From e72b0cb261b5fc9c70a839882ea07160ef7ef424 Mon Sep 17 00:00:00 2001
From: Fuwn <contact@fuwn.me>
Date: Tue, 3 Feb 2026 21:07:28 -0800
Subject: feat(web): Replace NextAuth with Supabase Auth

---
 packages/web/src/server/api/trpc.ts | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

(limited to 'packages/web/src/server/api/trpc.ts')

diff --git a/packages/web/src/server/api/trpc.ts b/packages/web/src/server/api/trpc.ts
index 65c86f4..e4dd0ab 100644
--- a/packages/web/src/server/api/trpc.ts
+++ b/packages/web/src/server/api/trpc.ts
@@ -10,7 +10,7 @@
 import { initTRPC, TRPCError } from "@trpc/server";
 import superjson from "superjson";
 import { ZodError } from "zod";
-import { auth } from "~/server/auth";
+import { getUser } from "~/server/auth";
 import { db } from "~/server/db";
 
 /**
@@ -26,11 +26,11 @@ import { db } from "~/server/db";
  * @see https://trpc.io/docs/server/context
  */
 export const createTRPCContext = async (opts: { headers: Headers }) => {
-	const session = await auth();
+	const user = await getUser();
 
 	return {
 		db,
-		session,
+		user,
 		...opts,
 	};
 };
@@ -114,21 +114,20 @@ export const publicProcedure = t.procedure.use(timingMiddleware);
  * Protected (authenticated) procedure
  *
  * If you want a query or mutation to ONLY be accessible to logged in users, use this. It verifies
- * the session is valid and guarantees `ctx.session.user` is not null.
+ * the user is authenticated and guarantees `ctx.user` is not null.
  *
  * @see https://trpc.io/docs/procedures
  */
 export const protectedProcedure = t.procedure
 	.use(timingMiddleware)
 	.use(({ ctx, next }) => {
-		if (!ctx.session?.user) {
+		if (!ctx.user) {
 			throw new TRPCError({ code: "UNAUTHORIZED" });
 		}
 
 		return next({
 			ctx: {
-				// infers the `session` as non-nullable
-				session: { ...ctx.session, user: ctx.session.user },
+				user: ctx.user,
 			},
 		});
 	});
-- 
cgit v1.2.3