flybayer · September 23, 2020 14:25
diff --git a/updatePassword.ts b/updatePassword.ts
 import { SessionContext } from "blitz"
 import db from "db"
 import { authenticateUser, hashPassword } from "app/auth/auth-utils"
 import * as z from "zod"

 // --------------------------------------------
 // PROTECT UTIL

 type Ctx = { session: SessionContext }
 type ProtectArgs<T> = { schema: T; authorize?: boolean }

 const protect = <T extends z.ZodSchema<any, any>, U = z.infer<T>>(
  { schema, authorize = true }: ProtectArgs<T>,
  resolver: (args: U, ctx: Ctx) => any
 ) => {
  return (input: U, ctx?: Ctx) => {
    if (!ctx) throw new Error("missing ctx")
    if (authorize) {
      ctx.session.authorize()
    }
    const safeInput = schema.parse(input)
    return resolver(safeInput, ctx)
  }
 }

                         
 // --------------------------------------------
 // USAGE
                         
 const schema = z.object({
  currentPassword: z.string(),
  newPassword: z.string(),
 })

 export default protect({ schema,},
  async function updatePassword({ currentPassword, newPassword }, {session}) {
    const user = await db.user.findOne({ where: { id: session.userId } })
    await authenticateUser(user!.email, currentPassword)

    const hashedPassword = await hashPassword(newPassword)
    await db.user.update({
      where: { id: session.userId },
      data: { hashedPassword },
    })

    return true
  }
 )

 // -------------------------
 // OR, you can also inline the schema

 export default protect(
  {
    schema: z.object({
      currentPassword: z.string(),
      newPassword: z.string(),
    }),
  },
  async function updatePassword({ currentPassword, newPassword }, ctx) {
    const user = await db.user.findOne({ where: { id: ctx.session?.userId } })
    await authenticateUser(user!.email, currentPassword)

    const hashedPassword = await hashPassword(newPassword)
    await db.user.update({
      where: { id: ctx.session.userId },
      data: { hashedPassword },
    })

    return true
  }
 )
	import { SessionContext } from "blitz"
	import db from "db"
	import { authenticateUser, hashPassword } from "app/auth/auth-utils"
	import * as z from "zod"

	// --------------------------------------------
	// PROTECT UTIL

	type Ctx = { session: SessionContext }
	type ProtectArgs<T> = { schema: T; authorize?: boolean }

	const protect = <T extends z.ZodSchema<any, any>, U = z.infer<T>>(
	{ schema, authorize = true }: ProtectArgs<T>,
	resolver: (args: U, ctx: Ctx) => any
	) => {
	return (input: U, ctx?: Ctx) => {
	if (!ctx) throw new Error("missing ctx")
	if (authorize) {
	ctx.session.authorize()
	}
	const safeInput = schema.parse(input)
	return resolver(safeInput, ctx)
	}
	}


	// --------------------------------------------
	// USAGE

	const schema = z.object({
	currentPassword: z.string(),
	newPassword: z.string(),
	})

	export default protect({ schema,},
	async function updatePassword({ currentPassword, newPassword }, {session}) {
	const user = await db.user.findOne({ where: { id: session.userId } })
	await authenticateUser(user!.email, currentPassword)

	const hashedPassword = await hashPassword(newPassword)
	await db.user.update({
	where: { id: session.userId },
	data: { hashedPassword },
	})

	return true
	}
	)

	// -------------------------
	// OR, you can also inline the schema

	export default protect(
	{
	schema: z.object({
	currentPassword: z.string(),
	newPassword: z.string(),
	}),
	},
	async function updatePassword({ currentPassword, newPassword }, ctx) {
	const user = await db.user.findOne({ where: { id: ctx.session?.userId } })
	await authenticateUser(user!.email, currentPassword)

	const hashedPassword = await hashPassword(newPassword)
	await db.user.update({
	where: { id: ctx.session.userId },
	data: { hashedPassword },
	})

	return true
	}
	)