Skip to content
Toprent.app Docs

Auth & Permissions

Middleware chain:

  • middleware.js uses withStableId and withAuth from middlewares/*
  • Excludes API, static assets, auth-related public routes via config.matcher

Tokens & identity:

  • lib/getTokens.js parses cookies/headers into { token, rootToken, idToken, companyId, userCompanyId, stableId }
  • GraphQL context requires tokens; in Postgres mode, authMiddleware validates idToken/companyId, sets Supabase client and decoded JWT

Roles & permissions:

  • Roles: ADMIN, OPERATOR, DRIVER, PARTNER (see enums in Prisma and schema)
  • Server-side checks in services/resolvers; UI gates via permission-gate/feature-gate