Skip to content

Authorization middlewares and utils #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
danielp1218 wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Authorization middlewares and utils #4

danielp1218 wants to merge 6 commits into from

Conversation

@danielp1218
Copy link
Contributor

@danielp1218 danielp1218 commented Dec 16, 2025
edited
Loading

Added some middlewares and utils we can use for enforcing role-specific access to certain routes. (e.x. admin-only, or hacker-only routes). Also adapted existing systems to the new system + fixed up some minor dev details.

Specifically:

  • Added a requireRoles() middleware to enforce access on a specific route
  • Added isUserType() for checking if a request has a certain level of access permissions

@danielp1218 danielp1218 requested a review from Copilot December 16, 2025 02:33

This comment was marked as resolved.

Sign in to view

Copilot AI mentioned this pull request Dec 16, 2025
Closed
@danielp1218
apply suggestions from code review
13dab6c 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@hack-the-6ix hack-the-6ix deleted a comment from Copilot AI Dec 16, 2025
@danielp1218 danielp1218 changed the title Daniel/auth handling Authorization middlewares and utils Dec 16, 2025
BlazingAsher
BlazingAsher reviewed Dec 25, 2025
View reviewed changes
Copy link
Member

@BlazingAsher BlazingAsher left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tbh I am not a general fan of mocking so much. I think you should better separate usage of the db and the service functions.

for example, for isUserType, you should have a function called "fetchUser" or something similar that is called inside the function to retrieve the user. Then, using that output, perform logic on it.

that way, you can have an integration test (with a real db) for the fetchUser function, then mock only fetchUser to return users depending on that you're trying to test. this provides a much better separation of concerns and should make the tests way less verbose.

TLDR: I would move DB access outside service functions, so there's a more clear line for where you need a unit vs integration test.

also the route tests I would always make to be an integration test.

src/lib/auth.ts Outdated

if (userType === UserType.User) return true; // TODO: check if userId exists in system

// need to check admin table separately since admins are not season-specific (NOTE: this feels bad for consistency, would it be better to have season-specific admins?)
Copy link
Member

@BlazingAsher BlazingAsher Dec 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's fine enough. You'll always need a global admin role anyways.

@danielp1218 danielp1218 mentioned this pull request Dec 27, 2025
Open
Lindsay-X and others added 2 commits December 27, 2025 14:01
@Lindsay-X @danielp1218
Add formName and migrate season-scoped tables to composite keys (#2)
d95f8d2 
* fix: change to composite keys and add form names to form

* fix: fix format

* fix: added form composite keys, remove specific user id

* fix: format

* fix: added missing keys and constraints

* fix: format fix
@danielp1218
fix: better user type unit tests
013e302
@danielp1218
Copy link
Contributor Author

danielp1218 commented Dec 27, 2025

for example, for isUserType, you should have a function called "fetchUser" or something similar that is called inside the function to retrieve the user. Then, using that output, perform logic on it.

I already had a queryUserType, I just forgot to update my tests to do them individually...

More generally, our tests are really bloated because doing unit tests on DB access is really annoying and integration testing is not so easy either (bun doesn't support testcontainers which is the only easy way I know 😭). I agree that mocking so much feels really pointless though. Will likely have to fix later, just depends on priorities.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BlazingAsher BlazingAsher BlazingAsher left review comments

Copilot code review Copilot Copilot left review comments

@fpunny fpunny Awaiting requested review from fpunny

@NotMyLyfe NotMyLyfe Awaiting requested review from NotMyLyfe

@Lindsay-X Lindsay-X Awaiting requested review from Lindsay-X

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@danielp1218 @BlazingAsher @Lindsay-X