api (rest) endpoints. closes #11
This commit is contained in:
Michael Dausmann
@@ -1,5 +1,8 @@
|
||||
# Changelog
|
||||
|
||||
## Version 1.2.0
|
||||
- 'Lift' auth context into server middleware to support authenticated api (rest) endpoints for alternate clients while still supporting fully typed Trpc context.
|
||||
|
||||
## Version 1.1.0
|
||||
- Upgrade Prisma to version 5 to improve performance (https://www.prisma.io/docs/guides/upgrade-guides/upgrading-versions/upgrading-to-prisma-5)
|
||||
```
|
||||
|
||||
4
package-lock.json
generated
4
package-lock.json
generated
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "supanuxt-saas",
|
||||
"version": "1.1.0",
|
||||
"version": "1.2.0",
|
||||
"lockfileVersion": 2,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "supanuxt-saas",
|
||||
"version": "1.1.0",
|
||||
"version": "1.2.0",
|
||||
"hasInstallScript": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "supanuxt-saas",
|
||||
"version": "1.1.0",
|
||||
"version": "1.2.0",
|
||||
"author": {
|
||||
"name": "Michael Dausmann",
|
||||
"email": "mdausmann@gmail.com",
|
||||
|
||||
23
server/api/note.ts
Normal file
23
server/api/note.ts
Normal file
@@ -0,0 +1,23 @@
|
||||
import { H3Event, getQuery } from 'h3';
|
||||
import { defineProtectedEventHandler } from '../defineProtectedEventHandler';
|
||||
import NotesService from '~/lib/services/notes.service';
|
||||
|
||||
// Example API Route with query params ... /api/note?note_id=41
|
||||
export default defineProtectedEventHandler(async (event: H3Event) => {
|
||||
const queryParams = getQuery(event)
|
||||
let note_id: string = '';
|
||||
if(queryParams.note_id){
|
||||
if (Array.isArray( queryParams.note_id)) {
|
||||
note_id = queryParams.note_id[0];
|
||||
} else {
|
||||
note_id = queryParams.note_id.toString();
|
||||
}
|
||||
}
|
||||
|
||||
const notesService = new NotesService();
|
||||
const note = await notesService.getNoteById(+note_id);
|
||||
|
||||
return {
|
||||
note,
|
||||
}
|
||||
})
|
||||
15
server/defineProtectedEventHandler.ts
Normal file
15
server/defineProtectedEventHandler.ts
Normal file
@@ -0,0 +1,15 @@
|
||||
import { EventHandler, EventHandlerRequest, H3Event, eventHandler } from "h3";
|
||||
|
||||
export const defineProtectedEventHandler = <T extends EventHandlerRequest>(
|
||||
handler: EventHandler<T>
|
||||
): EventHandler<T> => {
|
||||
handler.__is_handler__ = true;
|
||||
|
||||
return eventHandler((event: H3Event) => {
|
||||
const user = event.context.user;
|
||||
if (!user) {
|
||||
throw createError({ statusCode: 401, statusMessage: "Unauthenticated" });
|
||||
}
|
||||
return handler(event);
|
||||
});
|
||||
};
|
||||
49
server/middleware/authContext.ts
Normal file
49
server/middleware/authContext.ts
Normal file
@@ -0,0 +1,49 @@
|
||||
import { defineEventHandler, parseCookies, setCookie, getCookie } from 'h3'
|
||||
import { serverSupabaseUser } from "#supabase/server";
|
||||
import AuthService from '~/lib/services/auth.service';
|
||||
|
||||
import { User } from '@supabase/supabase-js';
|
||||
import { FullDBUser } from "~~/lib/services/service.types";
|
||||
|
||||
// Explicitly type our context by 'Merging' our custom types with the H3EventContext (https://stackoverflow.com/a/76349232/95242)
|
||||
declare module 'h3' {
|
||||
interface H3EventContext {
|
||||
user?: User; // the Supabase User
|
||||
dbUser?: FullDBUser; // the corresponding Database User
|
||||
activeAccountId?: number; // the account ID that is active for the user
|
||||
}
|
||||
}
|
||||
|
||||
export default defineEventHandler(async (event) => {
|
||||
const cookies = parseCookies(event)
|
||||
if(cookies && cookies['sb-access-token']){
|
||||
const user = await serverSupabaseUser(event);
|
||||
if (user) {
|
||||
event.context.user = user;
|
||||
|
||||
const authService = new AuthService();
|
||||
let dbUser = await authService.getFullUserBySupabaseId(user.id);
|
||||
|
||||
if (!dbUser && user) {
|
||||
dbUser = await authService.createUser(user.id, user.user_metadata.full_name?user.user_metadata.full_name:"no name supplied", user.email?user.email:"no@email.supplied" );
|
||||
console.log(`\n Created DB User \n ${JSON.stringify(dbUser)}\n`);
|
||||
}
|
||||
|
||||
if(dbUser){
|
||||
event.context.dbUser = dbUser;
|
||||
let activeAccountId;
|
||||
const preferredAccountId = getCookie(event, 'preferred-active-account-id')
|
||||
if(preferredAccountId && dbUser?.memberships.find(m => m.account_id === +preferredAccountId && !m.pending)){
|
||||
activeAccountId = +preferredAccountId
|
||||
} else {
|
||||
const defaultActive = dbUser.memberships[0].account_id.toString();
|
||||
setCookie(event, 'preferred-active-account-id', defaultActive, {expires: new Date(Date.now() + 1000 * 60 * 60 * 24 * 365 * 10)});
|
||||
activeAccountId = +defaultActive;
|
||||
}
|
||||
if(activeAccountId){
|
||||
event.context.activeAccountId = activeAccountId;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
@@ -1,44 +1,12 @@
|
||||
import { inferAsyncReturnType, TRPCError } from '@trpc/server'
|
||||
import { inferAsyncReturnType } from '@trpc/server'
|
||||
import { H3Event } from 'h3';
|
||||
import { serverSupabaseUser } from '#supabase/server'
|
||||
import { User } from '@supabase/supabase-js';
|
||||
import { FullDBUser } from '~~/lib/services/service.types';
|
||||
import AuthService from '~~/lib/services/auth.service';
|
||||
|
||||
export async function createContext(event: H3Event){
|
||||
let user: User | null = null;
|
||||
let dbUser: FullDBUser | null = null;
|
||||
let activeAccountId: number | null = null;
|
||||
|
||||
if (!user) {
|
||||
user = await serverSupabaseUser(event);
|
||||
}
|
||||
if (!dbUser && user) {
|
||||
const authService = new AuthService();
|
||||
dbUser = await authService.getFullUserBySupabaseId(user.id);
|
||||
|
||||
if (!dbUser && user) {
|
||||
dbUser = await authService.createUser(user.id, user.user_metadata.full_name?user.user_metadata.full_name:"no name supplied", user.email?user.email:"no@email.supplied" );
|
||||
console.log(`\n Created DB User \n ${JSON.stringify(dbUser)}\n`);
|
||||
}
|
||||
|
||||
if(dbUser){
|
||||
const preferredAccountId = getCookie(event, 'preferred-active-account-id')
|
||||
if(preferredAccountId && dbUser?.memberships.find(m => m.account_id === +preferredAccountId && !m.pending)){
|
||||
activeAccountId = +preferredAccountId
|
||||
} else {
|
||||
const defaultActive = dbUser.memberships[0].account_id.toString();
|
||||
setCookie(event, 'preferred-active-account-id', defaultActive, {expires: new Date(Date.now() + 1000 * 60 * 60 * 24 * 365 * 10)});
|
||||
activeAccountId = +defaultActive;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return {
|
||||
user, // the Supabase User
|
||||
dbUser, // the corresponding Database User
|
||||
activeAccountId, // the account ID that is active for the user
|
||||
event, // required to enable setCookie in accountRouter
|
||||
user: event.context.user, // the Supabase User
|
||||
dbUser: event.context.dbUser, // the corresponding Database User
|
||||
activeAccountId: event.context.activeAccountId, // the account ID that is active for the user
|
||||
event, // required to enable setCookie in accountRouter
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user