✨ Protect routes and procedures

2025-11-14 17:26:26 +01:00 · 2023-08-05 15:30:59 +02:00
parent 5b1b36eecc
commit cf057505ec
10 changed files with 209 additions and 43 deletions
--- a/src/server/api/routers/board.ts
+++ b/src/server/api/routers/board.ts
@@ -1,11 +1,11 @@
 import fs from 'fs';

-import { createTRPCRouter, publicProcedure } from '../trpc';
+import { createTRPCRouter, protectedProcedure, publicProcedure } from '../trpc';

 import { getFrontendConfig } from '~/tools/config/getFrontendConfig';

 export const boardRouter = createTRPCRouter({
-  all: publicProcedure.query(async ({ ctx }) => {
+  all: protectedProcedure.query(async ({ ctx }) => {
    const files = fs.readdirSync('./data/configs').filter((file) => file.endsWith('.json'));

    const userSettings = await ctx.prisma.userSettings.findUniqueOrThrow({
--- a/src/server/api/routers/password.ts
+++ b/src/server/api/routers/password.ts
@@ -1,9 +1,9 @@
 import { generate } from 'generate-password';

-import { createTRPCRouter, publicProcedure } from "../trpc";
+import { adminProcedure, createTRPCRouter } from '../trpc';

 export const passwordRouter = createTRPCRouter({
-  generate: publicProcedure.mutation(() => {
+  generate: adminProcedure.mutation(() => {
    return generate({
      strict: true,
      numbers: true,
@@ -11,7 +11,7 @@ export const passwordRouter = createTRPCRouter({
      uppercase: true,
      symbols: true,
      excludeSimilarCharacters: true,
-      length: 16
-    })
+      length: 16,
+    });
  }),
-});
+});
--- a/src/server/api/routers/user.ts
+++ b/src/server/api/routers/user.ts
@@ -11,7 +11,13 @@ import {
 } from '~/validations/user';

 import { COOKIE_COLOR_SCHEME_KEY, COOKIE_LOCALE_KEY } from '../../../../data/constants';
-import { TRPCContext, createTRPCRouter, protectedProcedure, publicProcedure } from '../trpc';
+import {
+  TRPCContext,
+  adminProcedure,
+  createTRPCRouter,
+  protectedProcedure,
+  publicProcedure,
+} from '../trpc';

 export const userRouter = createTRPCRouter({
  createAdminAccount: publicProcedure.input(signUpFormSchema).mutation(async ({ ctx, input }) => {
@@ -182,7 +188,7 @@ export const userRouter = createTRPCRouter({
      });
    }),

-  makeDefaultDashboard: publicProcedure
+  makeDefaultDashboard: protectedProcedure
    .input(z.object({ board: z.string() }))
    .mutation(async ({ ctx, input }) => {
      await ctx.prisma.userSettings.update({
@@ -195,7 +201,7 @@ export const userRouter = createTRPCRouter({
      });
    }),

-  all: publicProcedure
+  all: adminProcedure
    .input(
      z.object({
        limit: z.number().min(1).max(100).default(10),
@@ -236,11 +242,11 @@ export const userRouter = createTRPCRouter({
        countPages: Math.ceil(countUsers / limit),
      };
    }),
-  create: publicProcedure.input(createNewUserSchema).mutation(async ({ ctx, input }) => {
+  create: adminProcedure.input(createNewUserSchema).mutation(async ({ ctx, input }) => {
    await createUserInNotExist(ctx, input);
  }),

-  deleteUser: publicProcedure
+  deleteUser: adminProcedure
    .input(
      z.object({
        userId: z.string(),