sign/packages/api/v1/middleware/authenticated.ts

import type { Team, User } from '@prisma/client';
import type { TsRestRequest } from '@ts-rest/serverless';

import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
import { getApiTokenByToken } from '@documenso/lib/server-only/public-api/get-api-token-by-token';
import type { ApiRequestMetadata } from '@documenso/lib/universal/extract-request-metadata';
import { extractRequestMetadata } from '@documenso/lib/universal/extract-request-metadata';

type B = {
  // appRoute: any;
  request: TsRestRequest;
  responseHeaders: Headers;
};

export const authenticatedMiddleware = <
  T extends {
    headers: {
      authorization: string;
    };
  },
  R extends {
    status: number;
    body: unknown;
  },
>(
  handler: (
    args: T & { req: TsRestRequest },
    user: User,
    team: Team | null | undefined,
    options: { metadata: ApiRequestMetadata },
  ) => Promise<R>,
) => {
  return async (args: T, { request }: B) => {
    try {
      const { authorization } = args.headers;

      // Support for both "Authorization: Bearer api_xxx" and "Authorization: api_xxx"
      const [token] = (authorization || '').split('Bearer ').filter((s) => s.length > 0);

      if (!token) {
        throw new AppError(AppErrorCode.UNAUTHORIZED, {
          message: 'API token was not provided',
        });
      }

      const apiToken = await getApiTokenByToken({ token });

      if (apiToken.user.disabled) {
        throw new AppError(AppErrorCode.UNAUTHORIZED, {
          message: 'User is disabled',
        });
      }

      const metadata: ApiRequestMetadata = {
        requestMetadata: extractRequestMetadata(request),
        source: 'apiV1',
        auth: 'api',
        auditUser: {
          id: apiToken.team ? null : apiToken.user.id,
          email: apiToken.team ? null : apiToken.user.email,
          name: apiToken.team?.name ?? apiToken.user.name,
        },
      };

      return await handler(
        {
          ...args,
          req: request,
        },
        apiToken.user,
        apiToken.team,
        { metadata },
      );
    } catch (err) {
      console.log({ err: err });

      let message = 'Unauthorized';

      if (err instanceof AppError) {
        message = err.message;
      }

      return {
        status: 401,
        body: {
          message,
        },
      } as const;
    }
  };
};
fix: imports 2025-03-03 14:49:28 +11:00			`import type { Team, User } from '@prisma/client';`
feat: migrate nextjs to rr7 2025-01-02 15:33:37 +11:00			`import type { TsRestRequest } from '@ts-rest/serverless';`
refactor: extract api implementation to package Extracts the API implementation to a package so we can potentially reuse it across different applications in the event that we move off using a Next.js API route. Additionally tidies up the tokens page and form to be more simplified. 2023-12-31 13:58:15 +11:00
feat: admin ui for disabling users (#1547) 2024-12-30 05:45:33 +02:00			`import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';`
feat: team api tokens 2024-02-22 13:39:34 +11:00			`import { getApiTokenByToken } from '@documenso/lib/server-only/public-api/get-api-token-by-token';`
feat: add template and field endpoints (#1572) 2025-01-11 15:33:20 +11:00			`import type { ApiRequestMetadata } from '@documenso/lib/universal/extract-request-metadata';`
feat: migrate nextjs to rr7 2025-01-02 15:33:37 +11:00			`import { extractRequestMetadata } from '@documenso/lib/universal/extract-request-metadata';`
refactor: extract api implementation to package Extracts the API implementation to a package so we can potentially reuse it across different applications in the event that we move off using a Next.js API route. Additionally tidies up the tokens page and form to be more simplified. 2023-12-31 13:58:15 +11:00
feat: migrate nextjs to rr7 2025-01-02 15:33:37 +11:00			`type B = {`
			`// appRoute: any;`
			`request: TsRestRequest;`
			`responseHeaders: Headers;`
			`};`

refactor: extract api implementation to package Extracts the API implementation to a package so we can potentially reuse it across different applications in the event that we move off using a Next.js API route. Additionally tidies up the tokens page and form to be more simplified. 2023-12-31 13:58:15 +11:00			`export const authenticatedMiddleware = <`
			`T extends {`
feat: migrate nextjs to rr7 2025-01-02 15:33:37 +11:00			`headers: {`
			`authorization: string;`
			`};`
refactor: extract api implementation to package Extracts the API implementation to a package so we can potentially reuse it across different applications in the event that we move off using a Next.js API route. Additionally tidies up the tokens page and form to be more simplified. 2023-12-31 13:58:15 +11:00			`},`
			`R extends {`
			`status: number;`
			`body: unknown;`
			`},`
			`>(`
feat: add template and field endpoints (#1572) 2025-01-11 15:33:20 +11:00			`handler: (`
feat: migrate nextjs to rr7 2025-01-02 15:33:37 +11:00			`args: T & { req: TsRestRequest },`
feat: add template and field endpoints (#1572) 2025-01-11 15:33:20 +11:00			`user: User,`
			`team: Team \| null \| undefined,`
			`options: { metadata: ApiRequestMetadata },`
			`) => Promise<R>,`
refactor: extract api implementation to package Extracts the API implementation to a package so we can potentially reuse it across different applications in the event that we move off using a Next.js API route. Additionally tidies up the tokens page and form to be more simplified. 2023-12-31 13:58:15 +11:00			`) => {`
feat: migrate nextjs to rr7 2025-01-02 15:33:37 +11:00			`return async (args: T, { request }: B) => {`
refactor: extract api implementation to package Extracts the API implementation to a package so we can potentially reuse it across different applications in the event that we move off using a Next.js API route. Additionally tidies up the tokens page and form to be more simplified. 2023-12-31 13:58:15 +11:00			`try {`
feat: migrate nextjs to rr7 2025-01-02 15:33:37 +11:00			`const { authorization } = args.headers;`
feat: create from template 2024-02-20 19:46:18 +11:00
			`// Support for both "Authorization: Bearer api_xxx" and "Authorization: api_xxx"`
			`const [token] = (authorization \|\| '').split('Bearer ').filter((s) => s.length > 0);`
refactor: extract api implementation to package Extracts the API implementation to a package so we can potentially reuse it across different applications in the event that we move off using a Next.js API route. Additionally tidies up the tokens page and form to be more simplified. 2023-12-31 13:58:15 +11:00
			`if (!token) {`
feat: admin ui for disabling users (#1547) 2024-12-30 05:45:33 +02:00			`throw new AppError(AppErrorCode.UNAUTHORIZED, {`
			`message: 'API token was not provided',`
			`});`
refactor: extract api implementation to package Extracts the API implementation to a package so we can potentially reuse it across different applications in the event that we move off using a Next.js API route. Additionally tidies up the tokens page and form to be more simplified. 2023-12-31 13:58:15 +11:00			`}`

feat: team api tokens 2024-02-22 13:39:34 +11:00			`const apiToken = await getApiTokenByToken({ token });`
refactor: extract api implementation to package Extracts the API implementation to a package so we can potentially reuse it across different applications in the event that we move off using a Next.js API route. Additionally tidies up the tokens page and form to be more simplified. 2023-12-31 13:58:15 +11:00
feat: admin ui for disabling users (#1547) 2024-12-30 05:45:33 +02:00			`if (apiToken.user.disabled) {`
			`throw new AppError(AppErrorCode.UNAUTHORIZED, {`
			`message: 'User is disabled',`
			`});`
			`}`

feat: add template and field endpoints (#1572) 2025-01-11 15:33:20 +11:00			`const metadata: ApiRequestMetadata = {`
chore: cleanup 2025-02-25 16:37:36 +11:00			`requestMetadata: extractRequestMetadata(request),`
feat: add template and field endpoints (#1572) 2025-01-11 15:33:20 +11:00			`source: 'apiV1',`
			`auth: 'api',`
			`auditUser: {`
			`id: apiToken.team ? null : apiToken.user.id,`
			`email: apiToken.team ? null : apiToken.user.email,`
			`name: apiToken.team?.name ?? apiToken.user.name,`
			`},`
			`};`

feat: migrate nextjs to rr7 2025-01-02 15:33:37 +11:00			`return await handler(`
			`{`
			`...args,`
			`req: request,`
			`},`
			`apiToken.user,`
			`apiToken.team,`
			`{ metadata },`
			`);`
feat: admin ui for disabling users (#1547) 2024-12-30 05:45:33 +02:00			`} catch (err) {`
			`console.log({ err: err });`

			`let message = 'Unauthorized';`

			`if (err instanceof AppError) {`
			`message = err.message;`
			`}`

refactor: extract api implementation to package Extracts the API implementation to a package so we can potentially reuse it across different applications in the event that we move off using a Next.js API route. Additionally tidies up the tokens page and form to be more simplified. 2023-12-31 13:58:15 +11:00			`return {`
			`status: 401,`
			`body: {`
feat: admin ui for disabling users (#1547) 2024-12-30 05:45:33 +02:00			`message,`
refactor: extract api implementation to package Extracts the API implementation to a package so we can potentially reuse it across different applications in the event that we move off using a Next.js API route. Additionally tidies up the tokens page and form to be more simplified. 2023-12-31 13:58:15 +11:00			`},`
			`} as const;`
			`}`
			`};`
			`};`