add user checks in routes

2025-07-19 10:14:39 +02:00 · 2025-05-02 10:44:50 -04:00 · 2025-05-02 10:44:50 -04:00 · a9f0b9aa38
commit a9f0b9aa38
parent f8e0219b49
21 changed files with 302 additions and 133 deletions
--- a/server/routers/org/createOrg.ts
+++ b/server/routers/org/createOrg.ts
@ -3,13 +3,16 @@ import { z } from "zod";
 import { db } from "@server/db";
 import { eq } from "drizzle-orm";
 import {
+    apiKeyOrg,
+    apiKeys,
    domains,
    Org,
    orgDomains,
    orgs,
    roleActions,
    roles,
-    userOrgs
+    userOrgs,
+    users
 } from "@server/db/schemas";
 import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
@ -55,7 +58,7 @@ export async function createOrg(
    try {
        // should this be in a middleware?
        if (config.getRawConfig().flags?.disable_user_create_org) {
-            if (!req.user?.serverAdmin) {
+            if (req.user && !req.user?.serverAdmin) {
                return next(
                    createHttpError(
                        HttpCode.FORBIDDEN,
@ -143,12 +146,33 @@ export async function createOrg(
                }))
            );

-            await trx.insert(userOrgs).values({
-                userId: req.user!.userId,
-                orgId: newOrg[0].orgId,
-                roleId: roleId,
-                isOwner: true
-            });
+            if (req.user) {
+                await trx.insert(userOrgs).values({
+                    userId: req.user!.userId,
+                    orgId: newOrg[0].orgId,
+                    roleId: roleId,
+                    isOwner: true
+                });
+            } else {
+                // if org created by root api key, set the server admin as the owner
+                const [serverAdmin] = await trx
+                    .select()
+                    .from(users)
+                    .where(eq(users.serverAdmin, true));
+
+                if (!serverAdmin) {
+                    error = "Server admin not found";
+                    trx.rollback();
+                    return;
+                }
+
+                await trx.insert(userOrgs).values({
+                    userId: serverAdmin.userId,
+                    orgId: newOrg[0].orgId,
+                    roleId: roleId,
+                    isOwner: true
+                });
+            }

            const memberRole = await trx
                .insert(roles)
@ -166,6 +190,18 @@ export async function createOrg(
                    orgId
                }))
            );
+
+            const rootApiKeys = await trx
+                .select()
+                .from(apiKeys)
+                .where(eq(apiKeys.isRoot, true));
+
+            for (const apiKey of rootApiKeys) {
+                await trx.insert(apiKeyOrg).values({
+                    apiKeyId: apiKey.apiKeyId,
+                    orgId: newOrg[0].orgId
+                });
+            }
        });

        if (!org) {