Parameterized server function middleware

[jam-fran]

I'm trying to implement a permission-based middleware system where server functions can be protected based on specific permission requirements:

 const requirePermission = createMiddleware()
  .middleware([requireUser])
  .validator((data: Permission) => data)
  .server(async ({ next, context, data }) => {
    // Ensure user has permission
  });

And then use it with a server function like this:

const getProjectById = createServerFn({ method: 'GET' })
  .middleware([() => requirePermission('project:read')]) // This doesn't work
  .validator(
    z.object({
      projectId: z.string(),
    }),
  )
  .handler(async ({ data, context }) => {
    // Get the project from the database
  });

I've tried creating a middleware factory:

export const requirePermissionFactory = (permission: Permission) => {
  return createMiddleware()
    .middleware([requireUser])
    .validator(() => permission)
    .server(async ({ next, context, data }) => {
      // Check permission
    });
};

But I understand this approach won't work due to the static extraction done by the compiler.

It'd be great to have support for parameterized middleware so they could be configured with specific args at the point where they're used.

[adnanbrq]

I've created a middleware that extends the context with a utility function, allowing me to fetch or check for a specific permission.
With this approach, your middleware won’t need to be parameterized, and you should be good to go.

return next({
    requireRight(right: string): Promise<boolean> {
        if (!(await getRight(right))) {
            throw redirect({ to: "/somewhere" })
        }
    }
})

[jam-fran]

That's clever - I'll give that a shot. Thanks for sharing!