Add more tier matrix checks

2026-03-02 08:46:38 +00:00 · 2026-02-09 19:52:28 -08:00
parent 5ca598139e
commit 0850a28d20
8 changed files with 35 additions and 13 deletions
--- a/server/routers/badger/verifySession.ts
+++ b/server/routers/badger/verifySession.ts
@@ -17,7 +17,7 @@ import {
    ResourceHeaderAuthExtendedCompatibility,
    ResourcePassword,
    ResourcePincode,
-    ResourceRule,
+    ResourceRule
 } from "@server/db";
 import config from "@server/lib/config";
 import { isIpInCidr, stripPortFromHost } from "@server/lib/ip";
@@ -40,6 +40,7 @@ import { logRequestAudit } from "./logRequestAudit";
 import cache from "@server/lib/cache";
 import { APP_VERSION } from "@server/lib/consts";
 import { isSubscribed } from "#private/lib/isSubscribed";
+import { tierMatrix } from "@server/lib/billing/tierMatrix";

 const verifyResourceSessionSchema = z.object({
    sessions: z.record(z.string(), z.string()).optional(),
@@ -796,7 +797,10 @@ async function notAllowed(
 ) {
    let loginPage: LoginPage | null = null;
    if (orgId) {
-        const subscribed = await isSubscribed(orgId);
+        const subscribed = await isSubscribed(
+            orgId,
+            tierMatrix.loginPageDomain
+        );
        if (subscribed) {
            loginPage = await getOrgLoginPage(orgId);
        }
@@ -850,7 +854,7 @@ async function headerAuthChallenged(
 ) {
    let loginPage: LoginPage | null = null;
    if (orgId) {
-        const subscribed = await isSubscribed(orgId);
+        const subscribed = await isSubscribed(orgId, tierMatrix.loginPageDomain);
        if (subscribed) {
            loginPage = await getOrgLoginPage(orgId);
        }
@@ -1037,7 +1041,11 @@ export function isPathAllowed(pattern: string, path: string): boolean {
    const MAX_RECURSION_DEPTH = 100;

    // Recursive function to try different wildcard matches
-    function matchSegments(patternIndex: number, pathIndex: number, depth: number = 0): boolean {
+    function matchSegments(
+        patternIndex: number,
+        pathIndex: number,
+        depth: number = 0
+    ): boolean {
        // Check recursion depth limit
        if (depth > MAX_RECURSION_DEPTH) {
            logger.warn(
@@ -1123,7 +1131,11 @@ export function isPathAllowed(pattern: string, path: string): boolean {
                logger.debug(
                    `${indent}Segment with wildcard matches: "${currentPatternPart}" matches "${currentPathPart}"`
                );
-                return matchSegments(patternIndex + 1, pathIndex + 1, depth + 1);
+                return matchSegments(
+                    patternIndex + 1,
+                    pathIndex + 1,
+                    depth + 1
+                );
            }

            logger.debug(