Add grant to create website/team.

2024-11-16 02:05:04 +01:00 · 2023-08-22 15:37:22 -07:00 · 2023-08-22 15:37:22 -07:00 · 280f6a9113
commit 280f6a9113
parent 84236c0cd9
3 changed files with 31 additions and 5 deletions
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@ -4,11 +4,12 @@ import debug from 'debug';
 import { PERMISSIONS, ROLE_PERMISSIONS, SHARE_TOKEN_HEADER } from 'lib/constants';
 import { secret } from 'lib/crypto';
 import { createSecureToken, ensureArray, getRandomChars, parseToken } from 'next-basics';
-import { getTeamUser, getTeamWebsite, findTeamWebsiteByUserId } from 'queries';
+import { findTeamWebsiteByUserId, getTeamUser, getTeamWebsite, getWebsitesByUserId } from 'queries';
 import { loadWebsite } from './load';
 import { Auth } from './types';

 const log = debug('umami:auth');
+const cloudMode = process.env.CLOUD_MODE;

 export async function setAuthKey(user, expire = 0) {
  const authKey = `auth:${getRandomChars(32)}`;
@ -57,7 +58,15 @@ export async function canViewWebsite({ user, shareToken }: Auth, websiteId: stri
  return !!(await findTeamWebsiteByUserId(websiteId, user.id));
 }

-export async function canCreateWebsite({ user }: Auth) {
+export async function canCreateWebsite({ user, grant }: Auth) {
+  if (cloudMode) {
+    if (grant.find(a => a === PERMISSIONS.websiteCreate)) {
+      return true;
+    }
+
+    return (await getWebsitesByUserId(user.id)).count < Number(process.env.WEBSITE_LIMIT);
+  }
+
  if (user.isAdmin) {
    return true;
  }
@ -109,7 +118,15 @@ export async function canDeleteReport(auth: Auth, report: Report) {
  return canUpdateReport(auth, report);
 }

-export async function canCreateTeam({ user }: Auth) {
+export async function canCreateTeam({ user, grant }: Auth) {
+  if (cloudMode) {
+    if (grant.find(a => a === PERMISSIONS.teamCreate)) {
+      return true;
+    }
+
+    return false;
+  }
+
  if (user.isAdmin) {
    return true;
  }
--- a/src/lib/middleware.ts
+++ b/src/lib/middleware.ts
@ -51,7 +51,7 @@ export const useAuth = createMiddleware(async (req, res, next) => {
  const shareToken = await parseShareToken(req);

  let user = null;
-  const { userId, authKey } = payload || {};
+  const { userId, authKey, grant } = payload || {};

  if (isUuid(userId)) {
    user = await getUserById(userId);
@ -72,7 +72,13 @@ export const useAuth = createMiddleware(async (req, res, next) => {
    user.isAdmin = user.role === ROLES.admin;
  }

-  (req as any).auth = { user, token, shareToken, authKey };
+  (req as any).auth = {
+    user,
+    grant,
+    token,
+    shareToken,
+    authKey,
+  };

  next();
 });
--- a/src/lib/types.ts
+++ b/src/lib/types.ts
@ -4,6 +4,7 @@ import {
  DATA_TYPE,
  EVENT_TYPE,
  KAFKA_TOPIC,
+  PERMISSIONS,
  REPORT_FILTER_TYPES,
  REPORT_TYPES,
  ROLES,
@ -17,6 +18,7 @@ import { TIME_UNIT } from './date';
 type ObjectValues<T> = T[keyof T];

 export type TimeUnit = ObjectValues<typeof TIME_UNIT>;
+export type Permission = ObjectValues<typeof PERMISSIONS>;

 export type CollectionType = ObjectValues<typeof COLLECTION_TYPE>;
 export type Role = ObjectValues<typeof ROLES>;
@ -78,6 +80,7 @@ export interface Auth {
    role: string;
    isAdmin: boolean;
  };
+  grant?: Permission[];
  shareToken?: {
    websiteId: string;
  };