update datafusion

backend/src/ee.rs

@@ -0,0 +1,23 @@
+use anyhow::anyhow;
+#[cfg(feature = "enterprise")]
+use windmill_common::error::{Error, Result};
+
+pub async fn set_license_key(_license_key: String) -> anyhow::Result<()> {
+    // Implementation is not open source
+    Err(anyhow!("License cannot be set in Windmill CE"))
+}
+
+#[cfg(feature = "enterprise")]
+pub async fn verify_license_key() -> Result<()> {
+    // Implementation is not open source
+    Err(Error::InternalErr(
+        "License always invalid in Windmill CE".to_string(),
+    ))
+}
+
+#[cfg(feature = "enterprise")]
+pub async fn jwt_ext_auth(_w_id: Option<&String>, _token: &str) -> Option<(ApiAuthed, usize)> {
+    // Implementation is not open source
+
+    None
+}

backend/windmill-api/src/ee.rs

@@ -0,0 +1,6 @@
+use anyhow::anyhow;
+
+pub async fn validate_license_key(_license_key: String) -> anyhow::Result<String> {
+    // Implementation is not open source
+    Err(anyhow!("License can't be validated in Windmill CE"))
+}

backend/windmill-api/src/job_helpers_ee.rs

@@ -0,0 +1,5 @@
+use axum::Router;
+
+pub fn workspaced_service() -> Router {
+    Router::new()
+}

backend/windmill-api/src/oauth2_ee.rs

@@ -0,0 +1,188 @@
+/*
+ * Author: Ruben Fiszel
+ * Copyright: Windmill Labs, Inc 2022
+ * This file and its contents are licensed under the AGPLv3 License.
+ * Please see the included NOTICE for copyright information and
+ * LICENSE-AGPL for a copy of the license.
+ */
+
+use std::{collections::HashMap, fmt::Debug};
+
+use axum::{routing::get, Json, Router};
+use hmac::Mac;
+use hyper::HeaderMap;
+
+use itertools::Itertools;
+use oauth2::{Client as OClient, *};
+use serde::{Deserialize, Serialize};
+use sqlx::{Postgres, Transaction};
+use windmill_common::more_serde::maybe_number_opt;
+
+use crate::OAUTH_CLIENTS;
+use windmill_common::error;
+use windmill_common::oauth2::*;
+
+use crate::db::DB;
+use std::str;
+
+pub fn global_service() -> Router {
+    Router::new()
+        .route("/list_supabase", get(list_supabase))
+        .route("/list_logins", get(list_logins))
+        .route("/list_connects", get(list_connects))
+}
+
+pub fn workspaced_service() -> Router {
+    Router::new()
+}
+
+#[derive(Serialize)]
+#[serde(tag = "type")]
+pub enum InstanceEvent {
+    UserAdded { email: String },
+    // UserDeleted { email: String },
+    // UserDeletedWorkspace { workspace: String, email: String },
+    UserAddedWorkspace { workspace: String, email: String },
+    UserInvitedWorkspace { workspace: String, email: String },
+    UserJoinedWorkspace { workspace: String, email: String, username: String },
+}
+
+#[derive(Debug, Clone)]
+pub struct ClientWithScopes {
+    _client: OClient,
+    _scopes: Vec<String>,
+    _extra_params: Option<HashMap<String, String>>,
+    _extra_params_callback: Option<HashMap<String, String>>,
+    _allowed_domains: Option<Vec<String>>,
+    _userinfo_url: Option<String>,
+}
+
+pub type BasicClientsMap = HashMap<String, ClientWithScopes>;
+
+#[derive(Clone, Debug, Serialize, Deserialize)]
+pub struct OAuthConfig {
+    auth_url: String,
+    token_url: String,
+    userinfo_url: Option<String>,
+    scopes: Option<Vec<String>>,
+    extra_params: Option<HashMap<String, String>>,
+    extra_params_callback: Option<HashMap<String, String>>,
+    req_body_auth: Option<bool>,
+}
+
+#[derive(Clone, Debug, Serialize, Deserialize)]
+pub struct OAuthClient {
+    id: String,
+    secret: String,
+    allowed_domains: Option<Vec<String>>,
+    connect_config: Option<OAuthConfig>,
+    login_config: Option<OAuthConfig>,
+}
+
+#[derive(Debug)]
+pub struct AllClients {
+    pub logins: BasicClientsMap,
+    pub connects: BasicClientsMap,
+    pub slack: Option<OClient>,
+}
+
+pub fn build_oauth_clients(
+    _base_url: &str,
+    _oauths_from_config: Option<HashMap<String, OAuthClient>>,
+) -> anyhow::Result<AllClients> {
+    // Implementation is not open source
+    return Ok(AllClients {
+        logins: HashMap::default(),
+        connects: HashMap::default(),
+        slack: None,
+    });
+}
+
+#[derive(Clone, Debug, Deserialize, Serialize)]
+pub struct TokenResponse {
+    access_token: AccessToken,
+    #[serde(deserialize_with = "maybe_number_opt")]
+    #[serde(default)]
+    expires_in: Option<u64>,
+    refresh_token: Option<RefreshToken>,
+    #[serde(deserialize_with = "helpers::deserialize_space_delimited_vec")]
+    #[serde(serialize_with = "helpers::serialize_space_delimited_vec")]
+    #[serde(default)]
+    scope: Option<Vec<Scope>>,
+}
+
+#[derive(Serialize)]
+struct Logins {
+    oauth: Vec<String>,
+    saml: Option<String>,
+}
+async fn list_logins() -> error::JsonResult<Logins> {
+    // Implementation is not open source
+    return Ok(Json(Logins { oauth: vec![], saml: None }));
+}
+
+async fn list_connects() -> error::JsonResult<Vec<String>> {
+    Ok(Json(
+        (&OAUTH_CLIENTS.read().await.connects)
+            .keys()
+            .map(|x| x.to_owned())
+            .collect_vec(),
+    ))
+}
+
+pub async fn _refresh_token<'c>(
+    _tx: Transaction<'c, Postgres>,
+    _path: &str,
+    _w_id: &str,
+    _id: i32,
+    _db: &DB,
+) -> error::Result<String> {
+    // Implementation is not open source
+    Err(error::Error::BadRequest(
+        "Not implemented in Windmill's Open Source repository".to_string(),
+    ))
+}
+
+async fn list_supabase(_headers: HeaderMap) -> error::Result<String> {
+    // Implementation is not open source
+    Err(error::Error::BadRequest(
+        "Not implemented in Windmill's Open Source repository".to_string(),
+    ))
+}
+
+pub async fn check_nb_of_user(db: &DB) -> error::Result<()> {
+    let nb_users_sso =
+        sqlx::query_scalar!("SELECT COUNT(*) FROM password WHERE login_type != 'password'",)
+            .fetch_one(db)
+            .await?;
+    if nb_users_sso.unwrap_or(0) >= 10 {
+        return Err(error::Error::BadRequest(
+            "You have reached the maximum number of oauth users accounts (10) without an enterprise license"
+                .to_string(),
+        ));
+    }
+
+    let nb_users = sqlx::query_scalar!("SELECT COUNT(*) FROM password",)
+        .fetch_one(db)
+        .await?;
+    if nb_users.unwrap_or(0) >= 50 {
+        return Err(error::Error::BadRequest(
+            "You have reached the maximum number of accounts (50) without an enterprise license"
+                .to_string(),
+        ));
+    }
+    return Ok(());
+}
+
+#[derive(Clone, Debug)]
+pub struct SlackVerifier {
+    _mac: HmacSha256,
+}
+
+impl SlackVerifier {
+    pub fn new<S: AsRef<[u8]>>(secret: S) -> anyhow::Result<SlackVerifier> {
+        HmacSha256::new_from_slice(secret.as_ref())
+            .map(|mac| SlackVerifier { _mac: mac })
+            .map_err(|_| anyhow::anyhow!("invalid secret"))
+    }
+}

backend/windmill-api/src/oidc_ee.rs

@@ -0,0 +1,17 @@
+/*
+ * Author: Ruben Fiszel
+ * Copyright: Windmill Labs, Inc 2023
+ * This file and its contents are licensed under the AGPLv3 License.
+ * Please see the included NOTICE for copyright information and
+ * LICENSE-AGPL for a copy of the license.
+ */
+
+use axum::Router;
+
+pub fn global_service() -> Router {
+    Router::new()
+}
+
+pub fn workspaced_service() -> Router {
+    Router::new()
+}

backend/windmill-api/src/saml_ee.rs

@@ -0,0 +1,25 @@
+/*
+ * Author: Ruben Fiszel
+ * Copyright: Windmill Labs, Inc 2023
+ * This file and its contents are licensed under the AGPLv3 License.
+ * Please see the included NOTICE for copyright information and
+ * LICENSE-AGPL for a copy of the license.
+ */
+#![allow(non_snake_case)]
+
+use axum::{routing::post, Router};
+
+pub struct ServiceProviderExt();
+
+pub async fn build_sp_extension() -> anyhow::Result<ServiceProviderExt> {
+    return Ok(ServiceProviderExt());
+}
+
+pub fn global_service() -> Router {
+    Router::new().route("/acs", post(acs))
+}
+
+pub async fn acs() -> String {
+    // Implementation is not open source as it is a Windmill Enterprise Edition feature
+    "SAML available only in enterprise version".to_string()
+}

backend/windmill-api/src/scim_ee.rs

@@ -0,0 +1,23 @@
+/*
+ * Author: Ruben Fiszel
+ * Copyright: Windmill Labs, Inc 2023
+ * This file and its contents are licensed under the AGPLv3 License.
+ * Please see the included NOTICE for copyright information and
+ * LICENSE-AGPL for a copy of the license.
+ */
+
+use axum::{middleware::Next, response::Response, routing::get, Router};
+use hyper::Request;
+
+pub fn global_service() -> Router {
+    Router::new().route("/ee", get(ee))
+}
+
+pub async fn ee() -> String {
+    return "Enterprise Edition".to_string();
+}
+
+pub async fn has_scim_token<B>(_request: Request<B>, _next: Next) -> Response {
+    //Not implemented in open-source version
+    todo!()
+}

backend/windmill-api/src/stripe_ee.rs

@@ -0,0 +1,7 @@
+#[cfg(feature = "stripe")]
+use axum::Router;
+
+#[cfg(feature = "stripe")]
+pub fn add_stripe_routes(router: Router) -> Router {
+    return router;
+}