mirror of
https://github.com/gristlabs/grist-core.git
synced 2024-10-27 20:44:07 +00:00
(core) add minimal support for activation keys
Summary: For grist-ee, expect an activation key in environment variable `GRIST_ACTIVATION` or in a file pointed to by `GRIST_ACTIVATION_FILE`. In absence of key, start a 30-day trial, during which a banner is shown. Once trial expires, installation goes into document-read-only mode. Test Plan: added a test Reviewers: dsagal Reviewed By: dsagal Subscribers: jarek Differential Revision: https://phab.getgrist.com/D3426
This commit is contained in:
parent
f48d579f64
commit
e4d47a2f3c
@ -518,6 +518,23 @@ export interface GristLoadConfig {
|
|||||||
|
|
||||||
// Google Tag Manager id. Currently only used to load tag manager for reporting new sign-ups.
|
// Google Tag Manager id. Currently only used to load tag manager for reporting new sign-ups.
|
||||||
tagManagerId?: string;
|
tagManagerId?: string;
|
||||||
|
|
||||||
|
activation?: ActivationState;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* For a packaged version of Grist that requires activation, this
|
||||||
|
* summarizes the current state. Not applicable to grist-core.
|
||||||
|
*/
|
||||||
|
export interface ActivationState {
|
||||||
|
trial?: { // Present when installation has not yet been activated.
|
||||||
|
days: number; // Max number of days allowed prior to activation.
|
||||||
|
daysLeft: number; // Number of days left until Grist will get cranky.
|
||||||
|
}
|
||||||
|
needKey?: boolean; // Set when Grist is cranky and demanding activation.
|
||||||
|
key?: { // Set when Grist is activated.
|
||||||
|
daysLeft?: number; // Number of days until Grist will need reactivation.
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Acceptable org subdomains are alphanumeric (hyphen also allowed) and of
|
// Acceptable org subdomains are alphanumeric (hyphen also allowed) and of
|
||||||
|
17
app/gen-server/entity/Activation.ts
Normal file
17
app/gen-server/entity/Activation.ts
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
import {BaseEntity, Column, Entity, PrimaryColumn} from "typeorm";
|
||||||
|
|
||||||
|
@Entity({name: 'activations'})
|
||||||
|
export class Activation extends BaseEntity {
|
||||||
|
|
||||||
|
@PrimaryColumn()
|
||||||
|
public id: string;
|
||||||
|
|
||||||
|
@Column({name: 'key', type: 'text', nullable: true})
|
||||||
|
public key: string|null;
|
||||||
|
|
||||||
|
@Column({name: 'created_at', default: () => "CURRENT_TIMESTAMP"})
|
||||||
|
public createdAt: Date;
|
||||||
|
|
||||||
|
@Column({name: 'updated_at', default: () => "CURRENT_TIMESTAMP"})
|
||||||
|
public updatedAt: Date;
|
||||||
|
}
|
28
app/gen-server/lib/Activations.ts
Normal file
28
app/gen-server/lib/Activations.ts
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
import { makeId } from 'app/server/lib/idUtils';
|
||||||
|
import { Activation } from 'app/gen-server/entity/Activation';
|
||||||
|
import { HomeDBManager } from 'app/gen-server/lib/HomeDBManager';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Manage activations. Not much to do currently, there is at most one
|
||||||
|
* activation. The activation singleton establishes an id and creation
|
||||||
|
* time for the installation.
|
||||||
|
*/
|
||||||
|
export class Activations {
|
||||||
|
constructor(private _db: HomeDBManager) {
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get the current activation row, creating one if necessary.
|
||||||
|
// It will be created with an empty key column, which will get
|
||||||
|
// filled in once an activation key is presented.
|
||||||
|
public current(): Promise<Activation> {
|
||||||
|
return this._db.connection.manager.transaction(async manager => {
|
||||||
|
let activation = await manager.findOne(Activation);
|
||||||
|
if (!activation) {
|
||||||
|
activation = manager.create(Activation);
|
||||||
|
activation.id = makeId();
|
||||||
|
await activation.save();
|
||||||
|
}
|
||||||
|
return activation;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
@ -253,6 +253,8 @@ export class HomeDBManager extends EventEmitter {
|
|||||||
// deployments on same subdomain.
|
// deployments on same subdomain.
|
||||||
|
|
||||||
private _docAuthCache = new MapWithTTL<string, Promise<DocAuthResult>>(DOC_AUTH_CACHE_TTL);
|
private _docAuthCache = new MapWithTTL<string, Promise<DocAuthResult>>(DOC_AUTH_CACHE_TTL);
|
||||||
|
// In restricted mode, documents should be read-only.
|
||||||
|
private _restrictedMode: boolean = false;
|
||||||
|
|
||||||
public emit(event: NotifierEvent, ...args: any[]): boolean {
|
public emit(event: NotifierEvent, ...args: any[]): boolean {
|
||||||
return super.emit(event, ...args);
|
return super.emit(event, ...args);
|
||||||
@ -338,6 +340,10 @@ export class HomeDBManager extends EventEmitter {
|
|||||||
this._idPrefix = prefix;
|
this._idPrefix = prefix;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public setRestrictedMode(restricted: boolean) {
|
||||||
|
this._restrictedMode = restricted;
|
||||||
|
}
|
||||||
|
|
||||||
public async connect(): Promise<void> {
|
public async connect(): Promise<void> {
|
||||||
try {
|
try {
|
||||||
// If multiple servers are started within the same process, we
|
// If multiple servers are started within the same process, we
|
||||||
@ -1104,7 +1110,7 @@ export class HomeDBManager extends EventEmitter {
|
|||||||
if (docs.length > 1) { throw new ApiError('ambiguous document request', 400); }
|
if (docs.length > 1) { throw new ApiError('ambiguous document request', 400); }
|
||||||
doc = docs[0];
|
doc = docs[0];
|
||||||
const features = doc.workspace.org.billingAccount.product.features;
|
const features = doc.workspace.org.billingAccount.product.features;
|
||||||
if (features.readOnlyDocs) {
|
if (features.readOnlyDocs || this._restrictedMode) {
|
||||||
// Don't allow any access to docs that is stronger than "viewers".
|
// Don't allow any access to docs that is stronger than "viewers".
|
||||||
doc.access = roles.getWeakestRole('viewers', doc.access);
|
doc.access = roles.getWeakestRole('viewers', doc.access);
|
||||||
}
|
}
|
||||||
|
39
app/gen-server/migration/1652273656610-Activations.ts
Normal file
39
app/gen-server/migration/1652273656610-Activations.ts
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
import {MigrationInterface, QueryRunner, Table} from 'typeorm';
|
||||||
|
|
||||||
|
export class Activations1652273656610 implements MigrationInterface {
|
||||||
|
|
||||||
|
public async up(queryRunner: QueryRunner): Promise<any> {
|
||||||
|
// created_at and updated_at code is based on *-Initial.ts
|
||||||
|
const sqlite = queryRunner.connection.driver.options.type === 'sqlite';
|
||||||
|
const datetime = sqlite ? "datetime" : "timestamp with time zone";
|
||||||
|
const now = "now()";
|
||||||
|
await queryRunner.createTable(new Table({
|
||||||
|
name: 'activations',
|
||||||
|
columns: [
|
||||||
|
{
|
||||||
|
name: "id",
|
||||||
|
type: "varchar",
|
||||||
|
isPrimary: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "key",
|
||||||
|
type: "varchar",
|
||||||
|
isNullable: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "created_at",
|
||||||
|
type: datetime,
|
||||||
|
default: now
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "updated_at",
|
||||||
|
type: datetime,
|
||||||
|
default: now
|
||||||
|
},
|
||||||
|
]}));
|
||||||
|
}
|
||||||
|
|
||||||
|
public async down(queryRunner: QueryRunner): Promise<any> {
|
||||||
|
await queryRunner.dropTable('activations');
|
||||||
|
}
|
||||||
|
}
|
@ -1,6 +1,7 @@
|
|||||||
import {ApiError} from 'app/common/ApiError';
|
import {ApiError} from 'app/common/ApiError';
|
||||||
import {OpenDocMode} from 'app/common/DocListAPI';
|
import {OpenDocMode} from 'app/common/DocListAPI';
|
||||||
import {ErrorWithCode} from 'app/common/ErrorWithCode';
|
import {ErrorWithCode} from 'app/common/ErrorWithCode';
|
||||||
|
import {ActivationState} from 'app/common/gristUrls';
|
||||||
import {FullUser, UserProfile} from 'app/common/LoginSessionAPI';
|
import {FullUser, UserProfile} from 'app/common/LoginSessionAPI';
|
||||||
import {canEdit, canView, getWeakestRole, Role} from 'app/common/roles';
|
import {canEdit, canView, getWeakestRole, Role} from 'app/common/roles';
|
||||||
import {UserOptions} from 'app/common/UserAPI';
|
import {UserOptions} from 'app/common/UserAPI';
|
||||||
@ -34,6 +35,7 @@ export interface RequestWithLogin extends Request {
|
|||||||
docAuth?: DocAuthResult; // For doc requests, the docId and the user's access level.
|
docAuth?: DocAuthResult; // For doc requests, the docId and the user's access level.
|
||||||
specialPermit?: Permit;
|
specialPermit?: Permit;
|
||||||
altSessionId?: string; // a session id for use in trigger formulas and granular access rules
|
altSessionId?: string; // a session id for use in trigger formulas and granular access rules
|
||||||
|
activation?: ActivationState;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -12,6 +12,7 @@ import {ApiServer} from 'app/gen-server/ApiServer';
|
|||||||
import {Document} from "app/gen-server/entity/Document";
|
import {Document} from "app/gen-server/entity/Document";
|
||||||
import {Organization} from "app/gen-server/entity/Organization";
|
import {Organization} from "app/gen-server/entity/Organization";
|
||||||
import {Workspace} from 'app/gen-server/entity/Workspace';
|
import {Workspace} from 'app/gen-server/entity/Workspace';
|
||||||
|
import {Activations} from 'app/gen-server/lib/Activations';
|
||||||
import {DocApiForwarder} from 'app/gen-server/lib/DocApiForwarder';
|
import {DocApiForwarder} from 'app/gen-server/lib/DocApiForwarder';
|
||||||
import {getDocWorkerMap} from 'app/gen-server/lib/DocWorkerMap';
|
import {getDocWorkerMap} from 'app/gen-server/lib/DocWorkerMap';
|
||||||
import {HomeDBManager} from 'app/gen-server/lib/HomeDBManager';
|
import {HomeDBManager} from 'app/gen-server/lib/HomeDBManager';
|
||||||
@ -470,6 +471,9 @@ export class FlexServer implements GristServer {
|
|||||||
await this._dbManager.initializeSpecialIds();
|
await this._dbManager.initializeSpecialIds();
|
||||||
// Report which database we are using, without sensitive credentials.
|
// Report which database we are using, without sensitive credentials.
|
||||||
this.info.push(['database', getDatabaseUrl(this._dbManager.connection.options, false)]);
|
this.info.push(['database', getDatabaseUrl(this._dbManager.connection.options, false)]);
|
||||||
|
// If the installation appears to be new, give it an id and a creation date.
|
||||||
|
const activations = new Activations(this._dbManager);
|
||||||
|
await activations.current();
|
||||||
}
|
}
|
||||||
|
|
||||||
public addDocWorkerMap() {
|
public addDocWorkerMap() {
|
||||||
@ -566,6 +570,12 @@ export class FlexServer implements GristServer {
|
|||||||
this._billing.addEventHandlers();
|
this._billing.addEventHandlers();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public async addBillingMiddleware() {
|
||||||
|
if (this._check('activation', 'homedb')) { return; }
|
||||||
|
this._getBilling();
|
||||||
|
await this._billing.addMiddleware?.(this.app);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Add a /api/log endpoint that simply outputs client errors to our
|
* Add a /api/log endpoint that simply outputs client errors to our
|
||||||
* logs. This is a minimal placeholder for a special-purpose
|
* logs. This is a minimal placeholder for a special-purpose
|
||||||
|
@ -4,4 +4,5 @@ export interface IBilling {
|
|||||||
addEndpoints(app: express.Express): void;
|
addEndpoints(app: express.Express): void;
|
||||||
addEventHandlers(): void;
|
addEventHandlers(): void;
|
||||||
addWebhooks(app: express.Express): void;
|
addWebhooks(app: express.Express): void;
|
||||||
|
addMiddleware?(app: express.Express): Promise<void>;
|
||||||
}
|
}
|
||||||
|
@ -9,6 +9,7 @@ import {INotifier} from 'app/server/lib/INotifier';
|
|||||||
import {ISandbox, ISandboxCreationOptions} from 'app/server/lib/ISandbox';
|
import {ISandbox, ISandboxCreationOptions} from 'app/server/lib/ISandbox';
|
||||||
import {IShell} from 'app/server/lib/IShell';
|
import {IShell} from 'app/server/lib/IShell';
|
||||||
import {createSandbox} from 'app/server/lib/NSandbox';
|
import {createSandbox} from 'app/server/lib/NSandbox';
|
||||||
|
import * as express from 'express';
|
||||||
|
|
||||||
export interface ICreate {
|
export interface ICreate {
|
||||||
|
|
||||||
@ -48,13 +49,18 @@ export interface ICreateStorageOptions {
|
|||||||
export function makeSimpleCreator(opts: {
|
export function makeSimpleCreator(opts: {
|
||||||
sessionSecret?: string,
|
sessionSecret?: string,
|
||||||
storage?: ICreateStorageOptions[],
|
storage?: ICreateStorageOptions[],
|
||||||
|
activationMiddleware?: (db: HomeDBManager, app: express.Express) => Promise<void>,
|
||||||
}): ICreate {
|
}): ICreate {
|
||||||
return {
|
return {
|
||||||
Billing() {
|
Billing(db) {
|
||||||
return {
|
return {
|
||||||
addEndpoints() { /* do nothing */ },
|
addEndpoints() { /* do nothing */ },
|
||||||
addEventHandlers() { /* do nothing */ },
|
addEventHandlers() { /* do nothing */ },
|
||||||
addWebhooks() { /* do nothing */ }
|
addWebhooks() { /* do nothing */ },
|
||||||
|
async addMiddleware(app) {
|
||||||
|
// add activation middleware, if needed.
|
||||||
|
return opts?.activationMiddleware?.(db, app);
|
||||||
|
}
|
||||||
};
|
};
|
||||||
},
|
},
|
||||||
Notifier() {
|
Notifier() {
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
import {GristLoadConfig} from 'app/common/gristUrls';
|
import {GristLoadConfig} from 'app/common/gristUrls';
|
||||||
import {getTagManagerSnippet} from 'app/common/tagManager';
|
import {getTagManagerSnippet} from 'app/common/tagManager';
|
||||||
import {isAnonymousUser} from 'app/server/lib/Authorizer';
|
import {isAnonymousUser, RequestWithLogin} from 'app/server/lib/Authorizer';
|
||||||
import {RequestWithOrg} from 'app/server/lib/extractOrg';
|
import {RequestWithOrg} from 'app/server/lib/extractOrg';
|
||||||
import {GristServer} from 'app/server/lib/GristServer';
|
import {GristServer} from 'app/server/lib/GristServer';
|
||||||
import {getSupportedEngineChoices} from 'app/server/lib/serverUtils';
|
import {getSupportedEngineChoices} from 'app/server/lib/serverUtils';
|
||||||
@ -49,6 +49,7 @@ export function makeGristConfig(homeUrl: string|null, extra: Partial<GristLoadCo
|
|||||||
enableWidgetRepository: Boolean(process.env.GRIST_WIDGET_LIST_URL),
|
enableWidgetRepository: Boolean(process.env.GRIST_WIDGET_LIST_URL),
|
||||||
survey: Boolean(process.env.DOC_ID_NEW_USER_INFO),
|
survey: Boolean(process.env.DOC_ID_NEW_USER_INFO),
|
||||||
tagManagerId: process.env.GOOGLE_TAG_MANAGER_ID,
|
tagManagerId: process.env.GOOGLE_TAG_MANAGER_ID,
|
||||||
|
activation: (mreq as RequestWithLogin|undefined)?.activation,
|
||||||
...extra,
|
...extra,
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
@ -91,7 +92,22 @@ export function makeSendAppPage(opts: {
|
|||||||
const staticOrigin = process.env.APP_STATIC_URL || "";
|
const staticOrigin = process.env.APP_STATIC_URL || "";
|
||||||
const staticBaseUrl = `${staticOrigin}/v/${options.tag || tag}/`;
|
const staticBaseUrl = `${staticOrigin}/v/${options.tag || tag}/`;
|
||||||
const customHeadHtmlSnippet = server?.create.getExtraHeadHtml?.() ?? "";
|
const customHeadHtmlSnippet = server?.create.getExtraHeadHtml?.() ?? "";
|
||||||
const warning = testLogin ? "<div class=\"dev_warning\">Authentication is not enforced</div>" : "";
|
// TODO: Temporary changes until there is a handy banner to put this in.
|
||||||
|
let warning = testLogin ? "<div class=\"dev_warning\">Authentication is not enforced</div>" : "";
|
||||||
|
const activation = config.activation;
|
||||||
|
if (!warning && activation) {
|
||||||
|
if (activation.trial) {
|
||||||
|
warning = `Trial: ${activation.trial.daysLeft} day(s) left`;
|
||||||
|
} else if (activation.needKey) {
|
||||||
|
warning = 'Activation key needed. Documents in read-only mode.';
|
||||||
|
} else if (activation.key?.daysLeft && activation.key.daysLeft < 30) {
|
||||||
|
warning = `Need reactivation in ${activation.key.daysLeft} day(s)`;
|
||||||
|
}
|
||||||
|
if (warning) {
|
||||||
|
warning = `<div class="dev_warning activation-msg">${warning}</div>`;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// Temporary changes end.
|
||||||
const content = fileContent
|
const content = fileContent
|
||||||
.replace("<!-- INSERT WARNING -->", warning)
|
.replace("<!-- INSERT WARNING -->", warning)
|
||||||
.replace("<!-- INSERT BASE -->", `<base href="${staticBaseUrl}">` + tagManagerSnippet)
|
.replace("<!-- INSERT BASE -->", `<base href="${staticBaseUrl}">` + tagManagerSnippet)
|
||||||
|
@ -98,6 +98,7 @@ export async function main(port: number, serverTypes: ServerType[],
|
|||||||
|
|
||||||
server.addAccessMiddleware();
|
server.addAccessMiddleware();
|
||||||
server.addApiMiddleware();
|
server.addApiMiddleware();
|
||||||
|
await server.addBillingMiddleware();
|
||||||
|
|
||||||
await server.start();
|
await server.start();
|
||||||
|
|
||||||
|
@ -59,12 +59,13 @@ export async function main() {
|
|||||||
await fse.mkdirp(process.env.GRIST_DATA_DIR!);
|
await fse.mkdirp(process.env.GRIST_DATA_DIR!);
|
||||||
// Make a blank db if needed.
|
// Make a blank db if needed.
|
||||||
await updateDb();
|
await updateDb();
|
||||||
|
const db = new HomeDBManager();
|
||||||
|
await db.connect();
|
||||||
|
await db.initializeSpecialIds({skipWorkspaces: true});
|
||||||
|
|
||||||
// If a team/organization is specified, make sure it exists.
|
// If a team/organization is specified, make sure it exists.
|
||||||
const org = process.env.GRIST_SINGLE_ORG;
|
const org = process.env.GRIST_SINGLE_ORG;
|
||||||
if (org && org !== 'docs') {
|
if (org && org !== 'docs') {
|
||||||
const db = new HomeDBManager();
|
|
||||||
await db.connect();
|
|
||||||
await db.initializeSpecialIds({skipWorkspaces: true});
|
|
||||||
try {
|
try {
|
||||||
db.unwrapQueryResult(await db.getOrg({
|
db.unwrapQueryResult(await db.getOrg({
|
||||||
userId: db.getPreviewerUserId(),
|
userId: db.getPreviewerUserId(),
|
||||||
@ -94,6 +95,7 @@ export async function main() {
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Launch single-port, self-contained version of Grist.
|
// Launch single-port, self-contained version of Grist.
|
||||||
const server = await mergedServerMain(G.port, ["home", "docs", "static"]);
|
const server = await mergedServerMain(G.port, ["home", "docs", "static"]);
|
||||||
if (process.env.GRIST_TESTING_SOCKET) {
|
if (process.env.GRIST_TESTING_SOCKET) {
|
||||||
|
Loading…
Reference in New Issue
Block a user