diff --git a/src/app/dashboard/[teamIdOrSlug]/layout.tsx b/src/app/dashboard/[teamIdOrSlug]/layout.tsx index 3e16ebb80..32d2da0d8 100644 --- a/src/app/dashboard/[teamIdOrSlug]/layout.tsx +++ b/src/app/dashboard/[teamIdOrSlug]/layout.tsx @@ -4,6 +4,7 @@ import { AUTH_URLS } from '@/configs/urls' import { DashboardContextProvider } from '@/features/dashboard/context' import DashboardLayoutView from '@/features/dashboard/layout/layout' import Sidebar from '@/features/dashboard/sidebar/sidebar' +import { l } from '@/lib/clients/logger/logger' import { getSessionInsecure } from '@/server/auth/get-session' import getUserByToken from '@/server/auth/get-user-by-token' import { getTeam } from '@/server/team/get-team' @@ -11,6 +12,7 @@ import { SidebarInset, SidebarProvider } from '@/ui/primitives/sidebar' import { cookies } from 'next/headers' import { redirect, unauthorized } from 'next/navigation' import { Metadata } from 'next/types' +import { serializeError } from 'serialize-error' export const metadata: Metadata = { title: 'Dashboard - E2B', @@ -48,6 +50,17 @@ export default async function DashboardLayout({ const team = teamRes?.data if (!team) { + l.warn( + { + key: 'dashboard_layout:team_not_resolved', + user_id: data.user.id, + error: serializeError(teamRes?.serverError), + context: { + teamIdOrSlug, + }, + }, + `dashboard_layout:team_not_resolved - team not resolved for user (${data.user.id}) when accessing team (${teamIdOrSlug}) in dashboard layout` + ) throw unauthorized() } diff --git a/src/lib/clients/action.ts b/src/lib/clients/action.ts index 6d18b2e0a..c10213002 100644 --- a/src/lib/clients/action.ts +++ b/src/lib/clients/action.ts @@ -215,12 +215,32 @@ export const withTeamIdResolution = createMiddleware<{ const teamId = await getTeamIdFromSegment(clientInput.teamIdOrSlug as string) if (!teamId) { + l.warn( + { + key: 'with_team_id_resolution:invalid_team_id_or_slug', + context: { + teamIdOrSlug: clientInput.teamIdOrSlug, + }, + }, + `with_team_id_resolution:invalid_team_id_or_slug - invalid team id or slug provided through withTeamIdResolution middleware: ${clientInput.teamIdOrSlug}` + ) + throw unauthorized() } const isAuthorized = await checkUserTeamAuthorization(ctx.user.id, teamId) if (!isAuthorized) { + l.warn( + { + key: 'with_team_id_resolution:user_not_authorized', + context: { + teamIdOrSlug: clientInput.teamIdOrSlug, + }, + }, + `with_team_id_resolution:user_not_authorized - user not authorized to access team: ${clientInput.teamIdOrSlug}` + ) + throw unauthorized() } diff --git a/src/lib/schemas/team.ts b/src/lib/schemas/team.ts index e83c4a6c8..1ffe1164e 100644 --- a/src/lib/schemas/team.ts +++ b/src/lib/schemas/team.ts @@ -2,10 +2,10 @@ import { z } from 'zod' export const TeamIdOrSlugSchema = z.union([ z.uuid(), - z - .string() - .regex( - /^[a-z0-9]+(-[a-z0-9]+)*$/i, - 'Must be a valid slug (words separated by hyphens)' - ), + z.string(), + // FIXME: Add correct team regex as in db slug generation + // .regex( + // /^[a-z0-9]+(-[a-z0-9]+)*$/i, + // 'Must be a valid slug (words separated by hyphens)' + // ), ]) diff --git a/src/server/team/get-team-id-from-segment.ts b/src/server/team/get-team-id-from-segment.ts index c89681745..bb94c3cb9 100644 --- a/src/server/team/get-team-id-from-segment.ts +++ b/src/server/team/get-team-id-from-segment.ts @@ -1,4 +1,4 @@ -import 'server-cli-only' +import 'server-only' import { CACHE_TAGS } from '@/configs/cache' import { l } from '@/lib/clients/logger/logger' @@ -29,7 +29,16 @@ export const getTeamIdFromSegment = async (segment: string) => { } if (z.uuid().safeParse(segment).success) { - return segment + // make sure this uuid is a valid teamId and is not it's slug + const { data } = await supabaseAdmin + .from('teams') + .select('id') + .not('slug', 'eq', segment) + .eq('id', segment) + + if (data?.length) { + return data[0]!.id + } } const { data, error } = await supabaseAdmin