refactor(cloud): add validation to prevent access to resources from another admin

packages/builders/src/services/bitbucket.ts

@@ -12,13 +12,14 @@ export type Bitbucket = typeof bitbucket.$inferSelect;
 
 export const createBitbucket = async (
 	input: typeof apiCreateBitbucket._type,
+	adminId: string,
 ) => {
 	return await db.transaction(async (tx) => {
 		const newGitProvider = await tx
 			.insert(gitProvider)
 			.values({
 				providerType: "bitbucket",
-				authId: input.authId,
+				adminId: adminId,
 				name: input.name,
 			})
 			.returning()
@@ -73,11 +74,12 @@ export const updateBitbucket = async (
 			.where(eq(bitbucket.bitbucketId, bitbucketId))
 			.returning();
 
-		if (input.name) {
+		if (input.name || input.adminId) {
 			await tx
 				.update(gitProvider)
 				.set({
 					name: input.name,
+					adminId: input.adminId,
 				})
 				.where(eq(gitProvider.gitProviderId, input.gitProviderId))
 				.returning();

packages/builders/src/services/destination.ts

@@ -1,20 +1,19 @@
 import { db } from "@/server/db";
 import { type apiCreateDestination, destinations } from "@/server/db/schema";
 import { TRPCError } from "@trpc/server";
-import { eq } from "drizzle-orm";
-import { findAdmin } from "./admin";
+import { and, eq } from "drizzle-orm";
 
 export type Destination = typeof destinations.$inferSelect;
 
 export const createDestintation = async (
 	input: typeof apiCreateDestination._type,
+	adminId: string,
 ) => {
-	const adminResponse = await findAdmin();
 	const newDestination = await db
 		.insert(destinations)
 		.values({
 			...input,
-			adminId: adminResponse.adminId,
+			adminId: adminId,
 		})
 		.returning()
 		.then((value) => value[0]);
@@ -31,7 +30,7 @@ export const createDestintation = async (
 
 export const findDestinationById = async (destinationId: string) => {
 	const destination = await db.query.destinations.findFirst({
-		where: eq(destinations.destinationId, destinationId),
+		where: and(eq(destinations.destinationId, destinationId)),
 	});
 	if (!destination) {
 		throw new TRPCError({
@@ -42,10 +41,18 @@ export const findDestinationById = async (destinationId: string) => {
 	return destination;
 };
 
-export const removeDestinationById = async (destinationId: string) => {
+export const removeDestinationById = async (
+	destinationId: string,
+	adminId: string,
+) => {
 	const result = await db
 		.delete(destinations)
-		.where(eq(destinations.destinationId, destinationId))
+		.where(
+			and(
+				eq(destinations.destinationId, destinationId),
+				eq(destinations.adminId, adminId),
+			),
+		)
 		.returning();
 
 	return result[0];
@@ -60,7 +67,12 @@ export const updateDestinationById = async (
 		.set({
 			...destinationData,
 		})
-		.where(eq(destinations.destinationId, destinationId))
+		.where(
+			and(
+				eq(destinations.destinationId, destinationId),
+				eq(destinations.adminId, destinationData.adminId || ""),
+			),
+		)
 		.returning();
 
 	return result[0];

packages/builders/src/services/git-provider.ts

@@ -1,5 +1,5 @@
 import { db } from "@/server/db";
-import { type apiCreateGithub, gitProvider, github } from "@/server/db/schema";
+import { gitProvider } from "@/server/db/schema";
 import { TRPCError } from "@trpc/server";
 import { eq } from "drizzle-orm";
 
@@ -14,6 +14,20 @@ export const removeGitProvider = async (gitProviderId: string) => {
 	return result[0];
 };
 
+export const findGitProviderById = async (gitProviderId: string) => {
+	const result = await db.query.gitProvider.findFirst({
+		where: eq(gitProvider.gitProviderId, gitProviderId),
+	});
+
+	if (!result) {
+		throw new TRPCError({
+			code: "NOT_FOUND",
+			message: "Git Provider not found",
+		});
+	}
+	return result;
+};
+
 export const updateGitProvider = async (
 	gitProviderId: string,
 	input: Partial<GitProvider>,

packages/builders/src/services/notification.ts

@@ -21,6 +21,7 @@ export type Notification = typeof notifications.$inferSelect;
 
 export const createSlackNotification = async (
 	input: typeof apiCreateSlack._type,
+	adminId: string,
 ) => {
 	await db.transaction(async (tx) => {
 		const newSlack = await tx
@@ -50,6 +51,7 @@ export const createSlackNotification = async (
 				dokployRestart: input.dokployRestart,
 				dockerCleanup: input.dockerCleanup,
 				notificationType: "slack",
+				adminId: adminId,
 			})
 			.returning()
 			.then((value) => value[0]);
@@ -78,6 +80,7 @@ export const updateSlackNotification = async (
 				databaseBackup: input.databaseBackup,
 				dokployRestart: input.dokployRestart,
 				dockerCleanup: input.dockerCleanup,
+				adminId: input.adminId,
 			})
 			.where(eq(notifications.notificationId, input.notificationId))
 			.returning()
@@ -106,6 +109,7 @@ export const updateSlackNotification = async (
 
 export const createTelegramNotification = async (
 	input: typeof apiCreateTelegram._type,
+	adminId: string,
 ) => {
 	await db.transaction(async (tx) => {
 		const newTelegram = await tx
@@ -135,6 +139,7 @@ export const createTelegramNotification = async (
 				dokployRestart: input.dokployRestart,
 				dockerCleanup: input.dockerCleanup,
 				notificationType: "telegram",
+				adminId: adminId,
 			})
 			.returning()
 			.then((value) => value[0]);
@@ -163,6 +168,7 @@ export const updateTelegramNotification = async (
 				databaseBackup: input.databaseBackup,
 				dokployRestart: input.dokployRestart,
 				dockerCleanup: input.dockerCleanup,
+				adminId: input.adminId,
 			})
 			.where(eq(notifications.notificationId, input.notificationId))
 			.returning()
@@ -191,6 +197,7 @@ export const updateTelegramNotification = async (
 
 export const createDiscordNotification = async (
 	input: typeof apiCreateDiscord._type,
+	adminId: string,
 ) => {
 	await db.transaction(async (tx) => {
 		const newDiscord = await tx
@@ -219,6 +226,7 @@ export const createDiscordNotification = async (
 				dokployRestart: input.dokployRestart,
 				dockerCleanup: input.dockerCleanup,
 				notificationType: "discord",
+				adminId: adminId,
 			})
 			.returning()
 			.then((value) => value[0]);
@@ -247,6 +255,7 @@ export const updateDiscordNotification = async (
 				databaseBackup: input.databaseBackup,
 				dokployRestart: input.dokployRestart,
 				dockerCleanup: input.dockerCleanup,
+				adminId: input.adminId,
 			})
 			.where(eq(notifications.notificationId, input.notificationId))
 			.returning()
@@ -274,6 +283,7 @@ export const updateDiscordNotification = async (
 
 export const createEmailNotification = async (
 	input: typeof apiCreateEmail._type,
+	adminId: string,
 ) => {
 	await db.transaction(async (tx) => {
 		const newEmail = await tx
@@ -307,6 +317,7 @@ export const createEmailNotification = async (
 				dokployRestart: input.dokployRestart,
 				dockerCleanup: input.dockerCleanup,
 				notificationType: "email",
+				adminId: adminId,
 			})
 			.returning()
 			.then((value) => value[0]);
@@ -335,6 +346,7 @@ export const updateEmailNotification = async (
 				databaseBackup: input.databaseBackup,
 				dokployRestart: input.dokployRestart,
 				dockerCleanup: input.dockerCleanup,
+				adminId: input.adminId,
 			})
 			.where(eq(notifications.notificationId, input.notificationId))
 			.returning()