Dokploy/dokploy
1
0
Fork 0
mirror of https://github.com/Dokploy/dokploy synced 2025-06-26 18:27:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

refactor: update user and authentication schema with two-factor support

Browse Source
This commit is contained in:
Mauricio Siu
2025-02-16 15:32:57 -06:00
parent 90156da570
commit e1632cbdb3
33 changed files with 657 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/dokploy/components/dashboard/settings/users/add-permissions.tsx
View File

@@ -52,7 +52,7 @@ interface Props {
export const AddUserPermissions = ({ userId }: Props) => {
const { data: projects } = api.project.all.useQuery();
const { data, refetch } = api.user.byUserId.useQuery(
const { data, refetch } = api.auth.one.useQuery(
{
userId,
},
@@ -92,7 +92,7 @@ export const AddUserPermissions = ({ userId }: Props) => {
const onSubmit = async (data: AddPermissions) => {
await mutateAsync({
userId,
id: userId,
canCreateServices: data.canCreateServices,
canCreateProjects: data.canCreateProjects,
canDeleteServices: data.canDeleteServices,

8
apps/dokploy/components/dashboard/settings/users/show-users.tsx
View File

@@ -104,9 +104,9 @@ export const ShowUsers = () => {
</Badge>
</TableCell>
<TableCell className="text-center">
{user.user.is2FAEnabled
{/* {user.user.is2FAEnabled
? "2FA Enabled"
: "2FA Not Enabled"}
: "2FA Not Enabled"} */}
</TableCell>
{/* <TableCell className="text-right">
<span className="text-sm text-muted-foreground">
@@ -156,7 +156,7 @@ export const ShowUsers = () => {
/>
)} */}
{user.role !== "owner" && (
{/* {user.role !== "owner" && (
<DialogAction
title="Delete User"
description="Are you sure you want to delete this user?"
@@ -185,7 +185,7 @@ export const ShowUsers = () => {
Delete User
</DropdownMenuItem>
</DialogAction>
)}
)} */}
</DropdownMenuContent>
</DropdownMenu>
</TableCell>

5
apps/dokploy/components/dashboard/settings/web-server/update-server-ip.tsx
View File

@@ -1,5 +1,4 @@
import { AlertBlock } from "@/components/shared/alert-block";
import { CodeEditor } from "@/components/shared/code-editor";
import { Button } from "@/components/ui/button";
import {
Dialog,
@@ -47,11 +46,11 @@ interface Props {
export const UpdateServerIp = ({ children, serverId }: Props) => {
const [isOpen, setIsOpen] = useState(false);
const { data } = api.admin.one.useQuery();
const { data } = api.user.get.useQuery();
const { data: ip } = api.server.publicIp.useQuery();
const { mutateAsync, isLoading, error, isError } =
api.admin.update.useMutation();
api.user.update.useMutation();
const form = useForm<Schema>({
defaultValues: {

11
apps/dokploy/drizzle/0066_yielding_echo.sql
View File

@@ -16,6 +16,7 @@ CREATE TABLE "user_temp" (
"canAccessToTraefikFiles" boolean DEFAULT false NOT NULL,
"accesedProjects" text[] DEFAULT ARRAY[]::text[] NOT NULL,
"accesedServices" text[] DEFAULT ARRAY[]::text[] NOT NULL,
"two_factor_enabled" boolean DEFAULT false NOT NULL,
"email" text NOT NULL,
"email_verified" boolean NOT NULL,
"image" text,
@@ -113,6 +114,13 @@ CREATE TABLE "verification" (
"created_at" timestamp,
"updated_at" timestamp
);
CREATE TABLE "two_factor" (
"id" text PRIMARY KEY NOT NULL,
"secret" text NOT NULL,
"backup_codes" text NOT NULL,
"user_id" text NOT NULL
);
--> statement-breakpoint
ALTER TABLE "certificate" ALTER COLUMN "adminId" SET NOT NULL;--> statement-breakpoint
ALTER TABLE "notification" ALTER COLUMN "adminId" SET NOT NULL;--> statement-breakpoint
@@ -124,4 +132,5 @@ ALTER TABLE "invitation" ADD CONSTRAINT "invitation_organization_id_organization
ALTER TABLE "invitation" ADD CONSTRAINT "invitation_inviter_id_user_temp_id_fk" FOREIGN KEY ("inviter_id") REFERENCES "public"."user_temp"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
ALTER TABLE "member" ADD CONSTRAINT "member_organization_id_organization_id_fk" FOREIGN KEY ("organization_id") REFERENCES "public"."organization"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
ALTER TABLE "member" ADD CONSTRAINT "member_user_id_user_temp_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."user_temp"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
ALTER TABLE "organization" ADD CONSTRAINT "organization_owner_id_user_temp_id_fk" FOREIGN KEY ("owner_id") REFERENCES "public"."user_temp"("id") ON DELETE no action ON UPDATE no action;
ALTER TABLE "organization" ADD CONSTRAINT "organization_owner_id_user_temp_id_fk" FOREIGN KEY ("owner_id") REFERENCES "public"."user_temp"("id") ON DELETE no action ON UPDATE no action;
ALTER TABLE "two_factor" ADD CONSTRAINT "two_factor_user_id_user_temp_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."user_temp"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint

1
apps/dokploy/drizzle/0073_brave_wolfpack.sql → apps/dokploy/drizzle/0073_polite_miss_america.sql
View File

@@ -1,3 +1,4 @@
--> statement-breakpoint
DROP TABLE "user" CASCADE;--> statement-breakpoint
DROP TABLE "admin" CASCADE;--> statement-breakpoint
DROP TABLE "auth" CASCADE;--> statement-breakpoint

57
apps/dokploy/drizzle/meta/0066_snapshot.json
View File

@@ -1010,6 +1010,12 @@
"notNull": true,
"default": "ARRAY[]::text[]"
},
"two_factor_enabled": {
"name": "two_factor_enabled",
"type": "boolean",
"primaryKey": false,
"notNull": false
},
"email": {
"name": "email",
"type": "text",
@@ -5045,6 +5051,57 @@
"checkConstraints": {},
"isRLSEnabled": false
},
"public.two_factor": {
"name": "two_factor",
"schema": "",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true
},
"secret": {
"name": "secret",
"type": "text",
"primaryKey": false,
"notNull": true
},
"backup_codes": {
"name": "backup_codes",
"type": "text",
"primaryKey": false,
"notNull": true
},
"user_id": {
"name": "user_id",
"type": "text",
"primaryKey": false,
"notNull": true
}
},
"indexes": {},
"foreignKeys": {
"two_factor_user_id_user_temp_id_fk": {
"name": "two_factor_user_id_user_temp_id_fk",
"tableFrom": "two_factor",
"tableTo": "user_temp",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"policies": {},
"checkConstraints": {},
"isRLSEnabled": false
},
"public.verification": {
"name": "verification",
"schema": "",

57
apps/dokploy/drizzle/meta/0067_snapshot.json
View File

@@ -1010,6 +1010,12 @@
"notNull": true,
"default": "ARRAY[]::text[]"
},
"two_factor_enabled": {
"name": "two_factor_enabled",
"type": "boolean",
"primaryKey": false,
"notNull": false
},
"email": {
"name": "email",
"type": "text",
@@ -5045,6 +5051,57 @@
"checkConstraints": {},
"isRLSEnabled": false
},
"public.two_factor": {
"name": "two_factor",
"schema": "",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true
},
"secret": {
"name": "secret",
"type": "text",
"primaryKey": false,
"notNull": true
},
"backup_codes": {
"name": "backup_codes",
"type": "text",
"primaryKey": false,
"notNull": true
},
"user_id": {
"name": "user_id",
"type": "text",
"primaryKey": false,
"notNull": true
}
},
"indexes": {},
"foreignKeys": {
"two_factor_user_id_user_temp_id_fk": {
"name": "two_factor_user_id_user_temp_id_fk",
"tableFrom": "two_factor",
"tableTo": "user_temp",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"policies": {},
"checkConstraints": {},
"isRLSEnabled": false
},
"public.verification": {
"name": "verification",
"schema": "",

57
apps/dokploy/drizzle/meta/0068_snapshot.json
View File

@@ -1010,6 +1010,12 @@
"notNull": true,
"default": "ARRAY[]::text[]"
},
"two_factor_enabled": {
"name": "two_factor_enabled",
"type": "boolean",
"primaryKey": false,
"notNull": false
},
"email": {
"name": "email",
"type": "text",
@@ -5045,6 +5051,57 @@
"checkConstraints": {},
"isRLSEnabled": false
},
"public.two_factor": {
"name": "two_factor",
"schema": "",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true
},
"secret": {
"name": "secret",
"type": "text",
"primaryKey": false,
"notNull": true
},
"backup_codes": {
"name": "backup_codes",
"type": "text",
"primaryKey": false,
"notNull": true
},
"user_id": {
"name": "user_id",
"type": "text",
"primaryKey": false,
"notNull": true
}
},
"indexes": {},
"foreignKeys": {
"two_factor_user_id_user_temp_id_fk": {
"name": "two_factor_user_id_user_temp_id_fk",
"tableFrom": "two_factor",
"tableTo": "user_temp",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"policies": {},
"checkConstraints": {},
"isRLSEnabled": false
},
"public.verification": {
"name": "verification",
"schema": "",

57
apps/dokploy/drizzle/meta/0069_snapshot.json
View File

@@ -1018,6 +1018,12 @@
"notNull": true,
"default": "ARRAY[]::text[]"
},
"two_factor_enabled": {
"name": "two_factor_enabled",
"type": "boolean",
"primaryKey": false,
"notNull": false
},
"email": {
"name": "email",
"type": "text",
@@ -5053,6 +5059,57 @@
"checkConstraints": {},
"isRLSEnabled": false
},
"public.two_factor": {
"name": "two_factor",
"schema": "",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true
},
"secret": {
"name": "secret",
"type": "text",
"primaryKey": false,
"notNull": true
},
"backup_codes": {
"name": "backup_codes",
"type": "text",
"primaryKey": false,
"notNull": true
},
"user_id": {
"name": "user_id",
"type": "text",
"primaryKey": false,
"notNull": true
}
},
"indexes": {},
"foreignKeys": {
"two_factor_user_id_user_temp_id_fk": {
"name": "two_factor_user_id_user_temp_id_fk",
"tableFrom": "two_factor",
"tableTo": "user_temp",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"policies": {},
"checkConstraints": {},
"isRLSEnabled": false
},
"public.verification": {
"name": "verification",
"schema": "",

57
apps/dokploy/drizzle/meta/0070_snapshot.json
View File

@@ -1018,6 +1018,12 @@
"notNull": true,
"default": "ARRAY[]::text[]"
},
"two_factor_enabled": {
"name": "two_factor_enabled",
"type": "boolean",
"primaryKey": false,
"notNull": false
},
"email": {
"name": "email",
"type": "text",
@@ -5205,6 +5211,57 @@
"checkConstraints": {},
"isRLSEnabled": false
},
"public.two_factor": {
"name": "two_factor",
"schema": "",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true
},
"secret": {
"name": "secret",
"type": "text",
"primaryKey": false,
"notNull": true
},
"backup_codes": {
"name": "backup_codes",
"type": "text",
"primaryKey": false,
"notNull": true
},
"user_id": {
"name": "user_id",
"type": "text",
"primaryKey": false,
"notNull": true
}
},
"indexes": {},
"foreignKeys": {
"two_factor_user_id_user_temp_id_fk": {
"name": "two_factor_user_id_user_temp_id_fk",
"tableFrom": "two_factor",
"tableTo": "user_temp",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"policies": {},
"checkConstraints": {},
"isRLSEnabled": false
},
"public.verification": {
"name": "verification",
"schema": "",

57
apps/dokploy/drizzle/meta/0071_snapshot.json
View File

@@ -1018,6 +1018,12 @@
"notNull": true,
"default": "ARRAY[]::text[]"
},
"two_factor_enabled": {
"name": "two_factor_enabled",
"type": "boolean",
"primaryKey": false,
"notNull": false
},
"email": {
"name": "email",
"type": "text",
@@ -5205,6 +5211,57 @@
"checkConstraints": {},
"isRLSEnabled": false
},
"public.two_factor": {
"name": "two_factor",
"schema": "",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true
},
"secret": {
"name": "secret",
"type": "text",
"primaryKey": false,
"notNull": true
},
"backup_codes": {
"name": "backup_codes",
"type": "text",
"primaryKey": false,
"notNull": true
},
"user_id": {
"name": "user_id",
"type": "text",
"primaryKey": false,
"notNull": true
}
},
"indexes": {},
"foreignKeys": {
"two_factor_user_id_user_temp_id_fk": {
"name": "two_factor_user_id_user_temp_id_fk",
"tableFrom": "two_factor",
"tableTo": "user_temp",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"policies": {},
"checkConstraints": {},
"isRLSEnabled": false
},
"public.verification": {
"name": "verification",
"schema": "",

57
apps/dokploy/drizzle/meta/0072_snapshot.json
View File

@@ -1018,6 +1018,12 @@
"notNull": true,
"default": "ARRAY[]::text[]"
},
"two_factor_enabled": {
"name": "two_factor_enabled",
"type": "boolean",
"primaryKey": false,
"notNull": false
},
"email": {
"name": "email",
"type": "text",
@@ -5053,6 +5059,57 @@
"checkConstraints": {},
"isRLSEnabled": false
},
"public.two_factor": {
"name": "two_factor",
"schema": "",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true
},
"secret": {
"name": "secret",
"type": "text",
"primaryKey": false,
"notNull": true
},
"backup_codes": {
"name": "backup_codes",
"type": "text",
"primaryKey": false,
"notNull": true
},
"user_id": {
"name": "user_id",
"type": "text",
"primaryKey": false,
"notNull": true
}
},
"indexes": {},
"foreignKeys": {
"two_factor_user_id_user_temp_id_fk": {
"name": "two_factor_user_id_user_temp_id_fk",
"tableFrom": "two_factor",
"tableTo": "user_temp",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"policies": {},
"checkConstraints": {},
"isRLSEnabled": false
},
"public.verification": {
"name": "verification",
"schema": "",

59
apps/dokploy/drizzle/meta/0073_snapshot.json
View File

@@ -1,5 +1,5 @@
{
"id": "07170d9f-4d67-48f5-890f-393043396973",
"id": "e357a19a-dd1e-4843-b567-0c0243ade7a8",
"prevId": "4eb71c0e-5bdb-427b-b198-39b1059dcd16",
"version": "7",
"dialect": "postgresql",
@@ -858,6 +858,12 @@
"notNull": true,
"default": "ARRAY[]::text[]"
},
"two_factor_enabled": {
"name": "two_factor_enabled",
"type": "boolean",
"primaryKey": false,
"notNull": false
},
"email": {
"name": "email",
"type": "text",
@@ -4602,6 +4608,57 @@
"checkConstraints": {},
"isRLSEnabled": false
},
"public.two_factor": {
"name": "two_factor",
"schema": "",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true
},
"secret": {
"name": "secret",
"type": "text",
"primaryKey": false,
"notNull": true
},
"backup_codes": {
"name": "backup_codes",
"type": "text",
"primaryKey": false,
"notNull": true
},
"user_id": {
"name": "user_id",
"type": "text",
"primaryKey": false,
"notNull": true
}
},
"indexes": {},
"foreignKeys": {
"two_factor_user_id_user_temp_id_fk": {
"name": "two_factor_user_id_user_temp_id_fk",
"tableFrom": "two_factor",
"tableTo": "user_temp",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"policies": {},
"checkConstraints": {},
"isRLSEnabled": false
},
"public.verification": {
"name": "verification",
"schema": "",

4
apps/dokploy/drizzle/meta/_journal.json
View File

@@ -516,8 +516,8 @@
{
"idx": 73,
"version": "7",
"when": 1739735739336,
"tag": "0073_brave_wolfpack",
"when": 1739740193879,
"tag": "0073_polite_miss_america",
"breakpoints": true
}
]

2
apps/dokploy/pages/dashboard/docker.tsx
View File

@@ -54,7 +54,7 @@ export async function getServerSideProps(
await helpers.project.all.prefetch();
if (user.role === "member") {
const userR = await helpers.user.get.fetch({
const userR = await helpers.user.one.fetch({
userId: user.id,
});

2
apps/dokploy/pages/dashboard/settings/git-providers.tsx
View File

@@ -50,7 +50,7 @@ export async function getServerSideProps(
await helpers.project.all.prefetch();
await helpers.settings.isCloud.prefetch();
if (user.role === "member") {
const userR = await helpers.user.get.fetch({
const userR = await helpers.user.one.fetch({
userId: user.id,
});

2
apps/dokploy/pages/dashboard/settings/profile.tsx
View File

@@ -57,7 +57,7 @@ export async function getServerSideProps(
await helpers.settings.isCloud.prefetch();
await helpers.auth.get.prefetch();
if (user?.role === "member") {
// const userR = await helpers.user.get.fetch({
// const userR = await helpers.user.one.fetch({
// userId: user.id,
// });
// await helpers.user.byAuthId.prefetch({

2
apps/dokploy/pages/dashboard/settings/ssh-keys.tsx
View File

@@ -51,7 +51,7 @@ export async function getServerSideProps(
await helpers.settings.isCloud.prefetch();
if (user.role === "member") {
const userR = await helpers.user.get.fetch({
const userR = await helpers.user.one.fetch({
userId: user.id,
});

2
apps/dokploy/pages/dashboard/swarm.tsx
View File

@@ -54,7 +54,7 @@ export async function getServerSideProps(
await helpers.project.all.prefetch();
if (user.role === "member") {
const userR = await helpers.user.get.fetch({
const userR = await helpers.user.one.fetch({
userId: user.id,
});

2
apps/dokploy/pages/dashboard/traefik.tsx
View File

@@ -54,7 +54,7 @@ export async function getServerSideProps(
await helpers.project.all.prefetch();
if (user.role === "member") {
const userR = await helpers.user.get.fetch({
const userR = await helpers.user.one.fetch({
userId: user.id,
});

12
apps/dokploy/pages/swagger.tsx
View File

@@ -38,7 +38,7 @@ const Home: NextPage = () => {
export default Home;
export async function getServerSideProps(context: GetServerSidePropsContext) {
const { req, res } = context;
const { user, session } = await validateRequest(context.req, context.res);
const { user, session } = await validateRequest(context.req);
if (!user) {
return {
redirect: {
@@ -53,17 +53,17 @@ export async function getServerSideProps(context: GetServerSidePropsContext) {
req: req as any,
res: res as any,
db: null as any,
session: session,
user: user,
session: session as any,
user: user as any,
},
transformer: superjson,
});
if (user.role === "member") {
const result = await helpers.user.byAuthId.fetch({
authId: user.id,
const userR = await helpers.user.one.fetch({
userId: user.id,
});
if (!result.canAccessToAPI) {
if (!userR.canAccessToAPI) {
return {
redirect: {
permanent: true,

27
apps/dokploy/server/api/routers/admin.ts
View File

@@ -35,17 +35,22 @@ export const adminRouter = createTRPCRouter({
...rest,
};
}),
update: adminProcedure.mutation(async ({ input, ctx }) => {
if (ctx.user.rol === "member") {
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to update this admin",
});
}
const { id } = await findUserById(ctx.user.id);
// @ts-ignore
return updateAdmin(id, input);
}),
update: adminProcedure
.input(
z.object({
enableDockerCleanup: z.boolean(),
}),
)
.mutation(async ({ input, ctx }) => {
if (ctx.user.rol === "member") {
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not allowed to update this admin",
});
}
const user = await findUserById(ctx.user.ownerId);
return updateUser(user.id, {});
}),
createUserInvitation: adminProcedure
.input(apiCreateUserInvitation)
.mutation(async ({ input, ctx }) => {

11
apps/dokploy/server/api/routers/auth.ts
View File

@@ -266,10 +266,13 @@ export const authRouter = createTRPCRouter({
verifyToken: protectedProcedure.mutation(async () => {
return true;
}),
one: adminProcedure.query(async ({ input }) => {
const auth = await findAuthById(input.id);
return auth;
}),
one: adminProcedure
.input(z.object({ userId: z.string().min(1) }))
.query(async ({ input }) => {
// TODO: Check if the user is admin or member
const user = await findUserById(input.userId);
return user;
}),
generate2FASecret: protectedProcedure.query(async ({ ctx }) => {
return await generate2FASecret(ctx.user.id);

50
apps/dokploy/server/api/routers/settings.ts
View File

@@ -22,9 +22,8 @@ import {
cleanUpUnusedVolumes,
execAsync,
execAsyncRemote,
findAdmin,
findAdminById,
findServerById,
findUserById,
getDokployImage,
getDokployImageTag,
getUpdateData,
@@ -50,6 +49,7 @@ import {
updateLetsEncryptEmail,
updateServerById,
updateServerTraefik,
updateUser,
writeConfig,
writeMainConfig,
writeTraefikConfigInPath,
@@ -163,7 +163,7 @@ export const settingsRouter = createTRPCRouter({
if (IS_CLOUD) {
return true;
}
await updateAdmin(ctx.user.authId, {
await updateUser(ctx.user.id, {
sshPrivateKey: input.sshPrivateKey,
});
@@ -175,7 +175,7 @@ export const settingsRouter = createTRPCRouter({
if (IS_CLOUD) {
return true;
}
const admin = await updateAdmin(ctx.user.authId, {
const user = await updateUser(ctx.user.id, {
host: input.host,
...(input.letsEncryptEmail && {
letsEncryptEmail: input.letsEncryptEmail,
@@ -183,25 +183,25 @@ export const settingsRouter = createTRPCRouter({
certificateType: input.certificateType,
});
if (!admin) {
if (!user) {
throw new TRPCError({
code: "NOT_FOUND",
message: "Admin not found",
message: "User not found",
});
}
updateServerTraefik(admin, input.host);
updateServerTraefik(user, input.host);
if (input.letsEncryptEmail) {
updateLetsEncryptEmail(input.letsEncryptEmail);
}
return admin;
return user;
}),
cleanSSHPrivateKey: adminProcedure.mutation(async ({ ctx }) => {
if (IS_CLOUD) {
return true;
}
await updateAdmin(ctx.user.authId, {
await updateUser(ctx.user.id, {
sshPrivateKey: null,
});
return true;
@@ -216,7 +216,7 @@ export const settingsRouter = createTRPCRouter({
const server = await findServerById(input.serverId);
if (server.adminId !== ctx.user.adminId) {
if (server.organizationId !== ctx.session?.activeOrganizationId) {
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not authorized to access this server",
@@ -245,7 +245,7 @@ export const settingsRouter = createTRPCRouter({
await cleanUpUnusedImages(server.serverId);
await cleanUpDockerBuilder(server.serverId);
await cleanUpSystemPrune(server.serverId);
await sendDockerCleanupNotifications(server.adminId);
await sendDockerCleanupNotifications(server.organizationId);
});
}
} else {
@@ -261,19 +261,11 @@ export const settingsRouter = createTRPCRouter({
}
}
} else if (!IS_CLOUD) {
const admin = await findAdminById(ctx.user.adminId);
if (admin.adminId !== ctx.user.adminId) {
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not authorized to access this admin",
});
}
const adminUpdated = await updateAdmin(ctx.user.authId, {
const userUpdated = await updateUser(ctx.user.id, {
enableDockerCleanup: input.enableDockerCleanup,
});
if (adminUpdated?.enableDockerCleanup) {
if (userUpdated?.enableDockerCleanup) {
scheduleJob("docker-cleanup", "0 0 * * *", async () => {
console.log(
`Docker Cleanup ${new Date().toLocaleString()}] Running...`,
@@ -281,7 +273,9 @@ export const settingsRouter = createTRPCRouter({
await cleanUpUnusedImages();
await cleanUpDockerBuilder();
await cleanUpSystemPrune();
await sendDockerCleanupNotifications(admin.adminId);
await sendDockerCleanupNotifications(
ctx.session.activeOrganizationId,
);
});
} else {
const currentJob = scheduledJobs["docker-cleanup"];
@@ -383,7 +377,7 @@ export const settingsRouter = createTRPCRouter({
.query(async ({ ctx, input }) => {
try {
if (ctx.user.rol === "member") {
const canAccess = await canAccessToTraefikFiles(ctx.user.authId);
const canAccess = await canAccessToTraefikFiles(ctx.user.id);
if (!canAccess) {
throw new TRPCError({ code: "UNAUTHORIZED" });
@@ -401,7 +395,7 @@ export const settingsRouter = createTRPCRouter({
.input(apiModifyTraefikConfig)
.mutation(async ({ input, ctx }) => {
if (ctx.user.rol === "member") {
const canAccess = await canAccessToTraefikFiles(ctx.user.authId);
const canAccess = await canAccessToTraefikFiles(ctx.user.id);
if (!canAccess) {
throw new TRPCError({ code: "UNAUTHORIZED" });
@@ -419,7 +413,7 @@ export const settingsRouter = createTRPCRouter({
.input(apiReadTraefikConfig)
.query(async ({ input, ctx }) => {
if (ctx.user.rol === "member") {
const canAccess = await canAccessToTraefikFiles(ctx.user.authId);
const canAccess = await canAccessToTraefikFiles(ctx.user.id);
if (!canAccess) {
throw new TRPCError({ code: "UNAUTHORIZED" });
@@ -427,12 +421,12 @@ export const settingsRouter = createTRPCRouter({
}
return readConfigInPath(input.path, input.serverId);
}),
getIp: protectedProcedure.query(async () => {
getIp: protectedProcedure.query(async ({ ctx }) => {
if (IS_CLOUD) {
return true;
}
const admin = await findAdmin();
return admin.serverIp;
const user = await findUserById(ctx.user.ownerId);
return user.serverIp;
}),
getOpenApiDocument: protectedProcedure.query(

46
apps/dokploy/server/api/routers/user.ts
View File

@@ -1,7 +1,12 @@
import { apiFindOneUser, apiFindOneUserByAuth } from "@/server/db/schema";
import { findUserByAuthId, findUserById } from "@dokploy/server";
import {
findUserByAuthId,
findUserById,
updateUser,
verify2FA,
} from "@dokploy/server";
import { db } from "@dokploy/server/db";
import { member } from "@dokploy/server/db/schema";
import { apiUpdateUser, member } from "@dokploy/server/db/schema";
import { TRPCError } from "@trpc/server";
import { eq } from "drizzle-orm";
import { z } from "zod";
@@ -15,7 +20,7 @@ export const userRouter = createTRPCRouter({
},
});
}),
get: protectedProcedure
one: protectedProcedure
.input(
z.object({
userId: z.string(),
@@ -31,16 +36,27 @@ export const userRouter = createTRPCRouter({
// }
return user;
}),
// byUserId: protectedProcedure
// .input(apiFindOneUser)
// .query(async ({ input, ctx }) => {
// const user = await findUserById(input.userId);
// if (user.adminId !== ctx.user.adminId) {
// throw new TRPCError({
// code: "UNAUTHORIZED",
// message: "You are not allowed to access this user",
// });
// }
// return user;
// }),
get: protectedProcedure.query(async ({ ctx }) => {
return await findUserById(ctx.user.id);
}),
update: protectedProcedure
.input(apiUpdateUser)
.mutation(async ({ input, ctx }) => {
return await updateUser(ctx.user.id, input);
}),
verify2FASetup: protectedProcedure
.input(
z.object({
secret: z.string(),
pin: z.string(),
}),
)
.mutation(async ({ ctx, input }) => {
const user = await findUserById(ctx.user.id);
await verify2FA(user, input.secret, input.pin);
await updateUser(user.id, {
secret: input.secret,
});
return user;
}),
});