packages/trpc/server/trpc.ts

import { TRPCError, initTRPC } from '@trpc/server';
import SuperJSON from 'superjson';
import type { OpenApiMeta } from 'trpc-openapi';

import { AppError, genericErrorCodeToTrpcErrorCodeMap } from '@documenso/lib/errors/app-error';
import { isAdmin } from '@documenso/lib/next-auth/guards/is-admin';
import { getApiTokenByToken } from '@documenso/lib/server-only/public-api/get-api-token-by-token';

import type { TrpcContext } from './context';

const t = initTRPC
  .meta<OpenApiMeta>()
  .context<TrpcContext>()
  .create({
    transformer: SuperJSON,
    errorFormatter(opts) {
      const { shape, error } = opts;

      const originalError = error.cause;

      let data: Record<string, unknown> = shape.data;

      // Default unknown errors to 400, since if you're throwing an AppError it is expected
      // that you already know what you're doing.
      if (originalError instanceof AppError) {
        data = {
          ...data,
          appError: AppError.toJSON(originalError),
          code: originalError.code,
          httpStatus:
            originalError.statusCode ??
            genericErrorCodeToTrpcErrorCodeMap[originalError.code]?.status ??
            400,
        };
      }

      return {
        ...shape,
        data,
      };
    },
  });

/**
 * Middlewares
 */
export const authenticatedMiddleware = t.middleware(async ({ ctx, next }) => {
  const authorizationHeader = ctx.req.headers.authorization;

  // Taken from `authenticatedMiddleware` in `@documenso/api/v1/middleware/authenticated.ts`.
  if (authorizationHeader) {
    // Support for both "Authorization: Bearer api_xxx" and "Authorization: api_xxx"
    const [token] = (authorizationHeader || '').split('Bearer ').filter((s) => s.length > 0);

    if (!token) {
      throw new Error('Token was not provided for authenticated middleware');
    }

    const apiToken = await getApiTokenByToken({ token });

    return await next({
      ctx: {
        ...ctx,
        user: apiToken.user,
        session: null,
        source: 'api',
      },
    });
  }

  if (!ctx.session) {
    throw new TRPCError({
      code: 'UNAUTHORIZED',
      message: 'You must be logged in to perform this action.',
    });
  }

  return await next({
    ctx: {
      ...ctx,
      user: ctx.user,
      session: ctx.session,
      source: 'app',
    },
  });
});

export const maybeAuthenticatedMiddleware = t.middleware(async ({ ctx, next }) => {
  return await next({
    ctx: {
      ...ctx,
      user: ctx.user,
      session: ctx.session,
    },
  });
});

export const adminMiddleware = t.middleware(async ({ ctx, next }) => {
  if (!ctx.session || !ctx.user) {
    throw new TRPCError({
      code: 'UNAUTHORIZED',
      message: 'You must be logged in to perform this action.',
    });
  }

  const isUserAdmin = isAdmin(ctx.user);

  if (!isUserAdmin) {
    throw new TRPCError({
      code: 'UNAUTHORIZED',
      message: 'Not authorized to perform this action.',
    });
  }

  return await next({
    ctx: {
      ...ctx,
      user: ctx.user,
      session: ctx.session,
    },
  });
});

/**
 * Routers and Procedures
 */
export const router = t.router;
export const procedure = t.procedure;
export const authenticatedProcedure = t.procedure.use(authenticatedMiddleware);
// While this is functionally the same as `procedure`, it's useful for indicating purpose
export const maybeAuthenticatedProcedure = t.procedure.use(maybeAuthenticatedMiddleware);
export const adminProcedure = t.procedure.use(adminMiddleware);
wip: refresh design 2023-06-09 18:21:18 +10:00			`import { TRPCError, initTRPC } from '@trpc/server';`
			`import SuperJSON from 'superjson';`
feat: add trpc openapi (#1535) 2024-12-14 01:23:35 +09:00			`import type { OpenApiMeta } from 'trpc-openapi';`
wip: refresh design 2023-06-09 18:21:18 +10:00
feat: add initial api logging (#1494) Improve API logging and error handling between client and server side. 2024-11-28 16:05:37 +07:00			`import { AppError, genericErrorCodeToTrpcErrorCodeMap } from '@documenso/lib/errors/app-error';`
chore: implement pr feedback 2023-10-11 12:32:33 +03:00			`import { isAdmin } from '@documenso/lib/next-auth/guards/is-admin';`
feat: add trpc openapi (#1535) 2024-12-14 01:23:35 +09:00			`import { getApiTokenByToken } from '@documenso/lib/server-only/public-api/get-api-token-by-token';`
chore: implement pr feedback 2023-10-11 12:32:33 +03:00
feat: dateformat and timezone customization (#506) 2023-12-26 23:50:40 +00:00			`import type { TrpcContext } from './context';`
wip: refresh design 2023-06-09 18:21:18 +10:00
feat: add trpc openapi (#1535) 2024-12-14 01:23:35 +09:00			`const t = initTRPC`
			`.meta<OpenApiMeta>()`
			`.context<TrpcContext>()`
			`.create({`
			`transformer: SuperJSON,`
			`errorFormatter(opts) {`
			`const { shape, error } = opts;`
feat: add initial api logging (#1494) Improve API logging and error handling between client and server side. 2024-11-28 16:05:37 +07:00
feat: add trpc openapi (#1535) 2024-12-14 01:23:35 +09:00			`const originalError = error.cause;`
feat: add initial api logging (#1494) Improve API logging and error handling between client and server side. 2024-11-28 16:05:37 +07:00
feat: add trpc openapi (#1535) 2024-12-14 01:23:35 +09:00			`let data: Record<string, unknown> = shape.data;`
feat: add initial api logging (#1494) Improve API logging and error handling between client and server side. 2024-11-28 16:05:37 +07:00
feat: add trpc openapi (#1535) 2024-12-14 01:23:35 +09:00			`// Default unknown errors to 400, since if you're throwing an AppError it is expected`
			`// that you already know what you're doing.`
			`if (originalError instanceof AppError) {`
			`data = {`
			`...data,`
			`appError: AppError.toJSON(originalError),`
			`code: originalError.code,`
			`httpStatus:`
			`originalError.statusCode ??`
			`genericErrorCodeToTrpcErrorCodeMap[originalError.code]?.status ??`
			`400,`
			`};`
			`}`
feat: add initial api logging (#1494) Improve API logging and error handling between client and server side. 2024-11-28 16:05:37 +07:00
feat: add trpc openapi (#1535) 2024-12-14 01:23:35 +09:00			`return {`
			`...shape,`
			`data,`
			`};`
			`},`
			`});`
wip: refresh design 2023-06-09 18:21:18 +10:00
			`/**`
			`* Middlewares`
			`*/`
feat: promise safety with eslint 2023-08-29 13:01:19 +10:00			`export const authenticatedMiddleware = t.middleware(async ({ ctx, next }) => {`
feat: add trpc openapi (#1535) 2024-12-14 01:23:35 +09:00			`const authorizationHeader = ctx.req.headers.authorization;`

			// Taken from `authenticatedMiddleware` in `@documenso/api/v1/middleware/authenticated.ts`.
			`if (authorizationHeader) {`
			`// Support for both "Authorization: Bearer api_xxx" and "Authorization: api_xxx"`
			`const [token] = (authorizationHeader \|\| '').split('Bearer ').filter((s) => s.length > 0);`

			`if (!token) {`
			`throw new Error('Token was not provided for authenticated middleware');`
			`}`

			`const apiToken = await getApiTokenByToken({ token });`

			`return await next({`
			`ctx: {`
			`...ctx,`
			`user: apiToken.user,`
			`session: null,`
			`source: 'api',`
			`},`
			`});`
			`}`

wip: refresh design 2023-06-09 18:21:18 +10:00			`if (!ctx.session) {`
			`throw new TRPCError({`
			`code: 'UNAUTHORIZED',`
			`message: 'You must be logged in to perform this action.',`
			`});`
			`}`

feat: promise safety with eslint 2023-08-29 13:01:19 +10:00			`return await next({`
wip: refresh design 2023-06-09 18:21:18 +10:00			`ctx: {`
			`...ctx,`
			`user: ctx.user,`
			`session: ctx.session,`
feat: add trpc openapi (#1535) 2024-12-14 01:23:35 +09:00			`source: 'app',`
wip: refresh design 2023-06-09 18:21:18 +10:00			`},`
			`});`
			`});`

feat: add direct templates links (#1165) ## Description Direct templates links is a feature that provides template owners the ability to allow users to create documents based of their templates. ## General outline This works by allowing the template owner to configure a "direct recipient" in the template. When a user opens the direct link to the template, it will create a flow where they sign the fields configured by the template owner for the direct recipient. After these fields are signed the following will occur: - A document will be created where the owner is the template owner - The direct recipient fields will be signed - The document will be sent to any other recipients configured in the template - If there are none the document will be immediately completed ## Notes There's a custom prisma migration to migrate all documents to have 'DOCUMENT' as the source, then sets the column to required. --------- Co-authored-by: Lucas Smith <me@lucasjamessmith.me> 2024-06-02 15:49:09 +10:00			`export const maybeAuthenticatedMiddleware = t.middleware(async ({ ctx, next }) => {`
			`return await next({`
			`ctx: {`
			`...ctx,`
			`user: ctx.user,`
			`session: ctx.session,`
			`},`
			`});`
			`});`

chore: implement pr feedback 2023-10-11 12:32:33 +03:00			`export const adminMiddleware = t.middleware(async ({ ctx, next }) => {`
			`if (!ctx.session \|\| !ctx.user) {`
			`throw new TRPCError({`
			`code: 'UNAUTHORIZED',`
			`message: 'You must be logged in to perform this action.',`
			`});`
			`}`

			`const isUserAdmin = isAdmin(ctx.user);`

			`if (!isUserAdmin) {`
			`throw new TRPCError({`
			`code: 'UNAUTHORIZED',`
			`message: 'Not authorized to perform this action.',`
			`});`
			`}`

			`return await next({`
			`ctx: {`
			`...ctx,`
			`user: ctx.user,`
			`session: ctx.session,`
			`},`
			`});`
			`});`

wip: refresh design 2023-06-09 18:21:18 +10:00			`/**`
			`* Routers and Procedures`
			`*/`
			`export const router = t.router;`
			`export const procedure = t.procedure;`
			`export const authenticatedProcedure = t.procedure.use(authenticatedMiddleware);`
feat: add direct templates links (#1165) ## Description Direct templates links is a feature that provides template owners the ability to allow users to create documents based of their templates. ## General outline This works by allowing the template owner to configure a "direct recipient" in the template. When a user opens the direct link to the template, it will create a flow where they sign the fields configured by the template owner for the direct recipient. After these fields are signed the following will occur: - A document will be created where the owner is the template owner - The direct recipient fields will be signed - The document will be sent to any other recipients configured in the template - If there are none the document will be immediately completed ## Notes There's a custom prisma migration to migrate all documents to have 'DOCUMENT' as the source, then sets the column to required. --------- Co-authored-by: Lucas Smith <me@lucasjamessmith.me> 2024-06-02 15:49:09 +10:00			// While this is functionally the same as `procedure`, it's useful for indicating purpose
			`export const maybeAuthenticatedProcedure = t.procedure.use(maybeAuthenticatedMiddleware);`
chore: implement pr feedback 2023-10-11 12:32:33 +03:00			`export const adminProcedure = t.procedure.use(adminMiddleware);`