(fix): await ownership check and only throw only in the api route (#719)

fern-api · Apr 28, 2024 · 59893a5 · 59893a5
1 parent 8a124e7
commit 59893a5
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 11 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -54,7 +54,7 @@ jobs:
         run: pnpm lint:monorepo
 
       - name: Lint style
-        run: pnpm turbo lint:style format:check
+        run: pnpm turbo lint:style
 
       - name: eslint
         run: pnpm lint:eslint

diff --git a/packages/template-resolver/package.json b/packages/template-resolver/package.json
@@ -12,8 +12,8 @@
   "scripts": {
     "compile": "tsc --build",
     "clean": "rm -rf ./dist && tsc --build --clean",
-    "format": "prettier --write --ignore-unknown --ignore-path ../../../shared/.prettierignore \"**\"",
-    "format:check": "prettier --check --ignore-unknown --ignore-path ../../../shared/.prettierignore \"**\"",
+    "format": "prettier --write --ignore-unknown --ignore-path ../../shared/.prettierignore \"**\"",
+    "format:check": "prettier --check --ignore-unknown --ignore-path ../../shared/.prettierignore \"**\"",
     "lint:eslint": "eslint --max-warnings 0 . --ignore-path=../../.eslintignore",
     "lint:eslint:fix": "pnpm lint:eslint --fix",
     "lint:style": "stylelint 'src/**/*.scss' --allow-empty-input --max-warnings 0",

diff --git a/servers/fdr/src/controllers/docs/v2/getDocsWriteV2Service.ts b/servers/fdr/src/controllers/docs/v2/getDocsWriteV2Service.ts
@@ -59,10 +59,13 @@ export function getDocsWriteV2Service(app: FdrApplication): DocsV2WriteService {
             const customUrls = validateAndParseCustomDomainUrl({ customUrls: req.body.customDomains });
 
             // ensure that the domains are not already registered by another org
-            app.dao.docsV2().checkDomainsDontBelongToAnotherOrg(
+            const hasOwnership = await app.dao.docsV2().checkDomainsDontBelongToAnotherOrg(
                 [fernUrl, ...customUrls].map((url) => url.getFullUrl()),
                 req.body.orgId,
             );
+            if (!hasOwnership) {
+                throw new FdrAPI.DomainBelongsToAnotherOrgError();
+            }
 
             const docsRegistrationId = uuidv4();
             const s3FileInfos = await app.services.s3.getPresignedUploadUrls({

diff --git a/servers/fdr/src/db/docs/DocsV2Dao.ts b/servers/fdr/src/db/docs/DocsV2Dao.ts
@@ -29,7 +29,7 @@ export interface LoadDocsConfigResponse {
 }
 
 export interface DocsV2Dao {
-    checkDomainsDontBelongToAnotherOrg(domains: string[], orgId: string): Promise<void>;
+    checkDomainsDontBelongToAnotherOrg(domains: string[], orgId: string): Promise<boolean>;
 
     loadDocsForURL(url: URL): Promise<LoadDocsDefinitionByUrlResponse | undefined>;
 
@@ -48,7 +48,7 @@ export interface DocsV2Dao {
 
 export class DocsV2DaoImpl implements DocsV2Dao {
     constructor(private readonly prisma: PrismaClient) {}
-    public async checkDomainsDontBelongToAnotherOrg(domains: string[], orgId: string): Promise<void> {
+    public async checkDomainsDontBelongToAnotherOrg(domains: string[], orgId: string): Promise<boolean> {
         const matchedDomains = await this.prisma.docsV2.findMany({
             select: {
                 orgID: true,
@@ -61,11 +61,7 @@ export class DocsV2DaoImpl implements DocsV2Dao {
             distinct: ["orgID", "domain"],
         });
 
-        matchedDomains.forEach((matchedDomain) => {
-            if (matchedDomain.orgID !== orgId) {
-                throw new FdrAPI.DomainBelongsToAnotherOrgError();
-            }
-        });
+        return matchedDomains.every((matchedDomain) => matchedDomain.orgID === orgId);
     }
 
     public async loadDocsForURL(url: URL): Promise<WithoutQuestionMarks<LoadDocsDefinitionByUrlResponse> | undefined> {