* feat(db): add support for multiple users and organizations * feat: backfill entities with new organization id * refactor: filter all backend queries to surface only organization specific entities * refactor: each org has its own restic password * test: ensure organization is created * chore: pr feedbacks * refactor: filter by org id in all places * refactor: download restic password from stored db password * refactor(navigation): use volume id in urls instead of name * feat: disable registrations * refactor(auth): bubble up auth error to hono * refactor: use async local storage for cleaner context sharing * refactor: enable user registration vs disabling it * test: multi-org isolation * chore: final cleanup
25 lines
941 B
TypeScript
25 lines
941 B
TypeScript
import { db } from "~/server/db/db";
|
|
import type { AuthMiddlewareContext } from "../auth";
|
|
import { logger } from "~/server/utils/logger";
|
|
import { eq } from "drizzle-orm";
|
|
import { appMetadataTable } from "~/server/db/schema";
|
|
import { ForbiddenError } from "http-errors-enhanced";
|
|
import { REGISTRATION_ENABLED_KEY } from "~/client/lib/constants";
|
|
|
|
export const ensureOnlyOneUser = async (ctx: AuthMiddlewareContext) => {
|
|
const { path } = ctx;
|
|
const existingUser = await db.query.usersTable.findFirst();
|
|
|
|
if (path !== "/sign-up/email") {
|
|
return;
|
|
}
|
|
|
|
const result = await db.query.appMetadataTable.findFirst({
|
|
where: eq(appMetadataTable.key, REGISTRATION_ENABLED_KEY),
|
|
});
|
|
|
|
if (result?.value !== "true" && existingUser) {
|
|
logger.info("User registration attempt blocked: registrations are not enabled.");
|
|
throw new ForbiddenError("User registrations are currently disabled. Please contact an administrator for access.");
|
|
}
|
|
};
|