122 lines
2.6 KiB
TypeScript
122 lines
2.6 KiB
TypeScript
import { headers } from 'next/headers';
|
|
import { ensureAuthSchema } from '@/lib/auth';
|
|
import { asErrorMessage, jsonError } from '@/lib/server/http';
|
|
|
|
type RecordValue = Record<string, unknown>;
|
|
|
|
export type AuthenticatedUser = {
|
|
id: string;
|
|
email: string;
|
|
name: string | null;
|
|
image: string | null;
|
|
role?: string | string[];
|
|
};
|
|
|
|
export type AuthenticatedSession = {
|
|
user: AuthenticatedUser;
|
|
session: RecordValue | null;
|
|
raw: RecordValue;
|
|
};
|
|
|
|
const UNAUTHORIZED_SESSION: AuthenticatedSession = {
|
|
user: {
|
|
id: '',
|
|
email: '',
|
|
name: null,
|
|
image: null
|
|
},
|
|
session: null,
|
|
raw: {}
|
|
};
|
|
|
|
function asRecord(value: unknown): RecordValue | null {
|
|
if (!value || typeof value !== 'object' || Array.isArray(value)) {
|
|
return null;
|
|
}
|
|
|
|
return value as RecordValue;
|
|
}
|
|
|
|
function asString(value: unknown) {
|
|
return typeof value === 'string' && value.trim().length > 0 ? value : null;
|
|
}
|
|
|
|
function asNullableString(value: unknown) {
|
|
return typeof value === 'string' ? value : null;
|
|
}
|
|
|
|
function normalizeRole(value: unknown) {
|
|
if (typeof value === 'string') {
|
|
return value;
|
|
}
|
|
|
|
if (Array.isArray(value)) {
|
|
const roles = value.filter((entry): entry is string => typeof entry === 'string');
|
|
return roles.length > 0 ? roles : undefined;
|
|
}
|
|
|
|
return undefined;
|
|
}
|
|
|
|
function normalizeSession(rawSession: unknown): AuthenticatedSession | null {
|
|
const root = asRecord(rawSession);
|
|
if (!root) {
|
|
return null;
|
|
}
|
|
|
|
const rootSession = asRecord(root.session);
|
|
const userRecord = asRecord(root.user) ?? asRecord(rootSession?.user);
|
|
if (!userRecord) {
|
|
return null;
|
|
}
|
|
|
|
const id = asString(userRecord.id);
|
|
const email = asString(userRecord.email);
|
|
if (!id || !email) {
|
|
return null;
|
|
}
|
|
|
|
return {
|
|
user: {
|
|
id,
|
|
email,
|
|
name: asNullableString(userRecord.name),
|
|
image: asNullableString(userRecord.image),
|
|
role: normalizeRole(userRecord.role)
|
|
},
|
|
session: rootSession,
|
|
raw: root
|
|
};
|
|
}
|
|
|
|
export async function getAuthenticatedSession() {
|
|
const auth = await ensureAuthSchema();
|
|
const session = await auth.api.getSession({
|
|
headers: await headers()
|
|
});
|
|
|
|
return normalizeSession(session);
|
|
}
|
|
|
|
export async function requireAuthenticatedSession() {
|
|
try {
|
|
const session = await getAuthenticatedSession();
|
|
if (!session) {
|
|
return {
|
|
session: UNAUTHORIZED_SESSION,
|
|
response: jsonError('Unauthorized', 401)
|
|
};
|
|
}
|
|
|
|
return {
|
|
session,
|
|
response: null
|
|
};
|
|
} catch (error) {
|
|
return {
|
|
session: UNAUTHORIZED_SESSION,
|
|
response: jsonError(asErrorMessage(error, 'Authentication subsystem is unavailable.'), 500)
|
|
};
|
|
}
|
|
}
|