[WIP] Backend authentication RBAC refactor

.hintrc

@@ -0,0 +1,13 @@
+{
+  "extends": [
+    "development"
+  ],
+  "hints": {
+    "axe/forms": [
+      "default",
+      {
+        "label": "off"
+      }
+    ]
+  }
+}

apps/app/.env.example

@@ -13,8 +13,8 @@ NEXT_PUBLIC_BASE_URL="" #// E.g. http://localhost:3000
 COOKIESECRET='complex_password_at_least_32_characters_long'
 
 # logto authorization / security
-
-NEXT_PUBLIC_ID_RESOURCE_AUDIENCE="https://api.foo.bar/api"
+NEXT_PUBLIC_ID_ISSUER=""
+NEXT_PUBLIC_RESOURCE_AUDIENCE="https://api.foo.bar/api"
 NEXT_PUBLIC_JWKS_ENDPOINT=https://localhost:3001/oidc/jwks
 
 # Local Dev Stuff
@@ -24,3 +24,19 @@ NODE_TLS_REJECT_UNAUTHORIZED=0
 
 # disable authentication verification (ONLY USE FOR TESTING PURPOSES)
 #DISABLE_VERIFY_AUTH=0
+
+APP_ID=""
+APP_SECRET=""
+ENDPOINT=""
+BASE_URL=""
+COOKIE_SECRET=""
+
+MAPI_APP_ID=""
+MAPI_APP_SECRET=""
+MAPI_TOKEN_ENDPOINT=""
+MAPI_RESOURCE_URI="https://default.logto.app/api"
+
+NOVU_API_KEY=""
+NOVU_BACKEND_URL=""
+NOVU_WS_URL=""
+NEXT_PUBLIC_NOVU_APP_ID=""

apps/app/additional.d.ts

@@ -5,10 +5,22 @@ declare namespace NodeJS {
     DATABASE_URL: string;
     APP_ID: string;
     APP_SECRET: string;
+    ENDPOINT: string;
+    BASE_URL: string;
     NEXT_PUBLIC_BASE_URL: string;
     COOKIE_SECRET: string;
+    MAPI_APP_ID: string;
+    MAPI_APP_SECRET: string;
+    MAPI_TOKEN_ENDPOINT: string;
+    MAPI_RESOURCE_URI: string;
     NODE_ENV: string;
+    NEXT_PUBLIC_BASE_URL: string;
     NEXT_PUBLIC_JWKS_ENDPOINT: string;
     NEXT_PUBLIC_RESOURCE_AUDIENCE: string;
+    NEXT_PUBLIC_ID_ISSUER: string;
+    NOVU_API_KEY: string;
+    NEXT_PUBLIC_NOVU_BACKEND_URL: string;
+    NEXT_PUBLIC_NOVU_WS_URL: string;
+    NEXT_PUBLIC_NOVU_APP_ID: string;
   }
 }

apps/app/app/_styles/globals.css

@@ -0,0 +1,83 @@
+@import url('https://fonts.googleapis.com/css2?family=Poppins&display=swap');
+
+@tailwind base;
+@tailwind components;
+@tailwind utilities;
+
+@layer base {
+  :root {
+    --background: 0 0% 100%;
+    --foreground: 222.2 47.4% 11.2%;
+
+    --muted: 210 40% 96.1%;
+    --muted-foreground: 215.4 16.3% 46.9%;
+
+    --popover: 0 0% 100%;
+    --popover-foreground: 222.2 47.4% 11.2%;
+
+    --card: 0 0% 100%;
+    --card-foreground: 222.2 47.4% 11.2%;
+
+    --border: 214.3 31.8% 91.4%;
+    --input: 214.3 31.8% 91.4%;
+
+    --primary: 222.2 47.4% 11.2%;
+    --primary-foreground: 210 40% 98%;
+
+    --secondary: 210 40% 96.1%;
+    --secondary-foreground: 222.2 47.4% 11.2%;
+
+    --accent: 210 40% 96.1%;
+    --accent-foreground: 222.2 47.4% 11.2%;
+
+    --destructive: 0 100% 50%;
+    --destructive-foreground: 210 40% 98%;
+
+    --ring: 215 20.2% 65.1%;
+
+    --radius: 0.5rem;
+  }
+
+  .dark {
+    --background: 224 71% 4%;
+    --foreground: 213 31% 91%;
+
+    --muted: 223 47% 11%;
+    --muted-foreground: 215.4 16.3% 56.9%;
+
+    --popover: 224 71% 4%;
+    --popover-foreground: 215 20.2% 65.1%;
+
+    --card: 224 71% 4%;
+    --card-foreground: 213 31% 91%;
+
+    --border: 216 34% 17%;
+    --input: 216 34% 17%;
+
+    --primary: 210 40% 98%;
+    --primary-foreground: 222.2 47.4% 1.2%;
+
+    --secondary: 222.2 47.4% 11.2%;
+    --secondary-foreground: 210 40% 98%;
+
+    --accent: 216 34% 17%;
+    --accent-foreground: 210 40% 98%;
+
+    --destructive: 0 63% 31%;
+    --destructive-foreground: 210 40% 98%;
+
+    --ring: 216 34% 17%;
+
+    --radius: 0.5rem;
+  }
+}
+
+@layer base {
+  * {
+    @apply border-border;
+  }
+  body {
+    @apply bg-background text-foreground;
+    font-feature-settings: 'rlig' 1, 'calt' 1;
+  }
+}

apps/app/app/_styles/novu.module.css

@@ -0,0 +1,31 @@
+body {
+  font-family: poppins;
+  -webkit-font-smoothing: auto;
+  -moz-font-smoothing: auto;
+  -moz-osx-font-smoothing: grayscale;
+  font-smoothing: auto;
+  text-rendering: optimizeLegibility;
+  -webkit-font-smoothing: always;
+  -webkit-tap-highlight-color: transparent;
+  -webkit-touch-callout: none;
+  background-color: grey;
+}
+
+h1 {
+  font-size: 1.5rem;
+  font-weight: bold;
+  margin-bottom: 1rem;
+}
+h2 {
+  font-size: 1.2rem;
+  font-weight: normal;
+  margin-bottom: 1rem;
+}
+h3 {
+  font-size: 1rem;
+  font-weight: normal;
+}
+
+body {
+  background-color: black;
+}

apps/app/utils/trpc.ts → apps/app/app/_trpc/client.ts

@@ -1,18 +1,23 @@
-import { httpBatchLink, loggerLink } from '@trpc/client';
-import { createTRPCNext } from '@trpc/next';
 import { type inferRouterInputs, type inferRouterOutputs } from '@trpc/server';
 import superjson from 'superjson';
-
-import { type AppRouter } from '../server/trpc/router/_app';
-import { getBaseUrl } from './baseurl';
+import {
+  experimental_createActionHook,
+  experimental_createTRPCNextAppDirClient,
+  experimental_serverActionLink,
+} from '@trpc/next/app-dir/client';
+import { experimental_nextHttpLink } from '@trpc/next/app-dir/links/nextHttp';
+import { type AppRouter } from '@server/trpc/router/_app';
 import axios from 'axios';
+import { cookies } from 'next/headers';
 
-// this function receieves the user's access token from the nextjs api route
 const retrieveAccessToken = async () => {
   const req = await axios.get(
     process.env.NEXT_PUBLIC_BASE_URL + '/api/logto/accesstoken',
     {
       withCredentials: true,
+      headers: {
+        Cookie: cookies().toString(),
+      },
     },
   );
   const res = await req.data;
@@ -24,31 +29,27 @@ const retrieveAccessToken = async () => {
 /**
  * Trpc client for the frontend
  */
-export const trpc = createTRPCNext<AppRouter>({
-  config({ ctx }) {
+export const trpc = experimental_createTRPCNextAppDirClient<AppRouter>({
+  config() {
     return {
       transformer: superjson,
       links: [
-        loggerLink({
-          enabled: opts =>
-            process.env.NODE_ENV === 'development' ||
-            (opts.direction === 'down' && opts.result instanceof Error),
-        }),
-        httpBatchLink({
-          url: `${getBaseUrl()}/api/trpc`,
+        experimental_nextHttpLink({
+          batch: false,
+          url: `${process.env.NEXT_PUBLIC_BASE_URL}/api/trpc`,
           headers: async () => {
             return {
               Authorization:
                 (await retrieveAccessToken()) == undefined
                   ? undefined
                   : `Bearer ${await retrieveAccessToken()}`,
+              cookie: cookies().toString(),
             };
           },
         }),
       ],
     };
   },
-  ssr: false,
 });
 
 /**

apps/app/app/_trpc/serverClient.ts

@@ -0,0 +1,45 @@
+import { experimental_nextHttpLink } from '@trpc/next/app-dir/links/nextHttp';
+import { experimental_createTRPCNextAppDirServer } from '@trpc/next/app-dir/server';
+import type { AppRouter } from '@server/trpc/router/_app';
+import { cookies } from 'next/headers';
+import superjson from 'superjson';
+import axios from 'axios';
+const retrieveAccessToken = async () => {
+  const req = await axios.get(
+    process.env.NEXT_PUBLIC_BASE_URL + '/api/logto/accesstoken',
+    {
+      withCredentials: true,
+      headers: {
+        Cookie: cookies().toString(),
+      },
+    },
+  );
+  const res = await req.data;
+  if (!res.accessToken) return undefined;
+  return res.accessToken;
+  // gets returned and piped into TRPC headers
+};
+
+export const api = experimental_createTRPCNextAppDirServer<AppRouter>({
+  config() {
+    return {
+      transformer: superjson,
+      links: [
+        experimental_nextHttpLink({
+          revalidate: false,
+          batch: true,
+          url: `${process.env.NEXT_PUBLIC_BASE_URL}/api/trpc`,
+          headers: async () => {
+
+            return {
+              Authorization: `Bearer ${await retrieveAccessToken()}`,
+              cookie: cookies().toString(),
+            };
+          },
+        }),
+      ],
+    };
+  },
+});
+
+// export const createAction =

apps/app/app/api/logto/accesstoken/route.ts

@@ -0,0 +1,10 @@
+import { logtoClient } from 'identity';
+import { NextRequest } from 'next/server';
+
+export async function GET(request: NextRequest) {
+  return logtoClient.handleUser({
+    fetchUserInfo: true,
+    getAccessToken: true,
+    resource: process.env.NEXT_PUBLIC_RESOURCE_AUDIENCE,
+  })(request);
+}