feat(ui): add allowGuestDemoWorkspace flag to force login

[NorkzYT]

allowGuestDemoWorkspace-admin-flag.mp4

This PR enforces login‑first access (#8716) by disabling or enabling the guest demo workspace via Admin Server Client Page and redirecting unauthenticated users straight to /sign‑in.

Summary by CodeRabbit

• New Features
  • Added a configuration option to control whether guests can access the demo workspace.
  • Server and client interfaces, as well as GraphQL queries and schemas, now support and expose the guest demo workspace setting.
  • User navigation after sign-out has been updated to redirect appropriately based on the guest demo workspace setting.
  • Unauthenticated users are redirected to sign-in if guest demo workspaces are disabled.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[graphite-app]

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

• merge - adds this PR to the back of the merge queue
• hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

[coderabbitai]

Walkthrough

A new configuration property, allowGuestDemoWorkspace, has been introduced throughout the backend, frontend, and GraphQL layers. This boolean flag controls whether guests can access a demo workspace. The change propagates from schema definitions and configuration interfaces to GraphQL queries, server config types, and frontend navigation logic, ensuring consistent enforcement and availability of this setting.

Changes

File(s) / Group	Change Summary
.docker/selfhost/schema.json packages/frontend/admin/src/config.json	Added allowGuestDemoWorkspace boolean property to client configuration schemas with description and default.
packages/backend/server/src/core/version/config.ts	Added allowGuestDemoWorkspace to VersionConfig interface and client config module with default true.
packages/backend/server/src/core/config/resolver.ts	Exposed allowGuestDemoWorkspace in ServerConfigResolver.serverConfig() from client config.
packages/backend/server/src/core/config/types.ts packages/backend/server/src/schema.gql	Added allowGuestDemoWorkspace field to ServerConfigType in both TypeScript and GraphQL schema.
packages/common/graphql/src/graphql/admin/admin-server-config.gql .../server-config.gql	Extended adminServerConfig and serverConfig GraphQL queries to request allowGuestDemoWorkspace.
packages/common/graphql/src/graphql/index.ts	Updated adminServerConfigQuery and serverConfigQuery to include allowGuestDemoWorkspace in selection sets.
packages/common/graphql/src/schema.ts	Added allowGuestDemoWorkspace to ServerConfigType and relevant query return types in schema typings.
packages/frontend/core/src/modules/cloud/types.ts	Added allowGuestDemoWorkspace boolean to ServerConfig interface.
packages/frontend/core/src/modules/cloud/constant.ts	Set allowGuestDemoWorkspace: true in all built-in server config objects.
packages/frontend/core/src/modules/cloud/entities/server.ts .../services/servers.ts	Ensured allowGuestDemoWorkspace is propagated and stored in server config when fetched or updated.
packages/frontend/core/src/components/hooks/affine/use-sign-out.ts	Modified sign-out logic to redirect based on allowGuestDemoWorkspace config.
packages/frontend/core/src/components/cloud/share-header-right-item/user-avatar.tsx .../invite/index.tsx .../workspace-selector/user-with-workspace-list/workspace-list/index.tsx .../mobile/components/workspace-selector/menu.tsx	Updated sign-out handlers to navigate to sign-in page after signing out.
packages/frontend/core/src/desktop/pages/index/index.tsx	Enforced guest access logic: redirects unauthenticated users to sign-in if guest demo is disallowed.
packages/frontend/core/src/components/hooks/affine/tests/use-sign-out.spec.ts	Added tests for useSignOut hook verifying redirection behavior based on allowGuestDemoWorkspace setting.

Sequence Diagram(s)

sequenceDiagram
    participant GuestUser
    participant Frontend
    participant Backend
    participant ConfigStore

    GuestUser->>Frontend: Access app
    Frontend->>Backend: Fetch serverConfig
    Backend->>ConfigStore: Read allowGuestDemoWorkspace
    ConfigStore-->>Backend: allowGuestDemoWorkspace (true/false)
    Backend-->>Frontend: serverConfig (includes allowGuestDemoWorkspace)
    alt allowGuestDemoWorkspace is false and user not logged in
        Frontend->>GuestUser: Redirect to sign-in page
    else allowGuestDemoWorkspace is true or user logged in
        Frontend->>GuestUser: Allow access to demo workspace
    end

Loading

Poem

A toggle for guests, a workspace anew,
Now set in the config, and checked all through.
If the flag says "yes," the demo doors swing wide,
If "no," to sign-in, the guests must glide.
With code in sync, and logic tight,
The rabbits hop—everything’s right!
🐇✨

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a03c5dd and 029bcc0.

📒 Files selected for processing (1)

• packages/frontend/core/src/components/hooks/affine/__tests__/use-sign-out.spec.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/frontend/core/src/components/hooks/affine/tests/use-sign-out.spec.ts

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 5

🔭 Outside diff range comments (1)

packages/frontend/core/src/modules/cloud/services/servers.ts (1)

76-90: 🛠️ Refactor suggestion

⚠️ Potential issue

Persisting servers added before this patch may now return undefined

serverListStore.addServer now persists allowGuestDemoWorkspace.
However, existing entries in ServerListStore created by previous versions will lack this property.
Code that later reads server.config$.selector(c => c.allowGuestDemoWorkspace) (e.g. navigation guards) may receive undefined and mis-behave.

Mitigate by normalising on write:

-        allowGuestDemoWorkspace: config.allowGuestDemoWorkspace,
+        allowGuestDemoWorkspace:
+          config.allowGuestDemoWorkspace ?? true, // fallback for legacy records

and/or by adding a migration/default on read inside ServerListStore.

♻️ Duplicate comments (6)

packages/common/graphql/src/graphql/server-config.gql (1)

10-10: Same compatibility caveat as admin query

See remark on adminServerConfig.gql; apply the same guarded pattern here to avoid runtime 400 errors when hitting an old server.

packages/frontend/core/src/modules/cloud/constant.ts (5)

56-57: Same comment as above – duplication only.

---

81-82: Same comment as above – duplication only.

---

106-107: Same comment as above – duplication only.

---

131-132: Same comment as above – duplication only.

---

156-157: Same comment as above – duplication only.

🧹 Nitpick comments (9)

packages/frontend/core/src/modules/cloud/types.ts (1)

15-18: Interface update looks good but consider documenting default semantics

The added allowGuestDemoWorkspace flag fits the new server contract.
A short JSDoc comment explaining that “true ⇒ guests are allowed; false ⇒ force sign-in” would improve discoverability for consumers of this type.

.docker/selfhost/schema.json (1)

590-595: Property addition looks correct, but remember to update public docs / examples.

The new allowGuestDemoWorkspace key is well-formed (description + default).
Please ensure that any public self-host docs (README, installation guides, and sample config.yaml / env files) now mention this flag so operators know it exists; otherwise the feature will remain invisible.

packages/frontend/core/src/desktop/pages/invite/index.tsx (1)

24-36: Duplicate useNavigateHelper hook call

useNavigateHelper() is invoked twice—once to grab jumpToPage (line 24) and again for navigateHelper (line 35).
Calling the same hook multiple times is legal but wasteful and may allocate two independent helpers.

- const { jumpToPage } = useNavigateHelper();
+ const navigateHelper = useNavigateHelper();
+ const { jumpToPage } = navigateHelper;
 …
- const navigateHelper = useNavigateHelper();

Reduces one hook call and simplifies deps arrays.

packages/backend/server/src/core/version/config.ts (1)

32-35: Minor: keep dotted path naming consistent

Other keys are nested using dot notation (versionControl.*).
For consistency consider guestDemoWorkspace.enabled or access.allowGuestDemoWorkspace.
Not critical, but keeps the schema tidy and future-proof.

packages/frontend/core/src/components/cloud/share-header-right-item/user-avatar.tsx (1)

55-60: Duplicate sign-out logic – favour shared hook

This block repeats the exact flow already added in other components. Extract/ reuse the existing useSignOut (or create one) to keep behaviour aligned and unit-testable.

-const handleSignOut = useAsyncCallback(async () => {
-  await authService.signOut();
-  navigateHelper.jumpToSignIn();
-}, [authService, navigateHelper]);
+const handleSignOut = useSignOut();

packages/frontend/core/src/modules/cloud/constant.ts (1)

18-31: Avoid repeating identical defaults across every build-target entry

allowGuestDemoWorkspace: true is duplicated in each server-config block.
Consider defining the common defaults once and spreading them into each variant to keep this table DRY and reduce maintenance overhead when the property list inevitably grows.

-          config: {
+          const COMMON_DEFAULTS = {
+            allowGuestDemoWorkspace: true,
+          };
+
+          config: {
             serverName: 'Affine Selfhost',
             ...
-            credentialsRequirement: { ... },
-            allowGuestDemoWorkspace: true,
+            credentialsRequirement: { ... },
+            ...COMMON_DEFAULTS,
           },

packages/frontend/core/src/components/hooks/affine/use-sign-out.ts (1)

37-41: Guard against undefined server or stale config before branching

defaultServerService.server.config$.value assumes both server and the reactive config$ have been initialised.
A failed service initialisation or a transient null value would currently throw and break the sign-out flow.

-      if (defaultServerService.server.config$.value.allowGuestDemoWorkspace) {
+      if (defaultServerService?.server?.config$.value?.allowGuestDemoWorkspace) {

Optional chaining gives you a safe fallback path; the else branch already leads to the secure /sign-in route.

packages/frontend/core/src/desktop/pages/index/index.tsx (2)

92-97: Duplicate guest-redirect logic – extract to helper to stay DRY

The block that wipes last_workspace_id and calls jumpToSignIn() appears twice (initial navigation effect and workspace-creation effect). Consolidating this into a small utility (or at least a useCallback) will:

• Prevent future divergence
• Cut bundle bytes
• Make the intent easier to scan

+const redirectUnauthedGuests = useCallback(() => {
+  localStorage.removeItem('last_workspace_id');
+  jumpToSignIn();
+}, [jumpToSignIn]);

Then replace the two in-place snippets with redirectUnauthedGuests();.

Also applies to: 145-149

---

50-50: Consider useServiceOptional for resiliency

DefaultServerService is resolved with useService, which will throw if the DI container doesn’t provide it (e.g. during unit tests or a stripped-down self-host deployment). Using useServiceOptional (and asserting non-null afterwards) avoids a hard crash and aligns with how DesktopApiService is handled further down.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c846c57 and 15ae438.

📒 Files selected for processing (20)

• .docker/selfhost/schema.json (1 hunks)
• packages/backend/server/src/core/config/resolver.ts (1 hunks)
• packages/backend/server/src/core/config/types.ts (1 hunks)
• packages/backend/server/src/core/version/config.ts (2 hunks)
• packages/backend/server/src/schema.gql (1 hunks)
• packages/common/graphql/src/graphql/admin/admin-server-config.gql (1 hunks)
• packages/common/graphql/src/graphql/index.ts (2 hunks)
• packages/common/graphql/src/graphql/server-config.gql (1 hunks)
• packages/common/graphql/src/schema.ts (3 hunks)
• packages/frontend/admin/src/config.json (1 hunks)
• packages/frontend/core/src/components/cloud/share-header-right-item/user-avatar.tsx (2 hunks)
• packages/frontend/core/src/components/hooks/affine/use-sign-out.ts (2 hunks)
• packages/frontend/core/src/components/workspace-selector/user-with-workspace-list/workspace-list/index.tsx (1 hunks)
• packages/frontend/core/src/desktop/pages/index/index.tsx (5 hunks)
• packages/frontend/core/src/desktop/pages/invite/index.tsx (1 hunks)
• packages/frontend/core/src/mobile/components/workspace-selector/menu.tsx (1 hunks)
• packages/frontend/core/src/modules/cloud/constant.ts (6 hunks)
• packages/frontend/core/src/modules/cloud/entities/server.ts (1 hunks)
• packages/frontend/core/src/modules/cloud/services/servers.ts (1 hunks)
• packages/frontend/core/src/modules/cloud/types.ts (1 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (2)

packages/frontend/core/src/components/hooks/affine/use-sign-out.ts (4)

packages/common/infra/src/framework/react/index.tsx (2)

• useService (15-17)
• useServices (29-45)

packages/frontend/core/src/modules/cloud/stores/auth.ts (1)

• signOut (103-105)

packages/frontend/core/src/modules/cloud/services/auth.ts (1)

• signOut (188-192)

packages/backend/server/src/base/error/def.ts (1)

• UserFriendlyError (63-166)

packages/frontend/core/src/desktop/pages/index/index.tsx (2)

packages/common/infra/src/framework/react/index.tsx (1)

• useService (15-17)

packages/frontend/core/src/modules/cloud/index.ts (1)

• DefaultServerService (12-12)

🔇 Additional comments (11)

packages/backend/server/src/schema.gql (1)

1572-1574: allowGuestDemoWorkspace field looks correct and is well-documented

The new non-nullable Boolean is self-explanatory and matches the resolver implementation.
No concerns here.

packages/frontend/core/src/mobile/components/workspace-selector/menu.tsx (1)

229-233: Sign-out flow correctly redirects – LGTM

The additional jumpToSignIn() ensures a consistent post-logout UX, and the dependency array is updated accordingly.

packages/frontend/core/src/modules/cloud/entities/server.ts (1)

81-88: Verify store type supports the new field.

allowGuestDemoWorkspace is forwarded into updateServerConfig, but the method’s parameter type (in ServerListStore) must include it; otherwise TypeScript will silently allow the excess property at call-site and then drop it, leaving the UI with stale data.

 // packages/frontend/core/src/modules/cloud/stores/server-list.ts (example)
 export interface StoredServerConfig {
   …
+  allowGuestDemoWorkspace: boolean;
 }

Please confirm the store interface and any persistence layer migrations were updated; otherwise client logic that reads this flag may always fall back to undefined.

packages/frontend/admin/src/config.json (1)

206-210: Consistent “Boolean” type 👍

Entry matches the existing typing style in this JSON spec. No issues spotted.

packages/frontend/core/src/desktop/pages/invite/index.tsx (1)

84-88: Good UX improvement – immediate redirect after sign-out

Automatically routing the user to /sign-in eliminates a blank screen and matches the behaviour introduced elsewhere.

packages/common/graphql/src/graphql/admin/admin-server-config.gql (1)

10-10:

❓ Verification inconclusive

GraphQL field addition may break older deployments

Adding allowGuestDemoWorkspace to the selection set means the query will fail against servers that have not yet been upgraded, blocking the whole UI that depends on this query.
Unless the FE & BE are always deployed atomically, gate the field behind @skip(if:), a separate “probe” query, or use a versioned endpoint.

---

🏁 Script executed:

#!/bin/bash
set -e

# Locate the GraphQL file
FILE=$(fd admin-server-config.gql -t f)
echo "Inspecting file: $FILE"
echo "----- File Content (first 200 lines) -----"
sed -n '1,200p' "$FILE"

# Check where and how this query is used in the codebase
echo "----- References to admin-server-config.gql -----"
grep -R "admin-server-config.gql" -n packages

echo "----- References to query name or import usage -----"
grep -R "adminServerConfig" -n packages || true

Length of output: 1047

---

Gate new GraphQL field in admin-server-config.gql to avoid breaking older deployments

The allowGuestDemoWorkspace field was added to the selection set in
packages/common/graphql/src/graphql/admin/admin-server-config.gql (around line 6). Any client querying an older server that doesn’t yet expose this field will receive an error, potentially blocking the UI.

Unless your frontend and backend are guaranteed to be deployed atomically, please consider one of the following strategies:

• Wrap allowGuestDemoWorkspace with a GraphQL directive, e.g.

  allowGuestDemoWorkspace @skip(if: $isOldServer)

• Extract it into a separate “probe” query that won’t block rendering of the main UI
• Use a versioned GraphQL endpoint so new fields don’t affect older deployments

packages/common/graphql/src/graphql/index.ts (2)

30-36: Field inclusion looks correct

allowGuestDemoWorkspace is now queried – aligns with schema changes. No issues spotted.

---

1700-1707: Server-config query updated correctly

The extra selection ensures clients receive the new flag. Looks good.

packages/common/graphql/src/schema.ts (3)

2153-2154: Expose allowGuestDemoWorkspace in ServerConfigType.

This addition correctly extends the GraphQL schema type with the new flag to control guest demo workspace access.

---

2713-2713: Add allowGuestDemoWorkspace to AdminServerConfigQuery response.

Ensures the admin server config query returns the new flag for client-side enforcement.

---

4657-4657: Include allowGuestDemoWorkspace in ServerConfigQuery response.

Makes the standard server config query expose the new flag.

[codecov]

Codecov Report

Attention: Patch coverage is 94.44444% with 1 line in your changes missing coverage. Please review.

Project coverage is 55.84%. Comparing base (c846c57) to head (029bcc0).
Report is 5 commits behind head on canary.

Files with missing lines	Patch %	Lines
...ackages/backend/server/src/core/config/resolver.ts	50.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           canary   #12779      +/-   ##
==========================================
+ Coverage   55.63%   55.84%   +0.20%     
==========================================
  Files        2653     2654       +1     
  Lines      125319   125353      +34     
  Branches    19839    19842       +3     
==========================================
+ Hits        69721    69998     +277     
+ Misses      53847    53219     -628     
- Partials     1751     2136     +385     

Flag	Coverage Δ
server-test	79.04% <92.30%> (+0.01%)	⬆️
unittest	31.61% <100.00%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

packages/frontend/core/src/components/hooks/affine/__tests__/use-sign-out.spec.ts (1)

1-4: Nit: remove unnecessary ESLint disable

/* eslint-disable rxjs/finnish */ appears unrelated to this file (no RxJS).
Unless the linter actually complains, drop the directive to keep the header clean.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 15ae438 and a03c5dd.

📒 Files selected for processing (7)

• packages/backend/server/src/core/config/resolver.ts (1 hunks)
• packages/backend/server/src/core/config/types.ts (1 hunks)
• packages/backend/server/src/core/version/config.ts (2 hunks)
• packages/backend/server/src/schema.gql (1 hunks)
• packages/frontend/core/src/components/hooks/affine/__tests__/use-sign-out.spec.ts (1 hunks)
• packages/frontend/core/src/components/workspace-selector/user-with-workspace-list/workspace-list/index.tsx (2 hunks)
• packages/frontend/core/src/desktop/pages/index/index.tsx (6 hunks)

🚧 Files skipped from review as they are similar to previous changes (6)

• packages/backend/server/src/core/config/types.ts
• packages/backend/server/src/schema.gql
• packages/backend/server/src/core/config/resolver.ts
• packages/frontend/core/src/components/workspace-selector/user-with-workspace-list/workspace-list/index.tsx
• packages/backend/server/src/core/version/config.ts
• packages/frontend/core/src/desktop/pages/index/index.tsx