initial commit

backend/src/main.ts

@@ -0,0 +1,74 @@
+import express from 'express';
+import { clerkClient, clerkMiddleware, getAuth, requireAuth } from '@clerk/express';
+import cors from 'cors';
+
+const app = express();
+
+type Thing = {
+	name: string;
+	ownerEmail: string; // note: id should be used. This is just for better understanding
+}
+
+const allowedUsers = ['quirin.ecker@bajupa.com']
+
+const things: Thing[] = await Bun.file('./things.json').json()
+
+app.use(express.json())
+app.use(cors())
+app.use(clerkMiddleware())
+
+app.get('/identify-yourself', requireAuth(), (req, res) => {
+	const auth = getAuth(req)
+
+	if (auth.userId === null) {
+		res.send('you do not have the permission');
+		return
+	}
+
+	res.send('you are identified as ' + auth.userId);
+});
+
+app.get('/do-you-have-permission', requireAuth(), async (req, res) => {
+	const auth = getAuth(req)
+
+	if (auth.userId === null) {
+		res.send('you do not have the permission');
+		return
+	}
+
+	const user = await clerkClient.users.getUser(auth.userId)
+
+	if (intersection(allowedUsers, user.emailAddresses.map(o => o.emailAddress)).length === 0) {
+		res.send('you do not have the permission');
+		return
+	}
+
+	res.send('you do have the permission');
+});
+
+app.get('/things', requireAuth(), async (req, res) => {
+	const auth = getAuth(req)
+
+	if (auth.userId === null) {
+		res.send('you do not have the permission');
+		return
+	}
+
+	const user = await clerkClient.users.getUser(auth.userId)
+
+	const usersThings = things.filter(thing => {
+		const emailAdresses = user.emailAddresses.map(o => o.emailAddress)
+		return emailAdresses.includes(thing.ownerEmail)
+	})
+
+	res.send(usersThings);
+});
+
+app.listen(8080, () => {
+	console.log('Server is running on port 3000');
+});
+
+function intersection<T>(a: T[], b: T[]): T[] {
+	const setA = new Set(a);
+	return b.filter(x => setA.has(x));
+}