add explicit service ping calls to user <> organization update paths

brendan-kellam · brendan-kellam · commit cae073d721cf · 2026-04-17T20:57:54.000-07:00
diff --git a/packages/web/src/ee/features/lighthouse/servicePing.ts b/packages/web/src/ee/features/lighthouse/servicePing.ts
@@ -45,7 +45,9 @@ export const syncWithLighthouse = async (orgId: number) => {
         const { entitlements, seats, status } = response.license;
 
         await __unsafePrisma.license.update({
-            where: { orgId: SINGLE_TENANT_ORG_ID },
+            where: {
+                orgId
+            },
             data: {
                 entitlements,
                 seats,
diff --git a/packages/web/src/features/userManagement/actions.ts b/packages/web/src/features/userManagement/actions.ts
@@ -1,6 +1,7 @@
 'use server';
 
 import { createAudit } from "@/ee/features/audit/audit";
+import { syncWithLighthouse } from "@/ee/features/lighthouse/servicePing";
 import InviteUserEmail from "@/emails/inviteUserEmail";
 import JoinRequestApprovedEmail from "@/emails/joinRequestApprovedEmail";
 import { addUserToOrganization, orgHasAvailability } from "@/lib/authUtils";
@@ -11,7 +12,7 @@ import { sew } from "@/middleware/sew";
 import { withAuth } from "@/middleware/withAuth";
 import { withMinimumOrgRole } from "@/middleware/withMinimumOrgRole";
 import { render } from "@react-email/components";
-import { OrgRole, Prisma } from "@sourcebot/db";
+import { OrgRole, Prisma, PrismaClient } from "@sourcebot/db";
 import { createLogger, env, getSMTPConnectionURL } from "@sourcebot/shared";
 import { StatusCodes } from "http-status-codes";
 import { createTransport } from "nodemailer";
@@ -21,48 +22,11 @@ const logger = createLogger('user-management');
 export const removeMemberFromOrg = async (memberId: string): Promise<{ success: boolean } | ServiceError> => sew(() =>
     withAuth(async ({ org, role, prisma }) =>
         withMinimumOrgRole(role, OrgRole.OWNER, async () => {
-            const guardError = await prisma.$transaction(async (tx) => {
-                const targetMember = await tx.userToOrg.findUnique({
-                    where: {
-                        orgId_userId: {
-                            orgId: org.id,
-                            userId: memberId,
-                        }
-                    }
-                });
-
-                if (!targetMember) {
-                    return notFound("Member not found in this organization");
-                }
-
-                if (targetMember.role === OrgRole.OWNER) {
-                    const ownerCount = await tx.userToOrg.count({
-                        where: {
-                            orgId: org.id,
-                            role: OrgRole.OWNER,
-                        },
-                    });
-
-                    if (ownerCount <= 1) {
-                        return {
-                            statusCode: StatusCodes.FORBIDDEN,
-                            errorCode: ErrorCode.LAST_OWNER_CANNOT_BE_REMOVED,
-                            message: "Cannot remove the last owner of the organization.",
-                        } satisfies ServiceError;
-                    }
-                }
-
-                await tx.userToOrg.delete({
-                    where: {
-                        orgId_userId: {
-                            orgId: org.id,
-                            userId: memberId,
-                        }
-                    }
-                });
-
-                return null;
-            }, { isolationLevel: Prisma.TransactionIsolationLevel.Serializable });
+            const guardError = await _removeUserFromOrg(prisma, {
+                orgId: org.id,
+                userId: memberId,
+                lastOwnerMessage: "Cannot remove the last owner of the organization.",
+            });
 
             if (guardError) {
                 return guardError;
@@ -73,36 +37,12 @@ export const removeMemberFromOrg = async (memberId: string): Promise<{ success:
 );
 
 export const leaveOrg = async (): Promise<{ success: boolean } | ServiceError> => sew(() =>
-    withAuth(async ({ user, org, role, prisma }) => {
-        const guardError = await prisma.$transaction(async (tx) => {
-            if (role === OrgRole.OWNER) {
-                const ownerCount = await tx.userToOrg.count({
-                    where: {
-                        orgId: org.id,
-                        role: OrgRole.OWNER,
-                    },
-                });
-
-                if (ownerCount <= 1) {
-                    return {
-                        statusCode: StatusCodes.FORBIDDEN,
-                        errorCode: ErrorCode.LAST_OWNER_CANNOT_BE_REMOVED,
-                        message: "You are the last owner of this organization. Promote another member to owner before leaving.",
-                    } satisfies ServiceError;
-                }
-            }
-
-            await tx.userToOrg.delete({
-                where: {
-                    orgId_userId: {
-                        orgId: org.id,
-                        userId: user.id,
-                    }
-                }
-            });
-
-            return null;
-        }, { isolationLevel: Prisma.TransactionIsolationLevel.Serializable });
+    withAuth(async ({ user, org, prisma }) => {
+        const guardError = await _removeUserFromOrg(prisma, {
+            orgId: org.id,
+            userId: user.id,
+            lastOwnerMessage: "You are the last owner of this organization. Promote another member to owner before leaving.",
+        });
 
         if (guardError) {
             return guardError;
@@ -113,6 +53,64 @@ export const leaveOrg = async (): Promise<{ success: boolean } | ServiceError> =
         }
     }));
 
+
+const _removeUserFromOrg = async (
+    prisma: PrismaClient,
+    { orgId, userId, lastOwnerMessage }: { orgId: number; userId: string; lastOwnerMessage: string },
+): Promise<ServiceError | null> => {
+    const result = await prisma.$transaction(async (tx) => {
+        const target = await tx.userToOrg.findUnique({
+            where: {
+                orgId_userId: {
+                    orgId,
+                    userId,
+                }
+            }
+        });
+
+        if (!target) {
+            return notFound("Member not found in this organization");
+        }
+
+        if (target.role === OrgRole.OWNER) {
+            const ownerCount = await tx.userToOrg.count({
+                where: {
+                    orgId,
+                    role: OrgRole.OWNER,
+                },
+            });
+
+            if (ownerCount <= 1) {
+                return {
+                    statusCode: StatusCodes.FORBIDDEN,
+                    errorCode: ErrorCode.LAST_OWNER_CANNOT_BE_REMOVED,
+                    message: lastOwnerMessage,
+                } satisfies ServiceError;
+            }
+        }
+
+        await tx.userToOrg.delete({
+            where: {
+                orgId_userId: {
+                    orgId,
+                    userId,
+                }
+            }
+        });
+
+        return null;
+    }, { isolationLevel: Prisma.TransactionIsolationLevel.Serializable });
+
+    // Sync with lighthouse s.t., the subscription
+    // quantity will update immediately.
+    if (!isServiceError(result)) {
+        await syncWithLighthouse(orgId);
+    }
+
+    return result;
+};
+
+
 export const rejectAccountRequest = async (requestId: string) => sew(() =>
     withAuth(async ({ org, role, prisma }) =>
         withMinimumOrgRole(role, OrgRole.OWNER, async () => {
diff --git a/packages/web/src/lib/authUtils.ts b/packages/web/src/lib/authUtils.ts
@@ -2,12 +2,12 @@ import type { User as AuthJsUser } from "next-auth";
 import { __unsafePrisma } from "@/prisma";
 import { OrgRole } from "@sourcebot/db";
 import { SINGLE_TENANT_ORG_ID } from "@/lib/constants";
-import { isServiceError } from "@/lib/utils";
 import { orgNotFound, ServiceError, userNotFound } from "@/lib/serviceError";
 import { createLogger, getSeatCap } from "@sourcebot/shared";
 import { createAudit } from "@/ee/features/audit/audit";
 import { StatusCodes } from "http-status-codes";
 import { ErrorCode } from "./errorCodes";
+import { syncWithLighthouse } from "@/ee/features/lighthouse/servicePing";
 
 const logger = createLogger('web-auth-utils');
 
@@ -124,6 +124,10 @@ export const onCreateUser = async ({ user }: { user: AuthJsUser }) => {
     // authUtils -> posthog -> auth -> authUtils
     const { captureEvent } = await import("@/lib/posthog");
     await captureEvent('wa_user_created', { userId: user.id });
+
+    // Sync with lighthouse s.t., the subscription
+    // quantity will update immediately.
+    await syncWithLighthouse(defaultOrg.id);
 };
 
 
@@ -188,7 +192,7 @@ export const addUserToOrganization = async (userId: string, orgId: number): Prom
         } satisfies ServiceError;
     }
 
-    const res = await __unsafePrisma.$transaction(async (tx) => {
+    await __unsafePrisma.$transaction(async (tx) => {
         await tx.userToOrg.create({
             data: {
                 userId: user.id,
@@ -234,10 +238,9 @@ export const addUserToOrganization = async (userId: string, orgId: number): Prom
         }
     });
 
-    if (isServiceError(res)) {
-        logger.error(`addUserToOrganization: failed to add user ${userId} to org ${orgId}: ${res.message}`);
-        return res;
-    }
+    // Sync with lighthouse s.t., the subscription
+    // quantity will update immediately.
+    await syncWithLighthouse(org.id);
 
     return {
         success: true,
