apps/api/src/middleware/requireAuth.ts

Auto-generated by scripts/generate-file-docs.ts. Do not edit — overwritten on every run.

Purpose

requireAuth — Fastify preHandler that authenticates the caller. Token verification per auth-rbac-design §API middleware enforcement step 1: 1a. If the token carries type: "child" or type: "platform" (i.e. a platform-issued JWT — verifiable with CHILD_JWT_SECRET), verify it locally and resolve sub to a Users.id directly. 1b. Otherwise, verify against Clerk; resolve the Clerk sub to a Users row by externalUserId. Status enforcement per auth-rbac-design §API middleware enforcement step 3: - status MUST be ACTIVE → other statuses (PENDING_APPROVAL, SUSPENDED, DEACTIVATED) all return 403. ADR 0038 — AuthContext.roles is now an array. UserRole rows (isActive=true) are the source of truth; User.role scalar is the fallback when no UserRole rows exist yet (migration transition period). requireRole() and requireAnyRole() both read request.auth.roles. /

Exports

• export type DbUserStatus
• export interface AuthContext
• export function toRoleSlug
• export async function requireAuth

Imports

• ../adapters/db
• ../config
• ../lib/errors
• ../lib/response
• @clerk/backend
• @hch/shared-types
• fastify
• jsonwebtoken

Imported by

• apps/api/src/features/admin/admin.router.ts
• apps/api/src/features/admin/cli.router.ts
• apps/api/src/features/announcements/announcements.router.ts
• apps/api/src/features/approval/approval.router.ts
• apps/api/src/features/auth/auth.router.ts
• apps/api/src/features/config/config.router.ts
• apps/api/src/features/events/events.router.ts
• apps/api/src/features/family-groups/family-groups.router.ts
• apps/api/src/features/feedback/feedback.router.ts
• apps/api/src/features/groups/groups.router.ts
• apps/api/src/features/homeschool/homeschool.router.ts
• apps/api/src/features/marketplace/marketplace.router.ts
• apps/api/src/features/media/media.router.ts
• apps/api/src/features/members/members.router.ts
• apps/api/src/features/notifications/notifications.router.ts
• apps/api/src/features/ponyexpress/ponyexpress.router.ts
• apps/api/src/features/push/push.router.ts
• apps/api/src/features/rideshare/rideshare.router.ts
• apps/api/src/features/sister-communities/sister-communities.router.ts
• apps/api/src/features/verses/verses.router.ts
• apps/api/src/middleware/requireAuth.test.ts