cal.pub0.org/packages/trpc/server/routers/viewer/organizations/create.handler.ts

import { createHash } from "crypto";
import { totp } from "otplib";

import { sendOrganizationEmailVerification } from "@calcom/emails";
import { hashPassword } from "@calcom/features/auth/lib/hashPassword";
import { subdomainSuffix } from "@calcom/features/ee/organizations/lib/orgDomains";
import { IS_PRODUCTION, IS_TEAM_BILLING_ENABLED } from "@calcom/lib/constants";
import { getTranslation } from "@calcom/lib/server/i18n";
import { prisma } from "@calcom/prisma";
import { MembershipRole } from "@calcom/prisma/enums";

import { TRPCError } from "@trpc/server";

import type { TrpcSessionUser } from "../../../trpc";
import type { TCreateInputSchema } from "./create.schema";

type CreateOptions = {
  ctx: {
    user: NonNullable<TrpcSessionUser>;
  };
  input: TCreateInputSchema;
};

const vercelCreateDomain = async (domain: string) => {
  const response = await fetch(
    `https://api.vercel.com/v8/projects/${process.env.PROJECT_ID_VERCEL}/domains?teamId=${process.env.TEAM_ID_VERCEL}`,
    {
      body: `{\n  "name": "${domain}.${subdomainSuffix()}"\n}`,
      headers: {
        Authorization: `Bearer ${process.env.AUTH_BEARER_TOKEN_VERCEL}`,
        "Content-Type": "application/json",
      },
      method: "POST",
    }
  );

  const data = await response.json();

  // Domain is already owned by another team but you can request delegation to access it
  if (data.error?.code === "forbidden")
    throw new TRPCError({ code: "CONFLICT", message: "domain_taken_team" });

  // Domain is already being used by a different project
  if (data.error?.code === "domain_taken")
    throw new TRPCError({ code: "CONFLICT", message: "domain_taken_project" });

  return true;
};

export const createHandler = async ({ input }: CreateOptions) => {
  const { slug, name, adminEmail, adminUsername, check } = input;

  const userCollisions = await prisma.user.findUnique({
    where: {
      email: adminEmail,
    },
  });

  const slugCollisions = await prisma.team.findFirst({
    where: {
      slug: slug,
      metadata: {
        path: ["isOrganization"],
        equals: true,
      },
    },
  });

  if (slugCollisions) throw new TRPCError({ code: "BAD_REQUEST", message: "organization_url_taken" });
  if (userCollisions) throw new TRPCError({ code: "BAD_REQUEST", message: "admin_email_taken" });

  const password = createHash("md5")
    .update(`${adminEmail}${process.env.CALENDSO_ENCRYPTION_KEY}`)
    .digest("hex");
  const hashedPassword = await hashPassword(password);

  if (check === false) {
    const createOwnerOrg = await prisma.user.create({
      data: {
        username: adminUsername,
        email: adminEmail,
        emailVerified: new Date(),
        password: hashedPassword,
        organization: {
          create: {
            name,
            ...(!IS_TEAM_BILLING_ENABLED && { slug }),
            metadata: {
              requestedSlug: slug,
              isOrganization: true,
            },
          },
        },
      },
    });

    if (IS_PRODUCTION) await vercelCreateDomain(slug);

    await prisma.membership.create({
      data: {
        userId: createOwnerOrg.id,
        role: MembershipRole.OWNER,
        accepted: true,
        teamId: createOwnerOrg.organizationId!,
      },
    });

    return { user: { ...createOwnerOrg, password } };
  } else {
    const language = await getTranslation(input.language ?? "en", "common");

    const secret = createHash("md5")
      .update(adminEmail + process.env.CALENDSO_ENCRYPTION_KEY)
      .digest("hex");

    totp.options = { step: 90 };
    const code = totp.generate(secret);

    await sendOrganizationEmailVerification({
      user: {
        email: adminEmail,
      },
      code,
      language,
    });
  }

  // Sync Services: Close.com
  //closeComUpsertOrganizationUser(createTeam, ctx.user, MembershipRole.OWNER);

  return { checked: true };
};
feat: Organizations (#8993) * Initial commit * Adding feature flag * feat: Orgs Schema Changing `scopedMembers` to `orgUsers` (#9209) * Change scopedMembers to orgMembers * Change to orgUsers * Letting duplicate slugs for teams to support orgs * Covering null on unique clauses * Supporting having the orgId in the session cookie * feat: organization event type filter (#9253) Signed-off-by: Udit Takkar <udit.07814802719@cse.mait.ac.in> * Missing changes to support orgs schema changes * feat: Onboarding process to create an organization (#9184) * Desktop first banner, mobile pending * Removing dead code and img * WIP * Adds Email verification template+translations for organizations (#9202) * First step done * Merge branch 'feat/organizations-onboarding' of github.com:calcom/cal.com into feat/organizations-onboarding * Step 2 done, avatar not working * Covering null on unique clauses * Onboarding admins step * Last step to create teams * Moving change password handler, improving verifying code flow * Clearing error before submitting * Reverting email testing api changes * Reverting having the banner for now * Consistent exported components * Remove unneeded files from banner * Removing uneeded code * Fixing avatar selector * Using meta component for head/descr * Missing i18n strings * Feedback * Making an org avatar (temp) * Check for subteams slug clashes with usernames * Fixing create teams onsuccess * feedback * Making sure we check requestedSlug now --------- Co-authored-by: sean-brydon <55134778+sean-brydon@users.noreply.github.com> * feat: [CAL-1816] Organization subdomain support (#9345) * Desktop first banner, mobile pending * Removing dead code and img * WIP * Adds Email verification template+translations for organizations (#9202) * First step done * Merge branch 'feat/organizations-onboarding' of github.com:calcom/cal.com into feat/organizations-onboarding * Step 2 done, avatar not working * Covering null on unique clauses * Onboarding admins step * Last step to create teams * Moving change password handler, improving verifying code flow * Clearing error before submitting * Reverting email testing api changes * Reverting having the banner for now * Consistent exported components * Remove unneeded files from banner * Removing uneeded code * Fixing avatar selector * Using meta component for head/descr * Missing i18n strings * Feedback * Making an org avatar (temp) * Check for subteams slug clashes with usernames * Fixing create teams onsuccess * Covering users and subteams, excluding non-org users * Unpublished teams shows correctly * Create subdomain in Vercel * feedback * Renaming Vercel env vars * Vercel domain check before creation * Supporting cal-staging.com * Change to have vercel detect it * vercel domain check data message error * Remove check domain * Making sure we check requestedSlug now * Feedback and unneeded code * Reverting unneeded changes * Unneeded changes --------- Co-authored-by: sean-brydon <55134778+sean-brydon@users.noreply.github.com> * Vercel subdomain creation in PROD only * Making sure we let localhost still work * Feedback * Type check fixes * feat: Organization branding in side menu (#9279) * Desktop first banner, mobile pending * Removing dead code and img * WIP * Adds Email verification template+translations for organizations (#9202) * First step done * Merge branch 'feat/organizations-onboarding' of github.com:calcom/cal.com into feat/organizations-onboarding * Step 2 done, avatar not working * Covering null on unique clauses * Onboarding admins step * Last step to create teams * Moving change password handler, improving verifying code flow * Clearing error before submitting * Reverting email testing api changes * Reverting having the banner for now * Consistent exported components * Remove unneeded files from banner * Removing uneeded code * Fixing avatar selector * Org branding provider used in shell sidebar * Using meta component for head/descr * Missing i18n strings * Feedback * Making an org avatar (temp) * Using org avatar (temp) * Not showing org logo if not set * User onboarding with org branding (slug) * Check for subteams slug clashes with usernames * Fixing create teams onsuccess * feedback * Feedback * Org public profile * Public profiles for team event types * Added setup profile alert * Using org avatar on subteams avatar * Making sure we show the set up profile on org only * Profile username availability rely on org hook * Update apps/web/pages/team/[slug].tsx Co-authored-by: sean-brydon <55134778+sean-brydon@users.noreply.github.com> * Update apps/web/pages/team/[slug].tsx Co-authored-by: sean-brydon <55134778+sean-brydon@users.noreply.github.com> --------- Co-authored-by: sean-brydon <55134778+sean-brydon@users.noreply.github.com> * feat: Organization support for event types page (#9449) * Desktop first banner, mobile pending * Removing dead code and img * WIP * Adds Email verification template+translations for organizations (#9202) * First step done * Merge branch 'feat/organizations-onboarding' of github.com:calcom/cal.com into feat/organizations-onboarding * Step 2 done, avatar not working * Covering null on unique clauses * Onboarding admins step * Last step to create teams * Moving change password handler, improving verifying code flow * Clearing error before submitting * Reverting email testing api changes * Reverting having the banner for now * Consistent exported components * Remove unneeded files from banner * Removing uneeded code * Fixing avatar selector * Org branding provider used in shell sidebar * Using meta component for head/descr * Missing i18n strings * Feedback * Making an org avatar (temp) * Using org avatar (temp) * Not showing org logo if not set * User onboarding with org branding (slug) * Check for subteams slug clashes with usernames * Fixing create teams onsuccess * feedback * Feedback * Org public profile * Public profiles for team event types * Added setup profile alert * Using org avatar on subteams avatar * Processing orgs and children as profile options * Reverting change not belonging to this PR * Making sure we show the set up profile on org only * Removing console.log * Comparing memberships to choose the highest one --------- Co-authored-by: sean-brydon <55134778+sean-brydon@users.noreply.github.com> * Type errors * Refactor and type fixes * Update orgDomains.ts * Feedback * Reverting * NIT * fix issue getting org slug from domain * Improving orgDomains util * Host comes with port * Update useRouterQuery.ts * Feedback * Feedback * Feedback * Feedback: SSR for user event-types to have org context * chore: Cache node_modules (#9492) * Adding check for cache hit * Adding a separate install step first * Put the restore cache steps back * Revert the uses type for restoring cache * Added step to restore nm cache * Removed the cache-hit check * Comments and naming * Removed extra install command * Updated the name of the linting step to be more clear * Removes the need for useEffect here * Feedback * Feedback * Cookie domain needs a dot * Type fix * Update apps/web/public/static/locales/en/common.json Co-authored-by: Omar López <zomars@me.com> * Update packages/emails/src/templates/OrganizationAccountVerifyEmail.tsx * Feedback --------- Signed-off-by: Udit Takkar <udit.07814802719@cse.mait.ac.in> Co-authored-by: Joe Au-Yeung <65426560+joeauyeung@users.noreply.github.com> Co-authored-by: Udit Takkar <53316345+Udit-takkar@users.noreply.github.com> Co-authored-by: sean-brydon <55134778+sean-brydon@users.noreply.github.com> Co-authored-by: zomars <zomars@me.com> Co-authored-by: Efraín Rochín <roae.85@gmail.com> Co-authored-by: Keith Williams <keithwillcode@gmail.com> 2023-06-14 21:40:20 +00:00			`import { createHash } from "crypto";`
			`import { totp } from "otplib";`

			`import { sendOrganizationEmailVerification } from "@calcom/emails";`
			`import { hashPassword } from "@calcom/features/auth/lib/hashPassword";`
			`import { subdomainSuffix } from "@calcom/features/ee/organizations/lib/orgDomains";`
			`import { IS_PRODUCTION, IS_TEAM_BILLING_ENABLED } from "@calcom/lib/constants";`
			`import { getTranslation } from "@calcom/lib/server/i18n";`
			`import { prisma } from "@calcom/prisma";`
			`import { MembershipRole } from "@calcom/prisma/enums";`

			`import { TRPCError } from "@trpc/server";`

			`import type { TrpcSessionUser } from "../../../trpc";`
			`import type { TCreateInputSchema } from "./create.schema";`

			`type CreateOptions = {`
			`ctx: {`
			`user: NonNullable<TrpcSessionUser>;`
			`};`
			`input: TCreateInputSchema;`
			`};`

			`const vercelCreateDomain = async (domain: string) => {`
			`const response = await fetch(`
			`https://api.vercel.com/v8/projects/${process.env.PROJECT_ID_VERCEL}/domains?teamId=${process.env.TEAM_ID_VERCEL}`,
			`{`
			body: `{\n "name": "${domain}.${subdomainSuffix()}"\n}`,
			`headers: {`
			Authorization: `Bearer ${process.env.AUTH_BEARER_TOKEN_VERCEL}`,
			`"Content-Type": "application/json",`
			`},`
			`method: "POST",`
			`}`
			`);`

			`const data = await response.json();`

			`// Domain is already owned by another team but you can request delegation to access it`
			`if (data.error?.code === "forbidden")`
			`throw new TRPCError({ code: "CONFLICT", message: "domain_taken_team" });`

			`// Domain is already being used by a different project`
			`if (data.error?.code === "domain_taken")`
			`throw new TRPCError({ code: "CONFLICT", message: "domain_taken_project" });`

			`return true;`
			`};`

			`export const createHandler = async ({ input }: CreateOptions) => {`
			`const { slug, name, adminEmail, adminUsername, check } = input;`

			`const userCollisions = await prisma.user.findUnique({`
			`where: {`
			`email: adminEmail,`
			`},`
			`});`

			`const slugCollisions = await prisma.team.findFirst({`
			`where: {`
			`slug: slug,`
			`metadata: {`
			`path: ["isOrganization"],`
			`equals: true,`
			`},`
			`},`
			`});`

			`if (slugCollisions) throw new TRPCError({ code: "BAD_REQUEST", message: "organization_url_taken" });`
			`if (userCollisions) throw new TRPCError({ code: "BAD_REQUEST", message: "admin_email_taken" });`

			`const password = createHash("md5")`
			.update(`${adminEmail}${process.env.CALENDSO_ENCRYPTION_KEY}`)
			`.digest("hex");`
			`const hashedPassword = await hashPassword(password);`

			`if (check === false) {`
			`const createOwnerOrg = await prisma.user.create({`
			`data: {`
			`username: adminUsername,`
			`email: adminEmail,`
			`emailVerified: new Date(),`
			`password: hashedPassword,`
			`organization: {`
			`create: {`
			`name,`
			`...(!IS_TEAM_BILLING_ENABLED && { slug }),`
			`metadata: {`
			`requestedSlug: slug,`
			`isOrganization: true,`
			`},`
			`},`
			`},`
			`},`
			`});`

			`if (IS_PRODUCTION) await vercelCreateDomain(slug);`

			`await prisma.membership.create({`
			`data: {`
			`userId: createOwnerOrg.id,`
			`role: MembershipRole.OWNER,`
			`accepted: true,`
			`teamId: createOwnerOrg.organizationId!,`
			`},`
			`});`

			`return { user: { ...createOwnerOrg, password } };`
			`} else {`
			`const language = await getTranslation(input.language ?? "en", "common");`

			`const secret = createHash("md5")`
			`.update(adminEmail + process.env.CALENDSO_ENCRYPTION_KEY)`
			`.digest("hex");`

			`totp.options = { step: 90 };`
			`const code = totp.generate(secret);`

			`await sendOrganizationEmailVerification({`
			`user: {`
			`email: adminEmail,`
			`},`
			`code,`
			`language,`
			`});`
			`}`

			`// Sync Services: Close.com`
			`//closeComUpsertOrganizationUser(createTeam, ctx.user, MembershipRole.OWNER);`

			`return { checked: true };`
			`};`