@objectstack/plugin-auth 6.6.0 → 6.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +1 -0
- package/dist/index.d.ts +1 -0
- package/dist/index.js +21 -1
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +21 -2
- package/dist/index.mjs.map +1 -1
- package/package.json +4 -4
package/dist/index.mjs
CHANGED
|
@@ -2,7 +2,6 @@
|
|
|
2
2
|
import {
|
|
3
3
|
SETUP_APP,
|
|
4
4
|
SystemOverviewDashboard,
|
|
5
|
-
SecurityOverviewDashboard,
|
|
6
5
|
SetupAppTranslations
|
|
7
6
|
} from "@objectstack/platform-objects/apps";
|
|
8
7
|
|
|
@@ -831,6 +830,22 @@ var AuthManager = class {
|
|
|
831
830
|
// never seed `sys_environment`) keep working: any lookup error
|
|
832
831
|
// is treated as "no envs to protect".
|
|
833
832
|
organizationHooks: {
|
|
833
|
+
// Gate fresh organization creation behind `OS_MULTI_ORG_ENABLED`.
|
|
834
|
+
// The plugin itself is always installed (so list/update/invite endpoints
|
|
835
|
+
// keep responding); only the `create` operation is denied when the
|
|
836
|
+
// deployment is provisioned in single-org mode. Default is enabled
|
|
837
|
+
// to preserve historical behaviour.
|
|
838
|
+
beforeCreateOrganization: async () => {
|
|
839
|
+
const flag = String(
|
|
840
|
+
globalThis?.process?.env?.OS_MULTI_ORG_ENABLED ?? "true"
|
|
841
|
+
).toLowerCase();
|
|
842
|
+
if (flag === "false") {
|
|
843
|
+
const { APIError } = await import("better-auth/api");
|
|
844
|
+
throw new APIError("FORBIDDEN", {
|
|
845
|
+
message: "Creating additional organizations is disabled on this deployment."
|
|
846
|
+
});
|
|
847
|
+
}
|
|
848
|
+
},
|
|
834
849
|
beforeUpdateOrganization: async ({ organization: organization2, member }) => {
|
|
835
850
|
const newSlug = organization2?.slug;
|
|
836
851
|
const orgId = member?.organizationId;
|
|
@@ -1211,11 +1226,15 @@ var AuthManager = class {
|
|
|
1211
1226
|
requireEmailVerification: emailPasswordConfig.requireEmailVerification ?? false
|
|
1212
1227
|
};
|
|
1213
1228
|
const pluginConfig = this.config.plugins ?? {};
|
|
1229
|
+
const multiOrgEnabled = String(
|
|
1230
|
+
globalThis?.process?.env?.OS_MULTI_ORG_ENABLED ?? "true"
|
|
1231
|
+
).toLowerCase() !== "false";
|
|
1214
1232
|
const features = {
|
|
1215
1233
|
twoFactor: pluginConfig.twoFactor ?? false,
|
|
1216
1234
|
passkeys: pluginConfig.passkeys ?? false,
|
|
1217
1235
|
magicLink: pluginConfig.magicLink ?? false,
|
|
1218
1236
|
organization: pluginConfig.organization ?? true,
|
|
1237
|
+
multiOrgEnabled,
|
|
1219
1238
|
oidcProvider: pluginConfig.oidcProvider ?? false,
|
|
1220
1239
|
deviceAuthorization: pluginConfig.deviceAuthorization ?? false
|
|
1221
1240
|
};
|
|
@@ -1335,7 +1354,7 @@ var AuthPlugin = class {
|
|
|
1335
1354
|
// (e.g. legacy `users.view` had phone/status/active columns that do
|
|
1336
1355
|
// not exist on sys_user). Schema-embedded listViews is the single
|
|
1337
1356
|
// source of truth.
|
|
1338
|
-
dashboards: [SystemOverviewDashboard
|
|
1357
|
+
dashboards: [SystemOverviewDashboard]
|
|
1339
1358
|
});
|
|
1340
1359
|
ctx.logger.info("Auth Plugin initialized successfully");
|
|
1341
1360
|
}
|