BA
Better Auth4mo ago
Matt

getFullOrganization Returns Data for Non-Members

I have two functions for listing organizations and getting one by slug 
export const listOrganizations = cache(async () => {
  const organizations = await auth.api.listOrganizations({
    headers: await headers(),
  });
  return organizations;
});

export const getOrganizationBySlug = cache(async (slug: string) => {
  const organization = await auth.api.getFullOrganization({
    query: {
      organizationSlug: slug,
    },
    headers: await headers(),
  });
  return organization;
});
export const listOrganizations = cache(async () => {
  const organizations = await auth.api.listOrganizations({
    headers: await headers(),
  });
  return organizations;
});

export const getOrganizationBySlug = cache(async (slug: string) => {
  const organization = await auth.api.getFullOrganization({
    query: {
      organizationSlug: slug,
    },
    headers: await headers(),
  });
  return organization;
});
Calling them on a simple layout.tsx returns data for the user if they guess the right slug, even if they're not a member of the organization. I would have thought it would error or throw unauth/forbidden? I could of course guard around it on my side but just assume it would be the default. 
import { ReactNode } from "react";
import OrganizationAuth from "./auth";
import {
  getOrganizationBySlug,
  listOrganizations,
} from "@/lib/_queries/organization";

type Params = Promise<{ slug: string }>;

export default async function OrganizationLayout({
  children,
  params,
}: {
  children: ReactNode;
  params: Params;
}) {
  const { slug } = await params;
  const [organization, organizations] = await Promise.all([
    getOrganizationBySlug(slug),
    listOrganizations(),
  ]);
  console.log(organization?.id);
  console.log(organizations);

  return <OrganizationAuth>{children}</OrganizationAuth>;
}
import { ReactNode } from "react";
import OrganizationAuth from "./auth";
import {
  getOrganizationBySlug,
  listOrganizations,
} from "@/lib/_queries/organization";

type Params = Promise<{ slug: string }>;

export default async function OrganizationLayout({
  children,
  params,
}: {
  children: ReactNode;
  params: Params;
}) {
  const { slug } = await params;
  const [organization, organizations] = await Promise.all([
    getOrganizationBySlug(slug),
    listOrganizations(),
  ]);
  console.log(organization?.id);
  console.log(organizations);

  return <OrganizationAuth>{children}</OrganizationAuth>;
}
console logs 
019432ee-f55f-7424-a42f-9e3e1600fde5  <- orgId from getOrganizationBySlug isn't in the listOrganizations() return below
[
  {
    id: '0194427a-393f-7527-b7f3-512d93f64210',
    name: 'Org 1',
    slug: 'org-1',
    logo: null,
    createdAt: 2025-01-07T20:34:53.887Z,
    metadata: null
  }
]
019432ee-f55f-7424-a42f-9e3e1600fde5  <- orgId from getOrganizationBySlug isn't in the listOrganizations() return below
[
  {
    id: '0194427a-393f-7527-b7f3-512d93f64210',
    name: 'Org 1',
    slug: 'org-1',
    logo: null,
    createdAt: 2025-01-07T20:34:53.887Z,
    metadata: null
  }
]
0 Replies
No replies yetBe the first to reply to this messageJoin

Did you find this page helpful?