feat: Migrate allowedDomains to a Team Level Settings (#3489)

Fixes #3412 Previously the only way to restrict the domains for a Team were with the ALLOWED_DOMAINS environment variable for self hosted instances. This PR migrates this to be a database backed setting on the Team object. This is done through the creation of a TeamDomain model that is associated with the Team and contains the domain name This settings is updated on the Security Tab. Here domains can be added or removed from the Team. On the server side, we take the code paths that previously were using ALLOWED_DOMAINS and switched them to use the Team allowed domains instead
2022-05-17 20:26:29 -04:00
parent 18e0d936ef
commit 51001cfac1
27 changed files with 622 additions and 78 deletions
--- a/server/models/Team.ts
+++ b/server/models/Team.ts
@@ -27,6 +27,7 @@ import { publicS3Endpoint, uploadToS3FromUrl } from "@server/utils/s3";
 import AuthenticationProvider from "./AuthenticationProvider";
 import Collection from "./Collection";
 import Document from "./Document";
+import TeamDomain from "./TeamDomain";
 import User from "./User";
 import ParanoidModel from "./base/ParanoidModel";
 import Fix from "./decorators/Fix";
@@ -238,6 +239,15 @@ class Team extends ParanoidModel {
    return models.map((c) => c.id);
  };

+  isDomainAllowed = async function (domain: string) {
+    const allowedDomains = (await this.$get("allowedDomains")) || [];
+
+    return (
+      allowedDomains.length === 0 ||
+      allowedDomains.map((d: TeamDomain) => d.name).includes(domain)
+    );
+  };
+
  // associations

  @HasMany(() => Collection)
@@ -252,8 +262,10 @@ class Team extends ParanoidModel {
  @HasMany(() => AuthenticationProvider)
  authenticationProviders: AuthenticationProvider[];

-  // hooks
+  @HasMany(() => TeamDomain)
+  allowedDomains: TeamDomain[];

+  // hooks
  @BeforeSave
  static uploadAvatar = async (model: Team) => {
    const endpoint = publicS3Endpoint();