sandboxnu · jpraissman · Oct 23, 2024 · Oct 6, 2024 · Oct 6, 2024 · Oct 13, 2024
diff --git a/bun.lockb b/bun.lockb
diff --git a/packages/trpc/package.json b/packages/trpc/package.json
@@ -31,6 +31,7 @@
     "@trpc/client": "11.0.0-rc.544",
     "@trpc/react-query": "11.0.0-rc.544",
     "@trpc/server": "11.0.0-rc.544",
+    "next": "^14.2.12",
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
     "server-only": "^0.0.1",

diff --git a/packages/trpc/src/internal/init.ts b/packages/trpc/src/internal/init.ts
@@ -1,5 +1,6 @@
 import React from "react";
-import { initTRPC } from "@trpc/server";
+import { cookies } from "next/headers";
+import { initTRPC, TRPCError } from "@trpc/server";
 import SuperJSON from "superjson";
 
 import { prisma } from "@good-dog/db";
@@ -26,5 +27,37 @@ const t = initTRPC.context<ReturnType<typeof createTRPCContext>>().create({
 
 // Base router and procedure helpers
 export const createTRPCRouter = t.router;
-export const baseProcedureBuilder = t.procedure;
 export const createCallerFactory = t.createCallerFactory;
+
+// Procedure builders
+export const baseProcedureBuilder = t.procedure;
+export const authenticatedProcedureBuilder = baseProcedureBuilder.use(
+  async ({ ctx, next }) => {
+    const sessionToken = cookies().get("sessionToken");
+
+    if (!sessionToken) {
+      throw new TRPCError({ code: "UNAUTHORIZED" });
+    }
+
+    const sessionOrNull = await ctx.prisma.session.findUnique({
+      where: {
+        id: parseInt(sessionToken.value),
+      },
+      include: {
+        user: true,
+      },
+    });
+
+    if (!sessionOrNull || sessionOrNull.expiresAt < new Date()) {
+      // Session expired or not found
+      throw new TRPCError({ code: "UNAUTHORIZED" });
+    }
+
+    return next({
+      ctx: {
+        ...ctx,
+        user: sessionOrNull.user,
+      },
+    });
+  },
+);
diff --git a/packages/trpc/src/internal/router.ts b/packages/trpc/src/internal/router.ts
@@ -4,13 +4,15 @@ import {
   signOutProcedure,
   signUpProcedure,
 } from "../procedures/auth";
+import { getAuthenticatedUserProcedure } from "../procedures/user";
 import { createTRPCRouter } from "./init";
 
 export const appRouter = createTRPCRouter({
   signIn: signInProcedure,
   signOut: signOutProcedure,
   signUp: signUpProcedure,
   deleteAccount: deleteAccountIfExistsProcedure,
+  user: getAuthenticatedUserProcedure,
 });
 
 export type AppRouter = typeof appRouter;
diff --git a/packages/trpc/src/procedures/user.ts b/packages/trpc/src/procedures/user.ts
@@ -0,0 +1,6 @@
+import { authenticatedProcedureBuilder } from "../internal/init";
+
+export const getAuthenticatedUserProcedure =
+  authenticatedProcedureBuilder.query(({ ctx }) => {
+    return ctx.user;
+  });
diff --git a/tests/README.md b/tests/README.md
@@ -1 +1,16 @@
-..
+# Tests
+
+## Mocks
+
+### MockNextCookies
+
+This is a mock for the cookies function in next/headers. In your tests, just instantiate
+a new MockNextCookies object, set the cookies you would like, and run the apply() method
+on the newly created object.
+
+Example usage:
+
+<pre>const cookies = new MockNextCookies();
+cookies.set("myKey", "myValue");
+cookies.apply();
+... rest of your test</pre>
diff --git a/tests/auth/get-authenticated-user.test.ts b/tests/auth/get-authenticated-user.test.ts
@@ -0,0 +1,142 @@
+import { afterAll, beforeAll, expect, test } from "bun:test";
+
+import { prisma } from "@good-dog/db";
+import { _trpcCaller } from "@good-dog/trpc/server";
+
+import { MockNextCookies } from "../mocks/MockNextCookies";
+
+// Seeds the database before running the tests
+beforeAll(async () => {
+  const person1 = await prisma.user.upsert({
+    where: { email: "person1@prisma.io" },
+    update: {},
+    create: {
+      email: "person1@prisma.io",
+      name: "Person 1",
+      password: "person1Password",
+    },
+  });
+  await prisma.session.upsert({
+    where: { id: 500 },
+    update: {
+      expiresAt: new Date(
+        new Date().setFullYear(new Date().getFullYear() + 10),
+      ),
+    },
+    create: {
+      userId: person1.id,
+      id: 500,
+      expiresAt: new Date(
+        new Date().setFullYear(new Date().getFullYear() + 10),
+      ),
+    },
+  });
+
+  const person2 = await prisma.user.upsert({
+    where: { email: "person2@gmail.com" },
+    update: {},
+    create: {
+      email: "person2@gmail.com",
+      name: "Person2 Jones",
+      password: "person2Password",
+    },
+  });
+  await prisma.session.upsert({
+    where: { id: 501 },
+    update: {
+      expiresAt: new Date(new Date().setFullYear(new Date().getFullYear() - 1)),
+    },
+    create: {
+      userId: person2.id,
+      id: 501,
+      expiresAt: new Date(new Date().setFullYear(new Date().getFullYear() - 1)),
+    },
+  });
+  await prisma.session.upsert({
+    where: { id: 502 },
+    update: {
+      expiresAt: new Date(
+        new Date().setFullYear(new Date().getFullYear() + 10),
+      ),
+    },
+    create: {
+      userId: person2.id,
+      id: 502,
+      expiresAt: new Date(
+        new Date().setFullYear(new Date().getFullYear() + 10),
+      ),
+    },
+  });
+});
+
+test("Correct user is returned when they have a valid session.", async () => {
+  // Set the cookies
+  const cookies = new MockNextCookies();
+  cookies.set("sessionToken", "500");
+  await cookies.apply();
+
+  const user = await _trpcCaller.user();
+
+  expect(user.email).toEqual("person1@prisma.io");
+});
+
+test("Correct user is returned when they have multiple sessions and one is valid.", async () => {
+  // Set the cookies
+  const cookies = new MockNextCookies();
+  cookies.set("sessionToken", "502");
+  await cookies.apply();
+
+  const user = await _trpcCaller.user();
+
+  expect(user.email).toEqual("person2@gmail.com");
+});
+
+test("'UNAUTHORIZED' error is thrown when no session is found for the token.", async () => {
+  // Set the cookies
+  const cookies = new MockNextCookies();
+  cookies.set("sessionToken", "503");
+  await cookies.apply();
+
+  const getUser = async () => await _trpcCaller.user();
+
+  expect(getUser).toThrow("UNAUTHORIZED");
+});
+
+test("'UNAUTHORIZED' error is thrown when there is no 'sessionToken' cookie.", async () => {
+  const cookies = new MockNextCookies();
+  await cookies.apply();
+
+  const getUser = async () => await _trpcCaller.user();
+
+  expect(getUser).toThrow("UNAUTHORIZED");
+});
+
+test("'UNAUTHORIZED' error is thrown when session is expired.", async () => {
+  // Set the cookies
+  const cookies = new MockNextCookies();
+  cookies.set("sessionToken", "501");
+  await cookies.apply();
+
+  const getUser = async () => await _trpcCaller.user();
+
+  expect(getUser).toThrow("UNAUTHORIZED");
+});
+
+// Delete the records created for these tests
+afterAll(async () => {
+  await prisma.session.delete({
+    where: { id: 500 },
+  });
+  await prisma.session.delete({
+    where: { id: 501 },
+  });
+  await prisma.session.delete({
+    where: { id: 502 },
+  });
+  await prisma.user.delete({
+    where: { email: "person1@prisma.io" },
+  });
+  await prisma.user.delete({
+    where: { email: "person2@gmail.com" },
+  });
+});
diff --git a/tests/mocks/MockNextCookies.ts b/tests/mocks/MockNextCookies.ts
@@ -0,0 +1,29 @@
+import { mock } from "bun:test";
+
+// A mock for the cookies function in the NextJS next/header module.
+export class MockNextCookies {
+  private cookiesMap: Map<string, string>;
+
+  constructor() {
+    this.cookiesMap = new Map<string, string>();
+  }
+
+  // Applies this mock to be the cookies used by the next/header module. This method
+  // must be called in order for this mock to be applied.
+  async apply(): Promise<void> {
+    await mock.module("next/headers", () => ({
+      cookies: () => this,
+    }));
+  }
+
+  set(key: string, value: string): void {
+    this.cookiesMap.set(key, value);
+  }
+
+  get(key: string): { value: string | undefined } {
+    const requestCookie = {
+      value: this.cookiesMap.get(key),
+    };
+    return requestCookie;
+  }
+}