2fa policy check working

2026-03-12 05:36:38 +00:00 · 2025-10-24 14:31:50 -07:00
parent ddcf77a62d
commit 629f17294a
16 changed files with 724 additions and 88 deletions
--- a/src/app/[orgId]/layout.tsx
+++ b/src/app/[orgId]/layout.tsx
@@ -1,7 +1,11 @@
-import { internal } from "@app/lib/api";
+import { formatAxiosError, internal } from "@app/lib/api";
 import { authCookieHeader } from "@app/lib/api/cookies";
 import { verifySession } from "@app/lib/auth/verifySession";
-import { GetOrgResponse } from "@server/routers/org";
+import {
+    CheckOrgUserAccessResponse,
+    GetOrgResponse,
+    ListUserOrgsResponse
+} from "@server/routers/org";
 import { GetOrgUserResponse } from "@server/routers/user";
 import { AxiosResponse } from "axios";
 import { redirect } from "next/navigation";
@@ -11,6 +15,9 @@ import SubscriptionStatusProvider from "@app/providers/SubscriptionStatusProvide
 import { GetOrgSubscriptionResponse } from "@server/routers/billing/types";
 import { pullEnv } from "@app/lib/pullEnv";
 import { build } from "@server/build";
+import OrgPolicyResult from "@app/components/OrgPolicyResult";
+import UserProvider from "@app/providers/UserProvider";
+import { Layout } from "@app/components/Layout";

 export default async function OrgLayout(props: {
    children: React.ReactNode;
@@ -32,25 +39,46 @@ export default async function OrgLayout(props: {
        redirect(`/`);
    }

+    let accessRes: CheckOrgUserAccessResponse | null = null;
    try {
-        const getOrgUser = cache(() =>
-            internal.get<AxiosResponse<GetOrgUserResponse>>(
-                `/org/${orgId}/user/${user.userId}`,
+        const checkOrgAccess = cache(() =>
+            internal.get<AxiosResponse<CheckOrgUserAccessResponse>>(
+                `/org/${orgId}/user/${user.userId}/check`,
                cookie
            )
        );
-        const orgUser = await getOrgUser();
-    } catch {
+        const res = await checkOrgAccess();
+        accessRes = res.data.data;
+    } catch (e) {
        redirect(`/`);
    }

-    try {
-        const getOrg = cache(() =>
-            internal.get<AxiosResponse<GetOrgResponse>>(`/org/${orgId}`, cookie)
+    if (!accessRes?.allowed) {
+        // For non-admin users, show the member resources portal
+        let orgs: ListUserOrgsResponse["orgs"] = [];
+        try {
+            const getOrgs = cache(async () =>
+                internal.get<AxiosResponse<ListUserOrgsResponse>>(
+                    `/user/${user.userId}/orgs`,
+                    await authCookieHeader()
+                )
+            );
+            const res = await getOrgs();
+            if (res && res.data.data.orgs) {
+                orgs = res.data.data.orgs;
+            }
+        } catch (e) {}
+        return (
+            <UserProvider user={user}>
+                <Layout orgId={orgId} navItems={[]} orgs={orgs}>
+                    <OrgPolicyResult
+                        orgId={orgId}
+                        userId={user.userId}
+                        accessRes={accessRes}
+                    />
+                </Layout>
+            </UserProvider>
        );
-        await getOrg();
-    } catch {
-        redirect(`/`);
    }

    let subscriptionStatus = null;