@wopr-network/platform-core 0.1.0

package/dist/trpc/init.d.ts

@@ -0,0 +1,49 @@
+/**
+ * tRPC initialization — creates the base router and procedure builders.
+ *
+ * Context carries the authenticated user (if any) and the tenant ID
+ * extracted from the bearer token or session.
+ */
+import type { AuthUser } from "../auth/index.js";
+import type { IOrgMemberRepository } from "../tenancy/org-member-repository.js";
+export interface TRPCContext {
+    /** Authenticated user, or undefined for unauthenticated requests. */
+    user: AuthUser | undefined;
+    /** Tenant ID associated with the bearer token, if any. */
+    tenantId: string | undefined;
+}
+/** Wire the org member repository for tRPC tenant validation. Called from services.ts on startup. */
+export declare function setTrpcOrgMemberRepo(repo: IOrgMemberRepository): void;
+export declare const router: import("@trpc/server").TRPCRouterBuilder<{
+    ctx: TRPCContext;
+    meta: object;
+    errorShape: import("@trpc/server").TRPCDefaultErrorShape;
+    transformer: false;
+}>;
+export declare const createCallerFactory: import("@trpc/server").TRPCRouterCallerFactory<{
+    ctx: TRPCContext;
+    meta: object;
+    errorShape: import("@trpc/server").TRPCDefaultErrorShape;
+    transformer: false;
+}>;
+export declare const publicProcedure: import("@trpc/server").TRPCProcedureBuilder<TRPCContext, object, object, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, false>;
+/** Procedure that requires a valid authenticated user. */
+export declare const protectedProcedure: import("@trpc/server").TRPCProcedureBuilder<TRPCContext, object, {
+    tenantId: string | undefined;
+    user: AuthUser;
+}, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, false>;
+/** Procedure that requires authentication + platform_admin role. */
+export declare const adminProcedure: import("@trpc/server").TRPCProcedureBuilder<TRPCContext, object, {
+    tenantId: string | undefined;
+    user: AuthUser;
+}, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, false>;
+/** Procedure that requires authentication + a tenant context. */
+export declare const tenantProcedure: import("@trpc/server").TRPCProcedureBuilder<TRPCContext, object, {
+    tenantId: string;
+    user: AuthUser;
+}, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, false>;
+/** Procedure that requires authentication + org membership (orgId must be in input). */
+export declare const orgMemberProcedure: import("@trpc/server").TRPCProcedureBuilder<TRPCContext, object, {
+    tenantId: string | undefined;
+    user: AuthUser;
+}, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, false>;

package/dist/trpc/init.js

@@ -0,0 +1,108 @@
+/**
+ * tRPC initialization — creates the base router and procedure builders.
+ *
+ * Context carries the authenticated user (if any) and the tenant ID
+ * extracted from the bearer token or session.
+ */
+import { initTRPC, TRPCError } from "@trpc/server";
+import { z } from "zod";
+import { validateTenantAccess } from "../auth/index.js";
+// ---------------------------------------------------------------------------
+// tRPC init
+// ---------------------------------------------------------------------------
+const t = initTRPC.context().create();
+// ---------------------------------------------------------------------------
+// Org member repo injection (for tenant access validation)
+// ---------------------------------------------------------------------------
+let _orgMemberRepo = null;
+/** Wire the org member repository for tRPC tenant validation. Called from services.ts on startup. */
+export function setTrpcOrgMemberRepo(repo) {
+    _orgMemberRepo = repo;
+}
+export const router = t.router;
+export const createCallerFactory = t.createCallerFactory;
+export const publicProcedure = t.procedure;
+/**
+ * Middleware that enforces authentication.
+ * Narrows context so downstream resolvers get a non-optional `user`.
+ */
+const isAuthed = t.middleware(({ ctx, next }) => {
+    if (!ctx.user) {
+        throw new TRPCError({ code: "UNAUTHORIZED", message: "Authentication required" });
+    }
+    return next({ ctx: { user: ctx.user, tenantId: ctx.tenantId } });
+});
+/** Procedure that requires a valid authenticated user. */
+export const protectedProcedure = t.procedure.use(isAuthed);
+/**
+ * Middleware that enforces the platform_admin role.
+ * Must be chained after isAuthed so ctx.user is guaranteed non-optional.
+ */
+const isAdmin = t.middleware(({ ctx, next }) => {
+    if (!ctx.user) {
+        throw new TRPCError({ code: "UNAUTHORIZED", message: "Authentication required" });
+    }
+    if (!ctx.user.roles.includes("platform_admin")) {
+        throw new TRPCError({ code: "FORBIDDEN", message: "Platform admin role required" });
+    }
+    return next({ ctx: { user: ctx.user, tenantId: ctx.tenantId } });
+});
+/** Procedure that requires authentication + platform_admin role. */
+export const adminProcedure = t.procedure.use(isAuthed).use(isAdmin);
+/**
+ * Combined middleware that enforces authentication + tenant context.
+ * Narrows both `user` (non-optional) and `tenantId` (non-optional string).
+ * Also validates that session-cookie users have access to the claimed tenant (IDOR prevention).
+ */
+const isAuthedWithTenant = t.middleware(async ({ ctx, next }) => {
+    if (!ctx.user) {
+        throw new TRPCError({ code: "UNAUTHORIZED", message: "Authentication required" });
+    }
+    if (!ctx.tenantId) {
+        throw new TRPCError({ code: "BAD_REQUEST", message: "Tenant context required" });
+    }
+    // Validate tenant access for session-cookie users (bearer token users have server-assigned tenantId).
+    if (!ctx.user.id.startsWith("token:")) {
+        if (!_orgMemberRepo) {
+            throw new TRPCError({
+                code: "INTERNAL_SERVER_ERROR",
+                message: "Server misconfiguration: org member repository not wired",
+            });
+        }
+        const allowed = await validateTenantAccess(ctx.user.id, ctx.tenantId, _orgMemberRepo);
+        if (!allowed) {
+            throw new TRPCError({ code: "FORBIDDEN", message: "Not authorized for this tenant" });
+        }
+    }
+    return next({ ctx: { user: ctx.user, tenantId: ctx.tenantId } });
+});
+/** Procedure that requires authentication + a tenant context. */
+export const tenantProcedure = t.procedure.use(isAuthedWithTenant);
+/**
+ * Middleware that enforces org membership for mutations that accept `orgId` in input.
+ * Extracts orgId from rawInput, looks up membership via IOrgMemberRepository.
+ * Must be chained after isAuthed.
+ */
+const isOrgMember = t.middleware(async ({ ctx, next, getRawInput }) => {
+    if (!ctx.user) {
+        throw new TRPCError({ code: "UNAUTHORIZED", message: "Authentication required" });
+    }
+    if (!_orgMemberRepo) {
+        throw new TRPCError({
+            code: "INTERNAL_SERVER_ERROR",
+            message: "Server misconfiguration: org member repository not wired",
+        });
+    }
+    const rawInput = await getRawInput();
+    const parsed = z.object({ orgId: z.string().min(1) }).safeParse(rawInput);
+    if (!parsed.success) {
+        throw new TRPCError({ code: "BAD_REQUEST", message: "orgId is required" });
+    }
+    const member = await _orgMemberRepo.findMember(parsed.data.orgId, ctx.user.id);
+    if (!member) {
+        throw new TRPCError({ code: "FORBIDDEN", message: "Not a member of this organization" });
+    }
+    return next({ ctx: { user: ctx.user, tenantId: ctx.tenantId } });
+});
+/** Procedure that requires authentication + org membership (orgId must be in input). */
+export const orgMemberProcedure = t.procedure.use(isAuthed).use(isOrgMember);

package/dist/trpc/init.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/trpc/init.test.js

@@ -0,0 +1,154 @@
+import { describe, expect, it, vi, beforeEach } from "vitest";
+import { router, createCallerFactory, publicProcedure, protectedProcedure, adminProcedure, tenantProcedure, orgMemberProcedure, setTrpcOrgMemberRepo, } from "./init.js";
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+/** Create a stub org member repository. */
+function makeMockRepo(overrides) {
+    return {
+        listMembers: vi.fn().mockResolvedValue([]),
+        addMember: vi.fn().mockResolvedValue(undefined),
+        updateMemberRole: vi.fn().mockResolvedValue(undefined),
+        removeMember: vi.fn().mockResolvedValue(undefined),
+        findMember: vi.fn().mockResolvedValue(null),
+        countAdminsAndOwners: vi.fn().mockResolvedValue(0),
+        listInvites: vi.fn().mockResolvedValue([]),
+        createInvite: vi.fn().mockResolvedValue(undefined),
+        findInviteById: vi.fn().mockResolvedValue(null),
+        findInviteByToken: vi.fn().mockResolvedValue(null),
+        deleteInvite: vi.fn().mockResolvedValue(undefined),
+        deleteAllMembers: vi.fn().mockResolvedValue(undefined),
+        deleteAllInvites: vi.fn().mockResolvedValue(undefined),
+        ...overrides,
+    };
+}
+/** Build a test router + caller factory exercising all procedure types. */
+const appRouter = router({
+    publicHello: publicProcedure.query(() => "public-ok"),
+    protectedHello: protectedProcedure.query(() => "protected-ok"),
+    adminHello: adminProcedure.query(() => "admin-ok"),
+    tenantHello: tenantProcedure.query(() => "tenant-ok"),
+    orgAction: orgMemberProcedure
+        .input((v) => v)
+        .mutation(() => "org-ok"),
+});
+const createCaller = createCallerFactory(appRouter);
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+describe("tRPC procedure builders", () => {
+    beforeEach(() => {
+        setTrpcOrgMemberRepo(makeMockRepo());
+    });
+    // -----------------------------------------------------------------------
+    // publicProcedure
+    // -----------------------------------------------------------------------
+    describe("publicProcedure", () => {
+        it("allows unauthenticated access", async () => {
+            const caller = createCaller({ user: undefined, tenantId: undefined });
+            expect(await caller.publicHello()).toBe("public-ok");
+        });
+        it("allows authenticated access", async () => {
+            const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+            expect(await caller.publicHello()).toBe("public-ok");
+        });
+    });
+    // -----------------------------------------------------------------------
+    // protectedProcedure
+    // -----------------------------------------------------------------------
+    describe("protectedProcedure", () => {
+        it("rejects unauthenticated requests", async () => {
+            const caller = createCaller({ user: undefined, tenantId: undefined });
+            await expect(caller.protectedHello()).rejects.toThrow("Authentication required");
+        });
+        it("allows authenticated requests", async () => {
+            const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+            expect(await caller.protectedHello()).toBe("protected-ok");
+        });
+    });
+    // -----------------------------------------------------------------------
+    // adminProcedure
+    // -----------------------------------------------------------------------
+    describe("adminProcedure", () => {
+        it("rejects unauthenticated requests", async () => {
+            const caller = createCaller({ user: undefined, tenantId: undefined });
+            await expect(caller.adminHello()).rejects.toThrow("Authentication required");
+        });
+        it("rejects non-admin users", async () => {
+            const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+            await expect(caller.adminHello()).rejects.toThrow("Platform admin role required");
+        });
+        it("allows platform_admin users", async () => {
+            const caller = createCaller({
+                user: { id: "admin1", roles: ["platform_admin"] },
+                tenantId: undefined,
+            });
+            expect(await caller.adminHello()).toBe("admin-ok");
+        });
+    });
+    // -----------------------------------------------------------------------
+    // tenantProcedure
+    // -----------------------------------------------------------------------
+    describe("tenantProcedure", () => {
+        it("rejects unauthenticated requests", async () => {
+            const caller = createCaller({ user: undefined, tenantId: undefined });
+            await expect(caller.tenantHello()).rejects.toThrow("Authentication required");
+        });
+        it("rejects when tenantId is missing", async () => {
+            const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+            await expect(caller.tenantHello()).rejects.toThrow("Tenant context required");
+        });
+        it("allows bearer-token users (token: prefix) without org check", async () => {
+            const caller = createCaller({
+                user: { id: "token:admin", roles: ["admin"] },
+                tenantId: "t1",
+            });
+            expect(await caller.tenantHello()).toBe("tenant-ok");
+        });
+        it("allows session users accessing their personal tenant", async () => {
+            const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: "u1" });
+            expect(await caller.tenantHello()).toBe("tenant-ok");
+        });
+        it("allows session users who are org members", async () => {
+            const repo = makeMockRepo({
+                findMember: vi.fn().mockResolvedValue({ id: "m1", orgId: "org-t", userId: "u1", role: "member", joinedAt: 0 }),
+            });
+            setTrpcOrgMemberRepo(repo);
+            const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: "org-t" });
+            expect(await caller.tenantHello()).toBe("tenant-ok");
+        });
+        it("rejects session users not in the org", async () => {
+            const repo = makeMockRepo({ findMember: vi.fn().mockResolvedValue(null) });
+            setTrpcOrgMemberRepo(repo);
+            const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: "org-other" });
+            await expect(caller.tenantHello()).rejects.toThrow("Not authorized for this tenant");
+        });
+    });
+    // -----------------------------------------------------------------------
+    // orgMemberProcedure
+    // -----------------------------------------------------------------------
+    describe("orgMemberProcedure", () => {
+        it("rejects unauthenticated requests", async () => {
+            const caller = createCaller({ user: undefined, tenantId: undefined });
+            await expect(caller.orgAction({ orgId: "org-1" })).rejects.toThrow("Authentication required");
+        });
+        it("rejects when orgId is missing from input", async () => {
+            const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+            await expect(caller.orgAction({})).rejects.toThrow("orgId is required");
+        });
+        it("rejects non-members", async () => {
+            const repo = makeMockRepo({ findMember: vi.fn().mockResolvedValue(null) });
+            setTrpcOrgMemberRepo(repo);
+            const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+            await expect(caller.orgAction({ orgId: "org-1" })).rejects.toThrow("Not a member of this organization");
+        });
+        it("allows org members", async () => {
+            const repo = makeMockRepo({
+                findMember: vi.fn().mockResolvedValue({ id: "m1", orgId: "org-1", userId: "u1", role: "member", joinedAt: 0 }),
+            });
+            setTrpcOrgMemberRepo(repo);
+            const caller = createCaller({ user: { id: "u1", roles: ["user"] }, tenantId: undefined });
+            expect(await caller.orgAction({ orgId: "org-1" })).toBe("org-ok");
+        });
+    });
+});