From 00ce8cad1b9d2c774b753d7ba81a42a245f30119 Mon Sep 17 00:00:00 2001 From: Mauricio Siu Date: Sat, 31 Jan 2026 18:03:03 -0600 Subject: [PATCH] feat(license): enhance license key management and authorization checks - Added authorization checks to ensure only users with the "owner" role can activate or deactivate license keys. - Updated the menu item visibility logic to simplify role checks for admin and owner users. - Commented out the cloud environment redirection logic in the license settings page for future consideration. --- apps/dokploy/components/layouts/side.tsx | 6 +++--- .../dokploy/pages/dashboard/settings/license.tsx | 16 ++++++++-------- .../api/routers/proprietary/license-key.ts | 15 +++++++++++++++ 3 files changed, 26 insertions(+), 11 deletions(-) diff --git a/apps/dokploy/components/layouts/side.tsx b/apps/dokploy/components/layouts/side.tsx index 204bf9695..0062c223a 100644 --- a/apps/dokploy/components/layouts/side.tsx +++ b/apps/dokploy/components/layouts/side.tsx @@ -21,6 +21,7 @@ import { Key, KeyRound, Loader2, + LogIn, type LucideIcon, Package, PieChart, @@ -30,7 +31,6 @@ import { Trash2, User, Users, - LogIn, } from "lucide-react"; import Link from "next/link"; import { usePathname } from "next/navigation"; @@ -404,8 +404,8 @@ const MENU: Menu = { url: "/dashboard/settings/license", icon: Key, // Only enabled for admins in non-cloud environments - isEnabled: ({ auth, isCloud }) => - !!((auth?.role === "owner" || auth?.role === "admin") && !isCloud), + isEnabled: ({ auth }) => + !!(auth?.role === "owner" || auth?.role === "admin"), }, { isSingle: true, diff --git a/apps/dokploy/pages/dashboard/settings/license.tsx b/apps/dokploy/pages/dashboard/settings/license.tsx index c281ddc64..746fa9bf4 100644 --- a/apps/dokploy/pages/dashboard/settings/license.tsx +++ b/apps/dokploy/pages/dashboard/settings/license.tsx @@ -36,14 +36,14 @@ export async function getServerSideProps( ) { const { req, res } = ctx; const locale = await getLocale(req.cookies); - if (IS_CLOUD) { - return { - redirect: { - permanent: true, - destination: "/dashboard/projects", - }, - }; - } + // if (IS_CLOUD) { + // return { + // redirect: { + // permanent: true, + // destination: "/dashboard/projects", + // }, + // }; + // } const { user, session } = await validateRequest(ctx.req); if (!user) { return { diff --git a/apps/dokploy/server/api/routers/proprietary/license-key.ts b/apps/dokploy/server/api/routers/proprietary/license-key.ts index 53816540c..7a0e15032 100644 --- a/apps/dokploy/server/api/routers/proprietary/license-key.ts +++ b/apps/dokploy/server/api/routers/proprietary/license-key.ts @@ -26,6 +26,13 @@ export const licenseKeyRouter = createTRPCRouter({ }); } + if (ctx.user.role !== "owner") { + throw new TRPCError({ + code: "FORBIDDEN", + message: "You are not authorized to activate a license key", + }); + } + if (!currentUser.enableEnterpriseFeatures) { throw new TRPCError({ code: "BAD_REQUEST", @@ -117,6 +124,14 @@ export const licenseKeyRouter = createTRPCRouter({ message: "No license key found", }); } + + if (ctx.user.role !== "owner") { + throw new TRPCError({ + code: "FORBIDDEN", + message: "You are not authorized to deactivate a license key", + }); + } + await deactivateLicenseKey(currentUser.licenseKey); await db .update(user)