Merge branch 'main' into sean/cal-3284-username-not-updating-to-org

.env.example

@@ -232,6 +232,7 @@ NEXT_PUBLIC_COMPANY_NAME="Cal.com, Inc."
 # NEXT_PUBLIC_DISABLE_SIGNUP=true
 NEXT_PUBLIC_DISABLE_SIGNUP=
 
+# Set this to 'non-strict' to enable CSP for support pages. 'strict' isn't supported yet. Also, check the README for details.
 # Content Security Policy
 CSP_POLICY=
 
@@ -296,7 +297,7 @@ E2E_TEST_CALCOM_GCAL_KEYS=
 # You can use: `openssl rand -base64 32` to generate one
 CALCOM_CREDENTIAL_SYNC_SECRET=""
 # This is the header name that will be used to verify the webhook secret. Should be in lowercase
-CALCOM_CREDENTIAL_SYNC_SECRET_HEADER_NAME="calcom-webhook-secret"
+CALCOM_CREDENTIAL_SYNC_HEADER_NAME="calcom-credential-sync-secret"
 CALCOM_CREDENTIAL_SYNC_ENDPOINT=""
 # Key should match on Cal.com and your application
 # must be 24 bytes for AES256 encryption algorithm
@@ -341,3 +342,6 @@ APP_ROUTER_TEAMS_ENABLED=0
 
 # disable setry server source maps
 SENTRY_DISABLE_SERVER_WEBPACK_PLUGIN=1
+
+# api v2
+NEXT_PUBLIC_API_V2_URL="http://localhost:5555/api/v2"

.github/PULL_REQUEST_TEMPLATE.md

@@ -13,7 +13,7 @@ Fixes # (issue)
 <!-- Please provide all documents that are important to understand the reason of that PR. -->
 
 - If there is a requirement document, please, share it here.
-- If there is ab UI/UX design document, please, share it here.
+- If there is a UI/UX design document, please, share it here.
 
 ## Type of change
 

.github/workflows/production-build-without-database.yml

@@ -29,6 +29,7 @@ env:
   SENDGRID_EMAIL: ${{ secrets.CI_SENDGRID_EMAIL }}
   TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
   TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
+  NEXT_PUBLIC_API_V2_URL: ${{ secrets.CI_NEXT_PUBLIC_API_V2_URL }}
 
 jobs:
   build:

.github/workflows/production-build.yml

@@ -33,6 +33,7 @@ env:
   SENDGRID_EMAIL: ${{ secrets.CI_SENDGRID_EMAIL }}
   TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
   TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
+  NEXT_PUBLIC_API_V2_URL: ${{ secrets.CI_NEXT_PUBLIC_API_V2_URL }}
 
 jobs:
   build:

.prettierignore

@@ -16,3 +16,4 @@ public
 packages/prisma/zod
 packages/prisma/enums
 apps/web/public/embed
+apps/api/v2/swagger/documentation.json

apps/api/index.js

@@ -0,0 +1,18 @@
+const http = require("http");
+const connect = require("connect");
+const { createProxyMiddleware } = require("http-proxy-middleware");
+
+const apiProxyV1 = createProxyMiddleware({
+  target: "http://localhost:3003",
+});
+
+const apiProxyV2 = createProxyMiddleware({
+  target: "http://localhost:3004",
+});
+
+const app = connect();
+app.use("/", apiProxyV1);
+
+app.use("/v2", apiProxyV2);
+
+http.createServer(app).listen(3002);

apps/api/package.json

@@ -1,46 +1,16 @@
 {
-  "name": "@calcom/api",
+  "name": "@calcom/api-proxy",
   "version": "1.0.0",
-  "description": "Public API for Cal.com",
-  "main": "index.ts",
-  "repository": "git@github.com:calcom/api.git",
-  "author": "Cal.com Inc.",
-  "private": true,
+  "description": "",
+  "main": "index.js",
   "scripts": {
-    "build": "next build",
-    "clean": "rm -rf .turbo && rm -rf node_modules && rm -rf .next",
-    "dev": "PORT=3002 next dev",
-    "lint": "eslint . --ignore-path .gitignore",
-    "lint:fix": "eslint . --ext .ts,.js,.tsx,.jsx --fix",
-    "start": "PORT=3002 next start",
-    "docker-start-api": "PORT=80 next start",
-    "type-check": "tsc --pretty --noEmit"
-  },
-  "devDependencies": {
-    "@calcom/tsconfig": "*",
-    "@calcom/types": "*",
-    "node-mocks-http": "^1.11.0"
+    "dev": "node ./index.js"
   },
+  "author": "",
+  "license": "ISC",
   "dependencies": {
-    "@calcom/app-store": "*",
-    "@calcom/core": "*",
-    "@calcom/dayjs": "*",
-    "@calcom/emails": "*",
-    "@calcom/features": "*",
-    "@calcom/lib": "*",
-    "@calcom/prisma": "*",
-    "@calcom/trpc": "*",
-    "@sentry/nextjs": "^7.73.0",
-    "bcryptjs": "^2.4.3",
-    "memory-cache": "^0.2.0",
-    "next": "^13.5.4",
-    "next-api-middleware": "^1.0.1",
-    "next-axiom": "^0.17.0",
-    "next-swagger-doc": "^0.3.6",
-    "next-validations": "^0.2.0",
-    "typescript": "^4.9.4",
-    "tzdata": "^1.0.30",
-    "uuid": "^8.3.2",
-    "zod": "^3.22.4"
+    "connect": "^3.7.0",
+    "http": "^0.0.1-security",
+    "http-proxy-middleware": "^2.0.6"
   }
 }

apps/api/v1/lib/helpers/verifyCredentialSyncEnabled.ts

@@ -0,0 +1,24 @@
+import type { NextMiddleware } from "next-api-middleware";
+
+import { APP_CREDENTIAL_SHARING_ENABLED } from "@calcom/lib/constants";
+
+export const verifyCredentialSyncEnabled: NextMiddleware = async (req, res, next) => {
+  const { isAdmin } = req;
+
+  if (!isAdmin) {
+    return res.status(403).json({ error: "Only admin API keys can access credential syncing endpoints" });
+  }
+
+  if (!APP_CREDENTIAL_SHARING_ENABLED) {
+    return res.status(501).json({ error: "Credential syncing is not enabled" });
+  }
+
+  if (
+    req.headers[process.env.CALCOM_CREDENTIAL_SYNC_HEADER_NAME || "calcom-credential-sync-secret"] !==
+    process.env.CALCOM_CREDENTIAL_SYNC_SECRET
+  ) {
+    return res.status(401).json({ message: "Invalid credential sync secret" });
+  }
+
+  await next();
+};

apps/api/lib/helpers/withMiddleware.ts → apps/api/v1/lib/helpers/withMiddleware.ts

@@ -13,6 +13,7 @@ import {
 } from "./httpMethods";
 import { rateLimitApiKey } from "./rateLimitApiKey";
 import { verifyApiKey } from "./verifyApiKey";
+import { verifyCredentialSyncEnabled } from "./verifyCredentialSyncEnabled";
 import { withPagination } from "./withPagination";
 
 const middleware = {
@@ -28,6 +29,7 @@ const middleware = {
   extendRequest,
   pagination: withPagination,
   captureErrors,
+  verifyCredentialSyncEnabled,
 };
 
 type Middleware = keyof typeof middleware;

apps/api/v1/lib/validations/credential-sync.ts

@@ -0,0 +1,64 @@
+import { z } from "zod";
+
+import { HttpError } from "@calcom/lib/http-error";
+
+const userId = z.string().transform((val) => {
+  const userIdInt = parseInt(val);
+
+  if (isNaN(userIdInt)) {
+    throw new HttpError({ message: "userId is not a valid number", statusCode: 400 });
+  }
+
+  return userIdInt;
+});
+const appSlug = z.string();
+const credentialId = z.string().transform((val) => {
+  const credentialIdInt = parseInt(val);
+
+  if (isNaN(credentialIdInt)) {
+    throw new HttpError({ message: "credentialId is not a valid number", statusCode: 400 });
+  }
+
+  return credentialIdInt;
+});
+const encryptedKey = z.string();
+
+export const schemaCredentialGetParams = z.object({
+  userId,
+  appSlug: appSlug.optional(),
+});
+
+export const schemaCredentialPostParams = z.object({
+  userId,
+  createSelectedCalendar: z
+    .string()
+    .optional()
+    .transform((val) => {
+      return val === "true";
+    }),
+  createDestinationCalendar: z
+    .string()
+    .optional()
+    .transform((val) => {
+      return val === "true";
+    }),
+});
+
+export const schemaCredentialPostBody = z.object({
+  appSlug,
+  encryptedKey,
+});
+
+export const schemaCredentialPatchParams = z.object({
+  userId,
+  credentialId,
+});
+
+export const schemaCredentialPatchBody = z.object({
+  encryptedKey,
+});
+
+export const schemaCredentialDeleteParams = z.object({
+  userId,
+  credentialId,
+});

apps/api/next-i18next.config.js → apps/api/v1/next-i18next.config.js

@@ -4,7 +4,7 @@ const i18nConfig = require("@calcom/config/next-i18next.config");
 /** @type {import("next-i18next").UserConfig} */
 const config = {
   ...i18nConfig,
-  localePath: path.resolve("../web/public/static/locales"),
+  localePath: path.resolve("../../web/public/static/locales"),
 };
 
 module.exports = config;

apps/api/v1/package.json

@@ -0,0 +1,46 @@
+{
+  "name": "@calcom/api",
+  "version": "1.0.0",
+  "description": "Public API for Cal.com",
+  "main": "index.ts",
+  "repository": "git@github.com:calcom/api.git",
+  "author": "Cal.com Inc.",
+  "private": true,
+  "scripts": {
+    "build": "next build",
+    "clean": "rm -rf .turbo && rm -rf node_modules && rm -rf .next",
+    "dev": "PORT=3003 next dev",
+    "lint": "eslint . --ignore-path .gitignore",
+    "lint:fix": "eslint . --ext .ts,.js,.tsx,.jsx --fix",
+    "start": "PORT=3003 next start",
+    "docker-start-api": "PORT=80 next start",
+    "type-check": "tsc --pretty --noEmit"
+  },
+  "devDependencies": {
+    "@calcom/tsconfig": "*",
+    "@calcom/types": "*",
+    "node-mocks-http": "^1.11.0"
+  },
+  "dependencies": {
+    "@calcom/app-store": "*",
+    "@calcom/core": "*",
+    "@calcom/dayjs": "*",
+    "@calcom/emails": "*",
+    "@calcom/features": "*",
+    "@calcom/lib": "*",
+    "@calcom/prisma": "*",
+    "@calcom/trpc": "*",
+    "@sentry/nextjs": "^7.73.0",
+    "bcryptjs": "^2.4.3",
+    "memory-cache": "^0.2.0",
+    "next": "^13.5.4",
+    "next-api-middleware": "^1.0.1",
+    "next-axiom": "^0.17.0",
+    "next-swagger-doc": "^0.3.6",
+    "next-validations": "^0.2.0",
+    "typescript": "^4.9.4",
+    "tzdata": "^1.0.30",
+    "uuid": "^8.3.2",
+    "zod": "^3.22.4"
+  }
+}

apps/api/v1/pages/api/credential-sync/_delete.ts

@@ -0,0 +1,60 @@
+import type { NextApiRequest } from "next";
+
+import { defaultResponder } from "@calcom/lib/server";
+import prisma from "@calcom/prisma";
+
+import { schemaCredentialDeleteParams } from "~/lib/validations/credential-sync";
+
+/**
+ * @swagger
+ * /credential-sync:
+ *   delete:
+ *     operationId: deleteUserAppCredential
+ *     summary: Delete a credential record for a user
+ *     parameters:
+ *       - in: query
+ *         name: apiKey
+ *         required: true
+ *         schema:
+ *           type: string
+ *         description: Your API key
+ *       - in: query
+ *         name: userId
+ *         required: true
+ *         schema:
+ *           type: string
+ *         description: ID of the user to fetch the credentials for
+ *       - in: query
+ *         name: credentialId
+ *         required: true
+ *         schema:
+ *           type: string
+ *         description: ID of the credential to update
+ *     tags:
+ *     - credentials
+ *     responses:
+ *       200:
+ *         description: OK
+ *       401:
+ *        description: Authorization information is missing or invalid.
+ *       505:
+ *        description: Credential syncing not enabled
+ */
+async function handler(req: NextApiRequest) {
+  const { userId, credentialId } = schemaCredentialDeleteParams.parse(req.query);
+
+  const credential = await prisma.credential.delete({
+    where: {
+      id: credentialId,
+      userId,
+    },
+    select: {
+      id: true,
+      appId: true,
+    },
+  });
+
+  return { credentialDeleted: credential };
+}
+
+export default defaultResponder(handler);