* wip
* stash
* fix: make authenticationId nullable fk
* fix: apply generics to resolve compile time type errors
* fix: loosen integration settings
* chore: refactor into functional component
* feat: pass integrations all the way to embeds
* perf: avoid re-fetching integrations
* fix: change attr name to avoid type overlap
* feat: use hostname from embed settings in matcher
* Revert "feat: use hostname from embed settings in matcher"
This reverts commit e7485d9cda4dcf45104e460465ca104a56c67ddc.
* feat: refactor into a class
* chore: refactor url regex formation as a util
* fix: escape regex special chars
* fix: remove in-house escapeRegExp in favor of lodash's
* fix: sanitize url
* perf: memoize embeds
* fix: rename hostname to url and allow spreading entire settings instead of just url
* fix: replace diagrams with drawio
* fix: rename
* fix: support self-hosted and saas both
* fix: assert on settings url
* fix: move embed integrations loading to hook
* fix: address review comments
* fix: use observer in favor of explicit state setters
* fix: refactor useEmbedIntegrations into useEmbeds
* fix: use translations for toasts
Co-authored-by: Tom Moor <tom.moor@gmail.com>
* feat: Put request rate limit at application server
This PR contains implementation for a blanket rate limiter at
application server level. Currently the allowed throughput is set high
only to be changed later as per the actual data gathered.
* Simplify implementation
1. Remove shutdown handler to purge rate limiter keys
2. Have separate keys for default and custom(route-based) rate limiters
3. Do not kill default rate limiter because it is not needed anymore due
to (2) above
* Set 60s as default for rate limiting window
* Fix env types
* wip
* wip
* fix comments
* better separation of conerns
* fix up tests
* fix semantics
* fixup tsc
* fix some tests
* the old semantics were easier to use
* add db:reset to scripts
* explicitly throw for unauthorized external authorization
* fix minor bug
* add additional tests for user creator and team creator
* yank the email matching logic out of teamcreator
* renaming
* fix type and test errors
* adds test to ensure that accountProvisioner works with email matching
* remove only
* fix comments
* recreate changes to allow self hosted to make teams
* make the user lookup in user creator sensitive to team
* add team specific logic to oidc strat
* factor out slugifyDomain
* change type of req during auth to Koa.Context
* feat: merge a new authentication method onto existing user records when emails match
* adds test for invite acceptance and auth provider creation
* addresses comments
- test existing user and invites in different test cases
- update lastActiveAt syncronously when an invite is accepted
* sort arrays in test to prevent nondeterministic test behaivior when doing array compare
* chore: Async user avatar upload processor
* chore: Async team avatar upload
* Refactor to task for retries
* Docs
Include avatarUrl in task props to prevent race condition
Remove transaction around upload fetch request
* Webhooks (#3607)
* Get the migration and the model setup. Also make the sample env file a bit easier to use. Now just requires setting a SECRET_KEY and besides that will boot up from the sample
* WIP: Start getting a Webhook page created. Just the skeleton state right now
* WIP: Getting a form created to create webhooks, need to bring in react-hook-forms now
* WIP: Get library installed and make TS happy
* Get a few checkboxes ready to go
* Get creating and destroying working with a decent start to a frontend
* Didn't mean to enable this
* Remove eslint and fix other random typescript issue
* Rename some events to be more realistic
* Revert these changes
* PR review comments around policies. Also make sure this inherits from IdModel so it actually gets an id
* Allow any admin on the team to edit webhooks
* Start sending some webhooks for some User events
* Make sure the URL is valid
* Start recording webhook deliveries
* Make sure to verify if the subscription is for the type of event we are looking at
* Refactor sending Webhooks and follow better webhook schema
This creates a presenter to unify the format of webhooks. We also
extract the sending of webhooks and recording their deliveries to a
method than can be used by each of the different event type methods
We also add a status to WebhookDelivery since we need to save the record
before we make the HTTP request to get its id. Then once we make the
request and get a response we can update the delivery with the HTTP info
* Turn off a subscription that has failed for the last 25 deliveries
* Get a first spec passing. Found a bug in my returning of promises so good to patch that up now
* This looks nicer
* Get some tests added for the processor
* Add cron task to delete older webhooks
* Add Document Events to the Processor
* Revisions, FileOperations and Collections
* Get all the server side events added to the processor and make Typescript make sure they are all accounted for
* Get all the events added to the Frontend and work on styling them a bit, still needs some love though
* Get UI styled up a bit
* Get events wired up for webhook subscriptions
* Get delete events working and test at least one variant of them
* Get deletes working and actually make sure to send the model id in the webhook
* Remove webhook secrets from this slice
* Add disabled label for subscriptions that are disabled
* Make sure to cascade the delete
* Reorg this file a bit
* Fix association
* I removed secret for the moment
* Apply Copy changes from PR Review
Co-authored-by: Tom Moor <tom.moor@gmail.com>
* Actually apply the copy changes
TIL that if you Resolve a conversation it _also_ removes the 'staged suggestion' from your list on Github
Co-authored-by: Tom Moor <tom.moor@gmail.com>
* Update app/scenes/Settings/Webhooks.tsx
Missed this copy change before
Co-authored-by: Tom Moor <tom.moor@gmail.com>
* Add disabled as yellow badge
* Resolve frontend comments
* Fixup Schema a bit and remove the dependency on the subscription
* Add test to make sure we don't disable until there are enough failures, and fix code to actually do that. Also some test fixes from the json response shape changes
* Fix WebhookDeliveries to store the responses as Text instead of blobs
* Switch to text better for response bodies, this is using the helpers better and makes the code read better
* Move the logic to a task but run in through the processor cause the tests expect that right now, moving the tests over next
* Split up the tests and actually enqueue the events from the WebhookProcessor instead of doing them inline
* Allow any team admin to see any webhook subscription for the team
* Add the indexes based on our lookup patterns
* Run eslint --fix to fix auto correct issues from when I tried to use Github to merge copy changes
* Allow subscriptions to be edited after creation
* Types caught that I didn't add the new event to the webhook processor, also added it to the frontend here
* I think this will get these into the translations file
* Catch a few more translations, use styled components better and remove usage of webhook subscription in the copy
Co-authored-by: Tom Moor <tom.moor@gmail.com>
* fix: tsc
fix: Document model payload empty
* fix: Revision webhook payload
Add custom UA for hooks
* Add webhooks icon, move under Integrations settings
Some spacing fixes
* Add actorId to webhook payloads
* Add View and ApiKey event types
* Spacing tweaks, fix team payload
* fix: Webhook not disabled after 25 failures
* fix: Enable webhook when editing if previously disabled
* fix: Correctly store response headers
* fix: Error in json/parsing/presentation results in hanging 'pending' webhook delivery
* fix: Awkward payload for users.invite webhook
* Add BaseEvent, ShareEvent
* fix: Add share events to form
* fix: Move webhook delivery cleanup to single DB call
Remove some unused abstraction
* Add user, collection, group context to membership webhook events
Some associated refactoring
Co-authored-by: Corey Alexander <coreyja@gmail.com>
* feat: allow personal gmail accounts to be used to sign into teams with an existing invite
* address comments
* add comment for appDomain
* address comments
* chore: Store expiresAt on UserAuthentications. This represents the time that the accessToken is no longer valid and should be exchanged using the refreshToken
* feat: Check and expire Google SSO
* fix: Better handling of multiple auth methods
Added more docs
* fix: Retry access validation with network errors
* Small refactor, add Azure token validation support
* doc
* test
* lint
* OIDC refresh support
* CheckSSOAccessTask -> ValidateSSOAccessTask
Added lastValidatedAt column
Skip checks if validated within 5min
Some edge cases around encrypted columns
* change the api of domain parsing to just parseDomain and getCookieDomain
* adds getBaseDomain as the method to get the domain after any official subdomains
