Merge pull request #7315 from ever-co/stage

Release

.env.compose

@@ -64,7 +64,7 @@ DB_NAME=gauzy
 DB_USER=postgres
 DB_PASS=gauzy_password
 DB_LOGGING=all
-DB_POOL_SIZE=20
+DB_POOL_SIZE=40
 DB_CONNECTION_TIMEOUT=1000
 DB_SLOW_QUERY_LOGGING_TIMEOUT=3000
 
@@ -89,8 +89,9 @@ MAGIC_CODE_EXPIRATION_TIME=600
 TEAM_JOIN_REQUEST_EXPIRATION_TIME=86400
 
 # Rate Limiting
+THROTTLE_ENABLED=true
 THROTTLE_TTL=60
-THROTTLE_LIMIT=300
+THROTTLE_LIMIT=10000
 
 # Twitter OAuth Configuration
 TWITTER_CLIENT_ID=XXXXXXX

.env.demo.compose

@@ -65,7 +65,7 @@ DB_NAME=gauzy
 DB_USER=postgres
 DB_PASS=gauzy_password
 DB_LOGGING=all
-DB_POOL_SIZE=20
+DB_POOL_SIZE=40
 DB_CONNECTION_TIMEOUT=1000
 DB_SLOW_QUERY_LOGGING_TIMEOUT=3000
 
@@ -90,8 +90,9 @@ MAGIC_CODE_EXPIRATION_TIME=600
 TEAM_JOIN_REQUEST_EXPIRATION_TIME=86400
 
 # Rate Limiting
+THROTTLE_ENABLED=true
 THROTTLE_TTL=60
-THROTTLE_LIMIT=300
+THROTTLE_LIMIT=10000
 
 # Twitter OAuth Configuration
 TWITTER_CLIENT_ID=XXXXXXX

.env.docker

@@ -63,7 +63,7 @@ DB_NAME=gauzy
 DB_USER=postgres
 DB_PASS=root
 DB_LOGGING=all
-DB_POOL_SIZE=20
+DB_POOL_SIZE=40
 DB_CONNECTION_TIMEOUT=1000
 DB_SLOW_QUERY_LOGGING_TIMEOUT=3000
 
@@ -88,8 +88,9 @@ MAGIC_CODE_EXPIRATION_TIME=600
 TEAM_JOIN_REQUEST_EXPIRATION_TIME=86400
 
 # Rate Limiting
+THROTTLE_ENABLED=true
 THROTTLE_TTL=60
-THROTTLE_LIMIT=300
+THROTTLE_LIMIT=10000
 
 # Twitter OAuth Configuration
 TWITTER_CLIENT_ID=XXXXXXX

.env.local

@@ -63,7 +63,7 @@ DB_NAME=gauzy
 DB_USER=postgres
 DB_PASS=root
 DB_LOGGING=all
-DB_POOL_SIZE=20
+DB_POOL_SIZE=40
 DB_CONNECTION_TIMEOUT=1000
 DB_SLOW_QUERY_LOGGING_TIMEOUT=3000
 
@@ -88,8 +88,9 @@ MAGIC_CODE_EXPIRATION_TIME=600
 TEAM_JOIN_REQUEST_EXPIRATION_TIME=86400
 
 # Rate Limiting
+THROTTLE_ENABLED=true
 THROTTLE_TTL=60
-THROTTLE_LIMIT=300
+THROTTLE_LIMIT=10000
 
 # Twitter OAuth Configuration
 TWITTER_CLIENT_ID=

.env.sample

@@ -47,7 +47,7 @@ DB_TYPE=better-sqlite3
 # DB_USER=postgres
 # DB_PASS=root
 # DB_LOGGING=all
-# DB_POOL_SIZE=20
+# DB_POOL_SIZE=40
 # DB_CONNECTION_TIMEOUT=1000
 # DB_SLOW_QUERY_LOGGING_TIMEOUT=3000
 
@@ -72,8 +72,9 @@ MAGIC_CODE_EXPIRATION_TIME=600
 TEAM_JOIN_REQUEST_EXPIRATION_TIME=86400
 
 # Rate Limiting
+THROTTLE_ENABLED=true
 THROTTLE_TTL=60
-THROTTLE_LIMIT=300
+THROTTLE_LIMIT=10000
 
 # Twitter OAuth Configuration
 TWITTER_CLIENT_ID=XXXXXXX

.github/workflows/desktop-app-prod.yml

@@ -129,7 +129,7 @@ jobs:
 
     strategy:
       matrix:
-        os: [windows-latest-l]
+        os: [windows-latest]
 
     steps:
       - name: Check out Git repository

.github/workflows/desktop-app-stage.yml

@@ -129,7 +129,7 @@ jobs:
 
     strategy:
       matrix:
-        os: [windows-latest-l]
+        os: [windows-latest]
 
     steps:
       - name: Check out Git repository

.github/workflows/desktop-timer-app-prod.yml

@@ -141,7 +141,7 @@ jobs:
 
     strategy:
       matrix:
-        os: [windows-latest-l]
+        os: [windows-latest]
 
     steps:
       - name: Check out Git repository

.github/workflows/desktop-timer-app-stage.yml

@@ -141,7 +141,7 @@ jobs:
 
     strategy:
       matrix:
-        os: [windows-latest-l]
+        os: [windows-latest]
 
     steps:
       - name: Check out Git repository

.github/workflows/server-prod.yml

@@ -129,7 +129,7 @@ jobs:
 
     strategy:
       matrix:
-        os: [windows-latest-l]
+        os: [windows-latest]
 
     steps:
       - name: Check out Git repository

.github/workflows/server-stage.yml

@@ -129,7 +129,7 @@ jobs:
 
     strategy:
       matrix:
-        os: [windows-latest-l]
+        os: [windows-latest]
 
     steps:
       - name: Check out Git repository

apps/api/src/plugin-config.ts

@@ -108,7 +108,7 @@ function getDbConfig(): DataSourceOptions {
 				// See https://typeorm.io/data-source-options#common-data-source-options
 				extra: {
 					// based on  https://node-postgres.com/api/pool max connection pool size
-					max: process.env.DB_POOL_SIZE || 20,
+					max: process.env.DB_POOL_SIZE || 40,
 					// connection timeout
 					connectionTimeoutMillis: process.env.DB_CONNECTION_TIMEOUT
 						? parseInt(process.env.DB_CONNECTION_TIMEOUT)

packages/config/src/database.ts

@@ -59,7 +59,7 @@ switch (dbType) {
 			// See https://typeorm.io/data-source-options#common-data-source-options
 			extra: {
 				// based on  https://node-postgres.com/api/pool max connection pool size
-				max: process.env.DB_POOL_SIZE || 20,
+				max: process.env.DB_POOL_SIZE || 40,
 				// connection timeout
 				connectionTimeoutMillis: process.env.DB_CONNECTION_TIMEOUT
 					? parseInt(process.env.DB_CONNECTION_TIMEOUT)

packages/config/src/environments/environment.prod.ts

@@ -51,8 +51,8 @@ export const environment: IEnvironment = {
 	/**
 	 * Throttler (Rate Limiting) Options
 	 */
-	THROTTLE_TTL: parseInt(process.env.THROTTLE_TTL) || 60, // 60ms
-	THROTTLE_LIMIT: parseInt(process.env.THROTTLE_LIMIT) || 3000,
+	THROTTLE_TTL: parseInt(process.env.THROTTLE_TTL) || 60, // now it's 60 seconds, but in future versions of Throttle going to be 60ms!
+	THROTTLE_LIMIT: parseInt(process.env.THROTTLE_LIMIT) || 10000,
 
 	/**
 	 * Jitsu Server Configuration

packages/config/src/environments/environment.ts

@@ -56,7 +56,8 @@ export const environment: IEnvironment = {
 	 * Throttler (Rate Limiting) Options
 	 */
 	THROTTLE_TTL: parseInt(process.env.THROTTLE_TTL) || 60, // now it's 60 seconds, but in future versions of Throttle going to be 60ms!
-	THROTTLE_LIMIT: parseInt(process.env.THROTTLE_LIMIT) || 3000,
+	THROTTLE_LIMIT: parseInt(process.env.THROTTLE_LIMIT) || 10000,
+	THROTTLE_ENABLED: process.env.THROTTLE_ENABLED == 'true',
 
 	/**
 	 * Jitsu Server Configuration

packages/config/src/environments/ienvironment.ts

@@ -90,6 +90,7 @@ export interface IEnvironment {
 	/**
 	 * Throttler (Rate Limiting) Options
 	 */
+	THROTTLE_ENABLED?: boolean;
 	THROTTLE_TTL?: number;
 	THROTTLE_LIMIT?: number;
 

packages/core/src/app.module.ts

@@ -237,7 +237,8 @@ if (environment.sentry && environment.sentry.dsn) {
 		// Probot Configuration
 		ProbotModule.forRoot({
 			isGlobal: true,
-			path: 'integration/github/webhook', // Webhook URL in GitHub will be: https://api.gauzy.co/api/integration/github/webhook
+			// Webhook URL in GitHub will be: https://api.gauzy.co/api/integration/github/webhook
+			path: 'integration/github/webhook',
 			config: {
 				/** Client Configuration */
 				clientId: github.clientId,
@@ -267,14 +268,18 @@ if (environment.sentry && environment.sentry.dsn) {
 				echoEvents: jitsu.echoEvents
 			}
 		}),
-		ThrottlerModule.forRootAsync({
-			inject: [ConfigService],
-			useFactory: (config: ConfigService): ThrottlerModuleOptions =>
-				({
-					ttl: config.get('THROTTLE_TTL'),
-					limit: config.get('THROTTLE_LIMIT')
-				} as ThrottlerModuleOptions)
-		}),
+		...(environment.THROTTLE_ENABLED
+			? [
+					ThrottlerModule.forRootAsync({
+						inject: [ConfigService],
+						useFactory: (config: ConfigService): ThrottlerModuleOptions =>
+							({
+								ttl: config.get('THROTTLE_TTL'),
+								limit: config.get('THROTTLE_LIMIT')
+							} as ThrottlerModuleOptions)
+					})
+			  ]
+			: []),
 		CoreModule,
 		AuthModule,
 		UserModule,
@@ -403,26 +408,34 @@ if (environment.sentry && environment.sentry.dsn) {
 	controllers: [AppController],
 	providers: [
 		AppService,
-		{
-			provide: APP_GUARD,
-			useClass: ThrottlerBehindProxyGuard
-		},
+		...(environment.THROTTLE_ENABLED
+			? [
+					{
+						provide: APP_GUARD,
+						useClass: ThrottlerBehindProxyGuard
+					}
+			  ]
+			: []),
 		{
 			provide: APP_INTERCEPTOR,
 			useClass: TransformInterceptor
 		},
-		{
-			provide: APP_INTERCEPTOR,
-			useFactory: () =>
-				new SentryInterceptor({
-					filters: [
-						{
-							type: HttpException,
-							filter: (exception: HttpException) => 500 > exception.getStatus() // Only report 500 errors
-						}
-					]
-				})
-		}
+		...(environment.sentry && environment.sentry.dsn
+			? [
+					{
+						provide: APP_INTERCEPTOR,
+						useFactory: () =>
+							new SentryInterceptor({
+								filters: [
+									{
+										type: HttpException,
+										filter: (exception: HttpException) => 500 > exception.getStatus() // Only report 500 errors
+									}
+								]
+							})
+					}
+			  ]
+			: [])
 	],
 	exports: []
 })

packages/core/src/bootstrap/index.ts

@@ -69,16 +69,19 @@ export async function bootstrap(pluginConfig?: Partial<IPluginConfig>): Promise<
 			'Authorization, Language, Tenant-Id, Organization-Id, X-Requested-With, X-Auth-Token, X-HTTP-Method-Override, Content-Type, Content-Language, Accept, Accept-Language, Observe'
 	});
 
-	// TODO: enable csurf
+	// TODO: enable csurf is not good idea because it was depricated.
+	// Maybe review https://github.com/Psifi-Solutions/csrf-csrf as alternative?
 	// As explained on the csurf middleware page https://github.com/expressjs/csurf#csurf,
 	// the csurf module requires either a session middleware or cookie-parser to be initialized first.
 	// app.use(csurf());
 
+	// We use sessions for Passport Auth
 	app.use(
 		expressSession({
 			secret: env.EXPRESS_SESSION_SECRET,
-			resave: true,
+			resave: true, // we use this because Memory store does not support 'touch' method
 			saveUninitialized: true
+			// cookie: { secure: true } // TODO
 		})
 	);
 

packages/core/src/core/context/request-context.middleware.ts

@@ -8,16 +8,21 @@ import { Request, Response, NextFunction } from 'express';
 
 import { RequestContext } from './request-context';
 
+// There are few alternatives to 'cls-hooked', see:
+// https://docs.nestjs.com/recipes/async-local-storage
+// https://github.com/papooch/nestjs-cls
+
 @Injectable()
 export class RequestContextMiddleware implements NestMiddleware {
-	use(
-		req: Request,
-		res: Response,
-		next: NextFunction
-	) {
+	use(req: Request, res: Response, next: NextFunction) {
 		const requestContext = new RequestContext(req, res);
 		const session = cls.getNamespace(RequestContext.name) || cls.createNamespace(RequestContext.name);
 
+		// Note: this is "session" created by "cls-hooked" lib code,
+		// not related to express "session" storage at all!
+		// Also, session.run essentially creates unique context for each
+		// request so all data is isolated without any potential conflicts
+		// for concurrent requests
 		session.run(async () => {
 			session.set(RequestContext.name, requestContext);
 			next();