/** * YOU PROBABLY DON'T NEED TO EDIT THIS FILE, UNLESS: * 1. You want to modify request context (see Part 1) * 2. You want to create a new middleware or type of procedure (see Part 3) * * tl;dr - this is where all the tRPC server stuff is created and plugged in. * The pieces you will need to use are documented accordingly near the end */ /** * 1. CONTEXT * * This section defines the "contexts" that are available in the backend API * * These allow you to access things like the database, the session, etc, when * processing a request * */ import { type CreateNextContextOptions } from "@trpc/server/adapters/next"; import { getAuth } from "@clerk/nextjs/server"; import type { SignedInAuthObject, SignedOutAuthObject, } from "@clerk/nextjs/api"; import { db } from "../db"; interface ContextType { auth: SignedInAuthObject | SignedOutAuthObject; key: string | null; } /** * This helper generates the "internals" for a tRPC context. If you need to use * it, you can export it from here * * Examples of things you may need it for: * - testing, so we dont have to mock Next.js' req/res * - trpc's `createSSGHelpers` where we don't have req/res * @see https://create.t3.gg/en/usage/trpc#-servertrpccontextts */ const createInnerTRPCContext = ({ auth, key }: ContextType) => { return { key, auth, db, }; }; /** * This is the actual context you'll use in your router. It will be used to * process every request that goes through your tRPC endpoint * @link https://trpc.io/docs/context */ export const createTRPCContext = async (opts: CreateNextContextOptions) => { let keyValue: string | null = null; if (opts.req.headers.authorization) { const key = opts.req.headers.authorization.split("Bearer ").at(1); if (key) { const isValidKey = await validateApiKey(key); if (isValidKey) { keyValue = key; } } } return createInnerTRPCContext({ auth: getAuth(opts.req), key: keyValue }); }; /** * 2. INITIALIZATION * * This is where the trpc api is initialized, connecting the context and * transformer */ import { initTRPC, TRPCError } from "@trpc/server"; import superjson from "superjson"; import type { OpenApiMeta } from "trpc-openapi"; import { validateApiKey } from "../unkey"; const t = initTRPC .context() .meta() .create({ transformer: superjson, errorFormatter({ shape }) { return shape; }, }); // check if the user is signed in, otherwise through a UNAUTHORIZED CODE const isAuthed = t.middleware(({ next, ctx }) => { if (!ctx.auth.userId) { throw new TRPCError({ code: "UNAUTHORIZED" }); } return next({ ctx: { auth: ctx.auth, }, }); }); const isKeyAuthed = t.middleware(({ next, ctx }) => { if (!ctx.key) { throw new TRPCError({ code: "UNAUTHORIZED" }); } return next({ ctx: { key: ctx.key, }, }); }); /** * 3. ROUTER & PROCEDURE (THE IMPORTANT BIT) * * These are the pieces you use to build your tRPC API. You should import these * a lot in the /src/server/api/routers folder */ /** * This is how you create new routers and subrouters in your tRPC API * @see https://trpc.io/docs/router */ export const createTRPCRouter = t.router; /** * Public (unauthed) procedure * * This is the base piece you use to build new queries and mutations on your * tRPC API. It does not guarantee that a user querying is authorized, but you * can still access user session data if they are logged in */ export const publicProcedure = t.procedure; export const protectedProcedure = t.procedure.use(isAuthed); export const keyProtectedProcedure = t.procedure.use(isKeyAuthed);