This commit is contained in:
@@ -217,6 +217,31 @@ export async function POST(request: Request) {
|
||||
// the org-name check should agree.)
|
||||
const isPersonal = prior?.isPersonal ?? isPersonalOrgName(user.orgName);
|
||||
|
||||
// Bug 5: personal accounts are 1-instance by design. If there's
|
||||
// already an active tenant or an in-flight request for this user's
|
||||
// org, reject the submission outright. Server-side only check;
|
||||
// matching UI guards live on /dashboard (button hidden) and
|
||||
// /dashboard/new (server-redirect to /dashboard).
|
||||
if (isPersonal) {
|
||||
const [allTenants, activeRequests] = await Promise.all([
|
||||
listTenants(),
|
||||
listActiveTenantRequestsByOrgId(user.orgId),
|
||||
]);
|
||||
const ownTenants = allTenants.filter(
|
||||
(t) => t.metadata.labels?.["pieced.ch/zitadel-org-id"] === user.orgId
|
||||
);
|
||||
if (ownTenants.length > 0 || activeRequests.length > 0) {
|
||||
return NextResponse.json(
|
||||
{
|
||||
error:
|
||||
"Personal accounts are limited to one instance. Cancel your existing request or contact support to change plan.",
|
||||
code: "personal_account_at_capacity",
|
||||
},
|
||||
{ status: 403 }
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
// Encrypt package secrets if provided
|
||||
let encryptedSecrets: Buffer | undefined;
|
||||
if (input.packageSecrets && Object.keys(input.packageSecrets).length > 0) {
|
||||
|
||||
Reference in New Issue
Block a user