feat(auth): add better-auth core wiring for admin and db

2026-02-10 12:42:49 +01:00
parent 3949fd2c11
commit ba8abb3b1b
30 changed files with 807 additions and 32 deletions
--- a/apps/admin/src/lib/access-server.ts
+++ b/apps/admin/src/lib/access-server.ts
@@ -0,0 +1,40 @@
+import { auth, resolveRoleFromAuthSession } from "@cms/auth/server"
+import type { Role } from "@cms/content/rbac"
+import { cookies, headers } from "next/headers"
+
+import { resolveDefaultRole, resolveRoleFromRawValue } from "./access"
+
+export async function resolveRoleFromServerContext(): Promise<Role | null> {
+  const roleFromAuthSession = await resolveRoleFromAuthSessionInServerContext()
+
+  if (roleFromAuthSession) {
+    return roleFromAuthSession
+  }
+
+  const cookieStore = await cookies()
+  const headerStore = await headers()
+
+  const roleFromCookie = cookieStore.get("cms_role")?.value
+  const roleFromHeader = headerStore.get("x-cms-role")
+
+  const resolved = resolveRoleFromRawValue(roleFromCookie ?? roleFromHeader)
+
+  if (resolved) {
+    return resolved
+  }
+
+  return resolveDefaultRole()
+}
+
+async function resolveRoleFromAuthSessionInServerContext(): Promise<Role | null> {
+  try {
+    const headerStore = await headers()
+    const session = await auth.api.getSession({
+      headers: headerStore,
+    })
+
+    return resolveRoleFromAuthSession(session)
+  } catch {
+    return null
+  }
+}