* feat: oidc feat: organization switcher refactor: org context feat: invitations GLM * feat: link current account * refactor: own page for sso registration * feat: per-user account management * refactor: code style * refactor: user existing check * refactor: restrict provider configuration to super admins only * refactor: cleanup / pr review * chore: fix lint issues * chore: pr feedbacks * test(e2e): automated tests for OIDC * fix: check url first for sso provider identification * fix: prevent oidc provider to be named "credential"
24 lines
847 B
TypeScript
24 lines
847 B
TypeScript
import { db } from "~/server/db/db";
|
|
import type { AuthMiddlewareContext } from "~/server/lib/auth";
|
|
import { logger } from "~/server/utils/logger";
|
|
import { ForbiddenError } from "http-errors-enhanced";
|
|
import { REGISTRATION_ENABLED_KEY } from "~/server/core/constants";
|
|
|
|
export const ensureOnlyOneUser = async (ctx: AuthMiddlewareContext) => {
|
|
const { path } = ctx;
|
|
|
|
if (path !== "/sign-up/email") {
|
|
return;
|
|
}
|
|
|
|
const existingUser = await db.query.usersTable.findFirst();
|
|
|
|
const result = await db.query.appMetadataTable.findFirst({
|
|
where: { key: REGISTRATION_ENABLED_KEY },
|
|
});
|
|
|
|
if (result?.value !== "true" && existingUser) {
|
|
logger.info("User registration attempt blocked: registrations are not enabled.");
|
|
throw new ForbiddenError("User registrations are currently disabled. Please contact an administrator for access.");
|
|
}
|
|
};
|