coderwangbo
diff --git a/‎.github/workflows/publish-docs.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/publish-docs.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎apps/backend/.env
Lines changed: 1 addition & 0 deletions b/‎apps/backend/.env
Lines changed: 1 addition & 0 deletions
diff --git a/‎apps/backend/prisma/migrations/20240809231417_disable_sign_up/migration.sql
Lines changed: 2 additions & 0 deletions b/‎apps/backend/prisma/migrations/20240809231417_disable_sign_up/migration.sql
Lines changed: 2 additions & 0 deletions
diff --git a/‎apps/backend/prisma/schema.prisma
Lines changed: 1 addition & 0 deletions b/‎apps/backend/prisma/schema.prisma
Lines changed: 1 addition & 0 deletions
diff --git a/‎apps/backend/prisma/seed.ts
Lines changed: 90 additions & 52 deletions b/‎apps/backend/prisma/seed.ts
Lines changed: 90 additions & 52 deletions
diff --git a/‎apps/backend/src/app/api/v1/auth/oauth/callback/[provider_id]/route.tsx
Lines changed: 5 additions & 2 deletions b/‎apps/backend/src/app/api/v1/auth/oauth/callback/[provider_id]/route.tsx
Lines changed: 5 additions & 2 deletions
diff --git a/‎apps/backend/src/app/api/v1/auth/otp/send-sign-in-code/route.tsx
Lines changed: 4 additions & 0 deletions b/‎apps/backend/src/app/api/v1/auth/otp/send-sign-in-code/route.tsx
Lines changed: 4 additions & 0 deletions
diff --git a/‎apps/backend/src/app/api/v1/auth/password/sign-up/route.tsx
Lines changed: 4 additions & 0 deletions b/‎apps/backend/src/app/api/v1/auth/password/sign-up/route.tsx
Lines changed: 4 additions & 0 deletions
diff --git a/‎apps/backend/src/app/api/v1/internal/projects/crud.tsx
Lines changed: 6 additions & 5 deletions b/‎apps/backend/src/app/api/v1/internal/projects/crud.tsx
Lines changed: 6 additions & 5 deletions
diff --git a/‎apps/backend/src/app/api/v1/projects/current/crud.tsx
Lines changed: 1 addition & 0 deletions b/‎apps/backend/src/app/api/v1/projects/current/crud.tsx
Lines changed: 1 addition & 0 deletions
@@ -9,7 +9,7 @@ jobs:
   run:
     runs-on: ubuntu-latest
     env:
-      NEXT_PUBLIC_STACK_URL: http://localhost:8101
+      NEXT_PUBLIC_STACK_URL: http://localhost:8102
       NEXT_PUBLIC_STACK_PROJECT_ID: internal
       NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY: internal-project-publishable-client-key
       STACK_SECRET_SERVER_KEY: internal-project-secret-server-key
 
@@ -37,3 +37,4 @@ STACK_SVIX_API_KEY=# enter the API key for the Svix webhook service here. Use `e
 
 # Misc, optional
 STACK_ACCESS_TOKEN_EXPIRATION_TIME=# enter the expiration time for the access token here. Optional, don't specify it for default value
+STACK_SETUP_ADMIN_GITHUB_ID=# enter the account ID of the admin user here, and after running the seed script they will be able to access the internal project in the Stack dashboard. Optional, don't specify it for default value
@@ -0,0 +1,2 @@
+-- AlterTable
+ALTER TABLE "ProjectConfig" ADD COLUMN     "signUpEnabled" BOOLEAN NOT NULL DEFAULT true;
@@ -40,6 +40,7 @@ model ProjectConfig {
   updatedAt DateTime @updatedAt
 
   allowLocalhost    Boolean
+  signUpEnabled     Boolean @default(true)
   credentialEnabled Boolean
   magicLinkEnabled  Boolean
 
 
@@ -1,72 +1,110 @@
 import { PrismaClient } from '@prisma/client';
-import { getEnvVariable } from '@stackframe/stack-shared/dist/utils/env';
+import { throwErr } from '@stackframe/stack-shared/dist/utils/errors';
 const prisma = new PrismaClient();
 
 
 async function seed() {
   console.log('Seeding database...');
-  
-  const oldProjects = await prisma.project.findUnique({
+
+  const oldProject = await prisma.project.findUnique({
     where: {
       id: 'internal',
     },
   });
 
-  if (oldProjects) {
-    console.log('Internal project already exists, skipping seeding');
-    return;
-  }
-
-  await prisma.project.upsert({
-    where: {
-      id: 'internal',
-    },
-    create: {
-      id: 'internal',
-      displayName: 'Stack Dashboard',
-      description: 'Stack\'s admin dashboard',
-      isProductionMode: false,
-      apiKeySets: {
-        create: [{
-          description: "Internal API key set",
-          publishableClientKey: "this-publishable-client-key-is-for-local-development-only",
-          secretServerKey: "this-secret-server-key-is-for-local-development-only",
-          superSecretAdminKey: "this-super-secret-admin-key-is-for-local-development-only",
-          expiresAt: new Date('2099-12-31T23:59:59Z'),
-        }],
+  let createdProject;
+  if (oldProject) {
+    console.log('Internal project already exists, skipping its creation');
+  } else {
+    createdProject = await prisma.project.upsert({
+      where: {
+        id: 'internal',
       },
-      config: {
-        create: {
-          allowLocalhost: true,
-          oauthProviderConfigs: {
-            create: (['github', 'facebook', 'google', 'microsoft'] as const).map((id) => ({
-              id,
-              proxiedOAuthConfig: {
-                create: {                
-                  type: id.toUpperCase() as any,
+      create: {
+        id: 'internal',
+        displayName: 'Stack Dashboard',
+        description: 'Stack\'s admin dashboard',
+        isProductionMode: false,
+        apiKeySets: {
+          create: [{
+            description: "Internal API key set",
+            publishableClientKey: "this-publishable-client-key-is-for-local-development-only",
+            secretServerKey: "this-secret-server-key-is-for-local-development-only",
+            superSecretAdminKey: "this-super-secret-admin-key-is-for-local-development-only",
+            expiresAt: new Date('2099-12-31T23:59:59Z'),
+          }],
+        },
+        config: {
+          create: {
+            allowLocalhost: true,
+            oauthProviderConfigs: {
+              create: (['github', 'facebook', 'google', 'microsoft'] as const).map((id) => ({
+                id,
+                proxiedOAuthConfig: {
+                  create: {
+                    type: id.toUpperCase() as any,
+                  }
+                },
+                projectUserOAuthAccounts: {
+                  create: []
+                }
+              })),
+            },
+            emailServiceConfig: {
+              create: {
+                proxiedEmailServiceConfig: {
+                  create: {}
                 }
-              },
-              projectUserOAuthAccounts: {
-                create: []
-              }
-            })),
-          },
-          emailServiceConfig: {
-            create: {
-              proxiedEmailServiceConfig: {
-                create: {}
               }
-            }
+            },
+            credentialEnabled: true,
+            magicLinkEnabled: true,
+            createTeamOnSignUp: false,
           },
-          credentialEnabled: true,
-          magicLinkEnabled: true,
-          createTeamOnSignUp: false,
         },
       },
-    },
-    update: {},
-  });
-  console.log('Internal project created');
+      update: {},
+    });
+    console.log('Internal project created');
+  }
+
+  // eslint-disable-next-line no-restricted-syntax
+  const adminGithubId = process.env.STACK_SETUP_ADMIN_GITHUB_ID;
+  if (adminGithubId) {
+    console.log("Found admin GitHub ID in environment variables, creating admin user...");
+    await prisma.projectUser.upsert({
+      where: {
+        projectId_projectUserId: {
+          projectId: 'internal',
+          projectUserId: '707156c3-0d1b-48cf-b09d-3171c7f613d5',
+        },
+      },
+      create: {
+        projectId: 'internal',
+        projectUserId: '707156c3-0d1b-48cf-b09d-3171c7f613d5',
+        displayName: 'Admin user generated by seed script',
+        primaryEmailVerified: false,
+        authWithEmail: false,
+        serverMetadata: {
+          managedProjectIds: [
+            "internal",
+          ],
+        },
+        projectUserOAuthAccounts: {
+          create: [{
+            providerAccountId: adminGithubId,
+            projectConfigId: createdProject?.configId ?? oldProject?.configId ?? throwErr('No internal project config ID found'),
+            oauthProviderConfigId: 'github',
+          }],
+        },
+      },
+      update: {},
+    });
+    console.log(`Admin user created (if it didn't already exist)`);
+  } else {
+    console.log('No admin GitHub ID found in environment variables, skipping admin user creation');
+  }
+
   console.log('Seeding complete!');
 }
 
 
@@ -247,7 +247,10 @@ export const GET = createSmartRouteHandler({
 
               // ========================== sign up user ==========================
 
-              const newAccount = await usersCrudHandlers.serverCreate({
+              if (!project.config.sign_up_enabled) {
+                throw new KnownErrors.SignUpNotEnabled();
+              }
+              const newAccount = await usersCrudHandlers.adminCreate({
                 project,
                 data: {
                   display_name: userInfo.displayName,
@@ -260,7 +263,7 @@ export const GET = createSmartRouteHandler({
                     account_id: userInfo.accountId,
                     email: userInfo.email,
                   }],
-                }
+                },
               });
               await storeTokens();
               return {
 
@@ -45,6 +45,10 @@ export const POST = createSmartRouteHandler({
 
     const userPrisma = usersPrisma.length > 0 ? usersPrisma[0] : null;
     const isNewUser = !userPrisma;
+    if (isNewUser && !project.config.sign_up_enabled) {
+      throw new KnownErrors.SignUpNotEnabled();
+    }
+
     let userObj: Pick<NonNullable<typeof userPrisma>, "projectUserId" | "displayName" | "primaryEmail"> | null = userPrisma;
     if (!userObj) {
       // TODO this should be in the same transaction as the read above
 
@@ -45,6 +45,10 @@ export const POST = createSmartRouteHandler({
       throw passwordError;
     }
 
+    if (!project.config.sign_up_enabled) {
+      throw new KnownErrors.SignUpNotEnabled();
+    }
+
     const createdUser = await usersCrudHandlers.adminCreate({
       project,
       data: {
 
@@ -31,13 +31,14 @@ export const internalProjectsCrudHandlers = createLazyProxy(() => createCrudHand
           id: generateUuid(),
           displayName: data.display_name,
           description: data.description,
-          isProductionMode: data.is_production_mode || false,
+          isProductionMode: data.is_production_mode ?? false,
           config: {
             create: {
-              credentialEnabled: data.config?.credential_enabled || true,
-              magicLinkEnabled: data.config?.magic_link_enabled || false,
-              allowLocalhost: data.config?.allow_localhost || true,
-              createTeamOnSignUp: data.config?.create_team_on_sign_up || false,
+              signUpEnabled: data.config?.sign_up_enabled ?? true,
+              credentialEnabled: data.config?.credential_enabled ?? true,
+              magicLinkEnabled: data.config?.magic_link_enabled ?? false,
+              allowLocalhost: data.config?.allow_localhost ?? true,
+              createTeamOnSignUp: data.config?.create_team_on_sign_up ?? false,
               domains: data.config?.domains ? {
                 create: data.config.domains.map(item => ({
                   domain: item.domain,
 
@@ -253,6 +253,7 @@ export const projectsCrudHandlers = createLazyProxy(() => createCrudHandlers(pro
           isProductionMode: data.is_production_mode,
           config: {
             update: {
+              signUpEnabled: data.config?.sign_up_enabled,
               credentialEnabled: data.config?.credential_enabled,
               magicLinkEnabled: data.config?.magic_link_enabled,
               allowLocalhost: data.config?.allow_localhost,
Original file line number	Diff line number	Diff line change
@@ -37,3 +37,4 @@ STACK_SVIX_API_KEY=# enter the API key for the Svix webhook service here. Use `e
`37`	`37`
`38`	`38`	`# Misc, optional`
`39`	`39`	`STACK_ACCESS_TOKEN_EXPIRATION_TIME=# enter the expiration time for the access token here. Optional, don't specify it for default value`
	`40`	`+STACK_SETUP_ADMIN_GITHUB_ID=# enter the account ID of the admin user here, and after running the seed script they will be able to access the internal project in the Stack dashboard. Optional, don't specify it for default value`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+-- AlterTable`
	`2`	`+ALTER TABLE "ProjectConfig" ADD COLUMN "signUpEnabled" BOOLEAN NOT NULL DEFAULT true;`