fix: update Z.AI API URL and enhance AI router access control

- Corrected the API URL for Z.AI by removing the trailing slash. - Modified the AI router mutation to include context and added access control to ensure users can only access their organization's AI settings. These changes improve the accuracy of the API integration and enhance security by enforcing organizational access restrictions.
2026-06-15 20:25:23 +02:00 · 2026-04-09 11:27:19 -06:00
parent fbde5be02c
commit 8d8658a478
2 changed files with 9 additions and 2 deletions
--- a/apps/dokploy/components/dashboard/settings/handle-ai.tsx
+++ b/apps/dokploy/components/dashboard/settings/handle-ai.tsx
@@ -68,7 +68,7 @@ const AI_PROVIDERS = [
 	{ name: "DeepInfra", apiUrl: "https://api.deepinfra.com/v1/openai" },
 	{ name: "Ollama", apiUrl: "http://localhost:11434" },
 	{ name: "OpenRouter", apiUrl: "https://openrouter.ai/api/v1" },
-	{ name: "Z.AI", apiUrl: "https://api.z.ai/api/paas/v4/" },
+	{ name: "Z.AI", apiUrl: "https://api.z.ai/api/paas/v4" },
 	{ name: "MiniMax", apiUrl: "https://api.minimax.io/v1" },
 ] as const;

--- a/apps/dokploy/server/api/routers/ai.ts
+++ b/apps/dokploy/server/api/routers/ai.ts
@@ -217,7 +217,7 @@ export const aiRouter = createTRPCRouter({
 				context: z.enum(["build", "runtime"]),
 			}),
 		)
-		.mutation(async ({ input }) => {
+		.mutation(async ({ input, ctx }) => {
 			try {
 				const aiSettings = await getAiSettingById(input.aiId);
 				if (!aiSettings?.isEnabled) {
@@ -227,6 +227,13 @@ export const aiRouter = createTRPCRouter({
 					});
 				}

+				if (aiSettings.organizationId !== ctx.session.activeOrganizationId) {
+					throw new TRPCError({
+						code: "FORBIDDEN",
+						message: "Access denied",
+					});
+				}
+
 				const provider = selectAIProvider(aiSettings);
 				const model = provider(aiSettings.model);