valkyr/boilerplate
Template
1
0
Fork 0
Code Issues Wiki Activity

feat: encapsulate identity with better-auth

Browse Source
This commit is contained in:
Kodemon
2025-09-25 13:24:32 +02:00
parent 99111b69eb
commit f2ba21a7e3
48 changed files with 718 additions and 766 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
modules/identity/routes/roles/handle.ts
View File

@@ -1,15 +1,19 @@
import { ForbiddenError } from "@platform/relay";
import { getPrincipalRoles } from "@platform/supertoken/principal.ts";
import UserMetadata from "supertokens-node/recipe/usermetadata";
import { NotFoundError } from "@platform/relay";
import { getPrincipalById, setPrincipalRolesById } from "../../services/database.ts";
import route from "./spec.ts";
export default route.access("session").handle(async ({ params: { id }, body: ops }, { access }) => {
const decision = await access.isAllowed({ kind: "role", id, attr: {} }, "manage");
const principal = await getPrincipalById(id);
if (principal === undefined) {
return new NotFoundError();
}
const decision = await access.isAllowed({ kind: "role", id: principal.id, attr: principal.attr }, "manage");
if (decision === false) {
return new ForbiddenError("You do not have permission to modify roles for this identity.");
}
const roles: Set<string> = new Set(await getPrincipalRoles(id));
const roles: Set<string> = new Set(principal.roles);
for (const op of ops) {
switch (op.type) {
case "add": {
@@ -26,5 +30,5 @@ export default route.access("session").handle(async ({ params: { id }, body: ops
}
}
}
await UserMetadata.updateUserMetadata(id, { roles: Array.from(roles) });
await setPrincipalRolesById(id, Array.from(roles));
});