Merge pull request #381 from Dokploy/security/apply-validation-when-creating-admin

refactor(auth): add validation to prevent create another admin when a…
2025-06-26 18:27:59 +00:00 · 2024-08-26 15:32:29 -06:00
parent 1df9f1f4df c1420bd6d8
commit a8f21ad717
1 changed files with 9 additions and 0 deletions
--- a/apps/dokploy/server/api/routers/auth.ts
+++ b/apps/dokploy/server/api/routers/auth.ts
@@ -12,6 +12,7 @@ import {
 } from "@/server/db/schema";
 import { TRPCError } from "@trpc/server";
 import * as bcrypt from "bcrypt";
+import { db } from "../../db";
 import {
 	createAdmin,
 	createUser,
@@ -33,6 +34,14 @@ export const authRouter = createTRPCRouter({
 		.input(apiCreateAdmin)
 		.mutation(async ({ ctx, input }) => {
 			try {
+				const admin = await db.query.admins.findFirst({});
+
+				if (admin) {
+					throw new TRPCError({
+						code: "BAD_REQUEST",
+						message: "Admin already exists",
+					});
+				}
 				const newAdmin = await createAdmin(input);
 				const session = await lucia.createSession(newAdmin.id || "", {});
 				ctx.res.appendHeader(