refactor is licensed and subscribed util functions

server/lib/config.ts

@@ -107,6 +107,11 @@ export class Config {
             process.env.MAXMIND_ASN_PATH = parsedConfig.server.maxmind_asn_path;
         }
 
+        process.env.DISABLE_ENTERPRISE_FEATURES = parsedConfig.flags
+            ?.disable_enterprise_features
+            ? "true"
+            : "false";
+
         this.rawConfig = parsedConfig;
     }
 

server/lib/isLicencedOrSubscribed.ts

@@ -1,3 +1,6 @@
-export async function isLicensedOrSubscribed(orgId: string): Promise<boolean> {
+export async function isLicensedOrSubscribed(
+    orgId: string,
+    tiers: string[]
+): Promise<boolean> {
     return false;
-}
+}

server/lib/isSubscribed.ts

@@ -1,3 +1,6 @@
-export async function isSubscribed(orgId: string): Promise<boolean> {
+export async function isSubscribed(
+    orgId: string,
+    tiers: string[]
+): Promise<boolean> {
     return false;
 }

server/lib/readConfigFile.ts

@@ -331,7 +331,8 @@ export const configSchema = z
                 disable_local_sites: z.boolean().optional(),
                 disable_basic_wireguard_sites: z.boolean().optional(),
                 disable_config_managed_domains: z.boolean().optional(),
-                disable_product_help_banners: z.boolean().optional()
+                disable_product_help_banners: z.boolean().optional(),
+                disable_enterprise_features: z.boolean().optional()
             })
             .optional(),
         dns: z

server/private/lib/checkOrgAccessPolicy.ts

@@ -78,6 +78,8 @@ export async function checkOrgAccessPolicy(
         }
     }
 
+    // TODO: check that the org is subscribed
+
     // get the needed data
 
     if (!props.org) {

server/private/lib/isLicencedOrSubscribed.ts

@@ -13,16 +13,18 @@
 
 import { build } from "@server/build";
 import license from "#private/license/license";
-import { getOrgTierData } from "#private/lib/billing";
+import { isSubscribed } from "#private/lib/isSubscribed";
 
-export async function isLicensedOrSubscribed(orgId: string): Promise<boolean> {
+export async function isLicensedOrSubscribed(
+    orgId: string,
+    tiers: string[]
+): Promise<boolean> {
     if (build === "enterprise") {
         return await license.isUnlocked();
     }
 
     if (build === "saas") {
-        const { tier, active } = await getOrgTierData(orgId);
-        return (tier == "tier1" || tier == "tier2" || tier == "tier3") && active;
+        return isSubscribed(orgId, tiers);
     }
 
     return false;

server/private/lib/isSubscribed.ts

@@ -14,10 +14,14 @@
 import { build } from "@server/build";
 import { getOrgTierData } from "#private/lib/billing";
 
-export async function isSubscribed(orgId: string): Promise<boolean> {
+export async function isSubscribed(
+    orgId: string,
+    tiers: string[]
+): Promise<boolean> {
     if (build === "saas") {
         const { tier, active } = await getOrgTierData(orgId);
-        return (tier == "tier1" || tier == "tier2" || tier == "tier3") && active;
+        const isTier = (tier && tiers.includes(tier)) || false;
+        return active && isTier;
     }
 
     return false;

server/private/middlewares/verifySubscription.ts

@@ -17,44 +17,51 @@ import HttpCode from "@server/types/HttpCode";
 import { build } from "@server/build";
 import { getOrgTierData } from "#private/lib/billing";
 
-export async function verifyValidSubscription(
-    req: Request,
-    res: Response,
-    next: NextFunction
-) {
-    try {
-        if (build != "saas") {
+export function verifyValidSubscription(tiers: string[]) {
+    return async function (
+        req: Request,
+        res: Response,
+        next: NextFunction
+    ): Promise<any> {
+        try {
+            if (build != "saas") {
+                return next();
+            }
+
+            const orgId =
+                req.params.orgId ||
+                req.body.orgId ||
+                req.query.orgId ||
+                req.userOrgId;
+
+            if (!orgId) {
+                return next(
+                    createHttpError(
+                        HttpCode.BAD_REQUEST,
+                        "Organization ID is required to verify subscription"
+                    )
+                );
+            }
+
+            const { tier, active } = await getOrgTierData(orgId);
+            const isTier = tiers.includes(tier || "");
+            if (!isTier || !active) {
+                return next(
+                    createHttpError(
+                        HttpCode.FORBIDDEN,
+                        "Organization does not have an active subscription"
+                    )
+                );
+            }
+
             return next();
-        }
-
-        const orgId = req.params.orgId || req.body.orgId || req.query.orgId || req.userOrgId;
-
-        if (!orgId) {
+        } catch (e) {
             return next(
                 createHttpError(
-                    HttpCode.BAD_REQUEST,
-                    "Organization ID is required to verify subscription"
+                    HttpCode.INTERNAL_SERVER_ERROR,
+                    "Error verifying subscription"
                 )
             );
         }
-
-        const { tier, active  } = await getOrgTierData(orgId);
-        if ((tier == "tier1" || tier == "tier2" || tier == "tier3") && active) {
-            return next(
-                createHttpError(
-                    HttpCode.FORBIDDEN,
-                    "Organization does not have an active subscription"
-                )
-            );
-        }
-
-        return next();
-    } catch (e) {
-        return next(
-            createHttpError(
-                HttpCode.INTERNAL_SERVER_ERROR,
-                "Error verifying subscription"
-            )
-        );
-    }
+    };
 }

server/private/routers/external.ts

@@ -86,7 +86,7 @@ authenticated.put(
 authenticated.post(
     "/org/:orgId/idp/:idpId/oidc",
     verifyValidLicense,
-    verifyValidSubscription,
+    verifyValidSubscription(),
     verifyOrgAccess,
     verifyIdpAccess,
     verifyUserHasAction(ActionsEnum.updateIdp),