feat(plugins): add Clerk plugin to manage users with webhooks

Jeroen Peeters · Jeroen Peeters · commit 681b1dbc4e94 · 2025-02-23T22:42:47.000+01:00
chore: update pnpm-lock.yaml with new package resolutions
diff --git a/dist/plugins.ts b/dist/plugins.ts
@@ -5,3 +5,4 @@ export { StripeSubscriptionPlugin } from '../plugins/stripe'
 export { ChangeDataCapturePlugin } from '../plugins/cdc'
 export { QueryLogPlugin } from '../plugins/query-log'
 export { ResendPlugin } from '../plugins/resend'
+export { ClerkPlugin } from '../plugins/clerk'
diff --git a/package.json b/package.json
@@ -58,6 +58,7 @@
         "mysql2": "^3.11.4",
         "node-sql-parser": "^4.18.0",
         "pg": "^8.13.1",
+        "svix": "^1.59.2",
         "tailwind-merge": "^2.6.0",
         "vite": "^5.4.11"
     },
diff --git a/plugins/clerk/README.md b/plugins/clerk/README.md
@@ -0,0 +1,39 @@
+# Clerk Plugin
+
+The Clerk Plugin for Starbase provides a quick and simple way for applications to add Clerk user information to their database.
+
+For more information on how to setup webhooks for your Clerk instance, please refer to their excellent [guide](https://clerk.com/docs/webhooks/sync-data).
+
+## Usage
+
+Add the ClerkPlugin plugin to your Starbase configuration:
+
+```typescript
+import { ClerkPlugin } from './plugins/clerk'
+const plugins = [
+    // ... other plugins
+    new ClerkPlugin({
+        clerkInstanceId: 'ins_**********',
+        clerkSigningSecret: 'whsec_**********',
+    }),
+] satisfies StarbasePlugin[]
+```
+
+## Configuration Options
+
+| Option               | Type   | Default | Description                                                                             |
+| -------------------- | ------ | ------- | --------------------------------------------------------------------------------------- |
+| `clerkInstanceId`    | string | `null`  | Access your instance ID from  (https://dashboard.clerk.com/last-active?path=settings)   |
+| `clerkSigningSecret` | string | `null`  | Access your signing secret from (https://dashboard.clerk.com/last-active?path=webhooks) |
+
+## How To Use
+
+### Webhook Setup
+
+For our Starbase instance to receive webhook events when user information changes, we need to add our plugin endpoint to Clerk.
+
+1. Visit the Webhooks page for your Clerk instance: https://dashboard.clerk.com/last-active?path=webhooks
+2. Add a new endpoint with the following settings:
+    - URL: `https://<your-starbase-instance-url>/clerk/webhook`
+    - Events: `User`
+3. Save by clicking "Create"
diff --git a/plugins/clerk/index.ts b/plugins/clerk/index.ts
@@ -0,0 +1,141 @@
+import { Webhook } from 'svix'
+import { StarbaseApp, StarbaseContext } from '../../src/handler'
+import { StarbasePlugin } from '../../src/plugin'
+import { createResponse } from '../../src/utils'
+import CREATE_TABLE from './sql/create-table.sql'
+import UPSERT_USER from './sql/upsert-user.sql'
+import GET_USER_INFORMATION from './sql/get-user-information.sql'
+import DELETE_USER from './sql/delete-user.sql'
+
+type ClerkEvent = {
+    instance_id: string
+} & (
+    | {
+          type: 'user.created' | 'user.updated'
+          data: {
+              id: string
+              first_name: string
+              last_name: string
+              email_addresses: Array<{
+                  id: string
+                  email_address: string
+              }>
+              primary_email_address_id: string
+          }
+      }
+    | {
+          type: 'user.deleted'
+          data: { id: string }
+      }
+)
+
+const SQL_QUERIES = {
+    CREATE_TABLE,
+    UPSERT_USER,
+    GET_USER_INFORMATION, // Currently not used, but can be turned into an endpoint
+    DELETE_USER,
+}
+
+export class ClerkPlugin extends StarbasePlugin {
+    context?: StarbaseContext
+    pathPrefix: string = '/clerk'
+    clerkInstanceId?: string
+    clerkSigningSecret: string
+
+    constructor(opts?: {
+        clerkInstanceId?: string
+        clerkSigningSecret: string
+    }) {
+        super('starbasedb:clerk', {
+            // The `requiresAuth` is set to false to allow for the webhooks sent by Clerk to be accessible
+            requiresAuth: false,
+        })
+        if (!opts?.clerkSigningSecret) {
+            throw new Error('A signing secret is required for this plugin.')
+        }
+        this.clerkInstanceId = opts.clerkInstanceId
+        this.clerkSigningSecret = opts.clerkSigningSecret
+    }
+
+    override async register(app: StarbaseApp) {
+        app.use(async (c, next) => {
+            this.context = c
+            const dataSource = c?.get('dataSource')
+
+            // Create user table if it doesn't exist
+            await dataSource?.rpc.executeQuery({
+                sql: SQL_QUERIES.CREATE_TABLE,
+                params: [],
+            })
+
+            await next()
+        })
+
+        // Webhook to handle Clerk events
+        app.post(`${this.pathPrefix}/webhook`, async (c) => {
+            const wh = new Webhook(this.clerkSigningSecret)
+            const svix_id = c.req.header('svix-id')
+            const svix_signature = c.req.header('svix-signature')
+            const svix_timestamp = c.req.header('svix-timestamp')
+
+            if (!svix_id || !svix_signature || !svix_timestamp) {
+                return createResponse(
+                    undefined,
+                    'Missing required headers: svix-id, svix-signature, svix-timestamp',
+                    400
+                )
+            }
+
+            const body = await c.req.text()
+            const dataSource = this.context?.get('dataSource')
+
+            try {
+                const event = wh.verify(body, {
+                    'svix-id': svix_id,
+                    'svix-timestamp': svix_timestamp,
+                    'svix-signature': svix_signature,
+                }) as ClerkEvent
+
+                if (this.clerkInstanceId && 'instance_id' in event && event.instance_id !== this.clerkInstanceId) {
+                    return createResponse(
+                        undefined,
+                        'Invalid instance ID',
+                        401
+                    )
+                }
+                
+                if (event.type === 'user.deleted') {
+                    const { id } = event.data
+
+                    await dataSource?.rpc.executeQuery({
+                        sql: SQL_QUERIES.DELETE_USER,
+                        params: [id],
+                    })
+                } else if (
+                    event.type === 'user.updated' ||
+                    event.type === 'user.created'
+                ) {
+                    const { id, first_name, last_name, email_addresses, primary_email_address_id } = event.data
+
+                    const email = email_addresses.find(
+                        (email: any) => email.id === primary_email_address_id
+                    )?.email_address
+
+                    await dataSource?.rpc.executeQuery({
+                        sql: SQL_QUERIES.UPSERT_USER,
+                        params: [id, email, first_name, last_name],
+                    })
+                }
+
+                return createResponse({ success: true }, undefined, 200)
+            } catch (error: any) {
+                console.error('Webhook processing error:', error)
+                return createResponse(
+                    undefined,
+                    `Webhook processing failed: ${error.message}`,
+                    400
+                )
+            }
+        })
+    }
+}
diff --git a/plugins/clerk/meta.json b/plugins/clerk/meta.json
@@ -0,0 +1,25 @@
+{
+    "version": "1.0.0",
+    "resources": {
+        "tables": {
+            "user": [
+                "user_id",
+                "email",
+                "first_name",
+                "last_name",
+                "created_at",
+                "updated_at",
+                "deleted_at"
+            ]
+        },
+        "secrets": {},
+        "variables": {}
+    },
+    "dependencies": {
+        "tables": {
+            "*": ["user_id"]
+        },
+        "secrets": {},
+        "variables": {}
+    }
+}
diff --git a/plugins/clerk/sql/create-table.sql b/plugins/clerk/sql/create-table.sql
@@ -0,0 +1,9 @@
+CREATE TABLE IF NOT EXISTS user (
+    user_id TEXT PRIMARY KEY,
+    email TEXT NOT NULL,
+    first_name TEXT,
+    last_name TEXT,
+    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+    updated_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+    deleted_at DATETIME DEFAULT NULL
+)
diff --git a/plugins/clerk/sql/delete-user.sql b/plugins/clerk/sql/delete-user.sql
@@ -0,0 +1,3 @@
+UPDATE user 
+SET deleted_at = CURRENT_TIMESTAMP 
+WHERE user_id = ? AND deleted_at IS NULL
diff --git a/plugins/clerk/sql/get-user-information.sql b/plugins/clerk/sql/get-user-information.sql
@@ -0,0 +1,2 @@
+SELECT email, first_name, last_name FROM user 
+WHERE user_id = ? AND deleted_at IS NULL
diff --git a/plugins/clerk/sql/upsert-user.sql b/plugins/clerk/sql/upsert-user.sql
@@ -0,0 +1,8 @@
+INSERT INTO user (user_id, email, first_name, last_name)
+VALUES (?, ?, ?, ?)
+ON CONFLICT(user_id) DO UPDATE SET
+email = excluded.email,
+first_name = excluded.first_name,
+last_name = excluded.last_name,
+updated_at = CURRENT_TIMESTAMP,
+deleted_at = NULL
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/src/index.ts b/src/index.ts

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+UPDATE user`
	`2`	`+SET deleted_at = CURRENT_TIMESTAMP`
	`3`	`+WHERE user_id = ? AND deleted_at IS NULL`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+SELECT email, first_name, last_name FROM user`
	`2`	`+WHERE user_id = ? AND deleted_at IS NULL`