[Improvement] Set polling URL, dynamic dropdowns and improve OAuth authorization

.env.compose

@@ -149,6 +149,9 @@ GAUZY_ZAPIER_CLIENT_ID=XXXXXXXXX
 GAUZY_ZAPIER_CLIENT_SECRET=XXXXXXX
 GAUZY_ZAPIER_REDIRECT_URL=http://localhost:3000/api/integration/zapier/oauth/callback
 GAUZY_ZAPIER_POST_INSTALL_URL="http://localhost:4200/#/pages/integrations/zapier"
+# Comma-separated list of domains allowed for OAuth redirects (security feature)
+ ALLOWED_DOMAINS=gauzy.co,ever.co,staging.gauzy.co,demo.gauzy.co,zapier.com,github.com,upwork.com,hubstaff.com,fiverr.com
+ MAX_AUTH_CODES=1000
 
 # Github App Install Integration
 GAUZY_GITHUB_APP_NAME=

.env.demo.compose

@@ -151,6 +151,9 @@ GAUZY_ZAPIER_CLIENT_ID=XXXXXXXXX
 GAUZY_ZAPIER_CLIENT_SECRET=XXXXXXX
 GAUZY_ZAPIER_REDIRECT_URL=http://localhost:3000/api/integration/zapier/oauth/callback
 GAUZY_ZAPIER_POST_INSTALL_URL="http://localhost:4200/#/pages/integrations/zapier"
+# Comma-separated list of domains allowed for OAuth redirects (security feature)
+ALLOWED_DOMAINS=gauzy.co,ever.co,staging.gauzy.co,demo.gauzy.co,zapier.com,github.com,upwork.com,hubstaff.com,fiverr.com
+MAX_AUTH_CODES=1000
 
 # Github App Install Integration
 GAUZY_GITHUB_APP_NAME=

.env.docker

@@ -148,6 +148,9 @@ GAUZY_ZAPIER_CLIENT_ID=XXXXXXXXX
 GAUZY_ZAPIER_CLIENT_SECRET=XXXXXXX
 GAUZY_ZAPIER_REDIRECT_URL=http://localhost:3000/api/integration/zapier/oauth/callback
 GAUZY_ZAPIER_POST_INSTALL_URL="http://localhost:4200/#/pages/integrations/zapier"
+# Comma-separated list of domains allowed for OAuth redirects (security feature)
+ALLOWED_DOMAINS=gauzy.co,ever.co,staging.gauzy.co,demo.gauzy.co,zapier.com,github.com,upwork.com,hubstaff.com,fiverr.com
+MAX_AUTH_CODES=1000
 
 # Github App Install Integration
 GAUZY_GITHUB_APP_NAME=

.env.local

@@ -165,6 +165,9 @@ GAUZY_ZAPIER_CLIENT_ID=
 GAUZY_ZAPIER_CLIENT_SECRET=
 GAUZY_ZAPIER_REDIRECT_URL=http://localhost:3000/api/integration/zapier/oauth/callback
 GAUZY_ZAPIER_POST_INSTALL_URL="http://localhost:4200/#/pages/integrations/zapier"
+# Comma-separated list of domains allowed for OAuth redirects (security feature)
+ALLOWED_DOMAINS=gauzy.co,ever.co,staging.gauzy.co,demo.gauzy.co,zapier.com,github.com,upwork.com,hubstaff.com,fiverr.com
+MAX_AUTH_CODES=1000
 
 # Third Party Integration Config
 INTEGRATED_USER_DEFAULT_PASS=

.env.sample

@@ -153,6 +153,9 @@ GAUZY_ZAPIER_CLIENT_ID=XXXXXXXXX
 GAUZY_ZAPIER_CLIENT_SECRET=XXXXXXX
 GAUZY_ZAPIER_REDIRECT_URL=http://localhost:3000/api/integration/zapier/oauth/callback
 GAUZY_ZAPIER_POST_INSTALL_URL="http://localhost:4200/#/pages/integrations/zapier"
+# Comma-separated list of domains allowed for OAuth redirects (security feature)
+ALLOWED_DOMAINS=gauzy.co,ever.co,staging.gauzy.co,demo.gauzy.co,zapier.com,github.com,upwork.com,hubstaff.com,fiverr.com
+MAX_AUTH_CODES=1000
 
 FIVERR_CLIENT_ID=XXXXXXX
 FIVERR_CLIENT_SECRET=XXXXXXX

packages/common/src/lib/interfaces/IZapierConfig.ts

@@ -8,9 +8,15 @@ export interface IZapierConfig {
 	/** OAuth client secret provided by Zapier for secure authentication */
 	readonly clientSecret: string;
 
+	/** Allowed domains for Zapier OAuth redirects */
+	readonly allowedDomains: string[];
+
 	/** URI where Zapier will redirect after successful OAuth authorization */
 	readonly redirectUri: string;
 
 	/** Optional URL where users will be directed after installing the Zapier integration */
 	readonly postInstallUrl?: string;
+
+	/** Max authentication code number */
+	readonly maxAuthCodes?: number;
 }

packages/config/src/lib/config/zapier.ts

@@ -14,6 +14,9 @@ export default registerAs (
         // Zapier OAuth Client Secret
         clientSecret: process.env.GAUZY_ZAPIER_CLIENT_SECRET || '',
 
+        // Zapier allowed domains
+        allowedDomains: process.env.GAUZY_ALLOWED_DOMAINS ? process.env.GAUZY_ALLOWED_DOMAINS.split(',').map(domain => domain.trim()): [],
+
         // Zapier Redirected URI after successful authentication
         redirectUri: process.env.GAUZY_ZAPIER_REDIRECT_URL || '',
 

packages/config/src/lib/environments/environment.prod.ts

@@ -193,6 +193,8 @@ export const environment: IEnvironment = {
 	zapier: {
 		clientId: process.env.GAUZY_ZAPIER_CLIENT_ID,
 		clientSecret: process.env.GAUZY_ZAPIER_CLIENT_SECRET,
+		allowedDomains: process.env.GAUZY_ALLOWED_DOMAINS ? process.env.GAUZY_ALLOWED_DOMAINS.split(',').map(domain => domain.trim()) : [],
+		maxAuthCodes: Number.parseInt(process.env.MAX_AUTH_CODES) || 1000,
 		redirectUri:
 			process.env.GAUZY_ZAPIER_REDIRECT_URL || `${process.env.API_BASE_URL}/api/integrations/zapier/callback`,
 		postInstallUrl:

packages/config/src/lib/environments/environment.ts

@@ -193,6 +193,8 @@ export const environment: IEnvironment = {
 	zapier: {
 		clientId: process.env.GAUZY_ZAPIER_CLIENT_ID,
 		clientSecret: process.env.GAUZY_ZAPIER_CLIENT_SECRET,
+		allowedDomains: process.env.GAUZY_ALLOWED_DOMAINS ? process.env.GAUZY_ALLOWED_DOMAINS.split(',') : [],
+		maxAuthCodes: Number.parseInt(process.env.MAX_AUTH_CODES) || 1000,
 		redirectUri:
 			process.env.GAUZY_ZAPIER_REDIRECT_URL || `${process.env.API_BASE_URL}/api/integrations/zapier/callback`,
 		postInstallUrl:

packages/contracts/src/lib/zapier.model.ts

@@ -1,4 +1,5 @@
 import { IBasePerTenantAndOrganizationEntityModel } from "./base-entity.model";
+import { ITimeLog } from "./timesheet.model";
 
 export interface IZapierAccessTokens {
     access_token: string;
@@ -17,6 +18,14 @@ export interface ICreateZapierIntegrationInput extends IBasePerTenantAndOrganiza
     client_secret: string;
 }
 
+export type ActionType = 'start' | 'stop';
+
+export interface ITimerZapierWebhookData extends IBasePerTenantAndOrganizationEntityModel {
+    event: string;
+    action: ActionType,
+    data: ITimeLog;
+}
+
 export interface IZapierEndpoint {
     id: string;
     name: string;

packages/core/src/lib/auth/auth.controller.ts

@@ -148,7 +148,6 @@ export class AuthController {
 	async login(@Body() input: UserLoginDTO): Promise<IAuthResponse | null> {
 		return await this.commandBus.execute(new AuthLoginCommand(input));
 	}
-
 	/**
 	 * Sign in workspaces by email and password.
 	 *

packages/core/src/lib/core/context/request-context.ts

@@ -216,6 +216,37 @@ export class RequestContext {
 		}
 	}
 
+		/**
+	 * Retrieves the current organization ID from the request context.
+	 * @returns {string | null} - The current organization ID if available, otherwise null.
+	 */
+		static currentOrganizationId(): ID | null {
+			try {
+				// Retrieve the current user from the request context
+				const user: IUser = RequestContext.currentUser();
+				if(!user) {
+					return null;
+				}
+				// First check if lastOrganizationId exists (most recently used organization)
+				if (user.lastOrganizationId) {
+					return user.lastOrganizationId;
+				}
+
+				// If not, check defaultOrganizationId
+				if (user.defaultOrganizationId) {
+					return user.defaultOrganizationId;
+				}
+
+				// If none of the above, try to get the first organization from the organizations array
+				if (user.organizations && user.organizations.length > 0) {
+					return user.organizations[0].organizationId;
+				}
+				return null;
+			} catch (error) {
+				// Return null if an error occurs
+				return null;
+			}
+		}
 	/**
 	 * Retrieves the current user from the request context.
 	 * @param {boolean} throwError - Flag indicating whether to throw an error if user is not found.

packages/plugins/integration-zapier/src/lib/handlers/index.ts

@@ -0,0 +1,4 @@
+import { ZapierTimerStartedHandler } from './zapier-timer-started.handler';
+import { ZapierTimerStoppedHandler } from './zapier-timer-stopped.handler';
+
+export const EventHandlers = [ZapierTimerStartedHandler, ZapierTimerStoppedHandler];

packages/plugins/integration-zapier/src/lib/handlers/zapier-timer-started.handler.ts

@@ -0,0 +1,30 @@
+import { EventsHandler, IEventHandler } from '@nestjs/cqrs';
+import { Injectable } from '@nestjs/common';
+import { TimerStartedEvent } from '@gauzy/core';
+import { ZapierWebhookService } from '../zapier-webhook.service';
+
+@Injectable()
+@EventsHandler(TimerStartedEvent)
+export class ZapierTimerStartedHandler implements IEventHandler<TimerStartedEvent> {
+    constructor(private readonly zapierWebhookService: ZapierWebhookService) { }
+
+    /**
+     * Handles the TimerStartedEvent by notifying Zapier webhooks
+     *
+     * @param event - The TimerStartedEvent that contains the time log details
+     * @returns A Promise that resolves once the webhooks are notified
+     */
+    async handle(event: TimerStartedEvent): Promise<void> {
+        const timeLog = event.timeLog;
+        if (!timeLog.tenantId || !timeLog.organizationId) {
+            console.warn('Cannot process timer started event: missing tenantId or organizationId')
+        }
+        await this.zapierWebhookService.notifyTimerStatusChanged({
+            event: 'timer.status.changed',
+            action: 'start',
+            data: timeLog,
+            tenantId: timeLog.tenantId,
+            organizationId: timeLog.organizationId
+        });
+    }
+}

packages/plugins/integration-zapier/src/lib/handlers/zapier-timer-stopped.handler.ts

@@ -0,0 +1,31 @@
+import { EventsHandler, IEventHandler } from '@nestjs/cqrs';
+import { Injectable } from '@nestjs/common';
+import { TimerStoppedEvent } from '@gauzy/core';
+import { ZapierWebhookService } from '../zapier-webhook.service';
+
+@Injectable()
+@EventsHandler(TimerStoppedEvent)
+export class ZapierTimerStoppedHandler implements IEventHandler<TimerStoppedEvent> {
+    constructor(private readonly zapierWebhookService: ZapierWebhookService) {}
+
+    /**
+     * Handles the TimerStoppedEvent by notifying Zapier webhooks
+     *
+     * @param event - The TimerStoppedEvent that contains the time log details.
+     * @returns A Promise that resolves once the webhooks are notified
+     */
+    async handle(event: TimerStoppedEvent): Promise<void> {
+        const timeLog = event.timeLog;
+        if (!timeLog.tenantId || !timeLog.organizationId) {
+            console.warn('Cannot process timer stopped event: missing tenantId or organizationId')
+            return;
+        }
+        await this.zapierWebhookService.notifyTimerStatusChanged({
+            event: 'timer.status.changed',
+            action: 'stop',
+            data: timeLog,
+            tenantId: timeLog.tenantId,
+            organizationId: timeLog.organizationId
+        });
+    }
+}

packages/plugins/integration-zapier/src/lib/integration-zapier.plugin.ts

@@ -1,15 +1,9 @@
 import { Logger } from '@nestjs/common';
-import * as chalk from 'chalk';
-import { ApplicationPluginConfig, CustomEmbeddedFieldConfig, CustomEmbeddedFields } from '@gauzy/common';
+import { ApplicationPluginConfig, CustomEmbeddedFieldConfig } from '@gauzy/common';
 import { GauzyCorePlugin as Plugin, IOnPluginBootstrap, IOnPluginDestroy } from '@gauzy/plugin';
 import { ZapierModule } from './zapier.module';
 import { ZapierWebhookSubscription } from './zapier-webhook-subscription.entity';
-
-// Extend the CustomEmbeddedFields interface to include our custom entities
-interface ZapierCustomFields extends CustomEmbeddedFields {
-	IntegrationSetting?: CustomEmbeddedFieldConfig[];
-	ZapierWebhookSubscription?: CustomEmbeddedFieldConfig[];
-}
+import { ConfigService } from '@nestjs/config';
 
 @Plugin({
 	/**
@@ -78,25 +72,31 @@ interface ZapierCustomFields extends CustomEmbeddedFields {
 	}
 })
 export class IntegrationZapierPlugin implements IOnPluginBootstrap, IOnPluginDestroy {
-	// We enable by default additional logging for each event to avoid cluttering the logs
-	private logEnabled = true;
+	private readonly logger = new Logger(IntegrationZapierPlugin.name);
 
+	constructor(private readonly _config: ConfigService) { }
 	/**
 	 * Called when the plugin is being initialized.
 	 */
 	onPluginBootstrap(): void | Promise<void> {
-		if (this.logEnabled) {
-			console.log(chalk.green(`${IntegrationZapierPlugin.name} is being bootstrapped...`));
+		this.logger.log(`${IntegrationZapierPlugin.name} is being bootstrapped...`);
+
+		// Log Zapier configuration status
+		const clientId = this._config.get<string>('zapier.clientId');
+		const clientSecret = this._config.get<string>('zapier.clientSecret');
+		const apiBaseUrl = this._config.get<string>('baseUrl');
+		if (!clientId || !clientSecret) {
+			this.logger.warn('Zapier OAuth credentials not fully configured! Please set GAUZY_ZAPIER_CLIENT_ID and GAUZY_ZAPIER_CLIENT_SECRET')
+		} else {
+			this.logger.log('Zapier OAuth credentials configured successfully');
 		}
+		this.logger.debug(`Zapier API base URL: ${apiBaseUrl}`);
 	}
 
 	/**
 	 * Called when the plugin is being destroyed.
 	 */
 	onPluginDestroy(): void | Promise<void> {
-		if (this.logEnabled) {
-			const logger = new Logger(IntegrationZapierPlugin.name);
-			logger.log(`${IntegrationZapierPlugin.name} is being destroyed...`)
-		}
+		this.logger.log(`${IntegrationZapierPlugin.name} is being destroyed...`)
 	}
 }