From 59893a505baf7cb98d66e47429cd0a8c72380bbe Mon Sep 17 00:00:00 2001
From: Deep Singhvi <deep@buildwithfern.com>
Date: Sun, 28 Apr 2024 19:13:46 -0400
Subject: [PATCH] (fix): await ownership check and only throw only in the api
 route (#719)

---
 .github/workflows/ci.yml                               |  2 +-
 packages/template-resolver/package.json                |  4 ++--
 .../src/controllers/docs/v2/getDocsWriteV2Service.ts   |  5 ++++-
 servers/fdr/src/db/docs/DocsV2Dao.ts                   | 10 +++-------
 4 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1b15992a9a..ead615fc7a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -54,7 +54,7 @@ jobs:
         run: pnpm lint:monorepo
 
       - name: Lint style
-        run: pnpm turbo lint:style format:check
+        run: pnpm turbo lint:style
 
       - name: eslint
         run: pnpm lint:eslint
diff --git a/packages/template-resolver/package.json b/packages/template-resolver/package.json
index e5e609081b..3165075106 100644
--- a/packages/template-resolver/package.json
+++ b/packages/template-resolver/package.json
@@ -12,8 +12,8 @@
   "scripts": {
     "compile": "tsc --build",
     "clean": "rm -rf ./dist && tsc --build --clean",
-    "format": "prettier --write --ignore-unknown --ignore-path ../../../shared/.prettierignore \"**\"",
-    "format:check": "prettier --check --ignore-unknown --ignore-path ../../../shared/.prettierignore \"**\"",
+    "format": "prettier --write --ignore-unknown --ignore-path ../../shared/.prettierignore \"**\"",
+    "format:check": "prettier --check --ignore-unknown --ignore-path ../../shared/.prettierignore \"**\"",
     "lint:eslint": "eslint --max-warnings 0 . --ignore-path=../../.eslintignore",
     "lint:eslint:fix": "pnpm lint:eslint --fix",
     "lint:style": "stylelint 'src/**/*.scss' --allow-empty-input --max-warnings 0",
diff --git a/servers/fdr/src/controllers/docs/v2/getDocsWriteV2Service.ts b/servers/fdr/src/controllers/docs/v2/getDocsWriteV2Service.ts
index eec8b0ee57..f9ccc5d10d 100644
--- a/servers/fdr/src/controllers/docs/v2/getDocsWriteV2Service.ts
+++ b/servers/fdr/src/controllers/docs/v2/getDocsWriteV2Service.ts
@@ -59,10 +59,13 @@ export function getDocsWriteV2Service(app: FdrApplication): DocsV2WriteService {
             const customUrls = validateAndParseCustomDomainUrl({ customUrls: req.body.customDomains });
 
             // ensure that the domains are not already registered by another org
-            app.dao.docsV2().checkDomainsDontBelongToAnotherOrg(
+            const hasOwnership = await app.dao.docsV2().checkDomainsDontBelongToAnotherOrg(
                 [fernUrl, ...customUrls].map((url) => url.getFullUrl()),
                 req.body.orgId,
             );
+            if (!hasOwnership) {
+                throw new FdrAPI.DomainBelongsToAnotherOrgError();
+            }
 
             const docsRegistrationId = uuidv4();
             const s3FileInfos = await app.services.s3.getPresignedUploadUrls({
diff --git a/servers/fdr/src/db/docs/DocsV2Dao.ts b/servers/fdr/src/db/docs/DocsV2Dao.ts
index d4e10975f3..83fafab907 100644
--- a/servers/fdr/src/db/docs/DocsV2Dao.ts
+++ b/servers/fdr/src/db/docs/DocsV2Dao.ts
@@ -29,7 +29,7 @@ export interface LoadDocsConfigResponse {
 }
 
 export interface DocsV2Dao {
-    checkDomainsDontBelongToAnotherOrg(domains: string[], orgId: string): Promise<void>;
+    checkDomainsDontBelongToAnotherOrg(domains: string[], orgId: string): Promise<boolean>;
 
     loadDocsForURL(url: URL): Promise<LoadDocsDefinitionByUrlResponse | undefined>;
 
@@ -48,7 +48,7 @@ export interface DocsV2Dao {
 
 export class DocsV2DaoImpl implements DocsV2Dao {
     constructor(private readonly prisma: PrismaClient) {}
-    public async checkDomainsDontBelongToAnotherOrg(domains: string[], orgId: string): Promise<void> {
+    public async checkDomainsDontBelongToAnotherOrg(domains: string[], orgId: string): Promise<boolean> {
         const matchedDomains = await this.prisma.docsV2.findMany({
             select: {
                 orgID: true,
@@ -61,11 +61,7 @@ export class DocsV2DaoImpl implements DocsV2Dao {
             distinct: ["orgID", "domain"],
         });
 
-        matchedDomains.forEach((matchedDomain) => {
-            if (matchedDomain.orgID !== orgId) {
-                throw new FdrAPI.DomainBelongsToAnotherOrgError();
-            }
-        });
+        return matchedDomains.every((matchedDomain) => matchedDomain.orgID === orgId);
     }
 
     public async loadDocsForURL(url: URL): Promise<WithoutQuestionMarks<LoadDocsDefinitionByUrlResponse> | undefined> {