Skip to content

fix: secure self-hosted registration#419

Draft
KMKoushik wants to merge 2 commits into
mainfrom
agent/secure-self-hosted-registration
Draft

fix: secure self-hosted registration#419
KMKoushik wants to merge 2 commits into
mainfrom
agent/secure-self-hosted-registration

Conversation

@KMKoushik

@KMKoushik KMKoushik commented Jul 10, 2026

Copy link
Copy Markdown
Member

What changed

  • make self-hosted registration invite-only after the first account
  • persist an instance-admin role and atomically grant it to the first self-hosted user
  • preserve existing installations by promoting the oldest team administrator during migration
  • expire team invitations after seven days and renew expiry when resending
  • require invite IDs to match the authenticated email and consume accepted invites transactionally
  • restrict instance-wide admin APIs and UI to actual instance administrators

Why

Self-hosted deployments currently allow any reachable user to create an account, bypass the cloud waitlist, and pass instance-wide admin authorization. Invite links also do not verify that the authenticated user's email matches the invitation.

Impact

Fresh installations bootstrap with one instance administrator. Existing users continue to sign in normally. New users on initialized self-hosted installations must have a matching, unexpired invitation.

The migration adds User.isInstanceAdmin and TeamInvite.expiresAt. Existing installations promote the oldest team administrator, falling back to the oldest user when team setup is incomplete.

Verification

  • registration policy unit tests: 5 passed
  • instance-admin and invitation authorization TRPC tests: 10 passed
  • targeted ESLint: no errors; two unrelated pre-existing warnings remain in AppSideBar.tsx and trpc.ts
  • git diff --check passed
  • GitHub Web Tests passed
  • Cloudflare and Vercel preview deployments passed

No database migration was executed locally.

Entire-Checkpoint: ffd86f2fc074
Entire-Checkpoint: 6ca49fe34a6f
@vercel

vercel Bot commented Jul 10, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
unsend-marketing Ready Ready Preview, Comment Jul 10, 2026 9:36pm

@coderabbitai

coderabbitai Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e16d5d6b-168f-4dd1-9124-0686ebcdc349

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@cloudflare-workers-and-pages

Copy link
Copy Markdown

Deploying usesend with  Cloudflare Pages  Cloudflare Pages

Latest commit: 9393d13
Status: ✅  Deploy successful!
Preview URL: https://26b8012f.usesend.pages.dev
Branch Preview URL: https://agent-secure-self-hosted-reg.usesend.pages.dev

View logs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant