feedbacl

Author: brendan-kellam

packages/web/src/actions.ts

@@ -26,7 +26,7 @@ import JoinRequestApprovedEmail from "./emails/joinRequestApprovedEmail";
 import JoinRequestSubmittedEmail from "./emails/joinRequestSubmittedEmail";
 import { AGENTIC_SEARCH_TUTORIAL_DISMISSED_COOKIE_NAME, MOBILE_UNSUPPORTED_SPLASH_SCREEN_DISMISSED_COOKIE_NAME, SOURCEBOT_SUPPORT_EMAIL } from "./lib/constants";
 import { ApiKeyPayload, RepositoryQuery } from "./lib/types";
-import { withAuthV2, withOptionalAuthV2, withMinimumOrgRole } from "./withAuthV2";
+import { withAuthV2, withOptionalAuthV2, withMinimumOrgRole, withAuthV2_skipOrgMembershipCheck } from "./withAuthV2";
 import { getBrowsePath } from "./app/[domain]/browse/hooks/utils";
 
 const logger = createLogger('web-actions');
@@ -834,7 +834,7 @@ export const getMe = async () => sew(() =>
     }));
 
 export const redeemInvite = async (inviteId: string): Promise<{ success: boolean } | ServiceError> => sew(() =>
-    withAuthV2(async ({ user, prisma }) => {
+    withAuthV2_skipOrgMembershipCheck(async ({ user, prisma }) => {
         const invite = await prisma.invite.findUnique({
             where: {
                 id: inviteId,
@@ -908,7 +908,7 @@ export const redeemInvite = async (inviteId: string): Promise<{ success: boolean
     }));
 
 export const getInviteInfo = async (inviteId: string) => sew(() =>
-    withAuthV2(async ({ user, prisma }) => {
+    withAuthV2_skipOrgMembershipCheck(async ({ user, prisma }) => {
         const invite = await prisma.invite.findUnique({
             where: {
                 id: inviteId,

packages/web/src/app/invite/actions.ts

@@ -4,12 +4,12 @@ import { isServiceError } from "@/lib/utils";
 import { orgNotFound, ServiceError } from "@/lib/serviceError";
 import { sew } from "@/actions";
 import { addUserToOrganization } from "@/lib/authUtils";
-import { withAuthV2 } from "@/withAuthV2";
+import { withAuthV2_skipOrgMembershipCheck } from "@/withAuthV2";
 import { StatusCodes } from "http-status-codes";
 import { ErrorCode } from "@/lib/errorCodes";
 
 export const joinOrganization = async (orgId: number, inviteLinkId?: string) => sew(async () =>
-    withAuthV2(async ({ user, prisma }) => {
+    withAuthV2_skipOrgMembershipCheck(async ({ user, prisma }) => {
         const org = await prisma.org.findUnique({
             where: {
                 id: orgId,

packages/web/src/withAuthV2.ts

@@ -10,20 +10,41 @@ import { ErrorCode } from "./lib/errorCodes";
 import { getOrgMetadata, isServiceError } from "./lib/utils";
 import { hasEntitlement } from "@sourcebot/shared";
 
-interface OptionalAuthContext {
+type OptionalAuthContext = {
     user?: UserWithAccounts;
     org: Org;
     role: OrgRole;
     prisma: PrismaClient;
 }
 
-interface RequiredAuthContext {
+type RequiredAuthContext = {
     user: UserWithAccounts;
     org: Org;
     role: Exclude<OrgRole, 'GUEST'>;
     prisma: PrismaClient;
 }
 
+/**
+ * Requires a logged-in user but does NOT check org membership.
+ * Use this for actions where the user may not yet be a member
+ * of the org (e.g. joining an org, redeeming an invite).
+ */
+export const withAuthV2_skipOrgMembershipCheck = async <T>(fn: (params: Omit<RequiredAuthContext, 'role'> & { role: OrgRole; }) => Promise<T>) => {
+    const authContext = await getAuthContext();
+
+    if (isServiceError(authContext)) {
+        return authContext;
+    }
+
+    const { user, prisma, org, role } = authContext;
+
+    if (!user) {
+        return notAuthenticated();
+    }
+
+    return fn({ user, prisma, org, role });
+};
+
 export const withAuthV2 = async <T>(fn: (params: RequiredAuthContext) => Promise<T>) => {
     const authContext = await getAuthContext();