fca42db4d2
- PRD: vollständige Produktspezifikation (5 Module, Scope, Akzeptanzkriterien) - ARCHITECTURE: Tech Stack, Ordnerstruktur, Multi-Tenancy, Push, Kosten - DATABASE_SCHEMA: Vollständiges SQL-Schema mit RLS Policies und Views - USER_STORIES: 40+ Stories nach Rolle (Admin, Mitglied, Azubi, Obermeister) - PERSONAS: 5 detaillierte Nutzerprofile mit Alltag, Zitaten und Erwartungen - BUSINESS_MODEL: Preistabellen, Unit Economics, Revenue-Projektionen, Distribution - ROADMAP: 6 Phasen, Sprint-Planung, Meilensteine und KPIs - COMPETITIVE_ANALYSIS: Wettbewerbsmatrix, USPs, Preispositionierung - API_DESIGN: Supabase Query Patterns, Edge Functions, Realtime Subscriptions - ONBOARDING_FLOWS: 7 User Flows von Setup bis Fehlerfall - GTM_STRATEGY: 3-Phasen-Vertrieb, Outreach-Sequenz, Einwandbehandlung - AZUBI_MODULE: Video-Feed, 1-Click-Apply, Chat, Berichtsheft, Quiz - DSGVO_KONZEPT: Rechtsgrundlagen, TOMs, AVV, Minderjährige, Incident Response - FEATURES_BACKLOG: 72 Features nach MoSCoW + Technische Schulden Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
83 lines
1.9 KiB
TypeScript
83 lines
1.9 KiB
TypeScript
import { initTRPC, TRPCError } from '@trpc/server'
|
|
import superjson from 'superjson'
|
|
import { ZodError } from 'zod'
|
|
import { type Context } from './context'
|
|
|
|
const t = initTRPC.context<Context>().create({
|
|
transformer: superjson,
|
|
errorFormatter({ shape, error }) {
|
|
return {
|
|
...shape,
|
|
data: {
|
|
...shape.data,
|
|
zodError:
|
|
error.cause instanceof ZodError ? error.cause.flatten() : null,
|
|
},
|
|
}
|
|
},
|
|
})
|
|
|
|
export const router = t.router
|
|
export const publicProcedure = t.procedure
|
|
export const createCallerFactory = t.createCallerFactory
|
|
|
|
/**
|
|
* Protected: user must be authenticated
|
|
*/
|
|
export const protectedProcedure = t.procedure.use(({ ctx, next }) => {
|
|
if (!ctx.session?.user) {
|
|
throw new TRPCError({ code: 'UNAUTHORIZED' })
|
|
}
|
|
return next({
|
|
ctx: {
|
|
...ctx,
|
|
session: { ...ctx.session, user: ctx.session.user },
|
|
},
|
|
})
|
|
})
|
|
|
|
/**
|
|
* Member: user must belong to an organization
|
|
* Adds orgId + role to context
|
|
*/
|
|
export const memberProcedure = protectedProcedure.use(async ({ ctx, next }) => {
|
|
const userRole = await ctx.prisma.userRole.findFirst({
|
|
where: { userId: ctx.session.user.id },
|
|
})
|
|
if (!userRole) {
|
|
throw new TRPCError({
|
|
code: 'FORBIDDEN',
|
|
message: 'You are not a member of any organization.',
|
|
})
|
|
}
|
|
return next({
|
|
ctx: {
|
|
...ctx,
|
|
orgId: userRole.orgId,
|
|
role: userRole.role,
|
|
},
|
|
})
|
|
})
|
|
|
|
/**
|
|
* Admin: user must be an admin of their organization
|
|
*/
|
|
export const adminProcedure = protectedProcedure.use(async ({ ctx, next }) => {
|
|
const userRole = await ctx.prisma.userRole.findFirst({
|
|
where: { userId: ctx.session.user.id, role: 'admin' },
|
|
})
|
|
if (!userRole) {
|
|
throw new TRPCError({
|
|
code: 'FORBIDDEN',
|
|
message: 'Admin access required.',
|
|
})
|
|
}
|
|
return next({
|
|
ctx: {
|
|
...ctx,
|
|
orgId: userRole.orgId,
|
|
role: 'admin' as const,
|
|
},
|
|
})
|
|
})
|