From e3e35ce7926a2e7fcb3148be97921b7cedc2376e Mon Sep 17 00:00:00 2001 From: Mauricio Siu <47042324+Siumauricio@users.noreply.github.com> Date: Sat, 15 Feb 2025 20:43:23 -0600 Subject: [PATCH] refactor: update to use organization resources --- .../dokploy/server/api/routers/application.ts | 80 ++++++++++++++----- apps/dokploy/server/api/routers/bitbucket.ts | 19 +++-- .../dokploy/server/api/routers/certificate.ts | 17 +++- apps/dokploy/server/api/routers/deployment.ts | 8 +- .../dokploy/server/api/routers/destination.ts | 10 +-- apps/dokploy/server/api/routers/domain.ts | 41 +++++++--- .../server/api/routers/git-provider.ts | 12 +-- apps/dokploy/server/api/routers/github.ts | 30 +++++-- apps/dokploy/server/api/routers/gitlab.ts | 30 +++++-- apps/dokploy/server/api/routers/mariadb.ts | 22 ++--- apps/dokploy/server/api/routers/mongo.ts | 24 +++--- apps/dokploy/server/api/routers/mysql.ts | 24 +++--- .../server/api/routers/notification.ts | 24 ++++-- apps/dokploy/server/api/routers/postgres.ts | 44 +++++++--- .../server/api/routers/preview-deployment.ts | 14 +++- apps/dokploy/server/api/routers/project.ts | 16 ++-- apps/dokploy/server/api/routers/redirects.ts | 16 +++- apps/dokploy/server/api/routers/redis.ts | 22 ++--- apps/dokploy/server/api/routers/registry.ts | 6 +- apps/dokploy/server/api/routers/security.ts | 16 +++- apps/dokploy/server/api/routers/server.ts | 25 +++--- apps/dokploy/server/api/routers/ssh-key.ts | 21 +++-- apps/dokploy/server/api/trpc.ts | 4 +- packages/server/src/lib/auth.ts | 1 + 24 files changed, 348 insertions(+), 178 deletions(-) diff --git a/apps/dokploy/server/api/routers/application.ts b/apps/dokploy/server/api/routers/application.ts index 618fd9ce..490da340 100644 --- a/apps/dokploy/server/api/routers/application.ts +++ b/apps/dokploy/server/api/routers/application.ts @@ -72,7 +72,7 @@ export const applicationRouter = createTRPCRouter({ } const project = await findProjectById(input.projectId); - if (project.userId !== ctx.user.ownerId) { + if (project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this project", @@ -102,7 +102,9 @@ export const applicationRouter = createTRPCRouter({ await checkServiceAccess(ctx.user.id, input.applicationId, "access"); } const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this application", @@ -115,7 +117,9 @@ export const applicationRouter = createTRPCRouter({ .input(apiReloadApplication) .mutation(async ({ input, ctx }) => { const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to reload this application", @@ -145,7 +149,9 @@ export const applicationRouter = createTRPCRouter({ } const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to delete this application", @@ -186,7 +192,7 @@ export const applicationRouter = createTRPCRouter({ .input(apiFindOneApplication) .mutation(async ({ input, ctx }) => { const service = await findApplicationById(input.applicationId); - if (service.project.userId !== ctx.user.ownerId) { + if (service.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to stop this application", @@ -206,7 +212,7 @@ export const applicationRouter = createTRPCRouter({ .input(apiFindOneApplication) .mutation(async ({ input, ctx }) => { const service = await findApplicationById(input.applicationId); - if (service.project.userId !== ctx.user.ownerId) { + if (service.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to start this application", @@ -227,7 +233,9 @@ export const applicationRouter = createTRPCRouter({ .input(apiFindOneApplication) .mutation(async ({ input, ctx }) => { const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to redeploy this application", @@ -260,7 +268,9 @@ export const applicationRouter = createTRPCRouter({ .input(apiSaveEnvironmentVariables) .mutation(async ({ input, ctx }) => { const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to save this environment", @@ -276,7 +286,9 @@ export const applicationRouter = createTRPCRouter({ .input(apiSaveBuildType) .mutation(async ({ input, ctx }) => { const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to save this build type", @@ -297,7 +309,9 @@ export const applicationRouter = createTRPCRouter({ .input(apiSaveGithubProvider) .mutation(async ({ input, ctx }) => { const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to save this github provider", @@ -319,7 +333,9 @@ export const applicationRouter = createTRPCRouter({ .input(apiSaveGitlabProvider) .mutation(async ({ input, ctx }) => { const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to save this gitlab provider", @@ -343,7 +359,9 @@ export const applicationRouter = createTRPCRouter({ .input(apiSaveBitbucketProvider) .mutation(async ({ input, ctx }) => { const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to save this bitbucket provider", @@ -365,7 +383,9 @@ export const applicationRouter = createTRPCRouter({ .input(apiSaveDockerProvider) .mutation(async ({ input, ctx }) => { const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to save this docker provider", @@ -386,7 +406,9 @@ export const applicationRouter = createTRPCRouter({ .input(apiSaveGitProvider) .mutation(async ({ input, ctx }) => { const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to save this git provider", @@ -407,7 +429,9 @@ export const applicationRouter = createTRPCRouter({ .input(apiFindOneApplication) .mutation(async ({ input, ctx }) => { const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to mark this application as running", @@ -419,7 +443,9 @@ export const applicationRouter = createTRPCRouter({ .input(apiUpdateApplication) .mutation(async ({ input, ctx }) => { const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to update this application", @@ -443,7 +469,9 @@ export const applicationRouter = createTRPCRouter({ .input(apiFindOneApplication) .mutation(async ({ input, ctx }) => { const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to refresh this application", @@ -458,7 +486,9 @@ export const applicationRouter = createTRPCRouter({ .input(apiFindOneApplication) .mutation(async ({ input, ctx }) => { const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to deploy this application", @@ -492,7 +522,9 @@ export const applicationRouter = createTRPCRouter({ .input(apiFindOneApplication) .mutation(async ({ input, ctx }) => { const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to clean this application", @@ -505,7 +537,9 @@ export const applicationRouter = createTRPCRouter({ .input(apiFindOneApplication) .query(async ({ input, ctx }) => { const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to read this application", @@ -540,7 +574,7 @@ export const applicationRouter = createTRPCRouter({ const app = await findApplicationById(input.applicationId as string); - if (app.project.userId !== ctx.user.ownerId) { + if (app.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to deploy this application", @@ -582,7 +616,9 @@ export const applicationRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to update this application", diff --git a/apps/dokploy/server/api/routers/bitbucket.ts b/apps/dokploy/server/api/routers/bitbucket.ts index 75513a80..987555e5 100644 --- a/apps/dokploy/server/api/routers/bitbucket.ts +++ b/apps/dokploy/server/api/routers/bitbucket.ts @@ -38,7 +38,8 @@ export const bitbucketRouter = createTRPCRouter({ const bitbucketProvider = await findBitbucketById(input.bitbucketId); if ( IS_CLOUD && - bitbucketProvider.gitProvider.userId !== ctx.user.ownerId + bitbucketProvider.gitProvider.organizationId !== + ctx.session.activeOrganizationId ) { //TODO: Remove this line when the cloud version is ready throw new TRPCError({ @@ -61,7 +62,9 @@ export const bitbucketRouter = createTRPCRouter({ if (IS_CLOUD) { // TODO: mAyBe a rEfaCtoR 🤫 result = result.filter( - (provider) => provider.gitProvider.userId === ctx.user.ownerId, + (provider) => + provider.gitProvider.organizationId === + ctx.session.activeOrganizationId, ); } return result; @@ -73,7 +76,8 @@ export const bitbucketRouter = createTRPCRouter({ const bitbucketProvider = await findBitbucketById(input.bitbucketId); if ( IS_CLOUD && - bitbucketProvider.gitProvider.userId !== ctx.user.ownerId + bitbucketProvider.gitProvider.organizationId !== + ctx.session.activeOrganizationId ) { //TODO: Remove this line when the cloud version is ready throw new TRPCError({ @@ -91,7 +95,8 @@ export const bitbucketRouter = createTRPCRouter({ ); if ( IS_CLOUD && - bitbucketProvider.gitProvider.userId !== ctx.user.ownerId + bitbucketProvider.gitProvider.organizationId !== + ctx.session.activeOrganizationId ) { //TODO: Remove this line when the cloud version is ready throw new TRPCError({ @@ -108,7 +113,8 @@ export const bitbucketRouter = createTRPCRouter({ const bitbucketProvider = await findBitbucketById(input.bitbucketId); if ( IS_CLOUD && - bitbucketProvider.gitProvider.userId !== ctx.user.ownerId + bitbucketProvider.gitProvider.organizationId !== + ctx.session.activeOrganizationId ) { //TODO: Remove this line when the cloud version is ready throw new TRPCError({ @@ -132,7 +138,8 @@ export const bitbucketRouter = createTRPCRouter({ const bitbucketProvider = await findBitbucketById(input.bitbucketId); if ( IS_CLOUD && - bitbucketProvider.gitProvider.userId !== ctx.user.ownerId + bitbucketProvider.gitProvider.organizationId !== + ctx.session.activeOrganizationId ) { //TODO: Remove this line when the cloud version is ready throw new TRPCError({ diff --git a/apps/dokploy/server/api/routers/certificate.ts b/apps/dokploy/server/api/routers/certificate.ts index b1c6f5c2..87e6c6c8 100644 --- a/apps/dokploy/server/api/routers/certificate.ts +++ b/apps/dokploy/server/api/routers/certificate.ts @@ -32,7 +32,10 @@ export const certificateRouter = createTRPCRouter({ .input(apiFindCertificate) .query(async ({ input, ctx }) => { const certificates = await findCertificateById(input.certificateId); - if (IS_CLOUD && certificates.userId !== ctx.user.ownerId) { + if ( + IS_CLOUD && + certificates.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not allowed to access this certificate", @@ -44,7 +47,10 @@ export const certificateRouter = createTRPCRouter({ .input(apiFindCertificate) .mutation(async ({ input, ctx }) => { const certificates = await findCertificateById(input.certificateId); - if (IS_CLOUD && certificates.userId !== ctx.user.ownerId) { + if ( + IS_CLOUD && + certificates.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not allowed to delete this certificate", @@ -56,7 +62,12 @@ export const certificateRouter = createTRPCRouter({ all: adminProcedure.query(async ({ ctx }) => { return await db.query.certificates.findMany({ // TODO: Remove this line when the cloud version is ready - ...(IS_CLOUD && { where: eq(certificates.userId, ctx.user.ownerId) }), + ...(IS_CLOUD && { + where: eq( + certificates.organizationId, + ctx.session.activeOrganizationId, + ), + }), }); }), }); diff --git a/apps/dokploy/server/api/routers/deployment.ts b/apps/dokploy/server/api/routers/deployment.ts index b9daaf0e..8d95c121 100644 --- a/apps/dokploy/server/api/routers/deployment.ts +++ b/apps/dokploy/server/api/routers/deployment.ts @@ -19,7 +19,9 @@ export const deploymentRouter = createTRPCRouter({ .input(apiFindAllByApplication) .query(async ({ input, ctx }) => { const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this application", @@ -32,7 +34,7 @@ export const deploymentRouter = createTRPCRouter({ .input(apiFindAllByCompose) .query(async ({ input, ctx }) => { const compose = await findComposeById(input.composeId); - if (compose.project.userId !== ctx.user.ownerId) { + if (compose.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this compose", @@ -44,7 +46,7 @@ export const deploymentRouter = createTRPCRouter({ .input(apiFindAllByServer) .query(async ({ input, ctx }) => { const server = await findServerById(input.serverId); - if (server.userId !== ctx.user.ownerId) { + if (server.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this server", diff --git a/apps/dokploy/server/api/routers/destination.ts b/apps/dokploy/server/api/routers/destination.ts index 49edadf5..770cb699 100644 --- a/apps/dokploy/server/api/routers/destination.ts +++ b/apps/dokploy/server/api/routers/destination.ts @@ -84,7 +84,7 @@ export const destinationRouter = createTRPCRouter({ .input(apiFindOneDestination) .query(async ({ input, ctx }) => { const destination = await findDestinationById(input.destinationId); - if (destination.userId !== ctx.user.ownerId) { + if (destination.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not allowed to access this destination", @@ -94,7 +94,7 @@ export const destinationRouter = createTRPCRouter({ }), all: protectedProcedure.query(async ({ ctx }) => { return await db.query.destinations.findMany({ - where: eq(destinations.userId, ctx.user.ownerId), + where: eq(destinations.organizationId, ctx.session.activeOrganizationId), }); }), remove: adminProcedure @@ -103,7 +103,7 @@ export const destinationRouter = createTRPCRouter({ try { const destination = await findDestinationById(input.destinationId); - if (destination.userId !== ctx.user.ownerId) { + if (destination.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not allowed to delete this destination", @@ -122,7 +122,7 @@ export const destinationRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { try { const destination = await findDestinationById(input.destinationId); - if (destination.userId !== ctx.user.ownerId) { + if (destination.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not allowed to update this destination", @@ -130,7 +130,7 @@ export const destinationRouter = createTRPCRouter({ } return await updateDestinationById(input.destinationId, { ...input, - userId: ctx.user.ownerId, + organizationId: ctx.session.activeOrganizationId, }); } catch (error) { throw error; diff --git a/apps/dokploy/server/api/routers/domain.ts b/apps/dokploy/server/api/routers/domain.ts index 526a156b..aac2a016 100644 --- a/apps/dokploy/server/api/routers/domain.ts +++ b/apps/dokploy/server/api/routers/domain.ts @@ -30,7 +30,9 @@ export const domainRouter = createTRPCRouter({ try { if (input.domainType === "compose" && input.composeId) { const compose = await findComposeById(input.composeId); - if (compose.project.userId !== ctx.user.ownerId) { + if ( + compose.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this compose", @@ -38,7 +40,10 @@ export const domainRouter = createTRPCRouter({ } } else if (input.domainType === "application" && input.applicationId) { const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== + ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this application", @@ -58,7 +63,9 @@ export const domainRouter = createTRPCRouter({ .input(apiFindOneApplication) .query(async ({ input, ctx }) => { const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this application", @@ -70,7 +77,7 @@ export const domainRouter = createTRPCRouter({ .input(apiFindCompose) .query(async ({ input, ctx }) => { const compose = await findComposeById(input.composeId); - if (compose.project.userId !== ctx.user.ownerId) { + if (compose.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this compose", @@ -95,7 +102,9 @@ export const domainRouter = createTRPCRouter({ if (currentDomain.applicationId) { const newApp = await findApplicationById(currentDomain.applicationId); - if (newApp.project.userId !== ctx.user.ownerId) { + if ( + newApp.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this application", @@ -103,7 +112,9 @@ export const domainRouter = createTRPCRouter({ } } else if (currentDomain.composeId) { const newCompose = await findComposeById(currentDomain.composeId); - if (newCompose.project.userId !== ctx.user.ownerId) { + if ( + newCompose.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this compose", @@ -114,7 +125,8 @@ export const domainRouter = createTRPCRouter({ currentDomain.previewDeploymentId, ); if ( - newPreviewDeployment.application.project.userId !== ctx.user.ownerId + newPreviewDeployment.application.project.organizationId !== + ctx.session.activeOrganizationId ) { throw new TRPCError({ code: "UNAUTHORIZED", @@ -143,7 +155,9 @@ export const domainRouter = createTRPCRouter({ const domain = await findDomainById(input.domainId); if (domain.applicationId) { const application = await findApplicationById(domain.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this application", @@ -151,7 +165,7 @@ export const domainRouter = createTRPCRouter({ } } else if (domain.composeId) { const compose = await findComposeById(domain.composeId); - if (compose.project.userId !== ctx.user.ownerId) { + if (compose.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this compose", @@ -166,7 +180,10 @@ export const domainRouter = createTRPCRouter({ const domain = await findDomainById(input.domainId); if (domain.applicationId) { const application = await findApplicationById(domain.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== + ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this application", @@ -174,7 +191,9 @@ export const domainRouter = createTRPCRouter({ } } else if (domain.composeId) { const compose = await findComposeById(domain.composeId); - if (compose.project.userId !== ctx.user.ownerId) { + if ( + compose.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this compose", diff --git a/apps/dokploy/server/api/routers/git-provider.ts b/apps/dokploy/server/api/routers/git-provider.ts index 83e71dd8..39194ed3 100644 --- a/apps/dokploy/server/api/routers/git-provider.ts +++ b/apps/dokploy/server/api/routers/git-provider.ts @@ -1,11 +1,7 @@ import { createTRPCRouter, protectedProcedure } from "@/server/api/trpc"; import { db } from "@/server/db"; import { apiRemoveGitProvider, gitProvider } from "@/server/db/schema"; -import { - IS_CLOUD, - findGitProviderById, - removeGitProvider, -} from "@dokploy/server"; +import { findGitProviderById, removeGitProvider } from "@dokploy/server"; import { TRPCError } from "@trpc/server"; import { desc, eq } from "drizzle-orm"; @@ -18,8 +14,7 @@ export const gitProviderRouter = createTRPCRouter({ github: true, }, orderBy: desc(gitProvider.createdAt), - ...(IS_CLOUD && { where: eq(gitProvider.userId, ctx.user.ownerId) }), - //TODO: Remove this line when the cloud version is ready + where: eq(gitProvider.organizationId, ctx.session.activeOrganizationId), }); }), remove: protectedProcedure @@ -28,8 +23,7 @@ export const gitProviderRouter = createTRPCRouter({ try { const gitProvider = await findGitProviderById(input.gitProviderId); - if (IS_CLOUD && gitProvider.userId !== ctx.user.ownerId) { - // TODO: Remove isCloud in the next versions of dokploy + if (gitProvider.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not allowed to delete this Git provider", diff --git a/apps/dokploy/server/api/routers/github.ts b/apps/dokploy/server/api/routers/github.ts index 62c21805..2b3f1502 100644 --- a/apps/dokploy/server/api/routers/github.ts +++ b/apps/dokploy/server/api/routers/github.ts @@ -20,7 +20,10 @@ export const githubRouter = createTRPCRouter({ .input(apiFindOneGithub) .query(async ({ input, ctx }) => { const githubProvider = await findGithubById(input.githubId); - if (IS_CLOUD && githubProvider.gitProvider.userId !== ctx.user.ownerId) { + if ( + githubProvider.gitProvider.organizationId !== + ctx.session.activeOrganizationId + ) { //TODO: Remove this line when the cloud version is ready throw new TRPCError({ code: "UNAUTHORIZED", @@ -33,7 +36,10 @@ export const githubRouter = createTRPCRouter({ .input(apiFindOneGithub) .query(async ({ input, ctx }) => { const githubProvider = await findGithubById(input.githubId); - if (IS_CLOUD && githubProvider.gitProvider.userId !== ctx.user.ownerId) { + if ( + githubProvider.gitProvider.organizationId !== + ctx.session.activeOrganizationId + ) { //TODO: Remove this line when the cloud version is ready throw new TRPCError({ code: "UNAUTHORIZED", @@ -46,7 +52,10 @@ export const githubRouter = createTRPCRouter({ .input(apiFindGithubBranches) .query(async ({ input, ctx }) => { const githubProvider = await findGithubById(input.githubId || ""); - if (IS_CLOUD && githubProvider.gitProvider.userId !== ctx.user.ownerId) { + if ( + githubProvider.gitProvider.organizationId !== + ctx.session.activeOrganizationId + ) { //TODO: Remove this line when the cloud version is ready throw new TRPCError({ code: "UNAUTHORIZED", @@ -65,7 +74,9 @@ export const githubRouter = createTRPCRouter({ if (IS_CLOUD) { // TODO: mAyBe a rEfaCtoR 🤫 result = result.filter( - (provider) => provider.gitProvider.userId === ctx.user.ownerId, + (provider) => + provider.gitProvider.organizationId === + ctx.session.activeOrganizationId, ); } @@ -90,7 +101,8 @@ export const githubRouter = createTRPCRouter({ const githubProvider = await findGithubById(input.githubId); if ( IS_CLOUD && - githubProvider.gitProvider.userId !== ctx.user.ownerId + githubProvider.gitProvider.organizationId !== + ctx.session.activeOrganizationId ) { //TODO: Remove this line when the cloud version is ready throw new TRPCError({ @@ -111,7 +123,11 @@ export const githubRouter = createTRPCRouter({ .input(apiUpdateGithub) .mutation(async ({ input, ctx }) => { const githubProvider = await findGithubById(input.githubId); - if (IS_CLOUD && githubProvider.gitProvider.userId !== ctx.user.ownerId) { + if ( + IS_CLOUD && + githubProvider.gitProvider.organizationId !== + ctx.session.activeOrganizationId + ) { //TODO: Remove this line when the cloud version is ready throw new TRPCError({ code: "UNAUTHORIZED", @@ -120,7 +136,7 @@ export const githubRouter = createTRPCRouter({ } await updateGitProvider(input.gitProviderId, { name: input.name, - userId: ctx.user.ownerId, + organizationId: ctx.session.activeOrganizationId, }); }), }); diff --git a/apps/dokploy/server/api/routers/gitlab.ts b/apps/dokploy/server/api/routers/gitlab.ts index d3ba5a44..338b8c64 100644 --- a/apps/dokploy/server/api/routers/gitlab.ts +++ b/apps/dokploy/server/api/routers/gitlab.ts @@ -39,7 +39,10 @@ export const gitlabRouter = createTRPCRouter({ .input(apiFindOneGitlab) .query(async ({ input, ctx }) => { const gitlabProvider = await findGitlabById(input.gitlabId); - if (IS_CLOUD && gitlabProvider.gitProvider.userId !== ctx.user.ownerId) { + if ( + gitlabProvider.gitProvider.organizationId !== + ctx.session.activeOrganizationId + ) { //TODO: Remove this line when the cloud version is ready throw new TRPCError({ code: "UNAUTHORIZED", @@ -58,7 +61,9 @@ export const gitlabRouter = createTRPCRouter({ if (IS_CLOUD) { // TODO: mAyBe a rEfaCtoR 🤫 result = result.filter( - (provider) => provider.gitProvider.userId === ctx.user.ownerId, + (provider) => + provider.gitProvider.organizationId === + ctx.session.activeOrganizationId, ); } const filtered = result @@ -78,7 +83,10 @@ export const gitlabRouter = createTRPCRouter({ .input(apiFindOneGitlab) .query(async ({ input, ctx }) => { const gitlabProvider = await findGitlabById(input.gitlabId); - if (IS_CLOUD && gitlabProvider.gitProvider.userId !== ctx.user.ownerId) { + if ( + gitlabProvider.gitProvider.organizationId !== + ctx.session.activeOrganizationId + ) { //TODO: Remove this line when the cloud version is ready throw new TRPCError({ code: "UNAUTHORIZED", @@ -92,7 +100,10 @@ export const gitlabRouter = createTRPCRouter({ .input(apiFindGitlabBranches) .query(async ({ input, ctx }) => { const gitlabProvider = await findGitlabById(input.gitlabId || ""); - if (IS_CLOUD && gitlabProvider.gitProvider.userId !== ctx.user.ownerId) { + if ( + gitlabProvider.gitProvider.organizationId !== + ctx.session.activeOrganizationId + ) { //TODO: Remove this line when the cloud version is ready throw new TRPCError({ code: "UNAUTHORIZED", @@ -107,8 +118,8 @@ export const gitlabRouter = createTRPCRouter({ try { const gitlabProvider = await findGitlabById(input.gitlabId || ""); if ( - IS_CLOUD && - gitlabProvider.gitProvider.userId !== ctx.user.ownerId + gitlabProvider.gitProvider.organizationId !== + ctx.session.activeOrganizationId ) { //TODO: Remove this line when the cloud version is ready throw new TRPCError({ @@ -130,7 +141,10 @@ export const gitlabRouter = createTRPCRouter({ .input(apiUpdateGitlab) .mutation(async ({ input, ctx }) => { const gitlabProvider = await findGitlabById(input.gitlabId); - if (IS_CLOUD && gitlabProvider.gitProvider.userId !== ctx.user.ownerId) { + if ( + gitlabProvider.gitProvider.organizationId !== + ctx.session.activeOrganizationId + ) { //TODO: Remove this line when the cloud version is ready throw new TRPCError({ code: "UNAUTHORIZED", @@ -140,7 +154,7 @@ export const gitlabRouter = createTRPCRouter({ if (input.name) { await updateGitProvider(input.gitProviderId, { name: input.name, - userId: ctx.user.ownerId, + organizationId: ctx.session.activeOrganizationId, }); await updateGitlab(input.gitlabId, { diff --git a/apps/dokploy/server/api/routers/mariadb.ts b/apps/dokploy/server/api/routers/mariadb.ts index e50b9b12..4276560c 100644 --- a/apps/dokploy/server/api/routers/mariadb.ts +++ b/apps/dokploy/server/api/routers/mariadb.ts @@ -49,7 +49,7 @@ export const mariadbRouter = createTRPCRouter({ } const project = await findProjectById(input.projectId); - if (project.userId !== ctx.user.ownerId) { + if (project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this project", @@ -83,7 +83,7 @@ export const mariadbRouter = createTRPCRouter({ await checkServiceAccess(ctx.user.id, input.mariadbId, "access"); } const mariadb = await findMariadbById(input.mariadbId); - if (mariadb.project.userId !== ctx.user.ownerId) { + if (mariadb.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this Mariadb", @@ -96,7 +96,7 @@ export const mariadbRouter = createTRPCRouter({ .input(apiFindOneMariaDB) .mutation(async ({ input, ctx }) => { const service = await findMariadbById(input.mariadbId); - if (service.project.userId !== ctx.user.ownerId) { + if (service.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to start this Mariadb", @@ -133,7 +133,7 @@ export const mariadbRouter = createTRPCRouter({ .input(apiSaveExternalPortMariaDB) .mutation(async ({ input, ctx }) => { const mongo = await findMariadbById(input.mariadbId); - if (mongo.project.userId !== ctx.user.ownerId) { + if (mongo.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to save this external port", @@ -149,7 +149,7 @@ export const mariadbRouter = createTRPCRouter({ .input(apiDeployMariaDB) .mutation(async ({ input, ctx }) => { const mariadb = await findMariadbById(input.mariadbId); - if (mariadb.project.userId !== ctx.user.ownerId) { + if (mariadb.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to deploy this Mariadb", @@ -170,7 +170,7 @@ export const mariadbRouter = createTRPCRouter({ .input(apiDeployMariaDB) .subscription(async ({ input, ctx }) => { const mariadb = await findMariadbById(input.mariadbId); - if (mariadb.project.userId !== ctx.user.ownerId) { + if (mariadb.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to deploy this Mariadb", @@ -187,7 +187,7 @@ export const mariadbRouter = createTRPCRouter({ .input(apiChangeMariaDBStatus) .mutation(async ({ input, ctx }) => { const mongo = await findMariadbById(input.mariadbId); - if (mongo.project.userId !== ctx.user.ownerId) { + if (mongo.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to change this Mariadb status", @@ -206,7 +206,7 @@ export const mariadbRouter = createTRPCRouter({ } const mongo = await findMariadbById(input.mariadbId); - if (mongo.project.userId !== ctx.user.ownerId) { + if (mongo.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to delete this Mariadb", @@ -232,7 +232,7 @@ export const mariadbRouter = createTRPCRouter({ .input(apiSaveEnvironmentVariablesMariaDB) .mutation(async ({ input, ctx }) => { const mariadb = await findMariadbById(input.mariadbId); - if (mariadb.project.userId !== ctx.user.ownerId) { + if (mariadb.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to save this environment", @@ -255,7 +255,7 @@ export const mariadbRouter = createTRPCRouter({ .input(apiResetMariadb) .mutation(async ({ input, ctx }) => { const mariadb = await findMariadbById(input.mariadbId); - if (mariadb.project.userId !== ctx.user.ownerId) { + if (mariadb.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to reload this Mariadb", @@ -285,7 +285,7 @@ export const mariadbRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { const { mariadbId, ...rest } = input; const mariadb = await findMariadbById(mariadbId); - if (mariadb.project.userId !== ctx.user.ownerId) { + if (mariadb.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to update this Mariadb", diff --git a/apps/dokploy/server/api/routers/mongo.ts b/apps/dokploy/server/api/routers/mongo.ts index ddb3d3cc..d1d12bd0 100644 --- a/apps/dokploy/server/api/routers/mongo.ts +++ b/apps/dokploy/server/api/routers/mongo.ts @@ -48,7 +48,7 @@ export const mongoRouter = createTRPCRouter({ } const project = await findProjectById(input.projectId); - if (project.userId !== ctx.user.ownerId) { + if (project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this project", @@ -87,7 +87,7 @@ export const mongoRouter = createTRPCRouter({ } const mongo = await findMongoById(input.mongoId); - if (mongo.project.userId !== ctx.user.ownerId) { + if (mongo.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this mongo", @@ -101,7 +101,7 @@ export const mongoRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { const service = await findMongoById(input.mongoId); - if (service.project.userId !== ctx.user.ownerId) { + if (service.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to start this mongo", @@ -124,7 +124,7 @@ export const mongoRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { const mongo = await findMongoById(input.mongoId); - if (mongo.project.userId !== ctx.user.ownerId) { + if (mongo.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to stop this mongo", @@ -146,7 +146,7 @@ export const mongoRouter = createTRPCRouter({ .input(apiSaveExternalPortMongo) .mutation(async ({ input, ctx }) => { const mongo = await findMongoById(input.mongoId); - if (mongo.project.userId !== ctx.user.ownerId) { + if (mongo.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to save this external port", @@ -162,7 +162,7 @@ export const mongoRouter = createTRPCRouter({ .input(apiDeployMongo) .mutation(async ({ input, ctx }) => { const mongo = await findMongoById(input.mongoId); - if (mongo.project.userId !== ctx.user.ownerId) { + if (mongo.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to deploy this mongo", @@ -182,7 +182,7 @@ export const mongoRouter = createTRPCRouter({ .input(apiDeployMongo) .subscription(async ({ input, ctx }) => { const mongo = await findMongoById(input.mongoId); - if (mongo.project.userId !== ctx.user.ownerId) { + if (mongo.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to deploy this mongo", @@ -199,7 +199,7 @@ export const mongoRouter = createTRPCRouter({ .input(apiChangeMongoStatus) .mutation(async ({ input, ctx }) => { const mongo = await findMongoById(input.mongoId); - if (mongo.project.userId !== ctx.user.ownerId) { + if (mongo.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to change this mongo status", @@ -214,7 +214,7 @@ export const mongoRouter = createTRPCRouter({ .input(apiResetMongo) .mutation(async ({ input, ctx }) => { const mongo = await findMongoById(input.mongoId); - if (mongo.project.userId !== ctx.user.ownerId) { + if (mongo.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to reload this mongo", @@ -248,7 +248,7 @@ export const mongoRouter = createTRPCRouter({ const mongo = await findMongoById(input.mongoId); - if (mongo.project.userId !== ctx.user.ownerId) { + if (mongo.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to delete this mongo", @@ -274,7 +274,7 @@ export const mongoRouter = createTRPCRouter({ .input(apiSaveEnvironmentVariablesMongo) .mutation(async ({ input, ctx }) => { const mongo = await findMongoById(input.mongoId); - if (mongo.project.userId !== ctx.user.ownerId) { + if (mongo.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to save this environment", @@ -298,7 +298,7 @@ export const mongoRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { const { mongoId, ...rest } = input; const mongo = await findMongoById(mongoId); - if (mongo.project.userId !== ctx.user.ownerId) { + if (mongo.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to update this mongo", diff --git a/apps/dokploy/server/api/routers/mysql.ts b/apps/dokploy/server/api/routers/mysql.ts index c81fc842..dc107bdb 100644 --- a/apps/dokploy/server/api/routers/mysql.ts +++ b/apps/dokploy/server/api/routers/mysql.ts @@ -50,7 +50,7 @@ export const mysqlRouter = createTRPCRouter({ } 1; const project = await findProjectById(input.projectId); - if (project.userId !== ctx.user.ownerId) { + if (project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this project", @@ -89,7 +89,7 @@ export const mysqlRouter = createTRPCRouter({ await checkServiceAccess(ctx.user.id, input.mysqlId, "access"); } const mysql = await findMySqlById(input.mysqlId); - if (mysql.project.userId !== ctx.user.ownerId) { + if (mysql.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this MySQL", @@ -102,7 +102,7 @@ export const mysqlRouter = createTRPCRouter({ .input(apiFindOneMySql) .mutation(async ({ input, ctx }) => { const service = await findMySqlById(input.mysqlId); - if (service.project.userId !== ctx.user.ownerId) { + if (service.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to start this MySQL", @@ -124,7 +124,7 @@ export const mysqlRouter = createTRPCRouter({ .input(apiFindOneMySql) .mutation(async ({ input, ctx }) => { const mongo = await findMySqlById(input.mysqlId); - if (mongo.project.userId !== ctx.user.ownerId) { + if (mongo.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to stop this MySQL", @@ -145,7 +145,7 @@ export const mysqlRouter = createTRPCRouter({ .input(apiSaveExternalPortMySql) .mutation(async ({ input, ctx }) => { const mongo = await findMySqlById(input.mysqlId); - if (mongo.project.userId !== ctx.user.ownerId) { + if (mongo.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to save this external port", @@ -161,7 +161,7 @@ export const mysqlRouter = createTRPCRouter({ .input(apiDeployMySql) .mutation(async ({ input, ctx }) => { const mysql = await findMySqlById(input.mysqlId); - if (mysql.project.userId !== ctx.user.ownerId) { + if (mysql.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to deploy this MySQL", @@ -181,7 +181,7 @@ export const mysqlRouter = createTRPCRouter({ .input(apiDeployMySql) .subscription(async ({ input, ctx }) => { const mysql = await findMySqlById(input.mysqlId); - if (mysql.project.userId !== ctx.user.ownerId) { + if (mysql.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to deploy this MySQL", @@ -198,7 +198,7 @@ export const mysqlRouter = createTRPCRouter({ .input(apiChangeMySqlStatus) .mutation(async ({ input, ctx }) => { const mongo = await findMySqlById(input.mysqlId); - if (mongo.project.userId !== ctx.user.ownerId) { + if (mongo.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to change this MySQL status", @@ -213,7 +213,7 @@ export const mysqlRouter = createTRPCRouter({ .input(apiResetMysql) .mutation(async ({ input, ctx }) => { const mysql = await findMySqlById(input.mysqlId); - if (mysql.project.userId !== ctx.user.ownerId) { + if (mysql.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to reload this MySQL", @@ -244,7 +244,7 @@ export const mysqlRouter = createTRPCRouter({ await checkServiceAccess(ctx.user.id, input.mysqlId, "delete"); } const mongo = await findMySqlById(input.mysqlId); - if (mongo.project.userId !== ctx.user.ownerId) { + if (mongo.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to delete this MySQL", @@ -270,7 +270,7 @@ export const mysqlRouter = createTRPCRouter({ .input(apiSaveEnvironmentVariablesMySql) .mutation(async ({ input, ctx }) => { const mysql = await findMySqlById(input.mysqlId); - if (mysql.project.userId !== ctx.user.ownerId) { + if (mysql.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to save this environment", @@ -294,7 +294,7 @@ export const mysqlRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { const { mysqlId, ...rest } = input; const mysql = await findMySqlById(mysqlId); - if (mysql.project.userId !== ctx.user.ownerId) { + if (mysql.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to update this MySQL", diff --git a/apps/dokploy/server/api/routers/notification.ts b/apps/dokploy/server/api/routers/notification.ts index 6c2b469d..45170006 100644 --- a/apps/dokploy/server/api/routers/notification.ts +++ b/apps/dokploy/server/api/routers/notification.ts @@ -71,7 +71,7 @@ export const notificationRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { try { const notification = await findNotificationById(input.notificationId); - if (IS_CLOUD && notification.userId !== ctx.user.ownerId) { + if (notification.organizationId !== ctx.session.activeOrganizationId) { // TODO: Remove isCloud in the next versions of dokploy throw new TRPCError({ code: "UNAUTHORIZED", @@ -122,7 +122,7 @@ export const notificationRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { try { const notification = await findNotificationById(input.notificationId); - if (IS_CLOUD && notification.userId !== ctx.user.ownerId) { + if (notification.organizationId !== ctx.session.activeOrganizationId) { // TODO: Remove isCloud in the next versions of dokploy throw new TRPCError({ code: "UNAUTHORIZED", @@ -174,7 +174,7 @@ export const notificationRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { try { const notification = await findNotificationById(input.notificationId); - if (IS_CLOUD && notification.userId !== ctx.user.ownerId) { + if (notification.organizationId !== ctx.session.activeOrganizationId) { // TODO: Remove isCloud in the next versions of dokploy throw new TRPCError({ code: "UNAUTHORIZED", @@ -234,7 +234,7 @@ export const notificationRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { try { const notification = await findNotificationById(input.notificationId); - if (IS_CLOUD && notification.userId !== ctx.user.ownerId) { + if (notification.organizationId !== ctx.session.activeOrganizationId) { // TODO: Remove isCloud in the next versions of dokploy throw new TRPCError({ code: "UNAUTHORIZED", @@ -276,7 +276,7 @@ export const notificationRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { try { const notification = await findNotificationById(input.notificationId); - if (IS_CLOUD && notification.userId !== ctx.user.ownerId) { + if (notification.organizationId !== ctx.session.activeOrganizationId) { // TODO: Remove isCloud in the next versions of dokploy throw new TRPCError({ code: "UNAUTHORIZED", @@ -295,7 +295,7 @@ export const notificationRouter = createTRPCRouter({ .input(apiFindOneNotification) .query(async ({ input, ctx }) => { const notification = await findNotificationById(input.notificationId); - if (IS_CLOUD && notification.userId !== ctx.user.ownerId) { + if (notification.organizationId !== ctx.session.activeOrganizationId) { // TODO: Remove isCloud in the next versions of dokploy throw new TRPCError({ code: "UNAUTHORIZED", @@ -314,7 +314,12 @@ export const notificationRouter = createTRPCRouter({ gotify: true, }, orderBy: desc(notifications.createdAt), - ...(IS_CLOUD && { where: eq(notifications.userId, ctx.user.ownerId) }), + ...(IS_CLOUD && { + where: eq( + notifications.organizationId, + ctx.session.activeOrganizationId, + ), + }), // TODO: Remove this line when the cloud version is ready }); }), @@ -400,7 +405,10 @@ export const notificationRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { try { const notification = await findNotificationById(input.notificationId); - if (IS_CLOUD && notification.userId !== ctx.user.ownerId) { + if ( + IS_CLOUD && + notification.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to update this notification", diff --git a/apps/dokploy/server/api/routers/postgres.ts b/apps/dokploy/server/api/routers/postgres.ts index 8a4e8ba2..b74bc0f6 100644 --- a/apps/dokploy/server/api/routers/postgres.ts +++ b/apps/dokploy/server/api/routers/postgres.ts @@ -56,7 +56,7 @@ export const postgresRouter = createTRPCRouter({ } const project = await findProjectById(input.projectId); - if (project.userId !== ctx.user.ownerId) { + if (project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this project", @@ -95,7 +95,9 @@ export const postgresRouter = createTRPCRouter({ } const postgres = await findPostgresById(input.postgresId); - if (postgres.project.userId !== ctx.user.ownerId) { + if ( + postgres.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this Postgres", @@ -109,7 +111,7 @@ export const postgresRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { const service = await findPostgresById(input.postgresId); - if (service.project.userId !== ctx.user.ownerId) { + if (service.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to start this Postgres", @@ -131,7 +133,9 @@ export const postgresRouter = createTRPCRouter({ .input(apiFindOnePostgres) .mutation(async ({ input, ctx }) => { const postgres = await findPostgresById(input.postgresId); - if (postgres.project.userId !== ctx.user.ownerId) { + if ( + postgres.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to stop this Postgres", @@ -153,7 +157,9 @@ export const postgresRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { const postgres = await findPostgresById(input.postgresId); - if (postgres.project.userId !== ctx.user.ownerId) { + if ( + postgres.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to save this external port", @@ -169,7 +175,9 @@ export const postgresRouter = createTRPCRouter({ .input(apiDeployPostgres) .mutation(async ({ input, ctx }) => { const postgres = await findPostgresById(input.postgresId); - if (postgres.project.userId !== ctx.user.ownerId) { + if ( + postgres.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to deploy this Postgres", @@ -190,7 +198,9 @@ export const postgresRouter = createTRPCRouter({ .input(apiDeployPostgres) .subscription(async ({ input, ctx }) => { const postgres = await findPostgresById(input.postgresId); - if (postgres.project.userId !== ctx.user.ownerId) { + if ( + postgres.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to deploy this Postgres", @@ -207,7 +217,9 @@ export const postgresRouter = createTRPCRouter({ .input(apiChangePostgresStatus) .mutation(async ({ input, ctx }) => { const postgres = await findPostgresById(input.postgresId); - if (postgres.project.userId !== ctx.user.ownerId) { + if ( + postgres.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to change this Postgres status", @@ -226,7 +238,9 @@ export const postgresRouter = createTRPCRouter({ } const postgres = await findPostgresById(input.postgresId); - if (postgres.project.userId !== ctx.user.ownerId) { + if ( + postgres.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to delete this Postgres", @@ -249,7 +263,9 @@ export const postgresRouter = createTRPCRouter({ .input(apiSaveEnvironmentVariablesPostgres) .mutation(async ({ input, ctx }) => { const postgres = await findPostgresById(input.postgresId); - if (postgres.project.userId !== ctx.user.ownerId) { + if ( + postgres.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to save this environment", @@ -272,7 +288,9 @@ export const postgresRouter = createTRPCRouter({ .input(apiResetPostgres) .mutation(async ({ input, ctx }) => { const postgres = await findPostgresById(input.postgresId); - if (postgres.project.userId !== ctx.user.ownerId) { + if ( + postgres.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to reload this Postgres", @@ -302,7 +320,9 @@ export const postgresRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { const { postgresId, ...rest } = input; const postgres = await findPostgresById(postgresId); - if (postgres.project.userId !== ctx.user.ownerId) { + if ( + postgres.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to update this Postgres", diff --git a/apps/dokploy/server/api/routers/preview-deployment.ts b/apps/dokploy/server/api/routers/preview-deployment.ts index 482bb350..f833e9f9 100644 --- a/apps/dokploy/server/api/routers/preview-deployment.ts +++ b/apps/dokploy/server/api/routers/preview-deployment.ts @@ -14,7 +14,9 @@ export const previewDeploymentRouter = createTRPCRouter({ .input(apiFindAllByApplication) .query(async ({ input, ctx }) => { const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this application", @@ -28,7 +30,10 @@ export const previewDeploymentRouter = createTRPCRouter({ const previewDeployment = await findPreviewDeploymentById( input.previewDeploymentId, ); - if (previewDeployment.application.project.userId !== ctx.user.ownerId) { + if ( + previewDeployment.application.project.organizationId !== + ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to delete this preview deployment", @@ -43,7 +48,10 @@ export const previewDeploymentRouter = createTRPCRouter({ const previewDeployment = await findPreviewDeploymentById( input.previewDeploymentId, ); - if (previewDeployment.application.project.userId !== ctx.user.ownerId) { + if ( + previewDeployment.application.project.organizationId !== + ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this preview deployment", diff --git a/apps/dokploy/server/api/routers/project.ts b/apps/dokploy/server/api/routers/project.ts index bce12565..88bb21d7 100644 --- a/apps/dokploy/server/api/routers/project.ts +++ b/apps/dokploy/server/api/routers/project.ts @@ -75,7 +75,7 @@ export const projectRouter = createTRPCRouter({ const project = await db.query.projects.findFirst({ where: and( eq(projects.projectId, input.projectId), - eq(projects.userId, ctx.user.ownerId), + eq(projects.organizationId, ctx.session.activeOrganizationId), ), with: { compose: { @@ -115,7 +115,7 @@ export const projectRouter = createTRPCRouter({ } const project = await findProjectById(input.projectId); - if (project.userId !== ctx.user.ownerId) { + if (project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this project", @@ -140,7 +140,7 @@ export const projectRouter = createTRPCRouter({ accessedProjects.map((projectId) => sql`${projectId}`), sql`, `, )})`, - eq(projects.userId, ctx.user.id), + eq(projects.organizationId, ctx.session.activeOrganizationId), ), with: { applications: { @@ -194,7 +194,7 @@ export const projectRouter = createTRPCRouter({ }, }, }, - where: eq(projects.userId, ctx.user.id), + where: eq(projects.organizationId, ctx.session.activeOrganizationId), orderBy: desc(projects.createdAt), }); }), @@ -207,7 +207,9 @@ export const projectRouter = createTRPCRouter({ await checkProjectAccess(ctx.user.id, "delete"); } const currentProject = await findProjectById(input.projectId); - if (currentProject.userId !== ctx.user.ownerId) { + if ( + currentProject.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to delete this project", @@ -225,7 +227,9 @@ export const projectRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { try { const currentProject = await findProjectById(input.projectId); - if (currentProject.userId !== ctx.user.ownerId) { + if ( + currentProject.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to update this project", diff --git a/apps/dokploy/server/api/routers/redirects.ts b/apps/dokploy/server/api/routers/redirects.ts index 1a8ba4cf..2d520cc4 100644 --- a/apps/dokploy/server/api/routers/redirects.ts +++ b/apps/dokploy/server/api/routers/redirects.ts @@ -18,7 +18,9 @@ export const redirectsRouter = createTRPCRouter({ .input(apiCreateRedirect) .mutation(async ({ input, ctx }) => { const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this application", @@ -31,7 +33,9 @@ export const redirectsRouter = createTRPCRouter({ .query(async ({ input, ctx }) => { const redirect = await findRedirectById(input.redirectId); const application = await findApplicationById(redirect.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this application", @@ -44,7 +48,9 @@ export const redirectsRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { const redirect = await findRedirectById(input.redirectId); const application = await findApplicationById(redirect.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this application", @@ -57,7 +63,9 @@ export const redirectsRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { const redirect = await findRedirectById(input.redirectId); const application = await findApplicationById(redirect.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this application", diff --git a/apps/dokploy/server/api/routers/redis.ts b/apps/dokploy/server/api/routers/redis.ts index acded372..db76ee6c 100644 --- a/apps/dokploy/server/api/routers/redis.ts +++ b/apps/dokploy/server/api/routers/redis.ts @@ -48,7 +48,7 @@ export const redisRouter = createTRPCRouter({ } const project = await findProjectById(input.projectId); - if (project.userId !== ctx.user.ownerId) { + if (project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this project", @@ -80,7 +80,7 @@ export const redisRouter = createTRPCRouter({ } const redis = await findRedisById(input.redisId); - if (redis.project.userId !== ctx.user.ownerId) { + if (redis.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this Redis", @@ -93,7 +93,7 @@ export const redisRouter = createTRPCRouter({ .input(apiFindOneRedis) .mutation(async ({ input, ctx }) => { const redis = await findRedisById(input.redisId); - if (redis.project.userId !== ctx.user.ownerId) { + if (redis.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to start this Redis", @@ -115,7 +115,7 @@ export const redisRouter = createTRPCRouter({ .input(apiResetRedis) .mutation(async ({ input, ctx }) => { const redis = await findRedisById(input.redisId); - if (redis.project.userId !== ctx.user.ownerId) { + if (redis.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to reload this Redis", @@ -145,7 +145,7 @@ export const redisRouter = createTRPCRouter({ .input(apiFindOneRedis) .mutation(async ({ input, ctx }) => { const redis = await findRedisById(input.redisId); - if (redis.project.userId !== ctx.user.ownerId) { + if (redis.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to stop this Redis", @@ -166,7 +166,7 @@ export const redisRouter = createTRPCRouter({ .input(apiSaveExternalPortRedis) .mutation(async ({ input, ctx }) => { const mongo = await findRedisById(input.redisId); - if (mongo.project.userId !== ctx.user.ownerId) { + if (mongo.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to save this external port", @@ -182,7 +182,7 @@ export const redisRouter = createTRPCRouter({ .input(apiDeployRedis) .mutation(async ({ input, ctx }) => { const redis = await findRedisById(input.redisId); - if (redis.project.userId !== ctx.user.ownerId) { + if (redis.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to deploy this Redis", @@ -202,7 +202,7 @@ export const redisRouter = createTRPCRouter({ .input(apiDeployRedis) .subscription(async ({ input, ctx }) => { const redis = await findRedisById(input.redisId); - if (redis.project.userId !== ctx.user.ownerId) { + if (redis.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to deploy this Redis", @@ -218,7 +218,7 @@ export const redisRouter = createTRPCRouter({ .input(apiChangeRedisStatus) .mutation(async ({ input, ctx }) => { const mongo = await findRedisById(input.redisId); - if (mongo.project.userId !== ctx.user.ownerId) { + if (mongo.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to change this Redis status", @@ -238,7 +238,7 @@ export const redisRouter = createTRPCRouter({ const redis = await findRedisById(input.redisId); - if (redis.project.userId !== ctx.user.ownerId) { + if (redis.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to delete this Redis", @@ -261,7 +261,7 @@ export const redisRouter = createTRPCRouter({ .input(apiSaveEnvironmentVariablesRedis) .mutation(async ({ input, ctx }) => { const redis = await findRedisById(input.redisId); - if (redis.project.userId !== ctx.user.ownerId) { + if (redis.project.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to save this environment", diff --git a/apps/dokploy/server/api/routers/registry.ts b/apps/dokploy/server/api/routers/registry.ts index 76df5cd6..b5717179 100644 --- a/apps/dokploy/server/api/routers/registry.ts +++ b/apps/dokploy/server/api/routers/registry.ts @@ -28,7 +28,7 @@ export const registryRouter = createTRPCRouter({ .input(apiRemoveRegistry) .mutation(async ({ ctx, input }) => { const registry = await findRegistryById(input.registryId); - if (registry.userId !== ctx.user.ownerId) { + if (registry.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not allowed to delete this registry", @@ -41,7 +41,7 @@ export const registryRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { const { registryId, ...rest } = input; const registry = await findRegistryById(registryId); - if (registry.userId !== ctx.user.ownerId) { + if (registry.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not allowed to update this registry", @@ -67,7 +67,7 @@ export const registryRouter = createTRPCRouter({ .input(apiFindOneRegistry) .query(async ({ input, ctx }) => { const registry = await findRegistryById(input.registryId); - if (registry.userId !== ctx.user.ownerId) { + if (registry.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not allowed to access this registry", diff --git a/apps/dokploy/server/api/routers/security.ts b/apps/dokploy/server/api/routers/security.ts index ca4892d2..b8e70bbb 100644 --- a/apps/dokploy/server/api/routers/security.ts +++ b/apps/dokploy/server/api/routers/security.ts @@ -18,7 +18,9 @@ export const securityRouter = createTRPCRouter({ .input(apiCreateSecurity) .mutation(async ({ input, ctx }) => { const application = await findApplicationById(input.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this application", @@ -31,7 +33,9 @@ export const securityRouter = createTRPCRouter({ .query(async ({ input, ctx }) => { const security = await findSecurityById(input.securityId); const application = await findApplicationById(security.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this application", @@ -44,7 +48,9 @@ export const securityRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { const security = await findSecurityById(input.securityId); const application = await findApplicationById(security.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this application", @@ -57,7 +63,9 @@ export const securityRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { const security = await findSecurityById(input.securityId); const application = await findApplicationById(security.applicationId); - if (application.project.userId !== ctx.user.ownerId) { + if ( + application.project.organizationId !== ctx.session.activeOrganizationId + ) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this application", diff --git a/apps/dokploy/server/api/routers/server.ts b/apps/dokploy/server/api/routers/server.ts index 8e63d7e6..3662345d 100644 --- a/apps/dokploy/server/api/routers/server.ts +++ b/apps/dokploy/server/api/routers/server.ts @@ -65,7 +65,7 @@ export const serverRouter = createTRPCRouter({ .input(apiFindOneServer) .query(async ({ input, ctx }) => { const server = await findServerById(input.serverId); - if (server.userId !== ctx.user.ownerId) { + if (server.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to access this server", @@ -93,7 +93,7 @@ export const serverRouter = createTRPCRouter({ .leftJoin(mongo, eq(mongo.serverId, server.serverId)) .leftJoin(mysql, eq(mysql.serverId, server.serverId)) .leftJoin(postgres, eq(postgres.serverId, server.serverId)) - .where(eq(server.userId, ctx.user.ownerId)) + .where(eq(server.organizationId, ctx.session.activeOrganizationId)) .orderBy(desc(server.createdAt)) .groupBy(server.serverId); @@ -105,10 +105,13 @@ export const serverRouter = createTRPCRouter({ where: IS_CLOUD ? and( isNotNull(server.sshKeyId), - eq(server.userId, ctx.user.ownerId), + eq(server.organizationId, ctx.session.activeOrganizationId), eq(server.serverStatus, "active"), ) - : and(isNotNull(server.sshKeyId), eq(server.userId, ctx.user.ownerId)), + : and( + isNotNull(server.sshKeyId), + eq(server.organizationId, ctx.session.activeOrganizationId), + ), }); return result; }), @@ -117,7 +120,7 @@ export const serverRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { try { const server = await findServerById(input.serverId); - if (server.userId !== ctx.user.ownerId) { + if (server.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to setup this server", @@ -142,7 +145,7 @@ export const serverRouter = createTRPCRouter({ .subscription(async ({ input, ctx }) => { try { const server = await findServerById(input.serverId); - if (server.userId !== ctx.user.ownerId) { + if (server.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to setup this server", @@ -162,7 +165,7 @@ export const serverRouter = createTRPCRouter({ .query(async ({ input, ctx }) => { try { const server = await findServerById(input.serverId); - if (server.userId !== ctx.user.ownerId) { + if (server.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to validate this server", @@ -204,7 +207,7 @@ export const serverRouter = createTRPCRouter({ .query(async ({ input, ctx }) => { try { const server = await findServerById(input.serverId); - if (server.userId !== ctx.user.ownerId) { + if (server.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to validate this server", @@ -254,7 +257,7 @@ export const serverRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { try { const server = await findServerById(input.serverId); - if (server.userId !== ctx.user.ownerId) { + if (server.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to setup this server", @@ -296,7 +299,7 @@ export const serverRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { try { const server = await findServerById(input.serverId); - if (server.userId !== ctx.user.ownerId) { + if (server.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to delete this server", @@ -330,7 +333,7 @@ export const serverRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { try { const server = await findServerById(input.serverId); - if (server.userId !== ctx.user.ownerId) { + if (server.organizationId !== ctx.session.activeOrganizationId) { throw new TRPCError({ code: "UNAUTHORIZED", message: "You are not authorized to update this server", diff --git a/apps/dokploy/server/api/routers/ssh-key.ts b/apps/dokploy/server/api/routers/ssh-key.ts index 4beb0bae..725c67fe 100644 --- a/apps/dokploy/server/api/routers/ssh-key.ts +++ b/apps/dokploy/server/api/routers/ssh-key.ts @@ -27,7 +27,7 @@ export const sshRouter = createTRPCRouter({ console.log(ctx.user.ownerId); await createSshKey({ ...input, - userId: ctx.user.ownerId, + organizationId: ctx.session.activeOrganizationId, }); } catch (error) { throw new TRPCError({ @@ -42,7 +42,10 @@ export const sshRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { try { const sshKey = await findSSHKeyById(input.sshKeyId); - if (IS_CLOUD && sshKey.userId !== ctx.user.ownerId) { + if ( + IS_CLOUD && + sshKey.organizationId !== ctx.session.activeOrganizationId + ) { // TODO: Remove isCloud in the next versions of dokploy throw new TRPCError({ code: "UNAUTHORIZED", @@ -60,7 +63,10 @@ export const sshRouter = createTRPCRouter({ .query(async ({ input, ctx }) => { const sshKey = await findSSHKeyById(input.sshKeyId); - if (IS_CLOUD && sshKey.userId !== ctx.user.ownerId) { + if ( + IS_CLOUD && + sshKey.organizationId !== ctx.session.activeOrganizationId + ) { // TODO: Remove isCloud in the next versions of dokploy throw new TRPCError({ code: "UNAUTHORIZED", @@ -71,7 +77,9 @@ export const sshRouter = createTRPCRouter({ }), all: protectedProcedure.query(async ({ ctx }) => { return await db.query.sshKeys.findMany({ - ...(IS_CLOUD && { where: eq(sshKeys.userId, ctx.user.ownerId) }), + ...(IS_CLOUD && { + where: eq(sshKeys.organizationId, ctx.session.activeOrganizationId), + }), orderBy: desc(sshKeys.createdAt), }); // TODO: Remove this line when the cloud version is ready @@ -86,7 +94,10 @@ export const sshRouter = createTRPCRouter({ .mutation(async ({ input, ctx }) => { try { const sshKey = await findSSHKeyById(input.sshKeyId); - if (IS_CLOUD && sshKey.userId !== ctx.user.ownerId) { + if ( + IS_CLOUD && + sshKey.organizationId !== ctx.session.activeOrganizationId + ) { // TODO: Remove isCloud in the next versions of dokploy throw new TRPCError({ code: "UNAUTHORIZED", diff --git a/apps/dokploy/server/api/trpc.ts b/apps/dokploy/server/api/trpc.ts index 98b5ab8e..7f8f0f75 100644 --- a/apps/dokploy/server/api/trpc.ts +++ b/apps/dokploy/server/api/trpc.ts @@ -32,7 +32,7 @@ import { ZodError } from "zod"; interface CreateContextOptions { user: (User & { rol: "member" | "admin" | "owner"; ownerId: string }) | null; - session: (Session & { activeOrganizationId?: string }) | null; + session: (Session & { activeOrganizationId: string }) | null; req: CreateNextContextOptions["req"]; res: CreateNextContextOptions["res"]; } @@ -84,7 +84,7 @@ export const createTRPCContext = async (opts: CreateNextContextOptions) => { session: session ? { ...session, - activeOrganizationId: session.activeOrganizationId ?? undefined, + activeOrganizationId: session.activeOrganizationId || "", } : null, user: user diff --git a/packages/server/src/lib/auth.ts b/packages/server/src/lib/auth.ts index 522a921e..3b29e024 100644 --- a/packages/server/src/lib/auth.ts +++ b/packages/server/src/lib/auth.ts @@ -83,6 +83,7 @@ export const auth = betterAuth({ }, }, }, + plugins: [organization()], });