From b1ed43c031c1d3ff1e269ba867f59ac076ca1903 Mon Sep 17 00:00:00 2001 From: chronark Date: Fri, 6 Dec 2024 20:49:09 +0100 Subject: [PATCH] fix: check workspace ownership --- .../lib/trpc/routers/api/setDefaultBytes.ts | 25 ++++++------------- .../lib/trpc/routers/api/setDefaultPrefix.ts | 25 ++++++------------- 2 files changed, 16 insertions(+), 34 deletions(-) diff --git a/apps/dashboard/lib/trpc/routers/api/setDefaultBytes.ts b/apps/dashboard/lib/trpc/routers/api/setDefaultBytes.ts index e2dbcb516..82d0ffb3e 100644 --- a/apps/dashboard/lib/trpc/routers/api/setDefaultBytes.ts +++ b/apps/dashboard/lib/trpc/routers/api/setDefaultBytes.ts @@ -18,35 +18,26 @@ export const setDefaultApiBytes = t.procedure }), ) .mutation(async ({ ctx, input }) => { - const workspace = await db.query.workspaces + const keyAuth = await db.query.keyAuth .findFirst({ - where: (table, { eq }) => eq(table.tenantId, ctx.tenant.id), + where: (table, { eq, and, isNull }) => + and(eq(table.id, input.keyAuthId), isNull(table.deletedAt)), with: { - keySpaces: { - where: (table, { eq }) => eq(table.id, input.keyAuthId), - }, + workspace: true, }, }) .catch((_err) => { throw new TRPCError({ code: "INTERNAL_SERVER_ERROR", message: - "We were unable to find the KeyAuth. Please try again or contact support@unkey.dev.", + "We were unable to update the key auth. Please try again or contact support@unkey.dev", }); }); - if (!workspace) { - throw new TRPCError({ - code: "NOT_FOUND", - message: - "We are unable to find the correct workspace. Please try again or contact support@unkey.dev", - }); - } - const keyAuth = workspace.keySpaces.at(0); - if (!keyAuth) { + if (!keyAuth || keyAuth.workspace.tenantId !== ctx.tenant.id) { throw new TRPCError({ code: "NOT_FOUND", message: - "We are unable to find the correct keyAuth. Please try again or contact support@unkey.dev", + "We are unable to find the correct key auth. Please try again or contact support@unkey.dev.", }); } await db @@ -65,7 +56,7 @@ export const setDefaultApiBytes = t.procedure }); }); await insertAuditLogs(tx, { - workspaceId: workspace.id, + workspaceId: keyAuth.workspace.id, actor: { type: "user", id: ctx.user.id, diff --git a/apps/dashboard/lib/trpc/routers/api/setDefaultPrefix.ts b/apps/dashboard/lib/trpc/routers/api/setDefaultPrefix.ts index 8460a7d3f..d5f6feeea 100644 --- a/apps/dashboard/lib/trpc/routers/api/setDefaultPrefix.ts +++ b/apps/dashboard/lib/trpc/routers/api/setDefaultPrefix.ts @@ -14,35 +14,26 @@ export const setDefaultApiPrefix = t.procedure }), ) .mutation(async ({ ctx, input }) => { - const workspace = await db.query.workspaces + const keyAuth = await db.query.keyAuth .findFirst({ - where: (table, { eq }) => eq(table.tenantId, ctx.tenant.id), + where: (table, { eq, and, isNull }) => + and(eq(table.id, input.keyAuthId), isNull(table.deletedAt)), with: { - keySpaces: { - where: (table, { eq }) => eq(table.id, input.keyAuthId), - }, + workspace: true, }, }) .catch((_err) => { throw new TRPCError({ code: "INTERNAL_SERVER_ERROR", message: - "We were unable to find the KeyAuth. Please try again or contact support@unkey.dev.", + "We were unable to update the key auth. Please try again or contact support@unkey.dev", }); }); - if (!workspace) { - throw new TRPCError({ - code: "NOT_FOUND", - message: - "We are unable to find the correct workspace. Please try again or contact support@unkey.dev", - }); - } - const keyAuth = workspace.keySpaces.at(0); - if (!keyAuth) { + if (!keyAuth || keyAuth.workspace.tenantId !== ctx.tenant.id) { throw new TRPCError({ code: "NOT_FOUND", message: - "We are unable to find the correct keyAuth. Please try again or contact support@unkey.dev", + "We are unable to find the correct key auth. Please try again or contact support@unkey.dev.", }); } @@ -62,7 +53,7 @@ export const setDefaultApiPrefix = t.procedure }); }); await insertAuditLogs(tx, { - workspaceId: workspace.id, + workspaceId: keyAuth.workspace.id, actor: { type: "user", id: ctx.user.id,