vercel · smaeda-ks · Apr 17, 2024 · Apr 17, 2024
@@ -90,6 +90,7 @@ export interface Team {
       state: string;
     };
   };
+  createdDirectToHobby?: boolean;
 }
 
 export type Domain = {

@@ -13,6 +13,9 @@ export default async function issueCert(client: Client, cns: string[]) {
         return await client.fetch<Cert>('/v3/now/certs', {
           method: 'POST',
           body: { domains: cns },
+          useCurrentTeam: client.authContext.enableFallbackDomainsAccess
+            ? false
+            : true,
         });
       } catch (err: unknown) {
         if (isAPIError(err) && err.code === 'configuration_error') {

@@ -54,6 +54,11 @@ export interface ClientOptions extends Stdio {
   agent?: Agent;
 }
 
+export interface AuthContext {
+  isCanonicalHobbyTeam?: boolean;
+  enableFallbackDomainsAccess?: boolean;
+}
+
 export const isJSONObject = (v: any): v is JSONObject => {
   return v && typeof v == 'object' && v.constructor === Object;
 };
@@ -72,6 +77,7 @@ export default class Client extends EventEmitter implements Stdio {
   localConfigPath?: string;
   requestIdCounter: number;
   input;
+  authContext: AuthContext = {};
 
   constructor(opts: ClientOptions) {
     super();

@@ -4,13 +4,16 @@ import Client from '../client';
 import createCertForCns from '../certs/create-cert-for-cns';
 import setupDomain from '../domains/setup-domain';
 import { InvalidDomain } from '../errors-ts';
+import getScope from '../../util/get-scope';
 
 export default async function generateCertForDeploy(
   client: Client,
   contextName: string,
   deployURL: string
 ) {
   const { output } = client;
+  await getScope(client);
+
   const parsedDomain = psl.parse(deployURL);
   if (parsedDomain.error) {
     return new InvalidDomain(deployURL, parsedDomain.error.message);

@@ -25,9 +25,34 @@ export default async function getDomainByName(
     );
   }
   try {
-    const { domain } = await client.fetch<Response>(
-      `/v4/domains/${encodeURIComponent(domainName)}`
-    );
+    const { domain } = await client
+      .fetch<Response>(`/v4/domains/${encodeURIComponent(domainName)}`)
+      .catch(async err => {
+        // NOTE: to maintain backwards compatibility after northstar migration
+        // we fallback to personal account if the team is a canonical hobby team
+        if (isAPIError(err)) {
+          if (
+            client.authContext.isCanonicalHobbyTeam === true &&
+            err.status === 403
+          ) {
+            return await client
+              .fetch<Response>(
+                `/v4/domains/${encodeURIComponent(domainName)}`,
+                {
+                  useCurrentTeam: false,
+                }
+              )
+              .then(domain => {
+                // setting the flag so subsuquent requests to related resources (e.g., issue cert)
+                // are also made with the personal account auth context to avoid similar auth errors
+                client.authContext.enableFallbackDomainsAccess = true;
+                return domain;
+              });
+          }
+        }
+
+        throw err;
+      });
     return domain;
   } catch (err: unknown) {
     if (isAPIError(err)) {

@@ -29,5 +29,19 @@ export default async function getScope(
     contextName = team.slug;
   }
 
+  /**
+   * isCanonicalHobbyTeam is true, if the Hobby team is the canonical team of the user account.
+   * Canonical Hoby team is the team that was created "automatically" upon new signups or by Northstar migration.
+   * A user may have multiple Hobby teams (e.g., Pro Trial downgrade), but can have only one canonical Hobby team.
+   */
+  const isCanonicalHobbyTeam =
+    (team?.billing?.plan === 'hobby' &&
+      team.createdDirectToHobby &&
+      team.creatorId === user.id) ??
+    false;
+  if (isCanonicalHobbyTeam) {
+    client.authContext.isCanonicalHobbyTeam = true;
+  }
+
   return { contextName, team, user };
 }