zerobyte/app/server/lib/auth/middlewares/only-one-user.ts
Nico 7a3932f969
feat: OIDC (#564)
* feat: oidc

feat: organization switcher

refactor: org context

feat: invitations

GLM

* feat: link current account

* refactor: own page for sso registration

* feat: per-user account management

* refactor: code style

* refactor: user existing check

* refactor: restrict provider configuration to super admins only

* refactor: cleanup / pr review

* chore: fix lint issues

* chore: pr feedbacks

* test(e2e): automated tests for OIDC

* fix: check url first for sso provider identification

* fix: prevent oidc provider to be named "credential"
2026-02-27 23:13:54 +01:00

24 lines
847 B
TypeScript

import { db } from "~/server/db/db";
import type { AuthMiddlewareContext } from "~/server/lib/auth";
import { logger } from "~/server/utils/logger";
import { ForbiddenError } from "http-errors-enhanced";
import { REGISTRATION_ENABLED_KEY } from "~/server/core/constants";
export const ensureOnlyOneUser = async (ctx: AuthMiddlewareContext) => {
const { path } = ctx;
if (path !== "/sign-up/email") {
return;
}
const existingUser = await db.query.usersTable.findFirst();
const result = await db.query.appMetadataTable.findFirst({
where: { key: REGISTRATION_ENABLED_KEY },
});
if (result?.value !== "true" && existingUser) {
logger.info("User registration attempt blocked: registrations are not enabled.");
throw new ForbiddenError("User registrations are currently disabled. Please contact an administrator for access.");
}
};