diff --git a/apps/atrium-telegram/server/api/auth/me.get.ts b/apps/atrium-telegram/server/api/auth/me.get.ts index 4c77d125..9f30920a 100644 --- a/apps/atrium-telegram/server/api/auth/me.get.ts +++ b/apps/atrium-telegram/server/api/auth/me.get.ts @@ -1,17 +1,5 @@ import { repository } from '@roll-stack/database' export default defineEventHandler(async (event) => { - try { - const user = event.context.user - if (!user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - - return repository.user.find(user.id) - } catch (error) { - throw errorResolver(error) - } + return repository.user.find(event.context.user.id) }) diff --git a/apps/atrium-telegram/server/api/epic/comment/id/[commentId]/index.delete.ts b/apps/atrium-telegram/server/api/epic/comment/id/[commentId]/index.delete.ts index e29d97e4..03128ae0 100644 --- a/apps/atrium-telegram/server/api/epic/comment/id/[commentId]/index.delete.ts +++ b/apps/atrium-telegram/server/api/epic/comment/id/[commentId]/index.delete.ts @@ -10,14 +10,6 @@ export default defineEventHandler(async (event) => { }) } - const user = event.context.user - if (!user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - // Guard: not this user const commentInDB = await repository.epic.findComment(commentId) if (!commentInDB) { @@ -26,7 +18,7 @@ export default defineEventHandler(async (event) => { message: 'Not found', }) } - if (commentInDB.userId !== user.id) { + if (commentInDB.userId !== event.context.user.id) { throw createError({ statusCode: 400, message: 'Not your comment', diff --git a/apps/atrium-telegram/server/api/epic/id/[epicId]/comment.post.ts b/apps/atrium-telegram/server/api/epic/id/[epicId]/comment.post.ts index 633783f6..d9a3aae4 100644 --- a/apps/atrium-telegram/server/api/epic/id/[epicId]/comment.post.ts +++ b/apps/atrium-telegram/server/api/epic/id/[epicId]/comment.post.ts @@ -12,14 +12,6 @@ export default defineEventHandler(async (event) => { }) } - const user = event.context.user - if (!user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - const body = await readBody(event) const data = createEpicCommentSchema(body) if (data instanceof type.errors) { @@ -28,7 +20,7 @@ export default defineEventHandler(async (event) => { const comment = await repository.epic.createComment({ ...data, - userId: user.id, + userId: event.context.user.id, epicId, }) diff --git a/apps/atrium-telegram/server/api/epic/id/[epicId]/index.patch.ts b/apps/atrium-telegram/server/api/epic/id/[epicId]/index.patch.ts index 0f82b301..ba77c8e2 100644 --- a/apps/atrium-telegram/server/api/epic/id/[epicId]/index.patch.ts +++ b/apps/atrium-telegram/server/api/epic/id/[epicId]/index.patch.ts @@ -12,14 +12,6 @@ export default defineEventHandler(async (event) => { }) } - const user = event.context.user - if (!user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - const body = await readBody(event) const data = updateEpicSchema(body) if (data instanceof type.errors) { diff --git a/apps/atrium-telegram/server/api/epic/index.post.ts b/apps/atrium-telegram/server/api/epic/index.post.ts index cca5db31..53c261af 100644 --- a/apps/atrium-telegram/server/api/epic/index.post.ts +++ b/apps/atrium-telegram/server/api/epic/index.post.ts @@ -10,17 +10,9 @@ export default defineEventHandler(async (event) => { throw data } - const user = event.context.user - if (!user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - const epic = await repository.epic.create({ ...data, - userId: user.id, + userId: event.context.user.id, }) if (!epic) { throw createError({ @@ -30,17 +22,17 @@ export default defineEventHandler(async (event) => { } // Notify all staff - if (user.type === 'staff') { + if (event.context.user.type === 'staff') { const users = await repository.user.list() - const allStaffExceptUser = users.filter((u) => u.type === 'staff' && u.id !== user.id) + const allStaffExceptUser = users.filter((u) => u.type === 'staff' && u.id !== event.context.user.id) for (const staff of allStaffExceptUser) { await repository.notification.create({ - authorId: user.id, + authorId: event.context.user.id, userId: staff.id, epicId: epic.id, type: 'epic_created', - title: `${suffixByGender(['Создал', 'Создала'], user.gender)} эпик «${epic.title}»`, + title: `${suffixByGender(['Создал', 'Создала'], event.context.user.gender)} эпик «${epic.title}»`, description: epic.description ? epic.description : 'Без описания', }) } diff --git a/apps/atrium-telegram/server/api/epic/list.get.ts b/apps/atrium-telegram/server/api/epic/list.get.ts index 5a0e33d2..9c2eb56a 100644 --- a/apps/atrium-telegram/server/api/epic/list.get.ts +++ b/apps/atrium-telegram/server/api/epic/list.get.ts @@ -1,13 +1,5 @@ import { repository } from '@roll-stack/database' -export default defineEventHandler(async (event) => { - const user = event.context.user - if (!user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - +export default defineEventHandler(async () => { return repository.epic.list() }) diff --git a/apps/atrium-telegram/server/api/notification/id/[notificationId]/viewed.post.ts b/apps/atrium-telegram/server/api/notification/id/[notificationId]/viewed.post.ts index 97b18d71..17cf559e 100644 --- a/apps/atrium-telegram/server/api/notification/id/[notificationId]/viewed.post.ts +++ b/apps/atrium-telegram/server/api/notification/id/[notificationId]/viewed.post.ts @@ -2,14 +2,6 @@ import { repository } from '@roll-stack/database' export default defineEventHandler(async (event) => { try { - const user = event.context.user - if (!user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - const notificationId = getRouterParam(event, 'notificationId') if (!notificationId) { throw createError({ diff --git a/apps/atrium-telegram/server/api/notification/my.get.ts b/apps/atrium-telegram/server/api/notification/my.get.ts index 349aaacf..25a569d0 100644 --- a/apps/atrium-telegram/server/api/notification/my.get.ts +++ b/apps/atrium-telegram/server/api/notification/my.get.ts @@ -1,17 +1,5 @@ import { repository } from '@roll-stack/database' export default defineEventHandler(async (event) => { - try { - const user = event.context.user - if (!user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - - return repository.notification.listByUser(user.id) - } catch (error) { - throw errorResolver(error) - } + return repository.notification.listByUser(event.context.user.id) }) diff --git a/apps/atrium-telegram/server/api/task/id/[taskId]/complete.post.ts b/apps/atrium-telegram/server/api/task/id/[taskId]/complete.post.ts index 1a88ad28..65178235 100644 --- a/apps/atrium-telegram/server/api/task/id/[taskId]/complete.post.ts +++ b/apps/atrium-telegram/server/api/task/id/[taskId]/complete.post.ts @@ -20,14 +20,6 @@ export default defineEventHandler(async (event) => { throw data } - const user = event.context.user - if (!user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - // Guards: // If task not exist // If performer is not user @@ -38,7 +30,7 @@ export default defineEventHandler(async (event) => { message: 'Task not found', }) } - if (!!task.performerId && task.performerId !== user.id) { + if (!!task.performerId && task.performerId !== event.context.user.id) { throw createError({ statusCode: 403, message: 'You are not the performer of this task', @@ -57,8 +49,8 @@ export default defineEventHandler(async (event) => { } // Clear focus if needed - if (user.focusedTaskId === taskId) { - await repository.user.update(user.id, { + if (event.context.user.focusedTaskId === taskId) { + await repository.user.update(event.context.user.id, { focusedTaskId: null, }) } @@ -75,7 +67,7 @@ export default defineEventHandler(async (event) => { if (list.chat) { const bot = await repository.chat.findNotificationBot(list.chat.id) if (bot) { - const text = prepareBotMessage(user, updatedTask) + const text = prepareBotMessage(event.context.user, updatedTask) // Send message as bot await repository.chat.createMessage({ @@ -87,18 +79,18 @@ export default defineEventHandler(async (event) => { } // Notify all staff - if (user.type === 'staff') { + if (event.context.user.type === 'staff') { const users = await repository.user.list() - const allStaffExceptUser = users.filter((u) => u.type === 'staff' && u.id !== user.id) + const allStaffExceptUser = users.filter((u) => u.type === 'staff' && u.id !== event.context.user.id) for (const staff of allStaffExceptUser) { if (staff.notifications.includes('task_completed_atrium')) { await repository.notification.create({ - authorId: user.id, + authorId: event.context.user.id, userId: staff.id, taskId: updatedTask.id, type: 'task_completed', - title: `${suffixByGender(['Завершил', 'Завершила'], user.gender)} задачу «${updatedTask.name}»`, + title: `${suffixByGender(['Завершил', 'Завершила'], event.context.user.gender)} задачу «${updatedTask.name}»`, description: updatedTask.report ? updatedTask.report : 'Без отчета', }) } diff --git a/apps/atrium-telegram/server/api/task/id/[taskId]/focus.delete.ts b/apps/atrium-telegram/server/api/task/id/[taskId]/focus.delete.ts index e0b1f9a7..79243091 100644 --- a/apps/atrium-telegram/server/api/task/id/[taskId]/focus.delete.ts +++ b/apps/atrium-telegram/server/api/task/id/[taskId]/focus.delete.ts @@ -10,14 +10,6 @@ export default defineEventHandler(async (event) => { }) } - const user = event.context.user - if (!user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - // Guards: // If task not exist // If performer is not user @@ -28,14 +20,14 @@ export default defineEventHandler(async (event) => { message: 'Task not found', }) } - if (task.performerId !== user.id) { + if (task.performerId !== event.context.user.id) { throw createError({ statusCode: 403, message: 'You are not the performer of this task', }) } - await repository.user.update(user.id, { + await repository.user.update(event.context.user.id, { focusedTaskId: null, }) diff --git a/apps/atrium-telegram/server/api/task/id/[taskId]/focus.post.ts b/apps/atrium-telegram/server/api/task/id/[taskId]/focus.post.ts index 04e33c46..592a9326 100644 --- a/apps/atrium-telegram/server/api/task/id/[taskId]/focus.post.ts +++ b/apps/atrium-telegram/server/api/task/id/[taskId]/focus.post.ts @@ -10,14 +10,6 @@ export default defineEventHandler(async (event) => { }) } - const user = event.context.user - if (!user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - // Guards: // If task not exist // If performer is not user @@ -29,20 +21,20 @@ export default defineEventHandler(async (event) => { message: 'Task not found', }) } - if (task.performerId !== user.id) { + if (task.performerId !== event.context.user.id) { throw createError({ statusCode: 403, message: 'You are not the performer of this task', }) } - if (user.focusedTaskId === taskId) { + if (event.context.user.focusedTaskId === taskId) { throw createError({ statusCode: 400, message: 'Task already focused', }) } - await repository.user.update(user.id, { + await repository.user.update(event.context.user.id, { focusedTaskId: taskId, }) diff --git a/apps/atrium-telegram/server/api/task/id/[taskId]/index.delete.ts b/apps/atrium-telegram/server/api/task/id/[taskId]/index.delete.ts index 0cdcb9af..426d7999 100644 --- a/apps/atrium-telegram/server/api/task/id/[taskId]/index.delete.ts +++ b/apps/atrium-telegram/server/api/task/id/[taskId]/index.delete.ts @@ -10,14 +10,6 @@ export default defineEventHandler(async (event) => { }) } - const user = event.context.user - if (!user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - await repository.task.delete(taskId) return { ok: true } diff --git a/apps/atrium-telegram/server/api/task/id/[taskId]/index.patch.ts b/apps/atrium-telegram/server/api/task/id/[taskId]/index.patch.ts index 38ef5b0b..2faca5ba 100644 --- a/apps/atrium-telegram/server/api/task/id/[taskId]/index.patch.ts +++ b/apps/atrium-telegram/server/api/task/id/[taskId]/index.patch.ts @@ -20,14 +20,6 @@ export default defineEventHandler(async (event) => { throw data } - const user = event.context.user - if (!user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - const task = await repository.task.find(taskId) if (!task) { throw createError({ @@ -44,7 +36,7 @@ export default defineEventHandler(async (event) => { }) } - const canEdit = list.chat?.members.some((member) => member.userId === user.id) + const canEdit = list.chat?.members.some((member) => member.userId === event.context.user.id) // Guard: if don't have access if (!canEdit) { @@ -68,7 +60,7 @@ export default defineEventHandler(async (event) => { if (list.chat) { const bot = await repository.chat.findNotificationBot(list.chat.id) if (bot) { - const text = prepareBotMessage(user, task, updatedTask, updatedPerformer) + const text = prepareBotMessage(event.context.user, task, updatedTask, updatedPerformer) // Send message as bot await repository.chat.createMessage({ diff --git a/apps/atrium-telegram/server/api/task/index.post.ts b/apps/atrium-telegram/server/api/task/index.post.ts index 34b8aeef..10662658 100644 --- a/apps/atrium-telegram/server/api/task/index.post.ts +++ b/apps/atrium-telegram/server/api/task/index.post.ts @@ -11,14 +11,6 @@ export default defineEventHandler(async (event) => { throw data } - const user = event.context.user - if (!user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - const task = await repository.task.create({ name: data.name, description: data.description, @@ -45,7 +37,7 @@ export default defineEventHandler(async (event) => { if (list.chat) { const bot = await repository.chat.findNotificationBot(list.chat.id) if (bot) { - const text = `${user.name} ${user.surname} ${suffixByGender(['создал', 'создала'], user.gender)} задачу «${task.name}»` + const text = `${event.context.user.name} ${event.context.user.surname} ${suffixByGender(['создал', 'создала'], event.context.user.gender)} задачу «${task.name}»` // Send message as bot await repository.chat.createMessage({ diff --git a/apps/atrium-telegram/server/api/task/list/completed.get.ts b/apps/atrium-telegram/server/api/task/list/completed.get.ts index 44611340..31c1825a 100644 --- a/apps/atrium-telegram/server/api/task/list/completed.get.ts +++ b/apps/atrium-telegram/server/api/task/list/completed.get.ts @@ -1,17 +1,5 @@ import { repository } from '@roll-stack/database' -export default defineEventHandler(async (event) => { - try { - const user = event.context.user - if (!user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - - return repository.task.findAll() - } catch (error) { - throw errorResolver(error) - } +export default defineEventHandler(async () => { + return repository.task.findAll() }) diff --git a/apps/atrium-telegram/server/api/task/list/id/[listId].delete.ts b/apps/atrium-telegram/server/api/task/list/id/[listId].delete.ts index cab66652..2cc4b4c2 100644 --- a/apps/atrium-telegram/server/api/task/list/id/[listId].delete.ts +++ b/apps/atrium-telegram/server/api/task/list/id/[listId].delete.ts @@ -10,14 +10,6 @@ export default defineEventHandler(async (event) => { }) } - const user = event.context.user - if (!user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - const list = await repository.task.findList(listId) if (!list) { throw createError({ @@ -27,7 +19,7 @@ export default defineEventHandler(async (event) => { } // Guard: if don't have access - const canEdit = list.chat?.members.some((member) => member.userId === user.id) + const canEdit = list.chat?.members.some((member) => member.userId === event.context.user.id) if (!canEdit) { throw createError({ statusCode: 403, diff --git a/apps/atrium-telegram/server/api/task/list/id/[listId].patch.ts b/apps/atrium-telegram/server/api/task/list/id/[listId].patch.ts index 215a2c91..a73c455b 100644 --- a/apps/atrium-telegram/server/api/task/list/id/[listId].patch.ts +++ b/apps/atrium-telegram/server/api/task/list/id/[listId].patch.ts @@ -12,14 +12,6 @@ export default defineEventHandler(async (event) => { }) } - const user = event.context.user - if (!user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - const list = await repository.task.findList(listId) if (!list) { throw createError({ @@ -29,7 +21,7 @@ export default defineEventHandler(async (event) => { } // Guard: if don't have access - const canEdit = list.chat?.members.some((member) => member.userId === user.id) + const canEdit = list.chat?.members.some((member) => member.userId === event.context.user.id) if (!canEdit) { throw createError({ statusCode: 403, diff --git a/apps/atrium-telegram/server/api/task/list/index.get.ts b/apps/atrium-telegram/server/api/task/list/index.get.ts index bd08779e..e8853b7b 100644 --- a/apps/atrium-telegram/server/api/task/list/index.get.ts +++ b/apps/atrium-telegram/server/api/task/list/index.get.ts @@ -1,17 +1,5 @@ import { repository } from '@roll-stack/database' -export default defineEventHandler(async (event) => { - try { - const user = event.context.user - if (!user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - - return repository.task.lists() - } catch (error) { - throw errorResolver(error) - } +export default defineEventHandler(async () => { + return repository.task.lists() }) diff --git a/apps/atrium-telegram/server/api/task/list/index.post.ts b/apps/atrium-telegram/server/api/task/list/index.post.ts index b3907b55..d4cd14f7 100644 --- a/apps/atrium-telegram/server/api/task/list/index.post.ts +++ b/apps/atrium-telegram/server/api/task/list/index.post.ts @@ -10,16 +10,8 @@ export default defineEventHandler(async (event) => { throw data } - const user = event.context.user - if (!user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - // Guard: Must be user as a member - if (data.usersId.length === 0 && !data.usersId.includes(user.id)) { + if (data.usersId.length === 0 && !data.usersId.includes(event.context.user.id)) { throw createError({ statusCode: 400, message: 'Must be user as a member', diff --git a/apps/atrium-telegram/server/api/user/list/index.get.ts b/apps/atrium-telegram/server/api/user/list/index.get.ts index a5eca511..1591dc19 100644 --- a/apps/atrium-telegram/server/api/user/list/index.get.ts +++ b/apps/atrium-telegram/server/api/user/list/index.get.ts @@ -1,13 +1,5 @@ import { repository } from '@roll-stack/database' -export default defineEventHandler(async (event) => { - const user = event.context.user - if (!user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - +export default defineEventHandler(async () => { return repository.user.list() }) diff --git a/apps/atrium-telegram/server/api/user/list/staff.get.ts b/apps/atrium-telegram/server/api/user/list/staff.get.ts index ee4c19d5..b30442cc 100644 --- a/apps/atrium-telegram/server/api/user/list/staff.get.ts +++ b/apps/atrium-telegram/server/api/user/list/staff.get.ts @@ -1,13 +1,5 @@ import { repository } from '@roll-stack/database' -export default defineEventHandler(async (event) => { - const user = event.context.user - if (!user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - +export default defineEventHandler(async () => { return repository.user.findStaff() }) diff --git a/apps/atrium-telegram/server/middleware/01.auth.ts b/apps/atrium-telegram/server/middleware/01.auth.ts index d9932127..88f3de37 100644 --- a/apps/atrium-telegram/server/middleware/01.auth.ts +++ b/apps/atrium-telegram/server/middleware/01.auth.ts @@ -7,8 +7,35 @@ import { parse, validate } from '@telegram-apps/init-data-node' const logger = useLogger('middleware:auth') +const routesWithoutAuth = [ + '/api/health', +] + +/** + * Cover all requests (except the ones without auth) + */ export default defineEventHandler(async (event) => { - event.context.user = await getUserFromToken(event) + // Skip if preflight + if (event.method === 'OPTIONS') { + return + } + + // Skip routes without auth + if (!event.path.startsWith('/api') || routesWithoutAuth.includes(event.path)) { + return + } + + const user = await getUserFromToken(event) + + // No auth? + if (!user) { + throw createError({ + statusCode: 401, + message: 'Unauthorized', + }) + } + + event.context.user = user }) async function getUserFromToken(event: H3Event): Promise { diff --git a/apps/atrium-telegram/shared/types/h3.d.ts b/apps/atrium-telegram/shared/types/h3.d.ts new file mode 100644 index 00000000..76abd332 --- /dev/null +++ b/apps/atrium-telegram/shared/types/h3.d.ts @@ -0,0 +1,7 @@ +import type { User } from '@roll-stack/database' + +declare module 'h3' { + interface H3EventContext { + user: User + } +} diff --git a/apps/web-app/server/api/activity/schedule/item/id/[itemId].patch.ts b/apps/web-app/server/api/activity/schedule/item/id/[itemId].patch.ts index f385f616..635b852f 100644 --- a/apps/web-app/server/api/activity/schedule/item/id/[itemId].patch.ts +++ b/apps/web-app/server/api/activity/schedule/item/id/[itemId].patch.ts @@ -1,6 +1,6 @@ +import { updateActivityScheduleItemSchema } from '#shared/services/activity' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { updateActivityScheduleItemSchema } from '~~/shared/services/activity' export default defineEventHandler(async (event) => { try { @@ -21,15 +21,6 @@ export default defineEventHandler(async (event) => { }) } - // Guard: if not user in session - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - const body = await readBody(event) const data = updateActivityScheduleItemSchema(body) if (data instanceof type.errors) { diff --git a/apps/web-app/server/api/auth/me.get.ts b/apps/web-app/server/api/auth/me.get.ts index 747f51f6..2114c094 100644 --- a/apps/web-app/server/api/auth/me.get.ts +++ b/apps/web-app/server/api/auth/me.get.ts @@ -2,15 +2,7 @@ import { repository } from '@roll-stack/database' export default defineEventHandler(async (event) => { try { - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - - const userInDB = await repository.user.find(session.user.id) + const userInDB = await repository.user.find(event.context.user.id) if (!userInDB) { throw createError({ statusCode: 404, diff --git a/apps/web-app/server/api/chat/id/[chatId]/message/index.post.ts b/apps/web-app/server/api/chat/id/[chatId]/message/index.post.ts index a5a8a8e4..42240812 100644 --- a/apps/web-app/server/api/chat/id/[chatId]/message/index.post.ts +++ b/apps/web-app/server/api/chat/id/[chatId]/message/index.post.ts @@ -1,6 +1,6 @@ +import { createChatMessageSchema } from '#shared/services/chat' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { createChatMessageSchema } from '~~/shared/services/chat' export default defineEventHandler(async (event) => { try { @@ -18,14 +18,6 @@ export default defineEventHandler(async (event) => { throw data } - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - const chat = await repository.chat.findWithEntities(chatId) if (!chat) { throw createError({ @@ -36,7 +28,7 @@ export default defineEventHandler(async (event) => { const message = await repository.chat.createMessage({ chatId, - userId: session.user.id, + userId: event.context.user.id, text: data.text, }) if (!message) { diff --git a/apps/web-app/server/api/chat/index.post.ts b/apps/web-app/server/api/chat/index.post.ts index 58315848..f3a4d73f 100644 --- a/apps/web-app/server/api/chat/index.post.ts +++ b/apps/web-app/server/api/chat/index.post.ts @@ -1,6 +1,6 @@ +import { createChatSchema } from '#shared/services/chat' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { createChatSchema } from '~~/shared/services/chat' export default defineEventHandler(async (event) => { try { @@ -10,16 +10,8 @@ export default defineEventHandler(async (event) => { throw data } - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - // Guard: Must be user as a member - if (data.usersId.length === 0 && !data.usersId.includes(session.user.id)) { + if (data.usersId.length === 0 && !data.usersId.includes(event.context.user.id)) { throw createError({ statusCode: 400, message: 'Must be user as a member', diff --git a/apps/web-app/server/api/chat/my/index.get.ts b/apps/web-app/server/api/chat/my/index.get.ts index 946eda28..cd5a4106 100644 --- a/apps/web-app/server/api/chat/my/index.get.ts +++ b/apps/web-app/server/api/chat/my/index.get.ts @@ -1,17 +1,5 @@ import { repository } from '@roll-stack/database' export default defineEventHandler(async (event) => { - try { - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - - return repository.chat.listByUser(session.user.id) - } catch (error) { - throw errorResolver(error) - } + return repository.chat.listByUser(event.context.user.id) }) diff --git a/apps/web-app/server/api/checkout/list.get.ts b/apps/web-app/server/api/checkout/list.get.ts index 1b342c5a..a8423d56 100644 --- a/apps/web-app/server/api/checkout/list.get.ts +++ b/apps/web-app/server/api/checkout/list.get.ts @@ -1,17 +1,5 @@ import { repository } from '@roll-stack/database' -export default defineEventHandler(async (event) => { - try { - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - - return repository.checkout.listLatest() - } catch (error) { - throw errorResolver(error) - } +export default defineEventHandler(async () => { + return repository.checkout.listLatest() }) diff --git a/apps/web-app/server/api/epic/comment/id/[commentId]/index.delete.ts b/apps/web-app/server/api/epic/comment/id/[commentId]/index.delete.ts index 8fffbc6c..03128ae0 100644 --- a/apps/web-app/server/api/epic/comment/id/[commentId]/index.delete.ts +++ b/apps/web-app/server/api/epic/comment/id/[commentId]/index.delete.ts @@ -10,14 +10,6 @@ export default defineEventHandler(async (event) => { }) } - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - // Guard: not this user const commentInDB = await repository.epic.findComment(commentId) if (!commentInDB) { @@ -26,7 +18,7 @@ export default defineEventHandler(async (event) => { message: 'Not found', }) } - if (commentInDB.userId !== session.user.id) { + if (commentInDB.userId !== event.context.user.id) { throw createError({ statusCode: 400, message: 'Not your comment', diff --git a/apps/web-app/server/api/epic/id/[epicId]/comment.post.ts b/apps/web-app/server/api/epic/id/[epicId]/comment.post.ts index bd78f977..d9a3aae4 100644 --- a/apps/web-app/server/api/epic/id/[epicId]/comment.post.ts +++ b/apps/web-app/server/api/epic/id/[epicId]/comment.post.ts @@ -1,6 +1,6 @@ +import { createEpicCommentSchema } from '#shared/services/epic' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { createEpicCommentSchema } from '~~/shared/services/epic' export default defineEventHandler(async (event) => { try { @@ -12,14 +12,6 @@ export default defineEventHandler(async (event) => { }) } - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - const body = await readBody(event) const data = createEpicCommentSchema(body) if (data instanceof type.errors) { @@ -28,7 +20,7 @@ export default defineEventHandler(async (event) => { const comment = await repository.epic.createComment({ ...data, - userId: session.user.id, + userId: event.context.user.id, epicId, }) diff --git a/apps/web-app/server/api/epic/id/[epicId]/index.patch.ts b/apps/web-app/server/api/epic/id/[epicId]/index.patch.ts index a46a99ad..ba77c8e2 100644 --- a/apps/web-app/server/api/epic/id/[epicId]/index.patch.ts +++ b/apps/web-app/server/api/epic/id/[epicId]/index.patch.ts @@ -1,6 +1,6 @@ +import { updateEpicSchema } from '#shared/services/epic' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { updateEpicSchema } from '~~/shared/services/epic' export default defineEventHandler(async (event) => { try { diff --git a/apps/web-app/server/api/epic/index.post.ts b/apps/web-app/server/api/epic/index.post.ts index 27ee4660..53c261af 100644 --- a/apps/web-app/server/api/epic/index.post.ts +++ b/apps/web-app/server/api/epic/index.post.ts @@ -1,6 +1,6 @@ +import { createEpicSchema } from '#shared/services/epic' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { createEpicSchema } from '~~/shared/services/epic' export default defineEventHandler(async (event) => { try { @@ -10,25 +10,9 @@ export default defineEventHandler(async (event) => { throw data } - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - - const user = await repository.user.find(session.user.id) - if (!user) { - throw createError({ - statusCode: 404, - message: 'User not found', - }) - } - const epic = await repository.epic.create({ ...data, - userId: session.user.id, + userId: event.context.user.id, }) if (!epic) { throw createError({ @@ -38,17 +22,17 @@ export default defineEventHandler(async (event) => { } // Notify all staff - if (user.type === 'staff') { + if (event.context.user.type === 'staff') { const users = await repository.user.list() - const allStaffExceptUser = users.filter((u) => u.type === 'staff' && u.id !== user.id) + const allStaffExceptUser = users.filter((u) => u.type === 'staff' && u.id !== event.context.user.id) for (const staff of allStaffExceptUser) { await repository.notification.create({ - authorId: user.id, + authorId: event.context.user.id, userId: staff.id, epicId: epic.id, type: 'epic_created', - title: `${suffixByGender(['Создал', 'Создала'], user.gender)} эпик «${epic.title}»`, + title: `${suffixByGender(['Создал', 'Создала'], event.context.user.gender)} эпик «${epic.title}»`, description: epic.description ? epic.description : 'Без описания', }) } diff --git a/apps/web-app/server/api/locker/duplicate/list.get.ts b/apps/web-app/server/api/locker/duplicate/list.get.ts index 48cdf2de..31dbf542 100644 --- a/apps/web-app/server/api/locker/duplicate/list.get.ts +++ b/apps/web-app/server/api/locker/duplicate/list.get.ts @@ -1,25 +1,5 @@ import { repository } from '@roll-stack/database' export default defineEventHandler(async (event) => { - try { - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - - const duplicates = await repository.locker.listDuplicatesForUser(session.user.id) - if (!duplicates) { - throw createError({ - statusCode: 404, - message: 'User not found', - }) - } - - return duplicates - } catch (error) { - throw errorResolver(error) - } + return repository.locker.listDuplicatesForUser(event.context.user.id) }) diff --git a/apps/web-app/server/api/menu/category/id/[categoryId]/index.patch.ts b/apps/web-app/server/api/menu/category/id/[categoryId]/index.patch.ts index a276907d..9b14142b 100644 --- a/apps/web-app/server/api/menu/category/id/[categoryId]/index.patch.ts +++ b/apps/web-app/server/api/menu/category/id/[categoryId]/index.patch.ts @@ -1,6 +1,6 @@ +import { updateMenuCategorySchema } from '#shared/services/menu' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { updateMenuCategorySchema } from '~~/shared/services/menu' export default defineEventHandler(async (event) => { try { diff --git a/apps/web-app/server/api/menu/category/id/[categoryId]/product.delete.ts b/apps/web-app/server/api/menu/category/id/[categoryId]/product.delete.ts index 639a876c..37ea26c2 100644 --- a/apps/web-app/server/api/menu/category/id/[categoryId]/product.delete.ts +++ b/apps/web-app/server/api/menu/category/id/[categoryId]/product.delete.ts @@ -1,6 +1,6 @@ +import { detachProductFromMenuCategorySchema } from '#shared/services/menu' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { detachProductFromMenuCategorySchema } from '~~/shared/services/menu' export default defineEventHandler(async (event) => { try { diff --git a/apps/web-app/server/api/menu/category/id/[categoryId]/product.post.ts b/apps/web-app/server/api/menu/category/id/[categoryId]/product.post.ts index 85748b9e..6255b6e5 100644 --- a/apps/web-app/server/api/menu/category/id/[categoryId]/product.post.ts +++ b/apps/web-app/server/api/menu/category/id/[categoryId]/product.post.ts @@ -1,6 +1,6 @@ +import { attachProductToMenuCategorySchema } from '#shared/services/menu' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { attachProductToMenuCategorySchema } from '~~/shared/services/menu' export default defineEventHandler(async (event) => { try { diff --git a/apps/web-app/server/api/menu/category/index.post.ts b/apps/web-app/server/api/menu/category/index.post.ts index 054dfecf..59e34e87 100644 --- a/apps/web-app/server/api/menu/category/index.post.ts +++ b/apps/web-app/server/api/menu/category/index.post.ts @@ -1,7 +1,7 @@ +import { createMenuCategorySchema } from '#shared/services/menu' import { createId } from '@paralleldrive/cuid2' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { createMenuCategorySchema } from '~~/shared/services/menu' export default defineEventHandler(async (event) => { try { diff --git a/apps/web-app/server/api/notification/my.get.ts b/apps/web-app/server/api/notification/my.get.ts index 5b47a90d..25a569d0 100644 --- a/apps/web-app/server/api/notification/my.get.ts +++ b/apps/web-app/server/api/notification/my.get.ts @@ -1,17 +1,5 @@ import { repository } from '@roll-stack/database' export default defineEventHandler(async (event) => { - try { - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - - return repository.notification.listByUser(session.user.id) - } catch (error) { - throw errorResolver(error) - } + return repository.notification.listByUser(event.context.user.id) }) diff --git a/apps/web-app/server/api/partner/agreement/id/[agreementId]/index.patch.ts b/apps/web-app/server/api/partner/agreement/id/[agreementId]/index.patch.ts index 796a12ac..7f0c4dbd 100644 --- a/apps/web-app/server/api/partner/agreement/id/[agreementId]/index.patch.ts +++ b/apps/web-app/server/api/partner/agreement/id/[agreementId]/index.patch.ts @@ -1,6 +1,6 @@ +import { updatePartnerAgreementSchema } from '#shared/services/partner' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { updatePartnerAgreementSchema } from '~~/shared/services/partner' export default defineEventHandler(async (event) => { try { diff --git a/apps/web-app/server/api/partner/agreement/index.post.ts b/apps/web-app/server/api/partner/agreement/index.post.ts index b2aa07ac..08a1f60c 100644 --- a/apps/web-app/server/api/partner/agreement/index.post.ts +++ b/apps/web-app/server/api/partner/agreement/index.post.ts @@ -1,6 +1,6 @@ +import { createPartnerAgreementSchema } from '#shared/services/partner' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { createPartnerAgreementSchema } from '~~/shared/services/partner' export default defineEventHandler(async (event) => { try { diff --git a/apps/web-app/server/api/partner/id/[partnerId].patch.ts b/apps/web-app/server/api/partner/id/[partnerId].patch.ts index e8ec935d..c4cdba6a 100644 --- a/apps/web-app/server/api/partner/id/[partnerId].patch.ts +++ b/apps/web-app/server/api/partner/id/[partnerId].patch.ts @@ -1,6 +1,6 @@ +import { updatePartnerSchema } from '#shared/services/partner' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { updatePartnerSchema } from '~~/shared/services/partner' export default defineEventHandler(async (event) => { try { diff --git a/apps/web-app/server/api/partner/legal/id/[entityId]/index.patch.ts b/apps/web-app/server/api/partner/legal/id/[entityId]/index.patch.ts index f714613c..e074bf46 100644 --- a/apps/web-app/server/api/partner/legal/id/[entityId]/index.patch.ts +++ b/apps/web-app/server/api/partner/legal/id/[entityId]/index.patch.ts @@ -1,6 +1,6 @@ +import { updatePartnerLegalEntitySchema } from '#shared/services/partner' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { updatePartnerLegalEntitySchema } from '~~/shared/services/partner' export default defineEventHandler(async (event) => { try { diff --git a/apps/web-app/server/api/partner/legal/index.post.ts b/apps/web-app/server/api/partner/legal/index.post.ts index ba8739fe..fb9e301c 100644 --- a/apps/web-app/server/api/partner/legal/index.post.ts +++ b/apps/web-app/server/api/partner/legal/index.post.ts @@ -1,6 +1,6 @@ +import { createPartnerLegalEntitySchema } from '#shared/services/partner' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { createPartnerLegalEntitySchema } from '~~/shared/services/partner' export default defineEventHandler(async (event) => { try { diff --git a/apps/web-app/server/api/payment/method/list.get.ts b/apps/web-app/server/api/payment/method/list.get.ts index e64af493..f9a75e37 100644 --- a/apps/web-app/server/api/payment/method/list.get.ts +++ b/apps/web-app/server/api/payment/method/list.get.ts @@ -1,17 +1,5 @@ import { repository } from '@roll-stack/database' -export default defineEventHandler(async (event) => { - try { - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - - return repository.payment.listMethods() - } catch (error) { - throw errorResolver(error) - } +export default defineEventHandler(async () => { + return repository.payment.listMethods() }) diff --git a/apps/web-app/server/api/post/comment/id/[commentId]/index.delete.ts b/apps/web-app/server/api/post/comment/id/[commentId]/index.delete.ts index c21a46c3..10fbdf05 100644 --- a/apps/web-app/server/api/post/comment/id/[commentId]/index.delete.ts +++ b/apps/web-app/server/api/post/comment/id/[commentId]/index.delete.ts @@ -10,14 +10,6 @@ export default defineEventHandler(async (event) => { }) } - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - // Guard: not this user const commentInDB = await repository.post.findComment(commentId) if (!commentInDB) { @@ -26,7 +18,7 @@ export default defineEventHandler(async (event) => { message: 'Not found', }) } - if (commentInDB.userId !== session.user.id) { + if (commentInDB.userId !== event.context.user.id) { throw createError({ statusCode: 400, message: 'Not your comment', diff --git a/apps/web-app/server/api/post/id/[postId]/comment.post.ts b/apps/web-app/server/api/post/id/[postId]/comment.post.ts index 00f22bed..91d7fa36 100644 --- a/apps/web-app/server/api/post/id/[postId]/comment.post.ts +++ b/apps/web-app/server/api/post/id/[postId]/comment.post.ts @@ -1,6 +1,6 @@ +import { createPostCommentSchema } from '#shared/services/post' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { createPostCommentSchema } from '~~/shared/services/post' export default defineEventHandler(async (event) => { try { @@ -12,14 +12,6 @@ export default defineEventHandler(async (event) => { }) } - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - const body = await readBody(event) const data = createPostCommentSchema(body) if (data instanceof type.errors) { @@ -28,7 +20,7 @@ export default defineEventHandler(async (event) => { const comment = await repository.post.createComment({ ...data, - userId: session.user.id, + userId: event.context.user.id, postId, }) diff --git a/apps/web-app/server/api/post/id/[postId]/image.post.ts b/apps/web-app/server/api/post/id/[postId]/image.post.ts index 8394d42f..71c9383f 100644 --- a/apps/web-app/server/api/post/id/[postId]/image.post.ts +++ b/apps/web-app/server/api/post/id/[postId]/image.post.ts @@ -6,7 +6,7 @@ import sharp from 'sharp' const POSTS_DIRECTORY = 'posts' const IMAGE_SIZES = [600, 1200] const IMAGE_FORMATS = ['jpg', 'webp'] as const -const ACCEPTED_IMAGE_FORMATS = ['jpeg', 'jpg', 'png', 'webp'] +const ACCEPTED_IMAGE_FORMATS = ['jpeg', 'jpg', 'png', 'webp', 'heif', 'avif'] export default defineEventHandler(async (event) => { let sharpStream diff --git a/apps/web-app/server/api/post/id/[postId]/index.patch.ts b/apps/web-app/server/api/post/id/[postId]/index.patch.ts index eef5e352..650f351c 100644 --- a/apps/web-app/server/api/post/id/[postId]/index.patch.ts +++ b/apps/web-app/server/api/post/id/[postId]/index.patch.ts @@ -1,6 +1,6 @@ +import { updatePostSchema } from '#shared/services/post' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { updatePostSchema } from '~~/shared/services/post' export default defineEventHandler(async (event) => { try { diff --git a/apps/web-app/server/api/post/id/[postId]/like.delete.ts b/apps/web-app/server/api/post/id/[postId]/like.delete.ts index f67c6aef..79f42b1f 100644 --- a/apps/web-app/server/api/post/id/[postId]/like.delete.ts +++ b/apps/web-app/server/api/post/id/[postId]/like.delete.ts @@ -10,16 +10,8 @@ export default defineEventHandler(async (event) => { }) } - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - // Guard: not this user - const likeInDB = await repository.post.findLike(postId, session.user.id) + const likeInDB = await repository.post.findLike(postId, event.context.user.id) if (!likeInDB) { throw createError({ statusCode: 400, diff --git a/apps/web-app/server/api/post/id/[postId]/like.post.ts b/apps/web-app/server/api/post/id/[postId]/like.post.ts index ffa12108..cc01d0ce 100644 --- a/apps/web-app/server/api/post/id/[postId]/like.post.ts +++ b/apps/web-app/server/api/post/id/[postId]/like.post.ts @@ -10,16 +10,8 @@ export default defineEventHandler(async (event) => { }) } - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - // Guard: already have like on this post - const likeInDB = await repository.post.findLike(postId, session.user.id) + const likeInDB = await repository.post.findLike(postId, event.context.user.id) if (likeInDB) { throw createError({ statusCode: 400, @@ -27,7 +19,7 @@ export default defineEventHandler(async (event) => { }) } - const like = await repository.post.createLike(postId, session.user.id) + const like = await repository.post.createLike(postId, event.context.user.id) return { ok: true, diff --git a/apps/web-app/server/api/post/index.post.ts b/apps/web-app/server/api/post/index.post.ts index 6a7a9f95..cbc5ccdc 100644 --- a/apps/web-app/server/api/post/index.post.ts +++ b/apps/web-app/server/api/post/index.post.ts @@ -1,19 +1,11 @@ +import { createPostSchema } from '#shared/services/post' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { createPostSchema } from '~~/shared/services/post' export default defineEventHandler(async (event) => { try { await hasPermission(event, 'post:edit') - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - const body = await readBody(event) const data = createPostSchema(body) if (data instanceof type.errors) { @@ -22,7 +14,7 @@ export default defineEventHandler(async (event) => { const post = await repository.post.create({ ...data, - authorId: session.user.id, + authorId: event.context.user.id, }) return { diff --git a/apps/web-app/server/api/print/id/[printId].patch.ts b/apps/web-app/server/api/print/id/[printId].patch.ts index dc77f42d..5d087676 100644 --- a/apps/web-app/server/api/print/id/[printId].patch.ts +++ b/apps/web-app/server/api/print/id/[printId].patch.ts @@ -1,6 +1,6 @@ +import { updatePrintSchema } from '#shared/services/print' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { updatePrintSchema } from '~~/shared/services/print' export default defineEventHandler(async (event) => { try { diff --git a/apps/web-app/server/api/print/index.post.ts b/apps/web-app/server/api/print/index.post.ts index 63cdb2f6..71560654 100644 --- a/apps/web-app/server/api/print/index.post.ts +++ b/apps/web-app/server/api/print/index.post.ts @@ -1,6 +1,6 @@ +import { createPrintSchema } from '#shared/services/print' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { createPrintSchema } from '~~/shared/services/print' export default defineEventHandler(async (event) => { try { @@ -12,9 +12,7 @@ export default defineEventHandler(async (event) => { throw data } - const print = await repository.print.create({ - ...data, - }) + const print = await repository.print.create(data) return { ok: true, diff --git a/apps/web-app/server/api/product/id/[productId]/image.post.ts b/apps/web-app/server/api/product/id/[productId]/image.post.ts index 5d161c5b..be4db019 100644 --- a/apps/web-app/server/api/product/id/[productId]/image.post.ts +++ b/apps/web-app/server/api/product/id/[productId]/image.post.ts @@ -7,7 +7,7 @@ const PRODUCTS_DIRECTORY = 'products' const IMAGE_SIZES = [120, 300, 600, 840, 1200] const IMAGE_FORMATS = ['jpg', 'webp'] as const -const ACCEPTED_IMAGE_FORMATS = ['jpeg', 'jpg', 'png', 'webp'] +const ACCEPTED_IMAGE_FORMATS = ['jpeg', 'jpg', 'png', 'webp', 'avif', 'heif'] export default defineEventHandler(async (event) => { let sharpStream diff --git a/apps/web-app/server/api/product/id/[productId]/index.patch.ts b/apps/web-app/server/api/product/id/[productId]/index.patch.ts index f0b70bb6..eb8888c7 100644 --- a/apps/web-app/server/api/product/id/[productId]/index.patch.ts +++ b/apps/web-app/server/api/product/id/[productId]/index.patch.ts @@ -1,6 +1,6 @@ +import { updateProductSchema } from '#shared/services/product' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { updateProductSchema } from '~~/shared/services/product' export default defineEventHandler(async (event) => { try { diff --git a/apps/web-app/server/api/product/index.post.ts b/apps/web-app/server/api/product/index.post.ts index 58c4da4e..999d4b57 100644 --- a/apps/web-app/server/api/product/index.post.ts +++ b/apps/web-app/server/api/product/index.post.ts @@ -1,7 +1,7 @@ +import { createProductSchema } from '#shared/services/product' import { createId } from '@paralleldrive/cuid2' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { createProductSchema } from '~~/shared/services/product' export default defineEventHandler(async (event) => { try { diff --git a/apps/web-app/server/api/product/tag/list.get.ts b/apps/web-app/server/api/product/tag/list.get.ts index 4f3af0ab..3dcc0957 100644 --- a/apps/web-app/server/api/product/tag/list.get.ts +++ b/apps/web-app/server/api/product/tag/list.get.ts @@ -1,9 +1,5 @@ import { repository } from '@roll-stack/database' export default defineEventHandler(async () => { - try { - return repository.product.listTags() - } catch (error) { - throw errorResolver(error) - } + return repository.product.listTags() }) diff --git a/apps/web-app/server/api/product/variant/id/[variantId]/index.patch.ts b/apps/web-app/server/api/product/variant/id/[variantId]/index.patch.ts index 398ae3ff..ee6ed8c7 100644 --- a/apps/web-app/server/api/product/variant/id/[variantId]/index.patch.ts +++ b/apps/web-app/server/api/product/variant/id/[variantId]/index.patch.ts @@ -1,6 +1,6 @@ +import { updateProductVariantSchema } from '#shared/services/product' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { updateProductVariantSchema } from '~~/shared/services/product' export default defineEventHandler(async (event) => { try { diff --git a/apps/web-app/server/api/product/variant/index.post.ts b/apps/web-app/server/api/product/variant/index.post.ts index 06f81ff3..5384ed78 100644 --- a/apps/web-app/server/api/product/variant/index.post.ts +++ b/apps/web-app/server/api/product/variant/index.post.ts @@ -1,6 +1,6 @@ +import { createProductVariantSchema } from '#shared/services/product' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { createProductVariantSchema } from '~~/shared/services/product' export default defineEventHandler(async (event) => { try { diff --git a/apps/web-app/server/api/product/variant/tag/list.get.ts b/apps/web-app/server/api/product/variant/tag/list.get.ts index fe0e0b50..46161ace 100644 --- a/apps/web-app/server/api/product/variant/tag/list.get.ts +++ b/apps/web-app/server/api/product/variant/tag/list.get.ts @@ -1,9 +1,5 @@ import { repository } from '@roll-stack/database' export default defineEventHandler(async () => { - try { - return repository.product.listVariantTags() - } catch (error) { - throw errorResolver(error) - } + return repository.product.listVariantTags() }) diff --git a/apps/web-app/server/api/task/id/[taskId]/complete.post.ts b/apps/web-app/server/api/task/id/[taskId]/complete.post.ts index e071cb8c..e3fead34 100644 --- a/apps/web-app/server/api/task/id/[taskId]/complete.post.ts +++ b/apps/web-app/server/api/task/id/[taskId]/complete.post.ts @@ -1,8 +1,8 @@ import type { Task, User } from '@roll-stack/database' +import { completeTaskSchema } from '#shared/services/task' +import { getLocalizedResolution } from '#shared/utils/helpers' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { completeTaskSchema } from '~~/shared/services/task' -import { getLocalizedResolution } from '~~/shared/utils/helpers' export default defineEventHandler(async (event) => { try { @@ -20,15 +20,7 @@ export default defineEventHandler(async (event) => { throw data } - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - - const user = await repository.user.find(session.user.id) + const user = await repository.user.find(event.context.user.id) if (!user) { throw createError({ statusCode: 404, diff --git a/apps/web-app/server/api/task/id/[taskId]/focus.delete.ts b/apps/web-app/server/api/task/id/[taskId]/focus.delete.ts index 37bb21f4..b25f96b4 100644 --- a/apps/web-app/server/api/task/id/[taskId]/focus.delete.ts +++ b/apps/web-app/server/api/task/id/[taskId]/focus.delete.ts @@ -10,15 +10,7 @@ export default defineEventHandler(async (event) => { }) } - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - - const user = await repository.user.find(session.user.id) + const user = await repository.user.find(event.context.user.id) if (!user) { throw createError({ statusCode: 404, diff --git a/apps/web-app/server/api/task/id/[taskId]/focus.post.ts b/apps/web-app/server/api/task/id/[taskId]/focus.post.ts index 7edec6fe..4de704bc 100644 --- a/apps/web-app/server/api/task/id/[taskId]/focus.post.ts +++ b/apps/web-app/server/api/task/id/[taskId]/focus.post.ts @@ -10,15 +10,7 @@ export default defineEventHandler(async (event) => { }) } - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - - const user = await repository.user.find(session.user.id) + const user = await repository.user.find(event.context.user.id) if (!user) { throw createError({ statusCode: 404, diff --git a/apps/web-app/server/api/task/id/[taskId]/index.patch.ts b/apps/web-app/server/api/task/id/[taskId]/index.patch.ts index 44954d62..714943b9 100644 --- a/apps/web-app/server/api/task/id/[taskId]/index.patch.ts +++ b/apps/web-app/server/api/task/id/[taskId]/index.patch.ts @@ -1,8 +1,8 @@ import type { Task, User } from '@roll-stack/database' +import { updateTaskSchema } from '#shared/services/task' +import { suffixByGender } from '#shared/utils/gender' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { updateTaskSchema } from '~~/shared/services/task' -import { suffixByGender } from '~~/shared/utils/gender' export default defineEventHandler(async (event) => { try { @@ -20,22 +20,6 @@ export default defineEventHandler(async (event) => { throw data } - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - - const user = await repository.user.find(session.user.id) - if (!user) { - throw createError({ - statusCode: 404, - message: 'User not found', - }) - } - const task = await repository.task.find(taskId) if (!task) { throw createError({ @@ -47,12 +31,12 @@ export default defineEventHandler(async (event) => { const list = await repository.task.findList(task.listId) if (!list) { throw createError({ - statusCode: 500, + statusCode: 404, message: 'Task list not found', }) } - const canEdit = list.chat?.members.some((member) => member.userId === session.user?.id) + const canEdit = list.chat?.members.some((member) => member.userId === event.context.user?.id) // Guard: if don't have access if (!canEdit) { @@ -76,7 +60,7 @@ export default defineEventHandler(async (event) => { if (list.chat) { const bot = await repository.chat.findNotificationBot(list.chat.id) if (bot) { - const text = prepareBotMessage(user, task, updatedTask, updatedPerformer) + const text = prepareBotMessage(event.context.user, task, updatedTask, updatedPerformer) // Send message as bot await repository.chat.createMessage({ diff --git a/apps/web-app/server/api/task/index.post.ts b/apps/web-app/server/api/task/index.post.ts index f2509f6d..07fa368e 100644 --- a/apps/web-app/server/api/task/index.post.ts +++ b/apps/web-app/server/api/task/index.post.ts @@ -1,7 +1,7 @@ +import { createTaskSchema } from '#shared/services/task' +import { suffixByGender } from '#shared/utils/gender' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { createTaskSchema } from '~~/shared/services/task' -import { suffixByGender } from '~~/shared/utils/gender' export default defineEventHandler(async (event) => { try { @@ -11,22 +11,6 @@ export default defineEventHandler(async (event) => { throw data } - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - - const user = await repository.user.find(session.user.id) - if (!user) { - throw createError({ - statusCode: 404, - message: 'User not found', - }) - } - const task = await repository.task.create({ name: data.name, description: data.description, @@ -53,7 +37,7 @@ export default defineEventHandler(async (event) => { if (list.chat) { const bot = await repository.chat.findNotificationBot(list.chat.id) if (bot) { - const text = `${user.name} ${user.surname} ${suffixByGender(['создал', 'создала'], user.gender)} задачу «${task.name}»` + const text = `${event.context.user.name} ${event.context.user.surname} ${suffixByGender(['создал', 'создала'], event.context.user.gender)} задачу «${task.name}»` // Send message as bot await repository.chat.createMessage({ diff --git a/apps/web-app/server/api/task/list/completed.get.ts b/apps/web-app/server/api/task/list/completed.get.ts index a5343b4a..31c1825a 100644 --- a/apps/web-app/server/api/task/list/completed.get.ts +++ b/apps/web-app/server/api/task/list/completed.get.ts @@ -1,17 +1,5 @@ import { repository } from '@roll-stack/database' -export default defineEventHandler(async (event) => { - try { - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - - return repository.task.findAll() - } catch (error) { - throw errorResolver(error) - } +export default defineEventHandler(async () => { + return repository.task.findAll() }) diff --git a/apps/web-app/server/api/task/list/id/[listId].delete.ts b/apps/web-app/server/api/task/list/id/[listId].delete.ts index 6308a164..2cc4b4c2 100644 --- a/apps/web-app/server/api/task/list/id/[listId].delete.ts +++ b/apps/web-app/server/api/task/list/id/[listId].delete.ts @@ -10,14 +10,6 @@ export default defineEventHandler(async (event) => { }) } - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - const list = await repository.task.findList(listId) if (!list) { throw createError({ @@ -27,7 +19,7 @@ export default defineEventHandler(async (event) => { } // Guard: if don't have access - const canEdit = list.chat?.members.some((member) => member.userId === session.user?.id) + const canEdit = list.chat?.members.some((member) => member.userId === event.context.user.id) if (!canEdit) { throw createError({ statusCode: 403, diff --git a/apps/web-app/server/api/task/list/id/[listId].patch.ts b/apps/web-app/server/api/task/list/id/[listId].patch.ts index 6bce7b1f..a73c455b 100644 --- a/apps/web-app/server/api/task/list/id/[listId].patch.ts +++ b/apps/web-app/server/api/task/list/id/[listId].patch.ts @@ -1,6 +1,6 @@ +import { updateTaskListSchema } from '#shared/services/task' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { updateTaskListSchema } from '~~/shared/services/task' export default defineEventHandler(async (event) => { try { @@ -12,14 +12,6 @@ export default defineEventHandler(async (event) => { }) } - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - const list = await repository.task.findList(listId) if (!list) { throw createError({ @@ -29,7 +21,7 @@ export default defineEventHandler(async (event) => { } // Guard: if don't have access - const canEdit = list.chat?.members.some((member) => member.userId === session.user?.id) + const canEdit = list.chat?.members.some((member) => member.userId === event.context.user.id) if (!canEdit) { throw createError({ statusCode: 403, diff --git a/apps/web-app/server/api/task/list/index.get.ts b/apps/web-app/server/api/task/list/index.get.ts index c4e92da4..e8853b7b 100644 --- a/apps/web-app/server/api/task/list/index.get.ts +++ b/apps/web-app/server/api/task/list/index.get.ts @@ -1,17 +1,5 @@ import { repository } from '@roll-stack/database' -export default defineEventHandler(async (event) => { - try { - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - - return repository.task.lists() - } catch (error) { - throw errorResolver(error) - } +export default defineEventHandler(async () => { + return repository.task.lists() }) diff --git a/apps/web-app/server/api/task/list/index.post.ts b/apps/web-app/server/api/task/list/index.post.ts index 610e2cc2..d4cd14f7 100644 --- a/apps/web-app/server/api/task/list/index.post.ts +++ b/apps/web-app/server/api/task/list/index.post.ts @@ -1,6 +1,6 @@ +import { createTaskListSchema } from '#shared/services/task' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { createTaskListSchema } from '~~/shared/services/task' export default defineEventHandler(async (event) => { try { @@ -10,24 +10,8 @@ export default defineEventHandler(async (event) => { throw data } - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - - const user = await repository.user.find(session.user.id) - if (!user) { - throw createError({ - statusCode: 404, - message: 'User not found', - }) - } - // Guard: Must be user as a member - if (data.usersId.length === 0 && !data.usersId.includes(session.user.id)) { + if (data.usersId.length === 0 && !data.usersId.includes(event.context.user.id)) { throw createError({ statusCode: 400, message: 'Must be user as a member', diff --git a/apps/web-app/server/api/ticket/id/[ticketId]/message.post.ts b/apps/web-app/server/api/ticket/id/[ticketId]/message.post.ts index 9c6de672..f5c24fab 100644 --- a/apps/web-app/server/api/ticket/id/[ticketId]/message.post.ts +++ b/apps/web-app/server/api/ticket/id/[ticketId]/message.post.ts @@ -1,7 +1,7 @@ +import { createTicketMessageSchema } from '#shared/services/ticket' import { repository } from '@roll-stack/database' import { type } from 'arktype' import { useWasabiBot } from '~~/server/services/telegram/wasabi-bot' -import { createTicketMessageSchema } from '~~/shared/services/ticket' export default defineEventHandler(async (event) => { try { @@ -21,14 +21,6 @@ export default defineEventHandler(async (event) => { throw data } - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - const ticket = await repository.ticket.find(ticketId) if (!ticket) { throw createError({ @@ -39,7 +31,7 @@ export default defineEventHandler(async (event) => { const message = await repository.ticket.createMessage({ ticketId, - userId: session.user.id, + userId: event.context.user.id, text: data.text, }) if (!message) { @@ -49,18 +41,10 @@ export default defineEventHandler(async (event) => { }) } - const user = await repository.user.find(session.user.id) - if (!user) { - throw createError({ - statusCode: 404, - message: 'User not found', - }) - } - const wasabiUser = await repository.telegram.findUserByIdAndBotId(ticket.userId, telegram.wasabiBotId) if (wasabiUser) { // Send message to Telegram - const text = `${user.name} ${user.surname}: ${data.text}` + const text = `${event.context.user.name} ${event.context.user.surname}: ${data.text}` await useWasabiBot().api.sendMessage(wasabiUser.telegramId, text) } diff --git a/apps/web-app/server/api/ticket/id/[ticketId]/messages.get.ts b/apps/web-app/server/api/ticket/id/[ticketId]/messages.get.ts index 4077bee8..10b36abf 100644 --- a/apps/web-app/server/api/ticket/id/[ticketId]/messages.get.ts +++ b/apps/web-app/server/api/ticket/id/[ticketId]/messages.get.ts @@ -10,14 +10,6 @@ export default defineEventHandler(async (event) => { }) } - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - return repository.ticket.listMessages(ticketId) } catch (error) { throw errorResolver(error) diff --git a/apps/web-app/server/api/ticket/list.get.ts b/apps/web-app/server/api/ticket/list.get.ts index 60c8dbbe..bf99512d 100644 --- a/apps/web-app/server/api/ticket/list.get.ts +++ b/apps/web-app/server/api/ticket/list.get.ts @@ -1,17 +1,5 @@ import { repository } from '@roll-stack/database' -export default defineEventHandler(async (event) => { - try { - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - - return repository.ticket.listOpened() - } catch (error) { - throw errorResolver(error) - } +export default defineEventHandler(async () => { + return repository.ticket.listOpened() }) diff --git a/apps/web-app/server/api/user/id/[userId]/complete.post.ts b/apps/web-app/server/api/user/id/[userId]/complete.post.ts index 61529156..72d26262 100644 --- a/apps/web-app/server/api/user/id/[userId]/complete.post.ts +++ b/apps/web-app/server/api/user/id/[userId]/complete.post.ts @@ -1,6 +1,6 @@ +import { completeUserSchema } from '#shared/services/user' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { completeUserSchema } from '~~/shared/services/user' export default defineEventHandler(async (event) => { try { diff --git a/apps/web-app/server/api/user/id/[userId]/image.post.ts b/apps/web-app/server/api/user/id/[userId]/image.post.ts index accc84dc..cf5ec8f6 100644 --- a/apps/web-app/server/api/user/id/[userId]/image.post.ts +++ b/apps/web-app/server/api/user/id/[userId]/image.post.ts @@ -26,29 +26,14 @@ export default defineEventHandler(async (event) => { }) } - // Guard: if not this user in session - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - if (session.user.id !== userId) { + // Guard: if not this user + if (event.context.user.id !== userId) { throw createError({ statusCode: 403, message: 'Forbidden', }) } - const user = await repository.user.find(userId) - if (!user) { - throw createError({ - statusCode: 404, - message: 'User not found', - }) - } - const files = await readMultipartFormData(event) const file = files?.[0] if (!files?.length || !file) { diff --git a/apps/web-app/server/api/user/id/[userId]/index.patch.ts b/apps/web-app/server/api/user/id/[userId]/index.patch.ts index 997125f9..c85bc18f 100644 --- a/apps/web-app/server/api/user/id/[userId]/index.patch.ts +++ b/apps/web-app/server/api/user/id/[userId]/index.patch.ts @@ -1,7 +1,7 @@ import type { NotificationOption } from '@roll-stack/database' +import { updateUserSchema } from '#shared/services/user' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { updateUserSchema } from '~~/shared/services/user' export default defineEventHandler(async (event) => { try { @@ -17,17 +17,8 @@ export default defineEventHandler(async (event) => { const user = await repository.user.find(userId) if (!user?.id) { throw createError({ - statusCode: 400, - message: 'User already have info', - }) - } - - // Guard: if no user in session - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', + statusCode: 404, + message: 'User not found', }) } diff --git a/apps/web-app/server/api/user/id/[userId]/online.post.ts b/apps/web-app/server/api/user/id/[userId]/online.post.ts index dca138f2..18031fcf 100644 --- a/apps/web-app/server/api/user/id/[userId]/online.post.ts +++ b/apps/web-app/server/api/user/id/[userId]/online.post.ts @@ -14,20 +14,13 @@ export default defineEventHandler(async (event) => { const user = await repository.user.find(userId) if (!user?.id) { throw createError({ - statusCode: 400, - message: 'User already have info', + statusCode: 404, + message: 'User not found', }) } - // Guard: if not this user in session - const session = await getUserSession(event) - if (!session?.user) { - throw createError({ - statusCode: 401, - message: 'Not logged in', - }) - } - if (session.user.id !== userId) { + // Guard: if not this user + if (event.context.user.id !== userId) { throw createError({ statusCode: 403, message: 'Forbidden', diff --git a/apps/web-app/server/api/user/id/[userId]/telegram.post.ts b/apps/web-app/server/api/user/id/[userId]/telegram.post.ts index ac8f7770..5f83b873 100644 --- a/apps/web-app/server/api/user/id/[userId]/telegram.post.ts +++ b/apps/web-app/server/api/user/id/[userId]/telegram.post.ts @@ -1,6 +1,6 @@ +import { attachTelegramSchema } from '#shared/services/telegram' import { repository } from '@roll-stack/database' import { type } from 'arktype' -import { attachTelegramSchema } from '~~/shared/services/telegram' export default defineEventHandler(async (event) => { try { diff --git a/apps/web-app/server/middleware/01.auth.ts b/apps/web-app/server/middleware/01.auth.ts new file mode 100644 index 00000000..4288732b --- /dev/null +++ b/apps/web-app/server/middleware/01.auth.ts @@ -0,0 +1,61 @@ +import type { User } from '@roll-stack/database' +import type { H3Event } from 'h3' +import { repository } from '@roll-stack/database' + +const logger = useLogger('middleware:auth') + +const routesWithoutAuth = [ + '/api/health', + '/api/agent', // token from headers + '/api/auth/sign-in', // user from body + '/api/avatar', // public + '/api/cuid', // public + '/api/qr', // public +] + +/** + * Cover all requests (except the ones without auth) + */ +export default defineEventHandler(async (event) => { + // Skip if preflight + if (event.method === 'OPTIONS') { + return + } + + // Skip routes without auth + if (!event.path.startsWith('/api') || routesWithoutAuth.includes(event.path)) { + return + } + + const user = await getUserFromSession(event) + + // No auth? + if (!user) { + throw createError({ + statusCode: 401, + message: 'Unauthorized', + }) + } + + event.context.user = user +}) + +async function getUserFromSession(event: H3Event): Promise { + try { + const session = await getUserSession(event) + if (!session?.user) { + return null + } + + const user = await repository.user.find(session.user.id) + if (!user?.id) { + return null + } + + return user + } catch (e) { + logger.error(e) + } + + return null +} diff --git a/apps/web-app/shared/types/h3.d.ts b/apps/web-app/shared/types/h3.d.ts new file mode 100644 index 00000000..76abd332 --- /dev/null +++ b/apps/web-app/shared/types/h3.d.ts @@ -0,0 +1,7 @@ +import type { User } from '@roll-stack/database' + +declare module 'h3' { + interface H3EventContext { + user: User + } +}