@brightweblabs/core-auth 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +5 -4
- package/src/server.ts +88 -1
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@brightweblabs/core-auth",
|
|
3
3
|
"private": false,
|
|
4
|
-
"version": "0.1.
|
|
4
|
+
"version": "0.1.2",
|
|
5
5
|
"main": "./src/index.ts",
|
|
6
6
|
"types": "./src/index.ts",
|
|
7
7
|
"files": [
|
|
@@ -21,10 +21,11 @@
|
|
|
21
21
|
"./server": "./src/server.ts"
|
|
22
22
|
},
|
|
23
23
|
"dependencies": {
|
|
24
|
-
"
|
|
25
|
-
"@supabase/supabase-js": "^2.89.0"
|
|
24
|
+
"next": "16.1.1",
|
|
25
|
+
"@supabase/supabase-js": "^2.89.0",
|
|
26
|
+
"@brightweblabs/infra": "0.1.1"
|
|
26
27
|
},
|
|
27
28
|
"peerDependencies": {
|
|
28
29
|
"react": "^19.0.0"
|
|
29
30
|
}
|
|
30
|
-
}
|
|
31
|
+
}
|
package/src/server.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import type { User } from "@supabase/supabase-js";
|
|
2
|
+
import { redirect } from "next/navigation";
|
|
2
3
|
import { createServerSupabase } from "@brightweblabs/infra/server";
|
|
3
4
|
|
|
4
5
|
export type GlobalRole = "client" | "staff" | "admin";
|
|
@@ -29,6 +30,20 @@ type ServerRoleAccess =
|
|
|
29
30
|
error: string;
|
|
30
31
|
};
|
|
31
32
|
|
|
33
|
+
type ServerUserAccess =
|
|
34
|
+
| {
|
|
35
|
+
ok: true;
|
|
36
|
+
supabase: Awaited<ReturnType<typeof createServerSupabase>>;
|
|
37
|
+
user: User;
|
|
38
|
+
profileId: string;
|
|
39
|
+
role: GlobalRole | null;
|
|
40
|
+
}
|
|
41
|
+
| {
|
|
42
|
+
ok: false;
|
|
43
|
+
status: number;
|
|
44
|
+
error: string;
|
|
45
|
+
};
|
|
46
|
+
|
|
32
47
|
const INSIGHTS_CMS_ALLOWED_ROLES: GlobalRole[] = ["admin"];
|
|
33
48
|
const DASHBOARD_LANDING_ROLES: GlobalRole[] = ["staff", "admin"];
|
|
34
49
|
|
|
@@ -53,7 +68,7 @@ export function resolvePostLoginPath(role: string | null | undefined): "/dashboa
|
|
|
53
68
|
return shouldLandOnDashboard ? "/dashboard" : "/account";
|
|
54
69
|
}
|
|
55
70
|
|
|
56
|
-
export async function
|
|
71
|
+
export async function requireServerUserAccess(): Promise<ServerUserAccess> {
|
|
57
72
|
const supabase = await createServerSupabase();
|
|
58
73
|
const {
|
|
59
74
|
data: { user },
|
|
@@ -64,9 +79,81 @@ export async function requireServerRoleAccess(allowedRoles: GlobalRole | GlobalR
|
|
|
64
79
|
return { ok: false, status: 401, error: "Não autorizado." };
|
|
65
80
|
}
|
|
66
81
|
|
|
82
|
+
const { profileId, error: profileError } = await getProfileIdForUser(supabase, user.id);
|
|
83
|
+
if (!profileId) {
|
|
84
|
+
return { ok: false, status: 409, error: profileError ?? "Perfil em falta." };
|
|
85
|
+
}
|
|
86
|
+
|
|
67
87
|
const { data: roleRaw } = await supabase.rpc("current_global_role");
|
|
68
88
|
const role = normalizeGlobalRole(typeof roleRaw === "string" ? roleRaw : null);
|
|
69
89
|
|
|
90
|
+
return { ok: true, supabase, user, profileId, role };
|
|
91
|
+
}
|
|
92
|
+
|
|
93
|
+
export async function requireServerPageAccess(): Promise<{
|
|
94
|
+
supabase: Awaited<ReturnType<typeof createServerSupabase>>;
|
|
95
|
+
user: User;
|
|
96
|
+
profileId: string;
|
|
97
|
+
role: GlobalRole | null;
|
|
98
|
+
}> {
|
|
99
|
+
const access = await requireServerUserAccess();
|
|
100
|
+
|
|
101
|
+
if (!access.ok) {
|
|
102
|
+
if (access.status === 401) {
|
|
103
|
+
redirect("/login");
|
|
104
|
+
}
|
|
105
|
+
|
|
106
|
+
if (access.status === 409) {
|
|
107
|
+
redirect("/account");
|
|
108
|
+
}
|
|
109
|
+
|
|
110
|
+
throw new Error(access.error);
|
|
111
|
+
}
|
|
112
|
+
|
|
113
|
+
return access;
|
|
114
|
+
}
|
|
115
|
+
|
|
116
|
+
export async function requireServerPageRoleAccess(
|
|
117
|
+
allowedRoles: GlobalRole | GlobalRole[],
|
|
118
|
+
): Promise<{
|
|
119
|
+
supabase: Awaited<ReturnType<typeof createServerSupabase>>;
|
|
120
|
+
user: User;
|
|
121
|
+
role: GlobalRole;
|
|
122
|
+
}> {
|
|
123
|
+
const access = await requireServerUserAccess();
|
|
124
|
+
|
|
125
|
+
if (!access.ok) {
|
|
126
|
+
if (access.status === 401) {
|
|
127
|
+
redirect("/login");
|
|
128
|
+
}
|
|
129
|
+
|
|
130
|
+
if (access.status === 409) {
|
|
131
|
+
redirect("/account");
|
|
132
|
+
}
|
|
133
|
+
|
|
134
|
+
throw new Error(access.error);
|
|
135
|
+
}
|
|
136
|
+
|
|
137
|
+
const allowed = Array.isArray(allowedRoles) ? allowedRoles : [allowedRoles];
|
|
138
|
+
if (!access.role || !allowed.includes(access.role)) {
|
|
139
|
+
redirect(resolvePostLoginPath(access.role));
|
|
140
|
+
}
|
|
141
|
+
|
|
142
|
+
return {
|
|
143
|
+
supabase: access.supabase,
|
|
144
|
+
user: access.user,
|
|
145
|
+
role: access.role,
|
|
146
|
+
};
|
|
147
|
+
}
|
|
148
|
+
|
|
149
|
+
export async function requireServerRoleAccess(allowedRoles: GlobalRole | GlobalRole[]): Promise<ServerRoleAccess> {
|
|
150
|
+
const access = await requireServerUserAccess();
|
|
151
|
+
if (!access.ok) {
|
|
152
|
+
return access;
|
|
153
|
+
}
|
|
154
|
+
|
|
155
|
+
const { supabase, user, role } = access;
|
|
156
|
+
|
|
70
157
|
if (!role) {
|
|
71
158
|
return { ok: false, status: 403, error: "Acesso proibido." };
|
|
72
159
|
}
|