Skip to content

Improve tRPC auth handling #420

New issue
New issue
Open
Task
Open
Improve tRPC auth handling#420
Task
Labels
APIChange modifies code in the global API/tRPC packageMinorSmall change - 1 reviewer required
@alexanderpaolini

Description

@alexanderpaolini
alexanderpaolini
opened on Mar 12, 2026

The way tRPC handles auth right now is a bit strange. We call a permProcedure and then in the mutation/query, we call permissions.controlPerms.or(["...PERM..."], ctx);. This is kind of funky and can be cleaned up into better ways.

Dhruv and I were discussing changing this to a middleware. This would allow us to do something similar to

permProcedure
  .use(permsMiddleware("OR", ["SOME_PERM", "SOME_OTHER_PERM"]))
  .input(/* ts don't matter */)
  .mutation(/* ts don't matter either */)

The naming can obviously be changed but this is a better pattern to stick to. Since we are using side effect functions rather than a middleware right now. This refactor wouldn't be too complex, but it would touch a large majority of our API. Opening this issue so we can discuss this in the future.

Metadata

Metadata

Assignees

No one assigned

    Labels

    APIChange modifies code in the global API/tRPC packageMinorSmall change - 1 reviewer required

    Type

    Task

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions