refactor(dokploy): restrict license key access to owners only and enhance validation

- Updated the license key settings to ensure only users with the "owner" role can access certain functionalities. - Modified the license key activation input validation to require a non-empty string. - Improved error handling for network issues when validating license keys, providing clearer feedback to users. - Adjusted the dashboard settings to redirect non-owner users appropriately.
2026-06-24 16:45:22 +02:00 · 2026-02-09 01:15:35 -06:00
parent 0a3a90c4e9
commit f5fa39b97e
5 changed files with 53 additions and 6 deletions
--- a/apps/dokploy/server/api/routers/proprietary/license-key.ts
+++ b/apps/dokploy/server/api/routers/proprietary/license-key.ts
@@ -12,7 +12,7 @@ import {

 export const licenseKeyRouter = createTRPCRouter({
 	activate: adminProcedure
-		.input(z.object({ licenseKey: z.string() }))
+		.input(z.object({ licenseKey: z.string().min(1) }))
 		.mutation(async ({ input, ctx }) => {
 			try {
 				const currentUserId = ctx.user.id;
@@ -74,6 +74,13 @@ export const licenseKeyRouter = createTRPCRouter({
 				});
 			}

+			if (ctx.user.role !== "owner") {
+				throw new TRPCError({
+					code: "FORBIDDEN",
+					message: "You are not authorized to validate a license key",
+				});
+			}
+
 			if (!currentUser.licenseKey) {
 				throw new TRPCError({
 					code: "BAD_REQUEST",
@@ -164,6 +171,13 @@ export const licenseKeyRouter = createTRPCRouter({
 			});
 		}

+		if (ctx.user.role !== "owner") {
+			throw new TRPCError({
+				code: "FORBIDDEN",
+				message: "You are not authorized to get enterprise settings",
+			});
+		}
+
 		return {
 			enableEnterpriseFeatures: !!currentUser.enableEnterpriseFeatures,
 			licenseKey: currentUser.licenseKey ?? "",
@@ -200,6 +214,13 @@ export const licenseKeyRouter = createTRPCRouter({
 					});
 				}

+				if (ctx.user.role !== "owner") {
+					throw new TRPCError({
+						code: "FORBIDDEN",
+						message: "You are not authorized to update enterprise settings",
+					});
+				}
+
 				await db
 					.update(user)
 					.set({
--- a/apps/dokploy/server/utils/enterprise.ts
+++ b/apps/dokploy/server/utils/enterprise.ts
@@ -1,5 +1,18 @@
 import { getPublicIpWithFallback, LICENSE_KEY_URL } from "@dokploy/server";

+const LICENSE_SERVER_UNREACHABLE =
+	"Could not reach the license server. Check your connection or try again later.";
+
+function isNetworkError(error: unknown): boolean {
+	if (error instanceof Error) {
+		if (error.message === "fetch failed") return true;
+		const cause = (error as Error & { cause?: { code?: string } }).cause;
+		const code = cause?.code;
+		return code === "ECONNREFUSED" || code === "ENOTFOUND" || code === "ETIMEDOUT";
+	}
+	return false;
+}
+
 export const validateLicenseKey = async (licenseKey: string) => {
 	try {
 		const ip = await getPublicIpWithFallback();
@@ -22,6 +35,9 @@ export const validateLicenseKey = async (licenseKey: string) => {
 		console.error(
 			error instanceof Error ? error.message : "Failed to validate license key",
 		);
+		if (isNetworkError(error)) {
+			throw new Error(LICENSE_SERVER_UNREACHABLE);
+		}
 		throw error;
 	}
 };
@@ -48,6 +64,9 @@ export const activateLicenseKey = async (licenseKey: string) => {
 		console.error(
 			error instanceof Error ? error.message : "Failed to activate license key",
 		);
+		if (isNetworkError(error)) {
+			throw new Error(LICENSE_SERVER_UNREACHABLE);
+		}
 		throw error;
 	}
 };
@@ -76,6 +95,9 @@ export const deactivateLicenseKey = async (licenseKey: string) => {
 				? error.message
 				: "Failed to deactivate license key",
 		);
+		if (isNetworkError(error)) {
+			throw new Error(LICENSE_SERVER_UNREACHABLE);
+		}
 		throw error;
 	}
 };