60 lines
1.6 KiB
TypeScript
60 lines
1.6 KiB
TypeScript
import { initTRPC, TRPCError } from '@trpc/server';
|
|
import superjson from 'superjson';
|
|
import { ZodError } from 'zod';
|
|
import type { Context, SessionUser } from './context';
|
|
|
|
const t = initTRPC.context<Context>().create({
|
|
transformer: superjson,
|
|
errorFormatter({ shape, error }) {
|
|
return {
|
|
...shape,
|
|
data: {
|
|
...shape.data,
|
|
zodError: error.cause instanceof ZodError ? error.cause.flatten() : null,
|
|
},
|
|
};
|
|
},
|
|
});
|
|
|
|
export const router = t.router;
|
|
export const createCallerFactory = t.createCallerFactory;
|
|
|
|
/** Public — no auth required. */
|
|
export const publicProcedure = t.procedure;
|
|
|
|
/** Protected — requires an authenticated session with a tenantId. */
|
|
export const protectedProcedure = t.procedure.use(({ ctx, next }) => {
|
|
if (!ctx.user || !ctx.db || !ctx.tenantId) {
|
|
throw new TRPCError({ code: 'UNAUTHORIZED', message: 'Not authenticated' });
|
|
}
|
|
return next({
|
|
ctx: {
|
|
...ctx,
|
|
user: ctx.user,
|
|
db: ctx.db,
|
|
tenantId: ctx.tenantId,
|
|
},
|
|
});
|
|
});
|
|
|
|
/**
|
|
* Role-guarded procedure. Derives from protectedProcedure (auth is enforced first).
|
|
* Throws FORBIDDEN (HTTP 403) if the authenticated user's role is not in the
|
|
* allowed list.
|
|
*
|
|
* Usage:
|
|
* requireRole('ADMIN', 'SUPERVISOR').query(...)
|
|
* requireRole('ADMIN').mutation(...)
|
|
*/
|
|
export function requireRole(...roles: SessionUser['role'][]) {
|
|
return protectedProcedure.use(({ ctx, next }) => {
|
|
if (!roles.includes(ctx.user.role)) {
|
|
throw new TRPCError({
|
|
code: 'FORBIDDEN',
|
|
message: `Role '${ctx.user.role}' is not allowed. Required: ${roles.join(', ')}.`,
|
|
});
|
|
}
|
|
return next({ ctx });
|
|
});
|
|
}
|