권한 부여

비공식 베타 번역

이 페이지는 PageTurner AI로 번역되었습니다(베타). 프로젝트 공식 승인을 받지 않았습니다. 오류를 발견하셨나요? 문제 신고 →

createContext 함수는 들어오는 요청마다 호출되므로, 여기서 요청 객체로부터 호출 사용자에 대한 컨텍스트 정보를 추가할 수 있습니다.

요청 헤더로부터 컨텍스트 생성

server/context.ts
ts
import * as trpc from '@trpc/server';
import { inferAsyncReturnType } from '@trpc/server';
import * as trpcNext from '@trpc/server/adapters/next';
import { decodeAndVerifyJwtToken } from './somewhere/in/your/app/utils';
export async function createContext({
  req,
  res,
}: trpcNext.CreateNextContextOptions) {
  // Create your context based on the request object
  // Will be available as `ctx` in all your resolvers
  // This is just an example of something you'd might want to do in your ctx fn
  async function getUserFromHeader() {
    if (req.headers.authorization) {
      const user = await decodeAndVerifyJwtToken(
        req.headers.authorization.split(' ')[1],
      );
      return user;
    }
    return null;
  }
  const user = await getUserFromHeader();
  return {
    user,
  };
}
type Context = inferAsyncReturnType<typeof createContext>;
// [..] Define API handler and app router

server/context.ts
ts
import * as trpc from '@trpc/server';
import { inferAsyncReturnType } from '@trpc/server';
import * as trpcNext from '@trpc/server/adapters/next';
import { decodeAndVerifyJwtToken } from './somewhere/in/your/app/utils';
export async function createContext({
  req,
  res,
}: trpcNext.CreateNextContextOptions) {
  // Create your context based on the request object
  // Will be available as `ctx` in all your resolvers
  // This is just an example of something you'd might want to do in your ctx fn
  async function getUserFromHeader() {
    if (req.headers.authorization) {
      const user = await decodeAndVerifyJwtToken(
        req.headers.authorization.split(' ')[1],
      );
      return user;
    }
    return null;
  }
  const user = await getUserFromHeader();
  return {
    user,
  };
}
type Context = inferAsyncReturnType<typeof createContext>;
// [..] Define API handler and app router

옵션 1: 리졸버를 사용한 권한 부여

server/routers/_app.ts
ts
import * as trpc from '@trpc/server';
import { TRPCError } from '@trpc/server';
import { createRouter } from '../createRouter';
export const appRouter = createRouter()
  // open for anyone
  .query('hello', {
    input: z.string().nullish(),
    resolve: (opts) => {
      return `hello ${opts.input ?? opts.ctx.user?.name ?? 'world'}`;
    },
  })
  // checked in resolver
  .query('secret', {
    resolve: (opts) => {
      if (!opts.ctx.user) {
        throw new TRPCError({ code: 'UNAUTHORIZED' });
      }
      return {
        secret: 'sauce',
      };
    },
  });

server/routers/_app.ts
ts
import * as trpc from '@trpc/server';
import { TRPCError } from '@trpc/server';
import { createRouter } from '../createRouter';
export const appRouter = createRouter()
  // open for anyone
  .query('hello', {
    input: z.string().nullish(),
    resolve: (opts) => {
      return `hello ${opts.input ?? opts.ctx.user?.name ?? 'world'}`;
    },
  })
  // checked in resolver
  .query('secret', {
    resolve: (opts) => {
      if (!opts.ctx.user) {
        throw new TRPCError({ code: 'UNAUTHORIZED' });
      }
      return {
        secret: 'sauce',
      };
    },
  });

옵션 2: 미들웨어를 사용한 권한 부여

server/routers/_app.ts
ts
import * as trpc from '@trpc/server';
import { TRPCError } from '@trpc/server';
import { createRouter } from '../createRouter';
export const appRouter = createRouter()
  // this is accessible for everyone
  .query('hello', {
    input: z.string().nullish(),
    resolve: (opts) => {
      return `hello ${opts.input ?? opts.ctx.user?.name ?? 'world'}`;
    },
  })
  .merge(
    'admin.',
    createRouter()
      // this protects all procedures defined next in this router
      .middleware(async ({ ctx, next }) => {
        if (!ctx.user?.isAdmin) {
          throw new TRPCError({ code: 'UNAUTHORIZED' });
        }
        return next();
      })
      .query('secret', {
        resolve: (opts) => {
          return {
            secret: 'sauce',
          };
        },
      }),
  );

server/routers/_app.ts
ts
import * as trpc from '@trpc/server';
import { TRPCError } from '@trpc/server';
import { createRouter } from '../createRouter';
export const appRouter = createRouter()
  // this is accessible for everyone
  .query('hello', {
    input: z.string().nullish(),
    resolve: (opts) => {
      return `hello ${opts.input ?? opts.ctx.user?.name ?? 'world'}`;
    },
  })
  .merge(
    'admin.',
    createRouter()
      // this protects all procedures defined next in this router
      .middleware(async ({ ctx, next }) => {
        if (!ctx.user?.isAdmin) {
          throw new TRPCError({ code: 'UNAUTHORIZED' });
        }
        return next();
      })
      .query('secret', {
        resolve: (opts) => {
          return {
            secret: 'sauce',
          };
        },
      }),
  );

이 미들웨어는 보호된 라우터 헬퍼를 생성함으로써 여러 하위 라우터에 재사용될 수 있습니다.