Feat/env example in apps sim

README.md

@@ -117,7 +117,7 @@ docker run --name simstudio-db \
 
 ```bash
 cd apps/sim
-cp .env.example .env  # Configure with required variables (DATABASE_URL, BETTER_AUTH_SECRET, BETTER_AUTH_URL)
+cp .env.example .env  # Configure with required variables (DATABASE_URL, BETTER_AUTH_SECRET, BETTER_AUTH_URL, NEXT_PUBLIC_APP_URL)
 ```
 
 Update your `.env` file with the database URL:

apps/sim/.env.example

@@ -0,0 +1,292 @@
+# ========================================
+# REQUIRED VARIABLES (Must be set for core functionality)
+# ========================================
+
+DATABASE_URL=postgresql://user:password@localhost:5432/dbname  # Primary database connection string
+BETTER_AUTH_SECRET=your_32_character_or_longer_secret_key_here  # Secret key for Better Auth JWT signing (min 32 chars)
+BETTER_AUTH_URL=http://localhost:3000    # Base URL for Better Auth service
+NEXT_PUBLIC_APP_URL=http://localhost:3000  # Base URL of the application (frontend)
+
+# ========================================
+# REQUIRED FOR CERTAIN OPERATIONS (Only if feature is enabled/used)
+# ========================================
+
+# Core Database & Authentication
+ENCRYPTION_KEY=your_32_character_encryption_key_here  # Key for encrypting sensitive data
+INTERNAL_API_SECRET=your_internal_api_secret_key_here  # Secret for internal API authentication
+
+# Copilot (Required if Copilot features are enabled)
+COPILOT_PROVIDER=openai  # Provider for copilot API calls
+COPILOT_MODEL=gpt-4o  # Model for copilot API calls
+COPILOT_API_KEY=sk-...  # API key for copilot provider
+SIM_AGENT_API_URL=https://api.simagent.internal  # URL for internal sim agent API
+AGENT_INDEXER_URL=https://indexer.internal  # URL for agent training data indexer
+AGENT_INDEXER_API_KEY=your_indexer_api_key  # API key for agent indexer
+
+# Payment & Billing (Required if billing is enabled)
+STRIPE_SECRET_KEY=sk_live_...  # Stripe secret key for payment processing
+STRIPE_WEBHOOK_SECRET=whsec_...  # General Stripe webhook secret
+STRIPE_FREE_PRICE_ID=price_123  # Stripe price ID for free tier
+STRIPE_PRO_PRICE_ID=price_456  # Stripe price ID for pro tier
+STRIPE_TEAM_PRICE_ID=price_789  # Stripe price ID for team tier
+STRIPE_ENTERPRISE_PRICE_ID=price_101  # Stripe price ID for enterprise tier
+BILLING_ENABLED=true  # Enable billing enforcement and usage tracking
+
+# Email & Communication (Required if email sending is used)
+RESEND_API_KEY=re_...  # Resend API key for transactional emails
+FROM_EMAIL_ADDRESS="Sim <[email protected]>"  # Complete from address
+EMAIL_DOMAIN=yourdomain.com  # Domain for sending emails (fallback)
+
+# SMS & Messaging (Required if SMS is used)
+TWILIO_ACCOUNT_SID=ACxxxxxxxxxxxxxxxx  # Twilio Account SID
+TWILIO_AUTH_TOKEN=your_auth_token  # Twilio Auth Token
+TWILIO_PHONE_NUMBER=+1234567890  # Twilio phone number
+
+# AI/LLM Providers (Required if using specific provider)
+OPENAI_API_KEY=sk-...  # Primary OpenAI API key
+OPENAI_API_KEY_1=sk-...  # Additional OpenAI key (load balancing)
+OPENAI_API_KEY_2=sk-...  # Additional OpenAI key
+OPENAI_API_KEY_3=sk-...  # Additional OpenAI key
+ANTHROPIC_API_KEY_1=anthropic_key_1  # Primary Anthropic API key
+ANTHROPIC_API_KEY_2=anthropic_key_2  # Additional Anthropic key
+MISTRAL_API_KEY=mistral_key  # Mistral AI API key
+ELEVENLABS_API_KEY=elevenlabs_key  # ElevenLabs TTS API key
+SERPER_API_KEY=serper_key  # Serper search API key
+EXA_API_KEY=exa_key  # Exa AI search API key
+
+# Azure OpenAI (Required if using Azure-hosted models)
+AZURE_OPENAI_ENDPOINT=https://your-azure-openai.openai.azure.com/  # Azure OpenAI endpoint
+AZURE_OPENAI_API_KEY=azure_openai_key  # Azure OpenAI API key
+AZURE_OPENAI_API_VERSION=2024-02-01  # API version
+
+# OCR (Required if document OCR is used)
+OCR_AZURE_ENDPOINT=https://ocr-azure-endpoint  # Azure Mistral OCR endpoint
+OCR_AZURE_MODEL_NAME=mistral-ocr-model  # OCR model name
+OCR_AZURE_API_KEY=ocr_azure_key  # OCR API key
+
+# Cloud Storage - AWS S3 (Required if using AWS S3)
+AWS_REGION=us-east-1  # AWS region
+AWS_ACCESS_KEY_ID=AKIA...  # AWS access key ID
+AWS_SECRET_ACCESS_KEY=your_secret_key  # AWS secret access key
+S3_BUCKET_NAME=your-general-bucket  # General file storage
+S3_LOGS_BUCKET_NAME=your-logs-bucket  # Logs storage
+S3_KB_BUCKET_NAME=your-kb-bucket  # Knowledge base files
+S3_EXECUTION_FILES_BUCKET_NAME=your-execution-bucket  # Workflow files
+S3_CHAT_BUCKET_NAME=your-chat-bucket  # Chat logos
+S3_COPILOT_BUCKET_NAME=your-copilot-bucket  # Copilot files
+S3_PROFILE_PICTURES_BUCKET_NAME=your-profile-pics-bucket  # Profile pictures
+
+# Cloud Storage - Azure Blob (Required if using Azure Blob)
+AZURE_ACCOUNT_NAME=youraccount  # Azure storage account name
+AZURE_ACCOUNT_KEY=your_account_key  # Azure storage account key
+AZURE_CONNECTION_STRING=DefaultEndpointsProtocol=...  # Azure connection string
+AZURE_STORAGE_CONTAINER_NAME=general-container  # General files
+AZURE_STORAGE_KB_CONTAINER_NAME=kb-container  # Knowledge base
+AZURE_STORAGE_EXECUTION_FILES_CONTAINER_NAME=execution-container  # Workflow files
+AZURE_STORAGE_CHAT_CONTAINER_NAME=chat-container  # Chat logos
+AZURE_STORAGE_COPILOT_CONTAINER_NAME=copilot-container  # Copilot files
+AZURE_STORAGE_PROFILE_PICTURES_CONTAINER_NAME=profile-container  # Profile pictures
+
+# Background Jobs (Required if using Trigger.dev)
+TRIGGER_PROJECT_ID=proj_...  # Trigger.dev project ID
+TRIGGER_SECRET_KEY=trig_...  # Trigger.dev secret key
+TRIGGER_DEV_ENABLED=true  # Enable Trigger.dev
+
+# OAuth Integrations (Required per integration used)
+GOOGLE_CLIENT_ID=google_client_id.apps.googleusercontent.com  # Google OAuth
+GOOGLE_CLIENT_SECRET=google_client_secret  # Google OAuth secret
+GITHUB_CLIENT_ID=github_client_id  # GitHub OAuth
+GITHUB_CLIENT_SECRET=github_client_secret  # GitHub OAuth secret
+GITHUB_REPO_CLIENT_ID=github_repo_client_id  # GitHub repo OAuth
+GITHUB_REPO_CLIENT_SECRET=github_repo_client_secret  # GitHub repo OAuth secret
+X_CLIENT_ID=x_client_id  # X (Twitter) OAuth
+X_CLIENT_SECRET=x_client_secret  # X (Twitter) OAuth secret
+CONFLUENCE_CLIENT_ID=confluence_client_id  # Confluence OAuth
+CONFLUENCE_CLIENT_SECRET=confluence_client_secret  # Confluence OAuth secret
+JIRA_CLIENT_ID=jira_client_id  # Jira OAuth
+JIRA_CLIENT_SECRET=jira_client_secret  # Jira OAuth secret
+AIRTABLE_CLIENT_ID=airtable_client_id  # Airtable OAuth
+AIRTABLE_CLIENT_SECRET=airtable_client_secret  # Airtable OAuth secret
+SUPABASE_CLIENT_ID=supabase_client_id  # Supabase OAuth
+SUPABASE_CLIENT_SECRET=supabase_client_secret  # Supabase OAuth secret
+NOTION_CLIENT_ID=notion_client_id  # Notion OAuth
+NOTION_CLIENT_SECRET=notion_client_secret  # Notion OAuth secret
+DISCORD_CLIENT_ID=discord_client_id  # Discord OAuth
+DISCORD_CLIENT_SECRET=discord_client_secret  # Discord OAuth secret
+MICROSOFT_CLIENT_ID=microsoft_client_id  # Microsoft OAuth
+MICROSOFT_CLIENT_SECRET=microsoft_client_secret  # Microsoft OAuth secret
+HUBSPOT_CLIENT_ID=hubspot_client_id  # HubSpot OAuth
+HUBSPOT_CLIENT_SECRET=hubspot_client_secret  # HubSpot OAuth secret
+WEALTHBOX_CLIENT_ID=wealthbox_client_id  # WealthBox OAuth
+WEALTHBOX_CLIENT_SECRET=wealthbox_client_secret  # WealthBox OAuth secret
+LINEAR_CLIENT_ID=linear_client_id  # Linear OAuth
+LINEAR_CLIENT_SECRET=linear_client_secret  # Linear OAuth secret
+SLACK_CLIENT_ID=slack_client_id  # Slack OAuth
+SLACK_CLIENT_SECRET=slack_client_secret  # Slack OAuth secret
+REDDIT_CLIENT_ID=reddit_client_id  # Reddit OAuth
+REDDIT_CLIENT_SECRET=reddit_client_secret  # Reddit OAuth secret
+WEBFLOW_CLIENT_ID=webflow_client_id  # Webflow OAuth
+WEBFLOW_CLIENT_SECRET=webflow_client_secret  # Webflow OAuth secret
+
+# E2B Remote Execution (Required if code execution sandbox is used)
+E2B_ENABLED=true  # Enable E2B
+E2B_API_KEY=e2b_api_key  # E2B API key
+
+# SSO (Required if SSO login is enabled)
+SSO_ENABLED=true  # Enable SSO
+SSO_PROVIDER_TYPE=oidc  # 'oidc' or 'saml'
+SSO_PROVIDER_ID=your-sso-provider  # SSO provider ID
+SSO_ISSUER=https://issuer.example.com  # SSO issuer URL
+SSO_DOMAIN=yourcompany.com  # Allowed email domain
+[email protected]  # User email for SSO registration
+SSO_ORGANIZATION_ID=org_123  # Organization ID for SSO registration
+SSO_OIDC_CLIENT_ID=oidc_client_id  # OIDC client ID
+SSO_OIDC_CLIENT_SECRET=oidc_client_secret  # OIDC client secret
+# OR for SAML:
+SSO_SAML_ENTRY_POINT=https://idp.example.com/sso  # SAML SSO URL
+SSO_SAML_CERT=-----BEGIN CERTIFICATE-----...  # SAML IdP cert
+
+# Real-time Communication (Required if WebSocket features are used)
+SOCKET_SERVER_URL=ws://localhost:3001  # WebSocket server URL
+PORT=3000  # Application port
+
+# Client-side Google Services (Required if Google Drive/Picker used)
+NEXT_PUBLIC_GOOGLE_CLIENT_ID=google_client_id.apps.googleusercontent.com  # Google OAuth (client)
+NEXT_PUBLIC_GOOGLE_API_KEY=google_api_key  # Google API key
+NEXT_PUBLIC_GOOGLE_PROJECT_NUMBER=1234567890  # Google project number 
+
+# ========================================
+# OPTIONAL VARIABLES (Safe to leave unset)
+# ========================================
+
+# Core Database & Authentication
+DISABLE_REGISTRATION=false  # Disable new user registration
+[email protected],[email protected]  # Whitelist emails
+ALLOWED_LOGIN_DOMAINS=company.com,partner.org  # Whitelist domains
+API_ENCRYPTION_KEY=optional_api_encryption_key  # Dedicated API key encryption
+EMAIL_VERIFICATION_ENABLED=false  # Require email verification
+
+# Copilot
+REDIS_URL=redis://localhost:6379  # Redis for caching/sessions
+
+# Payment & Billing
+FREE_TIER_COST_LIMIT=10  # Free tier cost limit ($)
+FREE_STORAGE_LIMIT_GB=5  # Free tier storage (GB)
+PRO_TIER_COST_LIMIT=50  # Pro tier cost limit
+PRO_STORAGE_LIMIT_GB=50  # Pro tier storage
+TEAM_TIER_COST_LIMIT=200  # Team tier cost limit
+TEAM_STORAGE_LIMIT_GB=500  # Team tier storage
+ENTERPRISE_TIER_COST_LIMIT=1000  # Enterprise cost limit
+ENTERPRISE_STORAGE_LIMIT_GB=500  # Enterprise storage
+OVERAGE_THRESHOLD_DOLLARS=50  # Overage billing threshold
+
+# Email & Communication
+AZURE_ACS_CONNECTION_STRING=endpoint=...;accesskey=...  # Azure Communication Services
+
+# AI/LLM Providers
+OLLAMA_URL=http://localhost:11434  # Local Ollama server
+DEEPSEEK_MODELS_ENABLED=false  # Enable Deepseek models
+KB_OPENAI_MODEL_NAME=gpt-4o  # Knowledge base OpenAI model name
+WAND_OPENAI_MODEL_NAME=gpt-4o  # Wand generation OpenAI model name
+AZURE_OPENAI_API_VERSION=2024-02-01  # Shared Azure OpenAI API version (already in required, but optional if not using Azure)
+
+# Monitoring & Analytics
+TELEMETRY_ENDPOINT=https://telemetry.yourdomain.com  # Custom telemetry
+COST_MULTIPLIER=1.0  # Cost calculation multiplier
+LOG_LEVEL=INFO  # DEBUG, INFO, WARN, ERROR
+
+# External Services
+BROWSERBASE_API_KEY=browserbase_key  # Browser automation
+BROWSERBASE_PROJECT_ID=proj_123  # Browserbase project
+GITHUB_TOKEN=ghp_...  # GitHub PAT
+
+# Infrastructure
+NEXT_RUNTIME=nodejs  # Next.js runtime
+DOCKER_BUILD=true  # Docker build flag
+
+# Background Jobs
+CRON_SECRET=cron_secret_key  # Cron job auth
+JOB_RETENTION_DAYS=7  # Job log retention
+
+# Data Retention
+FREE_PLAN_LOG_RETENTION_DAYS=30  # Free plan log retention
+
+# Rate Limiting
+RATE_LIMIT_WINDOW_MS=60000  # Rate limit window (ms)
+MANUAL_EXECUTION_LIMIT=999999  # Bypass for manual exec
+RATE_LIMIT_FREE_SYNC=10  # Free sync/min
+RATE_LIMIT_FREE_ASYNC=50  # Free async/min
+RATE_LIMIT_PRO_SYNC=25  # Pro sync/min
+RATE_LIMIT_PRO_ASYNC=200  # Pro async/min
+RATE_LIMIT_TEAM_SYNC=75  # Team sync/min
+RATE_LIMIT_TEAM_ASYNC=500  # Team async/min
+RATE_LIMIT_ENTERPRISE_SYNC=150  # Enterprise sync/min
+RATE_LIMIT_ENTERPRISE_ASYNC=1000  # Enterprise async/min
+
+# Knowledge Base Processing
+KB_CONFIG_MAX_DURATION=600  # Max processing time (s)
+KB_CONFIG_MAX_ATTEMPTS=3  # Retry attempts
+KB_CONFIG_RETRY_FACTOR=2  # Backoff factor
+KB_CONFIG_MIN_TIMEOUT=1000  # Min timeout (ms)
+KB_CONFIG_MAX_TIMEOUT=10000  # Max timeout (ms)
+KB_CONFIG_CONCURRENCY_LIMIT=20  # Queue concurrency
+KB_CONFIG_BATCH_SIZE=20  # Batch size
+KB_CONFIG_DELAY_BETWEEN_BATCHES=100  # Delay between batches (ms)
+KB_CONFIG_DELAY_BETWEEN_DOCUMENTS=50  # Delay between docs (ms)
+
+# Real-time
+SOCKET_PORT=3001  # WebSocket port
+ALLOWED_ORIGINS=https://app.yourdomain.com,http://localhost:3000  # CORS origins
+NEXT_PUBLIC_SOCKET_URL=ws://localhost:3001  # Client-side WebSocket URL (for real-time features in frontend)
+
+# UI Branding & Whitelabeling
+NEXT_PUBLIC_BRAND_NAME=Sim  # Custom brand name
+NEXT_PUBLIC_BRAND_LOGO_URL=https://yourdomain.com/logo.png  # Logo URL
+NEXT_PUBLIC_BRAND_FAVICON_URL=https://yourdomain.com/favicon.ico  # Favicon
+NEXT_PUBLIC_CUSTOM_CSS_URL=https://yourdomain.com/custom.css  # Custom CSS
+[email protected]  # Support email
+NEXT_PUBLIC_DOCUMENTATION_URL=https://docs.yourdomain.com  # Docs URL
+NEXT_PUBLIC_TERMS_URL=https://yourdomain.com/terms  # Terms URL
+NEXT_PUBLIC_PRIVACY_URL=https://yourdomain.com/privacy  # Privacy URL
+
+# Theme
+NEXT_PUBLIC_BRAND_PRIMARY_COLOR=#701ffc  # Primary color (hex)
+NEXT_PUBLIC_BRAND_PRIMARY_HOVER_COLOR=#5a18d4  # Hover primary
+NEXT_PUBLIC_BRAND_ACCENT_COLOR=#00d4ff  # Accent color
+NEXT_PUBLIC_BRAND_ACCENT_HOVER_COLOR=#00b8db  # Hover accent
+NEXT_PUBLIC_BRAND_BACKGROUND_COLOR=#ffffff  # Background color
+
+# Feature Flags
+NEXT_PUBLIC_BILLING_ENABLED=true  # Show billing UI
+NEXT_PUBLIC_TRIGGER_DEV_ENABLED=true  # Async execution UI
+NEXT_PUBLIC_SSO_ENABLED=true  # SSO login UI
+NEXT_PUBLIC_EMAIL_PASSWORD_SIGNUP_ENABLED=true  # Email/password signup
+NEXT_PUBLIC_E2B_ENABLED=true  # Code execution UI
+NEXT_PUBLIC_COPILOT_TRAINING_ENABLED=true  # Copilot training UI
+NEXT_PUBLIC_POSTHOG_ENABLED=true  # PostHog analytics
+NEXT_PUBLIC_POSTHOG_KEY=phc_...  # PostHog key
+
+# Shared
+NODE_ENV=production  # development, test, production
+NEXT_TELEMETRY_DISABLED=1  # Disable Next.js telemetry
+
+# SSO Mapping & Advanced Config (Optional SSO extensions)
+SSO_MAPPING_ID=sub  # Custom ID claim mapping
+SSO_MAPPING_EMAIL=email  # Custom email claim mapping
+SSO_MAPPING_NAME=name  # Custom name claim mapping
+SSO_MAPPING_IMAGE=picture  # Custom image claim mapping
+SSO_OIDC_SCOPES=openid,profile,email  # OIDC scopes
+SSO_OIDC_PKCE=true  # Enable PKCE
+SSO_OIDC_AUTHORIZATION_ENDPOINT=https://issuer.example.com/auth  # OIDC auth endpoint
+SSO_OIDC_TOKEN_ENDPOINT=https://issuer.example.com/token  # OIDC token endpoint
+SSO_OIDC_USERINFO_ENDPOINT=https://issuer.example.com/userinfo  # OIDC userinfo endpoint
+SSO_OIDC_JWKS_ENDPOINT=https://issuer.example.com/jwks  # OIDC JWKS endpoint
+SSO_OIDC_DISCOVERY_ENDPOINT=https://issuer.example.com/.well-known/openid-configuration  # OIDC discovery
+SSO_SAML_CALLBACK_URL=https://yourdomain.com/sso/callback  # SAML callback URL
+SSO_SAML_SP_METADATA=your_sp_metadata_xml  # SAML SP metadata XML
+SSO_SAML_IDP_METADATA=your_idp_metadata_xml  # SAML IdP metadata XML
+SSO_SAML_AUDIENCE=https://yourdomain.com  # SAML audience
+SSO_SAML_WANT_ASSERTIONS_SIGNED=false  # Require signed assertions
+SSO_SAML_SIGNATURE_ALGORITHM=sha256  # SAML signature algorithm
+SSO_SAML_DIGEST_ALGORITHM=sha256  # SAML digest algorithm
+SSO_SAML_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress  # SAML identifier format

apps/sim/app/api/billing/portal/route.ts

@@ -1,6 +1,6 @@
 import { db } from '@sim/db'
 import { subscription as subscriptionTable, user } from '@sim/db/schema'
-import { and, eq } from 'drizzle-orm'
+import { and, eq, or } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { requireStripeClient } from '@/lib/billing/stripe-client'
@@ -38,7 +38,10 @@ export async function POST(request: NextRequest) {
         .where(
           and(
             eq(subscriptionTable.referenceId, organizationId),
-            eq(subscriptionTable.status, 'active')
+            or(
+              eq(subscriptionTable.status, 'active'),
+              eq(subscriptionTable.cancelAtPeriodEnd, true)
+            )
           )
         )
         .limit(1)