fix: update API key deletion authorization check

Siumauricio · Siumauricio · commit d0c92d84ef17 · 2026-03-18T16:33:19.000-06:00
- Changed the authorization check for deleting an API key to use referenceId instead of userId, ensuring proper validation against the current user's ID.
diff --git a/apps/dokploy/server/api/routers/user.ts b/apps/dokploy/server/api/routers/user.ts
@@ -465,7 +465,7 @@ export const userRouter = createTRPCRouter({
 					});
 				}
 
-				if (apiKeyToDelete.userId !== ctx.user.id) {
+				if (apiKeyToDelete.referenceId !== ctx.user.id) {
 					throw new TRPCError({
 						code: "UNAUTHORIZED",
 						message: "You are not authorized to delete this API key",

Original file line number	Diff line number	Diff line change
`@@ -465,7 +465,7 @@ export const userRouter = createTRPCRouter({`
`465`	`465`	`});`
`466`	`466`	`}`
`467`	`467`
`468`		`- if (apiKeyToDelete.userId !== ctx.user.id) {`
	`468`	`+ if (apiKeyToDelete.referenceId !== ctx.user.id) {`
`469`	`469`	`throw new TRPCError({`
`470`	`470`	`code: "UNAUTHORIZED",`
`471`	`471`	`message: "You are not authorized to delete this API key",`