fix: workspace-slug cookie manipulation (#1384) · openstatus.dev/openstatus@edb103b

openstatus.dev / openstatus

fork atom

Openstatus www.openstatus.dev

fork atom

fix: workspace-slug cookie manipulation (#1384)

authored by

Maximilian Kaske and committed by

GitHub 5 months ago edb103b0 5e4a2426

+12 -5

1 changed file

expand all

packages

api

src

trpc.ts

+12 -5

packages/api/src/trpc.ts

··· 179 179 // }); 180 180 // } 181 181 182 - const activeWorkspace = usersToWorkspaces?.find(({ workspace }) => { 183 - // If there is a workspace slug in the cookie, use it to find the workspace 184 - if (workspaceSlug) return workspace.slug === workspaceSlug; 185 - return true; 186 - })?.workspace; 182 + // NOTE: if no workspace slug fit (cookie manipulation), use the first workspace 183 + const activeWorkspace = 184 + usersToWorkspaces?.find(({ workspace }) => { 185 + // If there is a workspace slug in the cookie, use it to find the workspace 186 + if (workspaceSlug) return workspace.slug === workspaceSlug; 187 + return true; 188 + })?.workspace ?? usersToWorkspaces?.[0]?.workspace; 187 189 188 190 if (!activeWorkspace) { 189 191 throw new TRPCError({ 190 192 code: "UNAUTHORIZED", 191 193 message: "Workspace Not Found", 192 194 }); 195 + } 196 + 197 + if (activeWorkspace.slug !== workspaceSlug) { 198 + // properly set the workspace slug cookie 199 + ctx.req?.cookies.set("workspace-slug", activeWorkspace.slug); 193 200 } 194 201 195 202 if (!userProps) {