Files
documenso/packages/auth/server/lib/utils/authorizer.ts
T
2026-05-28 22:19:13 +10:00

31 lines
1011 B
TypeScript

import { assertUserNotDisabledById } from '@documenso/lib/server-only/user/assert-user-not-disabled';
import type { Context } from 'hono';
import type { HonoAuthContext } from '../../types/context';
import { createSession, generateSessionToken } from '../session/session';
import { setSessionCookie } from '../session/session-cookies';
type AuthorizeUser = {
userId: number;
};
/**
* Handles creating a session.
*
* Refuses to issue a session for a disabled account. This is the single
* chokepoint shared by every sign-in path (email/password, passkey, OAuth,
* OIDC, organisation OIDC), so the guard belongs here rather than in each
* caller.
*/
export const onAuthorize = async (user: AuthorizeUser, c: Context<HonoAuthContext>) => {
await assertUserNotDisabledById({ userId: user.userId });
const metadata = c.get('requestMetadata');
const sessionToken = generateSessionToken();
await createSession(sessionToken, user.userId, metadata);
await setSessionCookie(c, sessionToken);
};