groombook/app
Archived
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(api): update resolveStaffMiddleware for Better-Auth userId (GRO-118)

Browse Source 
- Remove JwtPayload import; use inline type in AppEnv
- Production and dev mode lookups now use staff.userId (not oidcSub)
- Backward compat: jwtPayload.sub now = Better-Auth user ID

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Paperclip
2026-03-27 20:41:19 +00:00
parent ec61b3ae4a
commit d235e44f8c
1 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/api/src/middleware/rbac.ts
+6 -7
View File
@@ -1,13 +1,12 @@
import type { MiddlewareHandler } from "hono";
import { eq, getDb, staff } from "@groombook/db";
import type { JwtPayload } from "./auth.js";
export type StaffRole = "groomer" | "receptionist" | "manager";
export type StaffRow = typeof staff.$inferSelect;
export interface AppEnv {
Variables: {
jwtPayload: JwtPayload;
jwtPayload: { sub: string; email?: string; name?: string };
staff: StaffRow;
};
}
@@ -16,8 +15,8 @@ export interface AppEnv {
* Resolves the authenticated staff record from the DB and stores it in context.
* Must be applied after authMiddleware on all protected routes.
*
* Dev mode (AUTH_DISABLED=true): resolves staff by X-Dev-User-Id header (treated
* as oidcSub), or falls back to the first manager in the DB.
* Dev mode (AUTH_DISABLED=true): resolves staff by X-Dev-User-Id header (Better-Auth
* user ID), or falls back to the first manager in the DB.
*/
export const resolveStaffMiddleware: MiddlewareHandler<AppEnv> = async (
c,
@@ -41,11 +40,11 @@ export const resolveStaffMiddleware: MiddlewareHandler<AppEnv> = async (
await next();
return;
}
// Treat X-Dev-User-Id as the oidcSub
// Treat X-Dev-User-Id as the Better-Auth user ID
const [row] = await db
.select()
.from(staff)
.where(eq(staff.oidcSub, devUserId));
.where(eq(staff.userId, devUserId));
if (!row) {
return c.json(
{ error: "Forbidden: no staff record found for X-Dev-User-Id" },
@@ -61,7 +60,7 @@ export const resolveStaffMiddleware: MiddlewareHandler<AppEnv> = async (
const [row] = await db
.select()
.from(staff)
.where(eq(staff.oidcSub, jwt.sub));
.where(eq(staff.userId, jwt.sub));
if (!row) {
return c.json(
{ error: "Forbidden: no staff record found for authenticated user" },