scandic/web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: new "safe" procedure without unauth throwing

Browse Source
This commit is contained in:
Christel Westerberg
2024-07-08 14:53:48 +02:00
parent 17bc18ce2b
commit da343f45da
10 changed files with 117 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/context.ts
View File

@@ -10,7 +10,7 @@ import { unauthorizedError } from "./errors/trpc"
typeof auth
type CreateContextOptions = {
auth: () => Promise<Session>
auth: () => Promise<Session | null>
lang: Lang
pathname: string
uid?: string | null
@@ -50,7 +50,7 @@ export function createContext() {
const session = await auth()
const webToken = webviewTokenCookie?.value
if (!session?.token && !webToken) {
throw unauthorizedError()
return null
}
return session || ({ token: { access_token: webToken } } as Session)

105
server/routers/user/query.ts
View File

@@ -1,9 +1,13 @@
import * as api from "@/lib/api"
import { protectedProcedure, router } from "@/server/trpc"
import {
protectedProcedure,
router,
safeProtectedProcedure,
} from "@/server/trpc"
import { countries } from "@/components/TempDesignSystem/Form/Country/countries"
import * as maskValue from "@/utils/maskValue"
import { getMembershipCards } from "@/utils/user"
import { getMembership, getMembershipCards } from "@/utils/user"
import {
friendTransactionsInput,
@@ -19,6 +23,37 @@ import {
} from "./output"
import { benefits, extendedUser, nextLevelPerks } from "./temp"
import type { Session } from "next-auth"
async function getVerifiedUser({ session }: { session: Session }) {
const apiResponse = await api.get(api.endpoints.v1.profile, {
cache: "no-store",
headers: {
Authorization: `Bearer ${session.token.access_token}`,
},
})
if (!apiResponse.ok) {
return null
}
const apiJson = await apiResponse.json()
if (!apiJson.data?.attributes) {
console.error(`User has no data - (user: ${JSON.stringify(session.user)})`)
return null
}
const verifiedData = getUserSchema.safeParse(apiJson.data.attributes)
if (!verifiedData.success) {
console.info(
`Failed to validate User - (User: ${JSON.stringify(session.user)})`
)
console.error(verifiedData.error)
return null
}
return verifiedData
}
function fakingRequest<T>(payload: T): Promise<T> {
return new Promise((resolve) => {
setTimeout(() => {
@@ -31,45 +66,9 @@ export const userQueryRouter = router({
get: protectedProcedure
.input(getUserInputSchema)
.query(async function getUser({ ctx, input }) {
const apiResponse = await api.get(api.endpoints.v1.profile, {
cache: "no-store",
headers: {
Authorization: `Bearer ${ctx.session.token.access_token}`,
},
})
const verifiedData = await getVerifiedUser({ session: ctx.session })
if (!apiResponse.ok) {
// switch (apiResponse.status) {
// case 400:
// throw badRequestError()
// case 401:
// throw unauthorizedError()
// case 403:
// throw forbiddenError()
// default:
// throw internalServerError()
// }
console.info(`API Response Failed - Getting User`)
console.info(`User: (${JSON.stringify(ctx.session.user)})`)
console.error(apiResponse)
return null
}
const apiJson = await apiResponse.json()
if (!apiJson.data?.attributes) {
// throw notFound(apiJson)
console.error(
`User has no data - (user: ${JSON.stringify(ctx.session.user)})`
)
return null
}
const verifiedData = getUserSchema.safeParse(apiJson.data.attributes)
if (!verifiedData.success) {
console.info(
`Failed to validate User - (User: ${JSON.stringify(ctx.session.user)})`
)
console.error(verifiedData.error)
if (!verifiedData) {
return null
}
@@ -119,7 +118,33 @@ export const userQueryRouter = router({
return user
}),
name: safeProtectedProcedure.query(async function ({ ctx }) {
if (!ctx.session) {
return null
}
const verifiedData = await getVerifiedUser({ session: ctx.session })
if (!verifiedData) {
return null
}
return {
firstName: verifiedData.data.firstName,
lastName: verifiedData.data.lastName,
}
}),
membershipLevel: safeProtectedProcedure.query(async function ({ ctx }) {
if (!ctx.session) {
return null
}
const verifiedData = await getVerifiedUser({ session: ctx.session })
if (!verifiedData) {
return null
}
const membershipLevel = getMembership(verifiedData.data.memberships)
return membershipLevel
}),
benefits: router({
current: protectedProcedure.query(async function (opts) {
// TODO: Make request to get user data from Scandic API

34
server/trpc.ts
View File

@@ -2,10 +2,16 @@ import { initTRPC } from "@trpc/server"
import { env } from "@/env/server"
import { badRequestError, sessionExpiredError } from "./errors/trpc"
import {
badRequestError,
sessionExpiredError,
unauthorizedError,
} from "./errors/trpc"
import { transformer } from "./transformer"
import { langInput } from "./utils"
import type { Session } from "next-auth"
import type { Meta } from "@/types/trpc/meta"
import type { Context } from "./context"
@@ -57,6 +63,10 @@ export const protectedProcedure = t.procedure.use(async function (opts) {
console.info(`path: ${opts.path} | type: ${opts.type}`)
}
if (!session) {
throw unauthorizedError()
}
if (session?.error === "RefreshAccessTokenError") {
throw sessionExpiredError()
}
@@ -67,3 +77,25 @@ export const protectedProcedure = t.procedure.use(async function (opts) {
},
})
})
export const safeProtectedProcedure = t.procedure.use(async function (opts) {
const authRequired = opts.meta?.authRequired ?? true
let session: Session | null = await opts.ctx.auth()
if (!authRequired && env.NODE_ENV === "development") {
console.info(
`❌❌❌❌ You are opting out of authorization, if its done on purpose maybe you should use the publicProcedure instead. ❌❌❌❌`
)
console.info(`path: ${opts.path} | type: ${opts.type}`)
}
if (!session || session.error === "RefreshAccessTokenError") {
session = null
}
return opts.next({
ctx: {
session,
},
})
})