Migrate ArticleRouter to Authorization Middlewares (#2568)

Author: junlarsen

apps/rpc/src/index.ts

@@ -1,2 +1,4 @@
 export type { AppRouter } from "./app-router"
 export type { Pageable } from "./query"
+
+export type * from "./modules/article/article-router"

apps/rpc/src/middlewares.ts

@@ -14,11 +14,11 @@ type MiddlewareFunction<TContextIn, TContextOut, TInputOut> = trpc.MiddlewareFun
   TInputOut
 >
 
-type ContextWithPrincipal = Context & {
+type WithPrincipal = {
   principal: Exclude<Context["principal"], null>
 }
 
-type ContextWithTransaction = Context & {
+type WithTransaction = {
   handle: DBHandle
 }
 
@@ -27,8 +27,10 @@ type ContextWithTransaction = Context & {
  *
  * Optionally, specify the transaction isolation level, which defaults to read-commited (default in PostgreSQL).
  */
-export function withDatabaseTransaction<TInput>(isolationLevel: Prisma.TransactionIsolationLevel = "ReadCommitted") {
-  const handler: MiddlewareFunction<Context, ContextWithTransaction, TInput> = async ({ ctx, next }) => {
+export function withDatabaseTransaction<TContext extends Context, TInput>(
+  isolationLevel: Prisma.TransactionIsolationLevel = "ReadCommitted"
+) {
+  const handler: MiddlewareFunction<TContext, TContext & WithTransaction, TInput> = async ({ ctx, next }) => {
     return await ctx.prisma.$transaction(
       async (handle) => {
         return await next({
@@ -51,8 +53,8 @@ export function withDatabaseTransaction<TInput>(isolationLevel: Prisma.Transacti
  * Audit log entries are stored in the database for most mutations. We use the audit log to keep track of changes to
  * the application.
  */
-export function withAuditLogEntry<TInput>() {
-  const handler: MiddlewareFunction<ContextWithTransaction, ContextWithTransaction, TInput> = async ({ ctx, next }) => {
+export function withAuditLogEntry<TContext extends Context & WithTransaction, TInput>() {
+  const handler: MiddlewareFunction<TContext, TContext & WithTransaction, TInput> = async ({ ctx, next }) => {
     if (ctx.principal !== null) {
       // We use a PostgreSQL configuration parameter, isolated to the current transaction to tell which user is
       // performing a change. Additionally, we have a PostgreSQL trigger on most tables to insert entries into the
@@ -69,8 +71,8 @@ export function withAuditLogEntry<TInput>() {
 }
 
 /** tRPC Middleware to ensure the caller is signed in */
-export function withAuthentication<TInput>() {
-  const handler: MiddlewareFunction<Context, ContextWithPrincipal, TInput> = async ({ ctx, next }) => {
+export function withAuthentication<TContext extends Context, TInput>() {
+  const handler: MiddlewareFunction<TContext, TContext & WithPrincipal, TInput> = async ({ ctx, next }) => {
     ctx.authorize.requireSignIn()
     // SAFETY: the above call should ensure this.
     invariant(ctx.principal === null)
@@ -88,8 +90,8 @@ export function withAuthentication<TInput>() {
  *
  * See file /src/authorization.ts for more details on the authorization system.
  */
-export function withAuthorization<TInput>(rule: Rule<TInput>) {
-  const handler: MiddlewareFunction<Context, Context, TInput> = async ({ ctx, next, input }) => {
+export function withAuthorization<TContext extends Context, TInput>(rule: Rule<TInput>) {
+  const handler: MiddlewareFunction<TContext, TContext, TInput> = async ({ ctx, next, input }) => {
     async function evaluate<TRuleInput>(rule: Rule<TRuleInput>, context: RuleContext<TRuleInput>): Promise<boolean> {
       return await rule.evaluate(context)
     }

apps/rpc/src/modules/article/article-router.ts

@@ -1,135 +1,187 @@
 import type { PresignedPost } from "@aws-sdk/s3-presigned-post"
 import { ArticleFilterQuerySchema, ArticleSchema, ArticleTagSchema, ArticleWriteSchema } from "@dotkomonline/types"
+import type { inferProcedureInput, inferProcedureOutput } from "@trpc/server"
 import { z } from "zod"
 import { isEditor } from "../../authorization"
 import { withAuditLogEntry, withAuthentication, withAuthorization, withDatabaseTransaction } from "../../middlewares"
 import { BasePaginateInputSchema, PaginateInputSchema } from "../../query"
-import { procedure, staffProcedure, t } from "../../trpc"
+import { procedure, t } from "../../trpc"
 
-export const articleRouter = t.router({
-  create: procedure
-    .input(
-      z.object({
-        article: ArticleWriteSchema,
-        tags: z.array(ArticleTagSchema.shape.name),
-      })
-    )
-    .use(withAuthentication())
-    .use(withAuthorization(isEditor()))
-    .use(withDatabaseTransaction())
-    .use(withAuditLogEntry())
-    .mutation(async ({ input, ctx }) => {
-      const article = await ctx.articleService.create(ctx.handle, input.article)
-      const tags = await ctx.articleService.setTags(ctx.handle, article.id, input.tags)
-      return {
-        ...article,
-        tags,
-      }
-    }),
+export type CreateArticleInput = inferProcedureInput<typeof createArticleProcedure>
+export type CreateArticleOutput = inferProcedureOutput<typeof createArticleProcedure>
+const createArticleProcedure = procedure
+  .input(
+    z.object({
+      article: ArticleWriteSchema,
+      tags: z.array(ArticleTagSchema.shape.name),
+    })
+  )
+  .use(withAuthentication())
+  .use(withAuthorization(isEditor()))
+  .use(withDatabaseTransaction())
+  .use(withAuditLogEntry())
+  .mutation(async ({ input, ctx }) => {
+    const article = await ctx.articleService.create(ctx.handle, input.article)
+    const tags = await ctx.articleService.setTags(ctx.handle, article.id, input.tags)
+    return {
+      ...article,
+      tags,
+    }
+  })
 
-  edit: staffProcedure
-    .input(
-      z.object({
-        id: ArticleSchema.shape.id,
-        input: ArticleWriteSchema.partial(),
-        tags: z.array(ArticleTagSchema.shape.name),
-      })
-    )
-    .mutation(async ({ input, ctx }) => {
-      return ctx.executeAuditedTransaction(async (handle) => {
-        const article = await ctx.articleService.update(handle, input.id, input.input)
-        const tags = await ctx.articleService.setTags(handle, input.id, input.tags)
-        return { ...article, tags }
-      })
-    }),
+export type EditArticleInput = inferProcedureInput<typeof editArticleProcedure>
+export type EditArticleOutput = inferProcedureOutput<typeof editArticleProcedure>
+const editArticleProcedure = procedure
+  .input(
+    z.object({
+      id: ArticleSchema.shape.id,
+      input: ArticleWriteSchema.partial(),
+      tags: z.array(ArticleTagSchema.shape.name),
+    })
+  )
+  .use(withAuthentication())
+  .use(withAuthorization(isEditor()))
+  .use(withDatabaseTransaction())
+  .use(withAuditLogEntry())
+  .mutation(async ({ input, ctx }) => {
+    const article = await ctx.articleService.update(ctx.handle, input.id, input.input)
+    const tags = await ctx.articleService.setTags(ctx.handle, input.id, input.tags)
+    return { ...article, tags }
+  })
 
-  all: procedure
-    .input(PaginateInputSchema)
-    .query(async ({ input, ctx }) =>
-      ctx.executeTransaction(async (handle) => ctx.articleService.findMany(handle, {}, input))
-    ),
+export type AllArticlesInput = inferProcedureInput<typeof allArticlesProcedure>
+export type AllArticlesOutput = inferProcedureOutput<typeof allArticlesProcedure>
+const allArticlesProcedure = procedure
+  .input(PaginateInputSchema)
+  .use(withDatabaseTransaction())
+  .query(async ({ input, ctx }) => ctx.articleService.findMany(ctx.handle, {}, input))
 
-  findArticles: procedure
-    .input(BasePaginateInputSchema.extend({ filters: ArticleFilterQuerySchema }))
-    .query(async ({ input, ctx }) => {
-      const items = await ctx.executeTransaction(async (handle) =>
-        ctx.articleService.findMany(handle, input.filters, input)
-      )
+export type FindArticlesInput = inferProcedureInput<typeof findArticlesProcedure>
+export type FindArticlesOutput = inferProcedureOutput<typeof findArticlesProcedure>
+const findArticlesProcedure = procedure
+  .input(BasePaginateInputSchema.extend({ filters: ArticleFilterQuerySchema }))
+  .use(withDatabaseTransaction())
+  .query(async ({ input, ctx }) => {
+    const items = await ctx.articleService.findMany(ctx.handle, input.filters, input)
 
-      return {
-        items,
-        nextCursor: items.at(-1)?.id,
-      }
-    }),
+    return {
+      items,
+      nextCursor: items.at(-1)?.id,
+    }
+  })
 
-  find: procedure
-    .input(ArticleSchema.shape.id)
-    .query(async ({ input, ctx }) =>
-      ctx.executeTransaction(async (handle) => ctx.articleService.findById(handle, input))
-    ),
+export type FindArticleInput = inferProcedureInput<typeof findArticleProcedure>
+export type FindArticleOutput = inferProcedureOutput<typeof findArticleProcedure>
+const findArticleProcedure = procedure
+  .input(ArticleSchema.shape.id)
+  .use(withDatabaseTransaction())
+  .query(async ({ input, ctx }) => ctx.articleService.findById(ctx.handle, input))
 
-  get: procedure
-    .input(ArticleSchema.shape.id)
-    .query(async ({ input, ctx }) =>
-      ctx.executeTransaction(async (handle) => ctx.articleService.getById(handle, input))
-    ),
+export type GetArticleInput = inferProcedureInput<typeof getArticleProcedure>
+export type GetArticleOutput = inferProcedureOutput<typeof getArticleProcedure>
+const getArticleProcedure = procedure
+  .input(ArticleSchema.shape.id)
+  .use(withDatabaseTransaction())
+  .query(async ({ input, ctx }) => ctx.articleService.getById(ctx.handle, input))
 
-  related: procedure
-    .input(ArticleSchema)
-    .query(async ({ input, ctx }) =>
-      ctx.executeTransaction(async (handle) => ctx.articleService.findRelated(handle, input))
-    ),
+export type FindRelatedArticlesInput = inferProcedureInput<typeof findRelatedArticlesProcedure>
+export type FindRelatedArticlesOutput = inferProcedureOutput<typeof findRelatedArticlesProcedure>
+const findRelatedArticlesProcedure = procedure
+  .input(ArticleSchema)
+  .use(withDatabaseTransaction())
+  .query(async ({ input, ctx }) => ctx.articleService.findRelated(ctx.handle, input))
 
-  featured: procedure.query(async ({ ctx }) =>
-    ctx.executeTransaction(async (handle) => ctx.articleService.findFeatured(handle))
-  ),
+export type FindFeaturedArticlesInput = inferProcedureInput<typeof findFeaturedArticlesProcedure>
+export type FindFeaturedArticlesOutput = inferProcedureOutput<typeof findFeaturedArticlesProcedure>
+const findFeaturedArticlesProcedure = procedure
+  .use(withDatabaseTransaction())
+  .query(async ({ ctx }) => ctx.articleService.findFeatured(ctx.handle))
 
-  getTags: procedure.query(async ({ ctx }) =>
-    ctx.executeTransaction(async (handle) => ctx.articleService.getTags(handle))
-  ),
+export type GetArticleTagsInput = inferProcedureInput<typeof getArticleTagsProcedure>
+export type GetArticleTagsOutput = inferProcedureOutput<typeof getArticleTagsProcedure>
+const getArticleTagsProcedure = procedure
+  .use(withDatabaseTransaction())
+  .query(async ({ ctx }) => ctx.articleService.getTags(ctx.handle))
 
-  findTagsOrderedByPopularity: procedure.query(async ({ ctx }) =>
-    ctx.executeTransaction(async (handle) => ctx.articleService.findTagsOrderedByPopularity(handle))
-  ),
+export type FindArticleTagsOrderedByPopularityInput = inferProcedureInput<
+  typeof findArticleTagsOrderedByPopularityProcedure
+>
+export type FindArticleTagsOrderedByPopularityOutput = inferProcedureOutput<
+  typeof findArticleTagsOrderedByPopularityProcedure
+>
+const findArticleTagsOrderedByPopularityProcedure = procedure
+  .use(withDatabaseTransaction())
+  .query(async ({ ctx }) => ctx.articleService.findTagsOrderedByPopularity(ctx.handle))
 
-  addTag: staffProcedure
-    .input(
-      z.object({
-        id: ArticleSchema.shape.id,
-        tag: ArticleTagSchema.shape.name,
-      })
-    )
-    .mutation(async ({ input, ctx }) => {
-      return ctx.executeAuditedTransaction(async (handle) => ctx.articleService.addTag(handle, input.id, input.tag))
-    }),
+export type AddArticleTagInput = inferProcedureInput<typeof addArticleTagProcedure>
+export type AddArticleTagOutput = inferProcedureOutput<typeof addArticleTagProcedure>
+const addArticleTagProcedure = procedure
+  .input(
+    z.object({
+      id: ArticleSchema.shape.id,
+      tag: ArticleTagSchema.shape.name,
+    })
+  )
+  .use(withAuthentication())
+  .use(withAuthorization(isEditor()))
+  .use(withDatabaseTransaction())
+  .use(withAuditLogEntry())
+  .mutation(async ({ input, ctx }) => {
+    return ctx.articleService.addTag(ctx.handle, input.id, input.tag)
+  })
 
-  removeTag: staffProcedure
-    .input(
-      z.object({
-        id: ArticleSchema.shape.id,
-        tag: ArticleTagSchema.shape.name,
-      })
-    )
-    .mutation(async ({ input, ctx }) => {
-      return ctx.executeAuditedTransaction(async (handle) => ctx.articleService.removeTag(handle, input.id, input.tag))
-    }),
+export type RemoveArticleTagInput = inferProcedureInput<typeof removeArticleTagProcedure>
+export type RemoveArticleTagOutput = inferProcedureOutput<typeof removeArticleTagProcedure>
+const removeArticleTagProcedure = procedure
+  .input(
+    z.object({
+      id: ArticleSchema.shape.id,
+      tag: ArticleTagSchema.shape.name,
+    })
+  )
+  .use(withAuthentication())
+  .use(withAuthorization(isEditor()))
+  .use(withDatabaseTransaction())
+  .use(withAuditLogEntry())
+  .mutation(async ({ input, ctx }) => {
+    return ctx.articleService.removeTag(ctx.handle, input.id, input.tag)
+  })
 
-  createFileUpload: staffProcedure
-    .input(
-      z.object({
-        filename: z.string(),
-        contentType: z.string(),
-      })
+export type CreateArticleFileUploadInput = inferProcedureInput<typeof createArticleFileUploadProcedure>
+export type CreateArticleFileUploadOutput = inferProcedureOutput<typeof createArticleFileUploadProcedure>
+const createArticleFileUploadProcedure = procedure
+  .input(
+    z.object({
+      filename: z.string(),
+      contentType: z.string(),
+    })
+  )
+  .output(z.custom<PresignedPost>())
+  .use(withAuthentication())
+  .use(withAuthorization(isEditor()))
+  .use(withDatabaseTransaction())
+  .use(withAuditLogEntry())
+  .mutation(async ({ input, ctx }) => {
+    return await ctx.articleService.createFileUpload(
+      ctx.handle,
+      input.filename,
+      input.contentType,
+      ctx.principal.subject
     )
-    .output(z.custom<PresignedPost>())
-    .mutation(async ({ input, ctx }) => {
-      return ctx.executeTransaction(async (handle) => {
-        return await ctx.articleService.createFileUpload(
-          handle,
-          input.filename,
-          input.contentType,
-          ctx.principal.subject
-        )
-      })
-    }),
+  })
+
+export const articleRouter = t.router({
+  create: createArticleProcedure,
+  edit: editArticleProcedure,
+  all: allArticlesProcedure,
+  findArticles: findArticlesProcedure,
+  find: findArticleProcedure,
+  get: getArticleProcedure,
+  related: findRelatedArticlesProcedure,
+  featured: findFeaturedArticlesProcedure,
+  getTags: getArticleTagsProcedure,
+  findTagsOrderedByPopularity: findArticleTagsOrderedByPopularityProcedure,
+  addTag: addArticleTagProcedure,
+  removeTag: removeArticleTagProcedure,
+  createFileUpload: createArticleFileUploadProcedure,
 })