mirror of
https://github.com/gristlabs/grist-core.git
synced 2024-10-27 20:44:07 +00:00
(core) add minimal support for activation keys
Summary: For grist-ee, expect an activation key in environment variable `GRIST_ACTIVATION` or in a file pointed to by `GRIST_ACTIVATION_FILE`. In absence of key, start a 30-day trial, during which a banner is shown. Once trial expires, installation goes into document-read-only mode. Test Plan: added a test Reviewers: dsagal Reviewed By: dsagal Subscribers: jarek Differential Revision: https://phab.getgrist.com/D3426
This commit is contained in:
parent
f48d579f64
commit
e4d47a2f3c
@ -518,6 +518,23 @@ export interface GristLoadConfig {
|
||||
|
||||
// Google Tag Manager id. Currently only used to load tag manager for reporting new sign-ups.
|
||||
tagManagerId?: string;
|
||||
|
||||
activation?: ActivationState;
|
||||
}
|
||||
|
||||
/**
|
||||
* For a packaged version of Grist that requires activation, this
|
||||
* summarizes the current state. Not applicable to grist-core.
|
||||
*/
|
||||
export interface ActivationState {
|
||||
trial?: { // Present when installation has not yet been activated.
|
||||
days: number; // Max number of days allowed prior to activation.
|
||||
daysLeft: number; // Number of days left until Grist will get cranky.
|
||||
}
|
||||
needKey?: boolean; // Set when Grist is cranky and demanding activation.
|
||||
key?: { // Set when Grist is activated.
|
||||
daysLeft?: number; // Number of days until Grist will need reactivation.
|
||||
}
|
||||
}
|
||||
|
||||
// Acceptable org subdomains are alphanumeric (hyphen also allowed) and of
|
||||
|
17
app/gen-server/entity/Activation.ts
Normal file
17
app/gen-server/entity/Activation.ts
Normal file
@ -0,0 +1,17 @@
|
||||
import {BaseEntity, Column, Entity, PrimaryColumn} from "typeorm";
|
||||
|
||||
@Entity({name: 'activations'})
|
||||
export class Activation extends BaseEntity {
|
||||
|
||||
@PrimaryColumn()
|
||||
public id: string;
|
||||
|
||||
@Column({name: 'key', type: 'text', nullable: true})
|
||||
public key: string|null;
|
||||
|
||||
@Column({name: 'created_at', default: () => "CURRENT_TIMESTAMP"})
|
||||
public createdAt: Date;
|
||||
|
||||
@Column({name: 'updated_at', default: () => "CURRENT_TIMESTAMP"})
|
||||
public updatedAt: Date;
|
||||
}
|
28
app/gen-server/lib/Activations.ts
Normal file
28
app/gen-server/lib/Activations.ts
Normal file
@ -0,0 +1,28 @@
|
||||
import { makeId } from 'app/server/lib/idUtils';
|
||||
import { Activation } from 'app/gen-server/entity/Activation';
|
||||
import { HomeDBManager } from 'app/gen-server/lib/HomeDBManager';
|
||||
|
||||
/**
|
||||
* Manage activations. Not much to do currently, there is at most one
|
||||
* activation. The activation singleton establishes an id and creation
|
||||
* time for the installation.
|
||||
*/
|
||||
export class Activations {
|
||||
constructor(private _db: HomeDBManager) {
|
||||
}
|
||||
|
||||
// Get the current activation row, creating one if necessary.
|
||||
// It will be created with an empty key column, which will get
|
||||
// filled in once an activation key is presented.
|
||||
public current(): Promise<Activation> {
|
||||
return this._db.connection.manager.transaction(async manager => {
|
||||
let activation = await manager.findOne(Activation);
|
||||
if (!activation) {
|
||||
activation = manager.create(Activation);
|
||||
activation.id = makeId();
|
||||
await activation.save();
|
||||
}
|
||||
return activation;
|
||||
});
|
||||
}
|
||||
}
|
@ -253,6 +253,8 @@ export class HomeDBManager extends EventEmitter {
|
||||
// deployments on same subdomain.
|
||||
|
||||
private _docAuthCache = new MapWithTTL<string, Promise<DocAuthResult>>(DOC_AUTH_CACHE_TTL);
|
||||
// In restricted mode, documents should be read-only.
|
||||
private _restrictedMode: boolean = false;
|
||||
|
||||
public emit(event: NotifierEvent, ...args: any[]): boolean {
|
||||
return super.emit(event, ...args);
|
||||
@ -338,6 +340,10 @@ export class HomeDBManager extends EventEmitter {
|
||||
this._idPrefix = prefix;
|
||||
}
|
||||
|
||||
public setRestrictedMode(restricted: boolean) {
|
||||
this._restrictedMode = restricted;
|
||||
}
|
||||
|
||||
public async connect(): Promise<void> {
|
||||
try {
|
||||
// If multiple servers are started within the same process, we
|
||||
@ -1104,7 +1110,7 @@ export class HomeDBManager extends EventEmitter {
|
||||
if (docs.length > 1) { throw new ApiError('ambiguous document request', 400); }
|
||||
doc = docs[0];
|
||||
const features = doc.workspace.org.billingAccount.product.features;
|
||||
if (features.readOnlyDocs) {
|
||||
if (features.readOnlyDocs || this._restrictedMode) {
|
||||
// Don't allow any access to docs that is stronger than "viewers".
|
||||
doc.access = roles.getWeakestRole('viewers', doc.access);
|
||||
}
|
||||
|
39
app/gen-server/migration/1652273656610-Activations.ts
Normal file
39
app/gen-server/migration/1652273656610-Activations.ts
Normal file
@ -0,0 +1,39 @@
|
||||
import {MigrationInterface, QueryRunner, Table} from 'typeorm';
|
||||
|
||||
export class Activations1652273656610 implements MigrationInterface {
|
||||
|
||||
public async up(queryRunner: QueryRunner): Promise<any> {
|
||||
// created_at and updated_at code is based on *-Initial.ts
|
||||
const sqlite = queryRunner.connection.driver.options.type === 'sqlite';
|
||||
const datetime = sqlite ? "datetime" : "timestamp with time zone";
|
||||
const now = "now()";
|
||||
await queryRunner.createTable(new Table({
|
||||
name: 'activations',
|
||||
columns: [
|
||||
{
|
||||
name: "id",
|
||||
type: "varchar",
|
||||
isPrimary: true,
|
||||
},
|
||||
{
|
||||
name: "key",
|
||||
type: "varchar",
|
||||
isNullable: true,
|
||||
},
|
||||
{
|
||||
name: "created_at",
|
||||
type: datetime,
|
||||
default: now
|
||||
},
|
||||
{
|
||||
name: "updated_at",
|
||||
type: datetime,
|
||||
default: now
|
||||
},
|
||||
]}));
|
||||
}
|
||||
|
||||
public async down(queryRunner: QueryRunner): Promise<any> {
|
||||
await queryRunner.dropTable('activations');
|
||||
}
|
||||
}
|
@ -1,6 +1,7 @@
|
||||
import {ApiError} from 'app/common/ApiError';
|
||||
import {OpenDocMode} from 'app/common/DocListAPI';
|
||||
import {ErrorWithCode} from 'app/common/ErrorWithCode';
|
||||
import {ActivationState} from 'app/common/gristUrls';
|
||||
import {FullUser, UserProfile} from 'app/common/LoginSessionAPI';
|
||||
import {canEdit, canView, getWeakestRole, Role} from 'app/common/roles';
|
||||
import {UserOptions} from 'app/common/UserAPI';
|
||||
@ -34,6 +35,7 @@ export interface RequestWithLogin extends Request {
|
||||
docAuth?: DocAuthResult; // For doc requests, the docId and the user's access level.
|
||||
specialPermit?: Permit;
|
||||
altSessionId?: string; // a session id for use in trigger formulas and granular access rules
|
||||
activation?: ActivationState;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -12,6 +12,7 @@ import {ApiServer} from 'app/gen-server/ApiServer';
|
||||
import {Document} from "app/gen-server/entity/Document";
|
||||
import {Organization} from "app/gen-server/entity/Organization";
|
||||
import {Workspace} from 'app/gen-server/entity/Workspace';
|
||||
import {Activations} from 'app/gen-server/lib/Activations';
|
||||
import {DocApiForwarder} from 'app/gen-server/lib/DocApiForwarder';
|
||||
import {getDocWorkerMap} from 'app/gen-server/lib/DocWorkerMap';
|
||||
import {HomeDBManager} from 'app/gen-server/lib/HomeDBManager';
|
||||
@ -470,6 +471,9 @@ export class FlexServer implements GristServer {
|
||||
await this._dbManager.initializeSpecialIds();
|
||||
// Report which database we are using, without sensitive credentials.
|
||||
this.info.push(['database', getDatabaseUrl(this._dbManager.connection.options, false)]);
|
||||
// If the installation appears to be new, give it an id and a creation date.
|
||||
const activations = new Activations(this._dbManager);
|
||||
await activations.current();
|
||||
}
|
||||
|
||||
public addDocWorkerMap() {
|
||||
@ -566,6 +570,12 @@ export class FlexServer implements GristServer {
|
||||
this._billing.addEventHandlers();
|
||||
}
|
||||
|
||||
public async addBillingMiddleware() {
|
||||
if (this._check('activation', 'homedb')) { return; }
|
||||
this._getBilling();
|
||||
await this._billing.addMiddleware?.(this.app);
|
||||
}
|
||||
|
||||
/**
|
||||
* Add a /api/log endpoint that simply outputs client errors to our
|
||||
* logs. This is a minimal placeholder for a special-purpose
|
||||
|
@ -4,4 +4,5 @@ export interface IBilling {
|
||||
addEndpoints(app: express.Express): void;
|
||||
addEventHandlers(): void;
|
||||
addWebhooks(app: express.Express): void;
|
||||
addMiddleware?(app: express.Express): Promise<void>;
|
||||
}
|
||||
|
@ -9,6 +9,7 @@ import {INotifier} from 'app/server/lib/INotifier';
|
||||
import {ISandbox, ISandboxCreationOptions} from 'app/server/lib/ISandbox';
|
||||
import {IShell} from 'app/server/lib/IShell';
|
||||
import {createSandbox} from 'app/server/lib/NSandbox';
|
||||
import * as express from 'express';
|
||||
|
||||
export interface ICreate {
|
||||
|
||||
@ -48,13 +49,18 @@ export interface ICreateStorageOptions {
|
||||
export function makeSimpleCreator(opts: {
|
||||
sessionSecret?: string,
|
||||
storage?: ICreateStorageOptions[],
|
||||
activationMiddleware?: (db: HomeDBManager, app: express.Express) => Promise<void>,
|
||||
}): ICreate {
|
||||
return {
|
||||
Billing() {
|
||||
Billing(db) {
|
||||
return {
|
||||
addEndpoints() { /* do nothing */ },
|
||||
addEventHandlers() { /* do nothing */ },
|
||||
addWebhooks() { /* do nothing */ }
|
||||
addWebhooks() { /* do nothing */ },
|
||||
async addMiddleware(app) {
|
||||
// add activation middleware, if needed.
|
||||
return opts?.activationMiddleware?.(db, app);
|
||||
}
|
||||
};
|
||||
},
|
||||
Notifier() {
|
||||
|
@ -1,6 +1,6 @@
|
||||
import {GristLoadConfig} from 'app/common/gristUrls';
|
||||
import {getTagManagerSnippet} from 'app/common/tagManager';
|
||||
import {isAnonymousUser} from 'app/server/lib/Authorizer';
|
||||
import {isAnonymousUser, RequestWithLogin} from 'app/server/lib/Authorizer';
|
||||
import {RequestWithOrg} from 'app/server/lib/extractOrg';
|
||||
import {GristServer} from 'app/server/lib/GristServer';
|
||||
import {getSupportedEngineChoices} from 'app/server/lib/serverUtils';
|
||||
@ -49,6 +49,7 @@ export function makeGristConfig(homeUrl: string|null, extra: Partial<GristLoadCo
|
||||
enableWidgetRepository: Boolean(process.env.GRIST_WIDGET_LIST_URL),
|
||||
survey: Boolean(process.env.DOC_ID_NEW_USER_INFO),
|
||||
tagManagerId: process.env.GOOGLE_TAG_MANAGER_ID,
|
||||
activation: (mreq as RequestWithLogin|undefined)?.activation,
|
||||
...extra,
|
||||
};
|
||||
}
|
||||
@ -91,7 +92,22 @@ export function makeSendAppPage(opts: {
|
||||
const staticOrigin = process.env.APP_STATIC_URL || "";
|
||||
const staticBaseUrl = `${staticOrigin}/v/${options.tag || tag}/`;
|
||||
const customHeadHtmlSnippet = server?.create.getExtraHeadHtml?.() ?? "";
|
||||
const warning = testLogin ? "<div class=\"dev_warning\">Authentication is not enforced</div>" : "";
|
||||
// TODO: Temporary changes until there is a handy banner to put this in.
|
||||
let warning = testLogin ? "<div class=\"dev_warning\">Authentication is not enforced</div>" : "";
|
||||
const activation = config.activation;
|
||||
if (!warning && activation) {
|
||||
if (activation.trial) {
|
||||
warning = `Trial: ${activation.trial.daysLeft} day(s) left`;
|
||||
} else if (activation.needKey) {
|
||||
warning = 'Activation key needed. Documents in read-only mode.';
|
||||
} else if (activation.key?.daysLeft && activation.key.daysLeft < 30) {
|
||||
warning = `Need reactivation in ${activation.key.daysLeft} day(s)`;
|
||||
}
|
||||
if (warning) {
|
||||
warning = `<div class="dev_warning activation-msg">${warning}</div>`;
|
||||
}
|
||||
}
|
||||
// Temporary changes end.
|
||||
const content = fileContent
|
||||
.replace("<!-- INSERT WARNING -->", warning)
|
||||
.replace("<!-- INSERT BASE -->", `<base href="${staticBaseUrl}">` + tagManagerSnippet)
|
||||
|
@ -98,6 +98,7 @@ export async function main(port: number, serverTypes: ServerType[],
|
||||
|
||||
server.addAccessMiddleware();
|
||||
server.addApiMiddleware();
|
||||
await server.addBillingMiddleware();
|
||||
|
||||
await server.start();
|
||||
|
||||
|
@ -59,12 +59,13 @@ export async function main() {
|
||||
await fse.mkdirp(process.env.GRIST_DATA_DIR!);
|
||||
// Make a blank db if needed.
|
||||
await updateDb();
|
||||
const db = new HomeDBManager();
|
||||
await db.connect();
|
||||
await db.initializeSpecialIds({skipWorkspaces: true});
|
||||
|
||||
// If a team/organization is specified, make sure it exists.
|
||||
const org = process.env.GRIST_SINGLE_ORG;
|
||||
if (org && org !== 'docs') {
|
||||
const db = new HomeDBManager();
|
||||
await db.connect();
|
||||
await db.initializeSpecialIds({skipWorkspaces: true});
|
||||
try {
|
||||
db.unwrapQueryResult(await db.getOrg({
|
||||
userId: db.getPreviewerUserId(),
|
||||
@ -94,6 +95,7 @@ export async function main() {
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
// Launch single-port, self-contained version of Grist.
|
||||
const server = await mergedServerMain(G.port, ["home", "docs", "static"]);
|
||||
if (process.env.GRIST_TESTING_SOCKET) {
|
||||
|
Loading…
Reference in New Issue
Block a user