wip

brendan-kellam · brendan-kellam · commit cf2a4024c2ca · 2026-04-03T17:06:57.000-07:00
diff --git a/packages/web/src/actions.ts b/packages/web/src/actions.ts
@@ -24,7 +24,7 @@ import JoinRequestApprovedEmail from "./emails/joinRequestApprovedEmail";
 import JoinRequestSubmittedEmail from "./emails/joinRequestSubmittedEmail";
 import { AGENTIC_SEARCH_TUTORIAL_DISMISSED_COOKIE_NAME, MOBILE_UNSUPPORTED_SPLASH_SCREEN_DISMISSED_COOKIE_NAME, SINGLE_TENANT_ORG_ID, SOURCEBOT_SUPPORT_EMAIL } from "./lib/constants";
 import { RepositoryQuery } from "./lib/types";
-import { withAuth, withOptionalAuth, withAuth_skipOrgMembershipCheck } from "./middleware/withAuth";
+import { withAuth, withOptionalAuth } from "./middleware/withAuth";
 import { withMinimumOrgRole } from "./middleware/withMinimumOrgRole";
 import { getBrowsePath } from "./app/(app)/browse/hooks/utils";
 import { sew } from "@/middleware/sew";
@@ -758,116 +758,6 @@ export const getMe = async () => sew(() =>
         }
     }));
 
-export const redeemInvite = async (inviteId: string): Promise<{ success: boolean } | ServiceError> => sew(() =>
-    withAuth_skipOrgMembershipCheck(async ({ user, prisma }) => {
-        const invite = await prisma.invite.findUnique({
-            where: {
-                id: inviteId,
-            },
-            include: {
-                org: true,
-            }
-        });
-
-        if (!invite) {
-            return notFound();
-        }
-
-        const failAuditCallback = async (error: string) => {
-            await auditService.createAudit({
-                action: "user.invite_accept_failed",
-                actor: {
-                    id: user.id,
-                    type: "user"
-                },
-                target: {
-                    id: inviteId,
-                    type: "invite"
-                },
-                orgId: invite.org.id,
-                metadata: {
-                    message: error
-                }
-            });
-        }
-
-
-        const hasAvailability = await orgHasAvailability();
-        if (!hasAvailability) {
-            await failAuditCallback("Organization is at max capacity");
-            return {
-                statusCode: StatusCodes.BAD_REQUEST,
-                errorCode: ErrorCode.ORG_SEAT_COUNT_REACHED,
-                message: "Organization is at max capacity",
-            } satisfies ServiceError;
-        }
-
-        // Check if the user is the recipient of the invite
-        if (user.email !== invite.recipientEmail) {
-            await failAuditCallback("User is not the recipient of the invite");
-            return notFound();
-        }
-
-        const addUserToOrgRes = await addUserToOrganization(user.id, invite.orgId);
-        if (isServiceError(addUserToOrgRes)) {
-            await failAuditCallback(addUserToOrgRes.message);
-            return addUserToOrgRes;
-        }
-
-        await auditService.createAudit({
-            action: "user.invite_accepted",
-            actor: {
-                id: user.id,
-                type: "user"
-            },
-            orgId: invite.org.id,
-            target: {
-                id: inviteId,
-                type: "invite"
-            }
-        });
-
-        return {
-            success: true,
-        }
-    }));
-
-export const getInviteInfo = async (inviteId: string) => sew(() =>
-    withAuth_skipOrgMembershipCheck(async ({ user, prisma }) => {
-        const invite = await prisma.invite.findUnique({
-            where: {
-                id: inviteId,
-            },
-            include: {
-                org: true,
-                host: true,
-            }
-        });
-
-        if (!invite) {
-            return notFound();
-        }
-
-        if (invite.recipientEmail !== user.email) {
-            return notFound();
-        }
-
-        return {
-            id: invite.id,
-            orgName: invite.org.name,
-            orgImageUrl: invite.org.imageUrl ?? undefined,
-            host: {
-                name: invite.host.name ?? undefined,
-                email: invite.host.email!,
-                avatarUrl: invite.host.image ?? undefined,
-            },
-            recipient: {
-                name: user.name ?? undefined,
-                email: user.email!,
-            }
-        }
-    }));
-
 export const getOrgMembers = async () => sew(() =>
     withAuth(async ({ org, prisma }) => {
         const members = await prisma.userToOrg.findMany({
diff --git a/packages/web/src/app/components/joinOrganizationButton.tsx b/packages/web/src/app/components/joinOrganizationButton.tsx
@@ -7,7 +7,6 @@ import { useState } from "react";
 import { Loader2 } from "lucide-react";
 import { joinOrganization } from "../invite/actions";
 import { isServiceError } from "@/lib/utils";
-import { SINGLE_TENANT_ORG_ID } from "@/lib/constants";
 
 export function JoinOrganizationButton({ inviteLinkId }: { inviteLinkId?: string }) {
     const [isLoading, setIsLoading] = useState(false);
@@ -18,7 +17,7 @@ export function JoinOrganizationButton({ inviteLinkId }: { inviteLinkId?: string
         setIsLoading(true);
         
         try {
-            const result = await joinOrganization(SINGLE_TENANT_ORG_ID, inviteLinkId);
+            const result = await joinOrganization(inviteLinkId);
             
             if (isServiceError(result)) {
                 toast({
diff --git a/packages/web/src/app/invite/actions.ts b/packages/web/src/app/invite/actions.ts
@@ -1,51 +1,185 @@
 "use server";
 
 import { isServiceError } from "@/lib/utils";
-import { orgNotFound, ServiceError } from "@/lib/serviceError";
+import { notAuthenticated, notFound, orgNotFound, ServiceError } from "@/lib/serviceError";
 import { sew } from "@/middleware/sew";
-import { addUserToOrganization } from "@/lib/authUtils";
-import { withAuth_skipOrgMembershipCheck } from "@/middleware/withAuth";
+import { addUserToOrganization, orgHasAvailability } from "@/lib/authUtils";
 import { StatusCodes } from "http-status-codes";
 import { ErrorCode } from "@/lib/errorCodes";
+import { getAuthenticatedUser } from "@/middleware/withAuth";
+import { __unsafePrisma } from "@/prisma";
+import { SINGLE_TENANT_ORG_ID } from "@/lib/constants";
+import { getAuditService } from "@/ee/features/audit/factory";
 
-export const joinOrganization = async (orgId: number, inviteLinkId?: string) => sew(async () =>
-    withAuth_skipOrgMembershipCheck(async ({ user, prisma }) => {
-        const org = await prisma.org.findUnique({
-            where: {
-                id: orgId,
-            },
-        });
+const auditService = getAuditService();
+
+export const joinOrganization = async (inviteLinkId?: string) => sew(async () => {
+    const authResult = await getAuthenticatedUser();
+    if (!authResult) {
+        return notAuthenticated();
+    }
+
+    const { user } = authResult;
 
-        if (!org) {
-            return orgNotFound();
+    const org = await __unsafePrisma.org.findUnique({
+        where: {
+            id: SINGLE_TENANT_ORG_ID,
+        },
+    });
+
+    if (!org) {
+        return orgNotFound();
+    }
+
+
+    // If member approval is required we must be using a valid invite link
+    if (org.memberApprovalRequired) {
+        if (!org.inviteLinkEnabled) {
+            return {
+                statusCode: StatusCodes.BAD_REQUEST,
+                errorCode: ErrorCode.INVITE_LINK_NOT_ENABLED,
+                message: "Invite link is not enabled.",
+            } satisfies ServiceError;
         }
 
-        // If member approval is required we must be using a valid invite link
-        if (org.memberApprovalRequired) {
-            if (!org.inviteLinkEnabled) {
-                return {
-                    statusCode: StatusCodes.BAD_REQUEST,
-                    errorCode: ErrorCode.INVITE_LINK_NOT_ENABLED,
-                    message: "Invite link is not enabled.",
-                } satisfies ServiceError;
-            }
+        if (org.inviteLinkId !== inviteLinkId) {
+            return {
+                statusCode: StatusCodes.BAD_REQUEST,
+                errorCode: ErrorCode.INVALID_INVITE_LINK,
+                message: "Invalid invite link.",
+            } satisfies ServiceError;
+        }
+    }
+
+    const addUserToOrgRes = await addUserToOrganization(user.id, org.id);
+    if (isServiceError(addUserToOrgRes)) {
+        return addUserToOrgRes;
+    }
+
+    return {
+        success: true,
+    }
+});
+
+export const redeemInvite = async (inviteId: string): Promise<{ success: boolean; } | ServiceError> => sew(async () => {
+    const authResult = await getAuthenticatedUser();
+    if (!authResult) {
+        return notAuthenticated();
+    }
+
+    const { user } = authResult;
+
+    const invite = await __unsafePrisma.invite.findUnique({
+        where: {
+            id: inviteId,
+        },
+        include: {
+            org: true,
+        }
+    });
+
+    if (!invite) {
+        return notFound();
+    }
 
-            if (org.inviteLinkId !== inviteLinkId) {
-                return {
-                    statusCode: StatusCodes.BAD_REQUEST,
-                    errorCode: ErrorCode.INVALID_INVITE_LINK,
-                    message: "Invalid invite link.",
-                } satisfies ServiceError;
+    const failAuditCallback = async (error: string) => {
+        await auditService.createAudit({
+            action: "user.invite_accept_failed",
+            actor: {
+                id: user.id,
+                type: "user"
+            },
+            target: {
+                id: inviteId,
+                type: "invite"
+            },
+            orgId: invite.org.id,
+            metadata: {
+                message: error
             }
+        });
+    };
+
+    const hasAvailability = await orgHasAvailability();
+    if (!hasAvailability) {
+        await failAuditCallback("Organization is at max capacity");
+        return {
+            statusCode: StatusCodes.BAD_REQUEST,
+            errorCode: ErrorCode.ORG_SEAT_COUNT_REACHED,
+            message: "Organization is at max capacity",
+        } satisfies ServiceError;
+    }
+
+    // Check if the user is the recipient of the invite
+    if (user.email !== invite.recipientEmail) {
+        await failAuditCallback("User is not the recipient of the invite");
+        return notFound();
+    }
+
+    const addUserToOrgRes = await addUserToOrganization(user.id, invite.orgId);
+    if (isServiceError(addUserToOrgRes)) {
+        await failAuditCallback(addUserToOrgRes.message);
+        return addUserToOrgRes;
+    }
+
+    await auditService.createAudit({
+        action: "user.invite_accepted",
+        actor: {
+            id: user.id,
+            type: "user"
+        },
+        orgId: invite.org.id,
+        target: {
+            id: inviteId,
+            type: "invite"
         }
+    });
 
-        const addUserToOrgRes = await addUserToOrganization(user.id, org.id);
-        if (isServiceError(addUserToOrgRes)) {
-            return addUserToOrgRes;
+    return {
+        success: true,
+    };
+});
+
+
+export const getInviteInfo = async (inviteId: string) => sew(async () => {
+    const authResult = await getAuthenticatedUser();
+    if (!authResult) {
+        return notAuthenticated();
+    }
+
+    const { user } = authResult;
+
+    const invite = await __unsafePrisma.invite.findUnique({
+        where: {
+            id: inviteId,
+        },
+        include: {
+            org: true,
+            host: true,
         }
+    });
 
-        return {
-            success: true,
+    if (!invite) {
+        return notFound();
+    }
+
+    if (invite.recipientEmail !== user.email) {
+        return notFound();
+    }
+
+    return {
+        id: invite.id,
+        orgName: invite.org.name,
+        orgImageUrl: invite.org.imageUrl ?? undefined,
+        host: {
+            name: invite.host.name ?? undefined,
+            email: invite.host.email!,
+            avatarUrl: invite.host.image ?? undefined,
+        },
+        recipient: {
+            name: user.name ?? undefined,
+            email: user.email!,
         }
-    })
-) 
+    };
+});
+
diff --git a/packages/web/src/app/redeem/components/acceptInviteCard.tsx b/packages/web/src/app/redeem/components/acceptInviteCard.tsx
@@ -9,7 +9,7 @@ import placeholderAvatar from "@/public/placeholder_avatar.png";
 import { ArrowRight, Loader2 } from "lucide-react";
 import { Button } from "@/components/ui/button";
 import { useCallback, useState } from "react";
-import { redeemInvite } from "@/actions";
+import { redeemInvite } from "@/app/invite/actions";
 import { useRouter } from "next/navigation";
 import { useToast } from "@/components/hooks/use-toast";
 import { isServiceError } from "@/lib/utils";
diff --git a/packages/web/src/app/redeem/page.tsx b/packages/web/src/app/redeem/page.tsx
@@ -1,6 +1,6 @@
 import { notFound, redirect } from 'next/navigation';
 import { auth } from "@/auth";
-import { getInviteInfo } from "@/actions";
+import { getInviteInfo } from "../invite/actions";
 import { isServiceError } from "@/lib/utils";
 import { AcceptInviteCard } from './components/acceptInviteCard';
 import { LogoutEscapeHatch } from '../components/logoutEscapeHatch';
diff --git a/packages/web/src/middleware/withAuth.ts b/packages/web/src/middleware/withAuth.ts
