(core) add minimal support for activation keys

Summary: For grist-ee, expect an activation key in environment variable `GRIST_ACTIVATION` or in a file pointed to by `GRIST_ACTIVATION_FILE`. In absence of key, start a 30-day trial, during which a banner is shown. Once trial expires, installation goes into document-read-only mode. Test Plan: added a test Reviewers: dsagal Reviewed By: dsagal Subscribers: jarek Differential Revision: https://phab.getgrist.com/D3426
2026-03-02 04:09:24 +00:00 · 2022-05-11 15:05:35 -04:00
parent f48d579f64
commit e4d47a2f3c
12 changed files with 153 additions and 8 deletions
--- a/app/gen-server/lib/Activations.ts
+++ b/app/gen-server/lib/Activations.ts
@@ -0,0 +1,28 @@
+import { makeId } from 'app/server/lib/idUtils';
+import { Activation } from 'app/gen-server/entity/Activation';
+import { HomeDBManager } from 'app/gen-server/lib/HomeDBManager';
+
+/**
+ * Manage activations. Not much to do currently, there is at most one
+ * activation. The activation singleton establishes an id and creation
+ * time for the installation.
+ */
+export class Activations {
+  constructor(private _db: HomeDBManager) {
+  }
+
+  // Get the current activation row, creating one if necessary.
+  // It will be created with an empty key column, which will get
+  // filled in once an activation key is presented.
+  public current(): Promise<Activation> {
+    return this._db.connection.manager.transaction(async manager => {
+      let activation = await manager.findOne(Activation);
+      if (!activation) {
+        activation = manager.create(Activation);
+        activation.id = makeId();
+        await activation.save();
+      }
+      return activation;
+    });
+  }
+}
--- a/app/gen-server/lib/HomeDBManager.ts
+++ b/app/gen-server/lib/HomeDBManager.ts
@@ -253,6 +253,8 @@ export class HomeDBManager extends EventEmitter {
                                   // deployments on same subdomain.

  private _docAuthCache = new MapWithTTL<string, Promise<DocAuthResult>>(DOC_AUTH_CACHE_TTL);
+  // In restricted mode, documents should be read-only.
+  private _restrictedMode: boolean = false;

  public emit(event: NotifierEvent, ...args: any[]): boolean {
    return super.emit(event, ...args);
@@ -338,6 +340,10 @@ export class HomeDBManager extends EventEmitter {
    this._idPrefix = prefix;
  }

+  public setRestrictedMode(restricted: boolean) {
+    this._restrictedMode = restricted;
+  }
+
  public async connect(): Promise<void> {
    try {
      // If multiple servers are started within the same process, we
@@ -1104,7 +1110,7 @@ export class HomeDBManager extends EventEmitter {
      if (docs.length > 1) { throw new ApiError('ambiguous document request', 400); }
      doc = docs[0];
      const features = doc.workspace.org.billingAccount.product.features;
-      if (features.readOnlyDocs) {
+      if (features.readOnlyDocs || this._restrictedMode) {
        // Don't allow any access to docs that is stronger than "viewers".
        doc.access = roles.getWeakestRole('viewers', doc.access);
      }