mirror of
https://github.com/ToolJet/ToolJet
synced 2026-04-21 21:47:17 +00:00
17 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
vjaris42
|
58ba6b8563
|
Enable Git Sync for Datasources, constants and dashboard (#15434)
* feat: Folder permission system * fix(group-permissions): resolve custom group validation, folder edit check, and UI inconsistencie * edit folder container && no folder in custom resource * fix the ui for custom in empty state * fix: coercion logic for folder permissions * feat: enhance folder permissions handling in app components * feat: add folder granular permissions handling in user apps permissions * feat: implement granular folder permissions in ability guard and service * feat: improve error handling for folder permissions with specific messages * feat: enhance EnvironmentSelect component to handle disabled state and improve display logic * chore: bump ee submodules * add basic framework to support platform git * feat: Update permission prop to isEditable in BaseManageGranularAccess component * chore: bump ee server submodule * fix: refine folder visibility logic based on user permissions * feat: enhance MultiValue rendering and styling for "All environments" option * fix:Uniqueness-of-data-source * revert folder changes * fix folder imports * feat: allow app lazy loading feat: import all apps of branches * feat: implement folder ownership checks and enhance app permissions handling * fix:ui changes * feat: update WorkspaceGitSyncModal UI * feat: enhance folder permissions handling for app ownership and actions * chore: clarify folder creation and deletion permissions in workspace context * fix: pull commit button & swtich branch visibility * feat: import app from git repo * fix: freezed state * remove reference of activebranchId * fix linting * fix: update folder permission labels * fixed folder permission cases * fixed css class issue * fix: datasource UI * minor fix * feat: streamline folder permissions handling by removing redundant checks and simplifying access logic * refactor: made error message consistent * fix:ui changes and PR fetching on master * fix: datasource and snapshot creation * fix: app rendering and stub loading * fix: add missing permission message for folder deletion action * refactor: consolidate forbidden messages for folder actions and maintain consistency * fix: allow pull into current branch * fix renaming of tags and reload on branch switch * fix: allow branches import from git * fix:push or tab removed * feat: streamline permission handling and improve app visibility logic * fix: remove default access denial message in AbilityGuard * fixed all user page functionality falky case * feat: add workspace-level PR fetch endpoint (returns all repo PRs without app filtering) * fix: remove app_branch_table * Fixed profile flaky case * fixed granular access flaky case * fix: allow branch creation from tags * fix: update default branch creation logic to use provider config * fix: dso and dsv operations on codebase * fix: constants reloading and refetch org git details on data * uniquness per branch * removed comment * fix: update app version handling and add is_stub column for branch-level tracking * fix workspace branch backfilling for scoped branches * added unique constraint - migration * fix: update app version unique constraint to include branchId for branch-aware handling * fix: update subproject commit reference in server/ee * chore: revert package-lock.json * chore: revert frontend/package-lock.json to main * removed banner and changed migration * minor fix * fix: remove unused import and handle UUID parse error gracefully in AppsUtilService * fix: update app stub checks to safely access app_versions * refactor: revert folder operations * fix: removed branch id logic * fix: ds migration * fix encrypted diff logic * fix: update openCreateAppModal to handle workspace branch lock * fix: subscriber filtering, freeze priority, meta hash optimization, and co_relation_id backfill * feat: add script to generate app metadata from app.json files * fix: meta script fix: backfilling of co-realtion-ids * refactor: streamline parameter formatting in workspace git sync adapter methods * Improves data source handling for workspace git sync Fixes workspace git sync to properly recognize data sources across branches by improving correlation ID handling and branch-aware data source version creation. Uses strict equality comparison in deep equal utility to prevent type coercion issues. Excludes credential_id from data source comparison to prevent unnecessary save button states. Removes is_active filter from branch data source queries to include all versions for proper synchronization. * refactor: update branch switching logic and improve error handling for data source creation * fix: migration order * 🚀 chore: update submodules to latest main after auto-merge (#15628) Co-authored-by: gsmithun4 <3417097+gsmithun4@users.noreply.github.com> * chore: update version to 3.21.8-beta across all components * fix:import app from device * fix:ui Edit&launch,folderCopy,branching dropdown in apps and ds * fix:encrypted helper text on master * fix: import from git flow * logs cleanup * fix:migration-datasource-uniqueness * fix: app on pull * chore: update server submodule hash * fix: corelation-id generation and version naming * fix: last versions deletion error fix: no multiple version creation * fix:ui and toast * chore: update server submodule hash * feat: add branch handling for app availability and improve error handling * fix: update encrypted value handling in DynamicForm and improve workspace constant validation logic * fix: improve formatting of help text in DynamicForm and enhance error message for adding constants on master branch * fix: correct version creation and pull in default branch * chore: update server submodule hash fix: remove logs from other PR * fix:data source uniquness at workspace level * fix: update header component logic for path validation and improve version import handling * chore: update server submodule to latest commit * fixed folder modal changes * fix:failed to create a query error inside apps * feat: add branchId support for data source versioning in app import/export service * fix: push & pull of tags and versions * fix: update subproject commit reference in server/ee * fix:removed gitSync logic from module rename * fix:removed switchbranch modal & allowed renaming from masted module&workflow creation * chore: Update server submodule hash * fix: change stub button to edit * refactor/git-sync-remove-modules-workflows * fix:version name for module and workflo w * fix:templet app creation * fix: add author details for branch --------- Co-authored-by: gsmithun4 <gsmithun4@gmail.com> Co-authored-by: Pratush <pratush@Pratushs-MBP.lan> Co-authored-by: Shantanu Mane <maneshantanu.20@gmail.com> Co-authored-by: parthy007 <parthadhikari1812@gmail.com> Co-authored-by: Yukti Goyal <yuktigoyal02@gmail.com> Co-authored-by: Muhsin Shah <muhsinshah21@gmail.com> Co-authored-by: Adish M <44204658+adishM98@users.noreply.github.com> Co-authored-by: gsmithun4 <3417097+gsmithun4@users.noreply.github.com> Co-authored-by: Parth <108089718+parthy007@users.noreply.github.com> |
||
|
Akshay
|
16567c198f
|
Feature: Custom domains support for Cloud edition (#15228)
* feat(custom-domains): add custom domains module for Cloud edition Full-stack implementation of custom domains feature: - Backend: entity, migration, repository, CE module stubs, DTOs, ability/guard - Backend: CloudFeatureGuard on all EE endpoints (Cloud-only) - Frontend: API service, Zustand store, ManageCustomDomainPage - License gating via LICENSE_FIELD.CUSTOM_DOMAINS - Cloudflare Custom Hostnames API integration (EE provider) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(custom-domains): add CORS, cookie, scheduler, and e2e tests - Dynamic CORS origin with 5-min cache for custom domain support - Cookie SameSite=None when ENABLE_CUSTOM_DOMAINS is set - Status polling scheduler for pending Cloudflare domain verification - E2e test suite with Polly.js record/replay for cloud edition - UI layout fix for custom domain settings page Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(custom-domains): add frontend domain detection and routing - Add isCustomDomain() helper to detect non-TOOLJET_HOST hostnames - Resolve custom domain to workspace in authorizeWorkspace before session validation - Resolve custom domain in AuthRoute for login page org config - Load organization relation in findActiveDomain repository query - Update e2e test to verify organizationSlug in resolve response Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat: make all URLs custom-domain-aware When a workspace has a custom domain configured, all generated URLs (emails, SSO redirects, share links, settings pages) now use that domain instead of TOOLJET_HOST. Licensing: - Add customDomains getter to LicenseBase with plan-level defaults - Register LICENSE_FIELD.CUSTOM_DOMAINS in license helper - Add customDomain to features response for frontend access - Add customDomains to Terms interface Frontend: - Make getHostURL() custom-domain-aware using isCustomDomain() - Replace 14 inline TOOLJET_HOST references with getHostURL() (SSO modals, OAuth callbacks, invite links, app URLs, etc.) Backend: - Add CustomDomainCacheService (Redis-backed, 5-min TTL) - Add findActiveByOrganizationId() to repository - Add optional host param to generateInviteURL/generateOrgInviteURL - Add getHostForOrganization() helper for resolving org domains - Inject cache service into EmailService and OauthService Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore: remove unvalidated custom domains e2e test Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: add customDomains feature flag to cloud license terms Update ee submodule — adds customDomains to OrganizationPaymentService so Pro plan correctly gets false and Team plan gets true. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat: extend VerifyDomainResult interface with additional properties * feat: move custom domain from workspace settings to instance settings Update frontend/ee submodule to move the custom domain page out of workspace settings and into instance settings sidebar for both cloud and EE editions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: align custom domain buttons with white labelling and Figma design Update frontend/ee submodule - cancel button always clickable, test connection button sizing matches Figma (14px font, 6px radius), save button pattern matches white labelling exactly. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat: add CSRF origin check middleware with Sec-Fetch-Site hardening Add setupCsrfOriginCheck middleware that validates Origin headers on mutation requests when custom domains are enabled. Rejects requests from origins not matching TOOLJET_HOST or active custom domains. Tightens the null-Origin fallback using Sec-Fetch-Site: browser requests with no Origin but Sec-Fetch-Site: cross-site are now blocked, closing the stripped-Origin CSRF attack vector while keeping cURL/Postman/server-to-server calls unaffected. Also removes the in-memory CORS origin cache in favour of direct DB lookups via fetchCustomDomainOrigins. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat: register CSRF origin check middleware in bootstrap Wire up setupCsrfOriginCheck in the application bootstrap so the middleware is active when custom domains are enabled. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: guard sameSite=none cookies with HTTPS check sameSite=none requires secure=true, which browsers reject on plain HTTP. Add isHttpsEnabled() guard so custom domain cookie settings only apply over HTTPS, preventing broken sessions in local dev. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: redirect to main host on custom domain workspace mismatch When a custom domain resolves to a different workspace than the URL slug, or when domain resolution fails with no slug fallback, redirect to TOOLJET_HOST instead of showing a broken state. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore: add custom domain dev server hints and update lockfile Add commented-out webpack devServer options for testing custom domains locally (host binding, allowed hosts, cache-control). Update lockfile. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat: load Pyodide from CDN for cloud builds For cloud (Cloudflare Pages) builds, load Pyodide from jsDelivr CDN instead of bundling the 823MB local copy, avoiding the 25MB per-file limit. Self-hosted/airgapped builds continue using the local bundle. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore: update ee submodule for custom domain workspace URL fix Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore: update ee submodule for custom domain input fixes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore: update ee submodule for custom domain dark mode fixes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore: update ee submodule for connection test toast and auto-reset Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: add pre/post build hooks for cloud frontend build Add prebuild:frontend:cloud and postbuild:frontend:cloud lifecycle hooks to install devDependencies (webpack, html-webpack-plugin, etc.) before the cloud build and prune them after, matching the existing build:frontend pattern. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: CSRF origin check fails closed on DB error Previously, if fetchCustomDomainOrigins() threw (DB down, connection timeout), the .catch(() => next()) silently bypassed all CSRF protection. Now blocks the request with 403 instead. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: stale custom hostname cleanup and license deadlock on delete/status Remove license gate from DELETE, GET, STATUS endpoints so admins can always view and remove custom domains even after license expiry. Add scheduled cleanup job that removes stale pending domains from both Cloudflare and DB after a configurable TTL (default 2 days). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: Cloudflare error handling — config validation, 404 tolerance, status mapping - Update IDomainProvider interface: getHostnameStatus returns null on 404 - Update CE stub to match interface - Add sslStatus mapping to scheduler (matching provider's mapSslStatus) - Expand scheduler statusMap with active_redeploying and blocked - Allow null sslStatus in VerifyDomainResult type - Update ee submodule Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: update server/ee submodule — correct guard order on custom-domains Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: update frontend/ee submodule — workspace login URL uses custom domain Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: update server/ee submodule — OIDC redirect uses custom domain host Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat: route workspace switch to target custom domain When switching between workspaces with different custom domains, the URL now navigates to the target workspace's custom domain instead of staying on the current origin or falling back to TOOLJET_HOST. Backend enriches GET /api/organizations with custom_domain (batch query, Cloud edition only). Frontend reads it and applies 3-way routing: custom domain redirect, fallback to base domain, or same-origin switch. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: email links use custom domain instead of default TOOLJET_HOST EmailModule was missing the CustomDomainsModule import, so CustomDomainCacheService was never injected (always undefined due to @Optional). All email URLs fell back to process.env.TOOLJET_HOST. Additionally, several email event emissions were missing organizationId in their payloads, preventing custom domain lookup even with proper DI. Changes: - Import CustomDomainsModule in EmailModule for DI wiring - Pass organizationId in forgotPassword email payload - Pass organizationId in 5 onboarding welcome-email payloads Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: block custom domain access after plan downgrade to Pro - Frontend: always redirect to TOOLJET_HOST when custom domain resolve fails (removes slug-based fallthrough that allowed bypassing the check) - Frontend: extract redirectToMainHost() helper, add console.error logging - Update server/ee submodule with license check in resolveCustomDomain Closes #15228 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: proxy API through Cloudflare Worker to fix incognito sign-in on custom domains Incognito browsers block third-party cookies, causing silent sign-in failure on custom domains where the frontend origin differs from the API server. Three changes: - Frontend: override config.apiUrl to /api on custom domains so requests route through the Cloudflare Worker proxy (first-party) - Worker docs: add API/WebSocket proxy to the Cloudflare Worker with proper forwarding headers and 502 fallback - server/ee submodule: add ENABLE_CUSTOM_DOMAINS guard to OIDC cookie Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: update frontend/ee submodule — prefill default domain on clear Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: compare hostnames not origins for custom domain API proxy override The origin comparison (`localhost:3000` vs `localhost:8082`) triggered the proxy rewrite in local dev, routing API calls to webpack dev server which returned index.html instead of JSON — breaking app initialization. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: update server/ee submodule — pass customDomainRepository to EE OrganizationsService Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * revert: remove "prefill default domain on clear" from custom domains Reverts the frontend/ee submodule from a21b75aed back to e8191629e. Showing a pre-filled default domain when the input is empty implies the user owns that domain, which is misleading. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: harden custom domains — CORS caching, error handling, scheduler guards, and frontend safety PR review fixes for #15228: Backend: - Cache CORS/CSRF custom domain origins in-memory (30s TTL) to avoid per-request DB queries - Normalize TOOLJET_HOST (strip trailing slash) before origin comparison in CORS and CSRF middleware - Add ENABLE_CUSTOM_DOMAINS guard to scheduler handleCron (was only on handleStaleCleanup) - Log Cloudflare API errors in scheduler instead of silently continuing - Fix scheduler stale cleanup TOCTOU: mark domain deleted before remove() - Invalidate Redis cache after scheduler status transitions and stale cleanup - Add Redis error handler, connectTimeout, and try-catch with DB fallback in cache service - Add comment explaining CSRF exempt paths rationale - Import CustomDomainsModule in AuthModule for @Optional() cache injection - Remove dead 'no_records' variant from VerifyDomainResult.dnsStatus - Update server/ee submodule (rate limiting, TOCTOU fix, DNS logging, auth response) Frontend: - Guard SwitchWorkspacePage against undefined TOOLJET_HOST - Add console.error in isCustomDomain() and redirectToMainHost() for config issues - Defensively strip protocol prefix in getTargetDomainURL() - Add redirect-to-custom-domain logic in authorizeWorkspace with cooldown - Enable webpack dev server proxy for custom domain local testing Docs: - Fix Cloudflare proxy statement: applies to any CF-hosted domain, not same-account Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: update server/ee submodule — OIDC redirect_uri uses request origin for custom domains Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: prevent flash of base-domain UI during custom domain redirect - Move redirect check before setUser()/setOrganization() store updates so no authenticated UI (avatar, org name) renders on the base domain - Remove no-op clearRedirectAttempt() on custom domain — sessionStorage is origin-scoped so it can't clear the base domain's flag; the cooldown expires naturally after REDIRECT_COOLDOWN_MS Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: remove ThrottlerGuard from custom domain resolve endpoint Update server/ee submodule — ThrottlerGuard on the resolve endpoint caused a NestJS dependency crash (THROTTLER:MODULE_OPTIONS missing in CustomDomainsModule). CloudFeatureGuard is sufficient protection for this unauthenticated, cloud-only endpoint. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: extract applyCustomDomainCookieOptions, fix org list for super admins - Extract duplicated cookie SameSite/Secure logic into shared applyCustomDomainCookieOptions() helper - Replace 3 inline copies (session util x2, OIDC service) with one-liner calls - Rename customDomain → custom_domain in OrganizationWithPlan for consistent API casing - Refactor fetchOrganizations so super admins also get license/custom domain enrichment - Add @Req() param to OpenID redirect controller for custom domain host detection - Update server/ee submodule Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: remove dead verifyDomain from IDomainProvider, fix cookie type - Remove verifyDomain() from IDomainProvider interface and all implementations (service does inline DNS resolution, method was never called) - Fix applyCustomDomainCookieOptions type: sameSite accepts string | boolean - Update server/ee submodule Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * revert: remove dev-only webpack proxy and host overrides for custom domains Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore: remove internal custom domains Cloudflare setup doc Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: rename 'Workspace ID' label to 'Workspace URL' on custom domain page Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: match custom domain save button loading style with whitelabelling Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: reduce custom domain redirect cooldown from 5 minutes to 10 seconds Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: strip trailing slash from TOOLJET_HOST in URL helpers Prevents double-slash URLs when TOOLJET_HOST is configured with a trailing slash (e.g. `https://example.com/` → `https://example.com//error/404`). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: strip trailing slash from TOOLJET_HOST in workspace switchers Same defensive fix as the URL helpers — raw TOOLJET_HOST concatenation in SwitchWorkspacePage and BaseOrganizationList could produce double-slash URLs when the host has a trailing slash. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(custom-domains): add rebuildOriginsSet/getOriginsSet to cache service Stores active custom domain origins in a Redis Set for cross-pod CORS/CSRF consistency. rebuildOriginsSet uses a pipeline (DEL + SADD + EXPIRE) for atomicity. getOriginsSet returns null on empty/error so callers can fall back to DB. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(custom-domains): use Redis for CORS/CSRF origins in middleware fetchCustomDomainOrigins now reads from Redis Set first, falls back to DB. Local cache TTL reduced from 30s to 5s. Both setupCsrfOriginCheck and setSecurityHeaders lazily capture CustomDomainCacheService via a shared tryGetCacheService helper (DRY, CE-safe with strict: false). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(custom-domains): rebuild Redis origins set in scheduler and EE service Status poll, stale cleanup, and all EE domain lifecycle operations now trigger rebuildOriginsSet() so CORS origins stay consistent after background status changes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(custom-domains): seed Redis CORS origins set on startup Ensures the origins set is populated immediately when the server starts, before any CORS/CSRF checks are needed. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(custom-domains): increase Redis origins TTL and fix success logging Raise ORIGINS_TTL_SECONDS from 300s to 700s so the key outlasts the 10-minute scheduler interval (avoids sustained DB fallback). Skip the success log when individual pipeline commands fail. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(custom-domains): add Redis pending-flag methods to cache service Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(custom-domains): gate scheduler polling behind Redis pending flag Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(custom-domains): set pending flag on domain creation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(custom-domains): resolve redirect loop between base and custom domain After login, excludeWorkspaceIdFromURL stripped the workspace slug from the redirect URL, producing bare paths like /home. On the custom domain, getWorkspaceIdOrSlugFromURL then misinterpreted 'home' as a workspace slug, triggering redirectToMainHost and creating an infinite loop. - Re-prepend workspace slug to the custom domain redirect URL - Always trust the resolved slug on custom domains (1:1 mapping) - Remove mismatch guard in AuthRoute that redirected back to main host Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(custom-domains): session transfer token + OAuth redirect_uri fix Two problems with the custom domain redirect flow: 1. Session lost on redirect: tj_auth_token cookie is domain-scoped — doesn't follow the user from gcpstage.tooljet.ai to app.company.com. Added a one-time Redis transfer token (30s TTL, GETDEL atomic) — the frontend creates a token, redirects to /api/session/transfer on the custom domain, the CF Worker proxies to the backend which sets the cookie as first-party via 302. 2. OAuth redirect_uri mismatch: Google/OIDC redirect_uri used the custom domain hostname via getHostURL()/resolveRedirectHost(). If the IdP doesn't have the custom domain registered, auth fails. Now always use TOOLJET_HOST for redirect_uri. Session transfer handles the hop to the custom domain after auth. Changes: - Add CE session-transfer module stubs (SubModule pattern) - Add frontend session-transfer service - Update authorizeWorkspace.js: transfer token flow replaces direct redirect - Update GoogleSSOLoginButton.jsx: use TOOLJET_HOST for redirect_uri - Register SessionTransferModule conditionally for Cloud edition in AppModule Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(custom-domains): update server/ee submodule — restore OIDC redirect_uri resolution Points to server/ee commit that restores request-origin based redirect_uri for OIDC, supporting both base domain and custom domain IdP registrations. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(custom-domains): add session transfer to workspace switching Use session transfer tokens for cross-domain workspace switches so the auth cookie is set on the target domain. Passes target org ID in the token to land on the correct workspace immediately. - Extract useSessionTransferRedirect hook (shared debounce + redirect) - Add TOOLJET_HOST null guard in BaseOrganizationList - Debounce new-tab opens with 500ms cooldown Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(custom-domains): defer HttpClient host resolution to request time HttpClient eagerly captured config.apiUrl at module load time, before index.jsx overrides it to '/api' on custom domains. This caused tooljet-db, comments, and plugins services to make cross-origin requests directly to the backend, bypassing the CF Worker proxy. The cookie (scoped to the custom domain) wasn't sent, resulting in 401s and an infinite reload loop. Use a lazy getter so config.apiUrl is read at request time. Also convert marketplace.service.js to use hostFn callback for the same lazy resolution. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(custom-domains): cross-domain logout — clear base domain session Logging out from a custom domain only killed the custom domain's session. The base domain session survived, causing authorizeWorkspace to re-authenticate the user via session transfer. Two fixes: 1. clearCookie now passes matching cookie options (sameSite, secure, httpOnly) so the browser actually deletes the cookie 2. Frontend makes a parallel cross-origin logout call to the base domain when on a custom domain (works because cookies are sameSite=none and CORS allows custom domain origins) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(custom-domains): use base domain for workspace creation on custom domains When creating a workspace from a custom domain, the workspace link preview incorrectly showed the custom domain URL and the post-creation redirect stayed on the custom domain (which is bound to a different workspace). Now the link preview always shows TOOLJET_HOST and the redirect uses session transfer to carry auth to the base domain. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(custom-domains): update ee-frontend submodule — SSO redirect URLs Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor(custom-domains): reuse getBaseHostURL() in workspace creation redirect Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(custom-domains): update ee-frontend submodule — SAML ACS URL fix Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(custom-domains): SAML SSO custom domain support + update server/ee submodule Update CE interfaces and base classes to accept optional host/requestHost parameters for SAML custom domain resolution. Updates server/ee submodule with the full SAML custom domain fix. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(custom-domains): update ee-frontend submodule — hide custom domain for non-cloud Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(custom-domains): update server/ee submodule — SAML audience mismatch fix Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(custom-domains): update server/ee submodule — SAML issuer fix + error handling Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(custom-domains): update submodules — SAML ACS URL fix for all topologies - server/ee: Add #resolveBackendBaseUrl() fallback chain for ACS URL; only pass host override for custom domains - frontend/ee: Show correct backend-derived ACS URL in SAML modal Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
Johnson Cherian
|
ea82f7b31c
|
Release: Appbuilder Sprint 19 (#14671)
* feat: refactor AppHistory module imports and add new services and guards * Fix: Vertical page menu minor enhancements * feat: add stream history feature and update related permissions and constants * feat: add AppStateRepository to AppHistoryModule imports and providers * feat: add NameResolverRepository to AppHistoryModule imports and providers * feat: implement NameResolverRepository and NameResolverService for component and page name resolution * feat: remove QueueHistoryIntegrationService and update AppHistoryModule to reflect changes * feat: update AppHistoryModule and AppHistoryRepository with new methods and refactor imports * feat: refactor AppHistoryModule and related services to streamline name resolution and history capture * feat: add AppStateRepository and HistoryQueueProcessor, refactor AppStateAggregatorService to utilize repository methods * feat: rename methods in AppStateRepository for clarity and update AppStateAggregatorService to reflect changes * feat: refactor history capture logic to use synchronous execution and improve error handling across services * Fix: Mobile view page menu UI enhancements * feat: enhance ability guards and repository methods for app history validation * Update submodule references * Migrate to shadcn sidebar component * plan * Fix: Components not getting pasted at correct position if user scrolled and pasted inside container components * Fix: Group components not getting pasted at correct position horizontally inside container components * POC for removing overlap prevention logic if not enough space present, incase user clicks somewhere to respect click position * Update frontend/src/AppBuilder/AppCanvas/Container.jsx Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * modules and customGroup * feat: enhance AppHistoryModule registration with isMainImport flag * feat: update settings method to queue history capture after successful update * chore: update subproject commit reference in frontend/ee * feat: add function to delete app history for structural migrations * Refactor imports and enhance code organization across multiple files - Updated import paths to reflect the new directory structure in TooljetDatabase and AppBuilder components. - Consolidated utility functions in appUtils.js, removing redundant code and improving readability. - Enhanced error handling and state management in dataQueriesStore and resolverStore. - Added Bundle Analyzer plugin to webpack configuration for better performance insights. - Improved chunking strategy in webpack to optimize loading of libraries and components. - Refactored ErrorBoundary imports to maintain consistency across UI components. * feat: enhance UI components with new icons and styling adjustments * refactor: remove unused components and icons from QueryManager - Deleted QueryManagerHeader component and its associated logic. - Removed SuccessNotificationInputs component and its functionality. - Eliminated Transformation component and related code. - Deleted BreadcrumbsIcon, CreateIcon, PreviewIcon, RenameIcon, RunIcon, and ToggleQueryEditorIcon. - Updated imports in appUtils.js to reflect new icon paths. * Refactor editorHelpers and utils: Remove unused functions and imports, streamline background update logic, and adjust state handling. Comment out or delete handleReferenceTransactions and related logic in various stores to simplify data flow and improve maintainability. * Refactor queryPanelStore and storeHelper by commenting out unused imports and code. This cleanup improves code readability and maintainability. * builder roggle * role name * revert: Reverted the lazy loading changes * revert: Reverted the changes on App & AppRoute * Fix: Inside side effects, get the correct canvas element, disable page scrolling and reposition modal container when modal is opened * Fix: Use the side effects when modal is opened and closed * Update submodule references * struct * fix * sus * field fix * create app btn * fix: Corrected zustandDevTools enabled option logic * module visible * refactor: update license validation logic and improve feature access checks * app module * feat: Added modules support for public apps * update ee-frontend submodule ref * Enhance: Vertical page menu default styles * refactor: migrate license management to a new store and update related components * workflow enabled * feat: integrate license validation into Viewer component and remove deprecated license check * Revert "feat: integrate license validation into Viewer component and remove deprecated license check" This reverts commit |
||
|
Rudhra Deep Biswas
|
63cf3e0d48
|
Support for SCIM (#14538)
* Implement SCIM module with user and group management features * Add SCIM module with user and group management features * init * working * extend * feature key * scim auth guard * sus * default org * sus * fix: replace body-parser with NestJS json parser for SCIM routes --------- Co-authored-by: gsmithun4 <gsmithun4@gmail.com> |
||
|
Rohan Lahori
|
9a2f35447b
|
Merge pull request #14259 from ToolJet/feature/hubspot-crm-support-api
Feature/hubspot crm support api |
||
|
gsmithun4
|
7ccb85fb5b | chore: update version to 3.20.0-lts and enhance metrics controller with guards | ||
|
Rohan Lahori
|
46db9080ef
|
P1 and P2 issue fixes PR (Platform) (#13697)
* dashboard ui change for mobile devices * feature config fix * empty state container changes (adds a minor fix for workflow also) * removed organization-environment api support from frontend * ldap multi ou related changes * fixed naming for audit logs key for app-git * fixed favicon issue showing tooljet logo |
||
|
Midhun G S
|
0c5ab3484c
|
Platform LTS Final fixes (#13221)
* Cloud Blocker bugfixes (#13160) * fix * minor email fixes * settings menu fix * fixes * Bugfixes/whitelabelling apis (#13180) * white-labelling apis * removed consoles logs * reverts * fixes for white-labelling * fixes * reverted breadcrumb changes (#13194) * fixes for getting public sso configurations * fix for enable signup on cloud * Cloud Trial and Banners (#13182) * Cloud Blocker bugfixes (#13160) * fix * minor email fixes * settings menu fix * fixes * Cloud Trial and Banners * revert * initial commit * Added website onboarding APIs * moved ai onboarding controller to auth module * ee banners * fix --------- Co-authored-by: Rohan Lahori <64496391+rohanlahori@users.noreply.github.com> Co-authored-by: gsmithun4 <gsmithun4@gmail.com> * Bugfixes/minor UI fixes-CLoud (#13203) * Bugfixes/UI bugs platform 1 (#13205) * cleanup * Audit logs fix * gitignore changes * postgrest configs removed * removed unused import * improvements * fix * improved startup logs * Platform cypress fix (#13192) * Cloud Blocker bugfixes (#13160) * fix * minor email fixes * settings menu fix * fixes * Bugfixes/whitelabelling apis (#13180) * white-labelling apis * removed consoles logs * reverts * fixes for white-labelling * fixes * Cypress fix * reverted breadcrumb changes (#13194) * cypress fix * title fix * fixes for getting public sso configurations --------- Co-authored-by: Rohan Lahori <64496391+rohanlahori@users.noreply.github.com> Co-authored-by: gsmithun4 <gsmithun4@gmail.com> * deployment fix * added interfaces and permissions * Bugfixes/lts 3.6 branch 1 platform (#13238) * fix * Licensing Banners Fixes Cloud and EE (#13241) * design: Adds license buttons to header * Refactor header actions * Cloud Blocker bugfixes (#13160) * fix * minor email fixes * settings menu fix * fixes * subscription page * fix banners --------- Co-authored-by: Nithin David Thomas <1277421+nithindavid@users.noreply.github.com> Co-authored-by: Rohan Lahori <64496391+rohanlahori@users.noreply.github.com> * fix for public apps * fix * CE Instance Signup bug (#13254) * CE Instance Signup bug * improvement * fix * Add WEBSITE_SIGNUP_URL to deployment environment variables * Add WEBSITE_SIGNUP_URL to environment variables for deployment * Super admin banner fix (#13262) * Git Sync Fixes (#13249) * git-sync module changes * git sync fixes * added app resource guard * git-sync fixes * removed require feature * fix * review comment changes * ypress fix * App logo fix inside app builder * fix for subpath cache * fix (#13274) * platform-cypress-fix (#13271) * git sync fixes (#13277) * fix * Add data-cy for new components (#13289) --------- Co-authored-by: Rohan Lahori <64496391+rohanlahori@users.noreply.github.com> Co-authored-by: Rudhra Deep Biswas <98055396+rudeUltra@users.noreply.github.com> Co-authored-by: Ajith KV <ajith.jaban@gmail.com> Co-authored-by: Nithin David Thomas <1277421+nithindavid@users.noreply.github.com> Co-authored-by: rohanlahori <rohanlahori99@gmail.com> Co-authored-by: Adish M <adish.madhu@gmail.com> Co-authored-by: Rudra deep Biswas <rudra21ultra@gmail.com> |
||
|
Midhun G S
|
90e7c4cab9
|
Cloud licensing related changes (#13033)
* added all pending cloud migration * restrict cloud migrations * added cloud data-migrations * Added cloud entities * keep tables across all * cloud licensing initial changes * fix * payments module * license counts updates * update * Added all pending cloud migration to pre-release + Payments module (#13006) * added all pending cloud migration * restrict cloud migrations * added cloud data-migrations * Added cloud entities * keep tables across all * payments module * license counts updates * update * migration fixes * pass orgId * movement * added cloud instance settings * org id to license terms * before merge * dockerfile changes for cloud * migration fixes * subscription * merge main * posthog-js package * fix * selhostcustomer migration timestamp update * fix * fixes * fix * fix * Adding cloud dockerfile changes * migration fix * fix * fix * fix * fixes * added migration progress * fix * added migration files for cloud * fix * added migrations for cloud * add organizationId for pages controller * fixes for plugins script * fix * final * added cloud licensing envs * UI WRAPPER BUG * fix * orgId groups fix * lint check fixes * Refactor Dockerfiles to use dynamic branch names for builds * Feature/promote release permission management (#13020) * migration and entity changes * removed extra migration * added default group permissions * basic ui changes * added promote and release permissions * fixed tooltips for promote and release buttons * fix * fixed app promote ability check * ce compatibility ui change * ui fixes * removed console.log * removed comments * updated ee-preview.Dockerile * using base img node:22.15.1-bullseye * fix for ce render * Update ce-preview.Dockerfile * Update ee-preview.Dockerfile * ui fix * fix * fixes * fixes * fixes * fixes * minor fixes * fix --------- Co-authored-by: Souvik <psouvik260@gmail.com> Co-authored-by: Adish M <44204658+adishM98@users.noreply.github.com> * Bugfix/git sync pre release (#13098) * bugfixes * ui fixes for disabled states in version creation * minor fixes * removed unused imports * fixes * removed comments * module file fixes * module fixes * white-labelling fixes * login-configs * fix for migration for ce * Fix for app count guard (#13131) * fix for app count guard * added check * for debug * license key * Modules : Platform Functionality (#12994) * init * mod * app import-export * licensing and UI * review and permissions * update * updates * update * update * fix breadcrumb * fix app builder error * remove launch button for modules * fixed homepage * fix permission check --------- Co-authored-by: platform-ops123 <platformops545@gmail.com> Co-authored-by: gsmithun4 <gsmithun4@gmail.com> * reverted logs * tjdb guard and dark mode (#13137) * ui fixes * added modules module * removed unused imports * fix * fix * Cypress fix * fixes for cloud instance level licensing (#13146) --------- Co-authored-by: platform-ops123 <platformops545@gmail.com> Co-authored-by: Rudra deep Biswas <rudra21ultra@gmail.com> Co-authored-by: Adish M <adish.madhu@gmail.com> Co-authored-by: Rudhra Deep Biswas <98055396+rudeUltra@users.noreply.github.com> Co-authored-by: Vijaykant Yadav <vjy239@gmail.com> Co-authored-by: Rohan Lahori <64496391+rohanlahori@users.noreply.github.com> Co-authored-by: Souvik <psouvik260@gmail.com> Co-authored-by: Adish M <44204658+adishM98@users.noreply.github.com> Co-authored-by: rohanlahori <rohanlahori99@gmail.com> Co-authored-by: ajith-k-v <ajith.jaban@gmail.com> |
||
|
Rudhra Deep Biswas
|
b426993253
|
Moving Git Module to Pre-Release (#12852)
* init
* ee git-sync
* dependancies
* added octokit depedencies to server directory
* module fixes
* fixes
* fixes
* pull app changes fix
* ability factory fixes
* code restructuring changes
* added gitlab backend changes
* app git module fixes
* module file changes
* added logo images
* migration
* migration
* migration changes
* added migration to remove enabledflag from parent table
* provider and migration fixes
* removed comments
* revert appimport export changes
* Revert "revert appimport export changes"
This reverts commit
|
||
|
johnsoncherian
|
45e945d4c4 | Merge branch 'main' into appbuilder/sprint-11 | ||
|
Rudhra Deep Biswas
|
64a4eb3f9e
|
External API Modularisation (#12627)
* init * util * external api |
||
|
Midhun G S
|
eb33e543fe
|
fix for audit logs (#12622) | ||
|
devanshu052000
|
45d38b3f6e | Created the base for app-permissions module. | ||
|
Midhun G S
|
b55490493d
|
Post modularization fixes (#12420)
* [white-labelling] Logo related pending issues (#12243) * Working on refactoring and fixing white-labelling for modularisation * Working on fixes * Fixed: app builder logo issue * Refactored default state behaviour * Removed console logs * Added workspace slug * Adding single image changes from ee lts (#12272) (#12285) Co-authored-by: Adish M <44204658+adishM98@users.noreply.github.com> * Moving Vulnerability CI from EE (#12288) * CE modularisation bugs (#12278) * Working on refactoring and fixing white-labelling for modularisation * Working on fixes * Fixed: app builder logo issue * Refactored default state behaviour * Removed console logs * Added workspace slug * Fixed: Able to update group name with space * Adding single image changes from ee lts (#12272) * Fixed: Able to add a user 2 times to the group * Fixed: Builder isn't able to datasiurces * Fixed: updated the builder check * Refactored the changes --------- Co-authored-by: Adish M <44204658+adishM98@users.noreply.github.com> * Add data-cy for components in modularisation branch (#12296) * [modularisation-bugs] Fixing rest of the priority bugs (#12301) * Fixed: custom logout url issue * Fixed: fixed all workspace redirection issue * Fixed: made the datsource access same for ce and ee-basicplan builders * Fixed: sample db connection issue * Fixed: sample database query issue * Fixed: page isn't showing the organization list for user whose current organization is archived * Fixed: granular permission datasource page * remove license check for oidc login --------- Co-authored-by: Muhsin Shah C P <muhsinshah21@gmail.com> Co-authored-by: Adish M <44204658+adishM98@users.noreply.github.com> Co-authored-by: Ajith KV <ajith.jaban@gmail.com> Co-authored-by: Anantshree Chandola <anantshreechandola23@gmail.com> |
||
|
Muhsin Shah C P
|
d275a8ac58
|
[fix/modularisation] Fixed the white-label store helper issue and changed EDITION to TOOLJET_EDITION (#12044)
* Fixed: Changed EDITION to TOOLJEET_EDITION and fixed ee frontend helper file issue * Changed the edition env in docker files |
||
|
gsmithun4
|
269ec56455 | Initial commit |