soroushdes/flatrender
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d4fee8d1d75547c097af0de6b771449fab4a9b8a
flatrender/src/lib/auth/session.ts
T
soroush.asadi d4fee8d1d7
Build backend images / build content-svc (push) Failing after 1m59s
Details
Build backend images / build file-svc (push) Failing after 3m18s
Details
Build backend images / build gateway (push) Failing after 3m28s
Details
Build backend images / build identity-svc (push) Failing after 2m1s
Details
Build backend images / build notification-svc (push) Failing after 4m45s
Details
Build backend images / build render-svc (push) Failing after 5m18s
Details
Build backend images / build studio-svc (push) Failing after 2m12s
Details
feat(profile): role-aware nav + avatar menu + full editable profile 
Navigation:
- UserMenu (avatar + role-aware dropdown: Dashboard, Admin Panel for admins,
  Profile, Sign out) replaces Sign In/Try Free when logged in (desktop + mobile).
- Real avatars in dashboard sidebar + a new admin-shell profile section.
- Shared Avatar primitive (image with initials fallback). SiteChrome excludes /admin.

Profile (data-collection surface for future AI video generation):
- SettingsProfile rebuilt: avatar upload + slogan, about, company, website,
  country, national code, birthdate, gender. No resume builder (per scope change).
- /api/profile forwards all fields; new user-scoped /api/profile/upload (avatar →
  MinIO via file-svc, sets avatar). Identity UpdateUserRequest/UserResponse widened
  (country/national/method); no DB migration (columns already exist).
- fa+en strings; verified GET/PATCH round-trip + logged-in SSR render.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-05 00:34:25 +03:30

85 lines
2.8 KiB
TypeScript
Raw Blame History

import { cookies } from "next/headers";
import { gatewayFetch } from "@/lib/api/gateway";
import { ACCESS_TOKEN_COOKIE } from "@/lib/auth/constants";
import { decodeJwt, isJwtExpired, type JwtClaims } from "@/lib/auth/jwt";
export interface Session {
userId: string;
email?: string;
tenantId?: string;
isAdmin: boolean;
claims: JwtClaims;
}
/** Raw access token from the httpOnly cookie (for proxying to the gateway). */
export async function getAccessToken(): Promise<string | null> {
const store = await cookies();
return store.get(ACCESS_TOKEN_COOKIE)?.value ?? null;
}
/**
* Decode the current session from the access-token cookie. Returns null when there is
* no token, it is malformed, or it has expired. Use in server components / layouts to
* guard rendering; the gateway is still the authority on every API call.
*/
export async function getSession(): Promise<Session | null> {
const token = await getAccessToken();
if (!token) return null;
const claims = decodeJwt(token);
if (!claims || isJwtExpired(claims) || !claims.sub) return null;
return {
userId: String(claims.sub),
email: claims.email ? String(claims.email) : undefined,
tenantId: claims.tenant_id ? String(claims.tenant_id) : undefined,
isAdmin: String(claims.is_admin) === "true",
claims,
};
}
export interface IdentityUser {
id: string;
email?: string | null;
full_name?: string | null;
avatar_url?: string | null;
is_admin?: boolean;
[key: string]: unknown;
}
/**
* Fetch the full current-user profile from Identity (`/v1/users/me`) using the access
* cookie. Returns null when signed out or the token is rejected — use this as the
* authoritative server-side guard (it validates the token against the service).
*/
export async function getCurrentUser(): Promise<IdentityUser | null> {
const token = await getAccessToken();
if (!token) return null;
const res = await gatewayFetch("/v1/users/me", {
headers: { Authorization: `Bearer ${token}` },
});
if (!res.ok) return null;
return (await res.json().catch(() => null)) as IdentityUser | null;
}
/** Minimal, serializable user summary for the navbar/profile menu (passed from
* server layouts into client components). Null when signed out. */
export interface NavUser {
name: string;
email: string;
avatarUrl: string | null;
isAdmin: boolean;
}
export async function getNavUser(): Promise<NavUser | null> {
const user = await getCurrentUser();
if (!user) return null;
const email = user.email ?? "";
const fullName = typeof user.full_name === "string" ? user.full_name.trim() : "";
return {
name: fullName || (email ? email.split("@")[0] : "User"),
email,
avatarUrl: (user.avatar_url as string | null) ?? null,
isAdmin: Boolean(user.is_admin) || Boolean((user as Record<string, unknown>).is_tenant_admin),
};
}
Reference in New Issue View Git Blame Copy Permalink