Public Queries

.env.development

@@ -3,5 +3,5 @@ AUTH_BASE_URL="https://localhost:8000/api/auth"
 
 CHECKOUT_SUCCESS_URL="https://localhost:3000/confirmation"
 
-# Define whether to connect to Polar's `sandbox` environment
-SANDBOX="true"
+# whether to connect to Polar's sandbox environment (https://docs.polar.sh/integrate/sandbox)
+ENABLE_POLAR_SANDBOX="true"

src/generated/graphql/schema.executable.ts

@@ -154,7 +154,7 @@ const spec_downvote = {
   },
   description: undefined,
   extensions: {
-    oid: "216526",
+    oid: "219066",
     isTableLike: true,
     pg: {
       serviceName: "main",
@@ -237,7 +237,7 @@ const spec_upvote = {
   },
   description: undefined,
   extensions: {
-    oid: "216439",
+    oid: "218979",
     isTableLike: true,
     pg: {
       serviceName: "main",
@@ -320,7 +320,7 @@ const spec_invitation = {
   },
   description: undefined,
   extensions: {
-    oid: "216625",
+    oid: "219165",
     isTableLike: true,
     pg: {
       serviceName: "main",
@@ -403,7 +403,7 @@ const spec_organization = {
   },
   description: undefined,
   extensions: {
-    oid: "216401",
+    oid: "218941",
     isTableLike: true,
     pg: {
       serviceName: "main",
@@ -498,7 +498,7 @@ const spec_comment = {
   },
   description: undefined,
   extensions: {
-    oid: "216506",
+    oid: "219046",
     isTableLike: true,
     pg: {
       serviceName: "main",
@@ -617,7 +617,7 @@ const spec_project = {
   },
   description: undefined,
   extensions: {
-    oid: "216425",
+    oid: "218965",
     isTableLike: true,
     pg: {
       serviceName: "main",
@@ -638,7 +638,7 @@ const roleCodec = enumCodec({
   values: ["owner", "admin", "member"],
   description: undefined,
   extensions: {
-    oid: "216545",
+    oid: "219085",
     pg: {
       serviceName: "main",
       schemaName: "public",
@@ -717,7 +717,7 @@ const spec_member = {
   },
   description: undefined,
   extensions: {
-    oid: "216461",
+    oid: "219001",
     isTableLike: true,
     pg: {
       serviceName: "main",
@@ -848,7 +848,7 @@ const spec_post = {
   },
   description: undefined,
   extensions: {
-    oid: "216415",
+    oid: "218955",
     isTableLike: true,
     pg: {
       serviceName: "main",
@@ -967,7 +967,7 @@ const spec_postStatus = {
   },
   description: undefined,
   extensions: {
-    oid: "216599",
+    oid: "219139",
     isTableLike: true,
     pg: {
       serviceName: "main",
@@ -988,7 +988,7 @@ const tierCodec = enumCodec({
   values: ["basic", "team", "enterprise"],
   description: undefined,
   extensions: {
-    oid: "216648",
+    oid: "219188",
     pg: {
       serviceName: "main",
       schemaName: "public",
@@ -1117,7 +1117,7 @@ const spec_user = {
   },
   description: undefined,
   extensions: {
-    oid: "216449",
+    oid: "218989",
     isTableLike: true,
     pg: {
       serviceName: "main",
@@ -4082,7 +4082,7 @@ const planWrapper3 = (plan, _, fieldArgs) => {
         }).from(members).where(and(eq(members.userId, currentUser.id), eq(members.organizationId, member.organizationId)));
         if (userRole.role !== "owner") throw new Error("Insufficient permissions");
         if (patch.role === "owner") throw new Error("Organizations can only have one owner");
-      } else throw new Error("Insufficient permissions");
+      } else if ("create" === "update") throw new Error("Insufficient permissions");
     }
   });
   return plan();
@@ -4306,7 +4306,7 @@ const planWrapper10 = (plan, _, fieldArgs) => {
         }).from(members).where(and(eq(members.userId, currentUser.id), eq(members.organizationId, member.organizationId)));
         if (userRole.role !== "owner") throw new Error("Insufficient permissions");
         if (patch.role === "owner") throw new Error("Organizations can only have one owner");
-      } else throw new Error("Insufficient permissions");
+      } else if ("update" === "update") throw new Error("Insufficient permissions");
     }
   });
   return plan();
@@ -4583,7 +4583,7 @@ const planWrapper19 = (plan, _, fieldArgs) => {
         }).from(members).where(and(eq(members.userId, currentUser.id), eq(members.organizationId, member.organizationId)));
         if (userRole.role !== "owner") throw new Error("Insufficient permissions");
         if (patch.role === "owner") throw new Error("Organizations can only have one owner");
-      } else throw new Error("Insufficient permissions");
+      } else if ("delete" === "update") throw new Error("Insufficient permissions");
     }
   });
   return plan();

src/lib/config/env.config.ts

@@ -12,9 +12,9 @@ export const {
   POLAR_WEBHOOK_SECRET,
   CHECKOUT_SUCCESS_URL,
   AUTH_BASE_URL,
-  SANDBOX,
+  ENABLE_POLAR_SANDBOX,
 } = process.env;
 
 export const isDevEnv = NODE_ENV === "development";
 export const isProdEnv = NODE_ENV === "production";
-export const isSandbox = SANDBOX === "true";
+export const enablePolarSandbox = ENABLE_POLAR_SANDBOX === "true";

src/lib/plugins/envelop/useAuth.plugin.ts

@@ -22,7 +22,7 @@ const resolveUser: ResolveUserFn<SelectUser, GraphQLContext> = async (
       .get("authorization")
       ?.split("Bearer ")[1];
 
-    if (!accessToken) throw new Error("Invalid or missing access token");
+    if (!accessToken) return null;
 
     // TODO validate access token (introspection endpoint?) here?
 
@@ -75,7 +75,7 @@ const resolveUser: ResolveUserFn<SelectUser, GraphQLContext> = async (
 const useAuth = () =>
   useGenericAuth({
     resolveUserFn: resolveUser,
-    mode: "protect-all",
+    mode: "resolve-only",
   });
 
 export default useAuth;

src/lib/plugins/postgraphile/MemberRBAC.plugin.ts

@@ -87,13 +87,15 @@ const validatePermissions = (propName: string, scope: MutationScope) =>
                   throw new Error("Organizations can only have one owner");
                 }
               } else {
-                // Restrict current users from updating their own role
-                throw new Error("Insufficient permissions");
+                if (scope === "update") {
+                  // Restrict current users from updating their own role
+                  throw new Error("Insufficient permissions");
 
-                // TODO: replace above with below when ownership transfers are allowed
-                // if (scope === "update" && member.role !== "owner") {
-                //   throw new Error("Insufficient permissions");
-                // }
+                  // TODO: replace above with below when ownership transfers are allowed
+                  // if (scope === "update" && member.role !== "owner") {
+                  //   throw new Error("Insufficient permissions");
+                  // }
+                }
               }
             }
           },

src/server.ts

@@ -17,9 +17,9 @@ import {
   POLAR_WEBHOOK_SECRET,
   PORT,
   SKIP_AUTH,
+  enablePolarSandbox,
   isDevEnv,
   isProdEnv,
-  isSandbox,
 } from "lib/config/env.config";
 import { dbPool as db } from "lib/db/db";
 import { users } from "lib/drizzle/schema";
@@ -82,7 +82,8 @@ app.use(
   // enable CORS
   cors({
     origin: isProdEnv
-      ? [appConfig.url, "https://backfeed-app-prerelease.up.railway.app"]
+      ? // TODO remove prerelease URL once ready
+        [appConfig.url, "https://backfeed-prerelease.omni.dev"]
       : "https://localhost:3000",
     credentials: true,
     allowMethods: ["GET", "POST"],
@@ -94,7 +95,7 @@ app.get(
   Checkout({
     accessToken: POLAR_ACCESS_TOKEN,
     successUrl: CHECKOUT_SUCCESS_URL,
-    server: isSandbox ? "sandbox" : "production",
+    server: enablePolarSandbox ? "sandbox" : "production",
   }),
 );
 
@@ -108,7 +109,7 @@ app.get(
 
       return customerId;
     },
-    server: isSandbox ? "sandbox" : "production",
+    server: enablePolarSandbox ? "sandbox" : "production",
   }),
 );