feat(dashboard,api-service): add self-hosted-auth

.cspell.json

@@ -733,6 +733,8 @@
     "oklch",
     "Duplicable",
     "Radek",
+    "automators", 
+    "VITE",
     "snooze",
     "unsnooze",
     "snoozed",

.github/workflows/on-pr.yml

@@ -201,11 +201,18 @@ jobs:
     steps:
       - run: echo ${{ matrix.projectName }}
       - uses: actions/checkout@v4
+        name: Checkout with submodules
+        with:
+          submodules: true
+          token: ${{ secrets.SUBMODULES_TOKEN }}
+
       - uses: ./.github/actions/setup-project
         with:
           # Don't run redis and etc... for other unit tests
           slim: ${{ !contains(matrix.projectName, '@novu/api-service') && !contains(matrix.projectName, '@novu/worker') && !contains(matrix.projectName, '@novu/ws') && !contains(matrix.projectName, '@novu/inbound-mail')}}
+
       - uses: ./.github/actions/setup-redis-cluster
+
       - uses: mansagroup/nrwl-nx-action@v3
         name: Lint and build and test
         with:

.github/workflows/prepare-self-hosted-release.yml

@@ -22,7 +22,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        name: ['novu/api', 'novu/worker', 'novu/web', 'novu/webhook', 'novu/ws']
+        name: ['novu/api', 'novu/worker', 'novu/dashboard', 'novu/webhook', 'novu/ws']
     steps:
       - name: Git Checkout
         uses: actions/checkout@v4
@@ -97,8 +97,8 @@ jobs:
 
           if [ "${{ env.SERVICE_NAME }}" == "worker" ]; then
             cd src/ && echo -e "\nIS_SELF_HOSTED=true\nOS_TELEMETRY_URL=\"${{ secrets.OS_TELEMETRY_URL }}\"" >> .example.env && cd ..
-          elif [ "${{ env.SERVICE_NAME }}" == "web" ]; then
-            echo -e "\nIS_V2_ENABLED=true" >> .env.sample
+          elif [ "${{ env.SERVICE_NAME }}" == "dashboard" ]; then
+            echo -e "\nVITE_SELF_HOSTED=true" >> .env
           fi
 
           pnpm run docker:build

.github/workflows/reusable-api-e2e.yml

@@ -24,7 +24,6 @@ jobs:
       id-token: write
       packages: write
     steps:
-      # Checkout with EE-submodule if token provided
       - uses: actions/checkout@v4
         name: Checkout with submodules
         if: ${{ inputs.ee }}

apps/api/package.json

@@ -25,7 +25,7 @@
     "pretest": "pnpm build:metadata",
     "generate:swagger": "cross-env NODE_ENV=test ts-node exportOpenAPIJSON.ts",
     "generate:sdk": " (cd ../../libs/internal-sdk && speakeasy run --skip-compile --minimal --skip-versioning) && (cd ../../libs/internal-sdk && pnpm build) ",
-    "test": "cross-env TS_NODE_COMPILER_OPTIONS='{\"strictNullChecks\": false}' NODE_ENV=test mocha --timeout 5000 --require ts-node/register --exit 'src/**/*.spec.ts'",
+    "test": "cross-env TS_NODE_COMPILER_OPTIONS='{\"strictNullChecks\": false}' NODE_ENV=test NOVU_ENTERPRISE=true CLERK_ENABLED=true mocha --timeout 5000 --require ts-node/register --exit 'src/**/*.spec.ts'",
     "test:e2e:novu-v0": "cross-env TS_NODE_COMPILER_OPTIONS='{\"strictNullChecks\": false}' NODE_ENV=test mocha --timeout 5000 --retries 3 --grep '#novu-v0' --require ts-node/register --exit --file e2e/setup.ts src/**/*.e2e{,-ee}.ts",
     "test:e2e:novu-v2": "cross-env TS_NODE_COMPILER_OPTIONS='{\"strictNullChecks\": false}' NODE_ENV=test CI_EE_TEST=true CLERK_ENABLED=true NODE_OPTIONS=--max_old_space_size=8192 mocha --timeout 5000 --retries 3 --grep '#novu-v2' --require ts-node/register --exit --file e2e/setup.ts src/**/*.e2e{,-ee}.ts",
     "migration": "cross-env NODE_ENV=local MIGRATION=true ts-node --transpileOnly",

apps/api/src/app/auth/auth.controller.ts

@@ -38,11 +38,11 @@ import { UpdatePasswordBodyDto } from './dtos/update-password.dto';
 import { UpdatePassword } from './usecases/update-password/update-password.usecase';
 import { UpdatePasswordCommand } from './usecases/update-password/update-password.command';
 import { UserAuthentication } from '../shared/framework/swagger/api.key.security';
-import { SwitchEnvironmentCommand } from './usecases/switch-environment/switch-environment.command';
-import { SwitchEnvironment } from './usecases/switch-environment/switch-environment.usecase';
 import { SwitchOrganizationCommand } from './usecases/switch-organization/switch-organization.command';
 import { SwitchOrganization } from './usecases/switch-organization/switch-organization.usecase';
 import { AuthService } from './services/auth.service';
+import { SelfHostUsecase } from './usecases/self-host/self-host.usecase';
+import { SelfHostSecretGuard } from './framework/self-host-secret.guard';
 
 @ApiCommonResponses()
 @Controller('/auth')
@@ -60,7 +60,8 @@ export class AuthController {
     private passwordResetRequestUsecase: PasswordResetRequest,
     private passwordResetUsecase: PasswordReset,
     private updatePasswordUsecase: UpdatePassword,
-    private logger: PinoLogger
+    private logger: PinoLogger,
+    private selfHostUsecase: SelfHostUsecase
   ) {
     this.logger.setContext(this.constructor.name);
   }
@@ -190,4 +191,10 @@ export class AuthController {
 
     return await this.authService.getSignedToken(user, organizationId, member as MemberEntity);
   }
+
+  @Get('/self-hosted')
+  @UseGuards(SelfHostSecretGuard)
+  async logMeIn() {
+    return this.selfHostUsecase.execute();
+  }
 }

apps/api/src/app/auth/community.auth.module.config.ts

@@ -19,6 +19,8 @@ import { AuthService } from './services/auth.service';
 import { RolesGuard } from './framework/roles.guard';
 import { CommunityAuthService } from './services/community.auth.service';
 import { CommunityUserAuthGuard } from './framework/community.user.auth.guard';
+import { CommunityEditionService } from './services/system-organization.service';
+import { SelfHostUsecase } from './usecases/self-host/self-host.usecase';
 
 const AUTH_STRATEGIES: Provider[] = [JwtStrategy, ApiKeyStrategy, JwtSubscriberStrategy];
 
@@ -39,7 +41,14 @@ export function getCommunityAuthModuleConfig(): ModuleMetadata {
     }),
   ];
 
-  const baseProviders = [...AUTH_STRATEGIES, AuthService, RolesGuard, RootEnvironmentGuard];
+  const baseProviders = [
+    ...AUTH_STRATEGIES,
+    AuthService,
+    RolesGuard,
+    RootEnvironmentGuard,
+    CommunityEditionService,
+    SelfHostUsecase,
+  ];
 
   // Wherever is the string token used, override it with the provider
   const injectableProviders = [
@@ -78,6 +87,7 @@ export function getCommunityAuthModuleConfig(): ModuleMetadata {
       'USER_REPOSITORY',
       'MEMBER_REPOSITORY',
       'ORGANIZATION_REPOSITORY',
+      CommunityEditionService,
     ],
   };
 }

apps/api/src/app/auth/e2e/link-entities.service.spec.ts

@@ -10,7 +10,7 @@ import {
 import sinon from 'sinon';
 import { CLERK_ORGANIZATION_1, CLERK_USER_1, ClerkClientMock } from '@novu/testing';
 import mongoose from 'mongoose';
-import { AnalyticsService } from '@novu/application-generic';
+import { AnalyticsService, createNestLoggingModuleOptions, LoggerModule, PinoLogger } from '@novu/application-generic';
 import { GetOrganization } from '../../organization/usecases/get-organization/get-organization.usecase';
 import { SyncExternalOrganization } from '../../organization/usecases/create-organization/sync-external-organization/sync-external-organization.usecase';
 import { CreateEnvironment } from '../../environments-v1/usecases/create-environment/create-environment.usecase';
@@ -60,6 +60,7 @@ describe('Link external and internal entities #novu-v2', () => {
 
   beforeEach(async () => {
     const moduleRef = await Test.createTestingModule({
+      imports: [LoggerModule.forRoot(createNestLoggingModuleOptions({ serviceName: 'test', version: '0.0.1' }))],
       providers: [
         LinkEntitiesService,
         CommunityUserRepository,

apps/api/src/app/auth/framework/self-host-secret.guard.ts

@@ -0,0 +1,25 @@
+import { CanActivate, ExecutionContext, Injectable, UnauthorizedException } from '@nestjs/common';
+import { HttpRequestHeaderKeysEnum } from '@novu/application-generic';
+
+@Injectable()
+export class SelfHostSecretGuard implements CanActivate {
+  canActivate(context: ExecutionContext): boolean {
+    const secretKey = process.env.SELF_HOSTED_TOKEN;
+    if (!secretKey) return true;
+
+    const request = context.switchToHttp().getRequest();
+    const headerKey = request.headers[HttpRequestHeaderKeysEnum.NOVU_SELF_HOSTED_TOKEN.toLowerCase()];
+
+    if (!headerKey) {
+      throw new UnauthorizedException('Missing self-hosted token');
+    }
+
+    if (headerKey !== secretKey) {
+      throw new UnauthorizedException(
+        'Invalid self-hosted token, please validate that the API and Dashboard have the same token'
+      );
+    }
+
+    return true;
+  }
+}

apps/api/src/app/auth/services/system-organization.service.ts

@@ -0,0 +1,131 @@
+import { Inject, Injectable, OnModuleInit } from '@nestjs/common';
+import { CommunityOrganizationRepository, UserEntity, UserRepository } from '@novu/dal';
+import { PinoLogger } from '@novu/application-generic';
+import { ApiServiceLevelEnum } from '@novu/shared';
+import { CreateOrganization } from '../../organization/usecases/create-organization/create-organization.usecase';
+import { CreateOrganizationCommand } from '../../organization/usecases/create-organization/create-organization.command';
+import { UserRegister } from '../usecases/register/user-register.usecase';
+import { UserRegisterCommand } from '../usecases/register/user-register.command';
+import { COMMUNITY_EDITION_NAME, getSelfHostedFindQuery } from '../../shared/helpers/self-hosted';
+
+@Injectable()
+export class CommunityEditionService implements OnModuleInit {
+  private readonly E11000_DUPLICATE_KEY_ERROR_CODE = 'E11000';
+  private readonly COMMUNITY_EDITION_USER_EMAIL = '[email protected]';
+
+  constructor(
+    @Inject('ORGANIZATION_REPOSITORY')
+    private organizationRepository: CommunityOrganizationRepository,
+    private createOrganizationUsecase: CreateOrganization,
+    private userRegisterUsecase: UserRegister,
+    private userRepository: UserRepository,
+    private logger: PinoLogger
+  ) {}
+
+  async onModuleInit() {
+    try {
+      await this.initializeCommunityEditionOrganization();
+    } catch (error) {
+      this.logger.error({ err: error }, 'Failed to initialize Self-Hosted Community Edition Setup during module init');
+      throw error;
+    }
+  }
+
+  private async initializeCommunityEditionOrganization(): Promise<void> {
+    await this.organizationRepository.withTransaction(async () => {
+      let communityEditionOrg = await this.organizationRepository.findOne(getSelfHostedFindQuery());
+
+      if (communityEditionOrg) {
+        this.logger.info(
+          'Self Hosted is already initialized, skipping Community Edition creation. ' +
+            `Organization already exists with ID: ${communityEditionOrg._id}`
+        );
+
+        return;
+      }
+
+      this.logger.info('Community Edition not found, creating it');
+
+      try {
+        let user = await this.userRepository.findByEmail(this.COMMUNITY_EDITION_USER_EMAIL);
+        if (!user) {
+          user = await this.createCommunityEditionUser();
+        }
+
+        this.logger.debug(`Retrieved Community User with ID: ${user._id}`);
+
+        const organization = await this.createOrganizationUsecase.execute(
+          CreateOrganizationCommand.create({
+            userId: user._id,
+            name: COMMUNITY_EDITION_NAME,
+            apiServiceLevel: ApiServiceLevelEnum.UNLIMITED,
+          })
+        );
+
+        this.logger.debug(`Retrieved Community Edition with ID: ${organization?._id}`);
+      } catch (error) {
+        const isDuplicateKeyError =
+          error instanceof Error &&
+          error.message.includes(this.E11000_DUPLICATE_KEY_ERROR_CODE) &&
+          error.message.includes(COMMUNITY_EDITION_NAME);
+
+        if (!isDuplicateKeyError) {
+          throw error;
+        }
+
+        this.logger.warn('Duplicate key error, another instance may have created the Community Edition');
+        communityEditionOrg = await this.organizationRepository.findOne(getSelfHostedFindQuery());
+        if (!communityEditionOrg) {
+          this.logger.error('Failed to retrieve Community Edition after duplicate key error');
+          throw error;
+        }
+
+        this.logger.info(`Retrieved Community Edition created by another instance with ID: ${communityEditionOrg._id}`);
+      }
+    });
+  }
+
+  private async createCommunityEditionUser(): Promise<UserEntity> {
+    try {
+      const { user } = await this.userRegisterUsecase.execute(
+        UserRegisterCommand.create({
+          email: this.COMMUNITY_EDITION_USER_EMAIL,
+          firstName: 'Community',
+          lastName: 'User',
+          password: 'communityUser1q@W#',
+        })
+      );
+
+      if (!user?._id) {
+        throw new Error('Failed to create community user');
+      }
+
+      return user;
+    } catch (error) {
+      const isDuplicateKeyDatabaseError =
+        error instanceof Error &&
+        error.message.includes(this.E11000_DUPLICATE_KEY_ERROR_CODE) &&
+        error.message.includes(this.COMMUNITY_EDITION_USER_EMAIL);
+      const isUserAlreadyExistsUsecaseError = error.message.includes('User already exists');
+
+      if (!isDuplicateKeyDatabaseError && !isUserAlreadyExistsUsecaseError) {
+        throw error;
+      }
+
+      this.logger.warn('Duplicate key error, another instance may have created the Community User');
+      const user = await this.userRepository.findByEmail(this.COMMUNITY_EDITION_USER_EMAIL);
+      if (!user) {
+        this.logger.error('Failed to retrieve Community User after duplicate key error');
+        throw error;
+      }
+
+      this.logger.info(`Retrieved Community User created by another instance with ID: ${user._id}`);
+
+      if (!user?._id) {
+        throw new Error('Failed to create Community user');
+      }
+
+      return user;
+    }
+  }
+}

apps/api/src/app/auth/usecases/self-host/self-host.usecase.ts

@@ -0,0 +1,37 @@
+import { Inject, NotFoundException } from '@nestjs/common';
+import { CommunityOrganizationRepository, MemberRepository } from '@novu/dal';
+import { SwitchOrganization } from '../switch-organization/switch-organization.usecase';
+import { SwitchOrganizationCommand } from '../switch-organization';
+import { getSelfHostedFindQuery } from '../../../shared/helpers/self-hosted';
+
+export class SelfHostUsecase {
+  constructor(
+    @Inject('ORGANIZATION_REPOSITORY')
+    private organizationRepository: CommunityOrganizationRepository,
+    private memberRepository: MemberRepository,
+    private readonly switchOrganizationUsecase: SwitchOrganization
+  ) {}
+
+  async execute() {
+    const communityEditionOrg = await this.organizationRepository.findOne(getSelfHostedFindQuery());
+
+    if (!communityEditionOrg) {
+      throw new NotFoundException('Community Edition not found');
+    }
+
+    const users = await this.memberRepository.getOrganizationMembers(communityEditionOrg._id);
+
+    if (!users || users.length === 0) {
+      throw new NotFoundException('No admin users found for Community Edition');
+    }
+
+    const token = await this.switchOrganizationUsecase.execute(
+      SwitchOrganizationCommand.create({
+        newOrganizationId: communityEditionOrg._id!,
+        userId: users[0]._userId,
+      })
+    );
+
+    return { token };
+  }
+}

apps/api/src/app/inbox/usecases/session/session.usecase.ts

@@ -111,7 +111,8 @@ export class Session {
     const token = await this.authService.getSubscriberWidgetToken(subscriber);
 
     const removeNovuBranding = inAppIntegration.removeNovuBranding || false;
-    const maxSnoozeDurationHours = await this.getMaxSnoozeDurationHours(environment);
+    const maxSnoozeDurationHours =
+      process.env.NOVU_ENTERPRISE === 'true' ? await this.getMaxSnoozeDurationHours(environment) : 0;
 
     /**
      * We want to prevent the playground inbox demo from marking the integration as connected

apps/api/src/app/organization/usecases/create-organization/create-organization.command.ts

@@ -1,6 +1,6 @@
 import { IsDefined, IsEnum, IsOptional, IsString } from 'class-validator';
 
-import { JobTitleEnum } from '@novu/shared';
+import { ApiServiceLevelEnum, JobTitleEnum } from '@novu/shared';
 
 import { AuthenticatedCommand } from '../../../shared/commands/authenticated.command';
 
@@ -23,4 +23,8 @@ export class CreateOrganizationCommand extends AuthenticatedCommand {
 
   @IsOptional()
   language?: string[];
+
+  @IsOptional()
+  @IsEnum(ApiServiceLevelEnum)
+  apiServiceLevel?: ApiServiceLevelEnum;
 }

apps/api/src/app/organization/usecases/create-organization/create-organization.usecase.ts

@@ -1,4 +1,4 @@
-import { Injectable, Scope, BadRequestException } from '@nestjs/common';
+import { Inject, BadRequestException, Injectable } from '@nestjs/common';
 import { AnalyticsService } from '@novu/application-generic';
 import { OrganizationEntity, OrganizationRepository, UserRepository } from '@novu/dal';
 import { ApiServiceLevelEnum, EnvironmentEnum, JobTitleEnum, MemberRoleEnum } from '@novu/shared';
@@ -11,9 +11,7 @@ import { AddMemberCommand } from '../membership/add-member/add-member.command';
 import { AddMember } from '../membership/add-member/add-member.usecase';
 import { CreateOrganizationCommand } from './create-organization.command';
 
-@Injectable({
-  scope: Scope.REQUEST,
-})
+@Injectable()
 export class CreateOrganization {
   constructor(
     private readonly organizationRepository: OrganizationRepository,
@@ -31,7 +29,7 @@ export class CreateOrganization {
     const createdOrganization = await this.organizationRepository.create({
       logo: command.logo,
       name: command.name,
-      apiServiceLevel: ApiServiceLevelEnum.FREE,
+      apiServiceLevel: command.apiServiceLevel || ApiServiceLevelEnum.FREE,
       domain: command.domain,
       language: command.language,
     });