clerk-demo/backend/src/main.ts

import express from 'express';
import { clerkClient, clerkMiddleware, getAuth, requireAuth } from '@clerk/express';
import cors from 'cors';

const app = express();

type Thing = {
	name: string;
	ownerEmail: string; // note: id should be used. This is just for better understanding
}

const allowedUsers = ['quirin.ecker@bajupa.com']

const things: Thing[] = await Bun.file('./things.json').json()

app.use(express.json())
app.use(cors())
app.use(clerkMiddleware())

app.get('/identify-yourself', requireAuth(), (req, res) => {
	const auth = getAuth(req)

	if (auth.userId === null) {
		res.send('you do not have the permission');
		return
	}

	res.send('you are identified as ' + auth.userId);
});

app.get('/do-you-have-permission', requireAuth(), async (req, res) => {
	const auth = getAuth(req)

	if (auth.userId === null) {
		res.send('you do not have the permission');
		return
	}

	const user = await clerkClient.users.getUser(auth.userId)

	if (intersection(allowedUsers, user.emailAddresses.map(o => o.emailAddress)).length === 0) {
		res.send('you do not have the permission');
		return
	}

	res.send('you do have the permission');
});

app.get('/things', requireAuth(), async (req, res) => {
	const auth = getAuth(req)

	if (auth.userId === null) {
		res.send('you do not have the permission');
		return
	}

	const user = await clerkClient.users.getUser(auth.userId)

	const usersThings = things.filter(thing => {
		const emailAdresses = user.emailAddresses.map(o => o.emailAddress)
		return emailAdresses.includes(thing.ownerEmail)
	})

	res.send(usersThings);
});

app.listen(8080, () => {
	console.log('Server is running on port 3000');
});

function intersection<T>(a: T[], b: T[]): T[] {
	const setA = new Set(a);
	return b.filter(x => setA.has(x));
}