admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat: wip server folder structure (#4573)

Browse Source 
* feat: wip server folder structure

* fix: merge

* fix: wrong merge

* fix: remove unused file

* fix: comment

* fix: lint

* fix: merge

* fix: remove console.log

* fix: metadata graphql arguments broken
This commit is contained in:
Jérémy M
2024-03-20 16:23:46 +01:00
committed by GitHub
parent da12710fe9
commit e5c1309e8c
461 changed files with 1396 additions and 1322 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
packages/twenty-server/src/engine/core-modules/analytics/analytics.entity.ts Normal file
View File

@ -0,0 +1,9 @@
import { ObjectType, Field } from '@nestjs/graphql';
@ObjectType()
export class Analytics {
@Field(() => Boolean, {
description: 'Boolean that confirms query was dispatched',
})
success: boolean;
}

15
packages/twenty-server/src/engine/core-modules/analytics/analytics.module.ts Normal file
View File

@ -0,0 +1,15 @@
import { Module } from '@nestjs/common';
import { HttpModule } from '@nestjs/axios';
import { AnalyticsService } from './analytics.service';
import { AnalyticsResolver } from './analytics.resolver';
@Module({
providers: [AnalyticsResolver, AnalyticsService],
imports: [
HttpModule.register({
baseURL: 'https://t.twenty.com/api/v1/s2s',
}),
],
})
export class AnalyticsModule {}

34
packages/twenty-server/src/engine/core-modules/analytics/analytics.resolver.spec.ts Normal file
View File

@ -0,0 +1,34 @@
import { Test, TestingModule } from '@nestjs/testing';
import { HttpService } from '@nestjs/axios';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
import { AnalyticsResolver } from './analytics.resolver';
import { AnalyticsService } from './analytics.service';
describe('AnalyticsResolver', () => {
let resolver: AnalyticsResolver;
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
providers: [
AnalyticsResolver,
AnalyticsService,
{
provide: EnvironmentService,
useValue: {},
},
{
provide: HttpService,
useValue: {},
},
],
}).compile();
resolver = module.get<AnalyticsResolver>(AnalyticsResolver);
});
it('should be defined', () => {
expect(resolver).toBeDefined();
});
});

36
packages/twenty-server/src/engine/core-modules/analytics/analytics.resolver.ts Normal file
View File

@ -0,0 +1,36 @@
import { Resolver, Mutation, Args, Context } from '@nestjs/graphql';
import { UseGuards } from '@nestjs/common';
import { Request } from 'express';
import { OptionalJwtAuthGuard } from 'src/engine/guards/optional-jwt.auth.guard';
import { AuthWorkspace } from 'src/engine/decorators/auth/auth-workspace.decorator';
import { AuthUser } from 'src/engine/decorators/auth/auth-user.decorator';
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
import { User } from 'src/engine/core-modules/user/user.entity';
import { AnalyticsService } from './analytics.service';
import { Analytics } from './analytics.entity';
import { CreateAnalyticsInput } from './dto/create-analytics.input';
@UseGuards(OptionalJwtAuthGuard)
@Resolver(() => Analytics)
export class AnalyticsResolver {
constructor(private readonly analyticsService: AnalyticsService) {}
@Mutation(() => Analytics)
track(
@Args() createAnalyticsInput: CreateAnalyticsInput,
@AuthWorkspace() workspace: Workspace | undefined,
@AuthUser({ allowUndefined: true }) user: User | undefined,
@Context('req') request: Request,
) {
return this.analyticsService.create(
createAnalyticsInput,
user,
workspace,
request,
);
}
}

32
packages/twenty-server/src/engine/core-modules/analytics/analytics.service.spec.ts Normal file
View File

@ -0,0 +1,32 @@
import { Test, TestingModule } from '@nestjs/testing';
import { HttpService } from '@nestjs/axios';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
import { AnalyticsService } from './analytics.service';
describe('AnalyticsService', () => {
let service: AnalyticsService;
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
providers: [
AnalyticsService,
{
provide: EnvironmentService,
useValue: {},
},
{
provide: HttpService,
useValue: {},
},
],
}).compile();
service = module.get<AnalyticsService>(AnalyticsService);
});
it('should be defined', () => {
expect(service).toBeDefined();
});
});

60
packages/twenty-server/src/engine/core-modules/analytics/analytics.service.ts Normal file
View File

@ -0,0 +1,60 @@
import { Injectable } from '@nestjs/common';
import { HttpService } from '@nestjs/axios';
import { Request } from 'express';
import { anonymize } from 'src/utils/anonymize';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
import { User } from 'src/engine/core-modules/user/user.entity';
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
import { CreateAnalyticsInput } from './dto/create-analytics.input';
@Injectable()
export class AnalyticsService {
constructor(
private readonly environmentService: EnvironmentService,
private readonly httpService: HttpService,
) {}
async create(
createEventInput: CreateAnalyticsInput,
user: User | undefined,
workspace: Workspace | undefined,
request: Request,
) {
if (!this.environmentService.get('TELEMETRY_ENABLED')) {
return { success: true };
}
const anonymizationEnabled = this.environmentService.get(
'TELEMETRY_ANONYMIZATION_ENABLED',
);
const data = {
type: createEventInput.type,
data: {
hostname: request.hostname,
userUUID: user
? anonymizationEnabled
? anonymize(user.id)
: user.id
: undefined,
workspaceUUID: workspace
? anonymizationEnabled
? anonymize(workspace.id)
: workspace.id
: undefined,
workspaceDisplayName: workspace ? workspace.displayName : undefined,
workspaceDomainName: workspace ? workspace.domainName : undefined,
...createEventInput.data,
},
};
try {
await this.httpService.axiosRef.post('/v1', data);
} catch {}
return { success: true };
}
}

16
packages/twenty-server/src/engine/core-modules/analytics/dto/create-analytics.input.ts Normal file
View File

@ -0,0 +1,16 @@
import { ArgsType, Field } from '@nestjs/graphql';
import graphqlTypeJson from 'graphql-type-json';
import { IsNotEmpty, IsString, IsObject } from 'class-validator';
@ArgsType()
export class CreateAnalyticsInput {
@Field({ description: 'Type of the event' })
@IsNotEmpty()
@IsString()
type: string;
@Field(() => graphqlTypeJson, { description: 'Event data in JSON format' })
@IsObject()
data: JSON;
}

73
packages/twenty-server/src/engine/core-modules/auth/auth.module.ts Normal file
View File

@ -0,0 +1,73 @@
/* eslint-disable no-restricted-imports */
import { Module } from '@nestjs/common';
import { JwtModule } from '@nestjs/jwt';
import { TypeOrmModule } from '@nestjs/typeorm';
import { HttpModule } from '@nestjs/axios';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
import { User } from 'src/engine/core-modules/user/user.entity';
import { RefreshToken } from 'src/engine/core-modules/refresh-token/refresh-token.entity';
import { DataSourceModule } from 'src/engine/metadata-modules/data-source/data-source.module';
import { UserModule } from 'src/engine/core-modules/user/user.module';
import { WorkspaceManagerModule } from 'src/engine/workspace-manager/workspace-manager.module';
import { TypeORMModule } from 'src/database/typeorm/typeorm.module';
import { GoogleAuthController } from 'src/engine/core-modules/auth/controllers/google-auth.controller';
import { GoogleAPIsAuthController } from 'src/engine/core-modules/auth/controllers/google-apis-auth.controller';
import { VerifyAuthController } from 'src/engine/core-modules/auth/controllers/verify-auth.controller';
import { TokenService } from 'src/engine/core-modules/auth/services/token.service';
import { GoogleAPIsService } from 'src/engine/core-modules/auth/services/google-apis.service';
import { UserWorkspaceModule } from 'src/engine/core-modules/user-workspace/user-workspace.module';
import { SignUpService } from 'src/engine/core-modules/auth/services/sign-up.service';
import { GoogleGmailAuthController } from 'src/engine/core-modules/auth/controllers/google-gmail-auth.controller';
import { FeatureFlagEntity } from 'src/engine/core-modules/feature-flag/feature-flag.entity';
import { FileUploadModule } from 'src/engine/core-modules/file/file-upload/file-upload.module';
import { AuthResolver } from './auth.resolver';
import { JwtAuthStrategy } from './strategies/jwt.auth.strategy';
import { AuthService } from './services/auth.service';
const jwtModule = JwtModule.registerAsync({
useFactory: async (environmentService: EnvironmentService) => {
return {
secret: environmentService.get('ACCESS_TOKEN_SECRET'),
signOptions: {
expiresIn: environmentService.get('ACCESS_TOKEN_EXPIRES_IN'),
},
};
},
inject: [EnvironmentService],
});
@Module({
imports: [
jwtModule,
FileUploadModule,
DataSourceModule,
UserModule,
WorkspaceManagerModule,
TypeORMModule,
TypeOrmModule.forFeature(
[Workspace, User, RefreshToken, FeatureFlagEntity],
'core',
),
HttpModule,
UserWorkspaceModule,
],
controllers: [
GoogleAuthController,
GoogleAPIsAuthController,
GoogleGmailAuthController,
VerifyAuthController,
],
providers: [
SignUpService,
AuthService,
TokenService,
JwtAuthStrategy,
AuthResolver,
GoogleAPIsService,
],
exports: [jwtModule, TokenService],
})
export class AuthModule {}

54
packages/twenty-server/src/engine/core-modules/auth/auth.resolver.spec.ts Normal file
View File

@ -0,0 +1,54 @@
import { Test, TestingModule } from '@nestjs/testing';
import { getRepositoryToken } from '@nestjs/typeorm';
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
import { UserService } from 'src/engine/core-modules/user/services/user.service';
import { UserWorkspaceService } from 'src/engine/core-modules/user-workspace/user-workspace.service';
import { User } from 'src/engine/core-modules/user/user.entity';
import { AuthResolver } from './auth.resolver';
import { TokenService } from './services/token.service';
import { AuthService } from './services/auth.service';
describe('AuthResolver', () => {
let resolver: AuthResolver;
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
providers: [
AuthResolver,
{
provide: getRepositoryToken(Workspace, 'core'),
useValue: {},
},
{
provide: getRepositoryToken(User, 'core'),
useValue: {},
},
{
provide: AuthService,
useValue: {},
},
{
provide: TokenService,
useValue: {},
},
{
provide: UserService,
useValue: {},
},
{
provide: UserWorkspaceService,
useValue: {},
},
],
}).compile();
resolver = module.get<AuthResolver>(AuthResolver);
});
it('should be defined', () => {
expect(resolver).toBeDefined();
});
});

228
packages/twenty-server/src/engine/core-modules/auth/auth.resolver.ts Normal file
View File

@ -0,0 +1,228 @@
import { Args, Mutation, Query, Resolver } from '@nestjs/graphql';
import {
BadRequestException,
ForbiddenException,
InternalServerErrorException,
NotFoundException,
UseGuards,
} from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { JwtAuthGuard } from 'src/engine/guards/jwt.auth.guard';
import { AuthUser } from 'src/engine/decorators/auth/auth-user.decorator';
import { assert } from 'src/utils/assert';
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
import { AuthWorkspace } from 'src/engine/decorators/auth/auth-workspace.decorator';
import { User } from 'src/engine/core-modules/user/user.entity';
import { ApiKeyTokenInput } from 'src/engine/core-modules/auth/dto/api-key-token.input';
import { ValidatePasswordResetToken } from 'src/engine/core-modules/auth/dto/validate-password-reset-token.entity';
import { TransientToken } from 'src/engine/core-modules/auth/dto/transient-token.entity';
import { UserService } from 'src/engine/core-modules/user/services/user.service';
import { ValidatePasswordResetTokenInput } from 'src/engine/core-modules/auth/dto/validate-password-reset-token.input';
import { UpdatePasswordViaResetTokenInput } from 'src/engine/core-modules/auth/dto/update-password-via-reset-token.input';
import { EmailPasswordResetLink } from 'src/engine/core-modules/auth/dto/email-password-reset-link.entity';
import { InvalidatePassword } from 'src/engine/core-modules/auth/dto/invalidate-password.entity';
import { EmailPasswordResetLinkInput } from 'src/engine/core-modules/auth/dto/email-password-reset-link.input';
import { GenerateJwtInput } from 'src/engine/core-modules/auth/dto/generate-jwt.input';
import { UserWorkspaceService } from 'src/engine/core-modules/user-workspace/user-workspace.service';
import { ApiKeyToken, AuthTokens } from './dto/token.entity';
import { TokenService } from './services/token.service';
import { RefreshTokenInput } from './dto/refresh-token.input';
import { Verify } from './dto/verify.entity';
import { VerifyInput } from './dto/verify.input';
import { AuthService } from './services/auth.service';
import { LoginToken } from './dto/login-token.entity';
import { ChallengeInput } from './dto/challenge.input';
import { UserExists } from './dto/user-exists.entity';
import { CheckUserExistsInput } from './dto/user-exists.input';
import { WorkspaceInviteHashValid } from './dto/workspace-invite-hash-valid.entity';
import { WorkspaceInviteHashValidInput } from './dto/workspace-invite-hash.input';
import { SignUpInput } from './dto/sign-up.input';
import { ImpersonateInput } from './dto/impersonate.input';
@Resolver()
export class AuthResolver {
constructor(
@InjectRepository(Workspace, 'core')
private readonly workspaceRepository: Repository<Workspace>,
private authService: AuthService,
private tokenService: TokenService,
private userService: UserService,
private userWorkspaceService: UserWorkspaceService,
) {}
@Query(() => UserExists)
async checkUserExists(
@Args() checkUserExistsInput: CheckUserExistsInput,
): Promise<UserExists> {
const { exists } = await this.authService.checkUserExists(
checkUserExistsInput.email,
);
return { exists };
}
@Query(() => WorkspaceInviteHashValid)
async checkWorkspaceInviteHashIsValid(
@Args() workspaceInviteHashValidInput: WorkspaceInviteHashValidInput,
): Promise<WorkspaceInviteHashValid> {
return await this.authService.checkWorkspaceInviteHashIsValid(
workspaceInviteHashValidInput.inviteHash,
);
}
@Query(() => Workspace)
async findWorkspaceFromInviteHash(
@Args() workspaceInviteHashValidInput: WorkspaceInviteHashValidInput,
) {
return await this.workspaceRepository.findOneBy({
inviteHash: workspaceInviteHashValidInput.inviteHash,
});
}
@Mutation(() => LoginToken)
async challenge(@Args() challengeInput: ChallengeInput): Promise<LoginToken> {
const user = await this.authService.challenge(challengeInput);
const loginToken = await this.tokenService.generateLoginToken(user.email);
return { loginToken };
}
@Mutation(() => LoginToken)
async signUp(@Args() signUpInput: SignUpInput): Promise<LoginToken> {
const user = await this.authService.signUp(signUpInput);
const loginToken = await this.tokenService.generateLoginToken(user.email);
return { loginToken };
}
@Mutation(() => TransientToken)
@UseGuards(JwtAuthGuard)
async generateTransientToken(
@AuthUser() user: User,
): Promise<TransientToken | void> {
const workspaceMember = await this.userService.loadWorkspaceMember(user);
if (!workspaceMember) {
return;
}
const transientToken = await this.tokenService.generateTransientToken(
workspaceMember.id,
user.defaultWorkspace.id,
);
return { transientToken };
}
@Mutation(() => Verify)
async verify(@Args() verifyInput: VerifyInput): Promise<Verify> {
const email = await this.tokenService.verifyLoginToken(
verifyInput.loginToken,
);
assert(email, 'Invalid token', ForbiddenException);
const result = await this.authService.verify(email);
return result;
}
@Mutation(() => AuthTokens)
@UseGuards(JwtAuthGuard)
async generateJWT(
@AuthUser() user: User,
@Args() args: GenerateJwtInput,
): Promise<AuthTokens> {
const token = await this.tokenService.generateSwitchWorkspaceToken(
user,
args.workspaceId,
);
return token;
}
@Mutation(() => AuthTokens)
async renewToken(@Args() args: RefreshTokenInput): Promise<AuthTokens> {
if (!args.refreshToken) {
throw new BadRequestException('Refresh token is mendatory');
}
const tokens = await this.tokenService.generateTokensFromRefreshToken(
args.refreshToken,
);
return { tokens: tokens };
}
@UseGuards(JwtAuthGuard)
@Mutation(() => Verify)
async impersonate(
@Args() impersonateInput: ImpersonateInput,
@AuthUser() user: User,
): Promise<Verify> {
// Check if user can impersonate
assert(user.canImpersonate, 'User cannot impersonate', ForbiddenException);
return this.authService.impersonate(impersonateInput.userId);
}
@UseGuards(JwtAuthGuard)
@Mutation(() => ApiKeyToken)
async generateApiKeyToken(
@Args() args: ApiKeyTokenInput,
@AuthWorkspace() { id: workspaceId }: Workspace,
): Promise<ApiKeyToken | undefined> {
return await this.tokenService.generateApiKeyToken(
workspaceId,
args.apiKeyId,
args.expiresAt,
);
}
@Mutation(() => EmailPasswordResetLink)
async emailPasswordResetLink(
@Args() emailPasswordResetInput: EmailPasswordResetLinkInput,
): Promise<EmailPasswordResetLink> {
const resetToken = await this.tokenService.generatePasswordResetToken(
emailPasswordResetInput.email,
);
return await this.tokenService.sendEmailPasswordResetLink(
resetToken,
emailPasswordResetInput.email,
);
}
@Mutation(() => InvalidatePassword)
async updatePasswordViaResetToken(
@Args() args: UpdatePasswordViaResetTokenInput,
): Promise<InvalidatePassword> {
const { id } = await this.tokenService.validatePasswordResetToken(
args.passwordResetToken,
);
assert(id, 'User not found', NotFoundException);
const { success } = await this.authService.updatePassword(
id,
args.newPassword,
);
assert(success, 'Password update failed', InternalServerErrorException);
return await this.tokenService.invalidatePasswordResetToken(id);
}
@Query(() => ValidatePasswordResetToken)
async validatePasswordResetToken(
@Args() args: ValidatePasswordResetTokenInput,
): Promise<ValidatePasswordResetToken> {
return this.tokenService.validatePasswordResetToken(
args.passwordResetToken,
);
}
}

15
packages/twenty-server/src/engine/core-modules/auth/auth.util.ts Normal file
View File

@ -0,0 +1,15 @@
import * as bcrypt from 'bcrypt';
export const PASSWORD_REGEX = /^.{8,}$/;
const saltRounds = 10;
export const hashPassword = async (password: string) => {
const hash = await bcrypt.hash(password, saltRounds);
return hash;
};
export const compareHash = async (password: string, passwordHash: string) => {
return bcrypt.compare(password, passwordHash);
};

63
packages/twenty-server/src/engine/core-modules/auth/controllers/google-apis-auth.controller.ts Normal file
View File

@ -0,0 +1,63 @@
import { Controller, Get, Req, Res, UseGuards } from '@nestjs/common';
import { Response } from 'express';
import { GoogleAPIsProviderEnabledGuard } from 'src/engine/core-modules/auth/guards/google-apis-provider-enabled.guard';
import { GoogleAPIsOauthGuard } from 'src/engine/core-modules/auth/guards/google-apis-oauth.guard';
import { GoogleAPIsRequest } from 'src/engine/core-modules/auth/strategies/google-apis.auth.strategy';
import { GoogleAPIsService } from 'src/engine/core-modules/auth/services/google-apis.service';
import { TokenService } from 'src/engine/core-modules/auth/services/token.service';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
@Controller('auth/google-apis')
export class GoogleAPIsAuthController {
constructor(
private readonly googleAPIsService: GoogleAPIsService,
private readonly tokenService: TokenService,
private readonly environmentService: EnvironmentService,
) {}
@Get()
@UseGuards(GoogleAPIsProviderEnabledGuard, GoogleAPIsOauthGuard)
async googleAuth() {
// As this method is protected by Google Auth guard, it will trigger Google SSO flow
return;
}
@Get('get-access-token')
@UseGuards(GoogleAPIsProviderEnabledGuard, GoogleAPIsOauthGuard)
async googleAuthGetAccessToken(
@Req() req: GoogleAPIsRequest,
@Res() res: Response,
) {
const { user } = req;
const { email, accessToken, refreshToken, transientToken } = user;
const { workspaceMemberId, workspaceId } =
await this.tokenService.verifyTransientToken(transientToken);
const demoWorkspaceIds = this.environmentService.get('DEMO_WORKSPACE_IDS');
if (demoWorkspaceIds.includes(workspaceId)) {
throw new Error('Cannot connect Google account to demo workspace');
}
if (!workspaceId) {
throw new Error('Workspace not found');
}
await this.googleAPIsService.saveConnectedAccount({
handle: email,
workspaceMemberId: workspaceMemberId,
workspaceId: workspaceId,
provider: 'google',
accessToken,
refreshToken,
});
return res.redirect(
`${this.environmentService.get('FRONT_BASE_URL')}/settings/accounts`,
);
}
}

70
packages/twenty-server/src/engine/core-modules/auth/controllers/google-auth.controller.ts Normal file
View File

@ -0,0 +1,70 @@
import { Controller, Get, Req, Res, UseGuards } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Response } from 'express';
import { Repository } from 'typeorm';
import { GoogleRequest } from 'src/engine/core-modules/auth/strategies/google.auth.strategy';
import { TokenService } from 'src/engine/core-modules/auth/services/token.service';
import { GoogleProviderEnabledGuard } from 'src/engine/core-modules/auth/guards/google-provider-enabled.guard';
import { GoogleOauthGuard } from 'src/engine/core-modules/auth/guards/google-oauth.guard';
import { User } from 'src/engine/core-modules/user/user.entity';
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
import { AuthService } from 'src/engine/core-modules/auth/services/auth.service';
import { TypeORMService } from 'src/database/typeorm/typeorm.service';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
@Controller('auth/google')
export class GoogleAuthController {
constructor(
private readonly tokenService: TokenService,
private readonly environmentService: EnvironmentService,
private readonly typeORMService: TypeORMService,
private readonly authService: AuthService,
@InjectRepository(Workspace, 'core')
@InjectRepository(User, 'core')
private readonly userRepository: Repository<User>,
) {}
@Get()
@UseGuards(GoogleProviderEnabledGuard, GoogleOauthGuard)
async googleAuth() {
// As this method is protected by Google Auth guard, it will trigger Google SSO flow
return;
}
@Get('redirect')
@UseGuards(GoogleProviderEnabledGuard, GoogleOauthGuard)
async googleAuthRedirect(@Req() req: GoogleRequest, @Res() res: Response) {
const { firstName, lastName, email, picture, workspaceInviteHash } =
req.user;
const mainDataSource = this.typeORMService.getMainDataSource();
const existingUser = await mainDataSource
.getRepository(User)
.findOneBy({ email: email });
if (existingUser) {
const loginToken = await this.tokenService.generateLoginToken(
existingUser.email,
);
return res.redirect(
this.tokenService.computeRedirectURI(loginToken.token),
);
}
const user = await this.authService.signUp({
email,
firstName,
lastName,
picture,
workspaceInviteHash,
});
const loginToken = await this.tokenService.generateLoginToken(user.email);
return res.redirect(this.tokenService.computeRedirectURI(loginToken.token));
}
}

63
packages/twenty-server/src/engine/core-modules/auth/controllers/google-gmail-auth.controller.ts Normal file
View File

@ -0,0 +1,63 @@
import { Controller, Get, Req, Res, UseGuards } from '@nestjs/common';
import { Response } from 'express';
import { GoogleAPIsOauthGuard } from 'src/engine/core-modules/auth/guards/google-apis-oauth.guard';
import { GoogleAPIsProviderEnabledGuard } from 'src/engine/core-modules/auth/guards/google-apis-provider-enabled.guard';
import { GoogleAPIsService } from 'src/engine/core-modules/auth/services/google-apis.service';
import { TokenService } from 'src/engine/core-modules/auth/services/token.service';
import { GoogleAPIsRequest } from 'src/engine/core-modules/auth/strategies/google-apis.auth.strategy';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
@Controller('auth/google-gmail')
export class GoogleGmailAuthController {
constructor(
private readonly googleGmailService: GoogleAPIsService,
private readonly tokenService: TokenService,
private readonly environmentService: EnvironmentService,
) {}
@Get()
@UseGuards(GoogleAPIsProviderEnabledGuard, GoogleAPIsOauthGuard)
async googleAuth() {
// As this method is protected by Google Auth guard, it will trigger Google SSO flow
return;
}
@Get('get-access-token')
@UseGuards(GoogleAPIsProviderEnabledGuard, GoogleAPIsOauthGuard)
async googleAuthGetAccessToken(
@Req() req: GoogleAPIsRequest,
@Res() res: Response,
) {
const { user } = req;
const { email, accessToken, refreshToken, transientToken } = user;
const { workspaceMemberId, workspaceId } =
await this.tokenService.verifyTransientToken(transientToken);
const demoWorkspaceIds = this.environmentService.get('DEMO_WORKSPACE_IDS');
if (demoWorkspaceIds.includes(workspaceId)) {
throw new Error('Cannot connect Gmail account to demo workspace');
}
if (!workspaceId) {
throw new Error('Workspace not found');
}
await this.googleGmailService.saveConnectedAccount({
handle: email,
workspaceMemberId: workspaceMemberId,
workspaceId: workspaceId,
provider: 'gmail',
accessToken,
refreshToken,
});
return res.redirect(
`${this.environmentService.get('FRONT_BASE_URL')}/settings/accounts`,
);
}
}

32
packages/twenty-server/src/engine/core-modules/auth/controllers/verify-auth.controller.spec.ts Normal file
View File

@ -0,0 +1,32 @@
import { Test, TestingModule } from '@nestjs/testing';
import { AuthService } from 'src/engine/core-modules/auth/services/auth.service';
import { TokenService } from 'src/engine/core-modules/auth/services/token.service';
import { VerifyAuthController } from './verify-auth.controller';
describe('VerifyAuthController', () => {
let controller: VerifyAuthController;
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
controllers: [VerifyAuthController],
providers: [
{
provide: AuthService,
useValue: {},
},
{
provide: TokenService,
useValue: {},
},
],
}).compile();
controller = module.get<VerifyAuthController>(VerifyAuthController);
});
it('should be defined', () => {
expect(controller).toBeDefined();
});
});

24
packages/twenty-server/src/engine/core-modules/auth/controllers/verify-auth.controller.ts Normal file
View File

@ -0,0 +1,24 @@
import { Body, Controller, Post } from '@nestjs/common';
import { AuthService } from 'src/engine/core-modules/auth/services/auth.service';
import { VerifyInput } from 'src/engine/core-modules/auth/dto/verify.input';
import { Verify } from 'src/engine/core-modules/auth/dto/verify.entity';
import { TokenService } from 'src/engine/core-modules/auth/services/token.service';
@Controller('auth/verify')
export class VerifyAuthController {
constructor(
private readonly authService: AuthService,
private readonly tokenService: TokenService,
) {}
@Post()
async verify(@Body() verifyInput: VerifyInput): Promise<Verify> {
const email = await this.tokenService.verifyLoginToken(
verifyInput.loginToken,
);
const result = await this.authService.verify(email);
return result;
}
}

15
packages/twenty-server/src/engine/core-modules/auth/dto/api-key-token.input.ts Normal file
View File

@ -0,0 +1,15 @@
import { ArgsType, Field } from '@nestjs/graphql';
import { IsNotEmpty, IsString } from 'class-validator';
@ArgsType()
export class ApiKeyTokenInput {
@Field(() => String)
@IsNotEmpty()
@IsString()
apiKeyId: string;
@Field(() => String)
@IsNotEmpty()
expiresAt: string;
}

16
packages/twenty-server/src/engine/core-modules/auth/dto/challenge.input.ts Normal file
View File

@ -0,0 +1,16 @@
import { ArgsType, Field } from '@nestjs/graphql';
import { IsEmail, IsNotEmpty, IsString } from 'class-validator';
@ArgsType()
export class ChallengeInput {
@Field(() => String)
@IsNotEmpty()
@IsEmail()
email: string;
@Field(() => String)
@IsNotEmpty()
@IsString()
password: string;
}

9
packages/twenty-server/src/engine/core-modules/auth/dto/email-password-reset-link.entity.ts Normal file
View File

@ -0,0 +1,9 @@
import { Field, ObjectType } from '@nestjs/graphql';
@ObjectType()
export class EmailPasswordResetLink {
@Field(() => Boolean, {
description: 'Boolean that confirms query was dispatched',
})
success: boolean;
}

11
packages/twenty-server/src/engine/core-modules/auth/dto/email-password-reset-link.input.ts Normal file
View File

@ -0,0 +1,11 @@
import { ArgsType, Field } from '@nestjs/graphql';
import { IsEmail, IsNotEmpty } from 'class-validator';
@ArgsType()
export class EmailPasswordResetLinkInput {
@Field(() => String)
@IsNotEmpty()
@IsEmail()
email: string;
}

11
packages/twenty-server/src/engine/core-modules/auth/dto/generate-jwt.input.ts Normal file
View File

@ -0,0 +1,11 @@
import { ArgsType, Field } from '@nestjs/graphql';
import { IsNotEmpty, IsString } from 'class-validator';
@ArgsType()
export class GenerateJwtInput {
@Field(() => String)
@IsNotEmpty()
@IsString()
workspaceId: string;
}

11
packages/twenty-server/src/engine/core-modules/auth/dto/impersonate.input.ts Normal file
View File

@ -0,0 +1,11 @@
import { ArgsType, Field } from '@nestjs/graphql';
import { IsNotEmpty, IsString } from 'class-validator';
@ArgsType()
export class ImpersonateInput {
@Field(() => String)
@IsNotEmpty()
@IsString()
userId: string;
}

9
packages/twenty-server/src/engine/core-modules/auth/dto/invalidate-password.entity.ts Normal file
View File

@ -0,0 +1,9 @@
import { ObjectType, Field } from '@nestjs/graphql';
@ObjectType()
export class InvalidatePassword {
@Field(() => Boolean, {
description: 'Boolean that confirms query was dispatched',
})
success: boolean;
}

9
packages/twenty-server/src/engine/core-modules/auth/dto/login-token.entity.ts Normal file
View File

@ -0,0 +1,9 @@
import { Field, ObjectType } from '@nestjs/graphql';
import { AuthToken } from './token.entity';
@ObjectType()
export class LoginToken {
@Field(() => AuthToken)
loginToken: AuthToken;
}

11
packages/twenty-server/src/engine/core-modules/auth/dto/password-reset-token.input.ts Normal file
View File

@ -0,0 +1,11 @@
import { ArgsType, Field } from '@nestjs/graphql';
import { IsEmail, IsNotEmpty } from 'class-validator';
@ArgsType()
export class PasswordResetTokenInput {
@Field(() => String)
@IsNotEmpty()
@IsEmail()
email: string;
}

11
packages/twenty-server/src/engine/core-modules/auth/dto/refresh-token.input.ts Normal file
View File

@ -0,0 +1,11 @@
import { ArgsType, Field } from '@nestjs/graphql';
import { IsNotEmpty, IsString } from 'class-validator';
@ArgsType()
export class RefreshTokenInput {
@Field(() => String)
@IsNotEmpty()
@IsString()
refreshToken: string;
}

36
packages/twenty-server/src/engine/core-modules/auth/dto/save-connected-account.ts Normal file
View File

@ -0,0 +1,36 @@
import { ArgsType, Field } from '@nestjs/graphql';
import { IsNotEmpty, IsString } from 'class-validator';
@ArgsType()
export class SaveConnectedAccountInput {
@Field(() => String)
@IsNotEmpty()
@IsString()
handle: string;
@Field(() => String)
@IsNotEmpty()
@IsString()
workspaceMemberId: string;
@Field(() => String)
@IsNotEmpty()
@IsString()
workspaceId: string;
@Field(() => String)
@IsNotEmpty()
@IsString()
provider: string;
@Field(() => String)
@IsNotEmpty()
@IsString()
accessToken: string;
@Field(() => String)
@IsNotEmpty()
@IsString()
refreshToken: string;
}

21
packages/twenty-server/src/engine/core-modules/auth/dto/sign-up.input.ts Normal file
View File

@ -0,0 +1,21 @@
import { ArgsType, Field } from '@nestjs/graphql';
import { IsEmail, IsNotEmpty, IsOptional, IsString } from 'class-validator';
@ArgsType()
export class SignUpInput {
@Field(() => String)
@IsNotEmpty()
@IsEmail()
email: string;
@Field(() => String)
@IsNotEmpty()
@IsString()
password: string;
@Field(() => String, { nullable: true })
@IsString()
@IsOptional()
workspaceInviteHash?: string;
}

40
packages/twenty-server/src/engine/core-modules/auth/dto/token.entity.ts Normal file
View File

@ -0,0 +1,40 @@
import { Field, ObjectType } from '@nestjs/graphql';
@ObjectType()
export class AuthToken {
@Field(() => String)
token: string;
@Field(() => Date)
expiresAt: Date;
}
@ObjectType()
export class ApiKeyToken {
@Field(() => String)
token: string;
}
@ObjectType()
export class AuthTokenPair {
@Field(() => AuthToken)
accessToken: AuthToken;
@Field(() => AuthToken)
refreshToken: AuthToken;
}
@ObjectType()
export class AuthTokens {
@Field(() => AuthTokenPair)
tokens: AuthTokenPair;
}
@ObjectType()
export class PasswordResetToken {
@Field(() => String)
passwordResetToken: string;
@Field(() => Date)
passwordResetTokenExpiresAt: Date;
}

9
packages/twenty-server/src/engine/core-modules/auth/dto/transient-token.entity.ts Normal file
View File

@ -0,0 +1,9 @@
import { Field, ObjectType } from '@nestjs/graphql';
import { AuthToken } from './token.entity';
@ObjectType()
export class TransientToken {
@Field(() => AuthToken)
transientToken: AuthToken;
}

16
packages/twenty-server/src/engine/core-modules/auth/dto/update-password-via-reset-token.input.ts Normal file
View File

@ -0,0 +1,16 @@
import { ArgsType, Field } from '@nestjs/graphql';
import { IsNotEmpty, IsString } from 'class-validator';
@ArgsType()
export class UpdatePasswordViaResetTokenInput {
@Field(() => String)
@IsNotEmpty()
@IsString()
passwordResetToken: string;
@Field(() => String)
@IsNotEmpty()
@IsString()
newPassword: string;
}

9
packages/twenty-server/src/engine/core-modules/auth/dto/update-password.entity.ts Normal file
View File

@ -0,0 +1,9 @@
import { ObjectType, Field } from '@nestjs/graphql';
@ObjectType()
export class UpdatePassword {
@Field(() => Boolean, {
description: 'Boolean that confirms query was dispatched',
})
success: boolean;
}

7
packages/twenty-server/src/engine/core-modules/auth/dto/user-exists.entity.ts Normal file
View File

@ -0,0 +1,7 @@
import { Field, ObjectType } from '@nestjs/graphql';
@ObjectType()
export class UserExists {
@Field(() => Boolean)
exists: boolean;
}

11
packages/twenty-server/src/engine/core-modules/auth/dto/user-exists.input.ts Normal file
View File

@ -0,0 +1,11 @@
import { ArgsType, Field } from '@nestjs/graphql';
import { IsNotEmpty, IsString } from 'class-validator';
@ArgsType()
export class CheckUserExistsInput {
@Field(() => String)
@IsString()
@IsNotEmpty()
email: string;
}

10
packages/twenty-server/src/engine/core-modules/auth/dto/validate-password-reset-token.entity.ts Normal file
View File

@ -0,0 +1,10 @@
import { Field, ObjectType } from '@nestjs/graphql';
@ObjectType()
export class ValidatePasswordResetToken {
@Field(() => String)
id: string;
@Field(() => String)
email: string;
}

11
packages/twenty-server/src/engine/core-modules/auth/dto/validate-password-reset-token.input.ts Normal file
View File

@ -0,0 +1,11 @@
import { ArgsType, Field } from '@nestjs/graphql';
import { IsNotEmpty, IsString } from 'class-validator';
@ArgsType()
export class ValidatePasswordResetTokenInput {
@Field(() => String)
@IsNotEmpty()
@IsString()
passwordResetToken: string;
}

11
packages/twenty-server/src/engine/core-modules/auth/dto/verify.entity.ts Normal file
View File

@ -0,0 +1,11 @@
import { Field, ObjectType } from '@nestjs/graphql';
import { User } from 'src/engine/core-modules/user/user.entity';
import { AuthTokens } from './token.entity';
@ObjectType()
export class Verify extends AuthTokens {
@Field(() => User)
user: DeepPartial<User>;
}

11
packages/twenty-server/src/engine/core-modules/auth/dto/verify.input.ts Normal file
View File

@ -0,0 +1,11 @@
import { ArgsType, Field } from '@nestjs/graphql';
import { IsNotEmpty, IsString } from 'class-validator';
@ArgsType()
export class VerifyInput {
@Field(() => String)
@IsNotEmpty()
@IsString()
loginToken: string;
}

7
packages/twenty-server/src/engine/core-modules/auth/dto/workspace-invite-hash-valid.entity.ts Normal file
View File

@ -0,0 +1,7 @@
import { Field, ObjectType } from '@nestjs/graphql';
@ObjectType()
export class WorkspaceInviteHashValid {
@Field(() => Boolean)
isValid: boolean;
}

12
packages/twenty-server/src/engine/core-modules/auth/dto/workspace-invite-hash.input.ts Normal file
View File

@ -0,0 +1,12 @@
import { ArgsType, Field } from '@nestjs/graphql';
import { IsNotEmpty, IsString, MinLength } from 'class-validator';
@ArgsType()
export class WorkspaceInviteHashValidInput {
@Field(() => String)
@IsString()
@IsNotEmpty()
@MinLength(10)
inviteHash: string;
}

27
packages/twenty-server/src/engine/core-modules/auth/guards/google-apis-oauth.guard.ts Normal file
View File

@ -0,0 +1,27 @@
import { ExecutionContext, Injectable } from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
@Injectable()
export class GoogleAPIsOauthGuard extends AuthGuard('google-apis') {
constructor() {
super({
prompt: 'select_account',
});
}
async canActivate(context: ExecutionContext) {
try {
const request = context.switchToHttp().getRequest();
const transientToken = request.query.transientToken;
if (transientToken && typeof transientToken === 'string') {
request.params.transientToken = transientToken;
}
const activate = (await super.canActivate(context)) as boolean;
return activate;
} catch (ex) {
throw ex;
}
}
}

24
packages/twenty-server/src/engine/core-modules/auth/guards/google-apis-provider-enabled.guard.ts Normal file
View File

@ -0,0 +1,24 @@
import { Injectable, CanActivate, NotFoundException } from '@nestjs/common';
import { Observable } from 'rxjs';
import { GoogleAPIsStrategy } from 'src/engine/core-modules/auth/strategies/google-apis.auth.strategy';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
@Injectable()
export class GoogleAPIsProviderEnabledGuard implements CanActivate {
constructor(private readonly environmentService: EnvironmentService) {}
canActivate(): boolean | Promise<boolean> | Observable<boolean> {
if (
!this.environmentService.get('MESSAGING_PROVIDER_GMAIL_ENABLED') &&
!this.environmentService.get('CALENDAR_PROVIDER_GOOGLE_ENABLED')
) {
throw new NotFoundException('Google apis auth is not enabled');
}
new GoogleAPIsStrategy(this.environmentService);
return true;
}
}

21
packages/twenty-server/src/engine/core-modules/auth/guards/google-gmail-provider-enabled.guard.ts Normal file
View File

@ -0,0 +1,21 @@
import { Injectable, CanActivate, NotFoundException } from '@nestjs/common';
import { Observable } from 'rxjs';
import { GoogleAPIsStrategy } from 'src/engine/core-modules/auth/strategies/google-apis.auth.strategy';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
@Injectable()
export class GoogleGmailProviderEnabledGuard implements CanActivate {
constructor(private readonly environmentService: EnvironmentService) {}
canActivate(): boolean | Promise<boolean> | Observable<boolean> {
if (!this.environmentService.get('MESSAGING_PROVIDER_GMAIL_ENABLED')) {
throw new NotFoundException('Gmail auth is not enabled');
}
new GoogleAPIsStrategy(this.environmentService);
return true;
}
}

27
packages/twenty-server/src/engine/core-modules/auth/guards/google-oauth.guard.ts Normal file
View File

@ -0,0 +1,27 @@
import { ExecutionContext, Injectable } from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
@Injectable()
export class GoogleOauthGuard extends AuthGuard('google') {
constructor() {
super({
prompt: 'select_account',
});
}
async canActivate(context: ExecutionContext) {
try {
const request = context.switchToHttp().getRequest();
const workspaceInviteHash = request.query.inviteHash;
if (workspaceInviteHash && typeof workspaceInviteHash === 'string') {
request.params.workspaceInviteHash = workspaceInviteHash;
}
const activate = (await super.canActivate(context)) as boolean;
return activate;
} catch (ex) {
throw ex;
}
}
}

21
packages/twenty-server/src/engine/core-modules/auth/guards/google-provider-enabled.guard.ts Normal file
View File

@ -0,0 +1,21 @@
import { Injectable, CanActivate, NotFoundException } from '@nestjs/common';
import { Observable } from 'rxjs';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
import { GoogleStrategy } from 'src/engine/core-modules/auth/strategies/google.auth.strategy';
@Injectable()
export class GoogleProviderEnabledGuard implements CanActivate {
constructor(private readonly environmentService: EnvironmentService) {}
canActivate(): boolean | Promise<boolean> | Observable<boolean> {
if (!this.environmentService.get('AUTH_GOOGLE_ENABLED')) {
throw new NotFoundException('Google auth is not enabled');
}
new GoogleStrategy(this.environmentService);
return true;
}
}

63
packages/twenty-server/src/engine/core-modules/auth/services/auth.service.spec.ts Normal file
View File

@ -0,0 +1,63 @@
import { Test, TestingModule } from '@nestjs/testing';
import { getRepositoryToken } from '@nestjs/typeorm';
import { UserService } from 'src/engine/core-modules/user/services/user.service';
import { WorkspaceManagerService } from 'src/engine/workspace-manager/workspace-manager.service';
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
import { User } from 'src/engine/core-modules/user/user.entity';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
import { EmailService } from 'src/engine/integrations/email/email.service';
import { SignUpService } from 'src/engine/core-modules/auth/services/sign-up.service';
import { AuthService } from './auth.service';
import { TokenService } from './token.service';
describe('AuthService', () => {
let service: AuthService;
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
providers: [
AuthService,
{
provide: TokenService,
useValue: {},
},
{
provide: UserService,
useValue: {},
},
{
provide: SignUpService,
useValue: {},
},
{
provide: WorkspaceManagerService,
useValue: {},
},
{
provide: getRepositoryToken(Workspace, 'core'),
useValue: {},
},
{
provide: getRepositoryToken(User, 'core'),
useValue: {},
},
{
provide: EnvironmentService,
useValue: {},
},
{
provide: EmailService,
useValue: {},
},
],
}).compile();
service = module.get<AuthService>(AuthService);
});
it('should be defined', () => {
expect(service).toBeDefined();
});
});

219
packages/twenty-server/src/engine/core-modules/auth/services/auth.service.ts Normal file
View File

@ -0,0 +1,219 @@
import {
BadRequestException,
ForbiddenException,
Injectable,
NotFoundException,
} from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { render } from '@react-email/components';
import { PasswordUpdateNotifyEmail } from 'twenty-emails';
import { ChallengeInput } from 'src/engine/core-modules/auth/dto/challenge.input';
import { assert } from 'src/utils/assert';
import {
PASSWORD_REGEX,
compareHash,
hashPassword,
} from 'src/engine/core-modules/auth/auth.util';
import { Verify } from 'src/engine/core-modules/auth/dto/verify.entity';
import { UserExists } from 'src/engine/core-modules/auth/dto/user-exists.entity';
import { WorkspaceInviteHashValid } from 'src/engine/core-modules/auth/dto/workspace-invite-hash-valid.entity';
import { User } from 'src/engine/core-modules/user/user.entity';
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
import { UserService } from 'src/engine/core-modules/user/services/user.service';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
import { EmailService } from 'src/engine/integrations/email/email.service';
import { UpdatePassword } from 'src/engine/core-modules/auth/dto/update-password.entity';
import { SignUpService } from 'src/engine/core-modules/auth/services/sign-up.service';
import { TokenService } from './token.service';
export type UserPayload = {
firstName: string;
lastName: string;
email: string;
};
@Injectable()
export class AuthService {
constructor(
private readonly tokenService: TokenService,
private readonly userService: UserService,
private readonly signUpService: SignUpService,
@InjectRepository(Workspace, 'core')
private readonly workspaceRepository: Repository<Workspace>,
@InjectRepository(User, 'core')
private readonly userRepository: Repository<User>,
private readonly environmentService: EnvironmentService,
private readonly emailService: EmailService,
) {}
async challenge(challengeInput: ChallengeInput) {
const user = await this.userRepository.findOneBy({
email: challengeInput.email,
});
assert(user, "This user doesn't exist", NotFoundException);
assert(user.passwordHash, 'Incorrect login method', ForbiddenException);
const isValid = await compareHash(
challengeInput.password,
user.passwordHash,
);
assert(isValid, 'Wrong password', ForbiddenException);
return user;
}
async signUp({
email,
password,
workspaceInviteHash,
firstName,
lastName,
picture,
}: {
email: string;
password?: string;
firstName?: string | null;
lastName?: string | null;
workspaceInviteHash?: string | null;
picture?: string | null;
}) {
return await this.signUpService.signUp({
email,
password,
firstName,
lastName,
workspaceInviteHash,
picture,
});
}
async verify(email: string): Promise<Verify> {
const user = await this.userRepository.findOne({
where: {
email,
},
relations: ['defaultWorkspace', 'workspaces', 'workspaces.workspace'],
});
assert(user, "This user doesn't exist", NotFoundException);
assert(
user.defaultWorkspace,
'User has no default workspace',
NotFoundException,
);
// passwordHash is hidden for security reasons
user.passwordHash = '';
const workspaceMember = await this.userService.loadWorkspaceMember(user);
if (workspaceMember) {
user.workspaceMember = workspaceMember;
}
const accessToken = await this.tokenService.generateAccessToken(user.id);
const refreshToken = await this.tokenService.generateRefreshToken(user.id);
return {
user,
tokens: {
accessToken,
refreshToken,
},
};
}
async checkUserExists(email: string): Promise<UserExists> {
const user = await this.userRepository.findOneBy({
email,
});
return { exists: !!user };
}
async checkWorkspaceInviteHashIsValid(
inviteHash: string,
): Promise<WorkspaceInviteHashValid> {
const workspace = await this.workspaceRepository.findOneBy({
inviteHash,
});
return { isValid: !!workspace };
}
async impersonate(userId: string) {
const user = await this.userRepository.findOne({
where: {
id: userId,
},
relations: ['defaultWorkspace'],
});
assert(user, "This user doesn't exist", NotFoundException);
if (!user.defaultWorkspace.allowImpersonation) {
throw new ForbiddenException('Impersonation not allowed');
}
const accessToken = await this.tokenService.generateAccessToken(user.id);
const refreshToken = await this.tokenService.generateRefreshToken(user.id);
return {
user,
tokens: {
accessToken,
refreshToken,
},
};
}
async updatePassword(
userId: string,
newPassword: string,
): Promise<UpdatePassword> {
const user = await this.userRepository.findOneBy({ id: userId });
assert(user, 'User not found', NotFoundException);
const isPasswordValid = PASSWORD_REGEX.test(newPassword);
assert(isPasswordValid, 'Password too weak', BadRequestException);
const newPasswordHash = await hashPassword(newPassword);
await this.userRepository.update(userId, {
passwordHash: newPasswordHash,
});
const emailTemplate = PasswordUpdateNotifyEmail({
userName: `${user.firstName} ${user.lastName}`,
email: user.email,
link: this.environmentService.get('FRONT_BASE_URL'),
});
const html = render(emailTemplate, {
pretty: true,
});
const text = render(emailTemplate, {
plainText: true,
});
this.emailService.send({
from: `${this.environmentService.get(
'EMAIL_FROM_NAME',
)} <${this.environmentService.get('EMAIL_FROM_ADDRESS')}>`,
to: user.email,
subject: 'Your Password Has Been Successfully Changed',
text,
html,
});
return { success: true };
}
}

140
packages/twenty-server/src/engine/core-modules/auth/services/google-apis.service.ts Normal file
View File

@ -0,0 +1,140 @@
import { ConflictException, Inject, Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { v4 } from 'uuid';
import { Repository } from 'typeorm';
import { DataSourceService } from 'src/engine/metadata-modules/data-source/data-source.service';
import { TypeORMService } from 'src/database/typeorm/typeorm.service';
import { SaveConnectedAccountInput } from 'src/engine/core-modules/auth/dto/save-connected-account';
import { MessageQueue } from 'src/engine/integrations/message-queue/message-queue.constants';
import { MessageQueueService } from 'src/engine/integrations/message-queue/services/message-queue.service';
import {
GmailFullSyncJob,
GmailFullSyncJobData,
} from 'src/modules/messaging/jobs/gmail-full-sync.job';
import {
GoogleCalendarFullSyncJob,
GoogleCalendarFullSyncJobData,
} from 'src/modules/calendar/jobs/google-calendar-full-sync.job';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
import {
FeatureFlagEntity,
FeatureFlagKeys,
} from 'src/engine/core-modules/feature-flag/feature-flag.entity';
@Injectable()
export class GoogleAPIsService {
constructor(
private readonly dataSourceService: DataSourceService,
private readonly typeORMService: TypeORMService,
@Inject(MessageQueue.messagingQueue)
private readonly messageQueueService: MessageQueueService,
@Inject(MessageQueue.calendarQueue)
private readonly calendarQueueService: MessageQueueService,
private readonly environmentService: EnvironmentService,
@InjectRepository(FeatureFlagEntity, 'core')
private readonly featureFlagRepository: Repository<FeatureFlagEntity>,
) {}
providerName = 'google';
async saveConnectedAccount(
saveConnectedAccountInput: SaveConnectedAccountInput,
) {
const {
handle,
workspaceId,
accessToken,
refreshToken,
workspaceMemberId,
} = saveConnectedAccountInput;
const dataSourceMetadata =
await this.dataSourceService.getLastDataSourceMetadataFromWorkspaceIdOrFail(
workspaceId,
);
const workspaceDataSource =
await this.typeORMService.connectToDataSource(dataSourceMetadata);
const connectedAccount = await workspaceDataSource?.query(
`SELECT * FROM ${dataSourceMetadata.schema}."connectedAccount" WHERE "handle" = $1 AND "provider" = $2 AND "accountOwnerId" = $3`,
[handle, this.providerName, workspaceMemberId],
);
if (connectedAccount.length > 0) {
throw new ConflictException('Connected account already exists');
}
const connectedAccountId = v4();
const IsCalendarEnabled = await this.featureFlagRepository.findOneBy({
workspaceId,
key: FeatureFlagKeys.IsCalendarEnabled,
value: true,
});
await workspaceDataSource?.transaction(async (manager) => {
await manager.query(
`INSERT INTO ${dataSourceMetadata.schema}."connectedAccount" ("id", "handle", "provider", "accessToken", "refreshToken", "accountOwnerId") VALUES ($1, $2, $3, $4, $5, $6)`,
[
connectedAccountId,
handle,
this.providerName,
accessToken,
refreshToken,
workspaceMemberId,
],
);
if (this.environmentService.get('MESSAGING_PROVIDER_GMAIL_ENABLED')) {
await manager.query(
`INSERT INTO ${dataSourceMetadata.schema}."messageChannel" ("visibility", "handle", "connectedAccountId", "type") VALUES ($1, $2, $3, $4)`,
['share_everything', handle, connectedAccountId, 'email'],
);
}
if (
this.environmentService.get('CALENDAR_PROVIDER_GOOGLE_ENABLED') &&
IsCalendarEnabled
) {
await manager.query(
`INSERT INTO ${dataSourceMetadata.schema}."calendarChannel" ("visibility", "handle", "connectedAccountId") VALUES ($1, $2, $3)`,
['SHARE_EVERYTHING', handle, connectedAccountId],
);
}
});
if (this.environmentService.get('MESSAGING_PROVIDER_GMAIL_ENABLED')) {
await this.messageQueueService.add<GmailFullSyncJobData>(
GmailFullSyncJob.name,
{
workspaceId,
connectedAccountId,
},
{
retryLimit: 2,
},
);
}
if (
this.environmentService.get('CALENDAR_PROVIDER_GOOGLE_ENABLED') &&
IsCalendarEnabled
) {
await this.calendarQueueService.add<GoogleCalendarFullSyncJobData>(
GoogleCalendarFullSyncJob.name,
{
workspaceId,
connectedAccountId,
},
{
retryLimit: 2,
},
);
}
return;
}
}

52
packages/twenty-server/src/engine/core-modules/auth/services/sign-up.service.spec.ts Normal file
View File

@ -0,0 +1,52 @@
import { Test, TestingModule } from '@nestjs/testing';
import { getRepositoryToken } from '@nestjs/typeorm';
import { HttpService } from '@nestjs/axios';
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
import { User } from 'src/engine/core-modules/user/user.entity';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
import { SignUpService } from 'src/engine/core-modules/auth/services/sign-up.service';
import { FileUploadService } from 'src/engine/core-modules/file/file-upload/services/file-upload.service';
import { UserWorkspaceService } from 'src/engine/core-modules/user-workspace/user-workspace.service';
describe('SignUpService', () => {
let service: SignUpService;
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
providers: [
SignUpService,
{
provide: FileUploadService,
useValue: {},
},
{
provide: UserWorkspaceService,
useValue: {},
},
{
provide: getRepositoryToken(Workspace, 'core'),
useValue: {},
},
{
provide: getRepositoryToken(User, 'core'),
useValue: {},
},
{
provide: EnvironmentService,
useValue: {},
},
{
provide: HttpService,
useValue: {},
},
],
}).compile();
service = module.get<SignUpService>(SignUpService);
});
it('should be defined', () => {
expect(service).toBeDefined();
});
});

244
packages/twenty-server/src/engine/core-modules/auth/services/sign-up.service.ts Normal file
View File

@ -0,0 +1,244 @@
import {
BadRequestException,
ForbiddenException,
Injectable,
} from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { HttpService } from '@nestjs/axios';
import { Repository } from 'typeorm';
import { v4 } from 'uuid';
import FileType from 'file-type';
import { FileFolder } from 'src/engine/core-modules/file/interfaces/file-folder.interface';
import { assert } from 'src/utils/assert';
import {
PASSWORD_REGEX,
hashPassword,
} from 'src/engine/core-modules/auth/auth.util';
import { User } from 'src/engine/core-modules/user/user.entity';
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
import { FileUploadService } from 'src/engine/core-modules/file/file-upload/services/file-upload.service';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
import { getImageBufferFromUrl } from 'src/utils/image';
import { UserWorkspaceService } from 'src/engine/core-modules/user-workspace/user-workspace.service';
export type SignUpServiceInput = {
email: string;
password?: string;
firstName?: string | null;
lastName?: string | null;
workspaceInviteHash?: string | null;
picture?: string | null;
};
@Injectable()
export class SignUpService {
constructor(
private readonly fileUploadService: FileUploadService,
@InjectRepository(Workspace, 'core')
private readonly workspaceRepository: Repository<Workspace>,
@InjectRepository(User, 'core')
private readonly userRepository: Repository<User>,
private readonly userWorkspaceService: UserWorkspaceService,
private readonly httpService: HttpService,
private readonly environmentService: EnvironmentService,
) {}
async signUp({
email,
workspaceInviteHash,
password,
firstName,
lastName,
picture,
}: SignUpServiceInput) {
if (!firstName) firstName = '';
if (!lastName) lastName = '';
assert(email, 'Email is required', BadRequestException);
if (password) {
const isPasswordValid = PASSWORD_REGEX.test(password);
assert(isPasswordValid, 'Password too weak', BadRequestException);
}
const passwordHash = password ? await hashPassword(password) : undefined;
let imagePath: string | undefined;
if (picture) {
imagePath = await this.uploadPicture(picture);
}
if (workspaceInviteHash) {
return await this.signUpOnExistingWorkspace({
email,
passwordHash,
workspaceInviteHash,
firstName,
lastName,
imagePath,
});
} else {
return await this.signUpOnNewWorkspace({
email,
passwordHash,
firstName,
lastName,
imagePath,
});
}
}
private async signUpOnExistingWorkspace({
email,
passwordHash,
workspaceInviteHash,
firstName,
lastName,
imagePath,
}: {
email: string;
passwordHash: string | undefined;
workspaceInviteHash: string;
firstName: string;
lastName: string;
imagePath: string | undefined;
}) {
const existingUser = await this.userRepository.findOne({
where: {
email: email,
},
relations: ['defaultWorkspace'],
});
const workspace = await this.workspaceRepository.findOneBy({
inviteHash: workspaceInviteHash,
});
assert(
workspace,
'This workspace inviteHash is invalid',
ForbiddenException,
);
if (existingUser) {
const userWorkspaceExists =
await this.userWorkspaceService.checkUserWorkspaceExists(
existingUser.id,
workspace.id,
);
if (!userWorkspaceExists) {
await this.userWorkspaceService.create(existingUser.id, workspace.id);
await this.userWorkspaceService.createWorkspaceMember(
workspace.id,
existingUser,
);
}
const updatedUser = await this.userRepository.save({
id: existingUser.id,
defaultWorkspace: workspace,
updatedAt: new Date().toISOString(),
});
return Object.assign(existingUser, updatedUser);
}
const userToCreate = this.userRepository.create({
email: email,
firstName: firstName,
lastName: lastName,
defaultAvatarUrl: imagePath,
canImpersonate: false,
passwordHash,
defaultWorkspace: workspace,
});
const user = await this.userRepository.save(userToCreate);
await this.userWorkspaceService.create(user.id, workspace.id);
await this.userWorkspaceService.createWorkspaceMember(workspace.id, user);
return user;
}
private async signUpOnNewWorkspace({
email,
passwordHash,
firstName,
lastName,
imagePath,
}: {
email: string;
passwordHash: string | undefined;
firstName: string;
lastName: string;
imagePath: string | undefined;
}) {
const existingUser = await this.userRepository.findOne({
where: {
email: email,
},
relations: ['defaultWorkspace'],
});
if (existingUser) {
assert(!existingUser, 'This user already exists', ForbiddenException);
}
assert(
!this.environmentService.get('IS_SIGN_UP_DISABLED'),
'Sign up is disabled',
ForbiddenException,
);
const workspaceToCreate = this.workspaceRepository.create({
displayName: '',
domainName: '',
inviteHash: v4(),
subscriptionStatus: 'incomplete',
});
const workspace = await this.workspaceRepository.save(workspaceToCreate);
const userToCreate = this.userRepository.create({
email: email,
firstName: firstName,
lastName: lastName,
defaultAvatarUrl: imagePath,
canImpersonate: false,
passwordHash,
defaultWorkspace: workspace,
});
const user = await this.userRepository.save(userToCreate);
await this.userWorkspaceService.create(user.id, workspace.id);
return user;
}
async uploadPicture(picture: string): Promise<string> {
const buffer = await getImageBufferFromUrl(
picture,
this.httpService.axiosRef,
);
const type = await FileType.fromBuffer(buffer);
const { paths } = await this.fileUploadService.uploadImage({
file: buffer,
filename: `${v4()}.${type?.ext}`,
mimeType: type?.mime,
fileFolder: FileFolder.ProfilePicture,
});
return paths[0];
}
}

58
packages/twenty-server/src/engine/core-modules/auth/services/token.service.spec.ts Normal file
View File

@ -0,0 +1,58 @@
import { Test, TestingModule } from '@nestjs/testing';
import { JwtService } from '@nestjs/jwt';
import { getRepositoryToken } from '@nestjs/typeorm';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
import { RefreshToken } from 'src/engine/core-modules/refresh-token/refresh-token.entity';
import { User } from 'src/engine/core-modules/user/user.entity';
import { JwtAuthStrategy } from 'src/engine/core-modules/auth/strategies/jwt.auth.strategy';
import { EmailService } from 'src/engine/integrations/email/email.service';
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
import { TokenService } from './token.service';
describe('TokenService', () => {
let service: TokenService;
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
providers: [
TokenService,
{
provide: JwtService,
useValue: {},
},
{
provide: JwtAuthStrategy,
useValue: {},
},
{
provide: EnvironmentService,
useValue: {},
},
{
provide: EmailService,
useValue: {},
},
{
provide: getRepositoryToken(User, 'core'),
useValue: {},
},
{
provide: getRepositoryToken(RefreshToken, 'core'),
useValue: {},
},
{
provide: getRepositoryToken(Workspace, 'core'),
useValue: {},
},
],
}).compile();
service = module.get<TokenService>(TokenService);
});
it('should be defined', () => {
expect(service).toBeDefined();
});
});

537
packages/twenty-server/src/engine/core-modules/auth/services/token.service.ts Normal file
View File

@ -0,0 +1,537 @@
import {
BadRequestException,
ForbiddenException,
Injectable,
InternalServerErrorException,
NotFoundException,
UnauthorizedException,
UnprocessableEntityException,
} from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';
import { InjectRepository } from '@nestjs/typeorm';
import crypto from 'crypto';
import { addMilliseconds, differenceInMilliseconds, isFuture } from 'date-fns';
import ms from 'ms';
import { JsonWebTokenError, TokenExpiredError } from 'jsonwebtoken';
import { Repository } from 'typeorm';
import { Request } from 'express';
import { ExtractJwt } from 'passport-jwt';
import { render } from '@react-email/render';
import { PasswordResetLinkEmail } from 'twenty-emails';
import {
JwtAuthStrategy,
JwtPayload,
} from 'src/engine/core-modules/auth/strategies/jwt.auth.strategy';
import { assert } from 'src/utils/assert';
import {
ApiKeyToken,
AuthToken,
AuthTokens,
PasswordResetToken,
} from 'src/engine/core-modules/auth/dto/token.entity';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
import { User } from 'src/engine/core-modules/user/user.entity';
import { RefreshToken } from 'src/engine/core-modules/refresh-token/refresh-token.entity';
import { ValidatePasswordResetToken } from 'src/engine/core-modules/auth/dto/validate-password-reset-token.entity';
import { EmailService } from 'src/engine/integrations/email/email.service';
import { InvalidatePassword } from 'src/engine/core-modules/auth/dto/invalidate-password.entity';
import { EmailPasswordResetLink } from 'src/engine/core-modules/auth/dto/email-password-reset-link.entity';
import { JwtData } from 'src/engine/core-modules/auth/types/jwt-data.type';
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
@Injectable()
export class TokenService {
constructor(
private readonly jwtService: JwtService,
private readonly jwtStrategy: JwtAuthStrategy,
private readonly environmentService: EnvironmentService,
@InjectRepository(User, 'core')
private readonly userRepository: Repository<User>,
@InjectRepository(RefreshToken, 'core')
private readonly refreshTokenRepository: Repository<RefreshToken>,
@InjectRepository(Workspace, 'core')
private readonly workspaceRepository: Repository<Workspace>,
private readonly emailService: EmailService,
) {}
async generateAccessToken(
userId: string,
workspaceId?: string,
): Promise<AuthToken> {
const expiresIn = this.environmentService.get('ACCESS_TOKEN_EXPIRES_IN');
assert(expiresIn, '', InternalServerErrorException);
const expiresAt = addMilliseconds(new Date().getTime(), ms(expiresIn));
const user = await this.userRepository.findOne({
where: { id: userId },
relations: ['defaultWorkspace'],
});
if (!user) {
throw new NotFoundException('User is not found');
}
if (!user.defaultWorkspace) {
throw new NotFoundException('User does not have a default workspace');
}
const jwtPayload: JwtPayload = {
sub: user.id,
workspaceId: workspaceId ? workspaceId : user.defaultWorkspace.id,
};
return {
token: this.jwtService.sign(jwtPayload),
expiresAt,
};
}
async generateRefreshToken(userId: string): Promise<AuthToken> {
const secret = this.environmentService.get('REFRESH_TOKEN_SECRET');
const expiresIn = this.environmentService.get('REFRESH_TOKEN_EXPIRES_IN');
assert(expiresIn, '', InternalServerErrorException);
const expiresAt = addMilliseconds(new Date().getTime(), ms(expiresIn));
const refreshTokenPayload = {
userId,
expiresAt,
};
const jwtPayload = {
sub: userId,
};
const refreshToken =
this.refreshTokenRepository.create(refreshTokenPayload);
await this.refreshTokenRepository.save(refreshToken);
return {
token: this.jwtService.sign(jwtPayload, {
secret,
expiresIn,
// Jwtid will be used to link RefreshToken entity to this token
jwtid: refreshToken.id,
}),
expiresAt,
};
}
async generateLoginToken(email: string): Promise<AuthToken> {
const secret = this.environmentService.get('LOGIN_TOKEN_SECRET');
const expiresIn = this.environmentService.get('LOGIN_TOKEN_EXPIRES_IN');
assert(expiresIn, '', InternalServerErrorException);
const expiresAt = addMilliseconds(new Date().getTime(), ms(expiresIn));
const jwtPayload = {
sub: email,
};
return {
token: this.jwtService.sign(jwtPayload, {
secret,
expiresIn,
}),
expiresAt,
};
}
async generateTransientToken(
workspaceMemberId: string,
workspaceId: string,
): Promise<AuthToken> {
const secret = this.environmentService.get('LOGIN_TOKEN_SECRET');
const expiresIn = this.environmentService.get(
'SHORT_TERM_TOKEN_EXPIRES_IN',
);
assert(expiresIn, '', InternalServerErrorException);
const expiresAt = addMilliseconds(new Date().getTime(), ms(expiresIn));
const jwtPayload = {
sub: workspaceMemberId,
workspaceId,
};
return {
token: this.jwtService.sign(jwtPayload, {
secret,
expiresIn,
}),
expiresAt,
};
}
async generateApiKeyToken(
workspaceId: string,
apiKeyId?: string,
expiresAt?: Date | string,
): Promise<Pick<ApiKeyToken, 'token'> | undefined> {
if (!apiKeyId) {
return;
}
const jwtPayload = {
sub: workspaceId,
};
const secret = this.environmentService.get('ACCESS_TOKEN_SECRET');
let expiresIn: string | number;
if (expiresAt) {
expiresIn = Math.floor(
(new Date(expiresAt).getTime() - new Date().getTime()) / 1000,
);
} else {
expiresIn = this.environmentService.get('API_TOKEN_EXPIRES_IN');
}
const token = this.jwtService.sign(jwtPayload, {
secret,
expiresIn,
jwtid: apiKeyId,
});
return { token };
}
isTokenPresent(request: Request): boolean {
const token = ExtractJwt.fromAuthHeaderAsBearerToken()(request);
return !!token;
}
async validateToken(request: Request): Promise<JwtData> {
const token = ExtractJwt.fromAuthHeaderAsBearerToken()(request);
if (!token) {
throw new UnauthorizedException('missing authentication token');
}
const decoded = await this.verifyJwt(
token,
this.environmentService.get('ACCESS_TOKEN_SECRET'),
);
const { user, workspace } = await this.jwtStrategy.validate(
decoded as JwtPayload,
);
return { user, workspace };
}
async verifyLoginToken(loginToken: string): Promise<string> {
const loginTokenSecret = this.environmentService.get('LOGIN_TOKEN_SECRET');
const payload = await this.verifyJwt(loginToken, loginTokenSecret);
return payload.sub;
}
async verifyTransientToken(transientToken: string): Promise<{
workspaceMemberId: string;
workspaceId: string;
}> {
const transientTokenSecret =
this.environmentService.get('LOGIN_TOKEN_SECRET');
const payload = await this.verifyJwt(transientToken, transientTokenSecret);
return {
workspaceMemberId: payload.sub,
workspaceId: payload.workspaceId,
};
}
async generateSwitchWorkspaceToken(
user: User,
workspaceId: string,
): Promise<AuthTokens> {
const userExists = await this.userRepository.findBy({ id: user.id });
assert(userExists, 'User not found', NotFoundException);
const workspace = await this.workspaceRepository.findOne({
where: { id: workspaceId },
relations: ['workspaceUsers'],
});
assert(workspace, 'workspace doesnt exist', NotFoundException);
assert(
workspace.workspaceUsers
.map((userWorkspace) => userWorkspace.userId)
.includes(user.id),
'user does not belong to workspace',
ForbiddenException,
);
await this.userRepository.save({
id: user.id,
defaultWorkspace: workspace,
});
const token = await this.generateAccessToken(user.id, workspaceId);
const refreshToken = await this.generateRefreshToken(user.id);
return {
tokens: {
accessToken: token,
refreshToken,
},
};
}
async verifyRefreshToken(refreshToken: string) {
const secret = this.environmentService.get('REFRESH_TOKEN_SECRET');
const coolDown = this.environmentService.get('REFRESH_TOKEN_COOL_DOWN');
const jwtPayload = await this.verifyJwt(refreshToken, secret);
assert(
jwtPayload.jti && jwtPayload.sub,
'This refresh token is malformed',
UnprocessableEntityException,
);
const token = await this.refreshTokenRepository.findOneBy({
id: jwtPayload.jti,
});
assert(token, "This refresh token doesn't exist", NotFoundException);
const user = await this.userRepository.findOneBy({
id: jwtPayload.sub,
});
assert(user, 'User not found', NotFoundException);
// Check if revokedAt is less than coolDown
if (
token.revokedAt &&
token.revokedAt.getTime() <= Date.now() - ms(coolDown)
) {
// Revoke all user refresh tokens
await Promise.all(
user.refreshTokens.map(
async ({ id }) =>
await this.refreshTokenRepository.update(
{ id },
{
revokedAt: new Date(),
},
),
),
);
throw new ForbiddenException(
'Suspicious activity detected, this refresh token has been revoked. All tokens has been revoked.',
);
}
return { user, token };
}
async generateTokensFromRefreshToken(token: string): Promise<{
accessToken: AuthToken;
refreshToken: AuthToken;
}> {
const {
user,
token: { id },
} = await this.verifyRefreshToken(token);
// Revoke old refresh token
await this.refreshTokenRepository.update(
{
id,
},
{
revokedAt: new Date(),
},
);
const accessToken = await this.generateAccessToken(user.id);
const refreshToken = await this.generateRefreshToken(user.id);
return {
accessToken,
refreshToken,
};
}
computeRedirectURI(loginToken: string): string {
return `${this.environmentService.get(
'FRONT_BASE_URL',
)}/verify?loginToken=${loginToken}`;
}
async verifyJwt(token: string, secret?: string) {
try {
return this.jwtService.verify(token, secret ? { secret } : undefined);
} catch (error) {
if (error instanceof TokenExpiredError) {
throw new UnauthorizedException('Token has expired.');
} else if (error instanceof JsonWebTokenError) {
throw new UnauthorizedException('Token invalid.');
} else {
throw new UnprocessableEntityException();
}
}
}
async generatePasswordResetToken(email: string): Promise<PasswordResetToken> {
const user = await this.userRepository.findOneBy({
email,
});
assert(user, 'User not found', NotFoundException);
const expiresIn = this.environmentService.get(
'PASSWORD_RESET_TOKEN_EXPIRES_IN',
);
assert(
expiresIn,
'PASSWORD_RESET_TOKEN_EXPIRES_IN constant value not found',
InternalServerErrorException,
);
if (
user.passwordResetToken &&
user.passwordResetTokenExpiresAt &&
isFuture(user.passwordResetTokenExpiresAt)
) {
assert(
false,
`Token has been already generated. Please wait for ${ms(
differenceInMilliseconds(
user.passwordResetTokenExpiresAt,
new Date(),
),
{
long: true,
},
)} to generate again.`,
BadRequestException,
);
}
const plainResetToken = crypto.randomBytes(32).toString('hex');
const hashedResetToken = crypto
.createHash('sha256')
.update(plainResetToken)
.digest('hex');
const expiresAt = addMilliseconds(new Date().getTime(), ms(expiresIn));
await this.userRepository.update(user.id, {
passwordResetToken: hashedResetToken,
passwordResetTokenExpiresAt: expiresAt,
});
return {
passwordResetToken: plainResetToken,
passwordResetTokenExpiresAt: expiresAt,
};
}
async sendEmailPasswordResetLink(
resetToken: PasswordResetToken,
email: string,
): Promise<EmailPasswordResetLink> {
const user = await this.userRepository.findOneBy({
email,
});
assert(user, 'User not found', NotFoundException);
const frontBaseURL = this.environmentService.get('FRONT_BASE_URL');
const resetLink = `${frontBaseURL}/reset-password/${resetToken.passwordResetToken}`;
const emailData = {
link: resetLink,
duration: ms(
differenceInMilliseconds(
resetToken.passwordResetTokenExpiresAt,
new Date(),
),
{
long: true,
},
),
};
const emailTemplate = PasswordResetLinkEmail(emailData);
const html = render(emailTemplate, {
pretty: true,
});
const text = render(emailTemplate, {
plainText: true,
});
this.emailService.send({
from: `${this.environmentService.get(
'EMAIL_FROM_NAME',
)} <${this.environmentService.get('EMAIL_FROM_ADDRESS')}>`,
to: email,
subject: 'Action Needed to Reset Password',
text,
html,
});
return { success: true };
}
async validatePasswordResetToken(
resetToken: string,
): Promise<ValidatePasswordResetToken> {
const hashedResetToken = crypto
.createHash('sha256')
.update(resetToken)
.digest('hex');
const user = await this.userRepository.findOneBy({
passwordResetToken: hashedResetToken,
});
assert(user, 'Token is invalid', NotFoundException);
const tokenExpiresAt = user.passwordResetTokenExpiresAt;
assert(
tokenExpiresAt && isFuture(tokenExpiresAt),
'Token has expired. Please regenerate',
NotFoundException,
);
return {
id: user.id,
email: user.email,
};
}
async invalidatePasswordResetToken(
userId: string,
): Promise<InvalidatePassword> {
const user = await this.userRepository.findOneBy({
id: userId,
});
assert(user, 'User not found', NotFoundException);
await this.userRepository.update(user.id, {
passwordResetToken: '',
passwordResetTokenExpiresAt: undefined,
});
return { success: true };
}
async encodePayload(payload: any, options?: any): Promise<string> {
return this.jwtService.sign(payload, options);
}
async decodePayload(payload: any, options?: any): Promise<string> {
return this.jwtService.decode(payload, options);
}
}

88
packages/twenty-server/src/engine/core-modules/auth/strategies/google-apis.auth.strategy.ts Normal file
View File

@ -0,0 +1,88 @@
import { PassportStrategy } from '@nestjs/passport';
import { Injectable } from '@nestjs/common';
import { Strategy, VerifyCallback } from 'passport-google-oauth20';
import { Request } from 'express';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
export type GoogleAPIsRequest = Request & {
user: {
firstName?: string | null;
lastName?: string | null;
email: string;
picture: string | null;
workspaceInviteHash?: string;
accessToken: string;
refreshToken: string;
transientToken: string;
};
};
@Injectable()
export class GoogleAPIsStrategy extends PassportStrategy(
Strategy,
'google-apis',
) {
constructor(environmentService: EnvironmentService) {
const scope = ['email', 'profile'];
if (environmentService.get('MESSAGING_PROVIDER_GMAIL_ENABLED')) {
scope.push('https://www.googleapis.com/auth/gmail.readonly');
}
if (environmentService.get('CALENDAR_PROVIDER_GOOGLE_ENABLED')) {
scope.push('https://www.googleapis.com/auth/calendar');
}
super({
clientID: environmentService.get('AUTH_GOOGLE_CLIENT_ID'),
clientSecret: environmentService.get('AUTH_GOOGLE_CLIENT_SECRET'),
callbackURL: environmentService.get('CALENDAR_PROVIDER_GOOGLE_ENABLED')
? environmentService.get('AUTH_GOOGLE_APIS_CALLBACK_URL')
: environmentService.get('MESSAGING_PROVIDER_GMAIL_CALLBACK_URL'),
scope,
passReqToCallback: true,
});
}
authenticate(req: any, options: any) {
options = {
...options,
accessType: 'offline',
prompt: 'consent',
state: JSON.stringify({
transientToken: req.params.transientToken,
}),
};
return super.authenticate(req, options);
}
async validate(
request: GoogleAPIsRequest,
accessToken: string,
refreshToken: string,
profile: any,
done: VerifyCallback,
): Promise<void> {
const { name, emails, photos } = profile;
const state =
typeof request.query.state === 'string'
? JSON.parse(request.query.state)
: undefined;
const user: GoogleAPIsRequest['user'] = {
email: emails[0].value,
firstName: name.givenName,
lastName: name.familyName,
picture: photos?.[0]?.value,
accessToken,
refreshToken,
transientToken: state.transientToken,
};
done(null, user);
}
}

65
packages/twenty-server/src/engine/core-modules/auth/strategies/google.auth.strategy.ts Normal file
View File

@ -0,0 +1,65 @@
import { PassportStrategy } from '@nestjs/passport';
import { Injectable } from '@nestjs/common';
import { Strategy, VerifyCallback } from 'passport-google-oauth20';
import { Request } from 'express';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
export type GoogleRequest = Request & {
user: {
firstName?: string | null;
lastName?: string | null;
email: string;
picture: string | null;
workspaceInviteHash?: string;
};
};
@Injectable()
export class GoogleStrategy extends PassportStrategy(Strategy, 'google') {
constructor(environmentService: EnvironmentService) {
super({
clientID: environmentService.get('AUTH_GOOGLE_CLIENT_ID'),
clientSecret: environmentService.get('AUTH_GOOGLE_CLIENT_SECRET'),
callbackURL: environmentService.get('AUTH_GOOGLE_CALLBACK_URL'),
scope: ['email', 'profile'],
passReqToCallback: true,
});
}
authenticate(req: any, options: any) {
options = {
...options,
state: JSON.stringify({
workspaceInviteHash: req.params.workspaceInviteHash,
}),
};
return super.authenticate(req, options);
}
async validate(
request: GoogleRequest,
accessToken: string,
refreshToken: string,
profile: any,
done: VerifyCallback,
): Promise<void> {
const { name, emails, photos } = profile;
const state =
typeof request.query.state === 'string'
? JSON.parse(request.query.state)
: undefined;
const user: GoogleRequest['user'] = {
email: emails[0].value,
firstName: name.givenName,
lastName: name.familyName,
picture: photos?.[0]?.value,
workspaceInviteHash: state.workspaceInviteHash,
};
done(null, user);
}
}

82
packages/twenty-server/src/engine/core-modules/auth/strategies/jwt.auth.strategy.ts Normal file
View File

@ -0,0 +1,82 @@
import { PassportStrategy } from '@nestjs/passport';
import {
ForbiddenException,
Injectable,
UnauthorizedException,
} from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Strategy, ExtractJwt } from 'passport-jwt';
import { Repository } from 'typeorm';
import { assert } from 'src/utils/assert';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
import { User } from 'src/engine/core-modules/user/user.entity';
import { TypeORMService } from 'src/database/typeorm/typeorm.service';
import { DataSourceService } from 'src/engine/metadata-modules/data-source/data-source.service';
export type JwtPayload = { sub: string; workspaceId: string; jti?: string };
export type PassportUser = { user?: User; workspace: Workspace };
@Injectable()
export class JwtAuthStrategy extends PassportStrategy(Strategy, 'jwt') {
constructor(
private readonly environmentService: EnvironmentService,
private readonly typeORMService: TypeORMService,
private readonly dataSourceService: DataSourceService,
@InjectRepository(Workspace, 'core')
private readonly workspaceRepository: Repository<Workspace>,
@InjectRepository(User, 'core')
private readonly userRepository: Repository<User>,
) {
super({
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
ignoreExpiration: false,
secretOrKey: environmentService.get('ACCESS_TOKEN_SECRET'),
});
}
async validate(payload: JwtPayload): Promise<PassportUser> {
const workspace = await this.workspaceRepository.findOneBy({
id: payload.workspaceId ?? payload.sub,
});
if (!workspace) {
throw new UnauthorizedException();
}
if (payload.jti) {
const dataSourceMetadata =
await this.dataSourceService.getLastDataSourceMetadataFromWorkspaceIdOrFail(
workspace.id,
);
const workspaceDataSource =
await this.typeORMService.connectToDataSource(dataSourceMetadata);
const apiKey = await workspaceDataSource?.query(
`SELECT * FROM ${dataSourceMetadata.schema}."apiKey" WHERE id = '${payload.jti}'`,
);
assert(
apiKey.length === 1 && !apiKey?.[0].revokedAt,
'This API Key is revoked',
ForbiddenException,
);
}
let user;
if (payload.workspaceId) {
user = await this.userRepository.findOne({
where: { id: payload.sub },
relations: ['defaultWorkspace'],
});
if (!user) {
throw new UnauthorizedException();
}
}
return { user, workspace };
}
}

7
packages/twenty-server/src/engine/core-modules/auth/types/jwt-data.type.ts Normal file
View File

@ -0,0 +1,7 @@
import { User } from 'src/engine/core-modules/user/user.entity';
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
export type JwtData = {
user?: User | undefined;
workspace: Workspace;
};

68
packages/twenty-server/src/engine/core-modules/billing/billing.controller.ts Normal file
View File

@ -0,0 +1,68 @@
import {
Controller,
Headers,
Req,
RawBodyRequest,
Logger,
Post,
Res,
} from '@nestjs/common';
import { Response } from 'express';
import {
BillingService,
WebhookEvent,
} from 'src/engine/core-modules/billing/billing.service';
import { StripeService } from 'src/engine/core-modules/billing/stripe/stripe.service';
@Controller('billing')
export class BillingController {
protected readonly logger = new Logger(BillingController.name);
constructor(
private readonly stripeService: StripeService,
private readonly billingService: BillingService,
) {}
@Post('/webhooks')
async handleWebhooks(
@Headers('stripe-signature') signature: string,
@Req() req: RawBodyRequest<Request>,
@Res() res: Response,
) {
if (!req.rawBody) {
res.status(400).end();
return;
}
const event = this.stripeService.constructEventFromPayload(
signature,
req.rawBody,
);
if (event.type === WebhookEvent.SETUP_INTENT_SUCCEEDED) {
await this.billingService.handleUnpaidInvoices(event.data);
}
if (
event.type === WebhookEvent.CUSTOMER_SUBSCRIPTION_CREATED ||
event.type === WebhookEvent.CUSTOMER_SUBSCRIPTION_UPDATED ||
event.type === WebhookEvent.CUSTOMER_SUBSCRIPTION_DELETED
) {
const workspaceId = event.data.object.metadata?.workspaceId;
if (!workspaceId) {
res.status(404).end();
return;
}
await this.billingService.upsertBillingSubscription(
workspaceId,
event.data,
);
}
res.status(200).end();
}
}

27
packages/twenty-server/src/engine/core-modules/billing/billing.module.ts Normal file
View File

@ -0,0 +1,27 @@
import { Module } from '@nestjs/common';
import { TypeOrmModule } from '@nestjs/typeorm';
import { BillingController } from 'src/engine/core-modules/billing/billing.controller';
import { BillingService } from 'src/engine/core-modules/billing/billing.service';
import { StripeModule } from 'src/engine/core-modules/billing/stripe/stripe.module';
import { BillingSubscription } from 'src/engine/core-modules/billing/entities/billing-subscription.entity';
import { BillingSubscriptionItem } from 'src/engine/core-modules/billing/entities/billing-subscription-item.entity';
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
import { BillingResolver } from 'src/engine/core-modules/billing/billing.resolver';
import { BillingWorkspaceMemberListener } from 'src/engine/core-modules/billing/listeners/billing-workspace-member.listener';
import { UserWorkspaceModule } from 'src/engine/core-modules/user-workspace/user-workspace.module';
@Module({
imports: [
StripeModule,
UserWorkspaceModule,
TypeOrmModule.forFeature(
[BillingSubscription, BillingSubscriptionItem, Workspace],
'core',
),
],
controllers: [BillingController],
providers: [BillingService, BillingResolver, BillingWorkspaceMemberListener],
exports: [BillingService],
})
export class BillingModule {}

91
packages/twenty-server/src/engine/core-modules/billing/billing.resolver.ts Normal file
View File

@ -0,0 +1,91 @@
import { Args, Mutation, Query, Resolver } from '@nestjs/graphql';
import { UseGuards } from '@nestjs/common';
import {
AvailableProduct,
BillingService,
} from 'src/engine/core-modules/billing/billing.service';
import { ProductInput } from 'src/engine/core-modules/billing/dto/product.input';
import { assert } from 'src/utils/assert';
import { ProductPricesEntity } from 'src/engine/core-modules/billing/dto/product-prices.entity';
import { JwtAuthGuard } from 'src/engine/guards/jwt.auth.guard';
import { AuthUser } from 'src/engine/decorators/auth/auth-user.decorator';
import { User } from 'src/engine/core-modules/user/user.entity';
import { CheckoutSessionInput } from 'src/engine/core-modules/billing/dto/checkout-session.input';
import { SessionEntity } from 'src/engine/core-modules/billing/dto/session.entity';
import { BillingSessionInput } from 'src/engine/core-modules/billing/dto/billing-session.input';
@Resolver()
export class BillingResolver {
constructor(private readonly billingService: BillingService) {}
@Query(() => ProductPricesEntity)
async getProductPrices(@Args() { product }: ProductInput) {
const stripeProductId = this.billingService.getProductStripeId(product);
assert(
stripeProductId,
`Product '${product}' not found, available products are ['${Object.values(
AvailableProduct,
).join("','")}']`,
);
const productPrices =
await this.billingService.getProductPrices(stripeProductId);
return {
totalNumberOfPrices: productPrices.length,
productPrices: productPrices,
};
}
@Query(() => SessionEntity)
@UseGuards(JwtAuthGuard)
async billingPortalSession(
@AuthUser() user: User,
@Args() { returnUrlPath }: BillingSessionInput,
) {
return {
url: await this.billingService.computeBillingPortalSessionURL(
user.defaultWorkspaceId,
returnUrlPath,
),
};
}
@Mutation(() => SessionEntity)
@UseGuards(JwtAuthGuard)
async checkoutSession(
@AuthUser() user: User,
@Args() { recurringInterval, successUrlPath }: CheckoutSessionInput,
) {
const stripeProductId = this.billingService.getProductStripeId(
AvailableProduct.BasePlan,
);
assert(
stripeProductId,
'BasePlan productId not found, please check your BILLING_STRIPE_BASE_PLAN_PRODUCT_ID env variable',
);
const productPrices =
await this.billingService.getProductPrices(stripeProductId);
const stripePriceId = productPrices.filter(
(price) => price.recurringInterval === recurringInterval,
)?.[0]?.stripePriceId;
assert(
stripePriceId,
`BasePlan priceId not found, please check body.recurringInterval and product '${AvailableProduct.BasePlan}' prices`,
);
return {
url: await this.billingService.computeCheckoutSessionURL(
user,
stripePriceId,
successUrlPath,
),
};
}
}

268
packages/twenty-server/src/engine/core-modules/billing/billing.service.ts Normal file
View File

@ -0,0 +1,268 @@
import { Injectable, Logger } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import Stripe from 'stripe';
import { Not, Repository } from 'typeorm';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
import { StripeService } from 'src/engine/core-modules/billing/stripe/stripe.service';
import { BillingSubscription } from 'src/engine/core-modules/billing/entities/billing-subscription.entity';
import { BillingSubscriptionItem } from 'src/engine/core-modules/billing/entities/billing-subscription-item.entity';
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
import { ProductPriceEntity } from 'src/engine/core-modules/billing/dto/product-price.entity';
import { User } from 'src/engine/core-modules/user/user.entity';
import { assert } from 'src/utils/assert';
import { UserWorkspaceService } from 'src/engine/core-modules/user-workspace/user-workspace.service';
export enum AvailableProduct {
BasePlan = 'base-plan',
}
export enum WebhookEvent {
CUSTOMER_SUBSCRIPTION_CREATED = 'customer.subscription.created',
CUSTOMER_SUBSCRIPTION_UPDATED = 'customer.subscription.updated',
CUSTOMER_SUBSCRIPTION_DELETED = 'customer.subscription.deleted',
SETUP_INTENT_SUCCEEDED = 'setup_intent.succeeded',
}
@Injectable()
export class BillingService {
protected readonly logger = new Logger(BillingService.name);
constructor(
private readonly stripeService: StripeService,
private readonly userWorkspaceService: UserWorkspaceService,
private readonly environmentService: EnvironmentService,
@InjectRepository(BillingSubscription, 'core')
private readonly billingSubscriptionRepository: Repository<BillingSubscription>,
@InjectRepository(BillingSubscriptionItem, 'core')
private readonly billingSubscriptionItemRepository: Repository<BillingSubscriptionItem>,
@InjectRepository(Workspace, 'core')
private readonly workspaceRepository: Repository<Workspace>,
) {}
getProductStripeId(product: AvailableProduct) {
if (product === AvailableProduct.BasePlan) {
return this.environmentService.get('BILLING_STRIPE_BASE_PLAN_PRODUCT_ID');
}
}
async getProductPrices(stripeProductId: string) {
const productPrices =
await this.stripeService.getProductPrices(stripeProductId);
return this.formatProductPrices(productPrices.data);
}
formatProductPrices(prices: Stripe.Price[]) {
const result: Record<string, ProductPriceEntity> = {};
prices.forEach((item) => {
const interval = item.recurring?.interval;
if (!interval || !item.unit_amount) {
return;
}
if (
!result[interval] ||
item.created > (result[interval]?.created || 0)
) {
result[interval] = {
unitAmount: item.unit_amount,
recurringInterval: interval,
created: item.created,
stripePriceId: item.id,
};
}
});
return Object.values(result).sort((a, b) => a.unitAmount - b.unitAmount);
}
async getCurrentBillingSubscription(criteria: {
workspaceId?: string;
stripeCustomerId?: string;
}) {
const notCanceledSubscriptions =
await this.billingSubscriptionRepository.find({
where: { ...criteria, status: Not('canceled') },
relations: ['billingSubscriptionItems'],
});
assert(
notCanceledSubscriptions.length <= 1,
`More than on not canceled subscription for workspace ${criteria.workspaceId}`,
);
return notCanceledSubscriptions?.[0];
}
async getBillingSubscriptionItem(
workspaceId: string,
stripeProductId = this.environmentService.get(
'BILLING_STRIPE_BASE_PLAN_PRODUCT_ID',
),
) {
const billingSubscription = await this.getCurrentBillingSubscription({
workspaceId,
});
if (!billingSubscription) {
throw new Error(
`Cannot find billingSubscriptionItem for product ${stripeProductId} for workspace ${workspaceId}`,
);
}
const billingSubscriptionItem =
billingSubscription.billingSubscriptionItems.filter(
(billingSubscriptionItem) =>
billingSubscriptionItem.stripeProductId === stripeProductId,
)?.[0];
if (!billingSubscriptionItem) {
throw new Error(
`Cannot find billingSubscriptionItem for product ${stripeProductId} for workspace ${workspaceId}`,
);
}
return billingSubscriptionItem;
}
async computeBillingPortalSessionURL(
workspaceId: string,
returnUrlPath?: string,
) {
const billingSubscription = await this.getCurrentBillingSubscription({
workspaceId,
});
if (!billingSubscription) {
return;
}
const frontBaseUrl = this.environmentService.get('FRONT_BASE_URL');
const returnUrl = returnUrlPath
? frontBaseUrl + returnUrlPath
: frontBaseUrl;
const session = await this.stripeService.createBillingPortalSession(
billingSubscription.stripeCustomerId,
returnUrl,
);
assert(session.url, 'Error: missing billingPortal.session.url');
return session.url;
}
async computeCheckoutSessionURL(
user: User,
priceId: string,
successUrlPath?: string,
): Promise<string> {
const frontBaseUrl = this.environmentService.get('FRONT_BASE_URL');
const successUrl = successUrlPath
? frontBaseUrl + successUrlPath
: frontBaseUrl;
let quantity = 1;
const stripeCustomerId = (
await this.billingSubscriptionRepository.findOneBy({
workspaceId: user.defaultWorkspaceId,
})
)?.stripeCustomerId;
try {
quantity = await this.userWorkspaceService.getWorkspaceMemberCount(
user.defaultWorkspaceId,
);
} catch (e) {}
const session = await this.stripeService.createCheckoutSession(
user,
priceId,
quantity,
successUrl,
frontBaseUrl,
stripeCustomerId,
);
assert(session.url, 'Error: missing checkout.session.url');
return session.url;
}
async deleteSubscription(workspaceId: string) {
const subscriptionToCancel = await this.getCurrentBillingSubscription({
workspaceId,
});
if (subscriptionToCancel) {
await this.stripeService.cancelSubscription(
subscriptionToCancel.stripeSubscriptionId,
);
await this.billingSubscriptionRepository.delete(subscriptionToCancel.id);
}
}
async handleUnpaidInvoices(data: Stripe.SetupIntentSucceededEvent.Data) {
const billingSubscription = await this.getCurrentBillingSubscription({
stripeCustomerId: data.object.customer as string,
});
if (billingSubscription?.status === 'unpaid') {
await this.stripeService.collectLastInvoice(
billingSubscription.stripeSubscriptionId,
);
}
}
async upsertBillingSubscription(
workspaceId: string,
data:
| Stripe.CustomerSubscriptionUpdatedEvent.Data
| Stripe.CustomerSubscriptionCreatedEvent.Data
| Stripe.CustomerSubscriptionDeletedEvent.Data,
) {
await this.billingSubscriptionRepository.upsert(
{
workspaceId: workspaceId,
stripeCustomerId: data.object.customer as string,
stripeSubscriptionId: data.object.id,
status: data.object.status,
},
{
conflictPaths: ['stripeSubscriptionId'],
skipUpdateIfNoValuesChanged: true,
},
);
await this.workspaceRepository.update(workspaceId, {
subscriptionStatus: data.object.status,
});
const billingSubscription = await this.getCurrentBillingSubscription({
workspaceId,
});
if (!billingSubscription) {
return;
}
await this.billingSubscriptionItemRepository.upsert(
data.object.items.data.map((item) => {
return {
billingSubscriptionId: billingSubscription.id,
stripeProductId: item.price.product as string,
stripePriceId: item.price.id,
stripeSubscriptionItemId: item.id,
quantity: item.quantity,
};
}),
{
conflictPaths: ['billingSubscriptionId', 'stripeProductId'],
skipUpdateIfNoValuesChanged: true,
},
);
}
}

11
packages/twenty-server/src/engine/core-modules/billing/dto/billing-session.input.ts Normal file
View File

@ -0,0 +1,11 @@
import { ArgsType, Field } from '@nestjs/graphql';
import { IsOptional, IsString } from 'class-validator';
@ArgsType()
export class BillingSessionInput {
@Field(() => String, { nullable: true })
@IsString()
@IsOptional()
returnUrlPath?: string;
}

17
packages/twenty-server/src/engine/core-modules/billing/dto/checkout-session.input.ts Normal file
View File

@ -0,0 +1,17 @@
import { ArgsType, Field } from '@nestjs/graphql';
import { IsNotEmpty, IsOptional, IsString } from 'class-validator';
import Stripe from 'stripe';
@ArgsType()
export class CheckoutSessionInput {
@Field(() => String)
@IsString()
@IsNotEmpty()
recurringInterval: Stripe.Price.Recurring.Interval;
@Field(() => String, { nullable: true })
@IsString()
@IsOptional()
successUrlPath?: string;
}

18
packages/twenty-server/src/engine/core-modules/billing/dto/product-price.entity.ts Normal file
View File

@ -0,0 +1,18 @@
import { Field, ObjectType } from '@nestjs/graphql';
import Stripe from 'stripe';
@ObjectType()
export class ProductPriceEntity {
@Field(() => String)
recurringInterval: Stripe.Price.Recurring.Interval;
@Field(() => Number)
unitAmount: number;
@Field(() => Number)
created: number;
@Field(() => String)
stripePriceId: string;
}

12
packages/twenty-server/src/engine/core-modules/billing/dto/product-prices.entity.ts Normal file
View File

@ -0,0 +1,12 @@
import { Field, Int, ObjectType } from '@nestjs/graphql';
import { ProductPriceEntity } from 'src/engine/core-modules/billing/dto/product-price.entity';
@ObjectType()
export class ProductPricesEntity {
@Field(() => Int)
totalNumberOfPrices: number;
@Field(() => [ProductPriceEntity])
productPrices: ProductPriceEntity[];
}

13
packages/twenty-server/src/engine/core-modules/billing/dto/product.input.ts Normal file
View File

@ -0,0 +1,13 @@
import { ArgsType, Field } from '@nestjs/graphql';
import { IsNotEmpty, IsString } from 'class-validator';
import { AvailableProduct } from 'src/engine/core-modules/billing/billing.service';
@ArgsType()
export class ProductInput {
@Field(() => String)
@IsString()
@IsNotEmpty()
product: AvailableProduct;
}

7
packages/twenty-server/src/engine/core-modules/billing/dto/session.entity.ts Normal file
View File

@ -0,0 +1,7 @@
import { Field, ObjectType } from '@nestjs/graphql';
@ObjectType()
export class SessionEntity {
@Field(() => String, { nullable: true })
url: string;
}

58
packages/twenty-server/src/engine/core-modules/billing/entities/billing-subscription-item.entity.ts Normal file
View File

@ -0,0 +1,58 @@
import {
Column,
CreateDateColumn,
Entity,
ManyToOne,
PrimaryGeneratedColumn,
Unique,
UpdateDateColumn,
} from 'typeorm';
import { BillingSubscription } from 'src/engine/core-modules/billing/entities/billing-subscription.entity';
@Entity({ name: 'billingSubscriptionItem', schema: 'core' })
@Unique('IndexOnBillingSubscriptionIdAndStripeProductIdUnique', [
'billingSubscriptionId',
'stripeProductId',
])
@Unique('IndexOnBillingSubscriptionIdAndStripeSubscriptionItemIdUnique', [
'billingSubscriptionId',
'stripeSubscriptionItemId',
])
export class BillingSubscriptionItem {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ nullable: true })
deletedAt?: Date;
@CreateDateColumn({ type: 'timestamp with time zone' })
createdAt: Date;
@UpdateDateColumn({ type: 'timestamp with time zone' })
updatedAt: Date;
@Column({ nullable: false })
billingSubscriptionId: string;
@ManyToOne(
() => BillingSubscription,
(billingSubscription) => billingSubscription.billingSubscriptionItems,
{
onDelete: 'CASCADE',
},
)
billingSubscription: BillingSubscription;
@Column({ nullable: false })
stripeProductId: string;
@Column({ nullable: false })
stripePriceId: string;
@Column({ nullable: false })
stripeSubscriptionItemId: string;
@Column({ nullable: false })
quantity: number;
}

59
packages/twenty-server/src/engine/core-modules/billing/entities/billing-subscription.entity.ts Normal file
View File

@ -0,0 +1,59 @@
import { Field, ID, ObjectType } from '@nestjs/graphql';
import {
Column,
CreateDateColumn,
Entity,
JoinColumn,
ManyToOne,
OneToMany,
PrimaryGeneratedColumn,
UpdateDateColumn,
} from 'typeorm';
import Stripe from 'stripe';
import { IDField } from '@ptc-org/nestjs-query-graphql';
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
import { BillingSubscriptionItem } from 'src/engine/core-modules/billing/entities/billing-subscription-item.entity';
@Entity({ name: 'billingSubscription', schema: 'core' })
@ObjectType('BillingSubscription')
export class BillingSubscription {
@IDField(() => ID)
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ nullable: true })
deletedAt?: Date;
@CreateDateColumn({ type: 'timestamp with time zone' })
createdAt: Date;
@UpdateDateColumn({ type: 'timestamp with time zone' })
updatedAt: Date;
@ManyToOne(() => Workspace, (workspace) => workspace.billingSubscriptions, {
onDelete: 'CASCADE',
})
@JoinColumn()
workspace: Workspace;
@Column({ nullable: false, type: 'uuid' })
workspaceId: string;
@Column({ nullable: false })
stripeCustomerId: string;
@Column({ unique: true, nullable: false })
stripeSubscriptionId: string;
@Field()
@Column({ nullable: false })
status: Stripe.Subscription.Status;
@OneToMany(
() => BillingSubscriptionItem,
(billingSubscriptionItem) => billingSubscriptionItem.billingSubscription,
)
billingSubscriptionItems: BillingSubscriptionItem[];
}

46
packages/twenty-server/src/engine/core-modules/billing/jobs/update-subscription.job.ts Normal file
View File

@ -0,0 +1,46 @@
import { Injectable, Logger } from '@nestjs/common';
import { MessageQueueJob } from 'src/engine/integrations/message-queue/interfaces/message-queue-job.interface';
import { BillingService } from 'src/engine/core-modules/billing/billing.service';
import { UserWorkspaceService } from 'src/engine/core-modules/user-workspace/user-workspace.service';
import { StripeService } from 'src/engine/core-modules/billing/stripe/stripe.service';
export type UpdateSubscriptionJobData = { workspaceId: string };
@Injectable()
export class UpdateSubscriptionJob
implements MessageQueueJob<UpdateSubscriptionJobData>
{
protected readonly logger = new Logger(UpdateSubscriptionJob.name);
constructor(
private readonly billingService: BillingService,
private readonly userWorkspaceService: UserWorkspaceService,
private readonly stripeService: StripeService,
) {}
async handle(data: UpdateSubscriptionJobData): Promise<void> {
const workspaceMembersCount =
await this.userWorkspaceService.getWorkspaceMemberCount(data.workspaceId);
if (workspaceMembersCount <= 0) {
return;
}
try {
const billingSubscriptionItem =
await this.billingService.getBillingSubscriptionItem(data.workspaceId);
await this.stripeService.updateSubscriptionItem(
billingSubscriptionItem.stripeSubscriptionItemId,
workspaceMembersCount,
);
this.logger.log(
`Updating workspace ${data.workspaceId} subscription quantity to ${workspaceMembersCount} members`,
);
} catch (e) {
this.logger.warn(
`Failed to update workspace ${data.workspaceId} subscription quantity to ${workspaceMembersCount} members. Error: ${e}`,
);
}
}
}

30
packages/twenty-server/src/engine/core-modules/billing/listeners/billing-workspace-member.listener.ts Normal file
View File

@ -0,0 +1,30 @@
import { Inject, Injectable } from '@nestjs/common';
import { OnEvent } from '@nestjs/event-emitter';
import { MessageQueue } from 'src/engine/integrations/message-queue/message-queue.constants';
import { MessageQueueService } from 'src/engine/integrations/message-queue/services/message-queue.service';
import { ObjectRecordCreateEvent } from 'src/engine/integrations/event-emitter/types/object-record-create.event';
import { WorkspaceMemberObjectMetadata } from 'src/modules/workspace-member/standard-objects/workspace-member.object-metadata';
import {
UpdateSubscriptionJob,
UpdateSubscriptionJobData,
} from 'src/engine/core-modules/billing/jobs/update-subscription.job';
@Injectable()
export class BillingWorkspaceMemberListener {
constructor(
@Inject(MessageQueue.billingQueue)
private readonly messageQueueService: MessageQueueService,
) {}
@OnEvent('workspaceMember.created')
@OnEvent('workspaceMember.deleted')
async handleCreateOrDeleteEvent(
payload: ObjectRecordCreateEvent<WorkspaceMemberObjectMetadata>,
) {
await this.messageQueueService.add<UpdateSubscriptionJobData>(
UpdateSubscriptionJob.name,
{ workspaceId: payload.workspaceId },
);
}
}

9
packages/twenty-server/src/engine/core-modules/billing/stripe/stripe.module.ts Normal file
View File

@ -0,0 +1,9 @@
import { Module } from '@nestjs/common';
import { StripeService } from 'src/engine/core-modules/billing/stripe/stripe.service';
@Module({
providers: [StripeService],
exports: [StripeService],
})
export class StripeModule {}

108
packages/twenty-server/src/engine/core-modules/billing/stripe/stripe.service.ts Normal file
View File

@ -0,0 +1,108 @@
import { Injectable, Logger } from '@nestjs/common';
import Stripe from 'stripe';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
import { User } from 'src/engine/core-modules/user/user.entity';
@Injectable()
export class StripeService {
protected readonly logger = new Logger(StripeService.name);
private readonly stripe: Stripe;
constructor(private readonly environmentService: EnvironmentService) {
this.stripe = new Stripe(
this.environmentService.get('BILLING_STRIPE_API_KEY'),
{},
);
}
constructEventFromPayload(signature: string, payload: Buffer) {
const webhookSecret = this.environmentService.get(
'BILLING_STRIPE_WEBHOOK_SECRET',
);
return this.stripe.webhooks.constructEvent(
payload,
signature,
webhookSecret,
);
}
async getProductPrices(stripeProductId: string) {
return this.stripe.prices.search({
query: `product: '${stripeProductId}'`,
});
}
async updateSubscriptionItem(stripeItemId: string, quantity: number) {
await this.stripe.subscriptionItems.update(stripeItemId, { quantity });
}
async cancelSubscription(stripeSubscriptionId: string) {
await this.stripe.subscriptions.cancel(stripeSubscriptionId);
}
async createBillingPortalSession(
stripeCustomerId: string,
returnUrl?: string,
): Promise<Stripe.BillingPortal.Session> {
return await this.stripe.billingPortal.sessions.create({
customer: stripeCustomerId,
return_url: returnUrl ?? this.environmentService.get('FRONT_BASE_URL'),
});
}
async createCheckoutSession(
user: User,
priceId: string,
quantity: number,
successUrl?: string,
cancelUrl?: string,
stripeCustomerId?: string,
): Promise<Stripe.Checkout.Session> {
return await this.stripe.checkout.sessions.create({
line_items: [
{
price: priceId,
quantity,
},
],
mode: 'subscription',
subscription_data: {
metadata: {
workspaceId: user.defaultWorkspace.id,
},
trial_period_days: this.environmentService.get(
'BILLING_FREE_TRIAL_DURATION_IN_DAYS',
),
},
automatic_tax: { enabled: true },
tax_id_collection: { enabled: true },
customer: stripeCustomerId,
customer_update: stripeCustomerId ? { name: 'auto' } : undefined,
customer_email: stripeCustomerId ? undefined : user.email,
success_url: successUrl,
cancel_url: cancelUrl,
});
}
async collectLastInvoice(stripeSubscriptionId: string) {
const subscription = await this.stripe.subscriptions.retrieve(
stripeSubscriptionId,
{ expand: ['latest_invoice'] },
);
const latestInvoice = subscription.latest_invoice;
if (
!(
latestInvoice &&
typeof latestInvoice !== 'string' &&
latestInvoice.status === 'draft'
)
) {
return;
}
await this.stripe.invoices.pay(latestInvoice.id);
}
}

2
packages/twenty-server/src/engine/core-modules/calendar/constants/calendar.constants.ts Normal file
View File

@ -0,0 +1,2 @@
export const TIMELINE_CALENDAR_EVENTS_DEFAULT_PAGE_SIZE = 20;
export const TIMELINE_CALENDAR_EVENTS_MAX_PAGE_SIZE = 50;

25
packages/twenty-server/src/engine/core-modules/calendar/dtos/timeline-calendar-event-attendee.dto.ts Normal file
View File

@ -0,0 +1,25 @@
import { ObjectType, Field, ID } from '@nestjs/graphql';
@ObjectType('TimelineCalendarEventAttendee')
export class TimelineCalendarEventAttendee {
@Field(() => ID, { nullable: true })
personId: string;
@Field(() => ID, { nullable: true })
workspaceMemberId: string;
@Field()
firstName: string;
@Field()
lastName: string;
@Field()
displayName: string;
@Field()
avatarUrl: string;
@Field()
handle: string;
}

52
packages/twenty-server/src/engine/core-modules/calendar/dtos/timeline-calendar-event.dto.ts Normal file
View File

@ -0,0 +1,52 @@
import { ObjectType, ID, Field, registerEnumType } from '@nestjs/graphql';
import { TimelineCalendarEventAttendee } from 'src/engine/core-modules/calendar/dtos/timeline-calendar-event-attendee.dto';
export enum TimelineCalendarEventVisibility {
METADATA = 'METADATA',
SHARE_EVERYTHING = 'SHARE_EVERYTHING',
}
registerEnumType(TimelineCalendarEventVisibility, {
name: 'TimelineCalendarEventVisibility',
description: 'Visibility of the calendar event',
});
@ObjectType('TimelineCalendarEvent')
export class TimelineCalendarEvent {
@Field(() => ID)
id: string;
@Field()
title: string;
@Field()
isCanceled: boolean;
@Field()
isFullDay: boolean;
@Field()
startsAt: Date;
@Field()
endsAt: Date;
@Field()
description: string;
@Field()
location: string;
@Field()
conferenceSolution: string;
@Field()
conferenceUri: string;
@Field(() => [TimelineCalendarEventAttendee])
attendees: TimelineCalendarEventAttendee[];
@Field(() => TimelineCalendarEventVisibility)
visibility: TimelineCalendarEventVisibility;
}

12
packages/twenty-server/src/engine/core-modules/calendar/dtos/timeline-calendar-events-with-total.dto.ts Normal file
View File

@ -0,0 +1,12 @@
import { Field, Int, ObjectType } from '@nestjs/graphql';
import { TimelineCalendarEvent } from 'src/engine/core-modules/calendar/dtos/timeline-calendar-event.dto';
@ObjectType('TimelineCalendarEventsWithTotal')
export class TimelineCalendarEventsWithTotal {
@Field(() => Int)
totalNumberOfCalendarEvents: number;
@Field(() => [TimelineCalendarEvent])
timelineCalendarEvents: TimelineCalendarEvent[];
}

13
packages/twenty-server/src/engine/core-modules/calendar/timeline-calendar-event.module.ts Normal file
View File

@ -0,0 +1,13 @@
import { Module } from '@nestjs/common';
import { WorkspaceDataSourceModule } from 'src/engine/workspace-datasource/workspace-datasource.module';
import { UserModule } from 'src/engine/core-modules/user/user.module';
import { TimelineCalendarEventResolver } from 'src/engine/core-modules/calendar/timeline-calendar-event.resolver';
import { TimelineCalendarEventService } from 'src/engine/core-modules/calendar/timeline-calendar-event.service';
@Module({
imports: [WorkspaceDataSourceModule, UserModule],
exports: [],
providers: [TimelineCalendarEventResolver, TimelineCalendarEventService],
})
export class TimelineCalendarEventModule {}

108
packages/twenty-server/src/engine/core-modules/calendar/timeline-calendar-event.resolver.ts Normal file
View File

@ -0,0 +1,108 @@
import { UseGuards } from '@nestjs/common';
import {
Query,
Args,
ArgsType,
Field,
ID,
Int,
Resolver,
} from '@nestjs/graphql';
import { Max } from 'class-validator';
import { User } from 'src/engine/core-modules/user/user.entity';
import { AuthUser } from 'src/engine/decorators/auth/auth-user.decorator';
import { AuthWorkspace } from 'src/engine/decorators/auth/auth-workspace.decorator';
import { JwtAuthGuard } from 'src/engine/guards/jwt.auth.guard';
import { TIMELINE_CALENDAR_EVENTS_MAX_PAGE_SIZE } from 'src/engine/core-modules/calendar/constants/calendar.constants';
import { TimelineCalendarEventsWithTotal } from 'src/engine/core-modules/calendar/dtos/timeline-calendar-events-with-total.dto';
import { TimelineCalendarEventService } from 'src/engine/core-modules/calendar/timeline-calendar-event.service';
import { UserService } from 'src/engine/core-modules/user/services/user.service';
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
import { NotFoundError } from 'src/engine/utils/graphql-errors.util';
@ArgsType()
class GetTimelineCalendarEventsFromPersonIdArgs {
@Field(() => ID)
personId: string;
@Field(() => Int)
page: number;
@Field(() => Int)
@Max(TIMELINE_CALENDAR_EVENTS_MAX_PAGE_SIZE)
pageSize: number;
}
@ArgsType()
class GetTimelineCalendarEventsFromCompanyIdArgs {
@Field(() => ID)
companyId: string;
@Field(() => Int)
page: number;
@Field(() => Int)
@Max(TIMELINE_CALENDAR_EVENTS_MAX_PAGE_SIZE)
pageSize: number;
}
@UseGuards(JwtAuthGuard)
@Resolver(() => TimelineCalendarEventsWithTotal)
export class TimelineCalendarEventResolver {
constructor(
private readonly timelineCalendarEventService: TimelineCalendarEventService,
private readonly userService: UserService,
) {}
@Query(() => TimelineCalendarEventsWithTotal)
async getTimelineCalendarEventsFromPersonId(
@AuthWorkspace() { id: workspaceId }: Workspace,
@AuthUser() user: User,
@Args()
{ personId, page, pageSize }: GetTimelineCalendarEventsFromPersonIdArgs,
) {
const workspaceMember = await this.userService.loadWorkspaceMember(user);
if (!workspaceMember) {
throw new NotFoundError('Workspace member not found');
}
const timelineCalendarEvents =
await this.timelineCalendarEventService.getCalendarEventsFromPersonIds(
workspaceMember.id,
workspaceId,
[personId],
page,
pageSize,
);
return timelineCalendarEvents;
}
@Query(() => TimelineCalendarEventsWithTotal)
async getTimelineCalendarEventsFromCompanyId(
@AuthWorkspace() { id: workspaceId }: Workspace,
@AuthUser() user: User,
@Args()
{ companyId, page, pageSize }: GetTimelineCalendarEventsFromCompanyIdArgs,
) {
const workspaceMember = await this.userService.loadWorkspaceMember(user);
if (!workspaceMember) {
throw new NotFoundError('Workspace member not found');
}
const timelineCalendarEvents =
await this.timelineCalendarEventService.getCalendarEventsFromCompanyId(
workspaceMember.id,
workspaceId,
companyId,
page,
pageSize,
);
return timelineCalendarEvents;
}
}

271
packages/twenty-server/src/engine/core-modules/calendar/timeline-calendar-event.service.ts Normal file
View File

@ -0,0 +1,271 @@
import { Injectable } from '@nestjs/common';
import groupBy from 'lodash.groupby';
import { TIMELINE_CALENDAR_EVENTS_DEFAULT_PAGE_SIZE } from 'src/engine/core-modules/calendar/constants/calendar.constants';
import { TimelineCalendarEventAttendee } from 'src/engine/core-modules/calendar/dtos/timeline-calendar-event-attendee.dto';
import {
TimelineCalendarEvent,
TimelineCalendarEventVisibility,
} from 'src/engine/core-modules/calendar/dtos/timeline-calendar-event.dto';
import { TimelineCalendarEventsWithTotal } from 'src/engine/core-modules/calendar/dtos/timeline-calendar-events-with-total.dto';
import { WorkspaceDataSourceService } from 'src/engine/workspace-datasource/workspace-datasource.service';
import { ObjectRecord } from 'src/engine/workspace-manager/workspace-sync-metadata/types/object-record';
import { CalendarEventAttendeeObjectMetadata } from 'src/modules/calendar/standard-objects/calendar-event-attendee.object-metadata';
type TimelineCalendarEventAttendeeWithPersonInformation =
ObjectRecord<CalendarEventAttendeeObjectMetadata> & {
personFirstName: string;
personLastName: string;
personAvatarUrl: string;
workspaceMemberFirstName: string;
workspaceMemberLastName: string;
workspaceMemberAvatarUrl: string;
};
@Injectable()
export class TimelineCalendarEventService {
constructor(
private readonly workspaceDataSourceService: WorkspaceDataSourceService,
) {}
async getCalendarEventsFromPersonIds(
workspaceMemberId: string,
workspaceId: string,
personIds: string[],
page: number = 1,
pageSize: number = TIMELINE_CALENDAR_EVENTS_DEFAULT_PAGE_SIZE,
): Promise<TimelineCalendarEventsWithTotal> {
const offset = (page - 1) * pageSize;
const dataSourceSchema =
this.workspaceDataSourceService.getSchemaName(workspaceId);
const calendarEvents: Omit<TimelineCalendarEvent, 'attendees'>[] =
await this.workspaceDataSourceService.executeRawQuery(
`SELECT
"calendarEvent".*
FROM
${dataSourceSchema}."calendarEvent" "calendarEvent"
LEFT JOIN
${dataSourceSchema}."calendarEventAttendee" "calendarEventAttendee" ON "calendarEvent".id = "calendarEventAttendee"."calendarEventId"
LEFT JOIN
${dataSourceSchema}."person" "person" ON "calendarEventAttendee"."personId" = "person".id
WHERE
"calendarEventAttendee"."personId" = ANY($1)
GROUP BY
"calendarEvent".id
ORDER BY
"calendarEvent"."startsAt" DESC
LIMIT $2
OFFSET $3`,
[personIds, pageSize, offset],
workspaceId,
);
if (!calendarEvents) {
return {
totalNumberOfCalendarEvents: 0,
timelineCalendarEvents: [],
};
}
const calendarEventAttendees: TimelineCalendarEventAttendeeWithPersonInformation[] =
await this.workspaceDataSourceService.executeRawQuery(
`SELECT
"calendarEventAttendee".*,
"person"."nameFirstName" as "personFirstName",
"person"."nameLastName" as "personLastName",
"person"."avatarUrl" as "personAvatarUrl",
"workspaceMember"."nameFirstName" as "workspaceMemberFirstName",
"workspaceMember"."nameLastName" as "workspaceMemberLastName",
"workspaceMember"."avatarUrl" as "workspaceMemberAvatarUrl"
FROM
${dataSourceSchema}."calendarEventAttendee" "calendarEventAttendee"
LEFT JOIN
${dataSourceSchema}."person" "person" ON "calendarEventAttendee"."personId" = "person".id
LEFT JOIN
${dataSourceSchema}."workspaceMember" "workspaceMember" ON "calendarEventAttendee"."workspaceMemberId" = "workspaceMember".id
WHERE
"calendarEventAttendee"."calendarEventId" = ANY($1)`,
[calendarEvents.map((event) => event.id)],
workspaceId,
);
const formattedCalendarEventAttendees: TimelineCalendarEventAttendee[] =
calendarEventAttendees.map((attendee) => {
const firstName =
attendee.personFirstName || attendee.workspaceMemberFirstName || '';
const lastName =
attendee.personLastName || attendee.workspaceMemberLastName || '';
const displayName =
firstName || attendee.displayName || attendee.handle;
const avatarUrl =
attendee.personAvatarUrl || attendee.workspaceMemberAvatarUrl || '';
return {
calendarEventId: attendee.calendarEventId,
personId: attendee.personId,
workspaceMemberId: attendee.workspaceMemberId,
firstName,
lastName,
displayName,
avatarUrl,
handle: attendee.handle,
};
});
const calendarEventAttendeesByEventId: {
[calendarEventId: string]: TimelineCalendarEventAttendee[];
} = groupBy(formattedCalendarEventAttendees, 'calendarEventId');
const totalNumberOfCalendarEvents: { count: number }[] =
await this.workspaceDataSourceService.executeRawQuery(
`
SELECT
COUNT(DISTINCT "calendarEventId")
FROM
${dataSourceSchema}."calendarEventAttendee" "calendarEventAttendee"
WHERE
"calendarEventAttendee"."personId" = ANY($1)
`,
[personIds],
workspaceId,
);
const timelineCalendarEvents = calendarEvents.map((event) => {
const attendees = calendarEventAttendeesByEventId[event.id] || [];
return {
...event,
attendees,
};
});
const calendarEventIdsWithWorkspaceMemberInAttendees =
await this.workspaceDataSourceService.executeRawQuery(
`
SELECT
"calendarEventId"
FROM
${dataSourceSchema}."calendarEventAttendee" "calendarEventAttendee"
WHERE
"calendarEventAttendee"."workspaceMemberId" = $1
`,
[workspaceMemberId],
workspaceId,
);
const calendarEventIdsWithWorkspaceMemberInAttendeesFormatted =
calendarEventIdsWithWorkspaceMemberInAttendees.map(
(event: { calendarEventId: string }) => event.calendarEventId,
);
const calendarEventIdsToFetchVisibilityFor = timelineCalendarEvents
.filter(
(event) =>
!calendarEventIdsWithWorkspaceMemberInAttendeesFormatted.includes(
event.id,
),
)
.map((event) => event.id);
const calendarEventIdsForWhichVisibilityIsMetadata:
| {
id: string;
}[]
| undefined = await this.workspaceDataSourceService.executeRawQuery(
`
SELECT
"calendarChannelEventAssociation"."calendarEventId" AS "id"
FROM
${dataSourceSchema}."calendarChannel" "calendarChannel"
LEFT JOIN
${dataSourceSchema}."calendarChannelEventAssociation" "calendarChannelEventAssociation" ON "calendarChannel".id = "calendarChannelEventAssociation"."calendarChannelId"
WHERE
"calendarChannelEventAssociation"."calendarEventId" = ANY($1)
AND
"calendarChannel"."visibility" = 'METADATA'
`,
[calendarEventIdsToFetchVisibilityFor],
workspaceId,
);
if (!calendarEventIdsForWhichVisibilityIsMetadata) {
throw new Error('Failed to fetch calendar event visibility');
}
const calendarEventIdsForWhichVisibilityIsMetadataMap = new Map(
calendarEventIdsForWhichVisibilityIsMetadata.map((event) => [
event.id,
TimelineCalendarEventVisibility.METADATA,
]),
);
timelineCalendarEvents.forEach((event) => {
event.visibility =
calendarEventIdsForWhichVisibilityIsMetadataMap.get(event.id) ??
TimelineCalendarEventVisibility.SHARE_EVERYTHING;
if (event.visibility === TimelineCalendarEventVisibility.METADATA) {
event.title = '';
event.description = '';
event.location = '';
event.conferenceSolution = '';
event.conferenceUri = '';
}
});
return {
totalNumberOfCalendarEvents: totalNumberOfCalendarEvents[0].count,
timelineCalendarEvents,
};
}
async getCalendarEventsFromCompanyId(
workspaceMemberId: string,
workspaceId: string,
companyId: string,
page: number = 1,
pageSize: number = TIMELINE_CALENDAR_EVENTS_DEFAULT_PAGE_SIZE,
): Promise<TimelineCalendarEventsWithTotal> {
const dataSourceSchema =
this.workspaceDataSourceService.getSchemaName(workspaceId);
const personIds = await this.workspaceDataSourceService.executeRawQuery(
`
SELECT
p."id"
FROM
${dataSourceSchema}."person" p
WHERE
p."companyId" = $1
`,
[companyId],
workspaceId,
);
if (!personIds) {
return {
totalNumberOfCalendarEvents: 0,
timelineCalendarEvents: [],
};
}
const formattedPersonIds = personIds.map(
(personId: { id: string }) => personId.id,
);
const messageThreads = await this.getCalendarEventsFromPersonIds(
workspaceMemberId,
workspaceId,
formattedPersonIds,
page,
pageSize,
);
return messageThreads;
}
}

76
packages/twenty-server/src/engine/core-modules/client-config/client-config.entity.ts Normal file
View File

@ -0,0 +1,76 @@
import { Field, ObjectType } from '@nestjs/graphql';
@ObjectType()
class AuthProviders {
@Field(() => Boolean)
google: boolean;
@Field(() => Boolean)
magicLink: boolean;
@Field(() => Boolean)
password: boolean;
}
@ObjectType()
class Telemetry {
@Field(() => Boolean)
enabled: boolean;
@Field(() => Boolean)
anonymizationEnabled: boolean;
}
@ObjectType()
class Billing {
@Field(() => Boolean)
isBillingEnabled: boolean;
@Field(() => String, { nullable: true })
billingUrl?: string;
@Field(() => Number, { nullable: true })
billingFreeTrialDurationInDays?: number;
}
@ObjectType()
class Support {
@Field(() => String)
supportDriver: string;
@Field(() => String, { nullable: true })
supportFrontChatId?: string;
}
@ObjectType()
class Sentry {
@Field(() => String, { nullable: true })
dsn?: string;
}
@ObjectType()
export class ClientConfig {
@Field(() => AuthProviders, { nullable: false })
authProviders: AuthProviders;
@Field(() => Telemetry, { nullable: false })
telemetry: Telemetry;
@Field(() => Billing, { nullable: false })
billing: Billing;
@Field(() => Boolean)
signInPrefilled: boolean;
@Field(() => Boolean)
signUpDisabled: boolean;
@Field(() => Boolean)
debugMode: boolean;
@Field(() => Support)
support: Support;
@Field(() => Sentry)
sentry: Sentry;
}

8
packages/twenty-server/src/engine/core-modules/client-config/client-config.module.ts Normal file
View File

@ -0,0 +1,8 @@
import { Module } from '@nestjs/common';
import { ClientConfigResolver } from './client-config.resolver';
@Module({
providers: [ClientConfigResolver],
})
export class ClientConfigModule {}

27
packages/twenty-server/src/engine/core-modules/client-config/client-config.resolver.spec.ts Normal file
View File

@ -0,0 +1,27 @@
import { Test, TestingModule } from '@nestjs/testing';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
import { ClientConfigResolver } from './client-config.resolver';
describe('ClientConfigResolver', () => {
let resolver: ClientConfigResolver;
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
providers: [
ClientConfigResolver,
{
provide: EnvironmentService,
useValue: {},
},
],
}).compile();
resolver = module.get<ClientConfigResolver>(ClientConfigResolver);
});
it('should be defined', () => {
expect(resolver).toBeDefined();
});
});

48
packages/twenty-server/src/engine/core-modules/client-config/client-config.resolver.ts Normal file
View File

@ -0,0 +1,48 @@
import { Resolver, Query } from '@nestjs/graphql';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
import { ClientConfig } from './client-config.entity';
@Resolver()
export class ClientConfigResolver {
constructor(private environmentService: EnvironmentService) {}
@Query(() => ClientConfig)
async clientConfig(): Promise<ClientConfig> {
const clientConfig: ClientConfig = {
authProviders: {
google: this.environmentService.get('AUTH_GOOGLE_ENABLED'),
magicLink: false,
password: true,
},
telemetry: {
enabled: this.environmentService.get('TELEMETRY_ENABLED'),
anonymizationEnabled: this.environmentService.get(
'TELEMETRY_ANONYMIZATION_ENABLED',
),
},
billing: {
isBillingEnabled: this.environmentService.get('IS_BILLING_ENABLED'),
billingUrl: this.environmentService.get('BILLING_PLAN_REQUIRED_LINK'),
billingFreeTrialDurationInDays: this.environmentService.get(
'BILLING_FREE_TRIAL_DURATION_IN_DAYS',
),
},
signInPrefilled: this.environmentService.get('SIGN_IN_PREFILLED'),
signUpDisabled: this.environmentService.get('IS_SIGN_UP_DISABLED'),
debugMode: this.environmentService.get('DEBUG_MODE'),
support: {
supportDriver: this.environmentService.get('SUPPORT_DRIVER'),
supportFrontChatId: this.environmentService.get(
'SUPPORT_FRONT_CHAT_ID',
),
},
sentry: {
dsn: this.environmentService.get('SENTRY_DSN'),
},
};
return Promise.resolve(clientConfig);
}
}

44
packages/twenty-server/src/engine/core-modules/core-engine.module.ts Normal file
View File

@ -0,0 +1,44 @@
import { Module } from '@nestjs/common';
import { WorkspaceModule } from 'src/engine/core-modules/workspace/workspace.module';
import { UserModule } from 'src/engine/core-modules/user/user.module';
import { RefreshTokenModule } from 'src/engine/core-modules/refresh-token/refresh-token.module';
import { AuthModule } from 'src/engine/core-modules/auth/auth.module';
import { FeatureFlagModule } from 'src/engine/core-modules/feature-flag/feature-flag.module';
import { OpenApiModule } from 'src/engine/core-modules/open-api/open-api.module';
import { TimelineMessagingModule } from 'src/engine/core-modules/messaging/timeline-messaging.module';
import { TimelineCalendarEventModule } from 'src/engine/core-modules/calendar/timeline-calendar-event.module';
import { BillingModule } from 'src/engine/core-modules/billing/billing.module';
import { HealthModule } from 'src/engine/core-modules/health/health.module';
import { AnalyticsModule } from './analytics/analytics.module';
import { FileModule } from './file/file.module';
import { ClientConfigModule } from './client-config/client-config.module';
@Module({
imports: [
HealthModule,
AnalyticsModule,
AuthModule,
BillingModule,
ClientConfigModule,
FeatureFlagModule,
FileModule,
OpenApiModule,
RefreshTokenModule,
TimelineMessagingModule,
TimelineCalendarEventModule,
UserModule,
WorkspaceModule,
],
exports: [
AnalyticsModule,
AuthModule,
FeatureFlagModule,
TimelineMessagingModule,
TimelineCalendarEventModule,
UserModule,
WorkspaceModule,
],
})
export class CoreEngineModule {}

52
packages/twenty-server/src/engine/core-modules/feature-flag/feature-flag.entity.ts Normal file
View File

@ -0,0 +1,52 @@
import { Field, ID, ObjectType } from '@nestjs/graphql';
import {
Entity,
Unique,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
ManyToOne,
} from 'typeorm';
import { IDField } from '@ptc-org/nestjs-query-graphql';
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
export enum FeatureFlagKeys {
IsBlocklistEnabled = 'IS_BLOCKLIST_ENABLED',
IsCalendarEnabled = 'IS_CALENDAR_ENABLED',
IsEventObjectEnabled = 'IS_EVENT_OBJECT_ENABLED',
}
@Entity({ name: 'featureFlag', schema: 'core' })
@ObjectType('FeatureFlag')
@Unique('IndexOnKeyAndWorkspaceIdUnique', ['key', 'workspaceId'])
export class FeatureFlagEntity {
@IDField(() => ID)
@PrimaryGeneratedColumn('uuid')
id: string;
@Field()
@Column({ nullable: false, type: 'text' })
key: FeatureFlagKeys;
@Field()
@Column({ nullable: false, type: 'uuid' })
workspaceId: string;
@ManyToOne(() => Workspace, (workspace) => workspace.featureFlags, {
onDelete: 'CASCADE',
})
workspace: Workspace;
@Field()
@Column({ nullable: false })
value: boolean;
@CreateDateColumn()
createdAt: Date;
@UpdateDateColumn()
updatedAt: Date;
}

23
packages/twenty-server/src/engine/core-modules/feature-flag/feature-flag.module.ts Normal file
View File

@ -0,0 +1,23 @@
import { Module } from '@nestjs/common';
import { NestjsQueryGraphQLModule } from '@ptc-org/nestjs-query-graphql';
import { NestjsQueryTypeOrmModule } from '@ptc-org/nestjs-query-typeorm';
import { TypeORMModule } from 'src/database/typeorm/typeorm.module';
import { FeatureFlagEntity } from 'src/engine/core-modules/feature-flag/feature-flag.entity';
@Module({
imports: [
TypeORMModule,
NestjsQueryGraphQLModule.forFeature({
imports: [
NestjsQueryTypeOrmModule.forFeature([FeatureFlagEntity], 'core'),
],
services: [],
resolvers: [],
}),
],
exports: [],
providers: [],
})
export class FeatureFlagModule {}

3
packages/twenty-server/src/engine/core-modules/feature-flag/interfaces/feature-flag-map.interface.ts Normal file
View File

@ -0,0 +1,3 @@
import { FeatureFlagKeys } from 'src/engine/core-modules/feature-flag/feature-flag.entity';
export type FeatureFlagMap = Record<`${FeatureFlagKeys}`, boolean>;

33
packages/twenty-server/src/engine/core-modules/file/controllers/file.controller.spec.ts Normal file
View File

@ -0,0 +1,33 @@
import { Test, TestingModule } from '@nestjs/testing';
import { CanActivate } from '@nestjs/common';
import { FileService } from 'src/engine/core-modules/file/services/file.service';
import { FilePathGuard } from 'src/engine/core-modules/file/guards/file-path-guard';
import { FileController } from './file.controller';
describe('FileController', () => {
let controller: FileController;
const mock_FilePathGuard: CanActivate = { canActivate: jest.fn(() => true) };
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
controllers: [FileController],
providers: [
{
provide: FileService,
useValue: {},
},
],
})
.overrideGuard(FilePathGuard)
.useValue(mock_FilePathGuard)
.compile();
controller = module.get<FileController>(FileController);
});
it('should be defined', () => {
expect(controller).toBeDefined();
});
});

37
packages/twenty-server/src/engine/core-modules/file/controllers/file.controller.ts Normal file
View File

@ -0,0 +1,37 @@
import { Controller, Get, Param, Res, UseGuards } from '@nestjs/common';
import { Response } from 'express';
import { FilePathGuard } from 'src/engine/core-modules/file/guards/file-path-guard';
import {
checkFilePath,
checkFilename,
} from 'src/engine/core-modules/file/file.utils';
import { FileService } from 'src/engine/core-modules/file/services/file.service';
// TODO: Add cookie authentication
@Controller('files')
@UseGuards(FilePathGuard)
export class FileController {
constructor(private readonly fileService: FileService) {}
/**
* Serve files from local storage
* We recommend using an s3 bucket for production
*/
@Get('*/:filename')
async getFile(@Param() params: string[], @Res() res: Response) {
const folderPath = checkFilePath(params[0]);
const filename = checkFilename(params['filename']);
const fileStream = await this.fileService.getFileStream(
folderPath,
filename,
);
fileStream.on('error', () => {
res.status(404).send({ error: 'File not found' });
});
fileStream.pipe(res);
}
}

11
packages/twenty-server/src/engine/core-modules/file/file-upload/file-upload.module.ts Normal file
View File

@ -0,0 +1,11 @@
import { Module } from '@nestjs/common';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
import { FileUploadResolver } from 'src/engine/core-modules/file/file-upload/resolvers/file-upload.resolver';
import { FileUploadService } from 'src/engine/core-modules/file/file-upload/services/file-upload.service';
@Module({
providers: [FileUploadService, FileUploadResolver, EnvironmentService],
exports: [FileUploadService, FileUploadResolver],
})
export class FileUploadModule {}

27
packages/twenty-server/src/engine/core-modules/file/file-upload/resolvers/file-upload.resolver.spec.ts Normal file
View File

@ -0,0 +1,27 @@
import { Test, TestingModule } from '@nestjs/testing';
import { FileUploadService } from 'src/engine/core-modules/file/file-upload/services/file-upload.service';
import { FileUploadResolver } from './file-upload.resolver';
describe('FileUploadResolver', () => {
let resolver: FileUploadResolver;
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
providers: [
FileUploadResolver,
{
provide: FileUploadService,
useValue: {},
},
],
}).compile();
resolver = module.get<FileUploadResolver>(FileUploadResolver);
});
it('should be defined', () => {
expect(resolver).toBeDefined();
});
});

57
packages/twenty-server/src/engine/core-modules/file/file-upload/resolvers/file-upload.resolver.ts Normal file
View File

@ -0,0 +1,57 @@
import { Args, Mutation, Resolver } from '@nestjs/graphql';
import { UseGuards } from '@nestjs/common';
import { GraphQLUpload, FileUpload } from 'graphql-upload';
import { FileFolder } from 'src/engine/core-modules/file/interfaces/file-folder.interface';
import { FileUploadService } from 'src/engine/core-modules/file/file-upload/services/file-upload.service';
import { JwtAuthGuard } from 'src/engine/guards/jwt.auth.guard';
import { streamToBuffer } from 'src/utils/stream-to-buffer';
import { DemoEnvGuard } from 'src/engine/guards/demo.env.guard';
@UseGuards(JwtAuthGuard, DemoEnvGuard)
@Resolver()
export class FileUploadResolver {
constructor(private readonly fileUploadService: FileUploadService) {}
@Mutation(() => String)
async uploadFile(
@Args({ name: 'file', type: () => GraphQLUpload })
{ createReadStream, filename, mimetype }: FileUpload,
@Args('fileFolder', { type: () => FileFolder, nullable: true })
fileFolder: FileFolder,
): Promise<string> {
const stream = createReadStream();
const buffer = await streamToBuffer(stream);
const { path } = await this.fileUploadService.uploadFile({
file: buffer,
filename,
mimeType: mimetype,
fileFolder,
});
return path;
}
@Mutation(() => String)
async uploadImage(
@Args({ name: 'file', type: () => GraphQLUpload })
{ createReadStream, filename, mimetype }: FileUpload,
@Args('fileFolder', { type: () => FileFolder, nullable: true })
fileFolder: FileFolder,
): Promise<string> {
const stream = createReadStream();
const buffer = await streamToBuffer(stream);
const { paths } = await this.fileUploadService.uploadImage({
file: buffer,
filename,
mimeType: mimetype,
fileFolder,
});
return paths[0];
}
}

32
packages/twenty-server/src/engine/core-modules/file/file-upload/services/file-upload.service.spec.ts Normal file
View File

@ -0,0 +1,32 @@
import { Test, TestingModule } from '@nestjs/testing';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
import { FileStorageService } from 'src/engine/integrations/file-storage/file-storage.service';
import { FileUploadService } from './file-upload.service';
describe('FileUploadService', () => {
let service: FileUploadService;
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
providers: [
FileUploadService,
{
provide: FileStorageService,
useValue: {},
},
{
provide: EnvironmentService,
useValue: {},
},
],
}).compile();
service = module.get<FileUploadService>(FileUploadService);
});
it('should be defined', () => {
expect(service).toBeDefined();
});
});

117
packages/twenty-server/src/engine/core-modules/file/file-upload/services/file-upload.service.ts Normal file
View File

@ -0,0 +1,117 @@
import { Injectable } from '@nestjs/common';
import sharp from 'sharp';
import { v4 as uuidV4 } from 'uuid';
import { FileFolder } from 'src/engine/core-modules/file/interfaces/file-folder.interface';
import { getCropSize } from 'src/utils/image';
import { settings } from 'src/engine/constants/settings';
import { FileStorageService } from 'src/engine/integrations/file-storage/file-storage.service';
@Injectable()
export class FileUploadService {
constructor(private readonly fileStorage: FileStorageService) {}
private async _uploadFile({
file,
filename,
mimeType,
fileFolder,
}: {
file: Buffer | Uint8Array | string;
filename: string;
mimeType: string | undefined;
fileFolder: FileFolder;
}) {
await this.fileStorage.write({
file,
name: filename,
mimeType,
folder: fileFolder,
});
}
async uploadFile({
file,
filename,
mimeType,
fileFolder,
}: {
file: Buffer | Uint8Array | string;
filename: string;
mimeType: string | undefined;
fileFolder: FileFolder;
}) {
const ext = filename.split('.')?.[1];
const id = uuidV4();
const name = `${id}${ext ? `.${ext}` : ''}`;
await this._uploadFile({
file,
filename: name,
mimeType,
fileFolder,
});
return {
id,
mimeType,
path: `${fileFolder}/${name}`,
};
}
async uploadImage({
file,
filename,
mimeType,
fileFolder,
}: {
file: Buffer | Uint8Array | string;
filename: string;
mimeType: string | undefined;
fileFolder: FileFolder;
}) {
const ext = filename.split('.')?.[1];
const id = uuidV4();
const name = `${id}${ext ? `.${ext}` : ''}`;
const cropSizes = settings.storage.imageCropSizes[fileFolder];
if (!cropSizes) {
throw new Error(`No crop sizes found for ${fileFolder}`);
}
const sizes = cropSizes.map((shortSize) => getCropSize(shortSize));
const images = await Promise.all(
sizes.map((size) =>
sharp(file).resize({
[size?.type || 'width']: size?.value ?? undefined,
}),
),
);
const paths: Array<string> = [];
await Promise.all(
images.map(async (image, index) => {
const buffer = await image.toBuffer();
paths.push(`${fileFolder}/${cropSizes[index]}/${name}`);
return this._uploadFile({
file: buffer,
filename: `${cropSizes[index]}/${name}`,
mimeType,
fileFolder,
});
}),
);
return {
id,
mimeType,
paths,
};
}
}

17
packages/twenty-server/src/engine/core-modules/file/file.module.ts Normal file
View File

@ -0,0 +1,17 @@
import { Module } from '@nestjs/common';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
import { FilePathGuard } from 'src/engine/core-modules/file/guards/file-path-guard';
import { AuthModule } from 'src/engine/core-modules/auth/auth.module';
import { FileUploadModule } from 'src/engine/core-modules/file/file-upload/file-upload.module';
import { FileService } from './services/file.service';
import { FileController } from './controllers/file.controller';
@Module({
imports: [FileUploadModule, AuthModule],
providers: [FileService, EnvironmentService, FilePathGuard],
exports: [FileService],
controllers: [FileController],
})
export class FileModule {}

46
packages/twenty-server/src/engine/core-modules/file/file.utils.ts Normal file
View File

@ -0,0 +1,46 @@
import { BadRequestException } from '@nestjs/common';
import { basename } from 'path';
import { KebabCase } from 'type-fest';
import { kebabCase } from 'src/utils/kebab-case';
import { settings } from 'src/engine/constants/settings';
import { FileFolder } from './interfaces/file-folder.interface';
type AllowedFolders = KebabCase<keyof typeof FileFolder>;
export const checkFilePath = (filePath: string): string => {
const allowedFolders = Object.values(FileFolder).map((value) =>
kebabCase(value),
);
const sanitizedFilePath = filePath.replace(/\0/g, '');
const [folder, size] = sanitizedFilePath.split('/');
if (!allowedFolders.includes(folder as AllowedFolders)) {
throw new BadRequestException(`Folder ${folder} is not allowed`);
}
if (size && !settings.storage.imageCropSizes[folder]?.includes(size)) {
throw new BadRequestException(`Size ${size} is not allowed`);
}
return sanitizedFilePath;
};
export const checkFilename = (filename: string) => {
const sanitizedFilename = basename(filename.replace(/\0/g, ''));
if (
!sanitizedFilename ||
sanitizedFilename.includes('/') ||
sanitizedFilename.includes('\\') ||
!sanitizedFilename.includes('.')
) {
throw new BadRequestException(`Filename is not allowed`);
}
return basename(sanitizedFilename);
};

52
packages/twenty-server/src/engine/core-modules/file/guards/file-path-guard.ts Normal file
View File

@ -0,0 +1,52 @@
import {
Injectable,
CanActivate,
ExecutionContext,
HttpException,
HttpStatus,
} from '@nestjs/common';
import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
import { TokenService } from 'src/engine/core-modules/auth/services/token.service';
@Injectable()
export class FilePathGuard implements CanActivate {
constructor(
private readonly tokenService: TokenService,
private readonly environmentService: EnvironmentService,
) {}
async canActivate(context: ExecutionContext): Promise<boolean> {
const query = context.switchToHttp().getRequest().query;
if (query && query['token']) {
return !(await this.isExpired(query['token']));
}
return true;
}
private async isExpired(signedExpirationDate: string): Promise<boolean> {
const decodedPayload = await this.tokenService.decodePayload(
signedExpirationDate,
{
secret: this.environmentService.get('FILE_TOKEN_SECRET'),
},
);
const expirationDate = decodedPayload?.['expiration_date'];
if (!expirationDate) {
return true;
}
if (new Date(expirationDate) < new Date()) {
throw new HttpException(
'This url has expired. Please reload twenty page and open file again.',
HttpStatus.FORBIDDEN,
);
}
return false;
}
}

12
packages/twenty-server/src/engine/core-modules/file/interfaces/file-folder.interface.ts Normal file
View File

@ -0,0 +1,12 @@
import { registerEnumType } from '@nestjs/graphql';
export enum FileFolder {
ProfilePicture = 'profile-picture',
WorkspaceLogo = 'workspace-logo',
Attachment = 'attachment',
PersonPicture = 'person-picture',
}
registerEnumType(FileFolder, {
name: 'FileFolder',
});

27
packages/twenty-server/src/engine/core-modules/file/resolvers/file-upload.resolver.spec.ts Normal file
View File

@ -0,0 +1,27 @@
import { Test, TestingModule } from '@nestjs/testing';
import { FileUploadService } from 'src/engine/core-modules/file/file-upload/services/file-upload.service';
import { FileUploadResolver } from './file-upload.resolver';
describe('FileUploadResolver', () => {
let resolver: FileUploadResolver;
beforeEach(async () => {
const module: TestingModule = await Test.createTestingModule({
providers: [
FileUploadResolver,
{
provide: FileUploadService,
useValue: {},
},
],
}).compile();
resolver = module.get<FileUploadResolver>(FileUploadResolver);
});
it('should be defined', () => {
expect(resolver).toBeDefined();
});
});

57
packages/twenty-server/src/engine/core-modules/file/resolvers/file-upload.resolver.ts Normal file
View File

@ -0,0 +1,57 @@
import { Args, Mutation, Resolver } from '@nestjs/graphql';
import { UseGuards } from '@nestjs/common';
import { GraphQLUpload, FileUpload } from 'graphql-upload';
import { FileFolder } from 'src/engine/core-modules/file/interfaces/file-folder.interface';
import { FileUploadService } from 'src/engine/core-modules/file/file-upload/services/file-upload.service';
import { JwtAuthGuard } from 'src/engine/guards/jwt.auth.guard';
import { streamToBuffer } from 'src/utils/stream-to-buffer';
import { DemoEnvGuard } from 'src/engine/guards/demo.env.guard';
@UseGuards(JwtAuthGuard, DemoEnvGuard)
@Resolver()
export class FileUploadResolver {
constructor(private readonly fileUploadService: FileUploadService) {}
@Mutation(() => String)
async uploadFile(
@Args({ name: 'file', type: () => GraphQLUpload })
{ createReadStream, filename, mimetype }: FileUpload,
@Args('fileFolder', { type: () => FileFolder, nullable: true })
fileFolder: FileFolder,
): Promise<string> {
const stream = createReadStream();
const buffer = await streamToBuffer(stream);
const { path } = await this.fileUploadService.uploadFile({
file: buffer,
filename,
mimeType: mimetype,
fileFolder,
});
return path;
}
@Mutation(() => String)
async uploadImage(
@Args({ name: 'file', type: () => GraphQLUpload })
{ createReadStream, filename, mimetype }: FileUpload,
@Args('fileFolder', { type: () => FileFolder, nullable: true })
fileFolder: FileFolder,
): Promise<string> {
const stream = createReadStream();
const buffer = await streamToBuffer(stream);
const { paths } = await this.fileUploadService.uploadImage({
file: buffer,
filename,
mimeType: mimetype,
fileFolder,
});
return paths[0];
}
}

Some files were not shown because too many files have changed in this diff Show More