refactor(cloud): add validation to prevent access to shared resources

apps/dokploy/pages/api/deploy/github.ts

@@ -23,7 +23,7 @@ export default async function handler(
 	const signature = req.headers["x-hub-signature-256"];
 	const githubBody = req.body;
 
-	if (!githubBody?.installation.id) {
+	if (!githubBody?.installation?.id) {
 		res.status(400).json({ message: "Github Installation not found" });
 		return;
 	}

apps/dokploy/pages/api/providers/github/setup.ts

@@ -1,4 +1,9 @@
-import { createGithub } from "@dokploy/builders";
+import {
+	createGithub,
+	findAdminByAuthId,
+	findAuthById,
+	findUserByAuthId,
+} from "@dokploy/builders";
 import { db } from "@/server/db";
 import { github } from "@/server/db/schema";
 import { eq } from "drizzle-orm";
@@ -34,16 +39,29 @@ export default async function handler(
 			},
 		);
 
-		await createGithub({
-			name: data.name,
-			githubAppName: data.html_url,
-			githubAppId: data.id,
-			githubClientId: data.client_id,
-			githubClientSecret: data.client_secret,
-			githubWebhookSecret: data.webhook_secret,
-			githubPrivateKey: data.pem,
-			authId: value as string,
-		});
+		const auth = await findAuthById(value as string);
+
+		let adminId = "";
+		if (auth.rol === "admin") {
+			const admin = await findAdminByAuthId(auth.id);
+			adminId = admin.adminId;
+		} else {
+			const user = await findUserByAuthId(auth.id);
+			adminId = user.adminId;
+		}
+
+		await createGithub(
+			{
+				name: data.name,
+				githubAppName: data.html_url,
+				githubAppId: data.id,
+				githubClientId: data.client_id,
+				githubClientSecret: data.client_secret,
+				githubWebhookSecret: data.webhook_secret,
+				githubPrivateKey: data.pem,
+			},
+			adminId,
+		);
 	} else if (action === "gh_setup") {
 		await db
 			.update(github)