Merge branch 'main' into sentry-masking

Author: egelhaus

.env.example

@@ -50,6 +50,10 @@ GITHUB_CLIENT_ID=""
 GITHUB_CLIENT_SECRET=""
 BEEHIIVE_API_KEY=""
 BEEHIIVE_PUBLICATION_ID=""
+LISTMONK_DOMAIN=""
+LISTMONK_USER=""
+LISTMONK_API_KEY=""
+LISTMONK_LIST_ID=""
 THREADS_APP_ID=""
 THREADS_APP_SECRET=""
 FACEBOOK_APP_ID=""

.github/workflows/build-pr.yml

@@ -0,0 +1,75 @@
+---
+name: Build
+
+on:
+  pull_request_target:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    environment: 
+      name: build-pr
+
+    strategy:
+      matrix:
+        node-version: ['20.17.0']
+        # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v2
+        with:
+          version: 8
+          run_install: false
+
+      - name: Get pnpm store directory
+        shell: bash
+        run: |
+          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
+
+      - name: Setup pnpm cache
+        uses: actions/cache@v4
+        with:
+          path: |
+            ${{ env.STORE_PATH }}
+            ${{ github.workspace }}/.next/cache
+          key: ${{ runner.os }}-pnpm-${{ hashFiles('**/pnpm-lock.yaml') }}-${{ hashFiles('**/*.js', '**/*.jsx', '**/*.ts', '**/*.tsx') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-${{ hashFiles('**/pnpm-lock.yaml') }}-
+
+      - name: Install dependencies
+        run: pnpm install
+
+      - name: Build
+        run: pnpm run build
+
+      - name: Get Commit SHA (short)
+        id: get_version
+        run: |
+          # Get the short 8-character commit SHA
+          VERSION=$(git rev-parse --short=8 HEAD)
+          echo "Commit SHA is $VERSION"
+          echo "tag=$VERSION" >> $GITHUB_OUTPUT
+      
+      - name: SonarQube Analysis (Pull Request)
+        uses: SonarSource/sonarqube-scan-action@v6
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+        with: 
+          args: >
+            -Dsonar.projectVersion=${{ steps.get_version.outputs.tag }}
+            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
+            -Dsonar.pullrequest.branch=${{ github.event.pull_request.head.ref }}
+            -Dsonar.pullrequest.base=${{ github.event.pull_request.base.ref }}

.github/workflows/build.yaml

@@ -3,11 +3,11 @@ name: Build
 
 on:
   push:
-  pull_request:
 
 jobs:
   build:
     runs-on: ubuntu-latest
+    
 
     strategy:
       matrix:
@@ -16,6 +16,9 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
       - name: Use Node.js ${{ matrix.node-version }}
         uses: actions/setup-node@v4
         with:
@@ -47,3 +50,20 @@ jobs:
 
       - name: Build
         run: pnpm run build
+
+      - name: Get Commit SHA (short)
+        id: get_version
+        run: |
+          # Get the short 8-character commit SHA
+          VERSION=$(git rev-parse --short=8 HEAD)
+          echo "Commit SHA is $VERSION"
+          echo "tag=$VERSION" >> $GITHUB_OUTPUT
+      
+      - name: SonarQube Analysis (Branch)
+        uses: SonarSource/sonarqube-scan-action@v6
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+        with: 
+          args: >
+            -Dsonar.projectVersion=${{ steps.get_version.outputs.tag }}

.github/workflows/pr-docker-build.yml

@@ -9,10 +9,16 @@ permissions: write-all
 jobs:
   build-and-publish:
     runs-on: ubuntu-latest
-    
+
+    environment: 
+      name: build-pr
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Log in to GitHub Container Registry
         uses: docker/login-action@v3

README.md

@@ -1,6 +1,6 @@
 <p align="center">
-  <a href="https://affiliate.postiz.com">
-    <img src="https://github.com/user-attachments/assets/af9f47b3-e20c-402b-bd11-02f39248d738" />
+  <a href="https://github.com/growchief/growchief">
+    <img alt="automate" src="https://github.com/user-attachments/assets/d760188d-8d56-4b05-a6c1-c57e67ef25cd" />
   </a>
 </p>
 
@@ -19,6 +19,21 @@
 </a>
 </p>
 
+<div align="center">
+  <a href="https://sonarqube.ennogelhaus.de/dashboard?id=gitroomhq_postiz-app_bd4cd369-af44-4d19-903b-c4bdb0b66022">
+    <img src="https://sonarqube.ennogelhaus.de/api/project_badges/measure?project=gitroomhq_postiz-app_bd4cd369-af44-4d19-903b-c4bdb0b66022&metric=alert_status&token=sqb_4ef7409d8d3bb84ff51d945f5a62bc0df93895a9" alt="Quality Gate Status" />
+  </a>
+  <a href="https://sonarqube.ennogelhaus.de/dashboard?id=gitroomhq_postiz-app_bd4cd369-af44-4d19-903b-c4bdb0b66022">
+    <img src="https://sonarqube.ennogelhaus.de/api/project_badges/measure?project=gitroomhq_postiz-app_bd4cd369-af44-4d19-903b-c4bdb0b66022&metric=software_quality_maintainability_rating&token=sqb_4ef7409d8d3bb84ff51d945f5a62bc0df93895a9" alt="Maintainability Rating" />
+  </a>
+  <a href="https://sonarqube.ennogelhaus.de/dashboard?id=gitroomhq_postiz-app_bd4cd369-af44-4d19-903b-c4bdb0b66022">
+    <img src="https://sonarqube.ennogelhaus.de/api/project_badges/measure?project=gitroomhq_postiz-app_bd4cd369-af44-4d19-903b-c4bdb0b66022&metric=software_quality_reliability_rating&token=sqb_4ef7409d8d3bb84ff51d945f5a62bc0df93895a9" alt="Reliability Rating" />
+  </a>
+  <a href="https://sonarqube.ennogelhaus.de/dashboard?id=gitroomhq_postiz-app_bd4cd369-af44-4d19-903b-c4bdb0b66022">
+    <img src="https://sonarqube.ennogelhaus.de/api/project_badges/measure?project=gitroomhq_postiz-app_bd4cd369-af44-4d19-903b-c4bdb0b66022&metric=software_quality_security_rating&token=sqb_4ef7409d8d3bb84ff51d945f5a62bc0df93895a9" alt="Security Rating" />
+  </a>
+</div>
+
 <div align="center">
   <strong>
   <h2>Your ultimate AI social media scheduling tool</h2><br />

apps/backend/src/api/routes/auth.controller.ts

@@ -41,7 +41,7 @@ export class AuthController {
   async register(
     @Req() req: Request,
     @Body() body: CreateOrgUserDto,
-    @Res({ passthrough: true }) response: Response,
+    @Res({ passthrough: false }) response: Response,
     @RealIP() ip: string,
     @UserAgent() userAgent: string
   ) {
@@ -114,7 +114,7 @@ export class AuthController {
   async login(
     @Req() req: Request,
     @Body() body: LoginUserDto,
-    @Res({ passthrough: true }) response: Response,
+    @Res({ passthrough: false }) response: Response,
     @RealIP() ip: string,
     @UserAgent() userAgent: string
   ) {
@@ -204,11 +204,11 @@ export class AuthController {
   @Post('/activate')
   async activate(
     @Body('code') code: string,
-    @Res({ passthrough: true }) response: Response
+    @Res({ passthrough: false }) response: Response
   ) {
     const activate = await this._authService.activate(code);
     if (!activate) {
-      return response.status(200).send({ can: false });
+      return response.status(200).json({ can: false });
     }
 
     response.cookie('auth', activate, {
@@ -228,16 +228,18 @@ export class AuthController {
     }
 
     response.header('onboarding', 'true');
-    return response.status(200).send({ can: true });
+
+    return response.status(200).json({ can: true });
   }
 
   @Post('/oauth/:provider/exists')
   async oauthExists(
     @Body('code') code: string,
     @Param('provider') provider: string,
-    @Res({ passthrough: true }) response: Response
+    @Res({ passthrough: false }) response: Response
   ) {
     const { jwt, token } = await this._authService.checkExists(provider, code);
+
     if (token) {
       return response.json({ token });
     }

apps/backend/src/api/routes/integrations.controller.ts

@@ -3,6 +3,7 @@ import {
   Controller,
   Delete,
   Get,
+  HttpException,
   Param,
   Post,
   Put,
@@ -261,24 +262,33 @@ export class IntegrationsController {
       throw new Error('Invalid integration');
     }
 
+    let newList: any[] | { none: true } = [];
+    try {
+      newList = (await this.functionIntegration(org, body)) || [];
+    } catch (err) {
+      console.log(err);
+    }
+
+    if (!Array.isArray(newList) && newList?.none) {
+      return newList;
+    }
+
     const list = await this._integrationService.getMentions(
       getIntegration.providerIdentifier,
       body?.data?.query
     );
 
-    let newList = [];
-    try {
-      newList = await this.functionIntegration(org, body);
-    } catch (err) {}
-
-    if (newList.length) {
+    if (Array.isArray(newList) && newList.length) {
       await this._integrationService.insertMentions(
         getIntegration.providerIdentifier,
-        newList.map((p: any) => ({
-          name: p.label,
-          username: p.id,
-          image: p.image,
-        })).filter((f: any) => f.name)
+        newList
+          .map((p: any) => ({
+            name: p.label || '',
+            username: p.id || '',
+            image: p.image || '',
+            doNotCache: p.doNotCache || false,
+          }))
+          .filter((f: any) => f.name && !f.doNotCache)
       );
     }
 
@@ -289,10 +299,10 @@ export class IntegrationsController {
           image: p.image,
           label: p.name,
         })),
-        ...newList,
+        ...(newList as any[]),
       ],
       (p) => p.id
-    ).filter(f => f.label && f.image && f.id);
+    ).filter((f) => f.label && f.id);
   }
 
   @Post('/function')
@@ -478,6 +488,18 @@ export class IntegrationsController {
         validName = `Channel_${String(id).slice(0, 8)}`;
       }
     }
+
+    if (
+      process.env.STRIPE_PUBLISHABLE_KEY &&
+      org.isTrailing &&
+      (await this._integrationService.checkPreviousConnections(
+        org.id,
+        String(id)
+      ))
+    ) {
+      throw new HttpException('', 412);
+    }
+
     return this._integrationService.createOrUpdateIntegration(
       additionalSettings,
       !!integrationProvider.oneTimeToken,

apps/backend/src/api/routes/public.controller.ts

@@ -1,4 +1,14 @@
-import { Body, Controller, Get, Param, Post, Req, Res } from '@nestjs/common';
+import {
+  Body,
+  Controller,
+  Get,
+  Param,
+  Post,
+  Query,
+  Req,
+  Res,
+  StreamableFile,
+} from '@nestjs/common';
 import { ApiTags } from '@nestjs/swagger';
 import { AgenciesService } from '@gitroom/nestjs-libraries/database/prisma/agencies/agencies.service';
 import { PostsService } from '@gitroom/nestjs-libraries/database/prisma/posts/posts.service';
@@ -11,6 +21,10 @@ import { makeId } from '@gitroom/nestjs-libraries/services/make.is';
 import { getCookieUrlFromDomain } from '@gitroom/helpers/subdomain/subdomain.management';
 import { AgentGraphInsertService } from '@gitroom/nestjs-libraries/agent/agent.graph.insert.service';
 import { Nowpayments } from '@gitroom/nestjs-libraries/crypto/nowpayments';
+import { Readable, pipeline } from 'stream';
+import { promisify } from 'util';
+
+const pump = promisify(pipeline);
 
 @ApiTags('Public')
 @Controller('/public')
@@ -136,4 +150,46 @@ export class PublicController {
     console.log('cryptoPost', body, path);
     return this._nowpayments.processPayment(path, body);
   }
+
+  @Get('/stream')
+  async streamFile(
+    @Query('url') url: string,
+    @Res() res: Response,
+    @Req() req: Request
+  ) {
+    if (!url.endsWith('mp4')) {
+      return res.status(400).send('Invalid video URL');
+    }
+
+    const ac = new AbortController();
+    const onClose = () => ac.abort();
+    req.on('aborted', onClose);
+    res.on('close', onClose);
+
+    const r = await fetch(url, { signal: ac.signal });
+
+    if (!r.ok && r.status !== 206) {
+      res.status(r.status);
+      throw new Error(`Upstream error: ${r.statusText}`);
+    }
+
+    const type = r.headers.get('content-type') ?? 'application/octet-stream';
+    res.setHeader('Content-Type', type);
+
+    const contentRange = r.headers.get('content-range');
+    if (contentRange) res.setHeader('Content-Range', contentRange);
+
+    const len = r.headers.get('content-length');
+    if (len) res.setHeader('Content-Length', len);
+
+    const acceptRanges = r.headers.get('accept-ranges') ?? 'bytes';
+    res.setHeader('Accept-Ranges', acceptRanges);
+
+    if (r.status === 206) res.status(206); // Partial Content for range responses
+
+    try {
+      await pump(Readable.fromWeb(r.body as any), res);
+    } catch (err) {
+    }
+  }
 }