diff --git a/packages/twenty-server/src/database/typeorm/core/migrations/1717751631669-addPostgresCredentials.ts b/packages/twenty-server/src/database/typeorm/core/migrations/1717751631669-addPostgresCredentials.ts new file mode 100644 index 000000000..cd00225b5 --- /dev/null +++ b/packages/twenty-server/src/database/typeorm/core/migrations/1717751631669-addPostgresCredentials.ts @@ -0,0 +1,21 @@ +import { MigrationInterface, QueryRunner } from 'typeorm'; + +export class AddPostgresCredentials1717751631669 implements MigrationInterface { + name = 'AddPostgresCredentials1717751631669'; + + public async up(queryRunner: QueryRunner): Promise { + await queryRunner.query( + `CREATE TABLE "core"."postgresCredentials" ("id" uuid NOT NULL DEFAULT uuid_generate_v4(), "user" character varying NOT NULL, "passwordHash" character varying NOT NULL, "createdAt" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), "updatedAt" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), "deletedAt" TIMESTAMP WITH TIME ZONE, "workspaceId" uuid NOT NULL, CONSTRAINT "PK_3f9c4cdf895bfea0a6ea15bdd81" PRIMARY KEY ("id"))`, + ); + await queryRunner.query( + `ALTER TABLE "core"."postgresCredentials" ADD CONSTRAINT "FK_9494639abc06f9c8c3691bf5d22" FOREIGN KEY ("workspaceId") REFERENCES "core"."workspace"("id") ON DELETE CASCADE ON UPDATE NO ACTION`, + ); + } + + public async down(queryRunner: QueryRunner): Promise { + await queryRunner.query( + `ALTER TABLE "core"."postgresCredentials" DROP CONSTRAINT "FK_9494639abc06f9c8c3691bf5d22"`, + ); + await queryRunner.query(`DROP TABLE "core"."postgresCredentials"`); + } +} diff --git a/packages/twenty-server/src/database/typeorm/typeorm.service.ts b/packages/twenty-server/src/database/typeorm/typeorm.service.ts index c34bfea4a..ca1f9c44c 100644 --- a/packages/twenty-server/src/database/typeorm/typeorm.service.ts +++ b/packages/twenty-server/src/database/typeorm/typeorm.service.ts @@ -12,6 +12,7 @@ import { BillingSubscription } from 'src/engine/core-modules/billing/entities/bi import { BillingSubscriptionItem } from 'src/engine/core-modules/billing/entities/billing-subscription-item.entity'; import { UserWorkspace } from 'src/engine/core-modules/user-workspace/user-workspace.entity'; import { KeyValuePair } from 'src/engine/core-modules/key-value-pair/key-value-pair.entity'; +import { PostgresCredentials } from 'src/engine/core-modules/postgres-credentials/postgres-credentials.entity'; @Injectable() export class TypeORMService implements OnModuleInit, OnModuleDestroy { @@ -34,6 +35,7 @@ export class TypeORMService implements OnModuleInit, OnModuleDestroy { FeatureFlagEntity, BillingSubscription, BillingSubscriptionItem, + PostgresCredentials, ], ssl: environmentService.get('PG_SSL_ALLOW_SELF_SIGNED') ? { diff --git a/packages/twenty-server/src/engine/core-modules/core-engine.module.ts b/packages/twenty-server/src/engine/core-modules/core-engine.module.ts index a7acdc0f3..2df9de73b 100644 --- a/packages/twenty-server/src/engine/core-modules/core-engine.module.ts +++ b/packages/twenty-server/src/engine/core-modules/core-engine.module.ts @@ -11,6 +11,7 @@ import { TimelineCalendarEventModule } from 'src/engine/core-modules/calendar/ti import { BillingModule } from 'src/engine/core-modules/billing/billing.module'; import { HealthModule } from 'src/engine/core-modules/health/health.module'; import { TwentyORMModule } from 'src/engine/twenty-orm/twenty-orm.module'; +import { PostgresCredentialsModule } from 'src/engine/core-modules/postgres-credentials/postgres-credentials.module'; import { AnalyticsModule } from './analytics/analytics.module'; import { FileModule } from './file/file.module'; @@ -34,6 +35,7 @@ import { ClientConfigModule } from './client-config/client-config.module'; TimelineCalendarEventModule, UserModule, WorkspaceModule, + PostgresCredentialsModule, ], exports: [ AnalyticsModule, diff --git a/packages/twenty-server/src/engine/core-modules/postgres-credentials/dtos/postgres-credentials.dto.ts b/packages/twenty-server/src/engine/core-modules/postgres-credentials/dtos/postgres-credentials.dto.ts new file mode 100644 index 000000000..797945962 --- /dev/null +++ b/packages/twenty-server/src/engine/core-modules/postgres-credentials/dtos/postgres-credentials.dto.ts @@ -0,0 +1,20 @@ +import { ObjectType, Field } from '@nestjs/graphql'; + +import { IDField } from '@ptc-org/nestjs-query-graphql'; + +import { UUIDScalarType } from 'src/engine/api/graphql/workspace-schema-builder/graphql-types/scalars'; + +@ObjectType('PostgresCredentials') +export class PostgresCredentialsDTO { + @IDField(() => UUIDScalarType) + id: string; + + @Field() + user: string; + + @Field() + password: string; + + @Field() + workspaceId: string; +} diff --git a/packages/twenty-server/src/engine/core-modules/postgres-credentials/postgres-credentials.entity.ts b/packages/twenty-server/src/engine/core-modules/postgres-credentials/postgres-credentials.entity.ts new file mode 100644 index 000000000..e8fe9ecea --- /dev/null +++ b/packages/twenty-server/src/engine/core-modules/postgres-credentials/postgres-credentials.entity.ts @@ -0,0 +1,40 @@ +import { + Entity, + Column, + PrimaryGeneratedColumn, + CreateDateColumn, + UpdateDateColumn, + ManyToOne, + Relation, +} from 'typeorm'; + +import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity'; + +@Entity({ name: 'postgresCredentials', schema: 'core' }) +export class PostgresCredentials { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ nullable: false }) + user: string; + + @Column({ nullable: false }) + passwordHash: string; + + @CreateDateColumn({ type: 'timestamptz' }) + createdAt: Date; + + @UpdateDateColumn({ type: 'timestamptz' }) + updatedAt: Date; + + @Column({ nullable: true, type: 'timestamptz' }) + deletedAt: Date; + + @ManyToOne(() => Workspace, (workspace) => workspace.allPostgresCredentials, { + onDelete: 'CASCADE', + }) + workspace: Relation; + + @Column({ nullable: false, type: 'uuid' }) + workspaceId: string; +} diff --git a/packages/twenty-server/src/engine/core-modules/postgres-credentials/postgres-credentials.module.ts b/packages/twenty-server/src/engine/core-modules/postgres-credentials/postgres-credentials.module.ts new file mode 100644 index 000000000..fcb2bbdd4 --- /dev/null +++ b/packages/twenty-server/src/engine/core-modules/postgres-credentials/postgres-credentials.module.ts @@ -0,0 +1,20 @@ +import { Module } from '@nestjs/common'; +import { TypeOrmModule } from '@nestjs/typeorm'; + +import { PostgresCredentials } from 'src/engine/core-modules/postgres-credentials/postgres-credentials.entity'; +import { PostgresCredentialsResolver } from 'src/engine/core-modules/postgres-credentials/postgres-credentials.resolver'; +import { PostgresCredentialsService } from 'src/engine/core-modules/postgres-credentials/postgres-credentials.service'; +import { EnvironmentModule } from 'src/engine/integrations/environment/environment.module'; + +@Module({ + imports: [ + TypeOrmModule.forFeature([PostgresCredentials], 'core'), + EnvironmentModule, + ], + providers: [ + PostgresCredentialsResolver, + PostgresCredentialsService, + PostgresCredentials, + ], +}) +export class PostgresCredentialsModule {} diff --git a/packages/twenty-server/src/engine/core-modules/postgres-credentials/postgres-credentials.resolver.ts b/packages/twenty-server/src/engine/core-modules/postgres-credentials/postgres-credentials.resolver.ts new file mode 100644 index 000000000..2dece1606 --- /dev/null +++ b/packages/twenty-server/src/engine/core-modules/postgres-credentials/postgres-credentials.resolver.ts @@ -0,0 +1,35 @@ +import { UseGuards } from '@nestjs/common'; +import { Resolver, Mutation, Query } from '@nestjs/graphql'; + +import { PostgresCredentialsDTO } from 'src/engine/core-modules/postgres-credentials/dtos/postgres-credentials.dto'; +import { PostgresCredentialsService } from 'src/engine/core-modules/postgres-credentials/postgres-credentials.service'; +import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity'; +import { AuthWorkspace } from 'src/engine/decorators/auth/auth-workspace.decorator'; +import { JwtAuthGuard } from 'src/engine/guards/jwt.auth.guard'; + +@Resolver(() => PostgresCredentialsDTO) +export class PostgresCredentialsResolver { + constructor( + private readonly postgresCredentialsService: PostgresCredentialsService, + ) {} + + @UseGuards(JwtAuthGuard) + @Mutation(() => PostgresCredentialsDTO) + async enablePostgresProxy(@AuthWorkspace() { id: workspaceId }: Workspace) { + return this.postgresCredentialsService.enablePostgresProxy(workspaceId); + } + + @UseGuards(JwtAuthGuard) + @Mutation(() => PostgresCredentialsDTO) + async disablePostgresProxy(@AuthWorkspace() { id: workspaceId }: Workspace) { + return this.postgresCredentialsService.disablePostgresProxy(workspaceId); + } + + @UseGuards(JwtAuthGuard) + @Query(() => PostgresCredentialsDTO, { nullable: true }) + async getPostgresCredentials( + @AuthWorkspace() { id: workspaceId }: Workspace, + ) { + return this.postgresCredentialsService.getPostgresCredentials(workspaceId); + } +} diff --git a/packages/twenty-server/src/engine/core-modules/postgres-credentials/postgres-credentials.service.ts b/packages/twenty-server/src/engine/core-modules/postgres-credentials/postgres-credentials.service.ts new file mode 100644 index 000000000..6bdc67d43 --- /dev/null +++ b/packages/twenty-server/src/engine/core-modules/postgres-credentials/postgres-credentials.service.ts @@ -0,0 +1,117 @@ +import { InjectRepository } from '@nestjs/typeorm'; +import { BadRequestException } from '@nestjs/common'; + +import { randomBytes } from 'crypto'; + +import { Repository } from 'typeorm'; + +import { + decryptText, + encryptText, +} from 'src/engine/core-modules/auth/auth.util'; +import { EnvironmentService } from 'src/engine/integrations/environment/environment.service'; +import { PostgresCredentials } from 'src/engine/core-modules/postgres-credentials/postgres-credentials.entity'; +import { NotFoundError } from 'src/engine/utils/graphql-errors.util'; +import { PostgresCredentialsDTO } from 'src/engine/core-modules/postgres-credentials/dtos/postgres-credentials.dto'; + +export class PostgresCredentialsService { + constructor( + @InjectRepository(PostgresCredentials, 'core') + private readonly postgresCredentialsRepository: Repository, + private readonly environmentService: EnvironmentService, + ) {} + + async enablePostgresProxy( + workspaceId: string, + ): Promise { + const user = `user_${randomBytes(4).toString('hex')}`; + const password = randomBytes(16).toString('hex'); + + const key = this.environmentService.get('LOGIN_TOKEN_SECRET'); + const passwordHash = encryptText(password, key); + + const existingCredentials = + await this.postgresCredentialsRepository.findOne({ + where: { + workspaceId, + }, + }); + + if (existingCredentials) { + throw new BadRequestException( + 'Postgres credentials already exist for this workspace', + ); + } + + const postgresCredentials = await this.postgresCredentialsRepository.create( + { + user, + passwordHash, + workspaceId, + }, + ); + + await this.postgresCredentialsRepository.save(postgresCredentials); + + return { + id: postgresCredentials.id, + user, + password, + workspaceId, + }; + } + + async disablePostgresProxy( + workspaceId: string, + ): Promise { + const postgresCredentials = + await this.postgresCredentialsRepository.findOne({ + where: { + workspaceId, + }, + }); + + if (!postgresCredentials?.id) { + throw new NotFoundError( + 'No valid Postgres credentials not found for this workspace', + ); + } + + await this.postgresCredentialsRepository.delete({ + id: postgresCredentials.id, + }); + + const key = this.environmentService.get('LOGIN_TOKEN_SECRET'); + + return { + id: postgresCredentials.id, + user: postgresCredentials.user, + password: decryptText(postgresCredentials.passwordHash, key), + workspaceId: postgresCredentials.workspaceId, + }; + } + + async getPostgresCredentials( + workspaceId: string, + ): Promise { + const postgresCredentials = + await this.postgresCredentialsRepository.findOne({ + where: { + workspaceId, + }, + }); + + if (!postgresCredentials) { + return null; + } + + const key = this.environmentService.get('LOGIN_TOKEN_SECRET'); + + return { + id: postgresCredentials.id, + user: postgresCredentials.user, + password: decryptText(postgresCredentials.passwordHash, key), + workspaceId: postgresCredentials.workspaceId, + }; + } +} diff --git a/packages/twenty-server/src/engine/core-modules/workspace/workspace.entity.ts b/packages/twenty-server/src/engine/core-modules/workspace/workspace.entity.ts index 12d255ef4..edc141b55 100644 --- a/packages/twenty-server/src/engine/core-modules/workspace/workspace.entity.ts +++ b/packages/twenty-server/src/engine/core-modules/workspace/workspace.entity.ts @@ -19,6 +19,7 @@ import { UserWorkspace } from 'src/engine/core-modules/user-workspace/user-works import { AppToken } from 'src/engine/core-modules/app-token/app-token.entity'; import { UUIDScalarType } from 'src/engine/api/graphql/workspace-schema-builder/graphql-types/scalars'; import { KeyValuePair } from 'src/engine/core-modules/key-value-pair/key-value-pair.entity'; +import { PostgresCredentials } from 'src/engine/core-modules/postgres-credentials/postgres-credentials.entity'; @Entity({ name: 'workspace', schema: 'core' }) @ObjectType('Workspace') @@ -99,4 +100,10 @@ export class Workspace { (billingSubscription) => billingSubscription.workspace, ) billingSubscriptions: Relation; + + @OneToMany( + () => PostgresCredentials, + (postgresCredentials) => postgresCredentials.workspace, + ) + allPostgresCredentials: Relation; }