feat: enhance mount API to support service type filtering and organization access checks

This commit is contained in:
Mauricio Siu
2026-02-25 22:08:05 -06:00
parent e62bb7593a
commit a467920410
3 changed files with 92 additions and 2 deletions

View File

@@ -1,22 +1,70 @@
import {
checkServiceAccess,
createMount,
deleteMount,
findApplicationById,
findComposeById,
findMariadbById,
findMongoById,
findMountById,
findMountOrganizationId,
findMountsByApplicationId,
findMySqlById,
findPostgresById,
findRedisById,
getServiceContainer,
updateMount,
} from "@dokploy/server";
import type { ServiceType } from "@dokploy/server/db/schema/mount";
import { TRPCError } from "@trpc/server";
import { z } from "zod";
import {
apiCreateMount,
apiFindMountByApplicationId,
apiFindOneMount,
apiRemoveMount,
apiUpdateMount,
} from "@/server/db/schema";
import { createTRPCRouter, protectedProcedure } from "../trpc";
async function getServiceOrganizationId(
serviceId: string,
serviceType: ServiceType,
): Promise<string | null> {
switch (serviceType) {
case "application": {
const app = await findApplicationById(serviceId);
return app?.environment?.project?.organizationId ?? null;
}
case "postgres": {
const postgres = await findPostgresById(serviceId);
return postgres?.environment?.project?.organizationId ?? null;
}
case "mariadb": {
const mariadb = await findMariadbById(serviceId);
return mariadb?.environment?.project?.organizationId ?? null;
}
case "mongo": {
const mongo = await findMongoById(serviceId);
return mongo?.environment?.project?.organizationId ?? null;
}
case "mysql": {
const mysql = await findMySqlById(serviceId);
return mysql?.environment?.project?.organizationId ?? null;
}
case "redis": {
const redis = await findRedisById(serviceId);
return redis?.environment?.project?.organizationId ?? null;
}
case "compose": {
const compose = await findComposeById(serviceId);
return compose?.environment?.project?.organizationId ?? null;
}
default:
return null;
}
}
export const mountRouter = createTRPCRouter({
create: protectedProcedure
.input(apiCreateMount)
@@ -71,4 +119,35 @@ export const mountRouter = createTRPCRouter({
);
return mounts;
}),
listByServiceId: protectedProcedure
.input(apiFindMountByApplicationId)
.query(async ({ input, ctx }) => {
console.log("input", input);
if (ctx.user.role === "member") {
await checkServiceAccess(
ctx.user.id,
input.serviceId,
ctx.session.activeOrganizationId,
"access",
);
}
const organizationId = await getServiceOrganizationId(
input.serviceId,
input.serviceType,
);
if (
organizationId === null ||
organizationId !== ctx.session.activeOrganizationId
) {
throw new TRPCError({
code: "UNAUTHORIZED",
message:
"You are not authorized to access this service or it does not exist",
});
}
return await findMountsByApplicationId(
input.serviceId,
input.serviceType,
);
}),
});