* Use random id instead of os.hostname
* Remove unused import
* add eventLockKey
* add eventLockKey
* Check for expiry when acquiring lock (wip)
* Add cron interval config
* Add timeout functionality to process events
* Fix index value overwrite
* Fix bulk delete
* Remove console.log
* directory sync add cron
* Refactor event processing and add cron scheduling
* Remove await
* Refactor directory sync worker
* Remove unused import statement
* Fix lockKey initialization in EventProcessor constructor
* cleanup
* take a callback for DSync as NPM option (WIP)
* Fix the unit test
* Fix the webhooks test
* Remove unused import statement
* Fix type
* fixed cron, cleaned up x-access-token. TODO: Fix webhooks batch cron
* grouped dsync index names in one place
* ensure the cron ticks regularly, use setInterval instead of setTimeout
* do the renewal inside EventLock
* lint fix
* improved locking and added check for lock in Google dsync cron
* locking per cron
* refactor
---------
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* docs: update README
This proposes an updated README which is reformatted and also includes a walkthrough to get SAML Jackson up and running quickly.
* changes based on review feedback
* Update .env.example
* Update .env.example with 32 for nextauth
* simplify setup by skipping migrations
* link to README
* clarifying comment
* add line instructing the user to log in using configured credentials
* remove docker line
* README cleanup
* cleanup
* MacOS > macOS
* remove reference to migrations
* typo
* fix grammar
* fix grammar
* updates to README
* update admin portal login options
* fix typos
* tweaks
* small typo fixes
* Update CONTRIBUTING.md
---------
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* Default should be true, opt-in via JacksonOption
* Add new env to example file
* Omit profile scope if opted out
* Type update
* Service env processing
* Sync package locks
* Add unit tests
* Update google SCIM authz options
* Sync lock file
* Remove the old option support, should reflect in typings
* Fix failing test
* Sync lock file
* Include google_authorization_url in directory response
* Update internal-ui to use url from directory config
* Update component usage in Jackson UI
* Cleanup example env
---------
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* WIP
* Support OIDC connections
* update connection using project revision
* working connections
* look up product config if boxyhqHosted
* fixed function return
* lint fix
* crash fix
* tweak name of org
* updated package-lock
* isEnabled is private
---------
Co-authored-by: Aswin V <vaswin91@gmail.com>
* Make entity ID read-only
* Update swagger.json
* Add validation to check if an app with the same tenant and product already exists
* Fix error message for duplicate app creation
* Update API handler to use PATCH method instead of POST
* Add product branding support
* Refactor product controller
* Refactor branding and product fetching logic
* Update setup link branding
* Revert
* Fix ProductConfig interface
* display toast and adjust the width of the content
* Login with email and password
* Find the admin credentials that match the email and password
* tweaks
* replace <a> with <button>
* renamed env var, added docs to .env.example
* updates based on the feedback
* hide/show the login methods based on whether they have been enabled or not.
* tweaked text
---------
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* env, login button & translations
* added setting in sidebar
Added login with sso button
Added connection create form in settings
* added new pages for Self SSO connection CRUD
* Fixed Self SSO issue
* Use @boxyhq/react-ui component for SSO
* `await` on method instead of class
* Fix import
* Set fields to non-editable for settings view
* Tweak for settings view
* Add link for settings in sidebar
* Take in admin SSO defaults from env
* Tweak edit page for settings view
* Remove `NEXT_PUBLIC` prefix
* Switch back to getSSP from getStaticProps
* Sync lock file
* Set defaults in env
* Filter out admin sso tenant/product
* Load admin SSO tenant/product
* Update heading
* Fix back link
* Use latest published version
* Set `clientId` to dummy in provider init
* Use the defaults from env
* Fix redirectUrl after savingConnection for settingsView
* Use `isLoading` from SWR
* Fix settings view url for mutation and redirect in Edit
* Replace api route path
* Use rewrite instead of router.push and other tweaks
* Reuse `ConnectionList` for settings
* Use pagination query params in settings api
* Import styles from sdk
* Fix failing build
* Use latest version
* - Display badge for system sso connections
- Reuse admin connection for retrieving system sso
connections
* Tweak styling
* Construct profile in updateUser as done previously
* Update react-ui
* Remove extra truthy check
* Hide pagination buttons for settings view
* Install @boxyhq/react-ui as symlink to local
* Tweak badge size
* Rename admin portal sso envs
* Fix the edit redirection for system sso
Co-authored-by: ukrocks007 <ukrocks.mehta@gmail.com>
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
Co-authored-by: Kiran K <kiran@boxyhq.com>
* Merged
* Revert the changes
* changes
* dropdown working
* fixes
* added custom classes for log viewer
* Create Project & styling fixes
* Update package-lock.json
* fixed react datepicker css issues
* Showing apis keys after project is created
* View tokens page
* minor changes
* masking for tokens
* warning fixes
* Fix the sidebar active state
* wip
* wip
* wip
* Showing publisher api url
* Fixed create new projects and list projects
* Improved the ProjectInfo page
* Fix the copy to clipboard button
* Add the codesnippet
* wip
* wip UI
* Improve the code snippet
* Fixes and improve the UIs
* Replace the product logos
* Set the group null
* Fix the conflicts
* Fix the heroicons
* Remove the unused method
* Make the ProjectDetails 2 columns
* Fix the logs-viewer not displaying
* read event log from admin-ui
* Jackson docker compose file & retraced integration related changes
* minor fix
* fixes for created key of audit log
* fixed the expiry for self signed certificate
* using node forge for self signed certs
* Revert "using node forge for self signed certs"
This reverts commit c027b5b7ce.
* fix
* package lock changes
* installed missing dependancies and added new packages
* minor fixes
* fixes
* added missing translations for retraced pages
* - pin deps
- removed react-copy-to-clipboard, react-host-toast
* fixed typo
* cleanup
* tweak
* switched to ButtonIcon
* switch to button components and added back buttons where needed
* checking npm ci
* simplified env vars for Retraced
* tweaks
* If Retraced host is not specified then show a message
* added audit logs logo
* - added admin_token to bypass user and project specific queries
- fixed project details view to read any length for environments
* switched to daisyui Select
* fixed auth check for api routes, get email for claims from the jwt
* updated package-lock
* switched to clipboard component
* tweaks to CodeSnippet
* padding tweaks
* updated package-lock
* updated package-lock
* fixed z-index for modal in logs-viewer
* select -> Select
Co-authored-by: Kiran <kiran@boxyhq.com>
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* Add alert component
* Add a loading state component
* Now Emptystate accept an optional prop description
* SAML federation create app controller
* Add the UI to create and list SAML federation apps
* Create SAML federation app and metadata
* wip
* wip
* wip
* Cleanup
* Fix the return values
* Delete the session after the SAML response is sent to the user
* wip
* Revert the changes to the ConnectionAPIController
* wip - IdP selection, session fixes
* Fix the flow
* Refactor
* Refactor
* wip
* Refactor the idp selection page - wip
* Refactor
* Refactor the resolve connection
* Refactor the idp selection
* Refactor the idp/app selection and other fixes
* wip
* Refactor
* Refactor the SAML response handling to merge the logic
* Rename the methods
* Move the saml federation to /ee folder
* Fix the imported types
* wip
* wip /ee
* Move the federated SAML UI to /ee
* Move to /ee folder
* wip admin portal
* Delete the SAML federation app
* Rename the controllers
* Add the translation
* Add the proper license check
* Add the unit tests
* tweaks to test
* tweaks to test
* Changes to the controller and other cleanup
* Fix API routes headers
* Use new toast
* Add button to download cert
* Tweaks
* log cleanup
* saml federation is part of enterprise sso
* entityID now contains the unique hash needed for each tenant + product combination
* cleanup
* cleanup
* we don't need a unique entityID
* text tweaks
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* Support adding own cert
* Update the env and decode the keys before using it
* Drop the JACKSON_ prefix
* Tweaks to the getDefaultCertificate
* Remove the console.log
* wip: updated otel libs but it isn't sending events
* cleanup
* grpc works
* simplified counter creation
* Support process.env.OTEL_EXPORTER_OTLP_ENDPOINT as well
* exportIntervalMillis of 60 seconds should be sufficient
* support http and grpc as well
* tweak to OTEL_EXPORTER_DEBUG
* unregister logger before setting it
* use PRE_LOADED_CONNECTION instead of PRE_LOADED_CONFIG
* added endpoint to return sp metadata for use with federated systems like OpenAthens
* removed md prefix
* Support connection dynamic param in route
* Pass `connection`
* Fix tests
* Accept oidc params and validate the same
* Rename `connection` --> `strategy`
* Use saml for preLoadedConfig for now
* Rename `apiController` --> `apiConfigController`
* Flatten the params
* Validate passed config
* Backward compatibility for embed setup
* Impl for oidc config save
* index addition for oidc clientId
* Remove param, defaults to saml
* Validation will be done inside controller
* Zap secondary index on clientId, not required
* Rename `APIConfigController` --> `ConfigAPIController`
* Update swagger
* Fix name
* Fix name elsewhere
* Revert filter
* Split `saml` and `oidc` create/update logic
* Route `saml` and `oidc`
* Test update
* Update swagger
* Update swagger
* Use tenant/product from stored config
in lieu of params
* Validate passed OIDC clientId using hash
* Update swagger annotations
* Handlers for getting OIDC/SAML configs
* Validate tenant/product in update
* Typo fix
* Fix test
* Default to empty string, validation is done
to check if the params are not empty
* Extract provider name just like saml
* OIDC Connection support
*delta for authorize*
- Renamed samlConfig(s) → connection(s)
- Renamed resolvedSamlConfig -> resolvedConnection
- Detect connection is SAML or OIDC
- Perform Issuer discovery and oidc client init
- Tweak error responses
- Persist oidc client metadata in session
* Test type fix
* Test fix
* openid-client dependency
* Sync package locks
* Fix return type
- Remove `undefined` from return type
- Return `OAuthErrorResponse` for else case
* Handle OIDC Authorization response
* Persist OIDC code_verifier
* Remove scope check for OIDC connection
* Normalize scope before relaying
* Method name update
* Extract user profile from id token and userinfo
* Handle error response from OIDC Provider
* Update type
* Type update with OIDC specific error codes
* Bug fix : typo
* Cleanup
* OIDC callback route
* Bug fix: return profile and parameter fix
* Rename `config` -> `connection`
* Use `Link` and add oidc connection nav item
* Use `strategy` from query param
* Delta ↴
- Reorganised api routes
- Removed Admin controller filtering methods for saml/oidc
* Fix page link in e2e test
* Changes:
- Handle oidc connection fields
- Rename component file path
* Remove slug for save/update connection
* Fix keyname in update operation
* Import path update
* Radio select connection type for new connection
* Update lock file
* Sync lock file
* Sync package lock
* Fix connectionType detection for new connection
* Fix error message
* Add comment
* Tweak comment
* Use the correct state and directly from session
* Sync lock file
* Remove `provider` from OAuthReqBody
* Remove duplicate scopes
* Pass recent param additions to idpSelection page
* Add badge for Provider type
* Style tweak
* Style IdP type selection
* Add test for oidc provider
* Comment
* Check for empty state
* Add test for oidcAuthzResponse
* Add test for oidcAuthzResponse
* Add test for error response from OP
* Error message tweak
* Test the happy path
* Remove unused import
* Fix assertion
* - Fix types
- add createOIDCConfig` test for missing params
* Test happy path for `createOIDCConfig`
* Param validation tests for `createOIDCConfig`
* Test for `updateOIDCConfig`
* Tests for `updateOIDCConfig`
* Male `oidcPath` required like `samlPath`
* Bump `openid-client` version
* Refactor
* Update test coverage map
* Tweak label
* Split openid/oauth tests
* call `t.end`
* Fix file name in comment
* Add test teardown
* Improve coverage and rename test files
* For backwards compatibility
* Minor formatting
* Add api paths for /connection
* Zap config path for admin ui
* Update swagger spec
* Rename `configAPIController`
→ `connectionAPIController`
* Rename `IdPConfig` → `IdPConnection`
* Rename `validateIdPConfig` → `validateIdPConnection`
* Rename `createSAMLConfig` → `createSAMLConnection`
* Rename `createOIDCConfig` → `createOIDCConnection`
* Update swagger spec
* Rename `updateSAMLConfig` → `updateSAMLConnection`,
`updateOIDCConfig` → `updateOIDCConnection`
* Make `clientID`/`clientSecret` readOnly
* Rename `configStore` → `connectionStore`
* Update swagger spec
* Add `getConnection` + `deleteConnection`
* Remove `/api/v1/oidc/config`
and keep `api/v1/saml/config`
* Rename `getAllConfig` → `getAllConnection`
* Rename `readConfig` → `loadConnection`
* Rename `deleteConfiguration` → `deleteConnection`
* Add `preLoadedConnection` env
* Update map and cli
* Refactor api tests and rename config to connection
* Rename `configList` → `connectionList`
* Rename `samlConfig` → `samlConnection`
* Rename config -> connection
* Rename `config` → `connection`
* Rename counters for otl
* Sync package lock
* Remove api key validation from api route
* Update Admin ui title
* Update swagger
* Update otl metric descriptions
* Update var naming to connection
* Add strategy validation
* Add tests for invalid strategy
* Sync package lock
* Upgrade and pin version
* Update saml config api with deprecated
* Updated swagger spec for deprecated config api
* Bump package version
* Fix label
* - removed strategy for `get` and `delete`
- Type update
* Type updates
* getConnection -> getConnections,
deleteConnection -> deleteConnections
* Update swagger spec
* Use only for saml connection
* Remove slug from api routes
* API path updates
* Type updates
* Helper util for api routes to check strategy
* Type updates and api changes
* `OAuthReq` typings enhancement
* Narrowed down types for `OAuthTokenReq` and
`OIDCAuthzResponsePayload`
* `IdPConnection` -> `SSOConnection`
* Update cookie name to avoid clash
* Handle the uncaught case to prevent req hanging
* Support 'POST' at authorization endpoint
* handle additional scope params
* handle additional claims param
* Try with `legacy-peer-deps` true
* Fix logic
* Set legacy-peer-deps to `true`
* Remove `.npmrc` files and sync packages from main
* Resolve conflicts
* Load jwtSigningKeys into env
* Return id_token for OIDC flow
* Support `nonce`
* Add type for `nonce`
* Set `nonce` only if present in request
* Expose OpenId provider metadata
* Update metadata
* Tweak path remove dot, map jwks
* Add jwsAlg and source keys using base64
* Source jose from root package.json too
* JWS utils
* Serve jwks_uri
* Load private key for signing
* Fix authz endpoint
* Format example env
* Fix claims
* Format discovery and add missing metadata
* Include the basic profile in id_token
* Fix claims access
* Remove console log
* Sync package lock
* Cleanup
* Support for claims is optional
* cleanup type
* Set `Content-Type` header
* Remove default from env
* Handle jwt env
* oidc fixture
* Test for oidc flow, check id_token in response
* Add jwt envs
* Fix for undefined
* Remove keys check in controller init
* Runtime check for JWS keys
* check if id_token is absent
* Check for claims and verify signature
* Snapshot test oidc discovery page
* Add snapshot for linux to work in CI
* Test with a fontless screenshot
* test with this one
* add a debug step
* Get the entire dir for snapshot
* Test with this
* Comment out debug step
* snapshot test jwks
* Update env
* Upload screenshot for linux
* Add debug step
* Update snapshot
* Sync package lock
* Remove local testing snapshots
* Assert using api request
* Update to use api test for jwks endpoint
* Set `JWS_ALG` env
* Prefix openid vars
* Fix env access
* Fix e2e test
* Fix options in tests
* Fix env var access
* Use ttl from env
* Simplify exp value setting
* oidc discovery controller
* Fix typing
* Handle case where signing keys are not set
* return `oidcDiscoveryController`
* Throw a JacksonError like object
* Use controllers and cleanup
* throw JacksonError like object
* Minor formatting
* Fix typing and add check for undefined
* Keep order of packages same as in main
* Update key generation comment
* Initialise `openid` correctly in npm
* Cleanup
* Set `sub` claim
* Set 'sub' only for oidc flow
* Add Pagination for SQL and Mongo
* change the limit value
* resolve ts errors and apply condition for paginat
* Add Offset & Limit in env and update variable type
* Reverting String to number for offset and limit
* Add pagination in Redis and update the naming conv
* update the pageLimit value for admin
* Update Delete functionality for Redis
* tweaked count for redis getAll
* getAll for Redis and Unit test
* tweaks
* consistent naming
* added missing DB_CLEANUP_LIMIT to env.ts
* tweaks
* Style update for prev, next button
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
Co-authored-by: Aswin V <vaswin91@gmail.com>
* NextAuth + users providers
* Add a temporary fix for verification token - don't use it in production
* Admin ui files
* Admin controller
* getAll db apis
* IdP provider page and api route
* Fix padding
* Style fixes
* middleware to check session
* Loading state handling
* fetcher better response handling
* Add new provider form and api route
* Tab panel in client add form
* Tab switching plus new fields
* Flowbite config
* darkMode with flowbite
* Save config
* Update route path to saml
* Reusable component for add/edit
* cleanup
* Set Secret in NextAuth options
* Prettier lint changes
* Support for delete operation
* Link update
* PopUp Modal reusable component
* Popup confirm before delete
* disable SWR revalidation on focus
* Display IdP metadata, clientID,secret
* Header fixed positioning and style fixes
* Filter raw XML in edit mode
* Add name field to config
* - Edit/New form delta
- Split by newline
- Route back after POST
* Remove flowbite
* Remove flowbite [cleanup]
* Add description field
* updateConfig implementation
* Route PATCH to updateConfig
* Naming change
* Naming Client -> Connection
* AddEdit component updates
* Omit provider, returns full config
* Destructure session first
* Change to domain ACL
* Delete unused component
* Support glob and list of emails for ACL
* Delete unused CSS
* Update package lock
* Remove flowbite from content source
* Redirect to admin route
* Check session in Layout and redirect to login
* Logout in dropdown
* vertical alignment
* Show status message on save (edit)
* Consolidate fields to one long vertical column
* GetAll function for SQL and Add CreationDate and Modification Date for Mongo and SQL
* Add name as header
* Styling and opacity transition for status
* Configure button style fix
* overflow for smaller viewports and rounded border
* Fallback to default behavior of useSession
* Store, use and dispose (after signIn)
verification token in db
* Remove unused class
* Rename Connections ➡ Configurations
* Handle getAll and getConfig using slug
* Better naming
* Update fetch paths
* Refactor getAllConfig ➡ getConfig (By Id)
* Better naming
* Rename saml ➡ samlconf
* Use light theme by not defaulting to system theme
* Path update /samlconf ➡ /saml/config
* Fix path
* Revert manual changes
* getall funcationality and migration script
* message
* Updating migration file formating
* message
* Pull and fix package.json and lock file
* correcting the migration script formatting
* remove file
* add new migration files
* e2e with playwright
* Better naming
* Remove comment
* Make headless
* Run npm install from root
* Add e2e steps in workflow
* try with separate npm installs
* Move higher in the pipeline to test
* Fix quote
* Rely on npx
* fixed migration script formatting
* spelling correction
* headless for CI but false for local
* Use secret
* Type fixes for mongo
* [skip ci] Swagger annotation for getConfig
* Adding migration scriptis for all db's
* added migration script to prettierignore
* unformat migration script
* removing postgress migration files
* generate new migration files
* remove wrong migration files
* Add new migration files for mysql and mariadb
* [skip ci] Swagger annotation for updateConfig
* Return empty for update op
* Update swagger spec
* Fix type
* Wait for mongo to start
* Fix db_engine
* Test with pg
* Test with POSTGRES_DB env to auto create db
* Swap install-deps with install
* Use prod build
* enable @ts-ignore
* Test some fixes
* Can be omitted in next-auth v4, uses secret
* Move env to playwright config
* authDbSeed script needs the db and other secrets
* Typo
* Bad typo day 😅
* Again typo
* Set NEXTAUTH_URL
* Use prod build in CI
* Prefix the env for seeding
* Try with inline
* tidying up migration scripts
* fixed migration scripts
* Set env in actions yml
* Remove comma
* Target chromium
* Prefix the env
* Try inline in playwright
* print env
* Move build to action step
* Remove console log
* Let env sit on the job level
* Add ACL
* Fix attribute check
* Add name field
* add name in metadata preload config
* Use postgres
* Remove unneeded secret
* Remove env/options from mongo service
* Fix swagger
* Update swagger spec
* [skip ci] Fix eslint warning
* Add updateConfig test
* Add description to preloaded config
* [skip ci] cleanup
* minor fix
* Update comment
* Expose PATCH in config api
* Added missing validation for clientSecret
* Update swagger spec
* updated example postgres url, updated deps
* Redirect to saml config route
* Remove unused pages/routes
* Update in package lock
* Add primary and secondary colors to tailwind
* Swap icon
* Remove text-color and apply default theme
* Use the primary color from theme
* Reusable custom class for btn-primary
* Add link-primary reusable class
* Use primary secondary colors for main logo
* Show error status & color align with primary color
* Show product if name is absent
* Simplify required attribute setting,
'description' is not required
* Make description optional
* Fix placeholder text
* Swagger updates
* Add validation for description
* Swagger - add missing status codes & descriptions
* Update swagger artifact
* Fix styling for status message
* revalidate config on successful save
* style text highlight globally
* Fix cancel button style
* Set the main height to 100%-headerHeight,
add overflow
* removed default ACL, if someone forgets to change it then we might have Tony Stark logging into everyones instances :)
* print the arch/platform
* Collect platform info
* Disable swc and remove platform query steps
* Try with custom babel config to disable swc
* Add next.js build cache
* Refactor step
* trying swc
* Make name parameter optional
* Update form state from backend after save
* port 5000 -> 5225
* Handle empty value case for ACL
* bumped up version
Co-authored-by: Kiran <kiran@boxyhq.com>
Co-authored-by: Vishal Lodha <vishal@boxyhq.com>
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
Co-authored-by: Utkarsh Mehta <ukrocks.mehta@gmail.com>
* Opentelemetry metrics API
* Rename the counter
* Add metrics API
* Add Otl to Nextjs
* Add otel protocol
* Fix the port
* Fix the port
* Fix
* Fix
* Fix
* fixed default postgres url
* tweaks to metrics name and attributes
Co-authored-by: Kiran K <kiran@Kirans-MacBook-Pro.local>
Co-authored-by: Deepak Prabhakara <deepak@boxyhq.com>
* added CLIENT_SECRET_VERIFIER for enhancing OAuth 2.0 security when not using PKCE flow
* added CLIENT_SECRET_VERIFIER to env.example
* fixed unit test