From 8d8658a478b0bbe6e2ef796c797f3a0750247639 Mon Sep 17 00:00:00 2001
From: Mauricio Siu <siumauricio@icloud.com>
Date: Thu, 9 Apr 2026 11:27:19 -0600
Subject: [PATCH] fix: update Z.AI API URL and enhance AI router access control

- Corrected the API URL for Z.AI by removing the trailing slash.
- Modified the AI router mutation to include context and added access control to ensure users can only access their organization's AI settings.

These changes improve the accuracy of the API integration and enhance security by enforcing organizational access restrictions.
---
 apps/dokploy/components/dashboard/settings/handle-ai.tsx | 2 +-
 apps/dokploy/server/api/routers/ai.ts                    | 9 ++++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/apps/dokploy/components/dashboard/settings/handle-ai.tsx b/apps/dokploy/components/dashboard/settings/handle-ai.tsx
index db225bb58..18915609e 100644
--- a/apps/dokploy/components/dashboard/settings/handle-ai.tsx
+++ b/apps/dokploy/components/dashboard/settings/handle-ai.tsx
@@ -68,7 +68,7 @@ const AI_PROVIDERS = [
 	{ name: "DeepInfra", apiUrl: "https://api.deepinfra.com/v1/openai" },
 	{ name: "Ollama", apiUrl: "http://localhost:11434" },
 	{ name: "OpenRouter", apiUrl: "https://openrouter.ai/api/v1" },
-	{ name: "Z.AI", apiUrl: "https://api.z.ai/api/paas/v4/" },
+	{ name: "Z.AI", apiUrl: "https://api.z.ai/api/paas/v4" },
 	{ name: "MiniMax", apiUrl: "https://api.minimax.io/v1" },
 ] as const;
 
diff --git a/apps/dokploy/server/api/routers/ai.ts b/apps/dokploy/server/api/routers/ai.ts
index 48bacfcba..3a299235a 100644
--- a/apps/dokploy/server/api/routers/ai.ts
+++ b/apps/dokploy/server/api/routers/ai.ts
@@ -217,7 +217,7 @@ export const aiRouter = createTRPCRouter({
 				context: z.enum(["build", "runtime"]),
 			}),
 		)
-		.mutation(async ({ input }) => {
+		.mutation(async ({ input, ctx }) => {
 			try {
 				const aiSettings = await getAiSettingById(input.aiId);
 				if (!aiSettings?.isEnabled) {
@@ -227,6 +227,13 @@ export const aiRouter = createTRPCRouter({
 					});
 				}
 
+				if (aiSettings.organizationId !== ctx.session.activeOrganizationId) {
+					throw new TRPCError({
+						code: "FORBIDDEN",
+						message: "Access denied",
+					});
+				}
+
 				const provider = selectAIProvider(aiSettings);
 				const model = provider(aiSettings.model);