Merged in fix/get-booking-as-user (pull request #1366)

Fix: Use session.token.access_token if session exists in booking confirmation, else use serviceToken * Fix: Added service token to safeProtectedProcedure * fix: use of safeProtectedServiceProcedure Approved-by: Michael Zetterberg
2025-02-18 11:42:18 +00:00
parent 9ca7330d74
commit 90fee1b0c4
3 changed files with 10 additions and 5 deletions
--- a/server/routers/booking/query.ts
+++ b/server/routers/booking/query.ts
@@ -3,7 +3,11 @@ import { metrics } from "@opentelemetry/api"
 import * as api from "@/lib/api"
 import { dt } from "@/lib/dt"
 import { badRequestError, serverErrorByStatus } from "@/server/errors/trpc"
-import { router, serviceProcedure } from "@/server/trpc"
+import {
+  router,
+  safeProtectedServiceProcedure,
+  serviceProcedure,
+} from "@/server/trpc"

 import { getHotel } from "../hotels/query"
 import { bookingConfirmationInput, getBookingStatusInput } from "./input"
@@ -30,16 +34,18 @@ const getBookingStatusFailCounter = meter.createCounter(
 )

 export const bookingQueryRouter = router({
-  confirmation: serviceProcedure
+  confirmation: safeProtectedServiceProcedure
    .input(bookingConfirmationInput)
    .query(async function ({ ctx, input: { confirmationNumber } }) {
      getBookingConfirmationCounter.add(1, { confirmationNumber })

+      const token = ctx.session?.token.access_token ?? ctx.serviceToken
+
      const apiResponse = await api.get(
        api.endpoints.v1.Booking.booking(confirmationNumber),
        {
          headers: {
-            Authorization: `Bearer ${ctx.serviceToken}`,
+            Authorization: `Bearer ${token}`,
          },
        }
      )
--- a/server/routers/hotels/output.ts
+++ b/server/routers/hotels/output.ts
@@ -365,7 +365,7 @@ export const ancillaryPackagesSchema = z
            id: item.id,
            title: item.title,
            description: item.descriptions.html,
-            imageUrl: item.images[0].imageSizes.small,
+            imageUrl: item.images[0]?.imageSizes.small,
            price: {
              total: parseInt(item.variants.ancillary.price.totalPrice),
              currency: item.variants.ancillary.price.currency,
--- a/server/trpc.ts
+++ b/server/trpc.ts
@@ -117,7 +117,6 @@ export const protectedProcedure = baseProcedure.use(async function (opts) {

 export const safeProtectedProcedure = baseProcedure.use(async function (opts) {
  const authRequired = opts.meta?.authRequired ?? true
-
  let session: Session | null = await opts.ctx.auth()
  if (!authRequired && env.NODE_ENV === "development") {
    console.info(