fix: update teams API tokens logic

packages/api/v1/openapi.ts

@@ -1,5 +1,7 @@
 import { generateOpenApi } from '@ts-rest/open-api';
 
+import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
+
 import { ApiContractV1 } from './contract';
 
 export const OpenAPIV1 = Object.assign(
@@ -11,6 +13,11 @@ export const OpenAPIV1 = Object.assign(
         version: '1.0.0',
         description: 'The Documenso API for retrieving, creating, updating and deleting documents.',
       },
+      servers: [
+        {
+          url: NEXT_PUBLIC_WEBAPP_URL(),
+        },
+      ],
     },
     {
       setOperationId: true,

packages/lib/server-only/public-api/get-all-team-tokens.ts

@@ -1,42 +0,0 @@
-import { TeamMemberRole } from '@prisma/client';
-
-import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
-import { prisma } from '@documenso/prisma';
-
-export type GetUserTokensOptions = {
-  userId: number;
-  teamId: number;
-};
-
-export type GetTeamTokensResponse = Awaited<ReturnType<typeof getTeamTokens>>;
-
-export const getTeamTokens = async ({ userId, teamId }: GetUserTokensOptions) => {
-  const teamMember = await prisma.teamMember.findFirst({
-    where: {
-      userId,
-      teamId,
-    },
-  });
-
-  if (teamMember?.role !== TeamMemberRole.ADMIN) {
-    throw new AppError(AppErrorCode.UNAUTHORIZED, {
-      message: 'You do not have the required permissions to view this page.',
-    });
-  }
-
-  return await prisma.apiToken.findMany({
-    where: {
-      teamId,
-    },
-    select: {
-      id: true,
-      name: true,
-      algorithm: true,
-      createdAt: true,
-      expires: true,
-    },
-    orderBy: {
-      createdAt: 'desc',
-    },
-  });
-};

packages/lib/server-only/public-api/get-all-user-tokens.ts

@@ -1,24 +0,0 @@
-import { prisma } from '@documenso/prisma';
-
-export type GetUserTokensOptions = {
-  userId: number;
-};
-
-export const getUserTokens = async ({ userId }: GetUserTokensOptions) => {
-  return await prisma.apiToken.findMany({
-    where: {
-      userId,
-      teamId: null,
-    },
-    select: {
-      id: true,
-      name: true,
-      algorithm: true,
-      createdAt: true,
-      expires: true,
-    },
-    orderBy: {
-      createdAt: 'desc',
-    },
-  });
-};

packages/lib/server-only/public-api/get-api-tokens.ts

@@ -0,0 +1,39 @@
+import { prisma } from '@documenso/prisma';
+import { TeamMemberRole } from '@documenso/prisma/client';
+
+export type GetApiTokensOptions = {
+  userId: number;
+  teamId?: number;
+};
+
+export const getApiTokens = async ({ userId, teamId }: GetApiTokensOptions) => {
+  return await prisma.apiToken.findMany({
+    where: {
+      ...(teamId
+        ? {
+            team: {
+              id: teamId,
+              members: {
+                some: {
+                  userId,
+                  role: TeamMemberRole.ADMIN,
+                },
+              },
+            },
+          }
+        : {
+            userId,
+            teamId: null,
+          }),
+    },
+    select: {
+      id: true,
+      name: true,
+      createdAt: true,
+      expires: true,
+    },
+    orderBy: {
+      createdAt: 'desc',
+    },
+  });
+};

packages/trpc/server/api-token-router/router.ts

@@ -1,7 +1,7 @@
 import { createApiToken } from '@documenso/lib/server-only/public-api/create-api-token';
 import { deleteTokenById } from '@documenso/lib/server-only/public-api/delete-api-token-by-id';
-import { getUserTokens } from '@documenso/lib/server-only/public-api/get-all-user-tokens';
 import { getApiTokenById } from '@documenso/lib/server-only/public-api/get-api-token-by-id';
+import { getApiTokens } from '@documenso/lib/server-only/public-api/get-api-tokens';
 
 import { authenticatedProcedure, router } from '../trpc';
 import {
@@ -12,7 +12,7 @@ import {
 
 export const apiTokenRouter = router({
   getTokens: authenticatedProcedure.query(async ({ ctx }) => {
-    return await getUserTokens({ userId: ctx.user.id });
+    return await getApiTokens({ userId: ctx.user.id, teamId: ctx.teamId });
   }),
 
   getTokenById: authenticatedProcedure