Web's env + wip email

mattrax · Sep 14, 2024 · 88d7798 · 88d7798
1 parent ac93784
commit 88d7798
Show file tree

Hide file tree

Showing 30 changed files with 461 additions and 243 deletions.
diff --git a/.env.example b/.env.example
@@ -1,14 +1,8 @@
 VITE_PROD_ORIGIN=http://localhost:3000
 DATABASE_URL='mysql://todo:[email protected]/todo?ssl={"rejectUnauthorized":true}'
+MANAGE_URL=https://mdm.example.com
 
-# Rust
 INTERNAL_SECRET=areallylongsecretthatyoushouldreplace
-MDM_URL=https://mdm.example.com
-ENTERPRISE_ENROLLMENT_URL=https://enterpriseenrollment.example.com
-
-# Billing
-STRIPE_PUBLISHABLE_KEY=
-STRIPE_SECRET_KEY=
 
 # Syncing users
 ENTRA_CLIENT_ID=
@@ -19,5 +13,5 @@ FROM_ADDRESS=console
 # AWS_ACCESS_KEY_ID=
 # AWS_SECRET_ACCESS_KEY=
 
-# Used for landing only
+# For `apps/landing`
 VITE_MATTRAX_CLOUD_ORIGIN=http://localhost:3000 # Should point to `apps/web`
diff --git a/apps/cloud/src/lib.rs b/apps/cloud/src/lib.rs
@@ -20,7 +20,7 @@ mod sql;
 pub struct Context {
     pub manage_domain: String,
     pub enrollment_domain: String,
-    pub internal_db_secret: String,
+    pub internal_secret: String,
     pub cert: Certificate,
     pub key: KeyPair,
     pub client: reqwest::Client,
@@ -40,8 +40,8 @@ impl Context {
                 .map_err(|_| "'MANAGE_DOMAIN' must be set")?,
             enrollment_domain: std::env::var("ENROLLMENT_DOMAIN")
                 .map_err(|_| "'ENROLLMENT_DOMAIN' must be set")?,
-            internal_db_secret: std::env::var("INTERNAL_DB_SECRET")
-                .map_err(|_| "'INTERNAL_DB_SECRET' must be set")?,
+            internal_secret: std::env::var("INTERNAL_SECRET")
+                .map_err(|_| "'INTERNAL_SECRET' must be set")?,
             cert: CertificateParams::from_ca_cert_pem(
                 &std::env::var("IDENTITY_CERT").map_err(|_| "'IDENTITY_CERT' must be set")?,
             )

diff --git a/apps/cloud/src/sql.rs b/apps/cloud/src/sql.rs
@@ -243,9 +243,9 @@ pub async fn auth(State(state): State<Arc<Context>>, request: Request, next: Nex
     if authorization
         != Some(&format!(
             "Basic {}",
-            STANDARD.encode(format!(":{}", &state.internal_db_secret))
+            STANDARD.encode(format!(":{}", &state.internal_secret))
         ))
-        && authorization != Some(&format!("Bearer {}", state.internal_db_secret))
+        && authorization != Some(&format!("Bearer {}", state.internal_secret))
     {
         return (StatusCode::UNAUTHORIZED, "Unauthorized").into_response();
     }

diff --git a/apps/landing/sst-env.d.ts b/apps/landing/sst-env.d.ts
@@ -9,10 +9,22 @@ declare module "sst" {
       "type": "sst.sst.Secret"
       "value": string
     }
+    "EntraClientID": {
+      "type": "sst.sst.Secret"
+      "value": string
+    }
+    "EntraClientSecret": {
+      "type": "sst.sst.Secret"
+      "value": string
+    }
     "cloud": {
       "name": string
       "type": "sst.aws.Function"
       "url": string
     }
+    "email": {
+      "sender": string
+      "type": "sst.aws.Email"
+    }
   }
 }
diff --git a/apps/web/src/api/auth.ts b/apps/web/src/api/auth.ts
@@ -113,10 +113,7 @@ export const checkAuth = cache(async () => {
 function getCookieDomain(event: RequestEvent) {
 	const url = new URL(event.request.url);
 	let domain = env.COOKIE_DOMAIN;
-	if (
-		env.PREVIEW_DOMAIN_SUFFIX &&
-		url.hostname.endsWith(env.PREVIEW_DOMAIN_SUFFIX)
-	) {
+	if (url.hostname.endsWith(".pages.dev")) {
 		domain = undefined;
 	}
 	return domain;

diff --git a/apps/web/src/api/rest/index.ts b/apps/web/src/api/rest/index.ts
@@ -22,10 +22,6 @@ export const app = new Hono<HonoEnv>()
 	.route("/waitlist", waitlistRouter)
 	.route("/webhook", webhookRouter)
 	.route("/ms", msRouter)
-	.get("/where_da_rust", async (c) => {
-		c.header("Cache-Control", "public,max-age=600,must-revalidate");
-		return c.text(env.MDM_URL);
-	})
 	.all("*", (c) => {
 		c.status(404);
 		if (c.req.raw.headers.get("Accept")?.includes("application/json")) {

diff --git a/apps/web/src/api/stripe.ts b/apps/web/src/api/stripe.ts
@@ -1,19 +1,19 @@
-import { env } from "~/env";
+// import { env } from "~/env";
 
-export async function useStripe() {
-	const secret = env.STRIPE_SECRET_KEY;
-	if (!secret) throw new Error("Missing 'STRIPE_SECRET_KEY'");
+// export async function useStripe() {
+// 	const secret = env.STRIPE_SECRET_KEY;
+// 	if (!secret) throw new Error("Missing 'STRIPE_SECRET_KEY'");
 
-	return import("stripe").then((mod) => {
-		const Stripe = mod.default;
+// 	return import("stripe").then((mod) => {
+// 		const Stripe = mod.default;
 
-		return Object.assign(
-			new Stripe(secret, {
-				apiVersion: "2024-06-20",
-				timeout: 1500,
-				httpClient: Stripe.createFetchHttpClient(),
-			}),
-			{ secret },
-		);
-	});
-}
+// 		return Object.assign(
+// 			new Stripe(secret, {
+// 				apiVersion: "2024-06-20",
+// 				timeout: 1500,
+// 				httpClient: Stripe.createFetchHttpClient(),
+// 			}),
+// 			{ secret },
+// 		);
+// 	});
+// }
diff --git a/apps/web/src/api/trpc/helpers.ts b/apps/web/src/api/trpc/helpers.ts
@@ -11,7 +11,6 @@ import { db, organisationMembers, organisations, tenants } from "~/db";
 import { withAccount } from "../account";
 import { checkAuth } from "../auth";
 import { withTenant } from "../tenant";
-import { invalidate } from "../utils/realtime";
 
 export const createTRPCContext = (event: H3Event) => {
 	return {
@@ -159,7 +158,7 @@ export const orgProcedure = authedProcedure
 
 		return opts.next({ ctx: { ...ctx, org } }).then((result) => {
 			// TODO: Right now we invalidate everything but we will need to be more specific in the future
-			if (type === "mutation") invalidate(org.slug);
+			// if (type === "mutation") invalidate(org.slug);
 			return result;
 		});
 	});
@@ -198,7 +197,7 @@ export const tenantProcedure = authedProcedure
 		return withTenant(tenant, () =>
 			opts.next({ ctx: { ...ctx, tenant } }).then((result) => {
 				// TODO: Right now we invalidate everything but we will need to be more specific in the future
-				if (type === "mutation") invalidate(tenant.orgSlug, input.tenantSlug);
+				// if (type === "mutation") invalidate(tenant.orgSlug, input.tenantSlug);
 				return result;
 			}),
 		);

diff --git a/apps/web/src/api/trpc/routers/device.ts b/apps/web/src/api/trpc/routers/device.ts
@@ -4,7 +4,6 @@ import { z } from "zod";
 import { TRPCError } from "@trpc/server";
 import { withTenant } from "~/api/tenant";
 import { omit } from "~/api/utils";
-import { invalidate } from "~/api/utils/realtime";
 import { createEnrollmentSession } from "~/app/enroll/util";
 import {
 	applicationAssignables,
@@ -33,7 +32,7 @@ const deviceProcedure = authedProcedure
 		return withTenant(tenant, () =>
 			next({ ctx: { device, tenant } }).then((result) => {
 				// TODO: Right now we invalidate everything but we will need to be more specific in the future
-				if (type === "mutation") invalidate(tenant.orgSlug, tenant.slug);
+				// if (type === "mutation") invalidate(tenant.orgSlug, tenant.slug);
 				return result;
 			}),
 		);
@@ -224,7 +223,7 @@ export const deviceRouter = createTRPCRouter({
 		.mutation(async ({ ctx, input }) => {
 			const p = new URLSearchParams();
 			p.set("mode", "mdm");
-			p.set("servername", env.ENTERPRISE_ENROLLMENT_URL);
+			p.set("servername", env.VITE_PROD_ORIGIN);
 
 			let data: { uid: number; upn: string } | undefined = undefined;
 			if (input.userId) {

diff --git a/apps/web/src/api/trpc/routers/group.ts b/apps/web/src/api/trpc/routers/group.ts
@@ -6,7 +6,6 @@ import { z } from "zod";
 import { cache } from "@solidjs/router";
 import { createAuditLog } from "~/api/auditLog";
 import { withTenant } from "~/api/tenant";
-import { invalidate } from "~/api/utils/realtime";
 import { createTransaction } from "~/api/utils/transaction";
 import {
 	GroupMemberVariants,
@@ -43,7 +42,7 @@ const groupProcedure = authedProcedure
 		return withTenant(tenant, () =>
 			next({ ctx: { group, tenant } }).then((result) => {
 				// TODO: Right now we invalidate everything but we will need to be more specific in the future
-				if (type === "mutation") invalidate(tenant.orgSlug, tenant.slug);
+				// if (type === "mutation") invalidate(tenant.orgSlug, tenant.slug);
 				return result;
 			}),
 		);

diff --git a/apps/web/src/api/trpc/routers/org/billing.ts b/apps/web/src/api/trpc/routers/org/billing.ts
@@ -1,77 +1,69 @@
 import { TRPCError } from "@trpc/server";
 import { eq } from "drizzle-orm";
 import type Stripe from "stripe";
-import { useStripe } from "~/api/stripe";
+// import { useStripe } from "~/api/stripe";
 import { organisations } from "~/db";
 import { env } from "~/env";
 import { createTRPCRouter, orgProcedure } from "../../helpers";
 
 export const billingRouter = createTRPCRouter({
-	portalUrl: orgProcedure.mutation(async ({ ctx }) => {
-		const [org] = await ctx.db
-			.select({
-				name: organisations.name,
-				billingEmail: organisations.billingEmail,
-				stripeCustomerId: organisations.stripeCustomerId,
-			})
-			.from(organisations)
-			.where(eq(organisations.pk, ctx.org.pk));
-		if (!org)
-			throw new TRPCError({ code: "NOT_FOUND", message: "organisation" }); // TODO: Proper error code which the frontend knows how to handle
-
-		let customerId: string;
-		const stripe = await useStripe();
-
-		if (!org.stripeCustomerId) {
-			try {
-				const customer = await stripe.customers.create({
-					name: org.name,
-					email: org.billingEmail || undefined,
-				});
-
-				await ctx.db
-					.update(organisations)
-					.set({ stripeCustomerId: customer.id })
-					.where(eq(organisations.pk, ctx.org.pk));
-
-				customerId = customer.id;
-			} catch (err) {
-				console.error("Error creating customer", err);
-				throw new Error("Error creating customer");
-			}
-		} else {
-			customerId = org.stripeCustomerId;
-		}
-
-		// TODO: When using the official Stripe SDK, this endpoint causes the entire Edge Function to hang and i'm at a loss to why.
-		// TODO: This will do for now but we should try and fix it.
-
-		const body = new URLSearchParams({
-			customer: customerId,
-			return_url: `${env.VITE_PROD_ORIGIN}/o/${ctx.org.slug}/settings`,
-		});
-
-		const resp = await fetch(
-			"https://api.stripe.com/v1/billing_portal/sessions",
-			{
-				method: "POST",
-				headers: {
-					Authorization: `Bearer ${stripe.secret}`,
-					"Content-Type": "application/x-www-form-urlencoded",
-				},
-				body: body.toString(),
-			},
-		);
-		if (!resp.ok) {
-			const body = await resp.text();
-			console.error("Error creating billing portal session", resp.status, body);
-			throw new Error(
-				`Error creating billing portal session: '${resp.status}' '${body}'`,
-			);
-		}
-		const session: Stripe.Response<Stripe.BillingPortal.Session> =
-			await resp.json();
-
-		return session.url;
-	}),
+	// portalUrl: orgProcedure.mutation(async ({ ctx }) => {
+	// 	const [org] = await ctx.db
+	// 		.select({
+	// 			name: organisations.name,
+	// 			billingEmail: organisations.billingEmail,
+	// 			stripeCustomerId: organisations.stripeCustomerId,
+	// 		})
+	// 		.from(organisations)
+	// 		.where(eq(organisations.pk, ctx.org.pk));
+	// 	if (!org)
+	// 		throw new TRPCError({ code: "NOT_FOUND", message: "organisation" }); // TODO: Proper error code which the frontend knows how to handle
+	// 	let customerId: string;
+	// 	const stripe = await useStripe();
+	// 	if (!org.stripeCustomerId) {
+	// 		try {
+	// 			const customer = await stripe.customers.create({
+	// 				name: org.name,
+	// 				email: org.billingEmail || undefined,
+	// 			});
+	// 			await ctx.db
+	// 				.update(organisations)
+	// 				.set({ stripeCustomerId: customer.id })
+	// 				.where(eq(organisations.pk, ctx.org.pk));
+	// 			customerId = customer.id;
+	// 		} catch (err) {
+	// 			console.error("Error creating customer", err);
+	// 			throw new Error("Error creating customer");
+	// 		}
+	// 	} else {
+	// 		customerId = org.stripeCustomerId;
+	// 	}
+	// 	// TODO: When using the official Stripe SDK, this endpoint causes the entire Edge Function to hang and i'm at a loss to why.
+	// 	// TODO: This will do for now but we should try and fix it.
+	// 	const body = new URLSearchParams({
+	// 		customer: customerId,
+	// 		return_url: `${env.VITE_PROD_ORIGIN}/o/${ctx.org.slug}/settings`,
+	// 	});
+	// 	const resp = await fetch(
+	// 		"https://api.stripe.com/v1/billing_portal/sessions",
+	// 		{
+	// 			method: "POST",
+	// 			headers: {
+	// 				Authorization: `Bearer ${stripe.secret}`,
+	// 				"Content-Type": "application/x-www-form-urlencoded",
+	// 			},
+	// 			body: body.toString(),
+	// 		},
+	// 	);
+	// 	if (!resp.ok) {
+	// 		const body = await resp.text();
+	// 		console.error("Error creating billing portal session", resp.status, body);
+	// 		throw new Error(
+	// 			`Error creating billing portal session: '${resp.status}' '${body}'`,
+	// 		);
+	// 	}
+	// 	const session: Stripe.Response<Stripe.BillingPortal.Session> =
+	// 		await resp.json();
+	// 	return session.url;
+	// }),
 });
diff --git a/apps/web/src/api/trpc/routers/policy.ts b/apps/web/src/api/trpc/routers/policy.ts
@@ -9,7 +9,6 @@ import { union } from "drizzle-orm/mysql-core";
 import { createAuditLog } from "~/api/auditLog";
 import { withTenant } from "~/api/tenant";
 import { omit } from "~/api/utils";
-import { invalidate } from "~/api/utils/realtime";
 import { createTransaction } from "~/api/utils/transaction";
 import {
 	GroupMemberVariants,
@@ -45,7 +44,7 @@ const policyProcedure = authedProcedure
 		return withTenant(tenant, () =>
 			next({ ctx: { policy, tenant } }).then((result) => {
 				// TODO: Right now we invalidate everything but we will need to be more specific in the future
-				if (type === "mutation") invalidate(tenant.orgSlug, tenant.slug);
+				// if (type === "mutation") invalidate(tenant.orgSlug, tenant.slug);
 				return result;
 			}),
 		);

diff --git a/apps/web/src/api/trpc/routers/tenant/index.ts b/apps/web/src/api/trpc/routers/tenant/index.ts
@@ -219,7 +219,7 @@ export const tenantRouter = createTRPCRouter({
 
 		const cfg = mobilityConfig.find(
 			(r: any) =>
-				r.discoveryUrl === `${env.MDM_URL}/EnrollmentServer/Discovery.svc`,
+				r.discoveryUrl === `${env.MANAGE_URL}/EnrollmentServer/Discovery.svc`,
 		);
 
 		const result = !cfg