This commit is contained in:
@@ -63,10 +63,10 @@ export async function POST(
|
||||
const isReApproval = tenantRequest.status === "rejected";
|
||||
|
||||
// Build the CR name: see `lib/tenant-naming.ts` for the format spec.
|
||||
// For now all approvals are kind="company" — the personal branch is
|
||||
// wired but unused until Slice 4 introduces the `is_personal` column.
|
||||
// Slice 4: for personal accounts the slug is replaced by the literal
|
||||
// "p-" prefix so no PII is embedded in the K8s namespace name.
|
||||
const tenantName = deriveTenantName(
|
||||
"company",
|
||||
tenantRequest.isPersonal ? "personal" : "company",
|
||||
tenantRequest.companyName,
|
||||
tenantRequest.id
|
||||
);
|
||||
@@ -101,13 +101,17 @@ export async function POST(
|
||||
};
|
||||
|
||||
// Step 4: Create the PiecedTenant CR.
|
||||
// displayName: prefer the customer-chosen instance name; fall back to
|
||||
// the company name. With multi-tenant per org, instanceName is what
|
||||
// distinguishes "Acme Production" from "Acme Dev" on the dashboard.
|
||||
// displayName precedence:
|
||||
// 1. customer-chosen instance name (Slice 3 multi-tenant)
|
||||
// 2. for personal accounts, the contact name (avoids exposing the
|
||||
// synthetic "{name} (Personal)" company name in the OpenClaw UI)
|
||||
// 3. company name otherwise
|
||||
const displayName =
|
||||
tenantRequest.instanceName && tenantRequest.instanceName.trim().length > 0
|
||||
? tenantRequest.instanceName.trim()
|
||||
: tenantRequest.companyName;
|
||||
: tenantRequest.isPersonal
|
||||
? tenantRequest.contactName || "Assistant"
|
||||
: tenantRequest.companyName;
|
||||
|
||||
await createTenant(
|
||||
tenantName,
|
||||
|
||||
@@ -10,6 +10,7 @@ import {
|
||||
import { getTenant, listTenants } from "@/lib/k8s";
|
||||
import { sendAdminNotificationEmail } from "@/lib/email";
|
||||
import { encryptSecrets } from "@/lib/crypto";
|
||||
import { isPersonalOrgName } from "@/lib/personal-org";
|
||||
import type { OnboardingInput, PiecedTenant, TenantRequest } from "@/types";
|
||||
import { z } from "zod";
|
||||
|
||||
@@ -176,6 +177,16 @@ export async function POST(request: Request) {
|
||||
// company line in favour of the recorded company name.
|
||||
const prior = await getMostRecentApprovedRequestForOrg(user.orgId);
|
||||
|
||||
// Slice 4: detect personal-account orgs by the canonical " (Personal)"
|
||||
// suffix on the ZITADEL org name. Set at registration, stable for the
|
||||
// lifetime of the org. Persisted on the row so admin views and the
|
||||
// approve handler don't have to re-derive it.
|
||||
//
|
||||
// If any prior row has is_personal set, prefer that — it's the same
|
||||
// org and the value can't change. (The prior-row check is defensive;
|
||||
// the org-name check should agree.)
|
||||
const isPersonal = prior?.isPersonal ?? isPersonalOrgName(user.orgName);
|
||||
|
||||
// Encrypt package secrets if provided
|
||||
let encryptedSecrets: Buffer | undefined;
|
||||
if (input.packageSecrets && Object.keys(input.packageSecrets).length > 0) {
|
||||
@@ -212,6 +223,7 @@ export async function POST(request: Request) {
|
||||
billingAddress,
|
||||
billingNotes,
|
||||
encryptedSecrets,
|
||||
isPersonal,
|
||||
});
|
||||
|
||||
// Notify admin about the new request. For follow-up instances, include
|
||||
|
||||
@@ -5,18 +5,54 @@ import { checkDuplicateDomain } from "@/lib/db";
|
||||
import type { RegistrationInput } from "@/types";
|
||||
import { z } from "zod";
|
||||
|
||||
const registrationSchema = z.object({
|
||||
companyName: z.string().min(2).max(100),
|
||||
givenName: z.string().min(1).max(100),
|
||||
familyName: z.string().min(1).max(100),
|
||||
email: z.string().email(),
|
||||
preferredLanguage: z.enum(["en", "de", "fr", "it"]).optional(),
|
||||
});
|
||||
/**
|
||||
* Registration schema.
|
||||
*
|
||||
* Slice 4 changes
|
||||
* ---------------
|
||||
* - `companyName` is no longer always required. It's required when
|
||||
* `isPersonal` is false/absent, ignored when `isPersonal` is true.
|
||||
* - `isPersonal` flag distinguishes personal accounts. The server
|
||||
* derives the ZITADEL org name from `${givenName} ${familyName}
|
||||
* (Personal)` for personals — the suffix is the canonical marker
|
||||
* that downstream code (onboarding POST, admin views) uses to
|
||||
* distinguish personal orgs from companies. Customers cannot rename
|
||||
* their own org, so the suffix is stable.
|
||||
* - Personal accounts skip the duplicate-domain check entirely. Their
|
||||
* row is also excluded from future domain checks (see
|
||||
* `lib/domain-check.ts::findDuplicateInDb`).
|
||||
*/
|
||||
const registrationSchema = z
|
||||
.object({
|
||||
companyName: z.string().min(2).max(100).optional(),
|
||||
givenName: z.string().min(1).max(100),
|
||||
familyName: z.string().min(1).max(100),
|
||||
email: z.string().email(),
|
||||
preferredLanguage: z.enum(["en", "de", "fr", "it"]).optional(),
|
||||
isPersonal: z.boolean().optional().default(false),
|
||||
})
|
||||
.refine(
|
||||
(data) =>
|
||||
data.isPersonal || (data.companyName && data.companyName.trim().length >= 2),
|
||||
{
|
||||
message: "Company name is required for company registrations",
|
||||
path: ["companyName"],
|
||||
}
|
||||
);
|
||||
|
||||
/** 3 registrations per IP per hour */
|
||||
const RATE_LIMIT = 3;
|
||||
const RATE_WINDOW_MS = 3_600_000; // 1 hour
|
||||
|
||||
/**
|
||||
* Suffix appended to personal-account ZITADEL org names. Used here to
|
||||
* build the org name and elsewhere (session.orgName check) to detect
|
||||
* whether the current user is on a personal org.
|
||||
*
|
||||
* Keep this in sync with `isPersonalOrgName()` in `lib/personal-org.ts`.
|
||||
*/
|
||||
const PERSONAL_ORG_SUFFIX = " (Personal)";
|
||||
|
||||
export async function POST(request: NextRequest) {
|
||||
// --- Rate limiting ---
|
||||
const ip =
|
||||
@@ -53,31 +89,45 @@ export async function POST(request: NextRequest) {
|
||||
}
|
||||
|
||||
const input: RegistrationInput = parsed.data;
|
||||
const isPersonal = input.isPersonal === true;
|
||||
|
||||
// --- Duplicate-domain check ---
|
||||
// --- Duplicate-domain check (skipped for personal accounts) ---
|
||||
//
|
||||
// Block if another active tenant_request or ZITADEL org already exists
|
||||
// for this corporate email domain. Public domains (gmail, gmx, etc.)
|
||||
// are exempted by checkDuplicateDomain.
|
||||
//
|
||||
// We return a structured `code: "duplicate_domain"` with the matched
|
||||
// domain so the client can render the localized message via
|
||||
// register.duplicateDomain (with {domain} interpolation). The fallback
|
||||
// English string is included for non-i18n clients (curl, monitoring).
|
||||
const dup = await checkDuplicateDomain(input.email);
|
||||
if (dup.blocked && dup.domain) {
|
||||
return NextResponse.json(
|
||||
{
|
||||
error: `An account for the email domain ${dup.domain} is already registered. Please contact your company administrator or PieCed IT support.`,
|
||||
code: "duplicate_domain",
|
||||
domain: dup.domain,
|
||||
},
|
||||
{ status: 409 },
|
||||
);
|
||||
// Personal accounts are explicitly allowed to use any email domain
|
||||
// (including corporate). Their tenant_request rows are excluded
|
||||
// from this check by lib/domain-check.ts, so a personal account
|
||||
// doesn't block a later real-company registration on the same
|
||||
// domain.
|
||||
if (!isPersonal) {
|
||||
const dup = await checkDuplicateDomain(input.email);
|
||||
if (dup.blocked && dup.domain) {
|
||||
return NextResponse.json(
|
||||
{
|
||||
error: `An account for the email domain ${dup.domain} is already registered. Please contact your company administrator or PieCed IT support.`,
|
||||
code: "duplicate_domain",
|
||||
domain: dup.domain,
|
||||
},
|
||||
{ status: 409 },
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
// --- Determine the ZITADEL org name ---
|
||||
//
|
||||
// For company: use the customer-supplied companyName (already
|
||||
// validated to be present + ≥2 chars by the schema refinement).
|
||||
// For personal: synthesise from full name + " (Personal)" suffix.
|
||||
// The suffix is the canonical marker for personal orgs.
|
||||
//
|
||||
// ZITADEL does NOT enforce org-name uniqueness, so two "Hans Müller
|
||||
// (Personal)" orgs can coexist; the org id is what matters for our
|
||||
// labelling and lookups, the name is human-readable only.
|
||||
const orgName = isPersonal
|
||||
? `${input.givenName.trim()} ${input.familyName.trim()}${PERSONAL_ORG_SUFFIX}`
|
||||
: input.companyName!.trim();
|
||||
|
||||
const result = await registerCustomer({
|
||||
companyName: input.companyName,
|
||||
companyName: orgName,
|
||||
email: input.email,
|
||||
givenName: input.givenName,
|
||||
familyName: input.familyName,
|
||||
@@ -88,6 +138,7 @@ export async function POST(request: NextRequest) {
|
||||
{
|
||||
orgId: result.orgId,
|
||||
userId: result.userId,
|
||||
isPersonal,
|
||||
message:
|
||||
"Registration successful. You will receive an invitation email to set your password.",
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user