From a6db4f20add9d05cf362092235fd34ed594527b2 Mon Sep 17 00:00:00 2001 From: Owen Date: Mon, 5 Jan 2026 10:33:50 -0500 Subject: [PATCH] Expand where org id is pulled for subscription --- server/private/middlewares/verifySubscription.ts | 13 ++++++++++++- server/private/routers/external.ts | 4 ++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/server/private/middlewares/verifySubscription.ts b/server/private/middlewares/verifySubscription.ts index 5249c026..8cda737e 100644 --- a/server/private/middlewares/verifySubscription.ts +++ b/server/private/middlewares/verifySubscription.ts @@ -27,7 +27,18 @@ export async function verifyValidSubscription( return next(); } - const tier = await getOrgTierData(req.params.orgId); + const orgId = req.params.orgId || req.body.orgId || req.query.orgId || req.userOrgId; + + if (!orgId) { + return next( + createHttpError( + HttpCode.BAD_REQUEST, + "Organization ID is required to verify subscription" + ) + ); + } + + const tier = await getOrgTierData(orgId); if (!tier.active) { return next( diff --git a/server/private/routers/external.ts b/server/private/routers/external.ts index d9608e21..97c6db9f 100644 --- a/server/private/routers/external.ts +++ b/server/private/routers/external.ts @@ -436,18 +436,18 @@ authenticated.get( authenticated.post( "/re-key/:clientId/regenerate-client-secret", + verifyClientAccess, // this is first to set the org id verifyValidLicense, verifyValidSubscription, - verifyClientAccess, verifyUserHasAction(ActionsEnum.reGenerateSecret), reKey.reGenerateClientSecret ); authenticated.post( "/re-key/:siteId/regenerate-site-secret", + verifySiteAccess, // this is first to set the org id verifyValidLicense, verifyValidSubscription, - verifySiteAccess, verifyUserHasAction(ActionsEnum.reGenerateSecret), reKey.reGenerateSiteSecret );