fix: add authorization checks in GitHub router to include userId validation

- Updated conditional checks to ensure that the GitHub provider's userId matches the session userId, in addition to the organizationId, for improved security and access control.

apps/dokploy/server/api/routers/github.ts

@@ -21,7 +21,8 @@ export const githubRouter = createTRPCRouter({
 			const githubProvider = await findGithubById(input.githubId);
 			if (
 				githubProvider.gitProvider.organizationId !==
-				ctx.session.activeOrganizationId
+				ctx.session.activeOrganizationId &&
+				githubProvider.gitProvider.userId === ctx.session.userId
 			) {
 				throw new TRPCError({
 					code: "UNAUTHORIZED",
@@ -36,7 +37,8 @@ export const githubRouter = createTRPCRouter({
 			const githubProvider = await findGithubById(input.githubId);
 			if (
 				githubProvider.gitProvider.organizationId !==
-				ctx.session.activeOrganizationId
+				ctx.session.activeOrganizationId &&
+				githubProvider.gitProvider.userId === ctx.session.userId
 			) {
 				throw new TRPCError({
 					code: "UNAUTHORIZED",
@@ -51,7 +53,8 @@ export const githubRouter = createTRPCRouter({
 			const githubProvider = await findGithubById(input.githubId || "");
 			if (
 				githubProvider.gitProvider.organizationId !==
-				ctx.session.activeOrganizationId
+				ctx.session.activeOrganizationId &&
+				githubProvider.gitProvider.userId === ctx.session.userId
 			) {
 				//TODO: Remove this line when the cloud version is ready
 				throw new TRPCError({
@@ -71,7 +74,8 @@ export const githubRouter = createTRPCRouter({
 		result = result.filter(
 			(provider) =>
 				provider.gitProvider.organizationId ===
-				ctx.session.activeOrganizationId,
+				ctx.session.activeOrganizationId &&
+				provider.gitProvider.userId === ctx.session.userId
 		);
 
 		const filtered = result
@@ -95,7 +99,8 @@ export const githubRouter = createTRPCRouter({
 				const githubProvider = await findGithubById(input.githubId);
 				if (
 					githubProvider.gitProvider.organizationId !==
-					ctx.session.activeOrganizationId
+					ctx.session.activeOrganizationId &&
+					githubProvider.gitProvider.userId === ctx.session.userId
 				) {
 					throw new TRPCError({
 						code: "UNAUTHORIZED",
@@ -117,7 +122,8 @@ export const githubRouter = createTRPCRouter({
 			const githubProvider = await findGithubById(input.githubId);
 			if (
 				githubProvider.gitProvider.organizationId !==
-				ctx.session.activeOrganizationId
+				ctx.session.activeOrganizationId &&
+				githubProvider.gitProvider.userId === ctx.session.userId
 			) {
 				throw new TRPCError({
 					code: "UNAUTHORIZED",