diff --git a/content/docs/guides/neon-authorize-tutorial.md b/content/docs/guides/neon-authorize-tutorial.md index 48ab182a3a..26e1ea29ac 100644 --- a/content/docs/guides/neon-authorize-tutorial.md +++ b/content/docs/guides/neon-authorize-tutorial.md @@ -88,15 +88,18 @@ Let's take a look at the `getTodos` function in the `actions.tsx` file: ```typescript shouldWrap export async function getTodos(): Promise> { - return fetchWithDrizzle(async (db, { userId }) => { - // WHERE filter is optional because of RLS. But we send it anyway for - // performance reasons. - return db - .select() - .from(schema.todos) - .where(eq(schema.todos.userId, sql`auth.user_id()`)) // [!code highlight] - .orderBy(asc(schema.todos.insertedAt)); - }); + const { getToken } = auth(); + const authToken = await getToken(); + const db = drizzle(process.env.DATABASE_AUTHENTICATED_URL!, { schema }); + + // WHERE filter is optional because of RLS. But we send it anyway for + // performance reasons. + return db + .$withAuth(authToken) + .select() + .from(schema.todos) + .where(eq(schema.todos.userId, sql`auth.user_id()`)) + .orderBy(asc(schema.todos.insertedAt)); } ``` @@ -164,15 +167,18 @@ Another scenario, imagine a team member writes the `getTodos` function like this ```typescript shouldWrap export async function getTodos(): Promise> { - return fetchWithDrizzle(async (db) => { - const todos = await db - .select() - .from(schema.todos) - .where(eq(schema.todos.userId, schema.todos.userId)) // Woops // [!code highlight] - .orderBy(asc(schema.todos.insertedAt)); - - return todos; - }); + const { getToken } = auth(); + const authToken = await getToken(); + const db = drizzle(process.env.DATABASE_AUTHENTICATED_URL!, { schema }); + + const todos = await db + .$withAuth(authToken) + .select() + .from(schema.todos) + .where(eq(schema.todos.userId, schema.todos.userId)) // Woops // [!code highlight] + .orderBy(asc(schema.todos.insertedAt)); + + return todos; } ``` @@ -196,15 +202,17 @@ Order is restored, thanks to RLS. Now go fix your app before you forget: ```typescript shouldWrap export async function getTodos(): Promise> { - return fetchWithDrizzle(async (db, { userId }) => { - // WHERE filter is optional because of RLS. But we send it anyway for - // performance reasons. - return db - .select() - .from(schema.todos) - .where(eq(schema.todos.userId, sql`auth.user_id()`)) - .orderBy(asc(schema.todos.insertedAt)); - }); + const { getToken } = auth(); + const authToken = await getToken(); + const db = drizzle(process.env.DATABASE_AUTHENTICATED_URL!, { schema }); + // WHERE filter is optional because of RLS. But we send it anyway for + // performance reasons. + return db + .$withAuth(authToken) + .select() + .from(schema.todos) + .where(eq(schema.todos.userId, sql`auth.user_id()`)) + .orderBy(asc(schema.todos.insertedAt)); } ``` diff --git a/content/docs/guides/neon-authorize.md b/content/docs/guides/neon-authorize.md index d9e03b762d..0a807f585e 100644 --- a/content/docs/guides/neon-authorize.md +++ b/content/docs/guides/neon-authorize.md @@ -124,18 +124,15 @@ CREATE POLICY "create todos" ON "todos" Now, in your backend, you can simplify the logic, removing the user authentication checks and explicit authorization handling. ```typescript shouldWrap -export async function insertTodo(newTodo: { newTodo: string }) { +export async function insertTodo({ newTodo }: { newTodo: string }) { const { getToken } = auth(); const authToken = await getToken(); + const db = drizzle(process.env.DATABASE_AUTHENTICATED_URL!, { schema }); - await fetchWithDrizzle(async (db) => { - return db.insert(schema.todos).values({ - task: newTodo.newTodo, - isComplete: false, - }); + return db.$withAuth(authToken).insert(schema.todos).values({ + task: newTodo, + isComplete: false, }); - - revalidatePath('/'); } ```