const supervisor = await ctx.payload.find({
collection: "supervisors",
where: {
email: {
equals: ctx.session?.email,
},
},
});

if (ctx.session?.email === undefined || !supervisor.docs.length) {
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not authorized to perform this action",
});
}

return next({
ctx: {
session: ctx.session,
},
});
});

const isAuthedAsUser = t.middleware(async ({ next, ctx }) => {
const user = await ctx.payload.find({
collection: "users",
where: {
email: {
equals: ctx.session?.email,
},
},
});

if (ctx.session?.email === undefined || !user) {
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not authorized to perform this action",
});
}

return next({
ctx: {
session: ctx.session,
},
});
const user = await ctx.payload.find({
collection: "users",
where: {
email: {
equals: ctx.session?.email,
},
},
});

if (ctx.session?.email === undefined || !user.docs.length) {
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not authorized to perform this action",
});
}

return next({
ctx: {
session: ctx.session,
},
});
});

/**
Expand All @@ -168,4 +168,5 @@ export const createTRPCRouter = t.router;
export const publicProcedure = t.procedure;

export const userProtectedProcedure = t.procedure.use(isAuthedAsUser);
export const supervisorProtectedProcedure = t.procedure.use(isAuthedAsSupervisor);
export const supervisorProtectedProcedure =
t.procedure.use(isAuthedAsSupervisor);

0 comments on commit e5bf6ed

Please sign in to comment.