@objectstack/plugin-auth 6.6.0 → 6.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.d.mts +1 -0
  2. package/dist/index.d.ts +1 -0
  3. package/dist/index.js +21 -1
  4. package/dist/index.js.map +1 -1
  5. package/dist/index.mjs +21 -2
  6. package/dist/index.mjs.map +1 -1
  7. package/package.json +4 -4
package/dist/index.d.mts CHANGED
@@ -336,6 +336,7 @@ declare class AuthManager {
336
336
  passkeys: boolean;
337
337
  magicLink: boolean;
338
338
  organization: boolean;
339
+ multiOrgEnabled: boolean;
339
340
  oidcProvider: boolean;
340
341
  deviceAuthorization: boolean;
341
342
  };
package/dist/index.d.ts CHANGED
@@ -336,6 +336,7 @@ declare class AuthManager {
336
336
  passkeys: boolean;
337
337
  magicLink: boolean;
338
338
  organization: boolean;
339
+ multiOrgEnabled: boolean;
339
340
  oidcProvider: boolean;
340
341
  deviceAuthorization: boolean;
341
342
  };
package/dist/index.js CHANGED
@@ -895,6 +895,22 @@ var AuthManager = class {
895
895
  // never seed `sys_environment`) keep working: any lookup error
896
896
  // is treated as "no envs to protect".
897
897
  organizationHooks: {
898
+ // Gate fresh organization creation behind `OS_MULTI_ORG_ENABLED`.
899
+ // The plugin itself is always installed (so list/update/invite endpoints
900
+ // keep responding); only the `create` operation is denied when the
901
+ // deployment is provisioned in single-org mode. Default is enabled
902
+ // to preserve historical behaviour.
903
+ beforeCreateOrganization: async () => {
904
+ const flag = String(
905
+ globalThis?.process?.env?.OS_MULTI_ORG_ENABLED ?? "true"
906
+ ).toLowerCase();
907
+ if (flag === "false") {
908
+ const { APIError } = await import("better-auth/api");
909
+ throw new APIError("FORBIDDEN", {
910
+ message: "Creating additional organizations is disabled on this deployment."
911
+ });
912
+ }
913
+ },
898
914
  beforeUpdateOrganization: async ({ organization: organization2, member }) => {
899
915
  const newSlug = organization2?.slug;
900
916
  const orgId = member?.organizationId;
@@ -1275,11 +1291,15 @@ var AuthManager = class {
1275
1291
  requireEmailVerification: emailPasswordConfig.requireEmailVerification ?? false
1276
1292
  };
1277
1293
  const pluginConfig = this.config.plugins ?? {};
1294
+ const multiOrgEnabled = String(
1295
+ globalThis?.process?.env?.OS_MULTI_ORG_ENABLED ?? "true"
1296
+ ).toLowerCase() !== "false";
1278
1297
  const features = {
1279
1298
  twoFactor: pluginConfig.twoFactor ?? false,
1280
1299
  passkeys: pluginConfig.passkeys ?? false,
1281
1300
  magicLink: pluginConfig.magicLink ?? false,
1282
1301
  organization: pluginConfig.organization ?? true,
1302
+ multiOrgEnabled,
1283
1303
  oidcProvider: pluginConfig.oidcProvider ?? false,
1284
1304
  deviceAuthorization: pluginConfig.deviceAuthorization ?? false
1285
1305
  };
@@ -1380,7 +1400,7 @@ var AuthPlugin = class {
1380
1400
  // (e.g. legacy `users.view` had phone/status/active columns that do
1381
1401
  // not exist on sys_user). Schema-embedded listViews is the single
1382
1402
  // source of truth.
1383
- dashboards: [import_apps.SystemOverviewDashboard, import_apps.SecurityOverviewDashboard]
1403
+ dashboards: [import_apps.SystemOverviewDashboard]
1384
1404
  });
1385
1405
  ctx.logger.info("Auth Plugin initialized successfully");
1386
1406
  }