Add typed context and middleware for oRPC procedures
Use implement(contract).$context<APIContext>() for proper type safety in all procedure handlers. Create authMiddleware and loginRequestMiddleware using os.middleware() and apply with .use() on routes requiring auth. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
RevIQ
@@ -3,16 +3,13 @@
|
||||
* Second step in the login flow - verifies password and completes/confirms login
|
||||
*/
|
||||
|
||||
import type { APIContext } from "../../context.js";
|
||||
import { implement, ORPCError } from "@orpc/server";
|
||||
import { contract } from "@reviq/api-contract";
|
||||
import { ORPCError } from "@orpc/server";
|
||||
import { COOKIE_NAMES, getCookie } from "../../utils/cookies.js";
|
||||
import { generateSecureToken } from "../../utils/crypto.js";
|
||||
import { sendLoginConfirmationEmail } from "../../utils/email.js";
|
||||
import { verifyPassword } from "../../utils/password.js";
|
||||
import { isDeviceTrusted } from "../../utils/session.js";
|
||||
|
||||
const os = implement(contract);
|
||||
import { os } from "../base.js";
|
||||
|
||||
/**
|
||||
* Check if a string is a valid login request ID (numeric)
|
||||
@@ -34,12 +31,11 @@ const isValidLoginRequestId = (value: string): boolean => {
|
||||
*/
|
||||
export const loginPassword = os.auth.loginPassword.handler(
|
||||
async ({ input, context }) => {
|
||||
const ctx = context as APIContext;
|
||||
const { password } = input;
|
||||
|
||||
// Read login request token from cookie
|
||||
const loginRequestToken = getCookie(
|
||||
ctx.reqHeaders,
|
||||
context.reqHeaders,
|
||||
COOKIE_NAMES.LOGIN_REQUEST_TOKEN,
|
||||
);
|
||||
|
||||
@@ -65,7 +61,7 @@ export const loginPassword = os.auth.loginPassword.handler(
|
||||
const loginRequestId = loginRequestToken;
|
||||
|
||||
// Fetch login request with user data in single query (optimized JOIN)
|
||||
const result = await ctx.db
|
||||
const result = await context.db
|
||||
.selectFrom("login_requests")
|
||||
.innerJoin("users", "users.id", "login_requests.user_id")
|
||||
.select([
|
||||
@@ -114,12 +110,12 @@ export const loginPassword = os.auth.loginPassword.handler(
|
||||
// Password is valid - check if device is trusted
|
||||
// If no device fingerprint, treat as untrusted
|
||||
const deviceTrusted = result.device_fingerprint
|
||||
? await isDeviceTrusted(ctx.db, result.user_id, result.device_fingerprint)
|
||||
? await isDeviceTrusted(context.db, result.user_id, result.device_fingerprint)
|
||||
: false;
|
||||
|
||||
if (deviceTrusted) {
|
||||
// Device is trusted - complete login immediately
|
||||
await ctx.db
|
||||
await context.db
|
||||
.updateTable("login_requests")
|
||||
.set({
|
||||
completed_at: new Date(),
|
||||
@@ -130,7 +126,7 @@ export const loginPassword = os.auth.loginPassword.handler(
|
||||
// Device is untrusted - generate confirmation token and send email
|
||||
const confirmationToken = generateSecureToken();
|
||||
|
||||
await ctx.db
|
||||
await context.db
|
||||
.updateTable("login_requests")
|
||||
.set({
|
||||
token: confirmationToken,
|
||||
|
||||
Reference in New Issue
Block a user