Dockery/Homarr
1
0
Fork 0
mirror of https://github.com/ajnart/homarr.git synced 2025-11-09 23:15:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add basic credentials authentication

Browse Source
This commit is contained in:
Meier Lukas
2023-07-28 18:51:44 +02:00
parent d507f0807f
commit d7f6bdf417
11 changed files with 794 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
src/server/api/trpc.ts
View File

@@ -6,11 +6,14 @@
* TL;DR - This is where all the tRPC server stuff is created and plugged in. The pieces you will
* need to use are documented accordingly near the end.
*/
import { initTRPC } from '@trpc/server';
import { TRPCError, initTRPC } from '@trpc/server';
import { type CreateNextContextOptions } from '@trpc/server/adapters/next';
import { type Session } from 'next-auth';
import superjson from 'superjson';
import { ZodError } from 'zod';
import { getServerAuthSession } from '../auth';
/**
* 1. CONTEXT
*
@@ -19,7 +22,9 @@ import { ZodError } from 'zod';
* These allow you to access things when processing a request, like the database, the session, etc.
*/
type CreateContextOptions = Record<never, unknown>;
interface CreateContextOptions {
session: Session | null;
}
/**
* This helper generates the "internals" for a tRPC context. If you need to use it, you can export
@@ -31,7 +36,9 @@ type CreateContextOptions = Record<never, unknown>;
*
* @see https://create.t3.gg/en/usage/trpc#-serverapitrpcts
*/
const createInnerTRPCContext = (opts: CreateContextOptions) => ({});
const createInnerTRPCContext = (opts: CreateContextOptions) => ({
session: opts.session,
});
/**
* This is the actual context you will use in your router. It will be used to process every request
@@ -43,8 +50,11 @@ export const createTRPCContext = async (opts: CreateNextContextOptions) => {
const { req, res } = opts;
// Get the session from the server using the getServerSession wrapper function
const session = await getServerAuthSession({ req, res });
return createInnerTRPCContext({});
return createInnerTRPCContext({
session,
});
};
/**
@@ -90,3 +100,26 @@ export const createTRPCRouter = t.router;
* are logged in.
*/
export const publicProcedure = t.procedure;
/** Reusable middleware that enforces users are logged in before running the procedure. */
const enforceUserIsAuthed = t.middleware(({ ctx, next }) => {
if (!ctx.session?.user) {
throw new TRPCError({ code: 'UNAUTHORIZED' });
}
return next({
ctx: {
// infers the `session` as non-nullable
session: { ...ctx.session, user: ctx.session.user },
},
});
});
/**
* Protected (authenticated) procedure
*
* If you want a query or mutation to ONLY be accessible to logged in users, use this. It verifies
* the session is valid and guarantees `ctx.session.user` is not null.
*
* @see https://trpc.io/docs/procedures
*/
export const protectedProcedure = t.procedure.use(enforceUserIsAuthed);