Use the config not the env var

server/lib/blueprints/resourcePolicies.ts

@@ -23,6 +23,7 @@ import { hashPassword } from "@server/auth/password";
 import { isValidCIDR, isValidIP, isValidUrlGlobPattern } from "../validators";
 import { isLicensedOrSubscribed } from "#dynamic/lib/isLicencedOrSubscribed";
 import { tierMatrix } from "../billing/tierMatrix";
+import privateConfig from "@server/private/lib/config";
 
 export type ResourcePoliciesResults = {
     resourcePolicyId: number;
@@ -83,7 +84,10 @@ export async function updateResourcePolicies(
                 );
             }
 
-            if (process.env.IDENTITY_PROVIDER_MODE === "org") {
+            if (
+                privateConfig.getRawPrivateConfig().app
+                    .identity_provider_mode === "org"
+            ) {
                 const [providerOrg] = await trx
                     .select()
                     .from(idpOrg)

server/private/routers/policy/createResourcePolicy.ts

@@ -38,6 +38,7 @@ import {
 } from "@server/lib/validators";
 import logger from "@server/logger";
 import { OpenAPITags, registry } from "@server/openApi";
+import privateConfig from "@server/private/lib/config";
 import HttpCode from "@server/types/HttpCode";
 import { and, eq, inArray, type InferInsertModel } from "drizzle-orm";
 import { NextFunction, Request, Response } from "express";
@@ -219,7 +220,10 @@ export async function createResourcePolicy(
                 );
             }
 
-            if (process.env.IDENTITY_PROVIDER_MODE === "org") {
+            if (
+                privateConfig.getRawPrivateConfig().app
+                    .identity_provider_mode === "org"
+            ) {
                 const [providerOrg] = await db
                     .select()
                     .from(idpOrg)

server/routers/idp/createIdpOrgPolicy.ts

@@ -11,6 +11,7 @@ import { OpenAPITags, registry } from "@server/openApi";
 import config from "@server/lib/config";
 import { eq, and } from "drizzle-orm";
 import { idp, idpOrg } from "@server/db";
+import privateConfig from "@server/private/lib/config";
 
 const paramsSchema = z.strictObject({
     idpId: z.coerce.number<number>(),
@@ -25,7 +26,6 @@ const bodySchema = z.strictObject({
 export type CreateIdpOrgPolicyResponse = {};
 const CreateIdpOrgPolicyResponseDataSchema = z.object({});
 
-
 registry.registerPath({
     method: "put",
     path: "/idp/{idpId}/org/{orgId}",
@@ -46,7 +46,9 @@ registry.registerPath({
             description: "Successful response",
             content: {
                 "application/json": {
-                    schema: createApiResponseSchema(CreateIdpOrgPolicyResponseDataSchema)
+                    schema: createApiResponseSchema(
+                        CreateIdpOrgPolicyResponseDataSchema
+                    )
                 }
             }
         }
@@ -82,7 +84,10 @@ export async function createIdpOrgPolicy(
         const { idpId, orgId } = parsedParams.data;
         const { roleMapping, orgMapping } = parsedBody.data;
 
-        if (process.env.IDENTITY_PROVIDER_MODE === "org") {
+        if (
+            privateConfig.getRawPrivateConfig().app.identity_provider_mode ===
+            "org"
+        ) {
             return next(
                 createHttpError(
                     HttpCode.BAD_REQUEST,

server/routers/idp/createOidcIdp.ts

@@ -12,6 +12,7 @@ import { idp, idpOidcConfig, idpOrg, orgs } from "@server/db";
 import { generateOidcRedirectUrl } from "@server/lib/idp/generateRedirectUrl";
 import { encrypt } from "@server/lib/crypto";
 import config from "@server/lib/config";
+import privateConfig from "@server/private/lib/config";
 
 const paramsSchema = z.strictObject({});
 
@@ -39,7 +40,6 @@ const CreateIdpResponseDataSchema = z.object({
     redirectUrl: z.string()
 });
 
-
 registry.registerPath({
     method: "put",
     path: "/idp/oidc",
@@ -98,7 +98,8 @@ export async function createOidcIdp(
         } = parsedBody.data;
 
         if (
-            process.env.IDENTITY_PROVIDER_MODE === "org"
+            privateConfig.getRawPrivateConfig().app.identity_provider_mode ===
+            "org"
         ) {
             return next(
                 createHttpError(

server/routers/idp/updateIdpOrgPolicy.ts

@@ -10,6 +10,7 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { eq, and } from "drizzle-orm";
 import { idp, idpOrg } from "@server/db";
+import privateConfig from "@server/private/lib/config";
 
 const paramsSchema = z.strictObject({
     idpId: z.coerce.number<number>(),
@@ -24,7 +25,6 @@ const bodySchema = z.strictObject({
 export type UpdateIdpOrgPolicyResponse = {};
 const UpdateIdpOrgPolicyResponseDataSchema = z.object({});
 
-
 registry.registerPath({
     method: "post",
     path: "/idp/{idpId}/org/{orgId}",
@@ -45,7 +45,9 @@ registry.registerPath({
             description: "Successful response",
             content: {
                 "application/json": {
-                    schema: createApiResponseSchema(UpdateIdpOrgPolicyResponseDataSchema)
+                    schema: createApiResponseSchema(
+                        UpdateIdpOrgPolicyResponseDataSchema
+                    )
                 }
             }
         }
@@ -81,7 +83,10 @@ export async function updateIdpOrgPolicy(
         const { idpId, orgId } = parsedParams.data;
         const { roleMapping, orgMapping } = parsedBody.data;
 
-        if (process.env.IDENTITY_PROVIDER_MODE === "org") {
+        if (
+            privateConfig.getRawPrivateConfig().app.identity_provider_mode ===
+            "org"
+        ) {
             return next(
                 createHttpError(
                     HttpCode.BAD_REQUEST,

server/routers/idp/updateOidcIdp.ts

@@ -12,6 +12,7 @@ import { idp, idpOidcConfig } from "@server/db";
 import { eq } from "drizzle-orm";
 import { encrypt } from "@server/lib/crypto";
 import config from "@server/lib/config";
+import privateConfig from "@server/private/lib/config";
 
 const paramsSchema = z
     .object({
@@ -43,7 +44,6 @@ const UpdateIdpResponseDataSchema = z.object({
     idpId: z.number()
 });
 
-
 registry.registerPath({
     method: "post",
     path: "/idp/{idpId}/oidc",
@@ -115,7 +115,10 @@ export async function updateOidcIdp(
             variant
         } = parsedBody.data;
 
-        if (process.env.IDENTITY_PROVIDER_MODE === "org") {
+        if (
+            privateConfig.getRawPrivateConfig().app.identity_provider_mode ===
+            "org"
+        ) {
             return next(
                 createHttpError(
                     HttpCode.BAD_REQUEST,

server/routers/policy/setResourcePolicyAccessControl.ts

@@ -18,6 +18,7 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { and, eq, inArray, ne } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";
+import privateConfig from "@server/private/lib/config";
 
 const setResourcePolicyAcccessControlBodySchema = z.strictObject({
     sso: z.boolean(),
@@ -119,12 +120,18 @@ export async function setResourcePolicyAccessControl(
                 );
             }
 
-            if (process.env.IDENTITY_PROVIDER_MODE === "org") {
+            if (
+                privateConfig.getRawPrivateConfig().app
+                    .identity_provider_mode === "org"
+            ) {
                 const [providerOrg] = await db
                     .select()
                     .from(idpOrg)
                     .where(
-                        and(eq(idpOrg.idpId, idpId), eq(idpOrg.orgId, policy.orgId))
+                        and(
+                            eq(idpOrg.idpId, idpId),
+                            eq(idpOrg.orgId, policy.orgId)
+                        )
                     )
                     .limit(1);