wip: clerk auth
This commit is contained in:
Carl-Gerhard Lindesvärd
@@ -14,7 +14,7 @@ export const clientRouter = createTRPCRouter({
|
||||
.query(async ({ input: { organizationId } }) => {
|
||||
return db.client.findMany({
|
||||
where: {
|
||||
organization_id: organizationId,
|
||||
organization_slug: organizationId,
|
||||
},
|
||||
include: {
|
||||
project: true,
|
||||
@@ -66,7 +66,7 @@ export const clientRouter = createTRPCRouter({
|
||||
const secret = randomUUID();
|
||||
const client = await db.client.create({
|
||||
data: {
|
||||
organization_id: input.organizationId,
|
||||
organization_slug: input.organizationId,
|
||||
project_id: input.projectId,
|
||||
name: input.name,
|
||||
secret: input.withCors ? null : await hashPassword(secret),
|
||||
|
||||
@@ -44,7 +44,7 @@ export const dashboardRouter = createTRPCRouter({
|
||||
return db.dashboard.findMany({
|
||||
where: {
|
||||
project: {
|
||||
organization_id: input.organizationId,
|
||||
organization_slug: input.organizationId,
|
||||
},
|
||||
},
|
||||
include: {
|
||||
|
||||
@@ -1,31 +1,16 @@
|
||||
import { createTRPCRouter, protectedProcedure } from '@/server/api/trpc';
|
||||
import { db } from '@/server/db';
|
||||
import { getOrganizationById } from '@/server/services/organization.service';
|
||||
import {
|
||||
getCurrentOrganization,
|
||||
getOrganizationBySlug,
|
||||
} from '@/server/services/organization.service';
|
||||
import { clerkClient } from '@clerk/nextjs';
|
||||
import { z } from 'zod';
|
||||
|
||||
export const organizationRouter = createTRPCRouter({
|
||||
list: protectedProcedure.query(({ ctx }) => {
|
||||
return db.organization.findMany({
|
||||
where: {
|
||||
users: {
|
||||
some: {
|
||||
id: ctx.session.user.id,
|
||||
},
|
||||
},
|
||||
},
|
||||
});
|
||||
}),
|
||||
first: protectedProcedure.query(({ ctx }) => {
|
||||
return db.organization.findFirst({
|
||||
where: {
|
||||
users: {
|
||||
some: {
|
||||
id: ctx.session.user.id,
|
||||
},
|
||||
},
|
||||
},
|
||||
});
|
||||
list: protectedProcedure.query(() => {
|
||||
return clerkClient.organizations.getOrganizationList();
|
||||
}),
|
||||
first: protectedProcedure.query(() => getCurrentOrganization()),
|
||||
get: protectedProcedure
|
||||
.input(
|
||||
z.object({
|
||||
@@ -33,7 +18,7 @@ export const organizationRouter = createTRPCRouter({
|
||||
})
|
||||
)
|
||||
.query(({ input }) => {
|
||||
return getOrganizationById(input.id);
|
||||
return getOrganizationBySlug(input.id);
|
||||
}),
|
||||
update: protectedProcedure
|
||||
.input(
|
||||
@@ -43,13 +28,8 @@ export const organizationRouter = createTRPCRouter({
|
||||
})
|
||||
)
|
||||
.mutation(({ input }) => {
|
||||
return db.organization.update({
|
||||
where: {
|
||||
id: input.id,
|
||||
},
|
||||
data: {
|
||||
name: input.name,
|
||||
},
|
||||
return clerkClient.organizations.updateOrganization(input.id, {
|
||||
name: input.name,
|
||||
});
|
||||
}),
|
||||
});
|
||||
|
||||
@@ -15,7 +15,7 @@ export const projectRouter = createTRPCRouter({
|
||||
|
||||
return db.project.findMany({
|
||||
where: {
|
||||
organization_id: organizationId,
|
||||
organization_slug: organizationId,
|
||||
},
|
||||
});
|
||||
}),
|
||||
@@ -60,7 +60,7 @@ export const projectRouter = createTRPCRouter({
|
||||
return db.project.create({
|
||||
data: {
|
||||
id: await getId('project', input.name),
|
||||
organization_id: input.organizationId,
|
||||
organization_slug: input.organizationId,
|
||||
name: input.name,
|
||||
},
|
||||
});
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
import { createTRPCRouter, protectedProcedure } from '@/server/api/trpc';
|
||||
import { db } from '@/server/db';
|
||||
import { hashPassword, verifyPassword } from '@/server/services/hash.service';
|
||||
import { transformUser } from '@/server/services/user.service';
|
||||
import { clerkClient } from '@clerk/nextjs';
|
||||
import { z } from 'zod';
|
||||
|
||||
export const userRouter = createTRPCRouter({
|
||||
@@ -14,47 +16,17 @@ export const userRouter = createTRPCRouter({
|
||||
update: protectedProcedure
|
||||
.input(
|
||||
z.object({
|
||||
name: z.string(),
|
||||
email: z.string(),
|
||||
firstName: z.string(),
|
||||
lastName: z.string(),
|
||||
})
|
||||
)
|
||||
.mutation(({ input, ctx }) => {
|
||||
return db.user.update({
|
||||
where: {
|
||||
id: ctx.session.user.id,
|
||||
},
|
||||
data: {
|
||||
name: input.name,
|
||||
email: input.email,
|
||||
},
|
||||
});
|
||||
}),
|
||||
changePassword: protectedProcedure
|
||||
.input(
|
||||
z.object({
|
||||
password: z.string(),
|
||||
oldPassword: z.string(),
|
||||
})
|
||||
)
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
const user = await db.user.findUniqueOrThrow({
|
||||
where: {
|
||||
id: ctx.session.user.id,
|
||||
},
|
||||
});
|
||||
|
||||
if (!(await verifyPassword(input.oldPassword, user.password))) {
|
||||
throw new Error('Old password is incorrect');
|
||||
}
|
||||
|
||||
return db.user.update({
|
||||
where: {
|
||||
id: ctx.session.user.id,
|
||||
},
|
||||
data: {
|
||||
password: await hashPassword(input.password),
|
||||
},
|
||||
});
|
||||
return clerkClient.users
|
||||
.updateUser(ctx.session.userId, {
|
||||
firstName: input.firstName,
|
||||
lastName: input.lastName,
|
||||
})
|
||||
.then(transformUser);
|
||||
}),
|
||||
invite: protectedProcedure
|
||||
.input(
|
||||
|
||||
@@ -1,71 +1,13 @@
|
||||
/**
|
||||
* YOU PROBABLY DON'T NEED TO EDIT THIS FILE, UNLESS:
|
||||
* 1. You want to modify request context (see Part 1).
|
||||
* 2. You want to create a new middleware or type of procedure (see Part 3).
|
||||
*
|
||||
* TL;DR - This is where all the tRPC server stuff is created and plugged in. The pieces you will
|
||||
* need to use are documented accordingly near the end.
|
||||
*/
|
||||
|
||||
import { getSession } from '@/server/auth';
|
||||
import type { auth } from '@clerk/nextjs';
|
||||
import { initTRPC, TRPCError } from '@trpc/server';
|
||||
import type { CreateNextContextOptions } from '@trpc/server/adapters/next';
|
||||
import type { Session } from 'next-auth';
|
||||
import superjson from 'superjson';
|
||||
import { ZodError } from 'zod';
|
||||
|
||||
/**
|
||||
* 1. CONTEXT
|
||||
*
|
||||
* This section defines the "contexts" that are available in the backend API.
|
||||
*
|
||||
* These allow you to access things when processing a request, like the database, the session, etc.
|
||||
*/
|
||||
|
||||
interface CreateContextOptions {
|
||||
session: Session | null;
|
||||
session: ReturnType<typeof auth> | null;
|
||||
}
|
||||
|
||||
/**
|
||||
* This helper generates the "internals" for a tRPC context. If you need to use it, you can export
|
||||
* it from here.
|
||||
*
|
||||
* Examples of things you may need it for:
|
||||
* - testing, so we don't have to mock Next.js' req/res
|
||||
* - tRPC's `createSSGHelpers`, where we don't have req/res
|
||||
*
|
||||
* @see https://create.t3.gg/en/usage/trpc#-serverapitrpcts
|
||||
*/
|
||||
export const createInnerTRPCContext = (opts: CreateContextOptions) => {
|
||||
return {
|
||||
session: opts.session,
|
||||
};
|
||||
};
|
||||
|
||||
/**
|
||||
* This is the actual context you will use in your router. It will be used to process every request
|
||||
* that goes through your tRPC endpoint.
|
||||
*
|
||||
* @see https://trpc.io/docs/context
|
||||
*/
|
||||
export const createTRPCContext = async (opts: CreateNextContextOptions) => {
|
||||
// Get the session from the server using the getServerSession wrapper function
|
||||
const session = await getSession();
|
||||
|
||||
return createInnerTRPCContext({
|
||||
session,
|
||||
});
|
||||
};
|
||||
|
||||
/**
|
||||
* 2. INITIALIZATION
|
||||
*
|
||||
* This is where the tRPC API is initialized, connecting the context and transformer. We also parse
|
||||
* ZodErrors so that you get typesafety on the frontend if your procedure fails due to validation
|
||||
* errors on the backend.
|
||||
*/
|
||||
|
||||
const t = initTRPC.context<typeof createTRPCContext>().create({
|
||||
const t = initTRPC.context<CreateContextOptions>().create({
|
||||
transformer: superjson,
|
||||
errorFormatter({ shape, error }) {
|
||||
return {
|
||||
@@ -79,48 +21,19 @@ const t = initTRPC.context<typeof createTRPCContext>().create({
|
||||
},
|
||||
});
|
||||
|
||||
/**
|
||||
* 3. ROUTER & PROCEDURE (THE IMPORTANT BIT)
|
||||
*
|
||||
* These are the pieces you use to build your tRPC API. You should import these a lot in the
|
||||
* "/src/server/api/routers" directory.
|
||||
*/
|
||||
|
||||
/**
|
||||
* This is how you create new routers and sub-routers in your tRPC API.
|
||||
*
|
||||
* @see https://trpc.io/docs/router
|
||||
*/
|
||||
export const createTRPCRouter = t.router;
|
||||
|
||||
/**
|
||||
* Public (unauthenticated) procedure
|
||||
*
|
||||
* This is the base piece you use to build new queries and mutations on your tRPC API. It does not
|
||||
* guarantee that a user querying is authorized, but you can still access user session data if they
|
||||
* are logged in.
|
||||
*/
|
||||
export const publicProcedure = t.procedure;
|
||||
|
||||
/** Reusable middleware that enforces users are logged in before running the procedure. */
|
||||
const enforceUserIsAuthed = t.middleware(({ ctx, next }) => {
|
||||
if (!ctx.session?.user) {
|
||||
if (!ctx.session?.userId) {
|
||||
throw new TRPCError({ code: 'UNAUTHORIZED' });
|
||||
}
|
||||
return next({
|
||||
ctx: {
|
||||
// infers the `session` as non-nullable
|
||||
session: { ...ctx.session, user: ctx.session.user },
|
||||
},
|
||||
});
|
||||
});
|
||||
|
||||
/**
|
||||
* Protected (authenticated) procedure
|
||||
*
|
||||
* If you want a query or mutation to ONLY be accessible to logged in users, use this. It verifies
|
||||
* the session is valid and guarantees `ctx.session.user` is not null.
|
||||
*
|
||||
* @see https://trpc.io/docs/procedures
|
||||
*/
|
||||
export const protectedProcedure = t.procedure.use(enforceUserIsAuthed);
|
||||
|
||||
Reference in New Issue
Block a user