51001cfac1
Fixes #3412 Previously the only way to restrict the domains for a Team were with the ALLOWED_DOMAINS environment variable for self hosted instances. This PR migrates this to be a database backed setting on the Team object. This is done through the creation of a TeamDomain model that is associated with the Team and contains the domain name This settings is updated on the Security Tab. Here domains can be added or removed from the Team. On the server side, we take the code paths that previously were using ALLOWED_DOMAINS and switched them to use the Team allowed domains instead
88 lines
2.5 KiB
JavaScript
88 lines
2.5 KiB
JavaScript
"use strict";
|
|
|
|
const { v4 } = require("uuid");
|
|
|
|
module.exports = {
|
|
up: async (queryInterface, Sequelize) => {
|
|
await queryInterface.sequelize.transaction(async (transaction) => {
|
|
await queryInterface.createTable("team_domains", {
|
|
id: {
|
|
type: Sequelize.UUID,
|
|
allowNull: false,
|
|
primaryKey: true,
|
|
},
|
|
teamId: {
|
|
type: Sequelize.UUID,
|
|
allowNull: false,
|
|
onDelete: "cascade",
|
|
references: {
|
|
model: "teams",
|
|
},
|
|
},
|
|
createdById: {
|
|
type: Sequelize.UUID,
|
|
allowNull: false,
|
|
references: {
|
|
model: "users",
|
|
},
|
|
},
|
|
name: {
|
|
type: Sequelize.STRING,
|
|
allowNull: false,
|
|
},
|
|
createdAt: {
|
|
type: Sequelize.DATE,
|
|
allowNull: false,
|
|
},
|
|
updatedAt: {
|
|
type: Sequelize.DATE,
|
|
allowNull: false,
|
|
},
|
|
}, {
|
|
transaction
|
|
});
|
|
|
|
await queryInterface.addIndex("team_domains", ["teamId", "name"], {
|
|
transaction,
|
|
unique: true,
|
|
});
|
|
|
|
const currentAllowedDomainsEnv = process.env.ALLOWED_DOMAINS || process.env.GOOGLE_ALLOWED_DOMAINS;
|
|
const currentAllowedDomains = currentAllowedDomainsEnv ? currentAllowedDomainsEnv.split(",") : [];
|
|
|
|
if (currentAllowedDomains.length > 0) {
|
|
const [adminUserIDs] = await queryInterface.sequelize.query('select id from users where "isAdmin" = true limit 1', { transaction })
|
|
const adminUserID = adminUserIDs[0]?.id
|
|
|
|
if (adminUserID) {
|
|
const [teams] = await queryInterface.sequelize.query('select id from teams', { transaction })
|
|
const now = new Date();
|
|
|
|
for (const team of teams) {
|
|
for (const domain of currentAllowedDomains) {
|
|
await queryInterface.sequelize.query(`
|
|
INSERT INTO team_domains ("id", "teamId", "createdById", "name", "createdAt", "updatedAt")
|
|
VALUES (:id, :teamId, :createdById, :name, :createdAt, :updatedAt)
|
|
`, {
|
|
replacements: {
|
|
id: v4(),
|
|
teamId: team.id,
|
|
createdById: adminUserID,
|
|
name: domain,
|
|
createdAt: now,
|
|
updatedAt: now,
|
|
},
|
|
transaction,
|
|
}
|
|
);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
});
|
|
},
|
|
down: async (queryInterface) => {
|
|
return queryInterface.dropTable("team_domains");
|
|
},
|
|
};
|