🛂 server: add org auth middleware

Author: nfmelendez

.changeset/brisk-otter-glides.md

@@ -0,0 +1,5 @@
+---
+"@exactly/server": patch
+---
+
+🛂 add org auth middleware

server/middleware/org.ts

@@ -0,0 +1,18 @@
+import { createMiddleware } from "hono/factory";
+
+import auth from "../utils/auth";
+
+import type { BlankInput, Env, Input } from "hono/types";
+
+export default function org<E extends Env = Env, P extends string = string, I extends Input = BlankInput>() {
+  return createMiddleware<
+    E & { Variables: { session: NonNullable<Awaited<ReturnType<typeof auth.api.getSession>>> } },
+    P,
+    I
+  >(async (c, next) => {
+    const session = await auth.api.getSession({ headers: c.req.raw.headers });
+    if (!session) return c.json({ code: "unauthorized" }, 401);
+    c.set("session", session);
+    await next();
+  });
+}

server/test/middleware/org.test.ts

@@ -0,0 +1,24 @@
+import { Hono } from "hono";
+import { describe, expect, it, vi } from "vitest";
+
+import org from "../../middleware/org";
+import betterAuth from "../../utils/auth";
+
+describe("organization middleware", () => {
+  it("returns unauthorized when no session is present", async () => {
+    vi.spyOn(betterAuth.api, "getSession").mockResolvedValueOnce(null);
+    const app = new Hono().get("/", org(), (c) => c.text("ok"));
+    const response = await app.request("/");
+    expect(response.status).toBe(401);
+    await expect(response.json()).resolves.toStrictEqual({ code: "unauthorized" });
+  });
+
+  it("passes through and exposes the session when authenticated", async () => {
+    const fakeSession = { session: { id: "ses01", activeOrganizationId: "org01" }, user: { id: "user01" } };
+    vi.spyOn(betterAuth.api, "getSession").mockResolvedValueOnce(fakeSession as never);
+    const app = new Hono().get("/", org(), (c) => c.json(c.var.session));
+    const response = await app.request("/");
+    expect(response.status).toBe(200);
+    await expect(response.json()).resolves.toStrictEqual(fakeSession);
+  });
+});