refactor: update user and authentication schema with two-factor support

This commit is contained in:
Mauricio Siu
2025-02-16 15:32:57 -06:00
parent 90156da570
commit e1632cbdb3
33 changed files with 657 additions and 180 deletions

View File

@@ -22,9 +22,8 @@ import {
cleanUpUnusedVolumes,
execAsync,
execAsyncRemote,
findAdmin,
findAdminById,
findServerById,
findUserById,
getDokployImage,
getDokployImageTag,
getUpdateData,
@@ -50,6 +49,7 @@ import {
updateLetsEncryptEmail,
updateServerById,
updateServerTraefik,
updateUser,
writeConfig,
writeMainConfig,
writeTraefikConfigInPath,
@@ -163,7 +163,7 @@ export const settingsRouter = createTRPCRouter({
if (IS_CLOUD) {
return true;
}
await updateAdmin(ctx.user.authId, {
await updateUser(ctx.user.id, {
sshPrivateKey: input.sshPrivateKey,
});
@@ -175,7 +175,7 @@ export const settingsRouter = createTRPCRouter({
if (IS_CLOUD) {
return true;
}
const admin = await updateAdmin(ctx.user.authId, {
const user = await updateUser(ctx.user.id, {
host: input.host,
...(input.letsEncryptEmail && {
letsEncryptEmail: input.letsEncryptEmail,
@@ -183,25 +183,25 @@ export const settingsRouter = createTRPCRouter({
certificateType: input.certificateType,
});
if (!admin) {
if (!user) {
throw new TRPCError({
code: "NOT_FOUND",
message: "Admin not found",
message: "User not found",
});
}
updateServerTraefik(admin, input.host);
updateServerTraefik(user, input.host);
if (input.letsEncryptEmail) {
updateLetsEncryptEmail(input.letsEncryptEmail);
}
return admin;
return user;
}),
cleanSSHPrivateKey: adminProcedure.mutation(async ({ ctx }) => {
if (IS_CLOUD) {
return true;
}
await updateAdmin(ctx.user.authId, {
await updateUser(ctx.user.id, {
sshPrivateKey: null,
});
return true;
@@ -216,7 +216,7 @@ export const settingsRouter = createTRPCRouter({
const server = await findServerById(input.serverId);
if (server.adminId !== ctx.user.adminId) {
if (server.organizationId !== ctx.session?.activeOrganizationId) {
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not authorized to access this server",
@@ -245,7 +245,7 @@ export const settingsRouter = createTRPCRouter({
await cleanUpUnusedImages(server.serverId);
await cleanUpDockerBuilder(server.serverId);
await cleanUpSystemPrune(server.serverId);
await sendDockerCleanupNotifications(server.adminId);
await sendDockerCleanupNotifications(server.organizationId);
});
}
} else {
@@ -261,19 +261,11 @@ export const settingsRouter = createTRPCRouter({
}
}
} else if (!IS_CLOUD) {
const admin = await findAdminById(ctx.user.adminId);
if (admin.adminId !== ctx.user.adminId) {
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You are not authorized to access this admin",
});
}
const adminUpdated = await updateAdmin(ctx.user.authId, {
const userUpdated = await updateUser(ctx.user.id, {
enableDockerCleanup: input.enableDockerCleanup,
});
if (adminUpdated?.enableDockerCleanup) {
if (userUpdated?.enableDockerCleanup) {
scheduleJob("docker-cleanup", "0 0 * * *", async () => {
console.log(
`Docker Cleanup ${new Date().toLocaleString()}] Running...`,
@@ -281,7 +273,9 @@ export const settingsRouter = createTRPCRouter({
await cleanUpUnusedImages();
await cleanUpDockerBuilder();
await cleanUpSystemPrune();
await sendDockerCleanupNotifications(admin.adminId);
await sendDockerCleanupNotifications(
ctx.session.activeOrganizationId,
);
});
} else {
const currentJob = scheduledJobs["docker-cleanup"];
@@ -383,7 +377,7 @@ export const settingsRouter = createTRPCRouter({
.query(async ({ ctx, input }) => {
try {
if (ctx.user.rol === "member") {
const canAccess = await canAccessToTraefikFiles(ctx.user.authId);
const canAccess = await canAccessToTraefikFiles(ctx.user.id);
if (!canAccess) {
throw new TRPCError({ code: "UNAUTHORIZED" });
@@ -401,7 +395,7 @@ export const settingsRouter = createTRPCRouter({
.input(apiModifyTraefikConfig)
.mutation(async ({ input, ctx }) => {
if (ctx.user.rol === "member") {
const canAccess = await canAccessToTraefikFiles(ctx.user.authId);
const canAccess = await canAccessToTraefikFiles(ctx.user.id);
if (!canAccess) {
throw new TRPCError({ code: "UNAUTHORIZED" });
@@ -419,7 +413,7 @@ export const settingsRouter = createTRPCRouter({
.input(apiReadTraefikConfig)
.query(async ({ input, ctx }) => {
if (ctx.user.rol === "member") {
const canAccess = await canAccessToTraefikFiles(ctx.user.authId);
const canAccess = await canAccessToTraefikFiles(ctx.user.id);
if (!canAccess) {
throw new TRPCError({ code: "UNAUTHORIZED" });
@@ -427,12 +421,12 @@ export const settingsRouter = createTRPCRouter({
}
return readConfigInPath(input.path, input.serverId);
}),
getIp: protectedProcedure.query(async () => {
getIp: protectedProcedure.query(async ({ ctx }) => {
if (IS_CLOUD) {
return true;
}
const admin = await findAdmin();
return admin.serverIp;
const user = await findUserById(ctx.user.ownerId);
return user.serverIp;
}),
getOpenApiDocument: protectedProcedure.query(