diff --git a/webapp/src/server/api/trpc.ts b/webapp/src/server/api/trpc.ts index 08a1bf18..5cfc3bc8 100644 --- a/webapp/src/server/api/trpc.ts +++ b/webapp/src/server/api/trpc.ts @@ -15,10 +15,10 @@ import getPayloadClient from "~/payload/payloadClient"; import { jwtDecode } from "jwt-decode"; type PayloadJwtSession = { - id: number; - email: string; - iat: string; - exp: string; + id: number; + email: string; + iat: string; + exp: string; } | null; /** @@ -52,26 +52,26 @@ type CreateContextOptions = Record; * @see https://trpc.io/docs/context */ export const createTRPCContext = async (_opts: CreateNextContextOptions) => { - const payload = await getPayloadClient({ - seed: false, - }); - - const jwtCookie = - _opts.req.cookies[process.env.NEXT_PUBLIC_JWT_NAME ?? "cje-jwt"]; - - if (!jwtCookie) { - return { - payload, - session: null, - }; - } - - const session = jwtDecode(jwtCookie); - - return { - payload, - session, - }; + const payload = await getPayloadClient({ + seed: false, + }); + + const jwtCookie = + _opts.req.cookies[process.env.NEXT_PUBLIC_JWT_NAME ?? "cje-jwt"]; + + if (!jwtCookie) { + return { + payload, + session: null, + }; + } + + const session = jwtDecode(jwtCookie); + + return { + payload, + session, + }; }; /** @@ -83,65 +83,65 @@ export const createTRPCContext = async (_opts: CreateNextContextOptions) => { */ const t = initTRPC.context().create({ - transformer: superjson, - errorFormatter({ shape, error }) { - return { - ...shape, - data: { - ...shape.data, - zodError: - error.cause instanceof ZodError ? error.cause.flatten() : null, - }, - }; - }, + transformer: superjson, + errorFormatter({ shape, error }) { + return { + ...shape, + data: { + ...shape.data, + zodError: + error.cause instanceof ZodError ? error.cause.flatten() : null, + }, + }; + }, }); const isAuthedAsSupervisor = t.middleware(async ({ next, ctx }) => { - const user = await ctx.payload.find({ - collection: "users", - where: { - email: { - equals: ctx.session?.email, - }, - }, - }); - - if (ctx.session?.email === undefined || !user) { - throw new TRPCError({ - code: "UNAUTHORIZED", - message: "You are not authorized to perform this action", - }); - } - - return next({ - ctx: { - session: ctx.session, - }, - }); + const supervisor = await ctx.payload.find({ + collection: "supervisors", + where: { + email: { + equals: ctx.session?.email, + }, + }, + }); + + if (ctx.session?.email === undefined || !supervisor.docs.length) { + throw new TRPCError({ + code: "UNAUTHORIZED", + message: "You are not authorized to perform this action", + }); + } + + return next({ + ctx: { + session: ctx.session, + }, + }); }); const isAuthedAsUser = t.middleware(async ({ next, ctx }) => { - const user = await ctx.payload.find({ - collection: "users", - where: { - email: { - equals: ctx.session?.email, - }, - }, - }); - - if (ctx.session?.email === undefined || !user) { - throw new TRPCError({ - code: "UNAUTHORIZED", - message: "You are not authorized to perform this action", - }); - } - - return next({ - ctx: { - session: ctx.session, - }, - }); + const user = await ctx.payload.find({ + collection: "users", + where: { + email: { + equals: ctx.session?.email, + }, + }, + }); + + if (ctx.session?.email === undefined || !user.docs.length) { + throw new TRPCError({ + code: "UNAUTHORIZED", + message: "You are not authorized to perform this action", + }); + } + + return next({ + ctx: { + session: ctx.session, + }, + }); }); /** @@ -168,4 +168,5 @@ export const createTRPCRouter = t.router; export const publicProcedure = t.procedure; export const userProtectedProcedure = t.procedure.use(isAuthedAsUser); -export const supervisorProtectedProcedure = t.procedure.use(isAuthedAsSupervisor); +export const supervisorProtectedProcedure = + t.procedure.use(isAuthedAsSupervisor);