@m5kdev/backend 0.6.0 → 0.7.0

package/dist/src/modules/recurrence/recurrence.service.js

@@ -34,19 +34,22 @@ class RecurrenceService extends base_service_1.BaseService {
     list = this.procedure("list")
         .addContextFilter(["user"])
         .handle(({ input }) => this.repository.recurrence.queryList(input));
-    async create(data, ctx) {
+    create = this.procedure("create")
+        .requireAuth()
+        .handle(({ input, ctx }) => {
+        const { actor } = ctx;
         const recurrenceData = {
-            name: data.name,
-            kind: data.kind,
-            enabled: data.enabled,
-            metadata: data.metadata ?? null,
-            userId: ctx.user?.id ?? null,
-            organizationId: ctx.session.activeOrganizationId ?? null,
-            teamId: ctx.session.activeTeamId ?? null,
+            name: input.name,
+            kind: input.kind,
+            enabled: input.enabled,
+            metadata: input.metadata ?? null,
+            userId: actor.userId,
+            organizationId: actor.organizationId,
+            teamId: actor.teamId,
         };
-        const rulesData = data.recurrenceRules.map(mapRuleToInsert);
+        const rulesData = input.recurrenceRules.map(mapRuleToInsert);
         return this.repository.recurrence.createWithRules(recurrenceData, rulesData);
-    }
+    });
     async findById(id) {
         const result = await this.repository.recurrence.findById(id);
         if (result.isErr())

package/dist/src/modules/recurrence/recurrence.trpc.d.ts

@@ -1,7 +1,7 @@
 import { type TRPCMethods } from "../../utils/trpc";
 import type { RecurrenceService } from "./recurrence.service";
 export declare function createRecurrenceTRPC({ router, privateProcedure: procedure }: TRPCMethods, recurrenceService: RecurrenceService): import("@trpc/server").TRPCBuiltRouter<{
-    ctx: import("../auth/auth.lib").Context;
+    ctx: import("../../utils/trpc").Context;
     meta: any;
     errorShape: import("@trpc/server").TRPCDefaultErrorShape;
     transformer: true;

package/dist/src/modules/social/social.service.d.ts

@@ -1,3 +1,4 @@
+import type { RequiredServiceActor } from "../base/base.actor";
 import type { ServerResultAsync } from "../base/base.dto";
 import { BaseService } from "../base/base.service";
 import type { ConnectRepository } from "../connect/connect.repository";
@@ -19,10 +20,8 @@ export declare class SocialService extends BaseService<{
         file: FileService;
     }, providers: SocialProvider[]);
     getProvider(id: string): SocialProvider | null;
-    postToProvider(providerId: string, input: SocialPostInput, { user }: {
-        user: {
-            id: string;
-        };
+    postToProvider(providerId: string, input: SocialPostInput, { actor }: {
+        actor: RequiredServiceActor<"user">;
     }): ServerResultAsync<SocialPostResult>;
     private ensureFreshConnection;
 }

package/dist/src/modules/social/social.service.js

@@ -12,14 +12,14 @@ class SocialService extends base_service_1.BaseService {
     getProvider(id) {
         return this.providers.get(id) ?? null;
     }
-    async postToProvider(providerId, input, { user }) {
+    async postToProvider(providerId, input, { actor }) {
         return this.throwableAsync(async () => {
             const provider = this.getProvider(providerId);
             if (!provider) {
                 return this.error("BAD_REQUEST", `Unknown provider: ${providerId}`);
             }
             const connectionResult = await this.repository.connect.list({
-                userId: user.id,
+                userId: actor.userId,
                 providers: [providerId],
             });
             if (connectionResult.isErr()) {
@@ -46,7 +46,7 @@ class SocialService extends base_service_1.BaseService {
             const result = await provider.post({
                 deps: { fileService: this.service.file },
                 context: {
-                    userId: user.id,
+                    userId: actor.userId,
                     connection: connection.value,
                     accessToken,
                 },

package/dist/src/modules/tag/tag.service.d.ts

@@ -25,9 +25,10 @@ export declare class TagService extends BaseService<{
         resourceType?: string | undefined;
         resourceId?: string | undefined;
     }, {
-        user?: import("../auth/auth.lib").User | null;
-        session?: import("../auth/auth.lib").Session | null;
-    } & Record<string, unknown> & import("../auth/auth.lib").Context, {
+        actor?: import("../base/base.actor").AuthenticatedActor | null;
+    } & Record<string, unknown> & {
+        actor: import("../base/base.actor").UserActor;
+    }, {
         id: string;
         createdAt: Date;
         updatedAt: Date | null;
@@ -48,9 +49,10 @@ export declare class TagService extends BaseService<{
         color?: string | undefined;
         assignableTo?: string[] | undefined;
     }, {
-        user?: import("../auth/auth.lib").User | null;
-        session?: import("../auth/auth.lib").Session | null;
-    } & Record<string, unknown> & import("../auth/auth.lib").Context, {
+        actor?: import("../base/base.actor").AuthenticatedActor | null;
+    } & Record<string, unknown> & {
+        actor: import("../base/base.actor").UserActor;
+    }, {
         id: string;
         createdAt: Date;
         updatedAt: Date | null;
@@ -70,9 +72,10 @@ export declare class TagService extends BaseService<{
         resourceType: string;
         resourceId: string;
     }, {
-        user?: import("../auth/auth.lib").User | null;
-        session?: import("../auth/auth.lib").Session | null;
-    } & Record<string, unknown> & import("../auth/auth.lib").Context, {
+        actor?: import("../base/base.actor").AuthenticatedActor | null;
+    } & Record<string, unknown> & {
+        actor: import("../base/base.actor").UserActor;
+    }, {
         id: string;
         createdAt: Date;
         tagId: string;
@@ -86,9 +89,10 @@ export declare class TagService extends BaseService<{
         resourceType: string;
         resourceId: string;
     }, {
-        user?: import("../auth/auth.lib").User | null;
-        session?: import("../auth/auth.lib").Session | null;
-    } & Record<string, unknown> & import("../auth/auth.lib").Context, {
+        actor?: import("../base/base.actor").AuthenticatedActor | null;
+    } & Record<string, unknown> & {
+        actor: import("../base/base.actor").UserActor;
+    }, {
         id: string;
         createdAt: Date;
         updatedAt: Date | null;

package/dist/src/modules/tag/tag.service.js

@@ -12,17 +12,17 @@ class TagService extends base_service_1.BaseService {
     create = this.procedure("create")
         .requireAuth()
         .handle(({ input, ctx }) => {
-        return this.repository.tag.create({ ...input, userId: ctx.user.id });
+        return this.repository.tag.create({ ...input, userId: ctx.actor.userId });
     });
     update = this.procedure("update")
         .requireAuth()
         .handle(({ input, ctx }) => {
-        return this.repository.tag.update({ ...input, userId: ctx.user.id });
+        return this.repository.tag.update({ ...input, userId: ctx.actor.userId });
     });
     link = this.procedure("link")
         .requireAuth()
         .handle(({ input, ctx }) => {
-        return this.repository.tag.link({ ...input, userId: ctx.user.id });
+        return this.repository.tag.link({ ...input, userId: ctx.actor.userId });
     });
     async linkBulk(data) {
         return this.repository.tag.linkBulk(data);
@@ -33,7 +33,7 @@ class TagService extends base_service_1.BaseService {
     unlink = this.procedure("unlink")
         .requireAuth()
         .handle(({ input, ctx }) => {
-        return this.repository.tag.unlink({ ...input, userId: ctx.user.id });
+        return this.repository.tag.unlink({ ...input, userId: ctx.actor.userId });
     });
     async delete(data) {
         return this.repository.tag.softDeleteById(data.id);

package/dist/src/modules/tag/tag.trpc.d.ts

@@ -1,7 +1,7 @@
 import { type TRPCMethods } from "../../utils/trpc";
 import type { TagService } from "./tag.service";
 export declare function createTagTRPC({ router, privateProcedure: procedure }: TRPCMethods, tagService: TagService): import("@trpc/server").TRPCBuiltRouter<{
-    ctx: import("../auth/auth.lib").Context;
+    ctx: import("../../utils/trpc").Context;
     meta: any;
     errorShape: import("@trpc/server").TRPCDefaultErrorShape;
     transformer: true;

package/dist/src/modules/workflow/workflow.service.d.ts

@@ -1,18 +1,58 @@
-import type { WorkflowListInputSchema, WorkflowListOutputSchema, WorkflowReadInputSchema, WorkflowReadOutputSchema } from "@m5kdev/commons/modules/workflow/workflow.schema";
+import type { WorkflowReadOutputSchema } from "@m5kdev/commons/modules/workflow/workflow.schema";
 import type { Job } from "bullmq";
-import type { User } from "../auth/auth.lib";
 import type { ServerResultAsync } from "../base/base.dto";
 import { BaseService } from "../base/base.service";
 import type { WorkflowRepository } from "./workflow.repository";
 export declare class WorkflowService extends BaseService<{
     workflow: WorkflowRepository;
 }, never> {
-    read(input: WorkflowReadInputSchema, { user }: {
-        user: User;
-    }): ServerResultAsync<WorkflowReadOutputSchema>;
-    list(input: WorkflowListInputSchema, { user }: {
-        user: User;
-    }): ServerResultAsync<WorkflowListOutputSchema>;
+    readonly read: import("../base/base.procedure").ServiceProcedure<{
+        jobId: string;
+    }, {
+        actor?: import("../base/base.actor").AuthenticatedActor | null;
+    } & Record<string, unknown> & {
+        actor: import("../base/base.actor").UserActor;
+    }, {
+        id: string;
+        userId: string | null;
+        jobId: string;
+        jobName: string;
+        queueName: string;
+        tags: string[] | null;
+        input: unknown;
+        output: unknown;
+        status: "queued" | "running" | "completed" | "failed";
+        error: string | null;
+        retries: number;
+        finishedAt: Date | null;
+        processedAt: Date | null;
+        createdAt: Date;
+        updatedAt: Date;
+    }>;
+    readonly list: import("../base/base.procedure").ServiceProcedure<{
+        status?: ("queued" | "running" | "completed" | "failed")[] | undefined;
+        jobName?: string | undefined;
+    }, {
+        actor?: import("../base/base.actor").AuthenticatedActor | null;
+    } & Record<string, unknown> & {
+        actor: import("../base/base.actor").UserActor;
+    }, {
+        id: string;
+        userId: string | null;
+        jobId: string;
+        jobName: string;
+        queueName: string;
+        tags: string[] | null;
+        input: unknown;
+        output: unknown;
+        status: "queued" | "running" | "completed" | "failed";
+        error: string | null;
+        retries: number;
+        finishedAt: Date | null;
+        processedAt: Date | null;
+        createdAt: Date;
+        updatedAt: Date;
+    }[]>;
     added(params: Parameters<WorkflowRepository["added"]>[0]): ServerResultAsync<WorkflowReadOutputSchema>;
     addedMany(params: Parameters<WorkflowRepository["addedMany"]>[0]): ServerResultAsync<WorkflowReadOutputSchema[]>;
     started(job: Job): ServerResultAsync<WorkflowReadOutputSchema>;

package/dist/src/modules/workflow/workflow.service.js

@@ -3,12 +3,12 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.WorkflowService = void 0;
 const base_service_1 = require("../base/base.service");
 class WorkflowService extends base_service_1.BaseService {
-    async read(input, { user }) {
-        return await this.repository.workflow.read({ ...input, userId: user.id });
-    }
-    async list(input, { user }) {
-        return await this.repository.workflow.list({ ...input, userId: user.id });
-    }
+    read = this.procedure("workflowRead")
+        .requireAuth()
+        .handle(({ input, ctx }) => this.repository.workflow.read({ ...input, userId: ctx.actor.userId }));
+    list = this.procedure("workflowList")
+        .requireAuth()
+        .handle(({ input, ctx }) => this.repository.workflow.list({ ...input, userId: ctx.actor.userId }));
     async added(params) {
         return this.repository.workflow.added(params);
     }

package/dist/src/modules/workflow/workflow.trpc.d.ts

@@ -1,7 +1,7 @@
-import type { WorkflowService } from "./workflow.service";
 import { type TRPCMethods } from "../../utils/trpc";
+import type { WorkflowService } from "./workflow.service";
 export declare function createWorkflowTRPC({ router, privateProcedure: procedure }: TRPCMethods, workflowService: WorkflowService): import("@trpc/server").TRPCBuiltRouter<{
-    ctx: import("../auth/auth.lib").Context;
+    ctx: import("../../utils/trpc").Context;
     meta: any;
     errorShape: import("@trpc/server").TRPCDefaultErrorShape;
     transformer: true;

package/dist/src/types.d.ts

@@ -4,13 +4,13 @@ import type { AuthService } from "./modules/auth/auth.service";
 import type { BillingService } from "./modules/billing/billing.service";
 import type { TRPCMethods } from "./utils/trpc";
 export declare const createAuthTRPCRouter: <MastraInstance extends Mastra>(trpcMethods: TRPCMethods, authService: AuthService, aiService: AIService<MastraInstance>, billingService: BillingService) => import("@trpc/server").TRPCBuiltRouter<{
-    ctx: import("./modules/auth/auth.lib").Context;
+    ctx: import("./utils/trpc").Context;
     meta: any;
     errorShape: import("@trpc/server").TRPCDefaultErrorShape;
     transformer: true;
 }, import("@trpc/server").TRPCDecorateCreateRouterOptions<{
     auth: import("@trpc/server").TRPCBuiltRouter<{
-        ctx: import("./modules/auth/auth.lib").Context;
+        ctx: import("./utils/trpc").Context;
         meta: any;
         errorShape: import("@trpc/server").TRPCDefaultErrorShape;
         transformer: true;
@@ -300,7 +300,7 @@ export declare const createAuthTRPCRouter: <MastraInstance extends Mastra>(trpcM
         }>;
     }>>;
     ai: import("@trpc/server").TRPCBuiltRouter<{
-        ctx: import("./modules/auth/auth.lib").Context;
+        ctx: import("./utils/trpc").Context;
         meta: any;
         errorShape: import("@trpc/server").TRPCDefaultErrorShape;
         transformer: true;
@@ -319,7 +319,7 @@ export declare const createAuthTRPCRouter: <MastraInstance extends Mastra>(trpcM
         }>;
     }>>;
     billing: import("@trpc/server").TRPCBuiltRouter<{
-        ctx: import("./modules/auth/auth.lib").Context;
+        ctx: import("./utils/trpc").Context;
         meta: any;
         errorShape: import("@trpc/server").TRPCDefaultErrorShape;
         transformer: true;

package/dist/src/utils/trpc.d.ts

@@ -2,8 +2,29 @@ import type { transformer } from "@m5kdev/commons/utils/trpc";
 import type { TRPCRootObject } from "@trpc/server";
 import type { CreateExpressContextOptions } from "@trpc/server/adapters/express";
 import type { Result } from "neverthrow";
-import type { BetterAuth, Context } from "../modules/auth/auth.lib";
+import type { BetterAuth, Session, User } from "../modules/auth/auth.lib";
+import { type OrganizationActor, type TeamActor, type UserActor } from "../modules/base/base.actor";
 import { ServerError } from "./errors";
+export type RequestContext = {
+    session: Session | null;
+    user: User | null;
+    actor: UserActor | null;
+};
+export type Context = {
+    session: Session;
+    user: User;
+    actor: UserActor;
+};
+export type OrganizationContext = {
+    session: Session;
+    user: User;
+    actor: OrganizationActor;
+};
+export type TeamContext = {
+    session: Session;
+    user: User;
+    actor: TeamActor;
+};
 type TRPCCreate = TRPCRootObject<Context, any, {
     transformer: typeof transformer;
 }>;
@@ -13,46 +34,15 @@ export type TRPCMethods = {
     privateProcedure: TRPCCreate["procedure"];
     adminProcedure: TRPCCreate["procedure"];
 };
-export declare function createAuthContext(auth: BetterAuth): ({ req }: CreateExpressContextOptions) => Promise<{
-    session: {
-        id: string;
-        createdAt: Date;
-        updatedAt: Date;
-        expiresAt: Date;
-        token: string;
-        ipAddress: string | null;
-        userAgent: string | null;
-        userId: string;
-        impersonatedBy: string | null;
-        activeOrganizationId: string | null;
-        activeOrganizationRole: string | null;
-        activeTeamId: string | null;
-        activeTeamRole: string | null;
-    };
-    user: {
-        id: string;
-        name: string;
-        email: string;
-        emailVerified: boolean;
-        image: string | null;
-        createdAt: Date;
-        updatedAt: Date;
-        role: string | null;
-        banned: boolean | null;
-        banReason: string | null;
-        banExpires: Date | null;
-        stripeCustomerId: string | null;
-        paymentCustomerId: string | null;
-        paymentPlanTier: string | null;
-        paymentPlanExpiresAt: Date | null;
-        preferences: string | null;
-        metadata: Record<string, unknown>;
-        onboarding: number | null;
-        flags: string | null;
-    };
-}>;
+export declare function createAuthContext(auth: BetterAuth): ({ req }: CreateExpressContextOptions) => Promise<RequestContext>;
 export declare function handleAsyncTRPCResult<T>(result: Promise<Result<T, ServerError>>): Promise<T>;
 export declare function handleTRPCResult<T>(result: Result<T, ServerError>): T;
-export declare function verifyProtectedProcedureContext(ctx: Context): void;
-export declare function verifyAdminProcedureContext(ctx: Context): void;
+export declare function verifyProtectedProcedureContext(ctx: RequestContext): Context;
+export declare function verifyOrganizationProcedureContext(ctx: Context): OrganizationContext;
+export declare function verifyTeamProcedureContext(ctx: Context): TeamContext;
+export declare function verifyAdminProcedureContext(ctx: RequestContext): Context;
+export declare function requireRequestUser(ctx: RequestContext): User;
+export declare function requireRequestActor(ctx: RequestContext): UserActor;
+export declare function requireRequestActor(ctx: RequestContext, scope: "organization"): OrganizationActor;
+export declare function requireRequestActor(ctx: RequestContext, scope: "team"): TeamActor;
 export {};

package/dist/src/utils/trpc.js

@@ -4,8 +4,13 @@ exports.createAuthContext = createAuthContext;
 exports.handleAsyncTRPCResult = handleAsyncTRPCResult;
 exports.handleTRPCResult = handleTRPCResult;
 exports.verifyProtectedProcedureContext = verifyProtectedProcedureContext;
+exports.verifyOrganizationProcedureContext = verifyOrganizationProcedureContext;
+exports.verifyTeamProcedureContext = verifyTeamProcedureContext;
 exports.verifyAdminProcedureContext = verifyAdminProcedureContext;
+exports.requireRequestUser = requireRequestUser;
+exports.requireRequestActor = requireRequestActor;
 const node_1 = require("better-auth/node");
+const base_actor_1 = require("../modules/base/base.actor");
 const errors_1 = require("./errors");
 const logger_1 = require("./logger");
 function createAuthContext(auth) {
@@ -15,9 +20,11 @@ function createAuthContext(auth) {
         });
         const user = data?.user || null;
         const session = data?.session || null;
+        const actor = user && session ? (0, base_actor_1.createActorFromContext)({ user, session }, "user") : null;
         return {
             session,
             user,
+            actor,
         };
     };
 }
@@ -37,6 +44,34 @@ function handleTRPCResult(result) {
     return result.value;
 }
 function verifyProtectedProcedureContext(ctx) {
+    if (!ctx.user || !ctx.session || !ctx.actor) {
+        throw new errors_1.ServerError({
+            code: "UNAUTHORIZED",
+            layer: "controller",
+            layerName: "TRPCController",
+        }).toTRPC();
+    }
+    return ctx;
+}
+function verifyOrganizationProcedureContext(ctx) {
+    if (!ctx.user || !ctx.session) {
+        throw new errors_1.ServerError({
+            code: "UNAUTHORIZED",
+            layer: "controller",
+            layerName: "TRPCController",
+        }).toTRPC();
+    }
+    try {
+        const actor = (0, base_actor_1.createActorFromContext)({ user: ctx.user, session: ctx.session }, "organization");
+        return { ...ctx, actor };
+    }
+    catch (e) {
+        if (e instanceof errors_1.ServerError)
+            throw e.toTRPC();
+        throw e;
+    }
+}
+function verifyTeamProcedureContext(ctx) {
     if (!ctx.user || !ctx.session) {
         throw new errors_1.ServerError({
             code: "UNAUTHORIZED",
@@ -44,6 +79,15 @@ function verifyProtectedProcedureContext(ctx) {
             layerName: "TRPCController",
         }).toTRPC();
     }
+    try {
+        const actor = (0, base_actor_1.createActorFromContext)({ user: ctx.user, session: ctx.session }, "team");
+        return { ...ctx, actor };
+    }
+    catch (e) {
+        if (e instanceof errors_1.ServerError)
+            throw e.toTRPC();
+        throw e;
+    }
 }
 function verifyAdminProcedureContext(ctx) {
     if (!ctx.user || !ctx.session) {
@@ -60,4 +104,55 @@ function verifyAdminProcedureContext(ctx) {
             layerName: "TRPCController",
         }).toTRPC();
     }
+    if (!ctx.actor) {
+        throw new errors_1.ServerError({
+            code: "UNAUTHORIZED",
+            layer: "controller",
+            layerName: "TRPCController",
+        }).toTRPC();
+    }
+    return ctx;
+}
+function requireRequestUser(ctx) {
+    return verifyProtectedProcedureContext(ctx).user;
+}
+function requireRequestActor(ctx, scope = "user") {
+    const verified = verifyProtectedProcedureContext(ctx);
+    if (scope === "user") {
+        if (!(0, base_actor_1.validateActor)(verified.actor, "user")) {
+            throw new errors_1.ServerError({
+                code: "FORBIDDEN",
+                layer: "controller",
+                layerName: "TRPCController",
+            }).toTRPC();
+        }
+        return verified.actor;
+    }
+    try {
+        if (scope === "organization") {
+            const actor = (0, base_actor_1.createActorFromContext)({ user: verified.user, session: verified.session }, "organization");
+            if (!(0, base_actor_1.validateActor)(actor, "organization")) {
+                throw new errors_1.ServerError({
+                    code: "FORBIDDEN",
+                    layer: "controller",
+                    layerName: "TRPCController",
+                }).toTRPC();
+            }
+            return actor;
+        }
+        const actor = (0, base_actor_1.createActorFromContext)({ user: verified.user, session: verified.session }, "team");
+        if (!(0, base_actor_1.validateActor)(actor, "team")) {
+            throw new errors_1.ServerError({
+                code: "FORBIDDEN",
+                layer: "controller",
+                layerName: "TRPCController",
+            }).toTRPC();
+        }
+        return actor;
+    }
+    catch (e) {
+        if (e instanceof errors_1.ServerError)
+            throw e.toTRPC();
+        throw e;
+    }
 }

package/dist/src/utils/trpc.test.d.ts

@@ -0,0 +1 @@
+export {};