drive/packages/convex/functions.ts

import type {
	DocumentByName,
	TableNamesInDataModel,
	UserIdentity,
} from "convex/server"
import type { GenericId } from "convex/values"
import {
	customCtx,
	customMutation,
	customQuery,
} from "convex-helpers/server/customFunctions"
import type { DataModel } from "./_generated/dataModel"
import type { MutationCtx, QueryCtx } from "./_generated/server"
import { mutation, query } from "./_generated/server"
import { type AuthUser, userIdentityOrThrow, userOrThrow } from "./model/user"

export type AuthenticatedQueryCtx = QueryCtx & {
	user: AuthUser
	identity: UserIdentity
}

export type AuthenticatedMutationCtx = MutationCtx & {
	user: AuthUser
	identity: UserIdentity
}

/**
 * Custom query that automatically provides authenticated user context
 * Throws an error if the user is not authenticated
 */
export const authenticatedQuery = customQuery(
	query,
	customCtx(async (ctx: QueryCtx) => {
		const user = await userOrThrow(ctx)
		const identity = await userIdentityOrThrow(ctx)
		return { user, identity }
	}),
)

/**
 * Custom mutation that automatically provides authenticated user context
 * Throws an error if the user is not authenticated
 */
export const authenticatedMutation = customMutation(
	mutation,
	customCtx(async (ctx: MutationCtx) => {
		const user = await userOrThrow(ctx)
		const identity = await userIdentityOrThrow(ctx)
		return { user, identity }
	}),
)

/**
 * Gets a document by its id and checks if the user is authorized to access it
 *
 * @returns The document associated with the id or null if the document is not found.
 */
export async function authorizedGet<T extends TableNamesInDataModel<DataModel>>(
	ctx: AuthenticatedQueryCtx | AuthenticatedMutationCtx,
	id: GenericId<T>,
): Promise<DocumentByName<DataModel, T> | null> {
	const item = await ctx.db.get(id)
	if (item && item.userId !== ctx.user._id) {
		return null
	}
	return item
}
feat: implement comprehensive access control system - Add authorizedGet function for secure resource access - Implement ownership verification for all file/directory operations - Use security through obscurity (not found vs access denied) - Optimize bulk operations by removing redundant authorization checks - Move generateFileUrl to filesystem.ts as fetchFileUrl with proper auth - Ensure all database access goes through authorization layer Co-authored-by: Ona <no-reply@ona.com> 2025-10-16 21:43:23 +00:00			`import type {`
			`DocumentByName,`
			`TableNamesInDataModel,`
			`UserIdentity,`
			`} from "convex/server"`
			`import type { GenericId } from "convex/values"`
feat: add auth to convex fns 2025-09-15 21:44:41 +00:00			`import {`
feat: hook syncUser to login callback Co-authored-by: Ona <no-reply@ona.com> 2025-09-15 22:58:23 +00:00			`customCtx,`
feat: add auth to convex fns 2025-09-15 21:44:41 +00:00			`customMutation,`
			`customQuery,`
			`} from "convex-helpers/server/customFunctions"`
feat: implement comprehensive access control system - Add authorizedGet function for secure resource access - Implement ownership verification for all file/directory operations - Use security through obscurity (not found vs access denied) - Optimize bulk operations by removing redundant authorization checks - Move generateFileUrl to filesystem.ts as fetchFileUrl with proper auth - Ensure all database access goes through authorization layer Co-authored-by: Ona <no-reply@ona.com> 2025-10-16 21:43:23 +00:00			`import type { DataModel } from "./_generated/dataModel"`
feat: hook syncUser to login callback Co-authored-by: Ona <no-reply@ona.com> 2025-09-15 22:58:23 +00:00			`import type { MutationCtx, QueryCtx } from "./_generated/server"`
feat: add auth to convex fns 2025-09-15 21:44:41 +00:00			`import { mutation, query } from "./_generated/server"`
fix: root directory creation Co-authored-by: Ona <no-reply@ona.com> 2025-10-05 22:14:44 +00:00			`import { type AuthUser, userIdentityOrThrow, userOrThrow } from "./model/user"`
feat: add auth to convex fns 2025-09-15 21:44:41 +00:00
feat: hook syncUser to login callback Co-authored-by: Ona <no-reply@ona.com> 2025-09-15 22:58:23 +00:00			`export type AuthenticatedQueryCtx = QueryCtx & {`
fix: root directory creation Co-authored-by: Ona <no-reply@ona.com> 2025-10-05 22:14:44 +00:00			`user: AuthUser`
feat: hook syncUser to login callback Co-authored-by: Ona <no-reply@ona.com> 2025-09-15 22:58:23 +00:00			`identity: UserIdentity`
			`}`

			`export type AuthenticatedMutationCtx = MutationCtx & {`
fix: root directory creation Co-authored-by: Ona <no-reply@ona.com> 2025-10-05 22:14:44 +00:00			`user: AuthUser`
feat: hook syncUser to login callback Co-authored-by: Ona <no-reply@ona.com> 2025-09-15 22:58:23 +00:00			`identity: UserIdentity`
			`}`

feat: add auth to convex fns 2025-09-15 21:44:41 +00:00			`/**`
			`* Custom query that automatically provides authenticated user context`
			`* Throws an error if the user is not authenticated`
			`*/`
feat: hook syncUser to login callback Co-authored-by: Ona <no-reply@ona.com> 2025-09-15 22:58:23 +00:00			`export const authenticatedQuery = customQuery(`
			`query,`
			`customCtx(async (ctx: QueryCtx) => {`
feat: add auth to convex fns 2025-09-15 21:44:41 +00:00			`const user = await userOrThrow(ctx)`
			`const identity = await userIdentityOrThrow(ctx)`
feat: hook syncUser to login callback Co-authored-by: Ona <no-reply@ona.com> 2025-09-15 22:58:23 +00:00			`return { user, identity }`
			`}),`
			`)`
feat: add auth to convex fns 2025-09-15 21:44:41 +00:00
			`/**`
			`* Custom mutation that automatically provides authenticated user context`
			`* Throws an error if the user is not authenticated`
			`*/`
feat: hook syncUser to login callback Co-authored-by: Ona <no-reply@ona.com> 2025-09-15 22:58:23 +00:00			`export const authenticatedMutation = customMutation(`
			`mutation,`
			`customCtx(async (ctx: MutationCtx) => {`
feat: add auth to convex fns 2025-09-15 21:44:41 +00:00			`const user = await userOrThrow(ctx)`
			`const identity = await userIdentityOrThrow(ctx)`
feat: hook syncUser to login callback Co-authored-by: Ona <no-reply@ona.com> 2025-09-15 22:58:23 +00:00			`return { user, identity }`
			`}),`
			`)`
feat: implement comprehensive access control system - Add authorizedGet function for secure resource access - Implement ownership verification for all file/directory operations - Use security through obscurity (not found vs access denied) - Optimize bulk operations by removing redundant authorization checks - Move generateFileUrl to filesystem.ts as fetchFileUrl with proper auth - Ensure all database access goes through authorization layer Co-authored-by: Ona <no-reply@ona.com> 2025-10-16 21:43:23 +00:00
			`/**`
			`* Gets a document by its id and checks if the user is authorized to access it`
			`*`
			`* @returns The document associated with the id or null if the document is not found.`
			`*/`
			`export async function authorizedGet<T extends TableNamesInDataModel<DataModel>>(`
			`ctx: AuthenticatedQueryCtx \| AuthenticatedMutationCtx,`
			`id: GenericId<T>,`
			`): Promise<DocumentByName<DataModel, T> \| null> {`
			`const item = await ctx.db.get(id)`
			`if (item && item.userId !== ctx.user._id) {`
			`return null`
			`}`
			`return item`
			`}`