groombook/app
Archived
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/feature/gro-118-better-auth' into feature/gro-118-better-auth

Browse Source
This commit is contained in:
Flea Flicker
2026-03-28 02:56:58 +00:00
parent 5c0e999fe1 024c882e09
commit 0a194f80af
4 changed files with 48 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/api/src/middleware/rbac.ts
+26 -5
View File
@@ -40,18 +40,29 @@ export const resolveStaffMiddleware: MiddlewareHandler<AppEnv> = async (
await next();
return;
}
// Treat X-Dev-User-Id as the staff database id (the frontend stores staff.id)
// Treat X-Dev-User-Id as the Better-Auth user ID first
const [row] = await db
.select()
.from(staff)
.where(eq(staff.userId, devUserId));
if (row) {
c.set("staff", row);
await next();
return;
}
// Fallback: if userId is null, treat X-Dev-User-Id as staff.id (dev login
// may send the primary key for staff records that predate the userId field)
const [fallbackRow] = await db
.select()
.from(staff)
.where(eq(staff.id, devUserId));
if (!row) {
if (!fallbackRow) {
return c.json(
{ error: "Forbidden: no staff record found for X-Dev-User-Id" },
403
);
}
c.set("staff", row);
c.set("staff", fallbackRow);
await next();
return;
}
@@ -61,13 +72,23 @@ export const resolveStaffMiddleware: MiddlewareHandler<AppEnv> = async (
.select()
.from(staff)
.where(eq(staff.userId, jwt.sub));
if (!row) {
if (row) {
c.set("staff", row);
await next();
return;
}
// Fallback: staff records that predate the userId field may still have oidcSub
const [fallbackRow] = await db
.select()
.from(staff)
.where(eq(staff.oidcSub, jwt.sub));
if (!fallbackRow) {
return c.json(
{ error: "Forbidden: no staff record found for authenticated user" },
403
);
}
c.set("staff", row);
c.set("staff", fallbackRow);
await next();
};
apps/api/src/routes/dev.ts
+1
View File
@@ -20,6 +20,7 @@ devRouter.get("/users", async (c) => {
const staffList = await db
.select({
id: staff.id,
userId: staff.userId,
name: staff.name,
email: staff.email,
role: staff.role,