From ad88ebdec36dc1f53d328a24086ccf3bb7771297 Mon Sep 17 00:00:00 2001 From: tyler Date: Mon, 18 May 2026 09:07:54 -0600 Subject: [PATCH 1/3] Fix oauth sign in for existing users when ALLOW_REGISTRATION is false --- apps/api/src/controllers/oauth-callback.controller.tsx | 9 +++++++++ packages/trpc/src/routers/auth.ts | 9 +-------- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/apps/api/src/controllers/oauth-callback.controller.tsx b/apps/api/src/controllers/oauth-callback.controller.tsx index f626e6491..727b67d93 100644 --- a/apps/api/src/controllers/oauth-callback.controller.tsx +++ b/apps/api/src/controllers/oauth-callback.controller.tsx @@ -12,6 +12,7 @@ import { type Account, connectUserToOrganization, db } from '@openpanel/db'; import type { FastifyReply, FastifyRequest } from 'fastify'; import { z } from 'zod'; import { LogError } from '@/utils/errors'; +import { getIsRegistrationAllowed, TRPCAccessError } from "@openpanel/trpc"; async function getGithubEmail(githubAccessToken: string) { const emailListRequest = new Request('https://api.github.com/user/emails'); @@ -112,6 +113,14 @@ async function handleNewUser({ ); } + const isRegistrationAllowed = await getIsRegistrationAllowed( + input.inviteId + ); + + if (!isRegistrationAllowed) { + throw TRPCAccessError('Registrations are not allowed'); + } + const user = await db.user.create({ data: { email: oauthUser.email, diff --git a/packages/trpc/src/routers/auth.ts b/packages/trpc/src/routers/auth.ts index 8d83bdf4f..65f114308 100644 --- a/packages/trpc/src/routers/auth.ts +++ b/packages/trpc/src/routers/auth.ts @@ -53,7 +53,7 @@ const TWO_FACTOR_CHALLENGE_TTL_SECONDS = 5 * 60; const zProvider = z.enum(['email', 'google', 'github']); -async function getIsRegistrationAllowed(inviteId?: string | null) { +export async function getIsRegistrationAllowed(inviteId?: string | null) { // ALLOW_REGISTRATION is always undefined in cloud if (process.env.ALLOW_REGISTRATION === undefined) { return true; @@ -95,13 +95,6 @@ export const authRouter = createTRPCRouter({ signInOAuth: publicProcedure .input(z.object({ provider: zProvider, inviteId: z.string().nullish() })) .mutation(async ({ input, ctx }) => { - const isRegistrationAllowed = await getIsRegistrationAllowed( - input.inviteId - ); - - if (!isRegistrationAllowed) { - throw TRPCAccessError('Registrations are not allowed'); - } const { provider } = input; From ac3a27175311e0c44894a2935ce05df610d1a77f Mon Sep 17 00:00:00 2001 From: tyler Date: Fri, 22 May 2026 10:30:40 -0600 Subject: [PATCH 2/3] add exports --- packages/trpc/index.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/trpc/index.ts b/packages/trpc/index.ts index 2c70a8203..a78a2c330 100644 --- a/packages/trpc/index.ts +++ b/packages/trpc/index.ts @@ -1,3 +1,5 @@ export * from './src/root'; export * from './src/trpc'; export { getProjectAccess } from './src/access'; +export { getIsRegistrationAllowed } from './src/routers/auth'; +export { TRPCAccessError } from './src/errors' From 2b445ee67fcd7a8d183803abbc6487f8f7488a21 Mon Sep 17 00:00:00 2001 From: tyler Date: Thu, 25 Jun 2026 10:08:00 -0600 Subject: [PATCH 3/3] commit wip --- apps/api/src/controllers/oauth-callback.controller.tsx | 8 -------- packages/trpc/src/routers/auth.ts | 3 --- 2 files changed, 11 deletions(-) diff --git a/apps/api/src/controllers/oauth-callback.controller.tsx b/apps/api/src/controllers/oauth-callback.controller.tsx index 727b67d93..445aef391 100644 --- a/apps/api/src/controllers/oauth-callback.controller.tsx +++ b/apps/api/src/controllers/oauth-callback.controller.tsx @@ -12,7 +12,6 @@ import { type Account, connectUserToOrganization, db } from '@openpanel/db'; import type { FastifyReply, FastifyRequest } from 'fastify'; import { z } from 'zod'; import { LogError } from '@/utils/errors'; -import { getIsRegistrationAllowed, TRPCAccessError } from "@openpanel/trpc"; async function getGithubEmail(githubAccessToken: string) { const emailListRequest = new Request('https://api.github.com/user/emails'); @@ -113,13 +112,6 @@ async function handleNewUser({ ); } - const isRegistrationAllowed = await getIsRegistrationAllowed( - input.inviteId - ); - - if (!isRegistrationAllowed) { - throw TRPCAccessError('Registrations are not allowed'); - } const user = await db.user.create({ data: { diff --git a/packages/trpc/src/routers/auth.ts b/packages/trpc/src/routers/auth.ts index 65f114308..52e6dd556 100644 --- a/packages/trpc/src/routers/auth.ts +++ b/packages/trpc/src/routers/auth.ts @@ -68,9 +68,6 @@ export async function getIsRegistrationAllowed(inviteId?: string | null) { // 2. If there is an invite, check if it is valid if (inviteId) { - if (process.env.ALLOW_INVITATION === 'false') { - return false; - } const invite = await db.invite.findUnique({ where: {