apps/web/app/api/ensureAuth.ts


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

import { NextRequest } from "next/server";
import { db } from "../../server/db";
import { sessions, users } from "../../server/db/schema";
import { eq } from "drizzle-orm";

export async function ensureAuth(req: NextRequest) {
  // A helper function to protect routes

  const token =
    req.cookies.get("next-auth.session-token")?.value ??
    req.cookies.get("__Secure-authjs.session-token")?.value ??
    req.cookies.get("authjs.session-token")?.value ??
    req.headers.get("Authorization")?.replace("Bearer ", "");

  if (!token) {
    return undefined;
  }

  const sessionData = await db
    .select()
    .from(sessions)
    .innerJoin(users, eq(users.id, sessions.userId))
    .where(eq(sessions.sessionToken, token!));

  if (!sessionData || sessionData.length < 0) {
    return undefined;
  }

  return {
    user: sessionData[0]!.user,
    session: sessionData[0]!,
  };
}