d25d482dc2
Publish CLI Package / publish-npm (push) Waiting to run
Publish Python SDK / publish-pypi (push) Waiting to run
Publish TypeScript SDK / publish-npm (push) Waiting to run
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
315 lines
10 KiB
TypeScript
315 lines
10 KiB
TypeScript
import { AuditAction, AuditResourceType, recordAudit } from '@sim/audit'
|
|
import { db } from '@sim/db'
|
|
import { member, organization, subscription as subscriptionTable } from '@sim/db/schema'
|
|
import { createLogger } from '@sim/logger'
|
|
import { isOrgAdminRole } from '@sim/platform-authz/workspace'
|
|
import { getErrorMessage } from '@sim/utils/errors'
|
|
import { and, eq, inArray, or } from 'drizzle-orm'
|
|
import type { NextRequest } from 'next/server'
|
|
import { NextResponse } from 'next/server'
|
|
import { createOrganizationBodySchema } from '@/lib/api/contracts/organization'
|
|
import { listCreatorOrganizationsContract } from '@/lib/api/contracts/organizations'
|
|
import { getValidationErrorMessage, parseRequest } from '@/lib/api/server'
|
|
import { getSession } from '@/lib/auth'
|
|
import { setActiveOrganizationForCurrentSession } from '@/lib/auth/active-organization'
|
|
import {
|
|
createOrganizationForTeamPlan,
|
|
ensureOrganizationForTeamSubscription,
|
|
} from '@/lib/billing/organization'
|
|
import {
|
|
OrganizationSlugInvalidError,
|
|
OrganizationSlugTakenError,
|
|
} from '@/lib/billing/organizations/create-organization'
|
|
import { isOrgPlan } from '@/lib/billing/plan-helpers'
|
|
import { ENTITLED_SUBSCRIPTION_STATUSES } from '@/lib/billing/subscriptions/utils'
|
|
import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
|
|
import { captureServerEvent } from '@/lib/posthog/server'
|
|
import {
|
|
attachOwnedWorkspacesToOrganization,
|
|
WorkspaceOrganizationMembershipConflictError,
|
|
} from '@/lib/workspaces/organization-workspaces'
|
|
|
|
const logger = createLogger('OrganizationsAPI')
|
|
|
|
export const GET = withRouteHandler(async (request: NextRequest) => {
|
|
try {
|
|
const session = await getSession()
|
|
|
|
if (!session?.user?.id) {
|
|
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
|
}
|
|
|
|
const parsed = await parseRequest(listCreatorOrganizationsContract, request, {})
|
|
if (!parsed.success) return parsed.response
|
|
|
|
const userOrganizations = await db
|
|
.select({
|
|
id: organization.id,
|
|
name: organization.name,
|
|
role: member.role,
|
|
})
|
|
.from(member)
|
|
.innerJoin(organization, eq(member.organizationId, organization.id))
|
|
.where(
|
|
and(
|
|
eq(member.userId, session.user.id),
|
|
or(eq(member.role, 'owner'), eq(member.role, 'admin'))
|
|
)
|
|
)
|
|
|
|
const anyMembership = await db
|
|
.select({ id: member.id })
|
|
.from(member)
|
|
.where(eq(member.userId, session.user.id))
|
|
.limit(1)
|
|
|
|
return NextResponse.json({
|
|
organizations: userOrganizations,
|
|
isMemberOfAnyOrg: anyMembership.length > 0,
|
|
})
|
|
} catch (error) {
|
|
logger.error('Failed to fetch organizations', {
|
|
error: getErrorMessage(error, 'Unknown error'),
|
|
stack: error instanceof Error ? error.stack : undefined,
|
|
})
|
|
|
|
return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
|
|
}
|
|
})
|
|
|
|
export const POST = withRouteHandler(async (request: Request) => {
|
|
try {
|
|
const session = await getSession()
|
|
|
|
if (!session?.user?.id) {
|
|
return NextResponse.json({ error: 'Unauthorized - no active session' }, { status: 401 })
|
|
}
|
|
|
|
const user = session.user
|
|
|
|
let organizationName = user.name
|
|
let organizationSlug: string | undefined
|
|
|
|
const rawBody = await request.json().catch(() => ({}))
|
|
const parsedBody = createOrganizationBodySchema.safeParse(rawBody)
|
|
if (!parsedBody.success) {
|
|
return NextResponse.json(
|
|
{ error: getValidationErrorMessage(parsedBody.error, 'Invalid request body') },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
if (parsedBody.data.name) {
|
|
organizationName = parsedBody.data.name
|
|
}
|
|
if (parsedBody.data.slug) {
|
|
organizationSlug = parsedBody.data.slug
|
|
}
|
|
|
|
const existingOrgMembership = await db
|
|
.select({
|
|
organizationId: member.organizationId,
|
|
role: member.role,
|
|
})
|
|
.from(member)
|
|
.where(eq(member.userId, user.id))
|
|
.limit(1)
|
|
|
|
const existingAdminMembership =
|
|
existingOrgMembership.length > 0 && isOrgAdminRole(existingOrgMembership[0].role)
|
|
? existingOrgMembership[0]
|
|
: null
|
|
|
|
if (existingOrgMembership.length > 0 && !existingAdminMembership) {
|
|
return NextResponse.json(
|
|
{
|
|
error:
|
|
'You are already a member of an organization. Leave your current organization before creating a new one.',
|
|
},
|
|
{ status: 409 }
|
|
)
|
|
}
|
|
|
|
const subscriptionReferenceIds = existingAdminMembership
|
|
? [user.id, existingAdminMembership.organizationId]
|
|
: [user.id]
|
|
|
|
const activeOrgSubscriptions = await db
|
|
.select({
|
|
id: subscriptionTable.id,
|
|
plan: subscriptionTable.plan,
|
|
referenceId: subscriptionTable.referenceId,
|
|
status: subscriptionTable.status,
|
|
seats: subscriptionTable.seats,
|
|
})
|
|
.from(subscriptionTable)
|
|
.where(
|
|
and(
|
|
inArray(subscriptionTable.referenceId, subscriptionReferenceIds),
|
|
inArray(subscriptionTable.status, ENTITLED_SUBSCRIPTION_STATUSES)
|
|
)
|
|
)
|
|
|
|
const activeOrgSubscription =
|
|
(existingAdminMembership
|
|
? activeOrgSubscriptions.find(
|
|
(subscription) =>
|
|
isOrgPlan(subscription.plan) &&
|
|
subscription.referenceId === existingAdminMembership.organizationId
|
|
)
|
|
: undefined) ??
|
|
activeOrgSubscriptions.find(
|
|
(subscription) => isOrgPlan(subscription.plan) && subscription.referenceId === user.id
|
|
) ??
|
|
activeOrgSubscriptions.find((subscription) => isOrgPlan(subscription.plan))
|
|
|
|
if (!activeOrgSubscription) {
|
|
return NextResponse.json(
|
|
{ error: 'Organization creation requires an active Team or Enterprise subscription.' },
|
|
{ status: 403 }
|
|
)
|
|
}
|
|
|
|
logger.info('Creating organization for team plan', {
|
|
userId: user.id,
|
|
userName: user.name,
|
|
userEmail: user.email,
|
|
organizationName,
|
|
organizationSlug,
|
|
existingOrganizationId: existingAdminMembership?.organizationId ?? null,
|
|
subscriptionReferenceId: activeOrgSubscription.referenceId,
|
|
})
|
|
|
|
let organizationId: string
|
|
let createdOrganization = false
|
|
|
|
if (existingAdminMembership) {
|
|
organizationId = existingAdminMembership.organizationId
|
|
|
|
if (activeOrgSubscription.referenceId === organizationId) {
|
|
await attachOwnedWorkspacesToOrganization({
|
|
ownerUserId: user.id,
|
|
organizationId,
|
|
})
|
|
} else {
|
|
const resolvedSubscription =
|
|
await ensureOrganizationForTeamSubscription(activeOrgSubscription)
|
|
|
|
if (resolvedSubscription.referenceId !== organizationId) {
|
|
logger.error('Recovered organization did not match existing owner/admin membership', {
|
|
userId: user.id,
|
|
expectedOrganizationId: organizationId,
|
|
resolvedReferenceId: resolvedSubscription.referenceId,
|
|
subscriptionId: activeOrgSubscription.id,
|
|
})
|
|
throw new Error('Organization recovery resolved to an unexpected subscription owner')
|
|
}
|
|
}
|
|
} else {
|
|
createdOrganization = true
|
|
organizationId = await createOrganizationForTeamPlan(
|
|
user.id,
|
|
organizationName || undefined,
|
|
user.email,
|
|
organizationSlug
|
|
)
|
|
|
|
const resolvedSubscription =
|
|
await ensureOrganizationForTeamSubscription(activeOrgSubscription)
|
|
|
|
if (resolvedSubscription.referenceId !== organizationId) {
|
|
logger.error('Newly created organization was not attached to the active subscription', {
|
|
userId: user.id,
|
|
expectedOrganizationId: organizationId,
|
|
resolvedReferenceId: resolvedSubscription.referenceId,
|
|
subscriptionId: activeOrgSubscription.id,
|
|
})
|
|
throw new Error('Failed to link the new organization to the active subscription')
|
|
}
|
|
}
|
|
|
|
try {
|
|
await setActiveOrganizationForCurrentSession(organizationId)
|
|
} catch (error) {
|
|
logger.error('Failed to activate organization after creation', {
|
|
organizationId,
|
|
userId: user.id,
|
|
error: getErrorMessage(error),
|
|
})
|
|
}
|
|
|
|
logger.info('Successfully ensured organization for team plan', {
|
|
userId: user.id,
|
|
organizationId,
|
|
createdOrganization,
|
|
})
|
|
|
|
if (createdOrganization) {
|
|
recordAudit({
|
|
workspaceId: null,
|
|
actorId: user.id,
|
|
action: AuditAction.ORGANIZATION_CREATED,
|
|
resourceType: AuditResourceType.ORGANIZATION,
|
|
resourceId: organizationId,
|
|
actorName: user.name ?? undefined,
|
|
actorEmail: user.email ?? undefined,
|
|
resourceName: organizationName ?? undefined,
|
|
description: `Created organization "${organizationName}"`,
|
|
metadata: { organizationSlug },
|
|
request,
|
|
})
|
|
captureServerEvent(
|
|
user.id,
|
|
'organization_created',
|
|
{
|
|
organization_id: organizationId,
|
|
...(organizationName ? { name: organizationName } : {}),
|
|
},
|
|
{ groups: { organization: organizationId } }
|
|
)
|
|
}
|
|
|
|
return NextResponse.json({
|
|
success: true,
|
|
organizationId,
|
|
created: createdOrganization,
|
|
})
|
|
} catch (error) {
|
|
if (error instanceof OrganizationSlugInvalidError) {
|
|
return NextResponse.json(
|
|
{
|
|
error:
|
|
'Organization slug can only contain lowercase letters, numbers, hyphens, and underscores.',
|
|
},
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
if (error instanceof OrganizationSlugTakenError) {
|
|
return NextResponse.json({ error: 'This slug is already taken' }, { status: 400 })
|
|
}
|
|
|
|
if (error instanceof WorkspaceOrganizationMembershipConflictError) {
|
|
return NextResponse.json(
|
|
{
|
|
error:
|
|
'One or more members of your existing shared workspaces already belong to another organization. Remove them from those workspaces before converting them to organization-owned workspaces.',
|
|
},
|
|
{ status: 409 }
|
|
)
|
|
}
|
|
|
|
logger.error('Failed to create organization for team plan', {
|
|
error: getErrorMessage(error, 'Unknown error'),
|
|
stack: error instanceof Error ? error.stack : undefined,
|
|
})
|
|
|
|
return NextResponse.json(
|
|
{
|
|
error: 'Failed to create organization',
|
|
message: getErrorMessage(error, 'Unknown error'),
|
|
},
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
})
|