feat: adjust roles

This commit is contained in:
Mauricio Siu
2025-02-15 19:12:44 -06:00
parent 1bbb4c9b64
commit d233f2c764
8 changed files with 273 additions and 227 deletions

View File

@@ -57,7 +57,7 @@ export const ShowProjects = () => {
authId: auth?.id || "", authId: auth?.id || "",
}, },
{ {
enabled: !!auth?.id && auth?.role === "user", enabled: !!auth?.id && auth?.role === "member",
}, },
); );
const { mutateAsync } = api.project.remove.useMutation(); const { mutateAsync } = api.project.remove.useMutation();
@@ -91,7 +91,7 @@ export const ShowProjects = () => {
</CardDescription> </CardDescription>
</CardHeader> </CardHeader>
{(auth?.role === "admin" || user?.canCreateProjects) && ( {(auth?.role === "owner" || user?.canCreateProjects) && (
<div className=""> <div className="">
<HandleProject /> <HandleProject />
</div> </div>
@@ -293,7 +293,7 @@ export const ShowProjects = () => {
<div <div
onClick={(e) => e.stopPropagation()} onClick={(e) => e.stopPropagation()}
> >
{(auth?.role === "admin" || {(auth?.role === "owner" ||
user?.canDeleteProjects) && ( user?.canDeleteProjects) && (
<AlertDialog> <AlertDialog>
<AlertDialogTrigger className="w-full"> <AlertDialogTrigger className="w-full">

View File

@@ -261,7 +261,6 @@ export async function getServerSideProps(context: GetServerSidePropsContext) {
} }
const { user } = await validateRequest(context.req); const { user } = await validateRequest(context.req);
console.log("Response", user);
if (user) { if (user) {
return { return {

View File

@@ -7,6 +7,7 @@ import {
apiVerify2FA, apiVerify2FA,
apiVerifyLogin2FA, apiVerifyLogin2FA,
auth, auth,
member,
} from "@/server/db/schema"; } from "@/server/db/schema";
import { WEBSITE_URL } from "@/server/utils/stripe"; import { WEBSITE_URL } from "@/server/utils/stripe";
import { import {
@@ -32,7 +33,7 @@ import {
import { TRPCError } from "@trpc/server"; import { TRPCError } from "@trpc/server";
import * as bcrypt from "bcrypt"; import * as bcrypt from "bcrypt";
import { isBefore } from "date-fns"; import { isBefore } from "date-fns";
import { eq } from "drizzle-orm"; import { and, eq } from "drizzle-orm";
import { nanoid } from "nanoid"; import { nanoid } from "nanoid";
import { z } from "zod"; import { z } from "zod";
import { db } from "../../db"; import { db } from "../../db";
@@ -170,8 +171,14 @@ export const authRouter = createTRPCRouter({
}), }),
get: protectedProcedure.query(async ({ ctx }) => { get: protectedProcedure.query(async ({ ctx }) => {
const auth = await findAuthById(ctx.user.id); const memberResult = await db.query.member.findFirst({
return auth; where: and(
eq(member.userId, ctx.user.id),
eq(member.organizationId, ctx.session?.activeOrganizationId || ""),
),
});
return memberResult;
}), }),
logout: protectedProcedure.mutation(async ({ ctx }) => { logout: protectedProcedure.mutation(async ({ ctx }) => {

View File

@@ -32,7 +32,7 @@ import { ZodError } from "zod";
interface CreateContextOptions { interface CreateContextOptions {
user: (User & { rol: "admin" | "user"; ownerId: string }) | null; user: (User & { rol: "admin" | "user"; ownerId: string }) | null;
session: Session | null; session: (Session & { activeOrganizationId: string }) | null;
req: CreateNextContextOptions["req"]; req: CreateNextContextOptions["req"];
res: CreateNextContextOptions["res"]; res: CreateNextContextOptions["res"];
} }
@@ -75,12 +75,15 @@ export const createTRPCContext = async (opts: CreateNextContextOptions) => {
user = cookieResult.user; user = cookieResult.user;
} }
console.log("session", { session, user });
return createInnerTRPCContext({ return createInnerTRPCContext({
req, req,
res, res,
session: session, session: session,
...((user && { ...((user && {
user: { user: {
...user,
email: user.email, email: user.email,
rol: user.role, rol: user.role,
id: user.id, id: user.id,

View File

@@ -77,7 +77,7 @@ export const member = pgTable("member", {
userId: text("user_id") userId: text("user_id")
.notNull() .notNull()
.references(() => users_temp.id), .references(() => users_temp.id),
role: text("role").notNull(), role: text("role").notNull().$type<"owner" | "member" | "admin">(),
createdAt: timestamp("created_at").notNull(), createdAt: timestamp("created_at").notNull(),
}); });
@@ -98,7 +98,7 @@ export const invitation = pgTable("invitation", {
.notNull() .notNull()
.references(() => organization.id), .references(() => organization.id),
email: text("email").notNull(), email: text("email").notNull(),
role: text("role"), role: text("role").$type<"owner" | "member" | "admin">(),
status: text("status").notNull(), status: text("status").notNull(),
expiresAt: timestamp("expires_at").notNull(), expiresAt: timestamp("expires_at").notNull(),
inviterId: text("inviter_id") inviterId: text("inviter_id")

View File

@@ -10,7 +10,7 @@ import {
import { createInsertSchema } from "drizzle-zod"; import { createInsertSchema } from "drizzle-zod";
import { nanoid } from "nanoid"; import { nanoid } from "nanoid";
import { z } from "zod"; import { z } from "zod";
import { account } from "./account"; import { account, organization } from "./account";
import { admins } from "./admin"; import { admins } from "./admin";
import { auth } from "./auth"; import { auth } from "./auth";
import { certificateType } from "./shared"; import { certificateType } from "./shared";
@@ -185,7 +185,7 @@ export const users_temp = pgTable("user_temp", {
serversQuantity: integer("serversQuantity").notNull().default(0), serversQuantity: integer("serversQuantity").notNull().default(0),
}); });
export const usersRelations = relations(users_temp, ({ one }) => ({ export const usersRelations = relations(users_temp, ({ one, many }) => ({
// auth: one(auth, { // auth: one(auth, {
// fields: [users.authId], // fields: [users.authId],
// references: [auth.id], // references: [auth.id],
@@ -194,6 +194,7 @@ export const usersRelations = relations(users_temp, ({ one }) => ({
fields: [users_temp.id], fields: [users_temp.id],
references: [account.userId], references: [account.userId],
}), }),
organizations: many(organization),
// admin: one(admins, { // admin: one(admins, {
// fields: [users.adminId], // fields: [users.adminId],
// references: [admins.adminId], // references: [admins.adminId],

View File

@@ -3,7 +3,7 @@ import * as bcrypt from "bcrypt";
import { betterAuth } from "better-auth"; import { betterAuth } from "better-auth";
import { drizzleAdapter } from "better-auth/adapters/drizzle"; import { drizzleAdapter } from "better-auth/adapters/drizzle";
import { createAuthMiddleware, organization } from "better-auth/plugins"; import { createAuthMiddleware, organization } from "better-auth/plugins";
import { eq } from "drizzle-orm"; import { desc, eq } from "drizzle-orm";
import { db } from "../db"; import { db } from "../db";
import * as schema from "../db/schema"; import * as schema from "../db/schema";
@@ -29,15 +29,47 @@ export const auth = betterAuth({
after: createAuthMiddleware(async (ctx) => { after: createAuthMiddleware(async (ctx) => {
if (ctx.path.startsWith("/sign-up")) { if (ctx.path.startsWith("/sign-up")) {
const newSession = ctx.context.newSession; const newSession = ctx.context.newSession;
await db const organization = await db
.update(schema.users_temp) .insert(schema.organization)
.set({ .values({
role: "admin", name: "My Organization",
ownerId: newSession?.user?.id || "",
createdAt: new Date(),
}) })
.where(eq(schema.users_temp.id, newSession?.user?.id || "")); .returning()
.then((res) => res[0]);
await db.insert(schema.member).values({
userId: newSession?.user?.id || "",
organizationId: organization?.id || "",
role: "owner",
createdAt: new Date(),
});
} }
}), }),
}, },
databaseHooks: {
session: {
create: {
before: async (session) => {
const member = await db.query.member.findFirst({
where: eq(schema.member.userId, session.userId),
orderBy: desc(schema.member.createdAt),
with: {
organization: true,
},
});
return {
data: {
...session,
activeOrganizationId: member?.organization.id,
},
};
},
},
},
},
user: { user: {
modelName: "users_temp", modelName: "users_temp",
additionalFields: { additionalFields: {
@@ -67,19 +99,18 @@ export const validateRequest = async (request: IncomingMessage) => {
} }
if (session?.user) { if (session?.user) {
if (session?.user.role === "user") { const member = await db.query.member.findFirst({
const owner = await db.query.member.findFirst({
where: eq(schema.member.userId, session.user.id), where: eq(schema.member.userId, session.user.id),
with: { with: {
organization: true, organization: true,
}, },
}); });
if (owner) { session.user.role = member?.role || "member";
session.user.ownerId = owner.organization.ownerId; if (member) {
} session.user.ownerId = member.organization.ownerId;
} else { } else {
session.user.ownerId = session?.user?.id || ""; session.user.ownerId = session.user.id;
} }
} }

View File

@@ -1,9 +1,12 @@
import { randomBytes } from "node:crypto"; import { randomBytes } from "node:crypto";
import { db } from "@dokploy/server/db"; import { db } from "@dokploy/server/db";
import { import {
account,
admins, admins,
type apiCreateUserInvitation, type apiCreateUserInvitation,
auth, auth,
member,
organization,
users_temp, users_temp,
} from "@dokploy/server/db/schema"; } from "@dokploy/server/db/schema";
import { TRPCError } from "@trpc/server"; import { TRPCError } from "@trpc/server";
@@ -14,7 +17,7 @@ import { IS_CLOUD } from "../constants";
export type Admin = typeof users_temp.$inferSelect; export type Admin = typeof users_temp.$inferSelect;
export const createInvitation = async ( export const createInvitation = async (
input: typeof apiCreateUserInvitation._type, input: typeof apiCreateUserInvitation._type,
adminId: string adminId: string,
) => { ) => {
await db.transaction(async (tx) => { await db.transaction(async (tx) => {
const result = await tx const result = await tx
@@ -36,15 +39,15 @@ export const createInvitation = async (
const expiresIn24Hours = new Date(); const expiresIn24Hours = new Date();
expiresIn24Hours.setDate(expiresIn24Hours.getDate() + 1); expiresIn24Hours.setDate(expiresIn24Hours.getDate() + 1);
const token = randomBytes(32).toString("hex"); const token = randomBytes(32).toString("hex");
await tx // await tx
.insert(users) // .insert(users)
.values({ // .values({
adminId: adminId, // adminId: adminId,
authId: result.id, // authId: result.id,
token, // token,
expirationDate: expiresIn24Hours.toISOString(), // expirationDate: expiresIn24Hours.toISOString(),
}) // })
.returning(); // .returning();
}); });
}; };
@@ -79,31 +82,33 @@ export const updateUser = async (userId: string, userData: Partial<Admin>) => {
export const updateAdminById = async ( export const updateAdminById = async (
adminId: string, adminId: string,
adminData: Partial<Admin> adminData: Partial<Admin>,
) => { ) => {
const admin = await db // const admin = await db
.update(admins) // .update(admins)
.set({ // .set({
...adminData, // ...adminData,
}) // })
.where(eq(admins.adminId, adminId)) // .where(eq(admins.adminId, adminId))
.returning() // .returning()
.then((res) => res[0]); // .then((res) => res[0]);
// return admin;
return admin;
}; };
export const findAdminById = async (userId: string) => { export const findAdminById = async (userId: string) => {
const admin = await db.query.admins.findFirst({ const admin = await db.query.admins.findFirst({
where: eq(admins.userId, userId), // where: eq(admins.userId, userId),
}); });
return admin; return admin;
}; };
export const isAdminPresent = async () => { export const isAdminPresent = async () => {
const admin = await db.query.users_temp.findFirst({ const admin = await db.query.member.findFirst({
where: eq(users_temp.role, "admin"), where: eq(member.role, "owner"),
}); });
console.log("admin", admin);
if (!admin) { if (!admin) {
return false; return false;
} }