publisher-dashboard/apps/api-server/src/procedures/base.ts

/**
 * Base procedures with typed context for oRPC handlers
 *
 * Uses implement(contract).$context<T>() to provide proper type safety.
 * All procedure handlers should import from this file.
 */

import type {
  APIContext,
  AuthenticatedContext,
  LoginRequestContext,
  Session,
  SessionUser,
} from "../context.js";
import { implement, ORPCError } from "@orpc/server";
import { contract } from "@reviq/api-contract";
import { COOKIE_NAMES, getCookie } from "../utils/cookies.js";
import { hashToken } from "../utils/crypto.js";

/**
 * Base implementer with typed APIContext
 * All procedures should be derived from this
 */
export const os = implement(contract).$context<APIContext>();

/**
 * Auth middleware - validates session/API token and adds user to context
 * Use with os.use(authMiddleware) to create authenticated procedures
 */
export const authMiddleware = os.middleware(async ({ context, next }) => {
  const { db, reqHeaders } = context;

  // Try session cookie first
  let tokenHash: string | undefined;
  const sessionToken = getCookie(reqHeaders, COOKIE_NAMES.SESSION_TOKEN);
  if (sessionToken) {
    tokenHash = hashToken(sessionToken);
  }

  // Fall back to API key header (for CLI)
  const apiKey = reqHeaders.get("x-api-key");
  if (!tokenHash && apiKey) {
    tokenHash = hashToken(apiKey);
  }

  if (!tokenHash) {
    throw new ORPCError("UNAUTHORIZED", { message: "No session or API key" });
  }

  // Look up session (check not expired and not revoked)
  const session = await db
    .selectFrom("sessions")
    .where("token_hash", "=", tokenHash)
    .where("expires_at", ">", new Date())
    .where("revoked_at", "is", null)
    .selectAll()
    .executeTakeFirst();

  // Fall back to API token if no session found
  const apiToken = !session
    ? await db
        .selectFrom("api_tokens")
        .where("token_hash", "=", tokenHash)
        .where("expires_at", ">", new Date())
        .selectAll()
        .executeTakeFirst()
    : undefined;

  const userId = session?.user_id ?? apiToken?.user_id;
  if (!userId) {
    throw new ORPCError("UNAUTHORIZED", {
      message: "Invalid or expired token",
    });
  }

  // Update last_used_at for API tokens
  if (apiToken) {
    await db
      .updateTable("api_tokens")
      .set({ last_used_at: new Date() })
      .where("id", "=", apiToken.id)
      .execute();
  }

  // Fetch user details
  const user = await db
    .selectFrom("users")
    .where("id", "=", userId)
    .select([
      "id",
      "email",
      "display_name",
      "email_verified_at",
      "is_superuser",
    ])
    .executeTakeFirst();

  if (!user) {
    throw new ORPCError("UNAUTHORIZED", {
      message: "User not found",
    });
  }

  const sessionUser: SessionUser = {
    id: user.id,
    email: user.email,
    displayName: user.display_name,
    emailVerifiedAt: user.email_verified_at,
    isSuperuser: user.is_superuser,
  };

  const sessionInfo: Session = session
    ? {
        id: Number(session.id),
        trustedMode: session.trusted_mode,
        createdAt: session.created_at,
      }
    : {
        // For API token auth, create a synthetic session object
        id: 0,
        trustedMode: true,
        createdAt: apiToken?.created_at ?? new Date(),
      };

  return next({
    context: {
      user: sessionUser,
      session: sessionInfo,
    },
  });
});

/**
 * Login request middleware - validates login request token from cookie
 */
export const loginRequestMiddleware = os.middleware(async ({ context, next }) => {
  const { db, reqHeaders } = context;

  // Read login request token from cookie
  const loginRequestToken = getCookie(
    reqHeaders,
    COOKIE_NAMES.LOGIN_REQUEST_TOKEN,
  );

  if (!loginRequestToken) {
    throw new ORPCError("BAD_REQUEST", {
      message: "No login request found",
    });
  }

  // Check if token is a valid login request ID (numeric)
  const num = Number(loginRequestToken);
  if (Number.isNaN(num) || !Number.isInteger(num) || num <= 0) {
    throw new ORPCError("BAD_REQUEST", {
      message: "Invalid login request",
    });
  }

  const loginRequestId = loginRequestToken;

  // Fetch login request with user data
  const result = await db
    .selectFrom("login_requests")
    .innerJoin("users", "users.id", "login_requests.user_id")
    .select([
      "login_requests.id",
      "login_requests.user_id",
      "login_requests.expires_at",
      "users.email",
      "users.display_name",
      "users.email_verified_at",
      "users.is_superuser",
    ])
    .where("login_requests.id", "=", loginRequestId)
    .where("login_requests.expires_at", ">", new Date())
    .executeTakeFirst();

  if (!result) {
    throw new ORPCError("BAD_REQUEST", {
      message: "Login request expired or not found",
    });
  }

  const sessionUser: SessionUser = {
    id: result.user_id,
    email: result.email,
    displayName: result.display_name,
    emailVerifiedAt: result.email_verified_at,
    isSuperuser: result.is_superuser,
  };

  return next({
    context: {
      loginRequestId: Number(result.id),
      user: sessionUser,
    },
  });
});

/**
 * Superuser middleware - requires admin access (must be used after authMiddleware)
 */
export const superuserMiddleware = os.middleware(async ({ context, next }) => {
  // This middleware should be used after authMiddleware
  const ctx = context as AuthenticatedContext;
  if (!ctx.user.isSuperuser) {
    throw new ORPCError("FORBIDDEN", {
      message: "Superuser access required",
    });
  }
  return next();
});

// Type exports for use in procedure files
export type { APIContext, AuthenticatedContext, LoginRequestContext };