fix: fix bypass email verification in apiKey.exchange

author: Mohamed Bassem <me@mbassem.com> 2025-11-30 00:27:07 +0000
committer: Mohamed Bassem <me@mbassem.com> 2025-11-30 00:27:20 +0000
commit: e4f434e730f4bb683523326f8e6fbeaffa0ab439 (patch)
tree: 5f92398faf33576d3f8f63993f5d54fd0a07eb38 /packages/trpc/routers/apiKeys.ts
parent: d6d319d3a89466d0f0766d8ef81ba962b64143d6 (diff)
download: karakeep-e4f434e730f4bb683523326f8e6fbeaffa0ab439.tar.zst
1 files changed, 10 insertions, 0 deletions
diff --git a/packages/trpc/routers/apiKeys.ts b/packages/trpc/routers/apiKeys.ts
index 93b7d9ec..763bc23a 100644
--- a/packages/trpc/routers/apiKeys.ts
+++ b/packages/trpc/routers/apiKeys.ts
@@ -131,6 +131,16 @@ export const apiKeysAppRouter = router({
       } catch {
         throw new TRPCError({ code: "UNAUTHORIZED" });
       }
+
+      // Check if email verification is required and if the user has verified their email
+      if (serverConfig.auth.emailVerificationRequired && !user.emailVerified) {
+        throw new TRPCError({
+          message:
+            "Please verify your email address before generating an API key",
+          code: "FORBIDDEN",
+        });
+      }
+
       return await generateApiKey(input.keyName, user.id, ctx.db);
     }),
   validate: publicProcedure
author	Mohamed Bassem <me@mbassem.com>	2025-11-30 00:27:07 +0000
committer	Mohamed Bassem <me@mbassem.com>	2025-11-30 00:27:20 +0000
commit	e4f434e730f4bb683523326f8e6fbeaffa0ab439 (patch)
tree	5f92398faf33576d3f8f63993f5d54fd0a07eb38 /packages/trpc/routers/apiKeys.ts
parent	d6d319d3a89466d0f0766d8ef81ba962b64143d6 (diff)
download	karakeep-e4f434e730f4bb683523326f8e6fbeaffa0ab439.tar.zst