apps/api/src/utils/validate-workspace-access.ts at main

danieldaum.net / kaneo

fork atom

kaneo (minimalist kanban) fork to experiment adding a tangled integration github.com/usekaneo/kaneo

fork atom

kaneo / apps / api / src / utils / validate-workspace-access.ts

at main 49 lines 1.2 kB view raw

wrap content

Andrej fix: api keys couldn't be created 5w ago

04c8f8f7

 1import { and, eq, or } from "drizzle-orm";
 2import { HTTPException } from "hono/http-exception";
 3import db, { schema } from "../database";
 4
 5export async function validateWorkspaceAccess(
 6  userId: string,
 7  workspaceId: string,
 8  apiKeyId?: string,
 9): Promise<void> {
10  if (apiKeyId) {
11    const apiKey = await db
12      .select()
13      .from(schema.apikeyTable)
14      .where(
15        and(
16          eq(schema.apikeyTable.id, apiKeyId),
17          or(
18            eq(schema.apikeyTable.referenceId, userId),
19            eq(schema.apikeyTable.userId, userId),
20          ),
21          eq(schema.apikeyTable.enabled, true),
22        ),
23      )
24      .limit(1);
25
26    if (apiKey.length === 0) {
27      throw new HTTPException(403, {
28        message: "Invalid API key for this workspace",
29      });
30    }
31  }
32
33  const membership = await db
34    .select()
35    .from(schema.workspaceUserTable)
36    .where(
37      and(
38        eq(schema.workspaceUserTable.userId, userId),
39        eq(schema.workspaceUserTable.workspaceId, workspaceId),
40      ),
41    )
42    .limit(1);
43
44  if (membership.length === 0) {
45    throw new HTTPException(403, {
46      message: "You don't have access to this workspace",
47    });
48  }
49}