Merge pull request #3942 from penpot/niwinz-staging-svg-parse-fill-fix

🐛 Fix several issues on svg path parsing

.circleci/config.yml

@@ -11,11 +11,11 @@ jobs:
       - image: cimg/redis:7.0.5
 
     working_directory: ~/repo
-    resource_class: large
+    resource_class: medium+
 
     environment:
-      # Customize the JVM maximum heap limit
-      JVM_OPTS: -Xmx4g
+      JAVA_OPTS: -Xmx4g -Xms100m -XX:+UseSerialGC
+      NODE_OPTIONS: --max-old-space-size=4096
 
     steps:
       - checkout
@@ -28,50 +28,59 @@ jobs:
            - v1-dependencies-
 
       - run: cd .clj-kondo && cat config.edn
+      - run: cat .cljfmt.edn
+      - run: clj-kondo --version
 
-      - run:
-          name: frontend styles prettier
-          working_directory: "./frontend"
-          command: |
-            yarn install
-            yarn run lint-scss
+      # - run:
+      #     name: "fmt check [clj]"
+      #     command: |
+      #       yarn run fmt:clj:check
 
       - run:
           name: common lint
           working_directory: "./common"
           command: |
-            clj-kondo --version
-            clj-kondo --parallel --lint src/
+            yarn install
+            yarn run lint:clj
 
       - run:
           name: frontend lint
           working_directory: "./frontend"
           command: |
-            clj-kondo --version
-            clj-kondo --parallel --lint src/
+            yarn install
+            yarn run lint:scss
+            yarn run lint:clj
 
       - run:
           name: backend lint
           working_directory: "./backend"
           command: |
-            clj-kondo --version
-            clj-kondo --parallel --lint src/
+            yarn install
+            yarn run lint:clj
 
       - run:
-          working_directory: "./common"
-          name: common tests
+          name: exporter lint
+          working_directory: "./exporter"
           command: |
             yarn install
+            yarn run lint:clj
+
+      - run:
+          name: "common tests"
+          working_directory: "./common"
+          command: |
             yarn test
             clojure -X:dev:test :patterns '["common-tests.*-test"]'
 
-          environment:
-            PATH: /usr/local/nodejs/bin/:/usr/local/bin:/bin:/usr/bin
-            JVM_OPTS: -Xmx4g
-            NODE_OPTIONS: --max-old-space-size=4096
+      - run:
+          name: "frontend tests"
+          working_directory: "./frontend"
+          command: |
+            yarn install
+            yarn test
 
       - run:
-          name: backend test
+          name: "backend tests"
           working_directory: "./backend"
           command: |
             clojure -X:dev:test :patterns '["backend-tests.*-test"]'
@@ -81,18 +90,6 @@ jobs:
             PENPOT_TEST_DATABASE_USERNAME: penpot_test
             PENPOT_TEST_DATABASE_PASSWORD: penpot_test
             PENPOT_TEST_REDIS_URI: "redis://localhost/1"
-            JVM_OPTS: -Xmx4g
-
-      - run:
-          name: frontend tests
-          working_directory: "./frontend"
-          command: |
-            yarn install
-            yarn test
-
-          environment:
-            PATH: /usr/local/nodejs/bin/:/usr/local/bin:/bin:/usr/bin
-            NODE_OPTIONS: --max-old-space-size=4096
 
       - save_cache:
          paths:

.clj-kondo/config.edn

@@ -2,10 +2,11 @@
  {promesa.core/let clojure.core/let
   promesa.core/->> clojure.core/->>
   promesa.core/-> clojure.core/->
+  promesa.exec.csp/go-loop clojure.core/loop
   rumext.v2/defc clojure.core/defn
   rumext.v2/fnc clojure.core/fn
+  promesa.util/with-open clojure.core/with-open
   app.common.data/export clojure.core/def
-  app.db/with-atomic clojure.core/with-open
   app.common.data.macros/get-in clojure.core/get-in
   app.common.data.macros/with-open clojure.core/with-open
   app.common.data.macros/select-keys clojure.core/select-keys
@@ -14,16 +15,26 @@
  :hooks
  {:analyze-call
   {app.common.data.macros/export hooks.export/export
-   potok.core/reify hooks.export/potok-reify
+   potok.v2.core/reify hooks.export/potok-reify
    app.util.services/defmethod hooks.export/service-defmethod
+   app.common.record/defrecord hooks.export/penpot-defrecord
+   app.db/with-atomic hooks.export/penpot-with-atomic
+   rumext.v2/fnc hooks.export/rumext-fnc
    }}
 
  :output
  {:exclude-files
   ["data_readers.clj"
-   "app/util/perf.cljs"
-   "app/common/logging.cljc"
-   "app/common/exceptions.cljc"]}
+   "src/app/util/perf.cljs"
+   "src/app/common/logging.cljc"
+   "src/app/common/exceptions.cljc"
+   "^(?:backend|frontend|exporter|common)/build.clj"
+   "^(?:backend|frontend|exporter|common)/deps.edn"
+   "^(?:backend|frontend|exporter|common)/scripts/"
+   "^(?:backend|frontend|exporter|common)/dev/"
+   "^(?:backend|frontend|exporter|common)/test/"]
+
+  :linter-name true}
 
  :linters
  {:unsorted-required-namespaces
@@ -59,4 +70,3 @@
    :exclude-destructured-keys-in-fn-args false
    }
   }}
-

.clj-kondo/hooks/export.clj

@@ -39,6 +39,60 @@
                          other))]
       {:node result})))
 
+(defn penpot-with-atomic
+  [{:keys [node]}]
+  (let [[params & body] (rest (:children node))]
+    (if (api/vector-node? params)
+      (let [[sym val opts] (:children params)]
+        (when-not (and sym val)
+          (throw (ex-info "No sym and val provided" {})))
+        {:node (api/list-node
+                (list*
+                 (api/token-node 'let)
+                 (api/vector-node [sym val])
+                 opts
+                 body))})
+
+      {:node (api/list-node
+              (into [(api/token-node 'let)
+                     (api/vector-node [params params])]
+                    body))})))
+
+(defn rumext-fnc
+  [{:keys [node]}]
+  (let [[cname mdata params & body] (rest (:children node))
+        [params body] (if (api/vector-node? mdata)
+                        [mdata (cons params body)]
+                        [params body])]
+    (let [result (api/list-node
+                  (into [(api/token-node 'fn)
+                         params]
+                        (cons mdata body)))]
+      {:node result})))
+
+
+(defn penpot-defrecord
+  [{:keys [:node]}]
+  (let [[rnode rtype rparams & other] (:children node)
+
+        nodes [(api/token-node (symbol "do"))
+               (api/list-node
+                (into [(api/token-node (symbol (name (:value rnode)))) rtype rparams] other))
+               (api/list-node
+                [(api/token-node (symbol "defn"))
+                 (api/token-node (symbol (str "pos->" (:string-value rtype))))
+                 (api/vector-node
+                  (->> (:children rparams)
+                       (mapv (fn [t]
+                               (api/token-node (symbol (str "_" (:string-value t))))))))
+                 (api/token-node nil)])]
+
+        result (api/list-node nodes)]
+
+    ;; (prn "=====>" (into {} rparams))
+    ;; (prn (api/sexpr result))
+    {:node result}))
+
 (defn clojure-specify
   [{:keys [:node]}]
   (let [[rnode rtype & other] (:children node)
@@ -48,7 +102,6 @@
                        other))]
     {:node result}))
 
-
 (defn service-defmethod
   [{:keys [:node]}]
   (let [[rnode rtype ?meta & other] (:children node)

.cljfmt.edn

@@ -0,0 +1,8 @@
+{:sort-ns-references? true
+ :remove-multiple-non-indenting-spaces? false
+ :remove-surrounding-whitespace? true
+ :remove-consecutive-blank-lines? false
+ :extra-indents {rumext.v2/fnc [[:inner 0]]
+                 promesa.exec/thread [[:inner 0]]
+                 specify! [[:inner 0] [:inner 1]]}
+ }

.editorconfig

@@ -0,0 +1,13 @@
+root = true
+
+[*.{cljs,cljc,clj,js,css,scss,html,yml,yaml,json,mustache}]
+charset = utf-8
+
+indent_size = 2
+indent_style = space
+
+end_of_line = lf
+
+insert_final_newline = true
+
+trim_trailing_whitespace = true

.gitignore

@@ -1,7 +1,16 @@
+.pnp.*
+.yarn/*
+!.yarn/patches
+!.yarn/plugins
+!.yarn/releases
+!.yarn/sdks
+!.yarn/versions
 *-init.clj
+*.css.json
 *.jar
 *.orig
 *.penpot
+*.css.json
 .calva
 .clj-kondo
 .cpcache
@@ -57,3 +66,4 @@
 /web
 clj-profiler/
 node_modules
+frontend/.storybook/preview-body.html

.vscode/settings.json

@@ -0,0 +1,9 @@
+{
+  "files.exclude": {
+    "**/.clj-kondo": true,
+    "**/.cpcache": true,
+    "**/.lsp": true,
+    "**/.shadow-cljs": true,
+    "**/node_modules": true
+  }
+}

.yarnrc.yml

@@ -0,0 +1,9 @@
+enableGlobalCache: true
+
+enableImmutableCache: false
+
+enableImmutableInstalls: false
+
+enableTelemetry: false
+
+nodeLinker: node-modules

CHANGES.md

@@ -1,5 +1,232 @@
 # CHANGELOG
 
+## :rocket: Next
+
+### :boom: Breaking changes & Deprecations
+
+### :sparkles: New features
+
+### :bug: Bugs fixed
+
+### :arrow_up: Deps updates
+
+### :heart: Community contributions by (Thank you!)
+
+## 1.20.0
+
+### :boom: Breaking changes & Deprecations
+
+### :sparkles: New features
+
+- Select through stroke only rectangle [Taiga #5484](https://tree.taiga.io/project/penpot/issue/5484)
+- Override browser Ctrl+ and Ctrl- zoom with Penpot Zoom [Taiga #3200](https://tree.taiga.io/project/penpot/us/3200)
+
+### :bug: Bugs fixed
+
+- Fix pixelated thumbnails [Github
+  #3681](https://github.com/penpot/penpot/issues/3681) [Github #3661](https://github.com/penpot/penpot/issues/3661)
+
+### :arrow_up: Deps updates
+
+### :heart: Community contributions by (Thank you!)
+
+## 1.19.5
+
+### :bug: New features
+
+- Fix problem with alignment performance
+
+## 1.19.4
+
+### :sparkles: New features
+
+- Improve selected colors [Taiga #5805]( https://tree.taiga.io/project/penpot/us/5805)
+
+### :bug: Bugs fixed
+
+- Fix problem with z-index field in non-absolute items
+
+## 1.19.3
+
+### :sparkles: New features
+
+- Remember last color mode in colorpicker [Taiga #5508](https://tree.taiga.io/project/penpot/issue/5508)
+- Improve layers multiselection behaviour [Github #5741](https://github.com/penpot/penpot/issues/5741)
+- Remember last active team across logouts / sessions [Github #3325](https://github.com/penpot/penpot/issues/3325)
+
+### :bug: Bugs fixed
+
+- List view is discarded on tab change on Workspace Assets Sidebar tab [Github #3547](https://github.com/penpot/penpot/issues/3547)
+- Fix message popup remains open when exiting workspace with browser back button [Taiga #5747](https://tree.taiga.io/project/penpot/issue/5747)
+- When editing text if font is changed, the proportions of the rendered shape are wrong [Taiga #5786](https://tree.taiga.io/project/penpot/issue/5786)
+
+## 1.19.2
+
+### :sparkles: New features
+
+- Navigate up in layer hierarchy with Shift+Enter shortcut [Taiga #5734](https://tree.taiga.io/project/penpot/us/5734)
+- Click on the flow tags open viewer with the selected frame [Taiga #5044](https://tree.taiga.io/project/penpot/us/5044)
+- Add Dutch language & update translation files with weblate
+
+### :bug: Bugs fixed
+
+- Fix unexpected output on get-page rpc method when invalid object-id is provided [Github #3546](https://github.com/penpot/penpot/issues/3546)
+- Fix Invalid files amount after moving file from Project to Drafts [Taiga #5638](https://tree.taiga.io/project/penpot/us/5638)
+- Fix deleted pages comments shown in right sidebar [Taiga #5648](https://tree.taiga.io/project/penpot/us/5648)
+- Fix tooltip on toggle visibility and toggle lock buttons [Taiga #5141](https://tree.taiga.io/project/penpot/issue/5141)
+
+
+## 1.19.1
+
+### :bug: Bugs fixed
+
+- Fix components not registered as updated [Taiga #5725](https://tree.taiga.io/project/penpot/issue/5725)
+
+## 1.19.0
+
+### :boom: Breaking changes & Deprecations
+
+### :sparkles: New features
+
+- Default naming of text layers [Taiga #2836](https://tree.taiga.io/project/penpot/us/2836)
+- Create typography style from a selected text layer [Taiga #3041](https://tree.taiga.io/project/penpot/us/3041)
+- Board as ruler origin [Taiga #4833](https://tree.taiga.io/project/penpot/us/4833)
+- Access tokens support [Taiga #4460](https://tree.taiga.io/project/penpot/us/4460)
+- Show interactions setting at the view mode [Taiga #1330](https://tree.taiga.io/project/penpot/issue/1330)
+- Improve dashboard performance related to thumbnails; now the thumbnails are
+  rendered as bitmap images.
+- Add the ability to disable google fonts provider with the `disable-google-fonts-provider` flag
+- Add the ability to disable dashboard templates section with the `disable-dashboard-templates-section` flag
+- Add the ability to use the registration whitelist with OICD [Github #3348](https://github.com/penpot/penpot/issues/3348)
+- Add support for local caching of google fonts (this avoids exposing the final user IP to
+  goolge and reduces the amount of request sent to google)
+- Set smooth/instant autoscroll depending on distance [GitHub #3377](https://github.com/penpot/penpot/issues/3377)
+- New component icon [Taiga #5290](https://tree.taiga.io/project/penpot/us/5290)
+- Show a confirmation dialog when an user tries to publish an empty library [Taiga #5294](https://tree.taiga.io/project/penpot/us/5294)
+
+### :bug: Bugs fixed
+
+- Fix files can be opened from multiple urls [Taiga #5310](https://tree.taiga.io/project/penpot/issue/5310)
+- Fix asset color item was created from the selected layer [Taiga #5180](https://tree.taiga.io/project/penpot/issue/5180)
+- Fix unpublish more than one library at the same time [Taiga #5532](https://tree.taiga.io/project/penpot/issue/5532)
+- Fix drag projects on dahsboard [Taiga #5531](https://tree.taiga.io/project/penpot/issue/5531)
+- Fix allow team name to be all blank [Taiga #5527](https://tree.taiga.io/project/penpot/issue/5527)
+- Fix search font visualitation [Taiga #5523](https://tree.taiga.io/project/penpot/issue/5523)
+- Fix create and account only with spaces [Taiga #5518](https://tree.taiga.io/project/penpot/issue/5518)
+- Fix context menu outside screen [Taiga #5524](https://tree.taiga.io/project/penpot/issue/5524)
+- Fix graphic item rename on assets pannel [Taiga #5556](https://tree.taiga.io/project/penpot/issue/5556)
+- Fix component and media name validation on assets panel [Taiga #5555](https://tree.taiga.io/project/penpot/issue/5555)
+- Fix problem with selection shortcuts [Taiga #5492](https://tree.taiga.io/project/penpot/issue/5492)
+- Fix issue with paths line to curve and concurrent editing [Taiga #5191](https://tree.taiga.io/project/penpot/issue/5191)
+- Fix problems with locked layers [Taiga #5139](https://tree.taiga.io/project/penpot/issue/5139)
+- Fix export from shared prototype [Taiga #5565](https://tree.taiga.io/project/penpot/issue/5565)
+- Fix email change: validation error displaying even after both fields are identical [Taiga #5514](https://tree.taiga.io/project/penpot/issue/5514)
+- Fix scroll on viewer comment list [Taiga #5563](https://tree.taiga.io/project/penpot/issue/5563)
+- Fix context menu z-index [Taiga #5561](https://tree.taiga.io/project/penpot/issue/5561)
+- Fix select all checkbox on shared link config [Taiga #5566](https://tree.taiga.io/project/penpot/issue/5566)
+- Fix validation on full name input on account creation [Taiga #5516](https://tree.taiga.io/project/penpot/issue/5516)
+- Fix validation on team name input [Taiga #5510](https://tree.taiga.io/project/penpot/issue/5510)
+- Fix incorrect uri generation issues on share-link modal [Taiga #5564](https://tree.taiga.io/project/penpot/issue/5564)
+- Fix cache issues with share-links [Taiga #5559](https://tree.taiga.io/project/penpot/issue/5559)
+- Makes height priority for the rows/columns grids [#2774](https://github.com/penpot/penpot/issues/2774)
+- Fix problem with comments mode not staying [#3363](https://github.com/penpot/penpot/issues/3363)
+- Fix problem with comments when user left the team [Taiga #5562](https://tree.taiga.io/project/penpot/issue/5562)
+- Fix problem with images patterns repeating [#3372](https://github.com/penpot/penpot/issues/3372)
+- Fix grid not being clipped in frames [#3365](https://github.com/penpot/penpot/issues/3365)
+- Fix cut/delete text layer when while creating text [Taiga #5602](https://tree.taiga.io/project/penpot/issue/5602)
+- Fix picking a gradient color in recent colors for a new color in the assets tab [Taiga #5601](https://tree.taiga.io/project/penpot/issue/5601)
+- Fix problem with importation process [Taiga #5597](https://tree.taiga.io/project/penpot/issue/5597)
+- Fix problem with HSV color picker [#3317](https://github.com/penpot/penpot/issues/3317)
+- Fix problem with slashes in layers names for exporter [#3276](https://github.com/penpot/penpot/issues/3276)
+- Fix incorrect modified data on moving files on dashboard [Taiga #5530](https://tree.taiga.io/project/penpot/issue/5530)
+- Fix focus handling on comments edition [Taiga #5560](https://tree.taiga.io/project/penpot/issue/5560)
+- Fix incorrect fullname use on registring user after OIDC authentication [Taiga #5517](https://tree.taiga.io/project/penpot/issue/5517)
+- Fix incorrect modified-at on project after import file [Taiga #5268](https://tree.taiga.io/project/penpot/issue/5268)
+- Fix incorrect message after sending invitation to already member [Taiga 5599](https://tree.taiga.io/project/penpot/issue/5599)
+- Fix text decoration on button [Taiga #5301](https://tree.taiga.io/project/penpot/issue/5301)
+- Fix menu order on design tab [Taiga #5195](https://tree.taiga.io/project/penpot/issue/5195)
+- Fix search bar width on layer tab [Taiga #5445](https://tree.taiga.io/project/penpot/issue/5445)
+- Fix border radius values with decimals [Taiga #5283](https://tree.taiga.io/project/penpot/issue/5283)
+- Fix shortcuts translations not homogenized [Taiga #5141](https://tree.taiga.io/project/penpot/issue/5141)
+- Fix overlay manual position in nested boards [Taiga #5135](https://tree.taiga.io/project/penpot/issue/5135)
+- Fix close overlay from a nested board [Taiga #5587](https://tree.taiga.io/project/penpot/issue/5587)
+- Fix overlay position when it has shadow or blur [Taiga #4752](https://tree.taiga.io/project/penpot/issue/4752)
+- Fix overlay position when there are elements fixed when scrolling [Taiga #4383](https://tree.taiga.io/project/penpot/issue/4383)
+- Fix problem when sliding color picker in selected-colors [#3150](https://github.com/penpot/penpot/issues/3150)
+- Fix error screen on upload image error [Taiga #5608](https://tree.taiga.io/project/penpot/issue/5608)
+- Fix bad frame-id for certain componentes [#3205](https://github.com/penpot/penpot/issues/3205)
+- Fix paste elements at bottom of frame [Taig #5253](https://tree.taiga.io/project/penpot/issue/5253)
+- Fix new-file button on project not redirecting to the new file [Taiga #5610](https://tree.taiga.io/project/penpot/issue/5610)
+- Fix retrieve user comments in dashboard [Taiga #5607](https://tree.taiga.io/project/penpot/issue/5607)
+- Locks shapes when moved inside a locked parent [Taiga #5252](https://tree.taiga.io/project/penpot/issue/5252)
+- Fix rotate several elements in bulk [Taiga #5165](https://tree.taiga.io/project/penpot/issue/5165)
+- Fix onboarding slides height [Taiga #5373](https://tree.taiga.io/project/penpot/issue/5373)
+- Fix create typography with section closed [Taiga #5574](https://tree.taiga.io/project/penpot/issue/5574)
+- Fix exports menu on viewer mode [Taiga #5568](https://tree.taiga.io/project/penpot/issue/5568)
+- Fix create empty comments [Taiga #5536](https://tree.taiga.io/project/penpot/issue/5536)
+- Fix text changes not propagated to copy [Taiga #5364](https://tree.taiga.io/project/penpot/issue/5364)
+- Fix position of text cursor is a bit too high in Invitations section [Taiga #5511](https://tree.taiga.io/project/penpot/issue/5511)
+- Fix undo when updating several texts [Taiga #5197](https://tree.taiga.io/project/penpot/issue/5197)
+- Fix assets right click button for multiple selection [Taiga #5545](https://tree.taiga.io/project/penpot/issue/5545)
+- Fix problem with precision in resizes [Taiga #5623](https://tree.taiga.io/project/penpot/issue/5623)
+- Fix absolute positioned layouts not showing flex properties [Taiga #5630](https://tree.taiga.io/project/penpot/issue/5630)
+- Fix text gradient handlers [Taiga #4047](https://tree.taiga.io/project/penpot/issue/4047)
+- Fix when user deletes one file during import it is impossible to finish importing of second file [Taiga #5656](https://tree.taiga.io/project/penpot/issue/5656)
+- Fix export multiple images when only one of them has export settings [Taiga #5649](https://tree.taiga.io/project/penpot/issue/5649)
+- Fix error when a user different than the thread creator edits a comment [Taiga #5647](https://tree.taiga.io/project/penpot/issue/5647)
+- Fix unnecessary button [Taiga #3312](https://tree.taiga.io/project/penpot/issue/3312)
+- Fix copy color information in several formats [Taiga #4723](https://tree.taiga.io/project/penpot/issue/4723)
+- Fix dropdown width [Taiga #5541](https://tree.taiga.io/project/penpot/issue/5541)
+- Fix enable comment mode and insert image keeps on comment mode [Taiga #5678](https://tree.taiga.io/project/penpot/issue/5678)
+- Fix enable undo just after using pencil [Taiga #5674](https://tree.taiga.io/project/penpot/issue/5674)
+- Fix 400 error when user changes password [Taiga #5643](https://tree.taiga.io/project/penpot/issue/5643)
+- Fix cannot undo layer styles [Taiga #5676](https://tree.taiga.io/project/penpot/issue/5676)
+- Fix unexpected exception on boolean shapes [Taiga #5685](https://tree.taiga.io/project/penpot/issue/5685)
+- Fix ctrl+z on select not working [Taiga #5677](https://tree.taiga.io/project/penpot/issue/5677)
+- Fix thubmnail rendering flashing [Taiga #5675](https://tree.taiga.io/project/penpot/issue/5675)
+
+### :arrow_up: Deps updates
+
+- Update google fonts catalog (at 2023/07/06) [Taiga #5592](https://tree.taiga.io/project/penpot/issue/5592)
+
+
+### :heart: Community contributions by (Thank you!)
+
+- Update Typography palette order (by @akshay-gupta7) [Github #3156](https://github.com/penpot/penpot/pull/3156)
+- Palettes (color, typographies) empty state (by @akshay-gupta7) [Github #3160](https://github.com/penpot/penpot/pull/3160)
+- Duplicate objects via drag + alt (by @akshay-gupta7) [Github #3147](https://github.com/penpot/penpot/pull/3147)
+- Set line-height to auto as 1.2 (by @akshay-gupta7) [Github #3185](https://github.com/penpot/penpot/pull/3185)
+- Click to select full values at the design sidebar (by @akshay-gupta7) [Github #3179](https://github.com/penpot/penpot/pull/3179)
+- Fix rect filter bounds math (by @ryanbreen) [Github #3180](https://github.com/penpot/penpot/pull/3180)
+- Removed sizing variables from radius (by @ondrejkonec) [Github #3184](https://github.com/penpot/penpot/pull/3184)
+- Dashboard search, set focus after shortcut (by @akshay-gupta7) [Github #3196](https://github.com/penpot/penpot/pull/3196)
+- Library name dropdown arrow is overlapped by library name (by @ondrejkonec) [Taiga #5200](https://tree.taiga.io/project/penpot/issue/5200)
+- Reorder shadows (by @akshay-gupta7) [Github #3236](https://github.com/penpot/penpot/pull/3236)
+- Open project in new tab from workspace (by @akshay-gupta7) [Github #3246](https://github.com/penpot/penpot/pull/3246)
+- Distribute fix enabled when two elements were selected (by @dfelinto) [Github #3266](https://github.com/penpot/penpot/pull/3266)
+- Distribute vertical spacing failing for overlapped text (by @dfelinto) [Github #3267](https://github.com/penpot/penpot/pull/3267)
+- bug Change independent corner radius input tooltips #3332 (by @astudentinearth) [Github #3332](https://github.com/penpot/penpot/pull/3332)
+
+## 1.18.6
+
+### :bug: Bugs fixed
+
+- Fix comments navigation from workspace [Taiga #5504](https://tree.taiga.io/project/penpot/issue/5504)
+
+### :sparkles: Enhancements
+
+- Add the ability to overwrite internal resolver with `PENPOT_INTERNAL_RESOLVER` environment
+  variable [GH #3310](https://github.com/penpot/penpot/issues/3310)
+
+## 1.18.5
+
+### :bug: Bugs fixed
+
+- Fix add flow option in contextual menu for frames
+- Fix issues related with invitations
+- Fix problem with undefined gaps
+- Add deleted fonts auto match mechanism
+
 ## 1.18.4
 
 ### :bug: Bugs fixed
@@ -8,6 +235,7 @@
 - Fix problem with layout not reflowing on shape deletion [Taiga #5289](https://tree.taiga.io/project/penpot/issue/5289)
 - Fix extra long typography names on assets and palette [Taiga #5199](https://tree.taiga.io/project/penpot/issue/5199)
 - Fix background-color property on inspect code [Taiga #5300](https://tree.taiga.io/project/penpot/issue/5300)
+- Preview layer blend modes (by @akshay-gupta7) [Github #3235](https://github.com/penpot/penpot/pull/3235)
 
 ## 1.18.3
 
@@ -38,6 +266,7 @@
 ## 1.18.0
 
 ### :sparkles: New features
+
 - Adds more accessibility improvements in dashboard [Taiga #4577](https://tree.taiga.io/project/penpot/us/4577)
 - Adds paddings and gaps prediction on layout creation [Taiga #4838](https://tree.taiga.io/project/penpot/task/4838)
 - Add visual feedback when proportionally scaling text elements with **K** [Taiga #3415](https://tree.taiga.io/project/penpot/us/3415)

README.md

@@ -26,6 +26,8 @@
 
 ![feature-readme](https://user-images.githubusercontent.com/1045247/189871786-0b44f7cf-3a0a-4445-a87b-9919ec398bf7.gif)
 
+🎇 **Penpot Fest exceeded all expectations - it was a complete success!** 🎇 Penpot Fest is our first Design event that brought designers and developers from the Open Source communities and beyond. Watch the replay of the talks on our [Youtube channel](https://www.youtube.com/playlist?list=PLgcCPfOv5v56-fghJo2dHNBqL9zlDTslh) or [Peertube channel](https://peertube.kaleidos.net/w/p/1tWgyJTt8sKbWwCEcBimZW)
+
 Penpot is the first **Open Source** design and prototyping platform meant for cross-domain teams. Non dependent on operating systems, Penpot is web based and works with open standards (SVG). Penpot invites designers all over the world to fall in love with open source while getting developers excited about the design process in return.
 
 ## Table of contents ##
@@ -107,6 +109,7 @@ Every sort of contribution will be very helpful to enhance Penpot. How you’ll
 - Create and [share Libraries & templates](https://penpot.app/libraries-templates.html) that will be helpful for the community
 - Become a [translator](https://help.penpot.app/contributing-guide/translations)
 - Give feedback: [Mail us](mailto:support@penpot.app)
+- **Contribute to Penpot's code:** [Watch this video](https://www.youtube.com/watch?v=TpN0osiY-8k) by Alejandro Alonso, CIO and developer at Penpot, where he gives us a hands-on demo of how to use Penpot’s repository and make changes in both front and back end
 
 To find (almost) everything you need to know on how to contribute to Penpot, refer to the [contributing-guide](https://help.penpot.app/contributing-guide/).
 
@@ -124,7 +127,7 @@ You can ask and answer questions, have open-ended conversations, and follow alon
 
 ✏️ [Tutorials](https://www.youtube.com/playlist?list=PLgcCPfOv5v54WpXhHmNO7T-YC7AE-SRsr)
 
-🏘️ [Architecture](https://help.penpot.app/technical-guide/architecture/)
+🏘️ [Architecture](https://help.penpot.app/technical-guide/developer/architecture/)
 
 📚 [Dev Diaries](https://penpot.app/dev-diaries.html)
 

THANKYOU.md

@@ -5,24 +5,25 @@ We want to thank to the amazing people that help us! Thank you! You're the best!
 ## Security
 * Husnain Iqbal (CEO OF ALPHA INFERNO PVT LTD)
 * [Shiraz Ali Khan](https://www.linkedin.com/in/shiraz-ali-khan-1ba508180/)
+* Vaibhav Shukla
 
 ## Internationalization
 * [00ff88](https://hosted.weblate.org/user/00ff88)
 * [AhmadHB](https://hosted.weblate.org/user/AhmadHB)
 * [Aimee](https://hosted.weblate.org/user/Aimee)
-* [alejandro.alonso](alejandro.https://hosted.weblate.org/user/alonso)
+* [alejandro.alonso](https://hosted.weblate.org/user/alejandro.alonso)
 * [alexpawlak](https://hosted.weblate.org/user/alexpawlak)
 * [allytiago](https://hosted.weblate.org/user/allytiago)
-* [alonso.torres](alonso.https://hosted.weblate.org/user/torres)
-* [andres.moya](andres.https://hosted.weblate.org/user/moya)
+* [alonso.torres](https://hosted.weblate.org/user/alonso.torres)
+* [andres.moya](https://hosted.weblate.org/user/andres.moya)
 * [antoniofsm](https://hosted.weblate.org/user/antoniofsm)
 * [ascarida](https://hosted.weblate.org/user/ascarida)
 * [Bechii](https://hosted.weblate.org/user/Bechii)
 * [Beeby](https://hosted.weblate.org/user/Beeby)
-* [bingling-sama](bingling-https://hosted.weblate.org/user/sama)
+* [bingling-sama](https://hosted.weblate.org/user/bingling-sama)
 * [devadarta](https://hosted.weblate.org/user/devadarta)
 * [diacritica](https://hosted.weblate.org/user/diacritica)
-* [dundzys.vincas](dundzys.https://hosted.weblate.org/user/vincas)
+* [dundzys.vincas](https://hosted.weblate.org/user/dundzys.vincas)
 * [Eranot](https://hosted.weblate.org/user/Eranot)
 * [erral](https://hosted.weblate.org/user/erral)
 * [ersen](https://hosted.weblate.org/user/ersen)

backend/.gitignore

@@ -0,0 +1,7 @@
+.pnp.*
+.yarn/*
+!.yarn/patches
+!.yarn/plugins
+!.yarn/releases
+!.yarn/sdks
+!.yarn/versions

backend/deps.edn

@@ -1,10 +1,12 @@
-{:deps
- {penpot/common {:local/root "../common"}
-  org.clojure/clojure {:mvn/version "1.11.1"}
-  org.clojure/core.async {:mvn/version "1.6.673"}
+{:mvn/repos
+ {"sonatype" {:url "https://oss.sonatype.org/content/repositories/snapshots/"}}
 
-  com.github.luben/zstd-jni {:mvn/version "1.5.2-5"}
-  org.clojure/data.fressian {:mvn/version "1.0.0"}
+ :deps
+ {penpot/common {:local/root "../common"}
+  org.clojure/clojure {:mvn/version "1.12.0-alpha5"}
+  org.clojure/tools.namespace {:mvn/version "1.4.4"}
+
+  com.github.luben/zstd-jni {:mvn/version "1.5.5-10"}
 
   io.prometheus/simpleclient {:mvn/version "0.16.0"}
   io.prometheus/simpleclient_hotspot {:mvn/version "0.16.0"}
@@ -15,28 +17,32 @@
 
   io.prometheus/simpleclient_httpserver {:mvn/version "0.16.0"}
 
-  io.lettuce/lettuce-core {:mvn/version "6.2.2.RELEASE"}
+  io.lettuce/lettuce-core {:mvn/version "6.2.6.RELEASE"}
   java-http-clj/java-http-clj {:mvn/version "0.4.3"}
 
   funcool/yetti
-  {:git/tag "v9.12"
-   :git/sha "51646d8"
+  {:git/tag "v10.0"
+   :git/sha "520613f"
    :git/url "https://github.com/funcool/yetti.git"
    :exclusions [org.slf4j/slf4j-api]}
 
-  com.github.seancorfield/next.jdbc {:mvn/version "1.3.847"}
-  metosin/reitit-core {:mvn/version "0.5.18"}
-  org.postgresql/postgresql {:mvn/version "42.5.2"}
-  com.zaxxer/HikariCP {:mvn/version "5.0.1"}
+  com.github.seancorfield/next.jdbc {:mvn/version "1.3.894"}
+  metosin/reitit-core {:mvn/version "0.6.0"}
+  nrepl/nrepl {:mvn/version "1.1.0"}
+  cider/cider-nrepl {:mvn/version "0.43.1"}
+
+  org.postgresql/postgresql {:mvn/version "42.6.0"}
+
+  com.zaxxer/HikariCP {:mvn/version "5.1.0"}
 
   io.whitfin/siphash {:mvn/version "2.0.0"}
 
-  buddy/buddy-hashers {:mvn/version "1.8.158"}
-  buddy/buddy-sign {:mvn/version "3.4.333"}
+  buddy/buddy-hashers {:mvn/version "2.0.167"}
+  buddy/buddy-sign {:mvn/version "3.5.351"}
 
-  com.github.ben-manes.caffeine/caffeine {:mvn/version "3.1.2"}
+  com.github.ben-manes.caffeine/caffeine {:mvn/version "3.1.8"}
 
-  org.jsoup/jsoup {:mvn/version "1.15.3"}
+  org.jsoup/jsoup {:mvn/version "1.16.2"}
   org.im4java/im4java
   {:git/tag "1.4.0-penpot-2"
    :git/sha "e2b3e16"
@@ -45,14 +51,13 @@
   org.lz4/lz4-java {:mvn/version "1.8.0"}
 
   org.clojars.pntblnk/clj-ldap {:mvn/version "0.0.17"}
-  integrant/integrant {:mvn/version "0.8.0"}
 
   dawran6/emoji {:mvn/version "0.1.5"}
-  markdown-clj/markdown-clj {:mvn/version "1.11.4"}
+  markdown-clj/markdown-clj {:mvn/version "1.11.7"}
 
   ;; Pretty Print specs
   pretty-spec/pretty-spec {:mvn/version "0.1.4"}
-  software.amazon.awssdk/s3 {:mvn/version "2.19.29"}
+  software.amazon.awssdk/s3 {:mvn/version "2.20.138"}
   }
 
  :paths ["src" "resources" "target/classes"]
@@ -60,7 +65,6 @@
  {:dev
   {:extra-deps
    {com.bhauman/rebel-readline {:mvn/version "RELEASE"}
-    org.clojure/tools.namespace {:mvn/version "RELEASE"}
     clojure-humanize/clojure-humanize {:mvn/version "0.2.2"}
     org.clojure/data.csv {:mvn/version "RELEASE"}
     com.clojure-goes-fast/clj-async-profiler {:mvn/version "RELEASE"}
@@ -69,7 +73,7 @@
 
   :build
   {:extra-deps
-   {io.github.clojure/tools.build {:git/tag "v0.9.3" :git/sha "e537cd1"}}
+   {io.github.clojure/tools.build {:git/tag "v0.9.5" :git/sha "24f2894"}}
    :ns-default build}
 
   :test

backend/dev/user.clj

@@ -8,19 +8,25 @@
   (:require
    [app.common.data :as d]
    [app.common.exceptions :as ex]
+   [app.common.fressian :as fres]
    [app.common.geom.matrix :as gmt]
    [app.common.logging :as l]
    [app.common.perf :as perf]
    [app.common.pprint :as pp]
+   [app.common.schema :as sm]
+   [app.common.schema.desc-js-like :as smdj]
+   [app.common.schema.desc-native :as smdn]
+   [app.common.schema.generators :as sg]
    [app.common.spec :as us]
    [app.common.transit :as t]
+   [app.common.types.file :as ctf]
    [app.common.uuid :as uuid]
-   [app.config :as cfg]
+   [app.config :as cf]
+   [app.db :as db]
    [app.main :as main]
-   [app.srepl.helpers]
+   [app.srepl.helpers :as srepl.helpers]
    [app.srepl.main :as srepl]
    [app.util.blob :as blob]
-   [app.util.fressian :as fres]
    [app.util.json :as json]
    [app.util.time :as dt]
    [clj-async-profiler.core :as prof]
@@ -31,19 +37,25 @@
    [clojure.spec.alpha :as s]
    [clojure.stacktrace :as trace]
    [clojure.test :as test]
-   [clojure.test.check.generators :as gen]
+   [clojure.test.check.generators :as tgen]
    [clojure.tools.namespace.repl :as repl]
    [clojure.walk :refer [macroexpand-all]]
    [criterium.core  :as crit]
    [cuerdas.core :as str]
    [datoteka.core]
-   [integrant.core :as ig]))
+   [integrant.core :as ig]
+   [malli.core :as m]
+   [malli.dev.pretty :as mdp]
+   [malli.error :as me]
+   [malli.generator :as mg]
+   [malli.registry :as mr]
+   [malli.transform :as mt]
+   [malli.util :as mu]
+   [promesa.exec :as px]))
 
 (repl/disable-reload! (find-ns 'integrant.core))
 (set! *warn-on-reflection* true)
 
-(defonce system nil)
-
 ;; --- Benchmarking Tools
 
 (defmacro run-quick-bench
@@ -81,20 +93,14 @@
 (defn- start
   []
   (try
-    (alter-var-root #'system (fn [sys]
-                               (when sys (ig/halt! sys))
-                               (-> (merge main/system-config main/worker-config)
-                                   (ig/prep)
-                                   (ig/init))))
+    (main/start)
     :started
     (catch Throwable cause
       (ex/print-throwable cause))))
 
 (defn- stop
   []
-  (alter-var-root #'system (fn [sys]
-                             (when sys (ig/halt! sys))
-                             nil))
+  (main/stop)
   :stopped)
 
 (defn restart
@@ -107,23 +113,23 @@
   (stop)
   (repl/refresh-all :after 'user/start))
 
-(defn compression-bench
-  [data]
-  (let [humanize (fn [v] (hum/filesize v :binary true :format " %.4f "))
-        v1 (time (humanize (alength (blob/encode data {:version 1}))))
-        v3 (time (humanize (alength (blob/encode data {:version 3}))))
-        v4 (time (humanize (alength (blob/encode data {:version 4}))))
-        v5 (time (humanize (alength (blob/encode data {:version 5}))))
-        v6 (time (humanize (alength (blob/encode data {:version 6}))))
-        ]
-    (print-table
-     [{
-       :v1 v1
-       :v3 v3
-       :v4 v4
-       :v5 v5
-       :v6 v6
-       }])))
+;; (defn compression-bench
+;;   [data]
+;;   (let [humanize (fn [v] (hum/filesize v :binary true :format " %.4f "))
+;;         v1 (time (humanize (alength (blob/encode data {:version 1}))))
+;;         v3 (time (humanize (alength (blob/encode data {:version 3}))))
+;;         v4 (time (humanize (alength (blob/encode data {:version 4}))))
+;;         v5 (time (humanize (alength (blob/encode data {:version 5}))))
+;;         v6 (time (humanize (alength (blob/encode data {:version 6}))))
+;;         ]
+;;     (print-table
+;;      [{
+;;        :v1 v1
+;;        :v3 v3
+;;        :v4 v4
+;;        :v5 v5
+;;        :v6 v6
+;;        }])))
 
 (defonce debug-tap
   (do

backend/package.json

@@ -1,18 +1,26 @@
 {
-  "name": "uxbox-back",
-  "version": "0.1.0",
-  "description": "The Open-Source prototyping tool",
-  "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1",
-    "build-emails": "./scripts/build-email-templates.sh"
-  },
+  "name": "backend",
+  "version": "1.0.0",
+  "license": "MPL-2.0",
+  "author": "Kaleidos INC",
+  "private": true,
+  "packageManager": "yarn@4.0.2",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/uxbox/uxbox.git"
+    "url": "https://github.com/penpot/penpot"
+  },
+  "dependencies": {
+    "luxon": "^3.4.2",
+    "sax": "^1.2.4"
   },
-  "author": "Uxbox",
-  "license": "SEE LICENSE IN <LICENSE>",
   "devDependencies": {
-    "mjml": "^4.6.3"
+    "nodemon": "^3.0.1",
+    "source-map-support": "^0.5.21",
+    "ws": "^8.13.0"
+  },
+  "scripts": {
+    "fmt:clj:check": "cljfmt check --parallel=false src/ test/",
+    "fmt:clj": "cljfmt fix --parallel=true src/ test/",
+    "lint:clj": "clj-kondo --parallel --lint src/"
   }
 }

backend/resources/app/onboarding.edn

@@ -1,36 +1,30 @@
 [{:id "material-design-3"
   :name "Material Design 3"
-  :thumbnail-uri "https://penpot.app/images/libraries/cover-md3.jpg"
   :file-uri "https://github.com/penpot/penpot-files/raw/main/Material%20Design%203.penpot"}
  {:id "tutorial-for-beginners"
   :name "Tutorial for beginners"
-  :thumbnail-uri "https://penpot.app/images/libraries/tutorial-for-beginners.jpg"
   :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/tutorial-for-beginners.penpot"}
  {:id "penpot-design-system"
   :name "Penpot Design System"
-  :thumbnail-uri "https://penpot.app/images/libraries/cover-ds-penpot.jpg"
   :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/Penpot-Design-system.penpot"}
+ {:id "flex-layout-playground"
+  :name "Flex Layout Playground"
+  :file-uri "https://github.com/penpot/penpot-files/raw/main/Flex%20Layout%20Playground.penpot"}
  {:id "wireframing-kit"
   :name "Wireframing Kit"
-  :thumbnail-uri "https://penpot.app/images/libraries/cover-wireframes.jpg"
   :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/wireframing-kit.penpot"}
  {:id "ant-design"
   :name "Ant Design UI Kit (lite)"
-  :thumbnail-uri "https://penpot.app/images/libraries/cover-ant-design.jpg"
   :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/Ant-Design-UI-Kit-Lite.penpot"}
  {:id "cocomaterial"
   :name "Cocomaterial"
-  :thumbnail-uri "https://penpot.app/images/libraries/cover-cocomaterial.jpg"
   :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/Cocomaterial.penpot"}
  {:id "circum-icons"
   :name "Circum Icons pack"
-  :thumbnail-uri "https://penpot.app/images/libraries/cover-circum.jpg"
   :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/CircumIcons.penpot"}
  {:id "coreui"
   :name "CoreUI"
-  :thumbnail-uri "https://penpot.app/images/libraries/cover-coreui.jpg"
   :file-uri "https://github.com/penpot/penpot-files/raw/main/CoreUI%20DesignSystem%20(DEMO).penpot"}
  {:id "whiteboarding-kit"
   :name "Whiteboarding Kit"
-  :thumbnail-uri "https://penpot.app/images/libraries/cover-whiteboards.jpg"
   :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/Whiteboarding-mapping-kit.penpot"}]

backend/resources/app/templates/api-doc-entry.tmpl

@@ -1,6 +1,5 @@
 <li class="rpc-item">
   <div class="rpc-row-info">
-    {# <div class="type">{{item.type}}</div> #}
     <div class="module">{{item.module}}:</div>
     <div class="name">{{item.name}}</div>
     <div class="tags">
@@ -15,19 +14,29 @@
           <span>AUTH</span>
         </span>
       {% endif %}
-      
+
       {% if item.webhook %}
         <span class="tag">
           <span>WEBHOOK</span>
         </span>
       {% endif %}
+      {% if item.params-schema-js %}
+        <span class="tag">
+          <span>SCHEMA</span>
+        </span>
+      {% endif %}
+
+      {% if item.sse %}
+        <span class="tag">
+          <span>SSE</span>
+        </span>
+      {% endif %}
     </div>
   </div>
   <div class="rpc-row-detail hidden">
-    <h3>DOCSTRING:</h3>
+    <h4>DOCSTRING:</h4>
 
     <section class="padded-section">
-
       {% if item.added %}
         <p class="small"><strong>Added:</strong> on v{{item.added}}</p>
       {% endif %}
@@ -36,13 +45,18 @@
         <p class="small"><strong>Deprecated:</strong> since v{{item.deprecated}}</p>
       {% endif %}
 
+      {% if item.entrypoint %}
+        <p class="small"><strong>URI:</strong> <a href="{{item.entrypoint}}">{{item.entrypoint}}</a></p>
+      {% endif %}
+
       {% if item.docs %}
         <p class="docstring"> {{item.docs}}</p>
       {% endif %}
+
     </section>
 
     {% if item.changes %}
-      <h3>CHANGES:</h3>
+      <h4>CHANGES:</h4>
       <section class="padded-section">
 
         <ul class="changes">
@@ -53,9 +67,55 @@
       </section>
     {% endif %}
 
-    <h3>SPEC EXPLAIN:</h3>
-    <section class="padded-section">
-      <pre class="spec-explain">{{item.spec}}</pre>
-    </section>
+    {% if item.spec %}
+      <h4>PARAMS (SPEC):</h4>
+      <section class="padded-section">
+        <pre class="spec-explain">{{item.spec}}</pre>
+      </section>
+    {% endif %}
+
+    {% if param-style = "js" %}
+      {% if item.params-schema-js %}
+        <h4>PARAMS:</h4>
+        <section class="padded-section">
+          <pre class="params-schema">{{item.params-schema-js}}</pre>
+        </section>
+      {% endif %}
+
+      {% if item.result-schema-js %}
+        <h4>RESPONSE:</h4>
+        <section class="padded-section">
+          <pre class="result">{{item.result-schema-js}}</pre>
+        </section>
+      {% endif %}
+
+      {% if item.webhook-schema-js %}
+        <h4>WEBHOOK PAYLOAD:</h4>
+        <section class="padded-section">
+          <pre class="webhook">{{item.webhook-schema-js}}</pre>
+        </section>
+      {% endif %}
+    {% else %}
+      {% if item.params-schema-clj %}
+        <h4>PARAMS:</h4>
+        <section class="padded-section">
+          <pre class="params-schema">{{item.params-schema-clj}}</pre>
+        </section>
+      {% endif %}
+
+      {% if item.result-schema-clj %}
+        <h4>RESPONSE:</h4>
+        <section class="padded-section">
+          <pre class="result">{{item.result-schema-clj}}</pre>
+        </section>
+      {% endif %}
+
+      {% if item.webhook-schema-clj %}
+        <h4>WEBHOOK PAYLOAD:</h4>
+        <section class="padded-section">
+          <pre class="webhook">{{item.webhook-schema-clj}}</pre>
+        </section>
+      {% endif %}
+    {% endif %}
   </div>
 </li>

backend/resources/app/templates/api-doc.css

@@ -27,12 +27,78 @@ main {
 header {
   border-bottom: 1px solid #c0c0c0;
   display: flex;
+  flex-direction: column;
+  align-items: center;
   justify-content: center;
   width: 100%;
 }
 
-.rpc-doc-content {
+header .menu {
+  display: flex;
+  align-items: center;
+  margin-top: 5px;
+  margin-bottom: 10px;
+}
+
+header .menu nav {
+  list-style: none;
+  padding: 0px;
+  margin: 0px;
+  display: flex;
+  width: 45px;
+  justify-content: space-between;
+}
+
+header .menu nav > a {
+  list-style: none;
+  padding: 0px;
+  margin: 0px;
+  cursor: pointer;
+}
+
+header .menu nav > a.selected {
+  font-weight: 600;
+}
+
+b {
+  font-weight: 500;
+}
+
+h2 {
+  margin-top: 30px;
+}
+
+h3 {
+  font-weight: 400;
+  font-size: 11px;
   margin-top: 20px;
+  text-decoration: underline;
+}
+
+h4 {
+  font-weight: 300;
+  font-size: 11px;
+}
+
+.doc-content {
+  margin-top: 20px;
+  width: 100%;
+  display: flex;
+  flex-direction: column;
+  /* border: 1px solid red; */
+  padding: 5px;
+}
+
+.doc-content p {
+  line-height: 22px;
+  margin-bottom: 0px;
+}
+
+.doc-content h3 {
+  margin-bottom: 0px;
+}
+
+.rpc-doc-content {
   width: 100%;
   display: flex;
   flex-direction: column;
@@ -65,7 +131,7 @@ header {
 .rpc-row-info {
   cursor: pointer;
   display: flex;
-  background-color: #eeeeee;
+  background-color: #e5e5e5;
   padding: 5px 10px;
 }
 
@@ -90,7 +156,7 @@ header {
 }
 
 .rpc-row-info > .module {
-  width: 120px;
+  width: 150px;
   font-weight: bold;
   border-right: 1px dotted #777;
   text-align: right;
@@ -108,6 +174,8 @@ header {
 .rpc-row-detail {
   padding: 5px 10px;
   padding-bottom: 20px;
+  border-left: 2px solid #e5e5e5;
+  border-right: 2px solid #e5e5e5;
 }
 
 .rpc-row-detail p {
@@ -143,3 +211,7 @@ header {
 p.small strong {
   font-size: 10px;
 }
+
+p.small a {
+  font-size: 10px;
+}

backend/resources/app/templates/api-doc.tmpl

@@ -20,26 +20,81 @@
     <main>
       <header>
         <h1>Penpot API Documentation (v{{version}})</h1>
+        <small class="menu">
+          [
+          <nav>
+            <a href="?type=js" {% if param-style = "js" %}class="selected"{% endif %}>JS</a>
+            <a href="?type=clj" {% if param-style = "cljs" %}class="selected"{% endif %}>CLJ</a>
+          </nav>
+          ]
+        </small>
       </header>
+      <section class="doc-content">
+        <h2>INTRODUCTION</h2>
+        <p>This documentation is intended to be a general overview of the penpot RPC API.
+          If you prefer, you can use <a href="/api/openapi.json">OpenAPI</a>
+          and/or <a href="/api/openapi">SwaggerUI</a> as alternative.</p>
+
+        <h2>GENERAL NOTES</h2>
+
+        <h3>Authentication</h3>
+        <p>The penpot backend right now offers two way for authenticate the request:
+        <b>cookies</b> (the same mechanism that we use ourselves on accessing the API from the
+        web application) and <b>access tokens</b>.</p>
+
+        <p>The cookie can be obtained using the <b>`login-with-password`</b> rpc method,
+        on successful login it sets the <b>`auth-token`</b> cookie with the session
+        token.</p>
+
+        <p>The access token can be obtained on the appropriate section on profile settings
+        and it should be provided using <b>`Authorization`</b> header with <b>`Token
+        &lt;token-string&gt;`</b> value.</p>
+
+        <h3>Content Negotiation</h3>
+        <p>The penpot API by default operates indistinctly with: <b>`application/json`</b>
+        and <b>`application/transit+json`</b> content types. You should specify the
+        desired content-type on the <b>`Accept`</b> header, the transit encoding is used
+        by default.</p>
+
+        <h3>SSE (Server-Sent Events)</h3>
+        <p>The methods marked with <b>SSE</b> returns
+        a <a href="https://html.spec.whatwg.org/multipage/server-sent-events.html"> SSE
+        formatted</a> stream on the response body, always with status 200. The events are
+        always encoded using `application/transit+json` encoding (for now no content
+        negotiation is possible on methods that return SSE streams). </p>
+        <p>On the javascript side you can use
+        the <a href="https://github.com/rexxars/eventsource-parser">eventsoure-parser</a>
+        library for propertly parsing the response body using the
+        standard <a href="https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API">Fetch
+        API</a></p>
+
+        <h3>Limits</h3>
+        <p>The rate limit work per user basis (this means that different api keys share
+        the same rate limit). For now the limits are not documented because we are
+        studying and analyzing the data. As a general rule, it should not be abused, if an
+        abusive use is detected, we will proceed to block the user's access to the
+        API.</p>
+
+        <h3>Webhooks</h3>
+        <p>All methods that emit webhook events are marked with flag <b>WEBHOOK</b>, the
+        data structure defined on each method represents the <i>payload</i> of the
+        event.</p>
+        <p>The webhook event structure has this aspect:</p>
+        <br/>
+
+        <pre>
+{
+  "id": "db601c95-045f-808b-8002-362f08fcb621",
+  "name": "rename-file",
+  "props": &lt;payload&gt;,
+  "profileId": "db601c95-045f-808b-8002-361312e63531"
+}
+        </pre>
+      </section>
       <section class="rpc-doc-content">
-
-        <h2>RPC COMMAND METHODS:</h2>
+        <h2>RPC METHODS REFERENCE:</h2>
         <ul class="rpc-items">
-          {% for item in command-methods %}
-            {% include "app/templates/api-doc-entry.tmpl" with item=item %}
-          {% endfor %}
-        </ul>
-
-        <h2>RPC QUERY METHODS:</h2>
-        <ul class="rpc-items">
-          {% for item in query-methods %}
-            {% include "app/templates/api-doc-entry.tmpl" with item=item %}
-          {% endfor %}
-        </ul>
-
-        <h2>RPC MUTATION METHODS:</h2>
-        <ul class="rpc-items">
-          {% for item in mutation-methods %}
+          {% for item in methods %}
             {% include "app/templates/api-doc-entry.tmpl" with item=item %}
           {% endfor %}
         </ul>

backend/resources/app/templates/debug.tmpl

@@ -6,11 +6,17 @@ Debug Main Page
 
 {% block content %}
 <nav>
-  <h1>Debug INDEX:</h1>
-  <div>[<a href="/dbg/error">ERRORS</a>]</div>
+  <div class="title">
+    <h1>ADMIN DEBUG INTERFACE</h1>
+  </div>
 </nav>
-<main class="index">
+<main class="dashboard">
   <section class="widget">
+    <fieldset>
+      <legend>Error reports</legend>
+      <desc><a href="/dbg/error">CLICK HERE TO SEE THE ERROR REPORTS</a> </desc>
+    </fieldset>
+
     <fieldset>
       <legend>Download file data:</legend>
       <desc>Given an FILE-ID, downloads the file data as file. The file data is encoded using transit.</desc>
@@ -37,9 +43,42 @@ Debug Main Page
           <input type="checkbox" name="reuseid" />
         </div>
 
-        <input type="submit" value="Upload" />
+        <div class="row">
+          <input type="submit" value="Upload" />
+        </div>
       </form>
     </fieldset>
+
+    <fieldset>
+      <legend>Profile Management</legend>
+      <form method="post" action="/dbg/actions/resend-email-verification">
+        <div class="row">
+          <input type="email" name="email" placeholder="example@example.com" value="" />
+        </div>
+
+        <div class="row">
+          <label for="force-verify">Are you sure?</label>
+          <input id="force-verify" type="checkbox" name="force" />
+          <br />
+          <small>
+            This is a just a security double check for prevent non intentional submits.
+          </small>
+        </div>
+
+        <div class="row">
+          <input type="submit" name="resend" value="Resend Verification" />
+          <input type="submit" name="verify" value="Verify" />
+        </div>
+
+        <div class="row">
+          <input type="submit" class="danger" name="block" value="Block" />
+          <input type="submit" class="danger" name="unblock" value="Unblock" />
+        </div>
+      </form>
+    </fieldset>
+
+
+
   </section>
 
   <section class="widget">
@@ -123,5 +162,35 @@ Debug Main Page
       </form>
     </fieldset>
   </section>
+
+  <section class="widget">
+    <fieldset>
+      <legend>Reset file version</legend>
+      <desc>Allows reset file data version to a specific number/</desc>
+
+      <form method="post" action="/dbg/actions/reset-file-data-version">
+        <div class="row">
+          <input type="text" style="width:300px" name="file-id" placeholder="file-id" />
+        </div>
+        <div class="row">
+          <input type="number" style="width:100px" name="version" placeholder="version" value="32" />
+        </div>
+
+        <div class="row">
+          <label for="force-version">Are you sure?</label>
+          <input id="force-version" type="checkbox" name="force" />
+          <br />
+          <small>
+            This is a just a security double check for prevent non intentional submits.
+          </small>
+        </div>
+
+
+        <div class="row">
+          <input type="submit" value="Submit" />
+        </div>
+      </form>
+    </fieldset>
+  </section>
 </main>
 {% endblock %}

backend/resources/app/templates/error-list.tmpl

@@ -6,13 +6,19 @@ penpot - error list
 
 {% block content %}
 <nav>
-  <h1>Latest error reports:</h1>
+  <div class="title">
+    <h1>Error reports (last 200)</h1>
+  </div>
 </nav>
 <main class="horizontal-list">
   <ul>
     {% for item in items %}
-    <li><a class="date" href="/dbg/error/{{item.id}}">{{item.created-at}}</a> 
-        <span class="title">{{item.hint|abbreviate:150}}</span></li>
+      <li>
+        <a class="date" href="/dbg/error/{{item.id}}">{{item.created-at}}</a>
+        <a class="hint" href="/dbg/error/{{item.id}}">
+          <span class="title">{{item.hint|abbreviate:150}}</span>
+        </a>
+      </li>
     {% endfor %}
   </ul>
 </main>

backend/resources/app/templates/error-report.v3.tmpl

@@ -0,0 +1,101 @@
+ {% extends "app/templates/base.tmpl" %}
+
+{% block title %}
+Report: {{hint|abbreviate:150}} - {{id}} - Penpot Error Report (v3)
+{% endblock %}
+
+{% block content %}
+<nav>
+  <div>[<a href="/dbg/error">⮜</a>]</div>
+  <div>[<a href="#head">head</a>]</div>
+  <div>[<a href="#props">props</a>]</div>
+  <div>[<a href="#context">context</a>]</div>
+  {% if params %}
+  <div>[<a href="#params">params</a>]</div>
+  {% endif %}
+  {% if data %}
+  <div>[<a href="#edata">data</a>]</div>
+  {% endif %}
+  {% if explain %}
+  <div>[<a href="#explain">explain</a>]</div>
+  {% endif %}
+  {% if value %}
+  <div>[<a href="#value">value</a>]</div>
+  {% endif %}
+  {% if trace %}
+  <div>[<a href="#trace">trace</a>]</div>
+  {% endif %}
+</nav>
+<main>
+  <div class="table">
+    <div class="table-row multiline">
+      <div id="head" class="table-key">HEAD</div>
+      <div class="table-val">
+        <h1><span class="not-important">Hint:</span> <br/> {{hint}}</h1>
+        <h2><span class="not-important">Reported at:</span> <br/> {{created-at}}</h2>
+        <h2><span class="not-important">Report ID:</span> <br/> {{id}}</h2>
+      </div>
+    </div>
+
+    <div class="table-row multiline">
+      <div id="props" class="table-key">LOG PROPS: </div>
+      <div class="table-val">
+        <pre>{{props}}</pre>
+      </div>
+    </div>
+
+    <div class="table-row multiline">
+      <div id="context" class="table-key">CONTEXT: </div>
+
+      <div class="table-val">
+        <pre>{{context}}</pre>
+      </div>
+    </div>
+
+    {% if params %}
+    <div class="table-row multiline">
+      <div id="params" class="table-key">PARAMS: </div>
+      <div class="table-val">
+        <pre>{{params}}</pre>
+      </div>
+    </div>
+    {% endif %}
+
+    {% if data %}
+    <div class="table-row multiline">
+      <div id="edata" class="table-key">DATA: </div>
+      <div class="table-val">
+        <pre>{{data}}</pre>
+      </div>
+    </div>
+    {% endif %}
+
+    {% if value %}
+    <div class="table-row multiline">
+      <div id="value" class="table-key">VALUE: </div>
+      <div class="table-val">
+        <pre>{{value}}</pre>
+      </div>
+    </div>
+    {% endif %}
+
+    {% if explain %}
+    <div class="table-row multiline">
+      <div id="explain" class="table-key">EXPLAIN: </div>
+      <div class="table-val">
+        <pre>{{explain}}</pre>
+      </div>
+    </div>
+    {% endif %}
+
+    {% if trace %}
+    <div class="table-row multiline">
+      <div id="trace" class="table-key">TRACE:</div>
+      <div class="table-val">
+        <pre>{{trace}}</pre>
+      </div>
+    </div>
+    {% endif %}
+  </div>
+</main>
+{% endblock %}

backend/resources/app/templates/openapi.tmpl

@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <meta
+    name="description"
+    content="SwaggerUI"
+  />
+  <title>PENPOT Swagger UI</title>
+  <style>{{swagger-css|safe}}</style>
+</head>
+<body>
+<div id="swagger-ui"></div>
+<script>{{swagger-js|safe}}</script>
+<script>
+  window.onload = () => {
+    window.ui = SwaggerUIBundle({
+      url: '{{public-uri}}/api/openapi.json',
+      dom_id: '#swagger-ui',      
+      presets: [
+        SwaggerUIBundle.presets.apis,
+      ],
+    });
+  };
+</script>
+</body>
+</html>

backend/resources/app/templates/styles.css

@@ -36,6 +36,11 @@ small {
   color: #888;
 }
 
+.not-important {
+  color: #888;
+  font-weight: 200;
+}
+
 small > strong {
   font-size: 9px;
 }
@@ -50,7 +55,13 @@ nav {
   background: #e3e3e3;
 }
 
-nav > h1 {
+nav > .title {
+  display: flex;
+  justify-content: center;
+  width: 100%;
+}
+
+nav > .title > h1 {
   padding: 0px;
   margin: 0px;
   font-size: 11px;
@@ -105,29 +116,50 @@ nav > div:not(:last-child) {
   width: unset;
 }
 
-.index {
+.dashboard {
   margin-top: 40px;
   display: flex;
 }
 
-.index > section {
-  padding: 10px;
-  background-color: #e3e3e3;
+.widget {
   max-width: 400px;
   margin: 5px;
   height: fit-content;
 }
 
-.index fieldset:not(:first-child) {
+.widget input[type=submit] {
+  outline: none;
+  border: 1px solid gray;
+  border-radius: 2px;
+  padding: 3px 5px;
+}
+
+.widget input[type=submit].danger {
+  outline: none;
+  border: 1px solid red;
+  border-radius: 2px;
+  padding: 3px 5px;
+}
+
+
+
+.widget > fieldset {
+  padding: 10px;
+  background-color: #f9f9f9;
+}
+
+.widget > fieldset:not(:last-child) {
+  margin-bottom: 10px;
+}
+
+
+
+.dashboard fieldset:not(:first-child) {
   margin-top: 15px;
 }
 
-/* .index > section:not(:last-child) { */
-/*   margin-bottom: 10px; */
-/* } */
 
-
-.index > section > h2 {
+.widget > h2 {
   margin-top: 0px;
 }
 
@@ -151,7 +183,6 @@ nav > div:not(:last-child) {
   line-height: 18px;
   min-width: 210px;
   margin: 0px 20px;
-  cursor: pointer;
   display: flex;
   border-radius: 3px;
 }

backend/resources/climit.edn

@@ -1,8 +1,19 @@
-;; Required: concurrency
-;; Optional: queue-size, ommited means Integer/MAX_VALUE
-{:update-file   {:concurrency 1 :queue-size 3}
- :auth          {:concurrency 128}
- :process-font  {:concurrency 4 :queue-size 32}
- :process-image {:concurrency 8 :queue-size 32}
- :push-audit-events
- {:concurrency 1 :queue-size 3}}
+;; Example climit.edn file
+;; Required: permits
+;; Optional: queue, ommited means Integer/MAX_VALUE
+;; Optional: timeout, ommited means no timeout
+;; Note: queue and timeout are excluding
+{:update-file/by-profile
+ {:permits 1 :queue 5}
+
+ :update-file/global {:permits 20}
+
+ :derive-password/global {:permits 8}
+ :process-font/global  {:permits 4}
+ :process-image/global {:permits 8}
+
+ :file-thumbnail-ops/by-profile
+ {:permits 2}
+
+ :submit-audit-events/by-profile
+ {:permits 1 :queue 3}}

backend/resources/log4j2-devenv.xml

@@ -3,12 +3,12 @@
   <Appenders>
     <Console name="console" target="SYSTEM_OUT">
       <PatternLayout pattern="[%d{YYYY-MM-dd HH:mm:ss.SSS}] %level{length=1} %logger{36} - %msg%n"
-                     alwaysWriteExceptions="false" />
+                     alwaysWriteExceptions="true" />
     </Console>
 
     <RollingFile name="main" fileName="logs/main.log" filePattern="logs/main-%i.log">
       <PatternLayout pattern="[%d{YYYY-MM-dd HH:mm:ss.SSS}] %level{length=1} %logger{36} - %msg%n"
-                     alwaysWriteExceptions="false" />
+                     alwaysWriteExceptions="true" />
       <Policies>
         <SizeBasedTriggeringPolicy size="50M"/>
       </Policies>
@@ -22,15 +22,15 @@
     <Logger name="org.postgresql" level="error" />
 
     <Logger name="app.rpc.commands.binfile" level="debug" />
-    <Logger name="app.storage.tmp" level="debug" />
-    <Logger name="app.worker" level="info" />
+    <Logger name="app.storage.tmp" level="info" />
+    <Logger name="app.worker" level="trace" />
     <Logger name="app.msgbus" level="info" />
     <Logger name="app.http.websocket" level="info" />
     <Logger name="app.util.websocket" level="info" />
     <Logger name="app.redis" level="info" />
     <Logger name="app.rpc.rlimit" level="info" />
     <Logger name="app.rpc.climit" level="info" />
-    <Logger name="app.rpc.mutations.files" level="info" />
+    <Logger name="app.common.files.migrations" level="info" />
 
     <Logger name="app.loggers" level="debug" additivity="false">
       <AppenderRef ref="main" level="debug" />

backend/resources/log4j2.xml

@@ -13,10 +13,14 @@
     <Logger name="org.postgresql" level="error" />
 
     <Logger name="app.util" level="info" />
+
+    <Logger name="app.loggers" level="debug" />
+
     <Logger name="app" level="info" additivity="false">
       <AppenderRef ref="console" />
     </Logger>
 
+
     <Root level="info">
       <AppenderRef ref="console" />
     </Root>

backend/resources/rlimit.edn

@@ -3,8 +3,9 @@
 {:default
  [[:default :window "200000/h"]]
 
- #{:command/get-teams}
- [[:burst :bucket "5/1/5s"]]
+ ;; #{:command/get-teams}
+ ;; [[:burst :bucket "5/5/5s"]]
 
- #{:command/get-profile}
- [[:burst :bucket "60/60/1m"]]}
+ ;; #{:command/get-profile}
+ ;; [[:burst :bucket "60/60/1m"]]
+ }

backend/scripts/build

@@ -18,6 +18,8 @@ cp scripts/manage.py target/dist/manage.py
 chmod +x target/dist/run.sh;
 chmod +x target/dist/manage.py
 
-# Prefetch
+# Prefetch templates
+rm -rf builtin-templates;
+mkdir builtin-templates;
 bb ./scripts/prefetch-templates.clj resources/app/onboarding.edn builtin-templates/
 cp -r builtin-templates target/dist/

backend/scripts/manage.py

@@ -11,6 +11,7 @@ import json
 import socket
 import sys
 
+from tabulate import tabulate
 from getpass import getpass
 from urllib.parse import urlparse
 
@@ -43,11 +44,16 @@ def send_eval(expr):
         s.send(b":repl/quit\n\n")
 
         with s.makefile() as f:
-            result = json.load(f)
-            tag = result.get("tag", None)
-            if tag != "ret":
-                raise RuntimeError("unexpected response from PREPL")
-            return result.get("val", None), result.get("exception", None)
+            while True:
+                line = f.readline()
+                result = json.loads(line)
+                tag = result.get("tag", None)
+                if tag == "ret":
+                    return result.get("val", None), result.get("exception", None)
+                elif tag == "out":
+                    print(result.get("val"), end="")
+                else:
+                    raise RuntimeError("unexpected response from PREPL")
 
 def encode(val):
     return json.dumps(json.dumps(val))
@@ -58,13 +64,17 @@ def print_error(res):
         break
 
 def run_cmd(params):
-    expr = "(app.srepl.ext/run-json-cmd {})".format(encode(params))
-    res, failed = send_eval(expr)
-    if failed:
-        print_error(res)
-        sys.exit(-1)
+    try:
+        expr = "(app.srepl.cli/exec {})".format(encode(params))
+        res, failed = send_eval(expr)
+        if failed:
+            print_error(res)
+            sys.exit(-1)
 
-    return res
+        return res
+    except Exception as cause:
+        print("EXC:", str(cause))
+        sys.exit(-2)
 
 def create_profile(fullname, email, password):
     params = {
@@ -96,6 +106,34 @@ def update_profile(email, fullname, password, is_active):
     else:
         print(f"No profile found with email {email}")
 
+def delete_profile(email, soft):
+    params = {
+        "cmd": "delete-profile",
+        "params": {
+            "email": email,
+            "soft": soft
+        }
+    }
+
+    res = run_cmd(params)
+    if res is True:
+        print(f"Deleted")
+    else:
+        print(f"No profile found with email {email}")
+
+def search_profile(email):
+    params = {
+        "cmd": "search-profile",
+        "params": {
+            "email": email,
+        }
+    }
+
+    res = run_cmd(params)
+
+    if isinstance(res, list):
+        print(tabulate(res, headers="keys"))
+
 def derive_password(password):
     params = {
         "cmd": "derive-password",
@@ -107,11 +145,23 @@ def derive_password(password):
     res = run_cmd(params)
     print(f"Derived password: \"{res}\"")
 
-available_commands = [
+
+def migrate_components_v2():
+    params = {
+        "cmd": "migrate-v2",
+        "params": {}
+    }
+
+    run_cmd(params)
+
+available_commands = (
     "create-profile",
     "update-profile",
-    "derive-password"
-]
+    "delete-profile",
+    "search-profile",
+    "derive-password",
+    "migrate-components-v2",
+)
 
 parser = argparse.ArgumentParser(
     description=(
@@ -121,10 +171,11 @@ parser = argparse.ArgumentParser(
 
 parser.add_argument("-V", "--version", action="version", version="Penpot CLI %%develop%%")
 parser.add_argument("action", action="store", choices=available_commands)
-parser.add_argument("-n", "--fullname", help="Fullname", action="store")
-parser.add_argument("-e", "--email", help="Email", action="store")
-parser.add_argument("-p", "--password", help="Password", action="store")
-parser.add_argument("-c", "--connect", help="Connect to PREPL", action="store", default="tcp://localhost:6063")
+parser.add_argument("-f", "--force", help="force operation", action="store_true")
+parser.add_argument("-n", "--fullname", help="fullname", action="store")
+parser.add_argument("-e", "--email", help="email", action="store")
+parser.add_argument("-p", "--password", help="password", action="store")
+parser.add_argument("-c", "--connect", help="connect to PREPL", action="store", default="tcp://localhost:6063")
 
 args = parser.parse_args()
 
@@ -165,3 +216,24 @@ elif args.action == "derive-password":
         password = getpass("Password: ")
 
     derive_password(password)
+
+elif args.action == "delete-profile":
+    email = args.email
+    soft = not args.force
+
+    if email is None:
+        email = input("Email: ")
+
+    delete_profile(email, soft)
+
+elif args.action == "search-profile":
+    email = args.email
+    if email is None:
+        email = input("Email: ")
+
+    search_profile(email)
+
+elif args.action == "migrate-components-v2":
+    migrate_components_v2()
+
+

backend/scripts/nrepl

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+clojure -J-Xms50m -J-Xmx256m -J-XX:+UseSerialGC -Sdeps '{:deps {reply/reply {:mvn/version "0.5.0"}}}' -M -m reply.main --attach localhost:6064 -e "(in-ns 'app.main)"

backend/scripts/repl

@@ -4,7 +4,16 @@ export PENPOT_HOST=devenv
 export PENPOT_TENANT=dev
 export PENPOT_FLAGS="\
        $PENPOT_FLAGS \
+       enable-registration
+       enable-login-with-password
+       enable-login-with-oidc \
+       enable-login-with-google \
+       enable-login-with-github \
+       enable-login-with-gitlab \
+       enable-backend-worker \
        enable-backend-asserts \
+       enable-feature-fdata-pointer-map \
+       enable-feature-fdata-objects-map \
        enable-audit-log \
        enable-transit-readable-response \
        enable-demo-users \
@@ -16,7 +25,12 @@ export PENPOT_FLAGS="\
        enable-rpc-rlimit \
        enable-soft-rpc-rlimit \
        enable-webhooks \
-       enable-access-tokens";
+       enable-access-tokens \
+       disable-feature-components-v2 \
+       enable-file-validation \
+       enable-file-schema-validation \
+       disable-soft-file-schema-validation \
+       disable-soft-file-validation";
 
 # export PENPOT_DATABASE_URI="postgresql://172.17.0.1:5432/penpot"
 # export PENPOT_DATABASE_USERNAME="penpot"
@@ -31,10 +45,13 @@ export PENPOT_FLAGS="\
 # export PENPOT_AUDIT_LOG_ARCHIVE_URI="http://localhost:6070/api/audit"
 
 # Initialize MINIO config
-mc alias set penpot-s3/ http://minio:9000 minioadmin minioadmin
-mc admin user add penpot-s3 penpot-devenv penpot-devenv
-mc admin policy set penpot-s3 readwrite user=penpot-devenv
-mc mb penpot-s3/penpot -p
+mc alias set penpot-s3/ http://minio:9000 minioadmin minioadmin -q
+mc admin user add penpot-s3 penpot-devenv penpot-devenv -q
+mc admin user info penpot-s3 penpot-devenv |grep -F -q "readwrite"
+if [ "$?" = "1" ]; then
+    mc admin policy attach penpot-s3 readwrite --user=penpot-devenv -q
+fi
+mc mb penpot-s3/penpot -p -q
 
 export AWS_ACCESS_KEY_ID=penpot-devenv
 export AWS_SECRET_ACCESS_KEY=penpot-devenv
@@ -46,15 +63,37 @@ export OPTIONS="
        -A:jmx-remote -A:dev \
        -J-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager \
        -J-Djdk.attach.allowAttachSelf \
+       -J-Dpolyglot.engine.WarnInterpreterOnly=false \
        -J-Dlog4j2.configurationFile=log4j2-devenv.xml \
-       -J-Xms50m \
-       -J-Xmx1024m \
-       -J-XX:+UseZGC \
+       -J-XX:+EnableDynamicAgentLoading \
        -J-XX:-OmitStackTraceInFastThrow \
        -J-XX:+UnlockDiagnosticVMOptions \
-       -J-XX:+DebugNonSafepoints";
+       -J-XX:+DebugNonSafepoints \
+       -J-Djdk.tracePinnedThreads=full"
 
-# Uncomment for use the ImageMagick v7.x
+# Enable preview
+export OPTIONS="$OPTIONS -J--enable-preview"
+
+# Setup HEAP
+# export OPTIONS="$OPTIONS -J-Xms50m -J-Xmx1024m"
+# export OPTIONS="$OPTIONS -J-Xms1100m -J-Xmx1100m -J-XX:+AlwaysPreTouch"
+
+# Increase virtual thread pool size
+# export OPTIONS="$OPTIONS -J-Djdk.virtualThreadScheduler.parallelism=16"
+
+# Disable C2 Compiler
+# export OPTIONS="$OPTIONS -J-XX:TieredStopAtLevel=1"
+
+# Disable all compilers
+# export OPTIONS="$OPTIONS -J-Xint"
+
+# Setup GC
+# export OPTIONS="$OPTIONS -J-XX:+UseG1GC"
+
+# Setup GC
+# export OPTIONS="$OPTIONS -J-XX:+UseZGC"
+
+# Enable ImageMagick v7.x support
 # export OPTIONS="-J-Dim4java.useV7=true $OPTIONS";
 
 export OPTIONS_EVAL="nil"

backend/scripts/run.template.sh

@@ -18,7 +18,7 @@ if [ -f ./environ ]; then
     source ./environ
 fi
 
-export JVM_OPTS="-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager -Dlog4j2.configurationFile=log4j2.xml -XX:-OmitStackTraceInFastThrow $JVM_OPTS"
+export JVM_OPTS="-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager -Dlog4j2.configurationFile=log4j2.xml -XX:-OmitStackTraceInFastThrow --enable-preview $JVM_OPTS"
 
 set -x
 exec $JAVA_CMD $JVM_OPTS "$@" -jar penpot.jar -m app.main

backend/scripts/start-dev

@@ -2,24 +2,94 @@
 
 export PENPOT_HOST=devenv
 export PENPOT_TENANT=dev
-export PENPOT_FLAGS="$PENPOT_FLAGS enable-backend-asserts enable-audit-log enable-transit-readable-response enable-demo-users disable-secure-session-cookies enable-smtp enable-webhooks"
+export PENPOT_FLAGS="\
+       $PENPOT_FLAGS \
+       enable-prepl-server \
+       enable-urepl-server \
+       enable-nrepl-server \
+       enable-webhooks \
+       enable-backend-asserts \
+       enable-audit-log \
+       enable-transit-readable-response \
+       enable-demo-users \
+       enable-feature-fdata-pointer-map \
+       enable-feature-fdata-objects-map \
+       disable-secure-session-cookies \
+       enable-smtp \
+       enable-access-tokens \
+       disable-feature-components-v2 \
+       enable-file-validation \
+       enable-file-schema-validation \
+       disable-soft-file-schema-validation \
+       disable-soft-file-validation";
 
-set -ex
+export OPTIONS="
+       -A:jmx-remote -A:dev \
+       -J-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager \
+       -J-Djdk.attach.allowAttachSelf \
+       -J-Dpolyglot.engine.WarnInterpreterOnly=false \
+       -J-Dlog4j2.configurationFile=log4j2.xml \
+       -J-XX:+EnableDynamicAgentLoading \
+       -J-XX:-OmitStackTraceInFastThrow \
+       -J-XX:+UnlockDiagnosticVMOptions \
+       -J-XX:+DebugNonSafepoints"
+
+# Setup HEAP
+# export OPTIONS="$OPTIONS -J-Xms50m -J-Xmx1024m"
+# export OPTIONS="$OPTIONS -J-Xms1100m -J-Xmx1100m -J-XX:+AlwaysPreTouch"
+
+# Increase virtual thread pool size
+# export OPTIONS="$OPTIONS -J-Djdk.virtualThreadScheduler.parallelism=16"
+
+# Disable C2 Compiler
+# export OPTIONS="$OPTIONS -J-XX:TieredStopAtLevel=1"
+
+# Disable all compilers
+# export OPTIONS="$OPTIONS -J-Xint"
+
+# Setup GC
+# export OPTIONS="$OPTIONS -J-XX:+UseG1GC"
+
+# Setup GC
+# export OPTIONS="$OPTIONS -J-XX:+UseZGC"
+
+# Enable ImageMagick v7.x support
+# export OPTIONS="-J-Dim4java.useV7=true $OPTIONS";
+
+
+# Initialize MINIO config
+mc alias set penpot-s3/ http://minio:9000 minioadmin minioadmin -q
+mc admin user add penpot-s3 penpot-devenv penpot-devenv -q
+mc admin user info penpot-s3 penpot-devenv |grep -F -q "readwrite"
+if [ "$?" = "1" ]; then
+    mc admin policy attach penpot-s3 readwrite --user=penpot-devenv -q
+fi
+mc mb penpot-s3/penpot -p -q
+
+export AWS_ACCESS_KEY_ID=penpot-devenv
+export AWS_SECRET_ACCESS_KEY=penpot-devenv
+export PENPOT_ASSETS_STORAGE_BACKEND=assets-s3
+export PENPOT_STORAGE_ASSETS_S3_ENDPOINT=http://minio:9000
+export PENPOT_STORAGE_ASSETS_S3_BUCKET=penpot
 
 if [ "$1" = "--watch" ]; then
+    trap "exit" INT TERM ERR
+    trap "kill 0" EXIT
+
     echo "Start Watch..."
 
-    clojure -A:dev -M -m app.main &
-    PID=$!
+    clojure $OPTIONS -A:dev -M -m app.main &
 
     npx nodemon \
         --watch src \
         --watch ../common \
         --ext "clj" \
         --signal SIGKILL \
-        --exec 'echo "(user/restart)" | nc -N localhost 6062'
+        --exec 'echo "(app.main/stop)\n\r(repl/refresh)\n\r(app.main/start)\n" | nc -N localhost 6062'
+
+    wait;
 
-    kill -9 $PID
 else
-    clojure -A:dev -M -m app.main
+    set -x
+    clojure $OPTIONS -A:dev -M -m app.main;
 fi

backend/src/app/auth.clj

@@ -6,15 +6,19 @@
 
 (ns app.auth
   (:require
-   [buddy.hashers :as hashers]))
+   [app.config :as cf]
+   [buddy.hashers :as hashers]
+   [cuerdas.core :as str]))
+
+(def default-params
+  {:alg :argon2id
+   :memory 32768 ;; 32 MiB
+   :iterations 3
+   :parallelism 2})
 
 (defn derive-password
   [password]
-  (hashers/derive password
-                  {:alg :argon2id
-                   :memory 16384
-                   :iterations 20
-                   :parallelism 2}))
+  (hashers/derive password default-params))
 
 (defn verify-password
   [attempt password]
@@ -24,3 +28,16 @@
       {:update false
        :valid false})))
 
+(defn email-domain-in-whitelist?
+  "Returns true if email's domain is in the given whitelist or if
+  given whitelist is an empty string."
+  ([email]
+   (let [domains (cf/get :registration-domain-whitelist)]
+     (email-domain-in-whitelist? domains email)))
+  ([domains email]
+   (if (or (nil? domains) (empty? domains))
+     true
+     (let [[_ candidate] (-> (str/lower email)
+                             (str/split #"@" 2))]
+       (contains? domains candidate)))))
+

backend/src/app/auth/oidc.clj

@@ -7,6 +7,7 @@
 (ns app.auth.oidc
   "OIDC client implementation."
   (:require
+   [app.auth :as auth]
    [app.auth.oidc.providers :as-alias providers]
    [app.common.data :as d]
    [app.common.data.macros :as dm]
@@ -17,7 +18,6 @@
    [app.config :as cf]
    [app.db :as db]
    [app.http.client :as http]
-   [app.http.middleware :as hmw]
    [app.http.session :as session]
    [app.loggers.audit :as audit]
    [app.main :as-alias main]
@@ -25,14 +25,13 @@
    [app.tokens :as tokens]
    [app.util.json :as json]
    [app.util.time :as dt]
-   [app.worker :as wrk]
+   [buddy.sign.jwk :as jwk]
+   [buddy.sign.jwt :as jwt]
    [clojure.set :as set]
    [clojure.spec.alpha :as s]
    [cuerdas.core :as str]
    [integrant.core :as ig]
-   [promesa.core :as p]
-   [promesa.exec :as px]
-   [yetti.response :as yrs]))
+   [ring.response :as-alias rres]))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; HELPERS
@@ -51,36 +50,29 @@
 
 (defn- discover-oidc-config
   [cfg {:keys [base-uri] :as opts}]
-  (let [discovery-uri (u/join base-uri ".well-known/openid-configuration")
-        response      (ex/try! (http/req! cfg
-                                          {:method :get :uri (str discovery-uri)}
-                                          {:sync? true}))]
-    (cond
-      (ex/exception? response)
-      (do
-        (l/warn :hint "unable to discover oidc configuration"
-                :discover-uri (str discovery-uri)
-                :cause response)
-        nil)
-
-      (= 200 (:status response))
-      (let [data      (json/decode (:body response))
+  (let [uri (dm/str (u/join base-uri ".well-known/openid-configuration"))
+        rsp (http/req! cfg {:method :get :uri uri} {:sync? true})]
+    (if (= 200 (:status rsp))
+      (let [data      (-> rsp :body json/decode)
             token-uri (get data :token_endpoint)
             auth-uri  (get data :authorization_endpoint)
-            user-uri  (get data :userinfo_endpoint)]
+            user-uri  (get data :userinfo_endpoint)
+            jwks-uri  (get data :jwks_uri)]
+
         (l/debug :hint "oidc uris discovered"
                  :token-uri token-uri
                  :auth-uri auth-uri
-                 :user-uri user-uri)
+                 :user-uri user-uri
+                 :jwks-uri jwks-uri)
+
         {:token-uri token-uri
          :auth-uri  auth-uri
-         :user-uri  user-uri})
-
-      :else
+         :user-uri  user-uri
+         :jwks-uri jwks-uri})
       (do
         (l/warn :hint "unable to discover OIDC configuration"
-                :uri (str discovery-uri)
-                :response-status-code (:status response))
+                :discover-uri uri
+                :http-status (:status rsp))
         nil))))
 
 (defn- prepare-oidc-opts
@@ -91,6 +83,7 @@
               :token-uri     (cf/get :oidc-token-uri)
               :auth-uri      (cf/get :oidc-auth-uri)
               :user-uri      (cf/get :oidc-user-uri)
+              :jwks-uri      (cf/get :oidc-jwks-uri)
               :scopes        (cf/get :oidc-scopes #{"openid" "profile" "email"})
               :roles-attr    (cf/get :oidc-roles-attr)
               :roles         (cf/get :oidc-roles)
@@ -105,8 +98,42 @@
                (string? (:user-uri opts))
                (string? (:auth-uri opts)))
         opts
-        (some-> (discover-oidc-config cfg opts)
-                (merge opts {:discover? true}))))))
+        (try
+          (-> (discover-oidc-config cfg opts)
+              (merge opts {:discover? true}))
+          (catch Throwable cause
+            (l/warn :hint "unable to discover OIDC configuration"
+                    :cause cause)))))))
+
+(defn- process-oidc-jwks
+  [keys]
+  (reduce (fn [result {:keys [kid] :as kdata}]
+            (let [pkey (ex/try! (jwk/public-key kdata))]
+              (if (ex/exception? pkey)
+                (do
+                  (l/warn :hint "unable to create public key"
+                          :kid (:kid kdata)
+                          :cause pkey)
+                  result)
+                (assoc result kid pkey))))
+          {}
+          keys))
+
+(defn- fetch-oidc-jwks
+  [cfg {:keys [jwks-uri]}]
+  (when jwks-uri
+    (try
+      (let [{:keys [status body]} (http/req! cfg {:method :get :uri jwks-uri} {:sync? true})]
+        (if (= 200 status)
+          (-> body json/decode :keys process-oidc-jwks)
+          (do
+            (l/warn :hint "unable to retrieve JWKs (unexpected response status code)"
+                    :http-status status
+                    :http-body  body)
+            nil)))
+      (catch Throwable cause
+        (l/warn :hint "unable to retrieve JWKs (unexpected exception)"
+                :cause cause)))))
 
 (defmethod ig/pre-init-spec ::providers/generic [_]
   (s/keys :req [::http/client]))
@@ -115,7 +142,7 @@
   [_ cfg]
   (when (contains? cf/flags :login-with-oidc)
     (if-let [opts (prepare-oidc-opts cfg)]
-      (do
+      (let [jwks (fetch-oidc-jwks cfg opts)]
         (l/info :hint "provider initialized"
                 :provider "oidc"
                 :method (if (:discover? opts) "discover" "manual")
@@ -126,8 +153,9 @@
                 :user-uri   (:user-uri opts)
                 :token-uri  (:token-uri opts)
                 :roles-attr (:roles-attr opts)
-                :roles      (:roles opts))
-        opts)
+                :roles      (:roles opts)
+                :keys       (str/join "," (map str (keys jwks))))
+        (assoc opts :jwks jwks))
       (do
         (l/warn :hint "unable to initialize auth provider, missing configuration" :provider "oidc")
         nil))))
@@ -166,20 +194,22 @@
 
 (defn- retrieve-github-email
   [cfg tdata props]
-  (or (some-> props :github/email p/resolved)
-      (->> (http/req! cfg
-                      {:uri "https://api.github.com/user/emails"
-                       :headers {"Authorization" (dm/str (:type tdata) " " (:token tdata))}
-                       :timeout 6000
-                       :method :get})
-           (p/map (fn [{:keys [status body] :as response}]
-                    (when-not (s/int-in-range? 200 300 status)
-                      (ex/raise :type :internal
-                                :code :unable-to-retrieve-github-emails
-                                :hint "unable to retrieve github emails"
-                                :http-status status
-                                :http-body body))
-                    (->> response :body json/decode (filter :primary) first :email))))))
+  (or (some-> props :github/email)
+      (let [params {:uri "https://api.github.com/user/emails"
+                    :headers {"Authorization" (dm/str (:token/type tdata) " " (:token/access tdata))}
+                    :timeout 6000
+                    :method :get}
+
+            {:keys [status body]} (http/req! cfg params {:sync? true})]
+
+        (when-not (s/int-in-range? 200 300 status)
+          (ex/raise :type :internal
+                    :code :unable-to-retrieve-github-emails
+                    :hint "unable to retrieve github emails"
+                    :http-status status
+                    :http-body body))
+
+        (->> body json/decode (filter :primary) first :email))))
 
 (defmethod ig/pre-init-spec ::providers/github [_]
   (s/keys :req [::http/client]))
@@ -275,7 +305,7 @@
              {}
              props))
 
-(defn retrieve-access-token
+(defn fetch-access-token
   [{:keys [provider] :as cfg} code]
   (let [params {:client_id (:client-id provider)
                 :client_secret (:client-secret provider)
@@ -295,85 +325,82 @@
              :grant-type (:grant_type params)
              :redirect-uri (:redirect_uri params))
 
-    (->> (http/req! cfg req)
-         (p/map (fn [{:keys [status body] :as res}]
-                  (l/trace :hint "access token response"
-                           :status status
-                           :body body)
-                  (if (= status 200)
-                    (let [data (json/decode body)]
-                      {:token (get data :access_token)
-                       :type (get data :token_type)})
-                    (ex/raise :type :internal
-                              :code :unable-to-retrieve-token
-                              :http-status status
-                              :http-body body)))))))
+    (let [{:keys [status body]} (http/req! cfg req {:sync? true})]
+      (l/trace :hint "access token response" :status status :body body)
+      (if (= status 200)
+        (let [data (json/decode body)]
+          {:token/access (get data :access_token)
+           :token/id     (get data :id_token)
+           :token/type   (get data :token_type)})
 
-(defn- retrieve-user-info
-  [{:keys [provider] :as cfg} tdata]
-  (letfn [(retrieve []
-            (l/trace :hint "request user info"
-                     :uri (:user-uri provider)
-                     :token (obfuscate-string (:token tdata))
-                     :token-type (:type tdata))
-            (http/req! cfg
-                       {:uri (:user-uri provider)
-                        :headers {"Authorization" (str (:type tdata) " " (:token tdata))}
-                        :timeout 6000
-                        :method :get}))
+        (ex/raise :type :internal
+                  :code :unable-to-retrieve-token
+                  :hint "unable to retrieve token"
+                  :http-status status
+                  :http-body body)))))
 
-          (validate-response [response]
-            (l/trace :hint "user info response"
-                     :status (:status response)
-                     :body   (:body response))
-            (when-not (s/int-in-range? 200 300 (:status response))
-              (ex/raise :type :internal
-                        :code :unable-to-retrieve-user-info
-                        :hint "unable to retrieve user info"
-                        :http-status (:status response)
-                        :http-body (:body response)))
-            response)
-
-          (get-email [props]
+(defn- process-user-info
+  [provider tdata info]
+  (letfn [(get-email [props]
             ;; Allow providers hook into this for custom email
             ;; retrieval method.
-
             (if-let [get-email-fn (:get-email-fn provider)]
               (get-email-fn tdata props)
               (let [attr-kw (cf/get :oidc-email-attr "email")
                     attr-ph (parse-attr-path provider attr-kw)]
-                (p/resolved (get-in props attr-ph)))))
+                (get-in props attr-ph))))
 
-          (get-name [info]
+          (get-name [props]
             (let [attr-kw (cf/get :oidc-name-attr "name")
                   attr-ph (parse-attr-path provider attr-kw)]
-              (get-in info attr-ph)))
+              (get-in props attr-ph)))]
 
-          (process-response [response]
-            (p/let [info  (-> response :body json/decode)
-                    props (qualify-props provider info)
-                    email (get-email props)]
+    (let [props (qualify-props provider info)
+          email (get-email props)]
+      {:backend  (:name provider)
+       :fullname (or (get-name props) email)
+       :email    email
+       :props    props})))
 
-              {:backend  (:name provider)
-               :fullname (or (get-name props) email)
-               :email    email
-               :props    props}))
+(defn- fetch-user-info
+  [{:keys [provider] :as cfg} tdata]
+  (l/trace :hint "fetch user info"
+           :uri (:user-uri provider)
+           :token (obfuscate-string (:token/access tdata)))
 
-          (validate-info [info]
-            (l/trace :hint "authentication info" :info info)
-            (when-not (s/valid? ::info info)
-              (l/warn :hint "received incomplete profile info object (please set correct scopes)"
-                      :info (pr-str info))
-              (ex/raise :type :internal
-                        :code :incomplete-user-info
-                        :hint "inconmplete user info"
-                        :info info))
-            info)]
+  (let [params   {:uri (:user-uri provider)
+                  :headers {"Authorization" (str (:token/type tdata) " " (:token/access tdata))}
+                  :timeout 6000
+                  :method :get}
+        response (http/req! cfg params {:sync? true})]
 
-    (->> (retrieve)
-         (p/fmap validate-response)
-         (p/mcat process-response)
-         (p/fmap validate-info))))
+    (l/trace :hint "user info response"
+             :status (:status response)
+             :body   (:body response))
+
+    (when-not (s/int-in-range? 200 300 (:status response))
+      (ex/raise :type :internal
+                :code :unable-to-retrieve-user-info
+                :hint "unable to retrieve user info"
+                :http-status (:status response)
+                :http-body (:body response)))
+
+    (-> response :body json/decode)))
+
+(defn- get-user-info
+  [{:keys [provider]} tdata]
+  (try
+    (when (:token/id tdata)
+      (let [{:keys [kid alg] :as theader} (jwt/decode-header (:token/id tdata))]
+        (when-let [key (if (str/starts-with? (name alg) "hs")
+                         (:client-secret provider)
+                         (get-in provider [:jwks kid]))]
+
+          (let [claims (jwt/unsign (:token/id tdata) key {:alg alg})]
+            (dissoc claims :exp :iss :iat :sid :aud :sub)))))
+    (catch Throwable cause
+      (l/warn :hint "unable to get user info from JWT token (unexpected exception)"
+              :cause cause))))
 
 (s/def ::backend ::us/not-empty-string)
 (s/def ::email ::us/not-empty-string)
@@ -386,69 +413,93 @@
                    ::props]))
 
 (defn get-info
-  [{:keys [provider] :as cfg} {:keys [params] :as request}]
-  (letfn [(validate-oidc [{:keys [props] :as info}]
-            ;; If the provider is OIDC, we can proceed to check
-            ;; roles if they are defined.
-            (when (and (= "oidc" (:name provider))
-                       (seq (:roles provider)))
-              (let [expected-roles (into #{} (:roles provider))
-                    current-roles  (let [roles-kw (cf/get :oidc-roles-attr "roles")
-                                         roles-ph (parse-attr-path provider roles-kw)
-                                         roles    (get-in props roles-ph)]
-                                     (cond
-                                       (string? roles) (into #{} (str/words roles))
-                                       (vector? roles) (into #{} roles)
-                                       :else #{}))]
+  [{:keys [provider ::main/props] :as cfg} {:keys [params] :as request}]
+  (when-let [error (get params :error)]
+    (ex/raise :type :internal
+              :code :error-on-retrieving-code
+              :error-id error
+              :error-desc (get params :error_description)))
 
-                ;; check if profile has a configured set of roles
-                (when-not (set/subset? expected-roles current-roles)
-                  (ex/raise :type :internal
-                            :code :unable-to-auth
-                            :hint "not enough permissions"))))
-            info)
+  (let [state  (get params :state)
+        code   (get params :code)
+        state  (tokens/verify props {:token state :iss :oauth})
+        tdata  (fetch-access-token cfg code)
+        info   (case (cf/get :oidc-user-info-source)
+                 :token (get-user-info cfg tdata)
+                 :userinfo (fetch-user-info cfg tdata)
+                 (or (get-user-info cfg tdata)
+                     (fetch-user-info cfg tdata)))
 
-          (post-process [state info]
-            (cond-> info
-              (some? (:invitation-token state))
-              (assoc :invitation-token (:invitation-token state))
+        info   (process-user-info provider tdata info)]
 
-              ;; If state token comes with props, merge them. The state token
-              ;; props can contain pm_ and utm_ prefixed query params.
-              (map? (:props state))
-              (update :props merge (:props state))))]
+    (l/trace :hint "user info" :info info)
 
-    (when-let [error (get params :error)]
+    (when-not (s/valid? ::info info)
+      (l/warn :hint "received incomplete profile info object (please set correct scopes)" :info info)
       (ex/raise :type :internal
-                :code :error-on-retrieving-code
-                :error-id error
-                :error-desc (get params :error_description)))
+                :code :incomplete-user-info
+                :hint "inconmplete user info"
+                :info info))
 
-    (let [state  (get params :state)
-          code   (get params :code)
-          state  (tokens/verify (::main/props cfg) {:token state :iss :oauth})]
-      (-> (p/resolved code)
-          (p/then #(retrieve-access-token cfg %))
-          (p/then #(retrieve-user-info cfg %))
-          (p/then' validate-oidc)
-          (p/then' (partial post-process state))))))
+    ;; If the provider is OIDC, we can proceed to check
+    ;; roles if they are defined.
+    (when (and (= "oidc" (:name provider))
+               (seq (:roles provider)))
+
+      (let [expected-roles (into #{} (:roles provider))
+            current-roles  (let [roles-kw (cf/get :oidc-roles-attr "roles")
+                                 roles-ph (parse-attr-path provider roles-kw)
+                                 roles    (get-in (:props info) roles-ph)]
+                             (cond
+                               (string? roles) (into #{} (str/words roles))
+                               (vector? roles) (into #{} roles)
+                               :else #{}))]
+
+        ;; check if profile has a configured set of roles
+        (when-not (set/subset? expected-roles current-roles)
+          (ex/raise :type :internal
+                    :code :unable-to-auth
+                    :hint "not enough permissions"))))
+
+    (cond-> info
+      (some? (:invitation-token state))
+      (assoc :invitation-token (:invitation-token state))
+
+      ;; If state token comes with props, merge them. The state token
+      ;; props can contain pm_ and utm_ prefixed query params.
+      (map? (:props state))
+      (update :props merge (:props state)))))
 
 (defn- get-profile
-  [{:keys [::db/pool ::wrk/executor] :as cfg} info]
-  (px/with-dispatch executor
-    (with-open [conn (db/open pool)]
-      (some->> (:email info)
-               (profile/get-profile-by-email conn)))))
+  [{:keys [::db/pool] :as cfg} info]
+  (dm/with-open [conn (db/open pool)]
+    (some->> (:email info)
+             (profile/get-profile-by-email conn))))
 
 (defn- redirect-response
   [uri]
-  (yrs/response :status 302 :headers {"location" (str uri)}))
+  {::rres/status 302
+   ::rres/headers {"location" (str uri)}})
 
 (defn- generate-error-redirect
-  [_ error]
-  (let [uri (-> (u/uri (cf/get :public-uri))
-                (assoc :path "/#/auth/login")
-                (assoc :query (u/map->query-string {:error "unable-to-auth" :hint (ex-message error)})))]
+  [_ cause]
+  (let [data   (if (ex/error? cause) (ex-data cause) nil)
+        code   (or (:code data) :unexpected)
+        type   (or (:type data) :internal)
+        hint   (or (:hint data)
+                   (if (ex/exception? cause)
+                     (ex-message cause)
+                     (str cause)))
+
+        params {:error "unable-to-auth"
+                :hint hint
+                :type type
+                :code code}
+
+        uri    (-> (u/uri (cf/get :public-uri))
+                   (assoc :path "/#/auth/login")
+                   (assoc :query (u/map->query-string params)))]
+
     (redirect-response uri)))
 
 (defn- generate-redirect
@@ -469,27 +520,32 @@
         (ex/raise :type :restriction
                   :code :profile-blocked))
 
-      (audit/submit! cfg {:type "command"
-                          :name "login-with-password"
-                          :profile-id (:id profile)
-                          :ip-addr (audit/parse-client-ip request)
-                          :props (audit/profile->props profile)})
+      (audit/submit! cfg {::audit/type "command"
+                          ::audit/name "login-with-oidc"
+                          ::audit/profile-id (:id profile)
+                          ::audit/ip-addr (audit/parse-client-ip request)
+                          ::audit/props (audit/profile->props profile)})
 
       (->> (redirect-response uri)
            (sxf request)))
 
-    (let [info   (assoc info
-                        :iss :prepared-register
-                        :is-active true
-                        :exp (dt/in-future {:hours 48}))
-          token  (tokens/generate (::main/props cfg) info)
-          params (d/without-nils
-                  {:token token
-                   :fullname (:fullname info)})
-          uri    (-> (u/uri (cf/get :public-uri))
-                     (assoc :path "/#/auth/register/validate")
-                     (assoc :query (u/map->query-string params)))]
-      (redirect-response uri))))
+
+    (if (auth/email-domain-in-whitelist? (:email info))
+      (let [info   (assoc info
+                          :iss :prepared-register
+                          :is-active true
+                          :exp (dt/in-future {:hours 48}))
+            token  (tokens/generate (::main/props cfg) info)
+            params (d/without-nils
+                    {:token token
+                     :fullname (:fullname info)})
+            uri    (-> (u/uri (cf/get :public-uri))
+                       (assoc :path "/#/auth/register/validate")
+                       (assoc :query (u/map->query-string params)))]
+
+        (redirect-response uri))
+      (generate-error-redirect cfg "email-domain-not-allowed"))))
+
 
 (defn- auth-handler
   [cfg {:keys [params] :as request}]
@@ -500,27 +556,24 @@
                                 :props props
                                 :exp (dt/in-future "4h")})
         uri   (build-auth-uri cfg state)]
-    (yrs/response 200 {:redirect-uri uri})))
+    {::rres/status 200
+     ::rres/body {:redirect-uri uri}}))
 
 (defn- callback-handler
   [cfg request]
-  (letfn [(process-request []
-            (p/let [info    (get-info cfg request)
-                    profile (get-profile cfg info)]
-              (generate-redirect cfg request info profile)))
-
-          (handle-error [cause]
-            (l/error :hint "error on oauth process" :cause cause)
-            (generate-error-redirect cfg cause))]
-
-    (-> (process-request)
-        (p/catch handle-error))))
+  (try
+    (let [info    (get-info cfg request)
+          profile (get-profile cfg info)]
+      (generate-redirect cfg request info profile))
+    (catch Throwable cause
+      (l/warn :hint "error on oauth process" :cause cause)
+      (generate-error-redirect cfg cause))))
 
 (def provider-lookup
   {:compile
    (fn [& _]
-     (fn [handler]
-       (fn [{:keys [::providers] :as cfg} request]
+     (fn [handler {:keys [::providers] :as cfg}]
+       (fn [request]
          (let [provider (some-> request :path-params :provider keyword)]
            (if-let [provider (get providers provider)]
              (handler (assoc cfg :provider provider) request)
@@ -564,18 +617,15 @@
   [_]
   (s/keys :req [::session/manager
                 ::http/client
-                ::wrk/executor
                 ::main/props
                 ::db/pool
                 ::providers]))
 
 (defmethod ig/init-key ::routes
-  [_ {:keys [::wrk/executor] :as cfg}]
+  [_ cfg]
   (let [cfg (update cfg :provider d/without-nils)]
     ["" {:middleware [[session/authz cfg]
-                      [hmw/with-dispatch executor]
-                      [hmw/with-config cfg]
-                      [provider-lookup]]}
+                      [provider-lookup cfg]]}
      ["/auth/oauth"
       ["/:provider"
        {:handler auth-handler

backend/src/app/cli/manage.clj

@@ -1,169 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.cli.manage
-  "A manage cli api."
-  (:require
-   [app.common.logging :as l]
-   [app.db :as db]
-   [app.main :as main]
-   [app.rpc.commands.auth :as auth]
-   [app.rpc.commands.profile :as profile]
-   [clojure.string :as str]
-   [clojure.tools.cli :refer [parse-opts]]
-   [integrant.core :as ig])
-  (:import
-   java.io.Console))
-
-;; --- IMPL
-
-(defn init-system
-  []
-  (let [data (-> main/system-config
-                 (select-keys [:app.db/pool :app.metrics/metrics])
-                 (assoc :app.migrations/all {}))]
-    (-> data ig/prep ig/init)))
-
-(defn- read-from-console
-  [{:keys [label type] :or {type :text}}]
-  (let [^Console console (System/console)]
-    (when-not console
-      (l/error :hint "no console found, can proceed")
-      (System/exit 1))
-
-    (binding [*out* (.writer console)]
-      (print label " ")
-      (.flush *out*))
-
-    (case type
-      :text (.readLine console)
-      :password (String. (.readPassword console)))))
-
-(defn create-profile
-  [options]
-  (let [system   (init-system)
-        email    (or (:email options)
-                     (read-from-console {:label "Email:"}))
-        fullname (or (:fullname options)
-                     (read-from-console {:label "Full Name:"}))
-        password (or (:password options)
-                     (read-from-console {:label "Password:"
-                                         :type :password}))]
-    (try
-      (db/with-atomic [conn (:app.db/pool system)]
-        (->> (auth/create-profile! conn
-                                  {:fullname fullname
-                                   :email email
-                                   :password password
-                                   :is-active true
-                                   :is-demo false})
-             (auth/create-profile-rels! conn)))
-
-      (when (pos? (:verbosity options))
-        (println "User created successfully."))
-
-      (System/exit 0)
-
-      (catch Exception _e
-        (when (pos? (:verbosity options))
-          (println "Unable to create user, already exists."))
-        (System/exit 1)))))
-
-(defn reset-password
-  [options]
-  (let [system (init-system)]
-    (try
-      (db/with-atomic [conn (:app.db/pool system)]
-        (let [email    (or (:email options)
-                           (read-from-console {:label "Email:"}))
-              profile  (profile/get-profile-by-email conn email)]
-          (when-not profile
-            (when (pos? (:verbosity options))
-              (println "Profile does not exists."))
-            (System/exit 1))
-
-          (let [password (or (:password options)
-                             (read-from-console {:label "Password:"
-                                                 :type :password}))]
-            (profile/update-profile-password! conn (assoc profile :password password))
-            (when (pos? (:verbosity options))
-              (println "Password changed successfully.")))))
-      (System/exit 0)
-      (catch Exception e
-        (when (pos? (:verbosity options))
-          (println "Unable to change password."))
-        (when (= 2 (:verbosity options))
-          (.printStackTrace e))
-        (System/exit 1)))))
-
-;; --- CLI PARSE
-
-(def cli-options
-  ;; An option with a required argument
-  [["-u" "--email EMAIL" "Email Address"]
-   ["-p" "--password PASSWORD" "Password"]
-   ["-n" "--name FULLNAME" "Full Name"
-    :id :fullname]
-   ["-v" nil "Verbosity level"
-    :id :verbosity
-    :default 1
-    :update-fn inc]
-   ["-q" nil "Don't print to console"
-    :id :verbosity
-    :update-fn (constantly 0)]
-   ["-h" "--help"]])
-
-(defn usage
-  [options-summary]
-  (->> ["Penpot CLI management."
-        ""
-        "Usage: manage [options] action"
-        ""
-        "Options:"
-        options-summary
-        ""
-        "Actions:"
-        "  create-profile    Create new profile."
-        "  reset-password    Reset profile password."
-        ""]
-       (str/join \newline)))
-
-(defn error-msg [errors]
-  (str "The following errors occurred while parsing your command:\n\n"
-       (str/join \newline errors)))
-
-(defn validate-args
-  "Validate command line arguments. Either return a map indicating the program
-  should exit (with a error message, and optional ok status), or a map
-  indicating the action the program should take and the options provided."
-  [args]
-  (let [{:keys [options arguments errors summary] :as opts} (parse-opts args cli-options)]
-    (cond
-      (:help options) ; help => exit OK with usage summary
-      {:exit-message (usage summary) :ok? true}
-
-      errors ; errors => exit with description of errors
-      {:exit-message (error-msg errors)}
-
-      ;; custom validation on arguments
-      :else
-      (let [action (first arguments)]
-        (if (#{"create-profile" "reset-password"} action)
-          {:action (first arguments) :options options}
-          {:exit-message (usage summary)})))))
-
-(defn exit [status msg]
-  (println msg)
-  (System/exit status))
-
-(defn -main
-  [& args]
-  (let [{:keys [action options exit-message ok?]} (validate-args args)]
-    (if exit-message
-      (exit (if ok? 0 1) exit-message)
-      (case action
-        "create-profile" (create-profile options)
-        "reset-password" (reset-password options)))))

backend/src/app/config.clj

@@ -146,11 +146,13 @@
 (s/def ::google-client-id ::us/string)
 (s/def ::google-client-secret ::us/string)
 (s/def ::oidc-client-id ::us/string)
+(s/def ::oidc-user-info-source ::us/keyword)
 (s/def ::oidc-client-secret ::us/string)
 (s/def ::oidc-base-uri ::us/string)
 (s/def ::oidc-token-uri ::us/string)
 (s/def ::oidc-auth-uri ::us/string)
 (s/def ::oidc-user-uri ::us/string)
+(s/def ::oidc-jwks-uri ::us/string)
 (s/def ::oidc-scopes ::us/set-of-strings)
 (s/def ::oidc-roles ::us/set-of-strings)
 (s/def ::oidc-roles-attr ::us/string)
@@ -201,6 +203,7 @@
 (s/def ::storage-assets-s3-bucket ::us/string)
 (s/def ::storage-assets-s3-region ::us/keyword)
 (s/def ::storage-assets-s3-endpoint ::us/string)
+(s/def ::storage-assets-s3-io-threads ::us/integer)
 (s/def ::telemetry-uri ::us/string)
 (s/def ::telemetry-with-taiga ::us/boolean)
 (s/def ::tenant ::us/string)
@@ -241,10 +244,12 @@
                    ::google-client-secret
                    ::oidc-client-id
                    ::oidc-client-secret
+                   ::oidc-user-info-source
                    ::oidc-base-uri
                    ::oidc-token-uri
                    ::oidc-auth-uri
                    ::oidc-user-uri
+                   ::oidc-jwks-uri
                    ::oidc-scopes
                    ::oidc-roles-attr
                    ::oidc-email-attr
@@ -290,6 +295,7 @@
                    ::redis-uri
                    ::registration-domain-whitelist
                    ::rpc-rlimit-config
+                   ::rpc-climit-config
 
                    ::semaphore-process-font
                    ::semaphore-process-image
@@ -315,6 +321,7 @@
                    ::storage-assets-s3-bucket
                    ::storage-assets-s3-region
                    ::storage-assets-s3-endpoint
+                   ::storage-assets-s3-io-threads
                    ::telemetry-enabled
                    ::telemetry-uri
                    ::telemetry-referer
@@ -323,6 +330,7 @@
 
 (def default-flags
   [:enable-backend-api-doc
+   :enable-backend-openapi-doc
    :enable-backend-worker
    :enable-secure-session-cookies
    :enable-email-verification])

backend/src/app/db.clj

@@ -5,7 +5,7 @@
 ;; Copyright (c) KALEIDOS INC
 
 (ns app.db
-  (:refer-clojure :exclude [get])
+  (:refer-clojure :exclude [get run!])
   (:require
    [app.common.data :as d]
    [app.common.exceptions :as ex]
@@ -97,7 +97,7 @@
             :with-credentials (and (contains? cfg ::username)
                                    (contains? cfg ::password))
             :min-size (::min-size cfg)
-          :max-size (::max-size cfg))
+            :max-size (::max-size cfg))
     (create-pool cfg)))
 
 (defmethod ig/halt-key! ::pool
@@ -145,6 +145,10 @@
   [v]
   (instance? javax.sql.DataSource v))
 
+(defn connection?
+  [conn]
+  (instance? Connection conn))
+
 (s/def ::conn some?)
 (s/def ::nilable-pool (s/nilable ::pool))
 (s/def ::pool pool?)
@@ -218,52 +222,91 @@
 
 (defmacro with-atomic
   [& args]
-  `(jdbc/with-transaction ~@args))
+  (if (symbol? (first args))
+    (let [cfgs (first args)
+          body (rest args)]
+      `(jdbc/with-transaction [conn# (::pool ~cfgs)]
+         (let [~cfgs (assoc ~cfgs ::conn conn#)]
+           ~@body)))
+    `(jdbc/with-transaction ~@args)))
 
 (defn open
-  [pool]
-  (jdbc/get-connection pool))
+  [system-or-pool]
+  (if (pool? system-or-pool)
+    (jdbc/get-connection system-or-pool)
+    (if (map? system-or-pool)
+      (open (::pool system-or-pool))
+      (ex/raise :type :internal
+                :code :unable-resolve-pool))))
+
+(defn get-connection
+  [cfg-or-conn]
+  (if (connection? cfg-or-conn)
+    cfg-or-conn
+    (if (map? cfg-or-conn)
+      (get-connection (::conn cfg-or-conn))
+      (ex/raise :type :internal
+                :code :unable-resolve-connection
+                :hint "expected conn or system map"))))
+
+(defn connection-map?
+  "Check if the provided value is a map like data structure that
+  contains a database connection."
+  [o]
+  (and (map? o) (connection? (::conn o))))
+
+(defn- get-connectable
+  [o]
+  (cond
+    (connection? o) o
+    (pool? o)       o
+    (map? o)        (get-connectable (or (::conn o) (::pool o)))
+    :else           (ex/raise :type :internal
+                              :code :unable-resolve-connectable
+                              :hint "expected conn, pool or system")))
 
 (def ^:private default-opts
   {:builder-fn sql/as-kebab-maps})
 
 (defn exec!
   ([ds sv]
-   (jdbc/execute! ds sv default-opts))
+   (-> (get-connectable ds)
+       (jdbc/execute! sv default-opts)))
   ([ds sv opts]
-   (jdbc/execute! ds sv (merge default-opts opts))))
+   (-> (get-connectable ds)
+       (jdbc/execute! sv (into default-opts (sql/adapt-opts opts))))))
 
 (defn exec-one!
   ([ds sv]
-   (jdbc/execute-one! ds sv default-opts))
+   (-> (get-connectable ds)
+       (jdbc/execute-one! sv default-opts)))
   ([ds sv opts]
-   (jdbc/execute-one! ds sv
-                      (-> (merge default-opts opts)
-                          (assoc :return-keys (::return-keys? opts false))))))
+   (-> (get-connectable ds)
+       (jdbc/execute-one! sv (into default-opts (sql/adapt-opts opts))))))
 
 (defn insert!
-  [ds table params & {:as opts}]
-  (exec-one! ds
-             (sql/insert table params opts)
-             (merge {::return-keys? true} opts)))
+  [ds table params & {:as opts :keys [::return-keys?] :or {return-keys? true}}]
+  (-> (get-connectable ds)
+      (exec-one! (sql/insert table params opts)
+                 (assoc opts ::return-keys? return-keys?))))
 
 (defn insert-multi!
-  [ds table cols rows & {:as opts}]
-  (exec! ds
-         (sql/insert-multi table cols rows opts)
-         (merge {::return-keys? true} opts)))
+  [ds table cols rows & {:as opts :keys [::return-keys?] :or {return-keys? true}}]
+  (-> (get-connectable ds)
+      (exec! (sql/insert-multi table cols rows opts)
+             (assoc opts ::return-keys? return-keys?))))
 
 (defn update!
-  [ds table params where & {:as opts}]
-  (exec-one! ds
-             (sql/update table params where opts)
-             (merge {::return-keys? true} opts)))
+  [ds table params where & {:as opts :keys [::return-keys?] :or {return-keys? true}}]
+  (-> (get-connectable ds)
+      (exec-one! (sql/update table params where opts)
+                 (assoc opts ::return-keys? return-keys?))))
 
 (defn delete!
-  [ds table params & {:as opts}]
-  (exec-one! ds
-             (sql/delete table params opts)
-             (merge {::return-keys? true} opts)))
+  [ds table params & {:as opts :keys [::return-keys?] :or {return-keys? true}}]
+  (-> (get-connectable ds)
+      (exec-one! (sql/delete table params opts)
+                 (assoc opts ::return-keys? return-keys?))))
 
 (defn is-row-deleted?
   [{:keys [deleted-at]}]
@@ -293,6 +336,11 @@
                 :hint "database object not found"))
     row))
 
+(defn plan
+  [ds sql]
+  (-> (get-connectable ds)
+      (jdbc/plan sql sql/default-opts)))
+
 (defn get-by-id
   [ds table id & {:as opts}]
   (get ds table {:id id} opts))
@@ -367,11 +415,69 @@
   ([^Connection conn label]
    (.setSavepoint conn (name label))))
 
+(defn release!
+  [^Connection conn ^Savepoint sp]
+  (.releaseSavepoint conn sp))
+
 (defn rollback!
-  ([^Connection conn]
-   (.rollback conn))
-  ([^Connection conn ^Savepoint sp]
-   (.rollback conn sp)))
+  ([conn]
+   (let [^Connection conn (get-connection conn)]
+     (l/trc :hint "explicit rollback requested")
+     (.rollback conn)))
+  ([conn ^Savepoint sp]
+   (let [^Connection conn (get-connection conn)]
+     (l/trc :hint "explicit rollback requested")
+     (.rollback conn sp))))
+
+(defn tx-run!
+  [system f & params]
+  (cond
+    (connection? system)
+    (tx-run! {::conn system} f)
+
+    (pool? system)
+    (tx-run! {::pool system} f)
+
+    (::conn system)
+    (let [conn (::conn system)
+          sp   (savepoint conn)]
+      (try
+        (let [result (apply f system params)]
+          (release! conn sp)
+          result)
+        (catch Throwable cause
+          (rollback! conn sp)
+          (throw cause))))
+
+    (::pool system)
+    (with-atomic [conn (::pool system)]
+      (let [system (assoc system ::conn conn)
+            result (apply f system params)]
+        (when (::rollback system)
+          (rollback! conn))
+        result))
+
+    :else
+    (throw (IllegalArgumentException. "invalid arguments"))))
+
+(defn run!
+  [system f & params]
+  (cond
+    (connection? system)
+    (run! {::conn system} f)
+
+    (pool? system)
+    (run! {::pool system} f)
+
+    (::conn system)
+    (apply f system params)
+
+    (::pool system)
+    (with-open [^Connection conn (open (::pool system))]
+      (apply f (assoc system ::conn conn) params))
+
+    :else
+    (throw (IllegalArgumentException. "invalid arguments"))))
 
 (defn interval
   [o]

backend/src/app/db/sql.clj

@@ -8,6 +8,7 @@
   (:refer-clojure :exclude [update])
   (:require
    [app.db :as-alias db]
+   [clojure.set :as set]
    [clojure.string :as str]
    [next.jdbc.optional :as jdbc-opt]
    [next.jdbc.sql.builder :as sql]))
@@ -19,6 +20,14 @@
   {:table-fn snake-case
    :column-fn snake-case})
 
+(def params-mapping
+  {::db/return-keys? :return-keys
+   ::db/columns :columns})
+
+(defn adapt-opts
+  [opts]
+  (set/rename-keys opts params-mapping))
+
 (defn as-kebab-maps
   [rs opts]
   (jdbc-opt/as-unqualified-modified-maps rs (assoc opts :label-fn kebab-case)))
@@ -29,7 +38,7 @@
   ([table key-map opts]
    (let [opts (merge default-opts opts)
          opts (cond-> opts
-                (:on-conflict-do-nothing opts)
+                (::db/on-conflict-do-nothing? opts)
                 (assoc :suffix "ON CONFLICT DO NOTHING"))]
      (sql/for-insert table key-map opts))))
 
@@ -44,6 +53,7 @@
   ([table where-params opts]
    (let [opts (merge default-opts opts)
          opts (cond-> opts
+                (::db/columns opts)     (assoc :columns (::db/columns opts))
                 (::db/for-update? opts) (assoc :suffix "FOR UPDATE")
                 (::db/for-share? opts)  (assoc :suffix "FOR KEY SHARE")
                 (:for-update opts)      (assoc :suffix "FOR UPDATE")
@@ -54,7 +64,13 @@
   ([table key-map where-params]
    (update table key-map where-params nil))
   ([table key-map where-params opts]
-   (let [opts (merge default-opts opts)]
+   (let [opts (into default-opts opts)
+         opts (if-let [columns (::db/columns opts)]
+                (let [columns   (if (seq columns)
+                                  (sql/as-cols columns opts)
+                                  "*")]
+                  (assoc opts :suffix (str "RETURNING " columns)))
+                opts)]
      (sql/for-update table key-map where-params opts))))
 
 (defn delete

backend/src/app/email.clj

@@ -37,6 +37,7 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
 (defn- parse-address
+  ^"[Ljakarta.mail.internet.InternetAddress;"
   [v]
   (InternetAddress/parse ^String v))
 
@@ -149,6 +150,7 @@
     "mail.smtp.connectiontimeout" timeout}))
 
 (defn- create-smtp-session
+  ^Session
   [cfg]
   (let [props (opts->props cfg)]
     (Session/getInstance props)))
@@ -303,12 +305,18 @@
   (fn [params]
     (when (contains? cf/flags :smtp)
       (let [session (create-smtp-session cfg)]
-        (with-open [transport (.getTransport session (if (:ssl cfg) "smtps" "smtp"))]
+        (with-open [transport (.getTransport session (if (::ssl cfg) "smtps" "smtp"))]
           (.connect ^Transport transport
                     ^String (::username cfg)
                     ^String (::password cfg))
 
           (let [^MimeMessage message (create-smtp-message cfg session params)]
+            (l/dbg :hint "sendmail"
+                   :id (:id params)
+                   :to (:to params)
+                   :subject (str/trim (:subject params))
+                   :body (str/join "," (map :type (:body params))))
+
             (.sendMessage ^Transport transport
                           ^MimeMessage message
                           (.getAllRecipients message))))))
@@ -339,7 +347,7 @@
                                (map :content)
                                first)))
                (println "******** end email" (:id email) "**********"))]
-    (l/info ::l/raw out)))
+    (l/raw! :info out)))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; EMAIL FACTORIES

backend/src/app/features/components_v2.clj

@@ -0,0 +1,927 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.features.components-v2
+  (:require
+   [app.common.data :as d]
+   [app.common.data.macros :as dm]
+   [app.common.exceptions :as ex]
+   [app.common.files.changes :as cp]
+   [app.common.files.changes-builder :as fcb]
+   [app.common.files.helpers :as cfh]
+   [app.common.files.libraries-helpers :as cflh]
+   [app.common.files.migrations :as fmg]
+   [app.common.files.shapes-helpers :as cfsh]
+   [app.common.files.validate :as cfv]
+   [app.common.geom.point :as gpt]
+   [app.common.geom.rect :as grc]
+   [app.common.geom.shapes :as gsh]
+   [app.common.logging :as l]
+   [app.common.svg :as csvg]
+   [app.common.svg.shapes-builder :as sbuilder]
+   [app.common.types.component :as ctk]
+   [app.common.types.components-list :as ctkl]
+   [app.common.types.container :as ctn]
+   [app.common.types.file :as ctf]
+   [app.common.types.pages-list :as ctpl]
+   [app.common.types.shape :as cts]
+   [app.common.types.shape-tree :as ctst]
+   [app.common.uuid :as uuid]
+   [app.db :as db]
+   [app.features.fdata :as fdata]
+   [app.http.sse :as sse]
+   [app.media :as media]
+   [app.rpc.commands.files :as files]
+   [app.rpc.commands.files-snapshot :as fsnap]
+   [app.rpc.commands.media :as cmd.media]
+   [app.storage :as sto]
+   [app.storage.tmp :as tmp]
+   [app.util.blob :as blob]
+   [app.util.pointer-map :as pmap]
+   [app.util.time :as dt]
+   [buddy.core.codecs :as bc]
+   [cuerdas.core :as str]
+   [datoteka.io :as io]
+   [promesa.exec :as px]
+   [promesa.exec.semaphore :as ps]
+   [promesa.util :as pu]))
+
+(def ^:dynamic *system* nil)
+(def ^:dynamic *stats* nil)
+(def ^:dynamic *file-stats* nil)
+(def ^:dynamic *team-stats* nil)
+(def ^:dynamic *semaphore* nil)
+(def ^:dynamic *skip-on-error* true)
+
+(def grid-gap 50)
+(def frame-gap 200)
+(def max-group-size 50)
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; FILE PREPARATION BEFORE MIGRATION
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(defn- prepare-file-data
+  "Apply some specific migrations or fixes to things that are allowed in v1 but not in v2,
+   or that are the result of old bugs."
+  [file-data libraries]
+  (let [detached-ids  (volatile! #{})
+
+        detach-shape
+        (fn [container shape]
+          ;; Detach a shape. If it's inside a component, add it to detached-ids, for further use.
+          (let [is-component? (let [root-shape (ctst/get-shape container (:id container))]
+                                (and (some? root-shape) (nil? (:parent-id root-shape))))]
+            (when is-component?
+              (vswap! detached-ids conj (:id shape)))
+            (ctk/detach-shape shape)))
+
+        fix-orphan-shapes
+        (fn [file-data]
+          ;; Find shapes that are not listed in their parent's children list.
+          ;; Remove them, and also their children
+          (letfn [(fix-container [container]
+                    (reduce fix-shape container (ctn/shapes-seq container)))
+
+                  (fix-shape
+                    [container shape]
+                    (if-not (or (= (:id shape) uuid/zero)
+                                (nil? (:parent-id shape)))
+                      (let [parent (ctst/get-shape container (:parent-id shape))
+                            exists? (d/index-of (:shapes parent) (:id shape))]
+                        (if (nil? exists?)
+                          (let [ids (cfh/get-children-ids-with-self (:objects container) (:id shape))]
+                            (update container :objects #(reduce dissoc % ids)))
+                          container))
+                      container))]
+
+            (-> file-data
+                (update :pages-index update-vals fix-container)
+                (update :components update-vals fix-container))))
+
+        remove-nested-roots
+        (fn [file-data]
+          ;; Remove :component-root in head shapes that are nested.
+          (letfn [(fix-container [container]
+                    (update container :objects update-vals (partial fix-shape container)))
+
+                  (fix-shape [container shape]
+                    (let [parent (ctst/get-shape container (:parent-id shape))]
+                      (if (and (ctk/instance-root? shape)
+                               (ctn/in-any-component? (:objects container) parent))
+                        (dissoc shape :component-root)
+                        shape)))]
+
+            (-> file-data
+                (update :pages-index update-vals fix-container)
+                (update :components update-vals fix-container))))
+
+        add-not-nested-roots
+        (fn [file-data]
+          ;; Add :component-root in head shapes that are not nested.
+          (letfn [(fix-container [container]
+                    (update container :objects update-vals (partial fix-shape container)))
+
+                  (fix-shape [container shape]
+                    (let [parent (ctst/get-shape container (:parent-id shape))]
+                      (if (and (ctk/subinstance-head? shape)
+                               (not (ctn/in-any-component? (:objects container) parent)))
+                        (assoc shape :component-root true)
+                        shape)))]
+
+            (-> file-data
+                (update :pages-index update-vals fix-container)
+                (update :components update-vals fix-container))))
+
+        fix-orphan-copies
+        (fn [file-data]
+          ;; Detach shapes that were inside a copy (have :shape-ref) but now they aren't.
+          (letfn [(fix-container [container]
+                    (update container :objects update-vals (partial fix-shape container)))
+
+                  (fix-shape [container shape]
+                    (let [parent (ctst/get-shape container (:parent-id shape))]
+                      (if (and (ctk/in-component-copy? shape)
+                               (not (ctk/instance-head? shape))
+                               (not (ctk/in-component-copy? parent)))
+                        (detach-shape container shape)
+                        shape)))]
+
+            (-> file-data
+                (update :pages-index update-vals fix-container)
+                (update :components update-vals fix-container))))
+
+        remap-refs
+        (fn [file-data]
+          ;; Remap shape-refs so that they point to the near main.
+          ;; At the same time, if there are any dangling ref, detach the shape and its children.
+          (letfn [(fix-container [container]
+                    (reduce fix-shape container (ctn/shapes-seq container)))
+
+                  (fix-shape [container shape]
+                    (if (ctk/in-component-copy? shape)
+                      ;; First look for the direct shape.
+                      (let [root         (ctn/get-component-shape (:objects container) shape)
+                            libraries    (assoc-in libraries [(:id file-data) :data] file-data)
+                            library      (get libraries (:component-file root))
+                            component    (ctkl/get-component (:data library) (:component-id root) true)
+                            direct-shape (ctf/get-component-shape (:data library) component (:shape-ref shape))]
+                        (if (some? direct-shape)
+                          ;; If it exists, there is nothing else to do.
+                          container
+                          ;; If not found, find the near shape.
+                          (let [near-shape (d/seek #(= (:shape-ref %) (:shape-ref shape))
+                                                   (ctf/get-component-shapes (:data library) component))]
+                            (if (some? near-shape)
+                              ;; If found, update the ref to point to the near shape.
+                              (ctn/update-shape container (:id shape) #(assoc % :shape-ref (:id near-shape)))
+                              ;; If not found, it may be a fostered component. Try to locate a direct shape
+                              ;; in the head component.
+                              (let [head           (ctn/get-head-shape (:objects container) shape)
+                                    library-2      (get libraries (:component-file head))
+                                    component-2    (ctkl/get-component (:data library-2) (:component-id head) true)
+                                    direct-shape-2 (ctf/get-component-shape (:data library-2) component-2 (:shape-ref shape))]
+                                (if (some? direct-shape-2)
+                                  ;; If it exists, there is nothing else to do.
+                                  container
+                                  ;; If not found, detach shape and all children (stopping if a nested instance is reached)
+                                  (let [children (ctn/get-children-in-instance (:objects container) (:id shape))]
+                                    (reduce #(ctn/update-shape %1 (:id %2) (partial detach-shape %1))
+                                            container
+                                            children))))))))
+                      container))]
+
+            (-> file-data
+                (update :pages-index update-vals fix-container)
+                (update :components update-vals fix-container))))
+
+        fix-copies-of-detached
+        (fn [file-data]
+          ;; Find any copy that is referencing a detached shape inside a component, and
+          ;; undo the nested copy, converting it into a direct copy.
+          (letfn [(fix-container [container]
+                    (update container :objects update-vals fix-shape))
+
+                  (fix-shape [shape]
+                    (cond-> shape
+                      (@detached-ids (:shape-ref shape))
+                      (dissoc shape
+                              :component-id
+                              :component-file
+                              :component-root)))]
+            (-> file-data
+                (update :pages-index update-vals fix-container)
+                (update :components update-vals fix-container))))
+
+        transform-to-frames
+        (fn [file-data]
+          ;; Transform component and copy heads to frames, and set the
+          ;; frame-id of its childrens
+          (letfn [(fix-container
+                    [container]
+                    (update container :objects update-vals fix-shape))
+
+                  (fix-shape
+                    [shape]
+                    (if (or (nil? (:parent-id shape)) (ctk/instance-head? shape))
+                      (assoc shape
+                        :type :frame                  ; Old groups must be converted
+                        :fills (or (:fills shape) []) ; to frames and conform to spec
+                        :hide-in-viewer (or (:hide-in-viewer shape) true)
+                        :rx (or (:rx shape) 0)
+                        :ry (or (:ry shape) 0))
+                      shape))]
+            (-> file-data
+                (update :pages-index update-vals fix-container)
+                (update :components update-vals fix-container))))
+
+        remap-frame-ids
+        (fn [file-data]
+          ;; Remap the frame-ids of the primary childs of the head instances
+          ;; to point to the head instance.
+          (letfn [(fix-container
+                    [container]
+                    (update container :objects update-vals (partial fix-shape container)))
+
+                  (fix-shape
+                    [container shape]
+                    (let [parent (ctst/get-shape container (:parent-id shape))]
+                      (if (ctk/instance-head? parent)
+                        (assoc shape :frame-id (:id parent))
+                        shape)))]
+            (-> file-data
+                (update :pages-index update-vals fix-container)
+                (update :components update-vals fix-container))))
+
+        fix-frame-ids
+        (fn [file-data]
+          ;; Ensure that frame-id of all shapes point to the parent or to the frame-id
+          ;; of the parent, and that the destination is indeed a frame.
+          (letfn [(fix-container [container]
+                    (update container :objects #(cfh/reduce-objects % fix-shape %)))
+
+                  (fix-shape [objects shape]
+                    (let [parent (when (:parent-id shape)
+                                   (get objects (:parent-id shape)))
+                          error? (when (some? parent)
+                                   (if (= (:type parent) :frame)
+                                     (not= (:frame-id shape) (:id parent))
+                                     (not= (:frame-id shape) (:frame-id parent))))]
+                      (if error?
+                        (let [nearest-frame (cfh/get-frame objects (:parent-id shape))
+                              frame-id      (or (:id nearest-frame) uuid/zero)]
+                          (update objects (:id shape) assoc :frame-id frame-id))
+                        objects)))]
+
+            (-> file-data
+                (update :pages-index update-vals fix-container)
+                (update :components update-vals fix-container))))
+
+        fix-component-nil-objects
+        (fn [file-data]
+          ;; Ensure that objects of all components is not null
+          (letfn [(fix-component [component]
+                    (if (and (contains? component :objects) (nil? (:objects component)))
+                      (if (:deleted component)
+                        (assoc component :objects {})
+                        (dissoc component :objects))
+                      component))]
+            (-> file-data
+                (update :components update-vals fix-component))))]
+
+    (-> file-data
+        (fix-orphan-shapes)
+        (remove-nested-roots)
+        (add-not-nested-roots)
+        (fix-orphan-copies)
+        (remap-refs)
+        (fix-copies-of-detached)
+        (transform-to-frames)
+        (remap-frame-ids)
+        (fix-frame-ids)
+        (fix-component-nil-objects))))
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; COMPONENTS MIGRATION
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(defn- get-asset-groups
+  [assets generic-name]
+  (let [; Group by first element of the path.
+        groups (d/group-by #(first (cfh/split-path (:path %))) assets)
+
+        ; Split large groups in chunks of max-group-size elements
+        groups (loop [groups (seq groups)
+                      result {}]
+                 (if (empty? groups)
+                   result
+                   (let [[group-name assets] (first groups)
+                         group-name (if (or (nil? group-name) (str/empty? group-name))
+                                      generic-name
+                                      group-name)]
+                     (if (<= (count assets) max-group-size)
+                       (recur (next groups)
+                              (assoc result group-name assets))
+                       (let [splits (-> (partition-all max-group-size assets)
+                                        (d/enumerate))]
+                         (recur (next groups)
+                                (reduce (fn [result [index split]]
+                                          (let [split-name (str group-name " " (inc index))]
+                                            (assoc result split-name split)))
+                                        result
+                                        splits)))))))
+
+        ; Sort assets in each group by path
+        groups (update-vals groups (fn [assets]
+                                     (sort-by (fn [{:keys [path name]}]
+                                                (str/lower (cfh/merge-path-item path name)))
+                                              assets)))
+
+        ; Sort groups by name
+        groups (into (sorted-map) groups)]
+    groups))
+
+(defn- create-frame
+  [name position width height]
+  (cts/setup-shape
+   {:type :frame
+    :x (:x position)
+    :y (:y position)
+    :width (+ width (* 2 grid-gap))
+    :height (+ height (* 2 grid-gap))
+    :name name
+    :frame-id uuid/zero
+    :parent-id uuid/zero}))
+
+(defn- migrate-components
+  "If there is any component in the file library, add a new 'Library
+  backup', generate main instances for all components there and remove
+  shapes from library components.  Mark the file with
+  the :components-v2 option."
+  [file-data libraries]
+  (sse/tap {:type :migration-progress
+            :section :components})
+  (let [components (ctkl/components-seq file-data)]
+    (if (empty? components)
+      (assoc-in file-data [:options :components-v2] true)
+      (let [[file-data page-id start-pos]
+            (ctf/get-or-add-library-page file-data frame-gap)
+
+            migrate-component-shape
+            (fn [shape delta component-file component-id frame-id]
+              (cond-> shape
+                (nil? (:parent-id shape))
+                (assoc :parent-id frame-id
+                       :main-instance true
+                       :component-root true
+                       :component-file component-file
+                       :component-id component-id)
+
+                (nil? (:frame-id shape))
+                (assoc :frame-id frame-id)
+
+                :always
+                (gsh/move delta)))
+
+            add-main-instance
+            (fn [file-data component frame-id position]
+              (let [shapes (cfh/get-children-with-self (:objects component)
+                                                       (:id component))
+
+                    root-shape (first shapes)
+                    orig-pos   (gpt/point (:x root-shape) (:y root-shape))
+                    delta      (gpt/subtract position orig-pos)
+
+                    xf-shape (map #(migrate-component-shape %
+                                                            delta
+                                                            (:id file-data)
+                                                            (:id component)
+                                                            frame-id))
+                    new-shapes
+                    (into [] xf-shape shapes)
+
+                    find-frame-id ; if its parent is a frame, the frame-id should be the parent-id
+                    (fn [page shape]
+                      (let [parent (ctst/get-shape page (:parent-id shape))]
+                        (if (= :frame (:type parent))
+                          (:id parent)
+                          (:frame-id parent))))
+
+                    add-shapes
+                    (fn [page]
+                      (reduce (fn [page shape]
+                                (ctst/add-shape (:id shape)
+                                                shape
+                                                page
+                                                (find-frame-id page shape)
+                                                (:parent-id shape)
+                                                nil     ; <- As shapes are ordered, we can safely add each
+                                                true))  ;    one at the end of the parent's children list.
+                              page
+                              new-shapes))
+
+                    update-component
+                    (fn [component]
+                      (-> component
+                          (assoc :main-instance-id (:id root-shape)
+                                 :main-instance-page page-id)
+                          (dissoc :objects)))]
+
+                (-> file-data
+                    (ctpl/update-page page-id add-shapes)
+                    (ctkl/update-component (:id component) update-component))))
+
+            add-instance-grid
+            (fn [fdata frame-id grid assets]
+              (reduce (fn [result [component position]]
+                        (sse/tap {:type :migration-progress
+                                  :section :components
+                                  :name (:name component)})
+                        (add-main-instance result component frame-id (gpt/add position
+                                                                              (gpt/point grid-gap grid-gap))))
+                      fdata
+                      (d/zip assets grid)))
+
+            add-instance-grids
+            (fn [fdata]
+              (let [components (ctkl/components-seq fdata)
+                    groups     (get-asset-groups components "Components")]
+                (loop [groups   (seq groups)
+                       fdata    fdata
+                       position start-pos]
+                  (if (empty? groups)
+                    fdata
+                    (let [[group-name assets]    (first groups)
+                          grid                   (ctst/generate-shape-grid
+                                                  (map (partial ctf/get-component-root fdata) assets)
+                                                  position
+                                                  grid-gap)
+                          {:keys [width height]} (meta grid)
+                          frame                  (create-frame group-name position width height)
+                          fdata                  (ctpl/update-page fdata
+                                                                   page-id
+                                                                   #(ctst/add-shape (:id frame)
+                                                                                    frame
+                                                                                    %
+                                                                                    (:id frame)
+                                                                                    (:id frame)
+                                                                                    nil
+                                                                                    true))]
+                      (recur (next groups)
+                             (add-instance-grid fdata (:id frame) grid assets)
+                             (gpt/add position (gpt/point 0 (+ height (* 2 grid-gap) frame-gap)))))))))]
+
+        (let [total (count components)]
+          (some-> *stats* (swap! update :processed/components (fnil + 0) total))
+          (some-> *team-stats* (swap! update :processed/components (fnil + 0) total))
+          (some-> *file-stats* (swap! assoc :processed/components total)))
+
+        (-> file-data
+            (prepare-file-data libraries)
+            (add-instance-grids))))))
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; GRAPHICS MIGRATION
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(defn- create-shapes-for-bitmap
+  "Convert a media object that contains a bitmap image into shapes,
+  one shape of type :image and one group that contains it."
+  [{:keys [name width height id mtype]} frame-id position]
+  (let [frame-shape (cts/setup-shape
+                     {:type :frame
+                      :x (:x position)
+                      :y (:y position)
+                      :width width
+                      :height height
+                      :name name
+                      :frame-id frame-id
+                      :parent-id frame-id})
+
+        img-shape   (cts/setup-shape
+                     {:type :image
+                      :x (:x position)
+                      :y (:y position)
+                      :width width
+                      :height height
+                      :metadata {:id id
+                                 :width width
+                                 :height height
+                                 :mtype mtype}
+                      :name name
+                      :frame-id (:id frame-shape)
+                      :parent-id (:id frame-shape)})]
+    [frame-shape [img-shape]]))
+
+(defn- parse-datauri
+  [data]
+  (let [[mtype b64-data] (str/split data ";base64," 2)
+        mtype (subs mtype (inc (str/index-of mtype ":")))
+        data  (-> b64-data bc/str->bytes bc/b64->bytes)]
+    [mtype data]))
+
+(defn- extract-name
+  [href]
+  (let [query-idx (d/nilv (str/last-index-of href "?") 0)
+        href (if (> query-idx 0) (subs href 0 query-idx) href)
+        filename (->> (str/split href "/") (last))
+        ext-idx (str/last-index-of filename ".")]
+    (if (> ext-idx 0) (subs filename 0 ext-idx) filename)))
+
+(defn- collect-and-persist-images
+  [svg-data file-id]
+  (letfn [(process-image [{:keys [href] :as item}]
+            (try
+              (let [item (if (str/starts-with? href "data:")
+                           (let [[mtype data] (parse-datauri href)
+                                 size         (alength data)
+                                 path         (tmp/tempfile :prefix "penpot.media.download.")
+                                 written      (io/write-to-file! data path :size size)]
+
+                             (when (not= written size)
+                               (ex/raise :type :internal
+                                         :code :mismatch-write-size
+                                         :hint "unexpected state: unable to write to file"))
+
+                             (-> item
+                                 (assoc :size size)
+                                 (assoc :path path)
+                                 (assoc :filename "tempfile")
+                                 (assoc :mtype mtype)))
+
+                           (let [result (cmd.media/download-image *system* href)]
+                             (-> (merge item result)
+                                 (assoc :name (extract-name href)))))]
+
+                ;; The media processing adds the data to the
+                ;; input map and returns it.
+                (media/run {:cmd :info :input item}))
+
+              (catch Throwable cause
+                (l/warn :hint "unexpected exception on processing internal image shape (skiping)"
+                        :cause cause)
+                (when-not *skip-on-error*
+                  (throw cause)))))
+
+          (persist-image [acc {:keys [path size width height mtype href] :as item}]
+            (let [storage (::sto/storage *system*)
+                  conn    (::db/conn *system*)
+                  hash    (sto/calculate-hash path)
+                  content (-> (sto/content path size)
+                              (sto/wrap-with-hash hash))
+                  params  {::sto/content content
+                           ::sto/deduplicate? true
+                           ::sto/touched-at (:ts item)
+                           :content-type mtype
+                           :bucket "file-media-object"}
+                  image   (sto/put-object! storage params)
+                  fmo-id  (uuid/next)]
+
+              (db/exec-one! conn
+                            [cmd.media/sql:create-file-media-object
+                             fmo-id
+                             file-id true (:name item "image")
+                             (:id image)
+                             nil
+                             width
+                             height
+                             mtype])
+
+              (assoc acc href {:id fmo-id
+                               :mtype mtype
+                               :width width
+                               :height height})))]
+
+    (let [images (->> (csvg/collect-images svg-data)
+                      (transduce (keep process-image)
+                                 (completing persist-image) {}))]
+      (assoc svg-data :image-data images))))
+
+(defn- get-svg-content
+  [id]
+  (let [storage  (::sto/storage *system*)
+        conn     (::db/conn *system*)
+        fmobject (db/get conn :file-media-object {:id id})
+        sobject  (sto/get-object storage (:media-id fmobject))]
+
+    (with-open [stream (sto/get-object-data storage sobject)]
+      (slurp stream))))
+
+(defn- create-shapes-for-svg
+  [{:keys [id] :as mobj} file-id objects frame-id position]
+  (let [svg-text  (get-svg-content id)
+
+        optimizer (::csvg/optimizer *system*)
+        svg-text  (csvg/optimize optimizer svg-text)
+
+        svg-data  (-> (csvg/parse svg-text)
+                      (assoc :name (:name mobj))
+                      (collect-and-persist-images file-id))]
+
+    (sbuilder/create-svg-shapes svg-data position objects frame-id frame-id #{} false)))
+
+(defn- process-media-object
+  [fdata page-id frame-id mobj position]
+  (let [page    (ctpl/get-page fdata page-id)
+        file-id (get fdata :id)
+
+        [shape children]
+        (if (= (:mtype mobj) "image/svg+xml")
+          (create-shapes-for-svg mobj file-id (:objects page) frame-id position)
+          (create-shapes-for-bitmap mobj frame-id position))
+
+        shape (assoc shape :name (-> "Graphics"
+                                     (cfh/merge-path-item (:path mobj))
+                                     (cfh/merge-path-item (:name mobj))))
+
+        changes
+        (-> (fcb/empty-changes nil)
+            (fcb/set-save-undo? false)
+            (fcb/with-page page)
+            (fcb/with-objects (:objects page))
+            (fcb/with-library-data fdata)
+            (fcb/delete-media (:id mobj))
+            (fcb/add-objects (cons shape children)))
+
+        ;; NOTE: this is a workaround for `generate-add-component`, it
+        ;; is needed because that function always starts from empty
+        ;; changes; so in this case we need manually add all shapes to
+        ;; the page and then use that page for the
+        ;; `generate-add-component` function
+        page
+        (reduce (fn [page shape]
+                  (ctst/add-shape (:id shape)
+                                  shape
+                                  page
+                                  frame-id
+                                  frame-id
+                                  nil
+                                  true))
+                page
+                (cons shape children))
+
+        [_ _ changes2]
+        (cflh/generate-add-component nil
+                                     [shape]
+                                     (:objects page)
+                                     (:id page)
+                                     file-id
+                                     true
+                                     nil
+                                     cfsh/prepare-create-artboard-from-selection)
+        changes (fcb/concat-changes changes changes2)]
+
+    (:redo-changes changes)))
+
+(defn- create-media-grid
+  [fdata page-id frame-id grid media-group]
+  (let [factory  (px/thread-factory :virtual true)
+        executor (px/fixed-executor :parallelism 10 :factory factory)
+        process  (fn [mobj position]
+                   (let [position (gpt/add position (gpt/point grid-gap grid-gap))
+                         tp1      (dt/tpoint)]
+                     (try
+                       (process-media-object fdata page-id frame-id mobj position)
+                       (catch Throwable cause
+                         (l/wrn :hint "unable to process file media object (skiping)"
+                                :file-id (str (:id fdata))
+                                :id (str (:id mobj))
+                                :cause cause)
+
+                         (if-not *skip-on-error*
+                           (throw cause)
+                           nil))
+                       (finally
+                         (l/trc :hint "graphic processed"
+                                :file-id (str (:id fdata))
+                                :media-id (str (:id mobj))
+                                :elapsed (dt/format-duration (tp1)))))))]
+    (try
+      (->> (d/zip media-group grid)
+           (map (fn [[mobj position]]
+                  (sse/tap {:type :migration-progress
+                            :section :graphics
+                            :name (:name mobj)})
+                  (px/submit! executor (partial process mobj position))))
+           (reduce (fn [fdata promise]
+                     (if-let [changes (deref promise)]
+                       (-> (assoc-in fdata [:options :components-v2] true)
+                           (cp/process-changes changes false))
+                       fdata))
+                   fdata))
+      (finally
+        (pu/close! executor)))))
+
+(defn- migrate-graphics
+  [fdata]
+  (sse/tap {:type :migration-progress
+            :section :graphics})
+  (if (empty? (:media fdata))
+    fdata
+    (let [[fdata page-id start-pos]
+          (ctf/get-or-add-library-page fdata frame-gap)
+
+          media (->> (vals (:media fdata))
+                     (map (fn [{:keys [width height] :as media}]
+                            (let [points (-> (grc/make-rect 0 0 width height)
+                                             (grc/rect->points))]
+                              (assoc media :points points)))))
+
+          groups (get-asset-groups media "Graphics")]
+
+      (let [total (count media)]
+        (some-> *stats* (swap! update :processed/graphics (fnil + 0) total))
+        (some-> *team-stats* (swap! update :processed/graphics (fnil + 0) total))
+        (some-> *file-stats* (swap! assoc :processed/graphics total)))
+
+      (loop [groups (seq groups)
+             fdata fdata
+             position start-pos]
+        (if (empty? groups)
+          fdata
+          (let [[group-name assets]    (first groups)
+                grid                   (ctst/generate-shape-grid assets position grid-gap)
+                {:keys [width height]} (meta grid)
+                frame                  (create-frame group-name position width height)
+                fdata                  (ctpl/update-page fdata
+                                                         page-id
+                                                         #(ctst/add-shape (:id frame)
+                                                                          frame
+                                                                          %
+                                                                          (:id frame)
+                                                                          (:id frame)
+                                                                          nil
+                                                                          true))]
+            (recur (next groups)
+                   (create-media-grid fdata page-id (:id frame) grid assets)
+                   (gpt/add position (gpt/point 0 (+ height (* 2 grid-gap) frame-gap))))))))))
+
+(defn- migrate-fdata
+  [fdata libs]
+  (let [migrated? (dm/get-in fdata [:options :components-v2])]
+    (if migrated?
+      fdata
+      (let [fdata (migrate-components fdata libs)
+            fdata (migrate-graphics fdata)]
+        (update fdata :options assoc :components-v2 true)))))
+
+(defn- get-file
+  [system id]
+  (binding [pmap/*load-fn* (partial fdata/load-pointer system id)]
+    (-> (files/get-file system id :migrate? false)
+        (update :data assoc :id id)
+        (update :data fdata/process-pointers deref)
+        (fmg/migrate-file))))
+
+(defn- validate-file!
+  [file libs throw-on-validate?]
+  (try
+    (cfv/validate-file! file libs)
+    (cfv/validate-file-schema! file)
+    (catch Throwable cause
+      (if throw-on-validate?
+        (throw cause)
+        (l/wrn :hint "migrate:file:validation-error" :cause cause)))))
+
+(defn- process-file
+  [{:keys [::db/conn] :as system} id & {:keys [validate? throw-on-validate?]}]
+  (let [file  (get-file system id)
+
+        libs  (->> (files/get-file-libraries conn id)
+                   (into [file] (comp (map :id) (map (partial get-file system))))
+                   (d/index-by :id))
+
+        file  (-> file
+                  (update :data migrate-fdata libs)
+                  (update :features conj "components/v2"))
+
+        _     (when validate?
+                (validate-file! file libs throw-on-validate?))
+
+        file (if (contains? (:features file) "fdata/objects-map")
+               (fdata/enable-objects-map file)
+               file)
+
+        file (if (contains? (:features file) "fdata/pointer-map")
+               (binding [pmap/*tracked* (pmap/create-tracked)]
+                 (let [file (fdata/enable-pointer-map file)]
+                   (fdata/persist-pointers! system id)
+                   file))
+               file)]
+
+    (db/update! conn :file
+                {:data (blob/encode (:data file))
+                 :features (db/create-array conn "text" (:features file))
+                 :revn (:revn file)}
+                {:id (:id file)}
+                {::db/return-keys? false})
+
+    (dissoc file :data)))
+
+(defn migrate-file!
+  [system file-id & {:keys [validate? throw-on-validate?]}]
+  (let [tpoint  (dt/tpoint)
+        file-id (if (string? file-id)
+                  (parse-uuid file-id)
+                  file-id)]
+    (binding [*file-stats* (atom {})]
+      (try
+        (l/dbg :hint "migrate:file:start" :file-id (str file-id))
+
+        (let [system (update system ::sto/storage media/configure-assets-storage)]
+          (db/tx-run! system
+                      (fn [system]
+                        (binding [*system* system]
+                          (fsnap/take-file-snapshot! system {:file-id file-id :label "migration/components-v2"})
+                          (process-file system file-id
+                                        :validate? validate?
+                                        :throw-on-validate? throw-on-validate?)))))
+
+        (finally
+          (let [elapsed    (tpoint)
+                components (get @*file-stats* :processed/components 0)
+                graphics   (get @*file-stats* :processed/graphics 0)]
+
+            (l/dbg :hint "migrate:file:end"
+                   :file-id (str file-id)
+                   :graphics graphics
+                   :components components
+                   :elapsed (dt/format-duration elapsed))
+
+            (some-> *stats* (swap! update :processed/files (fnil inc 0)))
+            (some-> *team-stats* (swap! update :processed/files (fnil inc 0)))))))))
+
+(defn migrate-team!
+  [system team-id & {:keys [validate? throw-on-validate?]}]
+  (let [tpoint  (dt/tpoint)
+        team-id (if (string? team-id)
+                  (parse-uuid team-id)
+                  team-id)]
+    (l/dbg :hint "migrate:team:start" :team-id (dm/str team-id))
+    (binding [*team-stats* (atom {})]
+      (try
+        ;; We execute this out of transaction because we want this
+        ;; change to be visible to all other sessions before starting
+        ;; the migration
+        (let [sql (str "UPDATE team SET features = "
+                       "    array_append(features, 'ephimeral/v2-migration') "
+                       " WHERE id = ?")]
+          (db/exec-one! system [sql team-id]))
+
+        (db/tx-run! system
+                    (fn [{:keys [::db/conn] :as system}]
+                      ;; Lock the team
+                      (db/exec-one! conn ["SET idle_in_transaction_session_timeout = 0"])
+
+                      (let [{:keys [features] :as team} (-> (db/get conn :team {:id team-id})
+                                                            (update :features db/decode-pgarray #{}))]
+
+                        (if (contains? features "components/v2")
+                          (l/dbg :hint "team already migrated")
+                          (let [sql  (str/concat
+                                      "SELECT f.id FROM file AS f "
+                                      "  JOIN project AS p ON (p.id = f.project_id) "
+                                      "WHERE p.team_id = ? AND f.deleted_at IS NULL AND p.deleted_at IS NULL "
+                                      "FOR UPDATE")]
+
+                            (doseq [file-id (->> (db/exec! conn [sql team-id])
+                                                 (map :id))]
+                              (migrate-file! system file-id
+                                             :validate? validate?
+                                             :throw-on-validate? throw-on-validate?))
+
+                            (let [features (-> features
+                                               (disj "ephimeral/v2-migration")
+                                               (conj "components/v2")
+                                               (conj "layout/grid")
+                                               (conj "styles/v2"))]
+                              (db/update! conn :team
+                                          {:features (db/create-array conn "text" features)}
+                                          {:id team-id})))))))
+        (finally
+          (some-> *semaphore* ps/release!)
+          (let [elapsed (tpoint)]
+            (some-> *stats* (swap! update :processed/teams (fnil inc 0)))
+
+            ;; We execute this out of transaction because we want this
+            ;; change to be visible to all other sessions before starting
+            ;; the migration
+            (let [sql (str "UPDATE team SET features = "
+                           "    array_remove(features, 'ephimeral/v2-migration') "
+                           " WHERE id = ?")]
+              (db/exec-one! system [sql team-id]))
+
+            (let [components (get @*team-stats* :processed/components 0)
+                  graphics   (get @*team-stats* :processed/graphics 0)
+                  files      (get @*team-stats* :processed/files 0)]
+              (l/dbg :hint "migrate:team:end"
+                     :team-id (dm/str team-id)
+                     :files files
+                     :components components
+                     :graphics graphics
+                     :elapsed (dt/format-duration elapsed)))))))))
+
+

backend/src/app/features/fdata.clj

@@ -0,0 +1,96 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.features.fdata
+  "A `fdata/*` related feature migration helpers"
+  (:require
+   [app.common.data :as d]
+   [app.common.exceptions :as ex]
+   [app.common.logging :as l]
+   [app.db :as db]
+   [app.util.blob :as blob]
+   [app.util.objects-map :as omap]
+   [app.util.pointer-map :as pmap]))
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; OBJECTS-MAP
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(defn enable-objects-map
+  [file]
+  (let [update-fn #(d/update-when % :objects omap/wrap)]
+    (-> file
+        (update :data (fn [fdata]
+                        (-> fdata
+                            (update :pages-index update-vals update-fn)
+                            (update :components update-vals update-fn))))
+        (update :features conj "fdata/objects-map"))))
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; POINTER-MAP
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(defn load-pointer
+  "A database loader pointer helper"
+  [system file-id id]
+  (let [{:keys [content]} (db/get system :file-data-fragment
+                                  {:id id :file-id file-id}
+                                  {::db/columns [:content]
+                                   ::db/check-deleted? false})]
+    (when-not content
+      (ex/raise :type :internal
+                :code :fragment-not-found
+                :hint "fragment not found"
+                :file-id file-id
+                :fragment-id id))
+
+    (blob/decode content)))
+
+(defn persist-pointers!
+  "Given a database connection and the final file-id, persist all
+  pointers to the underlying storage (the database)."
+  [system file-id]
+  (doseq [[id item] @pmap/*tracked*]
+    (when (pmap/modified? item)
+      (l/trc :hint "persist pointer" :file-id (str file-id) :id (str id))
+      (let [content (-> item deref blob/encode)]
+        (db/insert! system :file-data-fragment
+                    {:id id
+                     :file-id file-id
+                     :content content})))))
+
+(defn process-pointers
+  "Apply a function to all pointers on the file. Usuly used for
+  dereference the pointer to a plain value before some processing."
+  [fdata update-fn]
+  (cond-> fdata
+    (contains? fdata :pages-index)
+    (update :pages-index process-pointers update-fn)
+
+    :always
+    (update-vals (fn [val]
+                   (if (pmap/pointer-map? val)
+                     (update-fn val)
+                     val)))))
+
+(defn get-used-pointer-ids
+  "Given a file, return all pointer ids used in the data."
+  [fdata]
+  (->> (concat (vals fdata)
+               (vals (:pages-index fdata)))
+       (into #{} (comp (filter pmap/pointer-map?)
+                       (map pmap/get-id)))))
+
+(defn enable-pointer-map
+  "Enable the fdata/pointer-map feature on the file."
+  [file]
+  (-> file
+      (update :data (fn [fdata]
+                      (-> fdata
+                          (update :pages-index update-vals pmap/wrap)
+                          (update :components pmap/wrap))))
+
+      (update :features conj "fdata/pointer-map")))

backend/src/app/http.clj

@@ -19,19 +19,20 @@
    [app.http.middleware :as mw]
    [app.http.session :as session]
    [app.http.websocket :as-alias ws]
+   [app.main :as-alias main]
    [app.metrics :as mtx]
    [app.rpc :as-alias rpc]
    [app.rpc.doc :as-alias rpc.doc]
-   [app.worker :as wrk]
    [clojure.spec.alpha :as s]
    [integrant.core :as ig]
+   [promesa.exec :as px]
    [reitit.core :as r]
    [reitit.middleware :as rr]
-   [yetti.adapter :as yt]
-   [yetti.request :as yrq]
-   [yetti.response :as yrs]))
+   [ring.request :as rreq]
+   [ring.response :as-alias rres]
+   [yetti.adapter :as yt]))
 
-(declare wrap-router)
+(declare router-handler)
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; HTTP SERVER
@@ -61,8 +62,7 @@
                 ::max-multipart-body-size
                 ::router
                 ::handler
-                ::io-threads
-                ::wrk/executor]))
+                ::io-threads]))
 
 (defmethod ig/init-key ::server
   [_ {:keys [::handler ::router ::host ::port] :as cfg}]
@@ -71,13 +71,15 @@
                  :http/host host
                  :http/max-body-size (::max-body-size cfg)
                  :http/max-multipart-body-size (::max-multipart-body-size cfg)
-                 :xnio/io-threads (::io-threads cfg)
-                 :xnio/dispatch (::wrk/executor cfg)
-                 :ring/async true}
+                 :xnio/io-threads (or (::io-threads cfg)
+                                      (max 3 (px/get-available-processors)))
+                 :xnio/dispatch :virtual
+                 :ring/compat :ring2
+                 :socket/backlog 4069}
 
         handler (cond
                   (some? router)
-                  (wrap-router router)
+                  (router-handler router)
 
                   (some? handler)
                   handler
@@ -96,33 +98,33 @@
   (yt/stop! server))
 
 (defn- not-found-handler
-  [_ respond _]
-  (respond (yrs/response 404)))
+  [_]
+  {::rres/status 404})
 
-(defn- wrap-router
+(defn- router-handler
   [router]
-  (letfn [(handler [request respond raise]
-            (if-let [match (r/match-by-path router (yrq/path request))]
+  (letfn [(resolve-handler [request]
+            (if-let [match (r/match-by-path router (rreq/path request))]
               (let [params  (:path-params match)
                     result  (:result match)
                     handler (or (:handler result) not-found-handler)
                     request (assoc request :path-params params)]
-                (handler request respond raise))
-              (not-found-handler request respond raise)))
+                (partial handler request))
+              (partial not-found-handler request)))
 
-          (on-error [cause request respond]
+          (on-error [cause request]
             (let [{:keys [body] :as response} (errors/handle cause request)]
-              (respond
-               (cond-> response
-                 (map? body)
-                 (-> (update :headers assoc "content-type" "application/transit+json")
-                     (assoc :body (t/encode-str body {:type :json-verbose})))))))]
+              (cond-> response
+                (map? body)
+                (-> (update ::rres/headers assoc "content-type" "application/transit+json")
+                    (assoc ::rres/body (t/encode-str body {:type :json-verbose}))))))]
 
-    (fn [request respond _]
-      (try
-        (handler request respond #(on-error % request respond))
-        (catch Throwable cause
-          (on-error cause request respond))))))
+    (fn [request]
+      (let [handler (resolve-handler request)]
+        (try
+          (handler)
+          (catch Throwable cause
+            (on-error cause request)))))))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; HTTP ROUTER
@@ -130,11 +132,11 @@
 
 (defmethod ig/pre-init-spec ::router [_]
   (s/keys :req [::session/manager
-                ::actoken/manager
                 ::ws/routes
                 ::rpc/routes
                 ::rpc.doc/routes
                 ::oidc/routes
+                ::main/props
                 ::assets/routes
                 ::debug/routes
                 ::db/pool
@@ -145,8 +147,8 @@
   [_ cfg]
   (rr/router
    [["" {:middleware [[mw/server-timing]
-                      [mw/format-response]
                       [mw/params]
+                      [mw/format-response]
                       [mw/parse-request]
                       [session/soft-auth cfg]
                       [actoken/soft-auth cfg]

backend/src/app/http/access_token.clj

@@ -7,31 +7,17 @@
 (ns app.http.access-token
   (:require
    [app.common.logging :as l]
-   [app.common.spec :as us]
    [app.config :as cf]
    [app.db :as db]
    [app.main :as-alias main]
    [app.tokens :as tokens]
-   [app.worker :as-alias wrk]
-   [clojure.spec.alpha :as s]
-   [integrant.core :as ig]
-   [promesa.core :as p]
-   [promesa.exec :as px]
-   [yetti.request :as yrq]))
-
-
-(s/def ::manager
-  (s/keys :req [::db/pool ::wrk/executor ::main/props]))
-
-(defmethod ig/pre-init-spec ::manager [_] ::manager)
-(defmethod ig/init-key ::manager [_ cfg] cfg)
-(defmethod ig/halt-key! ::manager [_ _])
+   [ring.request :as rreq]))
 
 (def header-re #"^Token\s+(.*)")
 
 (defn- get-token
   [request]
-  (some->> (yrq/get-header request "authorization")
+  (some->> (rreq/get-header request "authorization")
            (re-matches header-re)
            (second)))
 
@@ -40,48 +26,49 @@
   (when token
     (tokens/verify props {:token token :iss "access-token"})))
 
-(defn- get-token-perms
+(def sql:get-token-data
+  "SELECT perms, profile_id, expires_at
+     FROM access_token
+    WHERE id = ?
+      AND (expires_at IS NULL
+           OR (expires_at > now()));")
+
+(defn- get-token-data
   [pool token-id]
   (when-not (db/read-only? pool)
-    (when-let [token (db/get* pool :access-token {:id token-id} {:columns [:perms]})]
-      (some-> (:perms token)
-              (db/decode-pgarray #{})))))
+    (some-> (db/exec-one! pool [sql:get-token-data token-id])
+            (update :perms db/decode-pgarray #{}))))
 
 (defn- wrap-soft-auth
-  [handler {:keys [::manager]}]
-  (us/assert! ::manager manager)
+  "Soft Authentication, will be executed synchronously on the undertow
+  worker thread."
+  [handler {:keys [::main/props]}]
+  (letfn [(handle-request [request]
+            (try
+              (let [token  (get-token request)
+                    claims (decode-token props token)]
+                (cond-> request
+                  (map? claims)
+                  (assoc ::id (:tid claims))))
+              (catch Throwable cause
+                (l/trace :hint "exception on decoding malformed token" :cause cause)
+                request)))]
 
-  (let [{:keys [::wrk/executor ::main/props]} manager]
-    (fn [request respond raise]
-      (let [token (get-token request)]
-        (->> (px/submit! executor (partial decode-token props token))
-             (p/fnly (fn [claims cause]
-                       (when cause
-                         (l/trace :hint "exception on decoding malformed token" :cause cause))
-                       (let [request (cond-> request
-                                       (map? claims)
-                                       (assoc ::id (:tid claims)))]
-                         (handler request respond raise)))))))))
+    (fn [request]
+      (handler (handle-request request)))))
 
 (defn- wrap-authz
-  [handler {:keys [::manager]}]
-  (us/assert! ::manager manager)
-  (let [{:keys [::wrk/executor ::db/pool]} manager]
-    (fn [request respond raise]
-      (if-let [token-id (::id request)]
-        (->> (px/submit! executor (partial get-token-perms pool token-id))
-             (p/fnly (fn [perms cause]
-                       (cond
-                         (some? cause)
-                         (raise cause)
-
-                         (nil? perms)
-                         (handler request respond raise)
-
-                         :else
-                         (let [request (assoc request ::perms perms)]
-                           (handler request respond raise))))))
-        (handler request respond raise)))))
+  "Authorization middleware, will be executed synchronously on vthread."
+  [handler {:keys [::db/pool]}]
+  (fn [request]
+    (let [{:keys [perms profile-id expires-at]} (some->> (::id request) (get-token-data pool))]
+      (handler (cond-> request
+                 (some? perms)
+                 (assoc ::perms perms)
+                 (some? profile-id)
+                 (assoc ::profile-id profile-id)
+                 (some? expires-at)
+                 (assoc ::expires-at expires-at))))))
 
 (def soft-auth
   {:name ::soft-auth

backend/src/app/http/assets.clj

@@ -14,11 +14,9 @@
    [app.db :as db]
    [app.storage :as sto]
    [app.util.time :as dt]
-   [app.worker :as wrk]
    [clojure.spec.alpha :as s]
    [integrant.core :as ig]
-   [promesa.core :as p]
-   [yetti.response :as yrs]))
+   [ring.response :as-alias rres]))
 
 (def ^:private cache-max-age
   (dt/duration {:hours 24}))
@@ -28,10 +26,9 @@
 
 (defn get-id
   [{:keys [path-params]}]
-  (if-let [id (some-> path-params :id d/parse-uuid)]
-    (p/resolved id)
-    (p/rejected (ex/error :type :not-found
-                          :hunt "object not found"))))
+  (or (some-> path-params :id d/parse-uuid)
+      (ex/raise :type :not-found
+                :hunt "object not found")))
 
 (defn- get-file-media-object
   [pool id]
@@ -39,16 +36,12 @@
 
 (defn- serve-object-from-s3
   [{:keys [::sto/storage] :as cfg} obj]
-  (let [mdata (meta obj)]
-    (->> (sto/get-object-url storage obj {:max-age signature-max-age})
-         (p/fmap (fn [{:keys [host port] :as url}]
-                   (let [headers {"location" (str url)
-                                  "x-host"   (cond-> host port (str ":" port))
-                                  "x-mtype"  (:content-type mdata)
-                                  "cache-control" (str "max-age=" (inst-ms cache-max-age))}]
-                     (yrs/response
-                      :status  307
-                      :headers headers)))))))
+  (let [{:keys [host port] :as url} (sto/get-object-url storage obj {:max-age signature-max-age})]
+    {::rres/status  307
+     ::rres/headers {"location" (str url)
+                     "x-host"   (cond-> host port (str ":" port))
+                     "x-mtype"  (-> obj meta :content-type)
+                     "cache-control" (str "max-age=" (inst-ms cache-max-age))}}))
 
 (defn- serve-object-from-fs
   [{:keys [::path]} obj]
@@ -58,8 +51,8 @@
         headers {"x-accel-redirect" (:path purl)
                  "content-type" (:content-type mdata)
                  "cache-control" (str "max-age=" (inst-ms cache-max-age))}]
-    (p/resolved
-     (yrs/response :status 204 :headers headers))))
+    {::rres/status 204
+     ::rres/headers headers}))
 
 (defn- serve-object
   "Helper function that returns the appropriate response depending on
@@ -72,42 +65,34 @@
 
 (defn objects-handler
   "Handler that servers storage objects by id."
-  [{:keys [::sto/storage ::wrk/executor] :as cfg} request respond raise]
-  (->> (get-id request)
-       (p/mcat executor (fn [id] (sto/get-object storage id)))
-       (p/mcat executor (fn [obj]
-                          (if (some? obj)
-                            (serve-object cfg obj)
-                            (p/resolved (yrs/response 404)))))
-       (p/fnly executor (fn [result cause]
-                          (if cause (raise cause) (respond result))))))
+  [{:keys [::sto/storage] :as cfg} request]
+  (let [id  (get-id request)
+        obj (sto/get-object storage id)]
+    (if obj
+      (serve-object cfg obj)
+      {::rres/status 404})))
 
 (defn- generic-handler
   "A generic handler helper/common code for file-media based handlers."
-  [{:keys [::sto/storage ::wrk/executor] :as cfg} request kf]
-  (let [pool (::db/pool storage)]
-    (->> (get-id request)
-         (p/fmap executor (fn [id] (get-file-media-object pool id)))
-         (p/mcat executor (fn [mobj] (sto/get-object storage (kf mobj))))
-         (p/mcat executor (fn [sobj]
-                            (if sobj
-                              (serve-object cfg sobj)
-                              (p/resolved (yrs/response 404))))))))
+  [{:keys [::sto/storage] :as cfg} request kf]
+  (let [pool (::db/pool storage)
+        id   (get-id request)
+        mobj (get-file-media-object pool id)
+        sobj (sto/get-object storage (kf mobj))]
+    (if sobj
+      (serve-object cfg sobj)
+      {::rres/status 404})))
 
 (defn file-objects-handler
   "Handler that serves storage objects by file media id."
-  [cfg request respond raise]
-  (->> (generic-handler cfg request :media-id)
-       (p/fnly (fn [result cause]
-                 (if cause (raise cause) (respond result))))))
+  [cfg request]
+  (generic-handler cfg request :media-id))
 
 (defn file-thumbnails-handler
   "Handler that serves storage objects by thumbnail-id and quick
   fallback to file-media-id if no thumbnail is available."
-  [cfg request respond raise]
-  (->> (generic-handler cfg request #(or (:thumbnail-id %) (:media-id %)))
-       (p/fnly (fn [result cause]
-                 (if cause (raise cause) (respond result))))))
+  [cfg request]
+  (generic-handler cfg request #(or (:thumbnail-id %) (:media-id %))))
 
 ;; --- Initialization
 
@@ -115,7 +100,7 @@
 (s/def ::routes vector?)
 
 (defmethod ig/pre-init-spec ::routes [_]
-  (s/keys :req [::sto/storage ::wrk/executor  ::path]))
+  (s/keys :req [::sto/storage  ::path]))
 
 (defmethod ig/init-key ::routes
   [_ cfg]

backend/src/app/http/awsns.clj

@@ -20,8 +20,8 @@
    [integrant.core :as ig]
    [jsonista.core :as j]
    [promesa.exec :as px]
-   [yetti.request :as yrq]
-   [yetti.response :as yrs]))
+   [ring.request :as rreq]
+   [ring.response :as-alias rres]))
 
 (declare parse-json)
 (declare handle-request)
@@ -31,15 +31,14 @@
 (defmethod ig/pre-init-spec ::routes [_]
   (s/keys :req [::http/client
                 ::main/props
-                ::db/pool
-                ::wrk/executor]))
+                ::db/pool]))
 
 (defmethod ig/init-key ::routes
-  [_ {:keys [::wrk/executor] :as cfg}]
-  (letfn [(handler [request respond _]
-            (let [data (-> request yrq/body slurp)]
-              (px/run! executor #(handle-request cfg data)))
-            (respond (yrs/response 200)))]
+  [_ cfg]
+  (letfn [(handler [request]
+            (let [data (-> request rreq/body slurp)]
+              (px/run! :vthread (partial handle-request cfg data)))
+            {::rres/status 200})]
     ["/sns" {:handler handler
              :allowed-methods #{:post}}]))
 

backend/src/app/http/client.clj

@@ -8,7 +8,6 @@
   "Http client abstraction layer."
   (:require
    [app.common.spec :as us]
-   [app.worker :as wrk]
    [clojure.spec.alpha :as s]
    [integrant.core :as ig]
    [java-http-clj.core :as http]
@@ -21,12 +20,11 @@
   (s/keys :req [::client]))
 
 (defmethod ig/pre-init-spec ::client [_]
-  (s/keys :req [::wrk/executor]))
+  (s/keys :req []))
 
 (defmethod ig/init-key ::client
-  [_ {:keys [::wrk/executor] :as cfg}]
-  (http/build-client {:executor executor
-                      :connect-timeout 30000 ;; 10s
+  [_ _]
+  (http/build-client {:connect-timeout 30000 ;; 10s
                       :follow-redirects :always}))
 
 (defn send!
@@ -40,12 +38,25 @@
        (catch Throwable cause
          (p/rejected cause))))))
 
+(defn- resolve-client
+  [params]
+  (cond
+    (instance? HttpClient params)
+    params
+
+    (map? params)
+    (resolve-client (::client params))
+
+    :else
+    (throw (UnsupportedOperationException. "invalid arguments"))))
+
 (defn req!
   "A convencience toplevel function for gradual migration to a new API
   convention."
-  ([{:keys [::client]} request]
-   (us/assert! ::client client)
-   (send! client request {}))
-  ([{:keys [::client]} request options]
-   (us/assert! ::client client)
-   (send! client request options)))
+  ([cfg-or-client request]
+   (let [client (resolve-client cfg-or-client)]
+     (send! client request {})))
+  ([cfg-or-client request options]
+   (let [client (resolve-client cfg-or-client)]
+     (send! client request options))))
+

backend/src/app/http/debug.clj

@@ -7,22 +7,24 @@
 (ns app.http.debug
   (:refer-clojure :exclude [error-handler])
   (:require
+   [app.common.data :as d]
    [app.common.exceptions :as ex]
    [app.common.logging :as l]
    [app.common.pprint :as pp]
    [app.common.uuid :as uuid]
    [app.config :as cf]
    [app.db :as db]
-   [app.http.middleware :as mw]
    [app.http.session :as session]
+   [app.main :as-alias main]
+   [app.rpc.commands.auth :as auth]
    [app.rpc.commands.binfile :as binf]
    [app.rpc.commands.files-create :refer [create-file]]
    [app.rpc.commands.profile :as profile]
+   [app.srepl.helpers :as srepl]
    [app.storage :as-alias sto]
    [app.util.blob :as blob]
    [app.util.template :as tmpl]
    [app.util.time :as dt]
-   [app.worker :as wrk]
    [clojure.spec.alpha :as s]
    [cuerdas.core :as str]
    [datoteka.io :as io]
@@ -30,51 +32,41 @@
    [integrant.core :as ig]
    [markdown.core :as md]
    [markdown.transformers :as mdt]
-   [yetti.request :as yrq]
-   [yetti.response :as yrs]))
+   [ring.request :as rreq]
+   [ring.response :as rres]))
 
 ;; (selmer.parser/cache-off!)
 
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; HELPERS
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-(defn authorized?
-  [pool {:keys [::session/profile-id]}]
-  (or (= "devenv" (cf/get :host))
-      (let [profile (ex/ignoring (profile/get-profile pool profile-id))
-            admins  (or (cf/get :admins) #{})]
-        (contains? admins (:email profile)))))
-
-(defn prepare-response
-  [body]
-  (let [headers {"content-type" "application/transit+json"}]
-    (yrs/response :status 200 :body body :headers headers)))
-
-(defn prepare-download-response
-  [body filename]
-  (let [headers {"content-disposition" (str "attachment; filename=" filename)
-                 "content-type" "application/octet-stream"}]
-    (yrs/response :status 200 :body body :headers headers)))
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; INDEX
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
 (defn index-handler
-  [{:keys [::db/pool]} request]
-  (when-not (authorized? pool request)
-    (ex/raise :type :authentication
-              :code :only-admins-allowed))
-  (yrs/response :status  200
-                :headers {"content-type" "text/html"}
-                :body    (-> (io/resource "app/templates/debug.tmpl")
-                             (tmpl/render {}))))
+  [_cfg _request]
+  {::rres/status  200
+   ::rres/headers {"content-type" "text/html"}
+   ::rres/body    (-> (io/resource "app/templates/debug.tmpl")
+                      (tmpl/render {}))})
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; FILE CHANGES
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
+(defn prepare-response
+  [body]
+  (let [headers {"content-type" "application/transit+json"}]
+    {::rres/status 200
+     ::rres/body body
+     ::rres/headers headers}))
+
+(defn prepare-download-response
+  [body filename]
+  (let [headers {"content-disposition" (str "attachment; filename=" filename)
+                 "content-type" "application/octet-stream"}]
+    {::rres/status 200
+     ::rres/body body
+     ::rres/headers headers}))
+
 (def sql:retrieve-range-of-changes
   "select revn, changes from file_change where file_id=? and revn >= ? and revn <= ? order by revn")
 
@@ -83,10 +75,6 @@
 
 (defn- retrieve-file-data
   [{:keys [::db/pool]} {:keys [params ::session/profile-id] :as request}]
-  (when-not (authorized? pool request)
-    (ex/raise :type :authentication
-              :code :only-admins-allowed))
-
   (let [file-id  (some-> params :file-id parse-uuid)
         revn     (some-> params :revn parse-long)
         filename (str file-id)]
@@ -109,14 +97,18 @@
 
         (contains? params :clone)
         (let [profile    (profile/get-profile pool profile-id)
-              project-id (:default-project-id profile)
-              data       (blob/decode data)]
-          (create-file pool {:id (uuid/next)
-                             :name (str "Cloned file: " filename)
-                             :project-id project-id
-                             :profile-id profile-id
-                             :data data})
-          (yrs/response 201 "OK CREATED"))
+              project-id (:default-project-id profile)]
+
+          (db/run! pool (fn [{:keys [::db/conn]}]
+                          (create-file conn {:id file-id
+                                             :name (str "Cloned file: " filename)
+                                             :project-id project-id
+                                             :profile-id profile-id})
+                          (db/update! conn :file
+                                      {:data data}
+                                      {:id file-id})
+                          {::rres/status 201
+                           ::rres/body "OK CREATED"})))
 
         :else
         (prepare-response (blob/decode data))))))
@@ -130,35 +122,41 @@
   [{:keys [::db/pool]} {:keys [::session/profile-id params] :as request}]
   (let [profile    (profile/get-profile pool profile-id)
         project-id (:default-project-id profile)
-        data       (some-> params :file :path io/read-as-bytes blob/decode)]
+        data       (some-> params :file :path io/read-as-bytes)]
 
     (if (and data project-id)
-      (let [fname      (str "Imported file *: " (dt/now))
-            overwrite? (contains? params :overwrite?)
-            file-id    (or (and overwrite? (ex/ignoring (-> params :file :filename parse-uuid)))
-                           (uuid/next))]
+      (let [fname     (str "Imported file *: " (dt/now))
+            reuse-id? (contains? params :reuseid)
+            file-id   (or (and reuse-id? (ex/ignoring (-> params :file :filename parse-uuid)))
+                          (uuid/next))]
 
-        (if (and overwrite? file-id
+        (if (and reuse-id? file-id
                  (is-file-exists? pool file-id))
           (do
             (db/update! pool :file
-                        {:data (blob/encode data)}
+                        {:data data
+                         :deleted-at nil}
                         {:id file-id})
-            (yrs/response 200 "OK UPDATED"))
+            {::rres/status 200
+             ::rres/body "OK UPDATED"})
 
-          (do
-            (create-file pool {:id file-id
-                               :name fname
-                               :project-id project-id
-                               :profile-id profile-id
-                               :data data})
-            (yrs/response 201 "OK CREATED"))))
+          (db/run! pool (fn [{:keys [::db/conn]}]
+                          (create-file conn {:id file-id
+                                             :name fname
+                                             :project-id project-id
+                                             :profile-id profile-id})
+                          (db/update! conn :file
+                                      {:data data}
+                                      {:id file-id})
+                          {::rres/status 201
+                           ::rres/body "OK CREATED"}))))
 
-      (yrs/response 500 "ERROR"))))
+      {::rres/status 500
+       ::rres/body "ERROR"})))
 
 (defn file-data-handler
   [cfg request]
-  (case (yrq/method request)
+  (case (rreq/method request)
     :get (retrieve-file-data cfg request)
     :post (upload-file-data cfg request)
     (ex/raise :type :http
@@ -166,10 +164,6 @@
 
 (defn file-changes-handler
   [{:keys [::db/pool]} {:keys [params] :as request}]
-  (when-not (authorized? pool request)
-    (ex/raise :type :authentication
-              :code :only-admins-allowed))
-
   (letfn [(retrieve-changes [file-id revn]
             (if (str/includes? revn ":")
               (let [[start end] (->> (str/split revn #":")
@@ -232,41 +226,40 @@
             (-> (io/resource "app/templates/error-report.v2.tmpl")
                 (tmpl/render report)))
 
-          ]
-
-    (when-not (authorized? pool request)
-      (ex/raise :type :authentication
-                :code :only-admins-allowed))
+          (render-template-v3 [{:keys [content id created-at]}]
+            (-> (io/resource "app/templates/error-report.v3.tmpl")
+                (tmpl/render (-> content
+                                 (assoc :id id)
+                                 (assoc :created-at (dt/format-instant created-at :rfc1123))))))]
 
     (if-let [report (get-report request)]
-      (let [result (if (= 1 (:version report))
-                     (render-template-v1 report)
-                     (render-template-v2 report))]
-        (yrs/response :status 200
-                      :body result
-                      :headers {"content-type" "text/html; charset=utf-8"
-                                "x-robots-tag" "noindex"}))
-      (yrs/response 404 "not found"))))
+      (let [result (case (:version report)
+                     1 (render-template-v1 report)
+                     2 (render-template-v2 report)
+                     3 (render-template-v3 report))]
+        {::rres/status 200
+         ::rres/body result
+         ::rres/headers {"content-type" "text/html; charset=utf-8"
+                         "x-robots-tag" "noindex"}})
+      {::rres/status 404
+       ::rres/body "not found"})))
 
 (def sql:error-reports
   "SELECT id, created_at,
           content->>'~:hint' AS hint
      FROM server_error_report
     ORDER BY created_at DESC
-    LIMIT 100")
+    LIMIT 200")
 
 (defn error-list-handler
-  [{:keys [::db/pool]} request]
-  (when-not (authorized? pool request)
-    (ex/raise :type :authentication
-              :code :only-admins-allowed))
+  [{:keys [::db/pool]} _request]
   (let [items (->> (db/exec! pool [sql:error-reports])
                    (map #(update % :created-at dt/format-instant :rfc1123)))]
-    (yrs/response :status 200
-                  :body (-> (io/resource "app/templates/error-list.tmpl")
-                            (tmpl/render {:items items}))
-                  :headers {"content-type" "text/html; charset=utf-8"
-                            "x-robots-tag" "noindex"})))
+    {::rres/status 200
+     ::rres/body (-> (io/resource "app/templates/error-list.tmpl")
+                     (tmpl/render {:items items}))
+     ::rres/headers {"content-type" "text/html; charset=utf-8"
+                     "x-robots-tag" "noindex"}}))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; EXPORT/IMPORT
@@ -302,16 +295,15 @@
                   ::binf/profile-id profile-id
                   ::binf/project-id project-id))
 
-          (yrs/response
-           :status  200
-           :headers {"content-type" "text/plain"}
-           :body    "OK CLONED"))
+          {::rres/status  200
+           ::rres/headers {"content-type" "text/plain"}
+           ::rres/body    "OK CLONED"})
+
+        {::rres/status  200
+         ::rres/body    (io/input-stream path)
+         ::rres/headers {"content-type" "application/octet-stream"
+                         "content-disposition" (str "attachmen; filename=" (first file-ids) ".penpot")}}))))
 
-        (yrs/response
-         :status  200
-         :headers {"content-type" "application/octet-stream"
-                   "content-disposition" (str "attachmen; filename=" (first file-ids) ".penpot")}
-         :body    (io/input-stream path))))))
 
 
 (defn import-handler
@@ -341,10 +333,96 @@
             ::binf/profile-id profile-id
             ::binf/project-id project-id))
 
-    (yrs/response
-     :status  200
-     :headers {"content-type" "text/plain"}
-     :body    "OK")))
+    {::rres/status  200
+     ::rres/headers {"content-type" "text/plain"}
+     ::rres/body    "OK"}))
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; ACTIONS
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(defn- resend-email-notification
+  [{:keys [::db/pool ::main/props] :as cfg} {:keys [params] :as request}]
+
+  (when-not (contains? params :force)
+    (ex/raise :type :validation
+              :code :missing-force
+              :hint "missing force checkbox"))
+
+  (let [profile  (some->> params :email (profile/get-profile-by-email pool))]
+
+    (when-not profile
+      (ex/raise :type :validation
+                :code :missing-profile
+                :hint "unable to find profile by email"))
+
+    (cond
+      (contains? params :block)
+      (do
+        (db/update! pool :profile {:is-blocked true} {:id (:id profile)})
+        (db/delete! pool :http-session {:profile-id (:id profile)})
+
+        {::rres/status  200
+         ::rres/headers {"content-type" "text/plain"}
+         ::rres/body    (str/ffmt "PROFILE '%' BLOCKED" (:email profile))})
+
+      (contains? params :unblock)
+      (do
+        (db/update! pool :profile {:is-blocked false} {:id (:id profile)})
+        {::rres/status  200
+         ::rres/headers {"content-type" "text/plain"}
+         ::rres/body    (str/ffmt "PROFILE '%' UNBLOCKED" (:email profile))})
+
+      (contains? params :resend)
+      (if (:is-blocked profile)
+        {::rres/status  200
+         ::rres/headers {"content-type" "text/plain"}
+         ::rres/body    "PROFILE ALREADY BLOCKED"}
+        (do
+          (auth/send-email-verification! pool props profile)
+          {::rres/status  200
+           ::rres/headers {"content-type" "text/plain"}
+           ::rres/body    (str/ffmt "RESENDED FOR '%'" (:email profile))}))
+
+      :else
+      (do
+        (db/update! pool :profile {:is-active true} {:id (:id profile)})
+        {::rres/status  200
+         ::rres/headers {"content-type" "text/plain"}
+         ::rres/body    (str/ffmt "PROFILE '%' ACTIVATED" (:email profile))}))))
+
+
+(defn- reset-file-data-version
+  [cfg {:keys [params] :as request}]
+  (let [file-id (some-> params :file-id d/parse-uuid)
+        version (some-> params :version d/parse-integer)]
+
+    (when-not (contains? params :force)
+      (ex/raise :type :validation
+                :code :missing-force
+                :hint "missing force checkbox"))
+
+    (when (nil? file-id)
+      (ex/raise :type :validation
+                :code :invalid-file-id
+                :hint "provided invalid file id"))
+
+    (when (nil? version)
+      (ex/raise :type :validation
+                :code :invalid-version
+                :hint "provided invalid version"))
+
+    (srepl/update-file! cfg
+                        :id file-id
+                        :update-fn (fn [file]
+                                     (update file :data assoc :version version))
+                        :migrate? false
+                        :inc-revn? false
+                        :save? true)
+    {::rres/status  200
+     ::rres/headers {"content-type" "text/plain"}
+     ::rres/body    "OK"}))
+
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; OTHER SMALL VIEWS/HANDLERS
@@ -355,11 +433,13 @@
   [{:keys [::db/pool]} _]
   (try
     (db/exec-one! pool ["select count(*) as count from server_prop;"])
-    (yrs/response 200 "OK")
+    {::rres/status 200
+     ::rres/body "OK"}
     (catch Throwable cause
       (l/warn :hint "unable to execute query on health handler"
               :cause cause)
-      (yrs/response 503 "KO"))))
+      {::rres/status 503
+       ::rres/body "KO"})))
 
 (defn changelog-handler
   [_ _]
@@ -368,47 +448,51 @@
           (md->html [text]
             (md/md-to-html-string text :replacement-transformers (into [transform-emoji] mdt/transformer-vector)))]
     (if-let [clog (io/resource "changelog.md")]
-      (yrs/response :status 200
-                    :headers {"content-type" "text/html; charset=utf-8"}
-                    :body (-> clog slurp md->html))
-      (yrs/response :status 404 :body "NOT FOUND"))))
+      {::rres/status 200
+       ::rres/headers {"content-type" "text/html; charset=utf-8"}
+       ::rres/body (-> clog slurp md->html)}
+      {::rres/status 404
+       ::rres/body "NOT FOUND"})))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; INIT
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
+(defn authorized?
+  [pool {:keys [::session/profile-id]}]
+  (or (= "devenv" (cf/get :host))
+      (let [profile (ex/ignoring (profile/get-profile pool profile-id))
+            admins  (or (cf/get :admins) #{})]
+        (contains? admins (:email profile)))))
+
 (def with-authorization
   {:compile
    (fn [& _]
      (fn [handler pool]
-       (fn [request respond raise]
+       (fn [request]
          (if (authorized? pool request)
-           (handler request respond raise)
-           (raise (ex/error :type :authentication
-                            :code :only-admins-allowed))))))})
+           (handler request)
+           (ex/raise :type :authentication
+                     :code :only-admins-allowed)))))})
 
 (defmethod ig/pre-init-spec ::routes [_]
-  (s/keys :req [::db/pool
-                ::wrk/executor
-                ::sto/storage
-                ::session/manager]))
+  (s/keys :req [::db/pool ::session/manager]))
 
 (defmethod ig/init-key ::routes
-  [_ {:keys [::db/pool ::wrk/executor] :as cfg}]
-  [["/readyz" {:middleware [[mw/with-dispatch executor]
-                            [mw/with-config cfg]]
-               :handler health-handler}]
+  [_ {:keys [::db/pool] :as cfg}]
+  [["/readyz" {:handler (partial health-handler cfg)}]
    ["/dbg" {:middleware [[session/authz cfg]
-                         [with-authorization pool]
-                         [mw/with-dispatch executor]
-                         [mw/with-config cfg]]}
-    ["" {:handler index-handler}]
-    ["/health" {:handler health-handler}]
-    ["/changelog" {:handler changelog-handler}]
-    ;; ["/error-by-id/:id" {:handler error-handler}]
-    ["/error/:id" {:handler error-handler}]
-    ["/error" {:handler error-list-handler}]
-    ["/file/export" {:handler export-handler}]
-    ["/file/import" {:handler import-handler}]
-    ["/file/data" {:handler file-data-handler}]
-    ["/file/changes" {:handler file-changes-handler}]]])
+                         [with-authorization pool]]}
+    ["" {:handler (partial index-handler cfg)}]
+    ["/health" {:handler (partial health-handler cfg)}]
+    ["/changelog" {:handler (partial changelog-handler cfg)}]
+    ["/error/:id" {:handler (partial error-handler cfg)}]
+    ["/error" {:handler (partial error-list-handler cfg)}]
+    ["/actions/resend-email-verification"
+     {:handler (partial resend-email-notification cfg)}]
+    ["/actions/reset-file-data-version"
+     {:handler (partial reset-file-data-version cfg)}]
+    ["/file/export" {:handler (partial export-handler cfg)}]
+    ["/file/import" {:handler (partial import-handler cfg)}]
+    ["/file/data" {:handler (partial file-data-handler cfg)}]
+    ["/file/changes" {:handler (partial file-changes-handler cfg)}]]])

backend/src/app/http/errors.clj

@@ -9,19 +9,21 @@
   (:require
    [app.common.exceptions :as ex]
    [app.common.logging :as l]
+   [app.common.schema :as-alias sm]
+   [app.config :as cf]
    [app.http :as-alias http]
    [app.http.access-token :as-alias actoken]
    [app.http.session :as-alias session]
    [clojure.spec.alpha :as s]
    [cuerdas.core :as str]
-   [yetti.request :as yrq]
-   [yetti.response :as yrs]))
+   [ring.request :as rreq]
+   [ring.response :as rres]))
 
 (defn- parse-client-ip
   [request]
-  (or (some-> (yrq/get-header request "x-forwarded-for") (str/split ",") first)
-      (yrq/get-header request "x-real-ip")
-      (yrq/remote-addr request)))
+  (or (some-> (rreq/get-header request "x-forwarded-for") (str/split ",") first)
+      (rreq/get-header request "x-real-ip")
+      (rreq/remote-addr request)))
 
 (defn request->context
   "Extracts error report relevant context data from request."
@@ -29,141 +31,209 @@
   (let [claims (-> {}
                    (into (::session/token-claims request))
                    (into (::actoken/token-claims request)))]
-    {:path       (:path request)
-     :method     (:method request)
-     :params     (:params request)
-     :ip-addr    (parse-client-ip request)
-     :user-agent (yrq/get-header request "user-agent")
-     :profile-id (:uid claims)
-     :version    (or (yrq/get-header request "x-frontend-version")
-                     "unknown")}))
+    {:request/path       (:path request)
+     :request/method     (:method request)
+     :request/params     (:params request)
+     :request/user-agent (rreq/get-header request "user-agent")
+     :request/ip-addr    (parse-client-ip request)
+     :request/profile-id (:uid claims)
+     :version/frontend   (or (rreq/get-header request "x-frontend-version") "unknown")
+     :version/backend    (:full cf/version)}))
+
+(defmulti handle-error
+  (fn [cause _ _]
+    (-> cause ex-data :type)))
 
 (defmulti handle-exception
-  (fn [err & _rest]
-    (let [edata (ex-data err)]
-      (or (:type edata)
-          (class err)))))
+  (fn [cause _ _]
+    (class cause)))
 
-(defmethod handle-exception :authentication
-  [err _]
-  (yrs/response 401 (ex-data err)))
+(defmethod handle-error :authentication
+  [err _ _]
+  {::rres/status 401
+   ::rres/body (ex-data err)})
 
-(defmethod handle-exception :authorization
-  [err _]
-  (yrs/response 403 (ex-data err)))
+(defmethod handle-error :authorization
+  [err _ _]
+  {::rres/status 403
+   ::rres/body (ex-data err)})
 
-(defmethod handle-exception :restriction
-  [err _]
-  (yrs/response 400 (ex-data err)))
+(defmethod handle-error :restriction
+  [err _ _]
+  {::rres/status 400
+   ::rres/body (ex-data err)})
 
-(defmethod handle-exception :rate-limit
-  [err _]
+(defmethod handle-error :rate-limit
+  [err _ _]
   (let [headers (-> err ex-data ::http/headers)]
-    (yrs/response :status 429 :body "" :headers headers)))
+    {::rres/status 429
+     ::rres/headers headers}))
 
-(defmethod handle-exception :validation
-  [err _]
+(defmethod handle-error :concurrency-limit
+  [err _ _]
+  (let [headers (-> err ex-data ::http/headers)]
+    {::rres/status 429
+     ::rres/headers headers}))
+
+(defmethod handle-error :validation
+  [err request parent-cause]
   (let [{:keys [code] :as data} (ex-data err)]
     (cond
-      (= code :spec-validation)
+      (or (= code :spec-validation)
+          (= code :params-validation)
+          (= code :schema-validation)
+          (= code :data-validation))
       (let [explain (ex/explain data)]
-        (yrs/response :status 400
-                      :body   (-> data
-                                  (dissoc ::s/problems ::s/value)
-                                  (cond-> explain (assoc :explain explain)))))
+        {::rres/status 400
+         ::rres/body   (-> data
+                           (dissoc ::s/problems ::s/value ::s/spec ::sm/explain)
+                           (cond-> explain (assoc :explain explain)))})
 
       (= code :request-body-too-large)
-      (yrs/response :status 413 :body data)
+      {::rres/status 413 ::rres/body data}
 
-      :else
-      (yrs/response :status 400 :body data))))
-
-(defmethod handle-exception :assertion
-  [error request]
-  (let [edata   (ex-data error)
-        explain (ex/explain edata)]
-    (binding [l/*context* (request->context request)]
-      (l/error :hint "Assertion error" :message (ex-message error) :cause error)
-      (yrs/response :status 500
-                    :body   {:type :server-error
-                             :code :assertion
-                             :data (-> edata
-                                       (dissoc ::s/problems ::s/value ::s/spec)
-                                       (cond-> explain (assoc :explain explain)))}))))
-
-(defmethod handle-exception :not-found
-  [err _]
-  (yrs/response 404 (ex-data err)))
-
-(defmethod handle-exception :internal
-  [error request]
-  (let [{:keys [code] :as edata} (ex-data error)]
-    (cond
-      (= :concurrency-limit-reached code)
-      (yrs/response 429)
-
-      :else
+      (= code :invalid-image)
       (binding [l/*context* (request->context request)]
-        (l/error :hint "Internal error" :message (ex-message error) :cause error)
-        (yrs/response 500 {:type :server-error
-                           :code :unhandled
-                           :hint (ex-message error)
-                           :data edata})))))
+        (let [cause (or parent-cause err)]
+          (l/error :hint "unexpected error on processing image" :cause cause)
+          {::rres/status 400 ::rres/body data}))
 
-(defmethod handle-exception org.postgresql.util.PSQLException
-  [error request]
-  (let [state (.getSQLState ^java.sql.SQLException error)]
-    (binding [l/*context* (request->context request)]
-      (l/error :hint "PSQL error" :message (ex-message error) :cause error)
+      :else
+      {::rres/status 400 ::rres/body data})))
+
+(defmethod handle-error :assertion
+  [error request parent-cause]
+  (binding [l/*context* (request->context request)]
+    (let [{:keys [code] :as data} (ex-data error)
+          cause (or parent-cause error)]
       (cond
-        (= state "57014")
-        (yrs/response 504 {:type :server-error
-                           :code :statement-timeout
-                           :hint (ex-message error)})
+        (= code :data-validation)
+        (let [explain (ex/explain data)]
+          (l/error :hint "data assertion error" :cause cause)
+          {::rres/status 500
+           ::rres/body   {:type :server-error
+                          :code :assertion
+                          :data (-> data
+                                    (dissoc ::sm/explain)
+                                    (cond-> explain (assoc :explain explain)))}})
 
-        (= state "25P03")
-        (yrs/response 504 {:type :server-error
-                           :code :idle-in-transaction-timeout
-                           :hint (ex-message error)})
+        (= code :spec-validation)
+        (let [explain (ex/explain data)]
+          (l/error :hint "spec assertion error" :cause cause)
+          {::rres/status 500
+           ::rres/body   {:type :server-error
+                          :code :assertion
+                          :data (-> data
+                                    (dissoc ::s/problems ::s/value ::s/spec)
+                                    (cond-> explain (assoc :explain explain)))}})
 
         :else
-        (yrs/response 500 {:type :server-error
-                           :code :unexpected
-                           :hint (ex-message error)
-                           :state state})))))
+        (do
+          (l/error :hint "assertion error" :cause cause)
+          {::rres/status 500
+           ::rres/body   {:type :server-error
+                          :code :assertion
+                          :data data}})))))
+
+(defmethod handle-error :not-found
+  [err _ _]
+  {::rres/status 404
+   ::rres/body (ex-data err)})
+
+(defmethod handle-error :internal
+  [error request parent-cause]
+  (binding [l/*context* (request->context request)]
+    (let [cause (or parent-cause error)]
+      (l/error :hint "internal error" :cause cause)
+      {::rres/status 500
+       ::rres/body {:type :server-error
+                    :code :unhandled
+                    :hint (ex-message error)
+                    :data (ex-data error)}})))
+
+(defmethod handle-error :default
+  [error request parent-cause]
+  (let [edata (ex-data error)]
+    ;; This is a special case for the idle-in-transaction error;
+    ;; when it happens, the connection is automatically closed and
+    ;; next-jdbc combines the two errors in a single ex-info. We
+    ;; only need the :handling error, because the :rollback error
+    ;; will be always "connection closed".
+    (if (and (ex/exception? (:rollback edata))
+             (ex/exception? (:handling edata)))
+      (handle-exception (:handling edata) request error)
+      (handle-exception error request parent-cause))))
+
+(defmethod handle-exception org.postgresql.util.PSQLException
+  [error request parent-cause]
+  (let [state (.getSQLState ^java.sql.SQLException error)
+        cause (or parent-cause error)]
+    (binding [l/*context* (request->context request)]
+      (l/error :hint "PSQL error"
+               :cause cause)
+      (cond
+        (= state "57014")
+        {::rres/status 504
+         ::rres/body {:type :server-error
+                      :code :statement-timeout
+                      :hint (ex-message error)}}
+
+        (= state "25P03")
+        {::rres/status 504
+         ::rres/body {:type :server-error
+                      :code :idle-in-transaction-timeout
+                      :hint (ex-message error)}}
+
+        :else
+        {::rres/status 500
+         ::rres/body {:type :server-error
+                      :code :unexpected
+                      :hint (ex-message error)
+                      :state state}}))))
 
 (defmethod handle-exception :default
-  [error request]
-  (let [edata (ex-data error)]
+  [error request parent-cause]
+  (let [edata (ex-data error)
+        cause (or parent-cause error)]
     (cond
       ;; This means that exception is not a controlled exception.
       (nil? edata)
       (binding [l/*context* (request->context request)]
-        (l/error :hint "Unexpected error" :message (ex-message error) :cause error)
-        (yrs/response 500 {:type :server-error
-                           :code :unexpected
-                           :hint (ex-message error)}))
-
-      ;; This is a special case for the idle-in-transaction error;
-      ;; when it happens, the connection is automatically closed and
-      ;; next-jdbc combines the two errors in a single ex-info. We
-      ;; only need the :handling error, because the :rollback error
-      ;; will be always "connection closed".
-      (and (ex/exception? (:rollback edata))
-           (ex/exception? (:handling edata)))
-      (handle-exception (:handling edata) request)
+        (l/error :hint "unexpected error" :cause cause)
+        {::rres/status 500
+         ::rres/body {:type :server-error
+                      :code :unexpected
+                      :hint (ex-message error)}})
 
       :else
       (binding [l/*context* (request->context request)]
-        (l/error :hint "Unhandled error" :message (ex-message error) :cause error)
-        (yrs/response 500 {:type :server-error
-                           :code :unhandled
-                           :hint (ex-message error)
-                           :data edata})))))
+        (l/error :hint "unhandled error" :cause cause)
+        {::rres/status 500
+         ::rres/body {:type :server-error
+                      :code :unhandled
+                      :hint (ex-message error)
+                      :data edata}}))))
+
+(defmethod handle-exception java.util.concurrent.CompletionException
+  [cause request _]
+  (let [cause' (ex-cause cause)]
+    (if (ex/error? cause')
+      (handle-error cause' request cause)
+      (handle-exception cause' request cause))))
+
+(defmethod handle-exception java.util.concurrent.ExecutionException
+  [cause request _]
+  (let [cause' (ex-cause cause)]
+    (if (ex/error? cause')
+      (handle-error cause' request cause)
+      (handle-exception cause' request cause))))
 
 (defn handle
   [cause request]
-  (if (or (instance? java.util.concurrent.CompletionException cause)
-          (instance? java.util.concurrent.ExecutionException cause))
-    (handle-exception (ex-cause cause) request)
-    (handle-exception cause request)))
+  (if (ex/error? cause)
+    (handle-error cause request nil)
+    (handle-exception cause request nil)))
+
+(defn handle'
+  [cause request]
+  (::rres/body (handle cause request)))

backend/src/app/http/middleware.clj

@@ -12,18 +12,20 @@
    [app.config :as cf]
    [app.util.json :as json]
    [cuerdas.core :as str]
-   [promesa.core :as p]
-   [promesa.exec :as px]
+   [ring.request :as rreq]
+   [ring.response :as rres]
    [yetti.adapter :as yt]
-   [yetti.middleware :as ymw]
-   [yetti.request :as yrq]
-   [yetti.response :as yrs])
+   [yetti.middleware :as ymw])
   (:import
    com.fasterxml.jackson.core.JsonParseException
    com.fasterxml.jackson.core.io.JsonEOFException
+   com.fasterxml.jackson.databind.exc.MismatchedInputException
    io.undertow.server.RequestTooBigException
+   java.io.InputStream
    java.io.OutputStream))
 
+(set! *warn-on-reflection* true)
+
 (def server-timing
   {:name ::server-timing
    :compile (constantly ymw/wrap-server-timing)})
@@ -41,17 +43,17 @@
 (defn wrap-parse-request
   [handler]
   (letfn [(process-request [request]
-            (let [header (yrq/get-header request "content-type")]
+            (let [header (rreq/get-header request "content-type")]
               (cond
                 (str/starts-with? header "application/transit+json")
-                (with-open [is (yrq/body request)]
+                (with-open [^InputStream is (rreq/body request)]
                   (let [params (t/read! (t/reader is))]
                     (-> request
                         (assoc :body-params params)
                         (update :params merge params))))
 
                 (str/starts-with? header "application/json")
-                (with-open [is (yrq/body request)]
+                (with-open [^InputStream is (rreq/body request)]
                   (let [params (json/decode is json-mapper)]
                     (-> request
                         (assoc :body-params params)
@@ -60,30 +62,36 @@
                 :else
                 request)))
 
-          (handle-error [raise cause]
+          (handle-error [cause]
             (cond
-              (instance? RequestTooBigException cause)
-              (raise (ex/error :type :validation
-                               :code :request-body-too-large
-                               :hint (ex-message cause)))
+              (instance? RuntimeException cause)
+              (if-let [cause (ex-cause cause)]
+                (handle-error cause)
+                (throw cause))
 
+              (instance? RequestTooBigException cause)
+              (ex/raise :type :validation
+                        :code :request-body-too-large
+                        :hint (ex-message cause))
 
               (or (instance? JsonEOFException cause)
-                  (instance? JsonParseException cause))
-              (raise (ex/error :type :validation
-                               :code :malformed-json
-                               :hint (ex-message cause)
-                               :cause cause))
-              :else
-              (raise cause)))]
+                  (instance? JsonParseException cause)
+                  (instance? MismatchedInputException cause))
+              (ex/raise :type :validation
+                        :code :malformed-json
+                        :hint (ex-message cause)
+                        :cause cause)
 
-    (fn [request respond raise]
-      (let [request (ex/try! (process-request request))]
-        (if (ex/exception? request)
-          (if (ex/runtime-exception? request)
-            (handle-error raise (or (ex-cause request) request))
-            (handle-error raise request))
-          (handler request respond raise))))))
+              :else
+              (throw cause)))]
+
+    (fn [request]
+      (if (= (rreq/method request) :post)
+        (let [request (ex/try! (process-request request))]
+          (if (ex/exception? request)
+            (handle-error request)
+            (handler request)))
+        (handler request)))))
 
 (def parse-request
   {:name ::parse-request
@@ -94,74 +102,70 @@
   needed because transit-java calls flush very aggresivelly on each
   object write."
   [^java.io.OutputStream os ^long chunk-size]
-  (proxy [java.io.BufferedOutputStream] [os (int chunk-size)]
-    ;; Explicitly do not forward flush
-    (flush [])
-    (close []
-      (proxy-super flush)
-      (proxy-super close))))
+  (yetti.util.BufferedOutputStream. os (int chunk-size)))
 
 (def ^:const buffer-size (:xnio/buffer-size yt/defaults))
 
 (defn wrap-format-response
   [handler]
   (letfn [(transit-streamable-body [data opts]
-            (reify yrs/StreamableResponseBody
+            (reify rres/StreamableResponseBody
               (-write-body-to-stream [_ _ output-stream]
                 (try
-                  (with-open [bos (buffered-output-stream output-stream buffer-size)]
+                  (with-open [^OutputStream bos (buffered-output-stream output-stream buffer-size)]
                     (let [tw (t/writer bos opts)]
                       (t/write! tw data)))
-
-                  (catch java.io.IOException _cause
-                    ;; Do nothing, EOF means client closes connection abruptly
-                    nil)
+                  (catch java.io.IOException _)
                   (catch Throwable cause
-                    (l/warn :hint "unexpected error on encoding response"
-                            :cause cause))
+                    (binding [l/*context* {:value data}]
+                      (l/error :hint "unexpected error on encoding response"
+                               :cause cause)))
                   (finally
                     (.close ^OutputStream output-stream))))))
 
           (json-streamable-body [data]
-            (reify yrs/StreamableResponseBody
+            (reify rres/StreamableResponseBody
               (-write-body-to-stream [_ _ output-stream]
                 (try
-
-                  (with-open [bos (buffered-output-stream output-stream buffer-size)]
+                  (with-open [^OutputStream bos (buffered-output-stream output-stream buffer-size)]
                     (json/write! bos data json-mapper))
 
-                  (catch java.io.IOException _cause
-                    ;; Do nothing, EOF means client closes connection abruptly
-                    nil)
+                  (catch java.io.IOException _)
                   (catch Throwable cause
-                    (l/warn :hint "unexpected error on encoding response"
-                            :cause cause))
+                    (binding [l/*context* {:value data}]
+                      (l/error :hint "unexpected error on encoding response"
+                               :cause cause)))
                   (finally
                     (.close ^OutputStream output-stream))))))
 
           (format-response-with-json [response _]
-            (let [body (yrs/body response)]
+            (let [body (::rres/body response)]
               (if (or (boolean? body) (coll? body))
                 (-> response
-                    (update :headers assoc "content-type" "application/json")
-                    (assoc :body (json-streamable-body body)))
+                    (update ::rres/headers assoc "content-type" "application/json")
+                    (assoc ::rres/body (json-streamable-body body)))
                 response)))
 
           (format-response-with-transit [response request]
-            (let [body (yrs/body response)]
+            (let [body (::rres/body response)]
               (if (or (boolean? body) (coll? body))
-                (let [qs   (yrq/query request)
+                (let [qs   (rreq/query request)
                       opts (if (or (contains? cf/flags :transit-readable-response)
                                    (str/includes? qs "transit_verbose"))
                              {:type :json-verbose}
                              {:type :json})]
                   (-> response
-                      (update :headers assoc "content-type" "application/transit+json")
-                      (assoc :body (transit-streamable-body body opts))))
+                      (update ::rres/headers assoc "content-type" "application/transit+json")
+                      (assoc ::rres/body (transit-streamable-body body opts))))
                 response)))
 
+          (format-from-params [{:keys [query-params] :as request}]
+            (and (= "json" (get query-params :_fmt))
+                 "application/json"))
+
           (format-response [response request]
-            (let [accept (yrq/get-header request "accept")]
+            (let [accept (or (format-from-params request)
+                             (rreq/get-header request "accept"))]
               (cond
                 (or (= accept "application/transit+json")
                     (str/includes? accept "application/transit+json"))
@@ -178,12 +182,9 @@
             (cond-> response
               (map? response) (format-response request)))]
 
-    (fn [request respond raise]
-      (handler request
-               (fn [response]
-                 (let [response (process-response response request)]
-                   (respond response)))
-               raise))))
+    (fn [request]
+      (let [response (handler request)]
+        (process-response response request)))))
 
 (def format-response
   {:name ::format-response
@@ -191,74 +192,48 @@
 
 (defn wrap-errors
   [handler on-error]
-  (fn [request respond _]
-    (handler request respond (fn [cause]
-                               (-> cause (on-error request) respond)))))
+  (fn [request]
+    (try
+      (handler request)
+      (catch Throwable cause
+        (on-error cause request)))))
 
 (def errors
   {:name ::errors
    :compile (constantly wrap-errors)})
 
+(defn- with-cors-headers
+  [headers origin]
+  (-> headers
+      (assoc "access-control-allow-origin" origin)
+      (assoc "access-control-allow-methods" "GET,POST,DELETE,OPTIONS,PUT,HEAD,PATCH")
+      (assoc "access-control-allow-credentials" "true")
+      (assoc "access-control-expose-headers" "x-requested-with, content-type, cookie")
+      (assoc "access-control-allow-headers" "x-frontend-version, content-type, accept, x-requested-width")))
+
 (defn wrap-cors
   [handler]
-  (if-not (contains? cf/flags :cors)
-    handler
-    (letfn [(add-headers [headers request]
-              (let [origin (yrq/get-header request "origin")]
-                (-> headers
-                    (assoc "access-control-allow-origin" origin)
-                    (assoc "access-control-allow-methods" "GET,POST,DELETE,OPTIONS,PUT,HEAD,PATCH")
-                    (assoc "access-control-allow-credentials" "true")
-                    (assoc "access-control-expose-headers" "x-requested-with, content-type, cookie")
-                    (assoc "access-control-allow-headers" "x-frontend-version, content-type, accept, x-requested-width"))))
-
-            (update-response [response request]
-              (update response :headers add-headers request))]
-
-      (fn [request respond raise]
-        (if (= (yrq/method request) :options)
-          (-> (yrs/response 200)
-              (update-response request)
-              (respond))
-          (handler request
-                   (fn [response]
-                     (respond (update-response response request)))
-                   raise))))))
+  (fn [request]
+    (let [response (if (= (rreq/method request) :options)
+                     {::rres/status 200}
+                     (handler request))
+          origin   (rreq/get-header request "origin")]
+      (update response ::rres/headers with-cors-headers origin))))
 
 (def cors
   {:name ::cors
-   :compile (constantly wrap-cors)})
-
-(defn compile-restrict-methods
-  [data _]
-  (when-let [allowed (:allowed-methods data)]
-    (fn [handler]
-      (fn [request respond raise]
-        (let [method (yrq/method request)]
-          (if (contains? allowed method)
-            (handler request respond raise)
-            (respond (yrs/response 405))))))))
+   :compile (fn [& _]
+              (when (contains? cf/flags :cors)
+                wrap-cors))})
 
 (def restrict-methods
   {:name ::restrict-methods
-   :compile compile-restrict-methods})
-
-(def with-dispatch
-  {:name ::with-dispatch
    :compile
-   (fn [& _]
-     (fn [handler executor]
-       (fn [request respond raise]
-         (-> (px/submit! executor #(handler request))
-             (p/bind p/wrap)
-             (p/then respond)
-             (p/catch raise)))))})
-
-(def with-config
-  {:name ::with-config
-   :compile
-   (fn [& _]
-     (fn [handler config]
-       (fn
-         ([request] (handler config request))
-         ([request respond raise] (handler config request respond raise)))))})
+   (fn [data _]
+     (when-let [allowed (:allowed-methods data)]
+       (fn [handler]
+         (fn [request]
+           (let [method (rreq/method request)]
+             (if (contains? allowed method)
+               (handler request)
+               {::rres/status 405}))))))})

backend/src/app/http/session.clj

@@ -8,7 +8,6 @@
   (:refer-clojure :exclude [read])
   (:require
    [app.common.data :as d]
-   [app.common.exceptions :as ex]
    [app.common.logging :as l]
    [app.common.spec :as us]
    [app.config :as cf]
@@ -18,12 +17,10 @@
    [app.main :as-alias main]
    [app.tokens :as tokens]
    [app.util.time :as dt]
-   [app.worker :as wrk]
    [clojure.spec.alpha :as s]
    [cuerdas.core :as str]
    [integrant.core :as ig]
-   [promesa.core :as p]
-   [promesa.exec :as px]
+   [ring.request :as rreq]
    [yetti.request :as yrq]))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -76,69 +73,56 @@
    :id key})
 
 (defn- database-manager
-  [{:keys [::db/pool ::wrk/executor ::main/props]}]
-  ^{::wrk/executor executor
-    ::db/pool pool
-    ::main/props props}
+  [pool]
   (reify ISessionManager
     (read [_ token]
-      (px/with-dispatch executor
-        (db/exec-one! pool (sql/select :http-session {:id token}))))
+      (db/exec-one! pool (sql/select :http-session {:id token})))
 
     (write! [_ key params]
-      (px/with-dispatch executor
-        (let [params (prepare-session-params key params)]
-          (db/insert! pool :http-session params)
-          params)))
+      (let [params (prepare-session-params key params)]
+        (db/insert! pool :http-session params)
+        params))
 
     (update! [_ params]
       (let [updated-at (dt/now)]
-        (px/with-dispatch executor
-          (db/update! pool :http-session
-                      {:updated-at updated-at}
-                      {:id (:id params)})
-          (assoc params :updated-at updated-at))))
+        (db/update! pool :http-session
+                    {:updated-at updated-at}
+                    {:id (:id params)})
+        (assoc params :updated-at updated-at)))
 
     (delete! [_ token]
-      (px/with-dispatch executor
-        (db/delete! pool :http-session {:id token})
-        nil))))
+      (db/delete! pool :http-session {:id token})
+      nil)))
 
 (defn inmemory-manager
-  [{:keys [::db/pool ::wrk/executor ::main/props]}]
+  []
   (let [cache (atom {})]
-    ^{::main/props props
-      ::wrk/executor executor
-      ::db/pool pool}
     (reify ISessionManager
       (read [_ token]
-        (p/do (get @cache token)))
+        (get @cache token))
 
       (write! [_ key params]
-        (p/do
-          (let [params (prepare-session-params key params)]
-            (swap! cache assoc key params)
-            params)))
+        (let [params (prepare-session-params key params)]
+          (swap! cache assoc key params)
+          params))
 
       (update! [_ params]
-        (p/do
-          (let [updated-at (dt/now)]
-            (swap! cache update (:id params) assoc :updated-at updated-at)
-            (assoc params :updated-at updated-at))))
+        (let [updated-at (dt/now)]
+          (swap! cache update (:id params) assoc :updated-at updated-at)
+          (assoc params :updated-at updated-at)))
 
       (delete! [_ token]
-        (p/do
-          (swap! cache dissoc token)
-          nil)))))
+        (swap! cache dissoc token)
+        nil))))
 
 (defmethod ig/pre-init-spec ::manager [_]
-  (s/keys :req [::db/pool ::wrk/executor ::main/props]))
+  (s/keys :req [::db/pool]))
 
 (defmethod ig/init-key ::manager
-  [_ {:keys [::db/pool] :as cfg}]
+  [_ {:keys [::db/pool]}]
   (if (db/read-only? pool)
-    (inmemory-manager cfg)
-    (database-manager cfg)))
+    (inmemory-manager)
+    (database-manager pool)))
 
 (defmethod ig/halt-key! ::manager
   [_ _])
@@ -154,40 +138,35 @@
 (declare ^:private gen-token)
 
 (defn create-fn
-  [{:keys [::manager]} profile-id]
+  [{:keys [::manager ::main/props]} profile-id]
   (us/assert! ::manager manager)
   (us/assert! ::us/uuid profile-id)
 
-  (let [props (-> manager meta ::main/props)]
-    (fn [request response]
-      (let [uagent (yrq/get-header request "user-agent")
-            params {:profile-id profile-id
-                    :user-agent uagent
-                    :created-at (dt/now)}
-            token  (gen-token props params)]
+  (fn [request response]
+    (let [uagent  (rreq/get-header request "user-agent")
+          params  {:profile-id profile-id
+                   :user-agent uagent
+                   :created-at (dt/now)}
+          token   (gen-token props params)
+          session (write! manager token params)]
+      (l/trace :hint "create" :profile-id (str profile-id))
+      (-> response
+          (assign-auth-token-cookie session)
+          (assign-authenticated-cookie session)))))
 
-        (->> (write! manager token params)
-             (p/fmap (fn [session]
-                       (l/trace :hint "create" :profile-id (str profile-id))
-                       (-> response
-                           (assign-auth-token-cookie session)
-                           (assign-authenticated-cookie session)))))))))
 (defn delete-fn
   [{:keys [::manager]}]
   (us/assert! ::manager manager)
-  (letfn [(delete [{:keys [profile-id] :as request}]
-            (let [cname   (cf/get :auth-token-cookie-name default-auth-token-cookie-name)
-                  cookie  (yrq/get-cookie request cname)]
-              (l/trace :hint "delete" :profile-id profile-id)
-              (some->> (:value cookie) (delete! manager))))]
-    (fn [request response]
-      (p/do
-        (delete request)
-        (-> response
-            (assoc :status 204)
-            (assoc :body nil)
-            (clear-auth-token-cookie)
-            (clear-authenticated-cookie))))))
+  (fn [request response]
+    (let [cname   (cf/get :auth-token-cookie-name default-auth-token-cookie-name)
+          cookie  (yrq/get-cookie request cname)]
+      (l/trace :hint "delete" :profile-id (:profile-id request))
+      (some->> (:value cookie) (delete! manager))
+      (-> response
+          (assoc :status 204)
+          (assoc :body nil)
+          (clear-auth-token-cookie)
+          (clear-authenticated-cookie)))))
 
 (defn- gen-token
   [props {:keys [profile-id created-at]}]
@@ -216,58 +195,41 @@
        (let [elapsed (dt/diff updated-at (dt/now))]
          (neg? (compare default-renewal-max-age elapsed)))))
 
-(defn- wrap-reneval
-  [respond manager session]
-  (fn [response]
-    (p/let [session (update! manager session)]
-      (-> response
-          (assign-auth-token-cookie session)
-          (assign-authenticated-cookie session)
-          (respond)))))
-
 (defn- wrap-soft-auth
-  [handler {:keys [::manager]}]
+  [handler {:keys [::manager ::main/props]}]
   (us/assert! ::manager manager)
+  (letfn [(handle-request [request]
+            (try
+              (let [token  (get-token request)
+                    claims (decode-token props token)]
+                (cond-> request
+                  (map? claims)
+                  (-> (assoc ::token-claims claims)
+                      (assoc ::token token))))
+              (catch Throwable cause
+                (l/trace :hint "exception on decoding malformed token" :cause cause)
+                request)))]
 
-  (let [{:keys [::wrk/executor ::main/props]} (meta manager)]
-    (fn [request respond raise]
-      (let [token (ex/try! (get-token request))]
-        (if (ex/exception? token)
-          (raise token)
-          (->> (px/submit! executor (partial decode-token props token))
-               (p/fnly (fn [claims cause]
-                         (when cause
-                           (l/trace :hint "exception on decoding malformed token" :cause cause))
-                         (let [request (cond-> request
-                                         (map? claims)
-                                         (-> (assoc ::token-claims claims)
-                                             (assoc ::token token)))]
-                           (handler request respond raise))))))))))
+    (fn [request]
+      (handler (handle-request request)))))
 
 (defn- wrap-authz
   [handler {:keys [::manager]}]
   (us/assert! ::manager manager)
-  (fn [request respond raise]
-    (if-let [token (::token request)]
-      (->> (get-session manager token)
-           (p/fnly (fn [session cause]
-                     (cond
-                       (some? cause)
-                       (raise cause)
+  (fn [request]
+    (let [session  (get-session manager (::token request))
+          request  (cond-> request
+                     (some? session)
+                     (assoc ::profile-id (:profile-id session)
+                            ::id (:id session)))
+          response (handler request)]
 
-                       (nil? session)
-                       (handler request respond raise)
-
-                       :else
-                       (let [request (-> request
-                                         (assoc ::profile-id (:profile-id session))
-                                         (assoc ::id (:id session)))
-                             respond (cond-> respond
-                                       (renew-session? session)
-                                       (wrap-reneval manager session))]
-                         (handler request respond raise))))))
-
-      (handler request respond raise))))
+      (if (renew-session? session)
+        (let [session (update! manager session)]
+          (-> response
+              (assign-auth-token-cookie session)
+              (assign-authenticated-cookie session)))
+        response))))
 
 (def soft-auth
   {:name ::soft-auth

backend/src/app/http/sse.clj

@@ -0,0 +1,86 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.http.sse
+  "SSE (server sent events) helpers"
+  (:refer-clojure :exclude [tap])
+  (:require
+   [app.common.data :as d]
+   [app.common.exceptions :as ex]
+   [app.common.logging :as l]
+   [app.common.transit :as t]
+   [app.http.errors :as errors]
+   [promesa.core :as p]
+   [promesa.exec :as px]
+   [promesa.exec.csp :as sp]
+   [promesa.util :as pu]
+   [ring.response :as rres])
+  (:import
+   java.io.OutputStream))
+
+(def ^:dynamic *channel* nil)
+
+(defn- write!
+  [^OutputStream output ^bytes  data]
+  (l/trc :hint "writting data" :data data :length (alength data))
+  (.write output data)
+  (.flush output))
+
+(defn- create-writer-loop
+  [^OutputStream output]
+  (try
+    (loop []
+      (when-let [event (sp/take! *channel*)]
+        (let [result (ex/try! (write! output event))]
+          (if (ex/exception? result)
+            (l/wrn :hint "unexpected exception on sse writer" :cause result)
+            (recur)))))
+    (finally
+      (pu/close! output))))
+
+(defn- encode
+  [[name data]]
+  (try
+    (let [data (with-out-str
+                 (println "event:" (d/name name))
+                 (println "data:" (t/encode-str data {:type :json-verbose}))
+                 (println))]
+      (.getBytes data "UTF-8"))
+    (catch Throwable cause
+      (l/err :hint "unexpected error on encoding value on sse stream"
+             :cause cause)
+      nil)))
+
+;; ---- PUBLIC API
+
+(def default-headers
+  {"Content-Type" "text/event-stream;charset=UTF-8"
+   "Cache-Control" "no-cache, no-store, max-age=0, must-revalidate"
+   "Pragma" "no-cache"})
+
+(defn tap
+  ([data] (tap "event" data))
+  ([name data]
+   (when-let [channel *channel*]
+     (sp/put! channel [name data])
+     nil)))
+
+(defn response
+  [handler & {:keys [buf] :or {buf 32} :as opts}]
+  (fn [request]
+    {::rres/headers default-headers
+     ::rres/status 200
+     ::rres/body (reify rres/StreamableResponseBody
+                   (-write-body-to-stream [_ _ output]
+                     (binding [*channel* (sp/chan :buf buf :xf (keep encode))]
+                       (let [writer (px/run! :virtual (partial create-writer-loop output))]
+                         (try
+                           (tap "end" (handler))
+                           (catch Throwable cause
+                             (tap "error" (errors/handle' cause request)))
+                           (finally
+                             (sp/close! *channel*)
+                             (p/await! writer)))))))}))

backend/src/app/http/websocket.clj

@@ -10,16 +10,18 @@
    [app.common.exceptions :as ex]
    [app.common.logging :as l]
    [app.common.pprint :as pp]
-   [app.common.spec :as us]
+   [app.common.schema :as sm]
+   [app.common.uuid :as uuid]
    [app.db :as db]
    [app.http.session :as session]
    [app.metrics :as mtx]
    [app.msgbus :as mbus]
    [app.util.time :as dt]
    [app.util.websocket :as ws]
-   [clojure.core.async :as a]
    [clojure.spec.alpha :as s]
    [integrant.core :as ig]
+   [promesa.exec.csp :as sp]
+   [ring.websocket :as rws]
    [yetti.websocket :as yws]))
 
 (def recv-labels
@@ -34,70 +36,38 @@
 
 (def state (atom {}))
 
-(defn- on-connect
-  [{:keys [::mtx/metrics]} wsp]
-  (let [created-at (dt/now)]
-    (swap! state assoc (::ws/id @wsp) wsp)
-    (mtx/run! metrics
-              :id :websocket-active-connections
-              :inc 1)
-    (fn []
-      (swap! state dissoc (::ws/id @wsp))
-      (mtx/run! metrics :id :websocket-active-connections :dec 1)
-      (mtx/run! metrics
-                :id :websocket-session-timing
-                :val (/ (inst-ms (dt/diff created-at (dt/now))) 1000.0)))))
-
-(defn- on-rcv-message
-  [{:keys [::mtx/metrics]} _ message]
-  (mtx/run! metrics
-            :id :websocket-messages-total
-            :labels recv-labels
-            :inc 1)
-  message)
-
-(defn- on-snd-message
-  [{:keys [::mtx/metrics]} _ message]
-  (mtx/run! metrics
-            :id :websocket-messages-total
-            :labels send-labels
-            :inc 1)
-  message)
-
 ;; REPL HELPERS
 
 (defn repl-get-connections-for-file
   [file-id]
   (->> (vals @state)
        (filter #(= file-id (-> % deref ::file-subscription :file-id)))
-       (map deref)
        (map ::ws/id)))
 
 (defn repl-get-connections-for-team
   [team-id]
   (->> (vals @state)
        (filter #(= team-id (-> % deref ::team-subscription :team-id)))
-       (map deref)
        (map ::ws/id)))
 
 (defn repl-close-connection
   [id]
-  (when-let [wsp (get @state id)]
-    (a/>!! (::ws/close-ch @wsp) [8899 "closed from server"])
-    (a/close! (::ws/close-ch @wsp))))
+  (when-let [{:keys [::ws/close-ch] :as wsp} (get @state id)]
+    (sp/put! close-ch [8899 "closed from server"])
+    (sp/close! close-ch)))
 
 (defn repl-get-connection-info
   [id]
   (when-let [wsp (get @state id)]
     {:id               id
-     :created-at       (::created-at @wsp)
-     :profile-id       (::profile-id @wsp)
-     :session-id       (::session-id @wsp)
-     :user-agent       (::ws/user-agent @wsp)
-     :ip-addr          (::ws/remote-addr @wsp)
-     :last-activity-at (::ws/last-activity-at @wsp)
-     :subscribed-file  (-> wsp deref ::file-subscription :file-id)
-     :subscribed-team  (-> wsp deref ::team-subscription :team-id)}))
+     :created-at       (::created-at wsp)
+     :profile-id       (::profile-id wsp)
+     :session-id       (::session-id wsp)
+     :user-agent       (::ws/user-agent wsp)
+     :ip-addr          (::ws/remote-addr wsp)
+     :last-activity-at (::ws/last-activity-at wsp)
+     :subscribed-file  (-> wsp ::file-subscription :file-id)
+     :subscribed-team  (-> wsp ::team-subscription :team-id)}))
 
 (defn repl-print-connection-info
   [id]
@@ -117,233 +87,229 @@
   (fn [_ _ message]
     (:type message)))
 
-(defmethod handle-message :connect
-  [cfg wsp _]
+(defmethod handle-message :open
+  [{:keys [::mbus/msgbus]} {:keys [::ws/id ::ws/output-ch ::ws/state ::profile-id ::session-id] :as wsp} _]
+  (l/trace :fn "handle-message" :event "open" :conn-id id)
+  (let [ch (sp/chan :buf (sp/dropping-buffer 16)
+                    :xf  (remove #(= (:session-id %) session-id)))]
 
-  (let [msgbus     (::mbus/msgbus cfg)
-        conn-id    (::ws/id @wsp)
-        profile-id (::profile-id @wsp)
-        session-id (::session-id @wsp)
-        output-ch  (::ws/output-ch @wsp)
+    ;; Subscribe to the profile channel and forward all messages to websocket output
+    ;; channel (send them to the client).
+    (swap! state assoc ::profile-subscription {:channel ch})
 
-        xform      (remove #(= (:session-id %) session-id))
-        channel    (a/chan (a/dropping-buffer 16) xform)]
+    ;; Forward the subscription messages directly to the websocket output channel
+    (sp/pipe ch output-ch false)
 
-    (l/trace :fn "handle-message" :event "connect" :conn-id conn-id)
+    ;; Subscribe to the profile topic on msgbus/redis
+    (mbus/sub! msgbus :topic profile-id :chan ch)
 
-    ;; Subscribe to the profile channel and forward all messages to
-    ;; websocket output channel (send them to the client).
-    (swap! wsp assoc ::profile-subscription channel)
-    (a/pipe channel output-ch false)
-    (mbus/sub! msgbus :topic profile-id :chan channel)))
+    ;; Subscribe to the system topic on msgbus/redis
+    (mbus/sub! msgbus :topic (str uuid/zero) :chan ch)))
 
-(defmethod handle-message :disconnect
-  [cfg wsp _]
-  (let [msgbus     (::mbus/msgbus cfg)
-        conn-id    (::ws/id @wsp)
-        profile-id (::profile-id @wsp)
-        session-id (::session-id @wsp)
-        profile-ch (::profile-subscription @wsp)
-        fsub       (::file-subscription @wsp)
-        tsub       (::team-subscription @wsp)
+(defmethod handle-message :close
+  [{:keys [::mbus/msgbus]} {:keys [::ws/id ::ws/state ::profile-id ::session-id]} _]
+  (l/trace :fn "handle-message" :event "close" :conn-id id)
+  (let [psub (::profile-subscription @state)
+        fsub (::file-subscription @state)
+        tsub (::team-subscription @state)
+        msg  {:type :disconnect
+              :subs-id profile-id
+              :profile-id profile-id
+              :session-id session-id}]
 
-        message    {:type :disconnect
-                    :subs-id profile-id
-                    :profile-id profile-id
-                    :session-id session-id}]
+    ;; Close profile subscription if exists
+    (when-let [ch (:channel psub)]
+      (sp/close! ch)
+      (mbus/purge! msgbus [ch]))
 
-    (l/trace :fn "handle-message"
-             :event :disconnect
-             :conn-id conn-id)
+    ;; Close team subscription if exists
+    (when-let [ch (:channel tsub)]
+      (sp/close! ch)
+      (mbus/purge! msgbus [ch]))
 
-    (a/go
-      ;; Close the main profile subscription
-      (a/close! profile-ch)
-      (a/<! (mbus/purge! msgbus [profile-ch]))
-
-      ;; Close tram subscription if exists
-      (when-let [channel (:channel tsub)]
-        (a/close! channel)
-        (a/<! (mbus/purge! msgbus channel)))
-
-      (when-let [{:keys [topic channel]} fsub]
-        (a/close! channel)
-        (a/<! (mbus/purge! msgbus channel))
-        (a/<! (mbus/pub! msgbus :topic topic :message message))))))
+    ;; Close file subscription if exists
+    (when-let [{:keys [topic channel]} fsub]
+      (sp/close! channel)
+      (mbus/purge! msgbus [channel])
+      (mbus/pub! msgbus :topic topic :message msg))))
 
 (defmethod handle-message :subscribe-team
-  [cfg wsp {:keys [team-id] :as params}]
-  (let [msgbus     (::mbus/msgbus cfg)
-        conn-id    (::ws/id @wsp)
-        session-id (::session-id @wsp)
-        output-ch  (::ws/output-ch @wsp)
-        prev-subs  (get @wsp ::team-subscription)
-        xform      (comp
-                    (remove #(= (:session-id %) session-id))
-                    (map #(assoc % :subs-id team-id)))
+  [{:keys [::mbus/msgbus]} {:keys [::ws/id ::ws/state ::ws/output-ch ::session-id]} {:keys [team-id] :as params}]
+  (l/trace :fn "handle-message" :event "subscribe-team" :team-id team-id :conn-id id)
+  (let [prev-subs (get @state ::team-subscription)
+        channel   (sp/chan :buf (sp/dropping-buffer 64)
+                           :xf  (comp
+                                 (remove #(= (:session-id %) session-id))
+                                 (map #(assoc % :subs-id team-id))))]
 
-        channel    (a/chan (a/dropping-buffer 64) xform)]
+    (sp/pipe channel output-ch false)
+    (mbus/sub! msgbus :topic team-id :chan channel)
 
-    (l/trace :fn "handle-message"
-             :event :subscribe-team
-             :team-id team-id
-             :conn-id conn-id)
+    (let [subs {:team-id team-id :channel channel :topic team-id}]
+      (swap! state assoc ::team-subscription subs))
 
-    (a/pipe channel output-ch false)
+    ;; Close previous subscription if exists
+    (when-let [ch (:channel prev-subs)]
+      (sp/close! ch)
+      (mbus/purge! msgbus [ch]))))
 
-    (let [state {:team-id team-id :channel channel :topic team-id}]
-      (swap! wsp assoc ::team-subscription state))
-
-    (a/go
-      ;; Close previous subscription if exists
-      (when-let [channel (:channel prev-subs)]
-        (a/close! channel)
-        (a/<! (mbus/purge! msgbus channel))))
-
-    (a/go
-      (a/<! (mbus/sub! msgbus :topic team-id :chan channel)))))
 
 (defmethod handle-message :subscribe-file
-  [cfg wsp {:keys [file-id version] :as params}]
-  (let [msgbus     (::mbus/msgbus cfg)
-        conn-id    (::ws/id @wsp)
-        profile-id (::profile-id @wsp)
-        session-id (::session-id @wsp)
-        output-ch  (::ws/output-ch @wsp)
-        prev-subs  (::file-subscription @wsp)
-        xform      (comp (remove #(= (:session-id %) session-id))
-                         (map #(assoc % :subs-id file-id)))
-        channel    (a/chan (a/dropping-buffer 64) xform)]
+  [{:keys [::mbus/msgbus]} {:keys [::ws/id ::ws/state ::ws/output-ch ::session-id ::profile-id]} {:keys [file-id] :as params}]
+  (l/trace :fn "handle-message" :event "subscribe-file" :file-id file-id :conn-id id)
+  (let [psub (::file-subscription @state)
+        fch  (sp/chan :buf (sp/dropping-buffer 64)
+                      :xf  (comp (remove #(= (:session-id %) session-id))
+                                 (map #(assoc % :subs-id file-id))))]
 
-    (l/trace :fn "handle-message"
-             :event :subscribe-file
-             :file-id file-id
-             :conn-id conn-id)
+    (let [subs {:file-id file-id :channel fch :topic file-id}]
+      (swap! state assoc ::file-subscription subs))
 
-    (let [state {:file-id file-id :channel channel :topic file-id}]
-      (swap! wsp assoc ::file-subscription state))
+    ;; Close previous subscription if exists
+    (when-let [ch (:channel psub)]
+      (sp/close! ch)
+      (mbus/purge! msgbus [ch]))
 
-    (a/go
-      ;; Close previous subscription if exists
-      (when-let [channel (:channel prev-subs)]
-        (a/close! channel)
-        (a/<! (mbus/purge! msgbus channel))))
+    (sp/go-loop []
+      (when-let [{:keys [type] :as message} (sp/take! fch)]
+        (sp/put! output-ch message)
+        (when (or (= :join-file type)
+                  (= :leave-file type)
+                  (= :disconnect type))
+          (let [message {:type :presence
+                         :file-id file-id
+                         :session-id session-id
+                         :profile-id profile-id}]
+            (mbus/pub! msgbus
+                       :topic file-id
+                       :message message)))
+        (recur)))
 
-    ;; Message forwarding
-    (a/go
-      (loop []
-        (when-let [{:keys [type] :as message} (a/<! channel)]
-          (when (or (= :join-file type)
-                    (= :leave-file type)
-                    (= :disconnect type))
-            (let [message {:type :presence
-                           :file-id file-id
-                           :session-id session-id
-                           :profile-id profile-id
-                           :version version}]
-              (a/<! (mbus/pub! msgbus :topic file-id :message message))))
-          (a/>! output-ch message)
-          (recur))))
+    ;; Subscribe to file topic
+    (mbus/sub! msgbus :topic file-id :chan fch)
 
-    (a/go
-      ;; Subscribe to file topic
-      (a/<! (mbus/sub! msgbus :topic file-id :chan channel))
-
-      ;; Notifify the rest of participants of the new connection.
-      (let [message {:type :join-file
-                     :file-id file-id
-                     :subs-id file-id
-                     :session-id session-id
-                     :profile-id profile-id}]
-        (a/<! (mbus/pub! msgbus :topic file-id :message message))))))
+    ;; Notifify the rest of participants of the new connection.
+    (let [message {:type :join-file
+                   :file-id file-id
+                   :subs-id file-id
+                   :session-id session-id
+                   :profile-id profile-id}]
+      (mbus/pub! msgbus :topic file-id :message message))))
 
 (defmethod handle-message :unsubscribe-file
-  [cfg wsp {:keys [file-id] :as params}]
-  (let [msgbus     (::mbus/msgbus cfg)
-        conn-id    (::ws/id @wsp)
-        session-id (::session-id @wsp)
-        profile-id (::profile-id @wsp)
-        subs       (::file-subscription @wsp)
+  [{:keys [::mbus/msgbus]} {:keys [::ws/id ::ws/state ::session-id ::profile-id]} {:keys [file-id] :as params}]
+  (l/trace :fn "handle-message" :event "unsubscribe-file" :file-id file-id :conn-id id)
 
-        message    {:type :leave-file
-                    :file-id file-id
-                    :session-id session-id
-                    :profile-id profile-id}]
+  (let [subs    (::file-subscription @state)
+        message {:type :leave-file
+                 :file-id file-id
+                 :session-id session-id
+                 :profile-id profile-id}]
 
-    (l/trace :fn "handle-message"
-             :event :unsubscribe-file
-             :file-id file-id
-             :conn-id conn-id)
-
-    (a/go
-      (when (= (:file-id subs) file-id)
-        (let [channel (:channel subs)]
-          (a/close! channel)
-          (a/<! (mbus/purge! msgbus channel))
-          (a/<! (mbus/pub! msgbus :topic file-id :message message)))))))
+    (when (= (:file-id subs) file-id)
+      (mbus/pub! msgbus :topic file-id :message message)
+      (let [ch (:channel subs)]
+        (sp/close! ch)
+        (mbus/purge! msgbus [ch])))))
 
 (defmethod handle-message :keepalive
   [_ _ _]
-  (l/trace :fn "handle-message" :event :keepalive)
-  (a/go :nothing))
+  (l/trace :fn "handle-message" :event :keepalive))
+
+(defmethod handle-message :broadcast
+  [{:keys [::mbus/msgbus]} {:keys [::ws/id ::session-id ::profile-id]} message]
+  (l/trace :fn "handle-message" :event "broadcast" :conn-id id)
+  (let [message (-> message
+                    (assoc :subs-id profile-id)
+                    (assoc :profile-id profile-id)
+                    (assoc :session-id session-id))]
+    (mbus/pub! msgbus :topic profile-id :message message)))
 
 (defmethod handle-message :pointer-update
-  [cfg wsp {:keys [file-id] :as message}]
-  (let [msgbus     (::mbus/msgbus cfg)
-        profile-id (::profile-id @wsp)
-        session-id (::session-id @wsp)
-        subs       (::file-subscription @wsp)
-        message    (-> message
-                       (assoc :subs-id file-id)
-                       (assoc :profile-id profile-id)
-                       (assoc :session-id session-id))]
-    (a/go
-      ;; Only allow receive pointer updates when active subscription
-      (when subs
-        (a/<! (mbus/pub! msgbus :topic file-id :message message))))))
+  [{:keys [::mbus/msgbus]} {:keys [::ws/state ::session-id ::profile-id]} {:keys [file-id] :as message}]
+  (when (::file-subscription @state)
+    (let [message (-> message
+                      (assoc :subs-id file-id)
+                      (assoc :profile-id profile-id)
+                      (assoc :session-id session-id))]
+      (mbus/pub! msgbus :topic file-id :message message))))
 
 (defmethod handle-message :default
-  [_ wsp message]
-  (let [conn-id (::ws/id @wsp)]
-    (l/warn :hint "received unexpected message"
-            :message message
-            :conn-id conn-id)
-    (a/go :none)))
+  [_ {:keys [::ws/id]} message]
+  (l/warn :hint "received unexpected message"
+          :message message
+          :conn-id id))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; HTTP HANDLER
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
-(s/def ::session-id ::us/uuid)
-(s/def ::handler-params
-  (s/keys :req-un [::session-id]))
+(defn- on-connect
+  [{:keys [::mtx/metrics]} {:keys [::ws/id] :as wsp}]
+  (let [created-at (dt/now)]
+    (l/trace :fn "on-connect" :conn-id id)
+    (swap! state assoc id wsp)
+    (mtx/run! metrics
+              :id :websocket-active-connections
+              :inc 1)
+
+    (assoc wsp ::ws/on-disconnect
+           (fn []
+             (l/trace :fn "on-disconnect" :conn-id id)
+             (swap! state dissoc id)
+             (mtx/run! metrics :id :websocket-active-connections :dec 1)
+             (mtx/run! metrics
+                       :id :websocket-session-timing
+                       :val (/ (inst-ms (dt/diff created-at (dt/now))) 1000.0))))))
+
+(defn- on-rcv-message
+  [{:keys [::mtx/metrics ::profile-id ::session-id]} message]
+  (mtx/run! metrics
+            :id :websocket-messages-total
+            :labels recv-labels
+            :inc 1)
+  (assoc message :profile-id profile-id :session-id session-id))
+
+(defn- on-snd-message
+  [{:keys [::mtx/metrics]} message]
+  (mtx/run! metrics
+            :id :websocket-messages-total
+            :labels send-labels
+            :inc 1)
+  message)
+
+(def ^:private schema:params
+  (sm/define
+    [:map {:title "params"}
+     [:session-id ::sm/uuid]]))
 
 (defn- http-handler
-  [cfg {:keys [params ::session/profile-id] :as request} respond raise]
-  (let [{:keys [session-id]} (us/conform ::handler-params params)]
+  [cfg {:keys [params ::session/profile-id] :as request}]
+  (let [{:keys [session-id]} (sm/conform! schema:params params)]
     (cond
       (not profile-id)
-      (raise (ex/error :type :authentication
-                       :hint "Authentication required."))
+      (ex/raise :type :authentication
+                :hint "Authentication required.")
 
+      ;; WORKAROUND: we use the adapter specific predicate for
+      ;; performance reasons; for now, the ring default impl for
+      ;; `upgrade-request?` parses all requests headers before perform
+      ;; any checking.
       (not (yws/upgrade-request? request))
-      (raise (ex/error :type :validation
-                       :code :websocket-request-expected
-                       :hint "this endpoint only accepts websocket connections"))
+      (ex/raise :type :validation
+                :code :websocket-request-expected
+                :hint "this endpoint only accepts websocket connections")
 
       :else
       (do
         (l/trace :hint "websocket request" :profile-id profile-id :session-id session-id)
-
-        (->> (ws/handler
-              ::ws/on-rcv-message (partial on-rcv-message cfg)
-              ::ws/on-snd-message (partial on-snd-message cfg)
-              ::ws/on-connect (partial on-connect cfg)
-              ::ws/handler (partial handle-message cfg)
-              ::profile-id profile-id
-              ::session-id session-id)
-             (yws/upgrade request)
-             (respond))))))
+        {::rws/listener (ws/listener request
+                                     ::ws/on-rcv-message (partial on-rcv-message cfg)
+                                     ::ws/on-snd-message (partial on-snd-message cfg)
+                                     ::ws/on-connect (partial on-connect cfg)
+                                     ::ws/handler (partial handle-message cfg)
+                                     ::profile-id profile-id
+                                     ::session-id session-id)}))))
 
 (defmethod ig/pre-init-spec ::routes [_]
   (s/keys :req [::mbus/msgbus
@@ -356,5 +322,4 @@
 (defmethod ig/init-key ::routes
   [_ cfg]
   ["/ws/notifications" {:middleware [[session/authz cfg]]
-                        :handler (partial http-handler cfg)
-                        :allowed-methods #{:get}}])
+                        :handler (partial http-handler cfg)}])

backend/src/app/loggers/audit.clj

@@ -16,13 +16,16 @@
    [app.common.uuid :as uuid]
    [app.config :as cf]
    [app.db :as db]
-   [app.http.client :as http]
+   [app.http :as-alias http]
+   [app.http.access-token :as-alias actoken]
+   [app.http.client :as http.client]
    [app.loggers.audit.tasks :as-alias tasks]
    [app.loggers.webhooks :as-alias webhooks]
    [app.main :as-alias main]
    [app.rpc :as-alias rpc]
+   [app.rpc.retry :as rtry]
    [app.tokens :as tokens]
-   [app.util.retry :as rtry]
+   [app.util.services :as-alias sv]
    [app.util.time :as dt]
    [app.worker :as wrk]
    [clojure.spec.alpha :as s]
@@ -30,7 +33,7 @@
    [integrant.core :as ig]
    [lambdaisland.uri :as u]
    [promesa.exec :as px]
-   [yetti.request :as yrq]))
+   [ring.request :as rreq]))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; HELPERS
@@ -38,9 +41,9 @@
 
 (defn parse-client-ip
   [request]
-  (or (some-> (yrq/get-header request "x-forwarded-for") (str/split ",") first)
-      (yrq/get-header request "x-real-ip")
-      (some-> (yrq/remote-addr request) str)))
+  (or (some-> (rreq/get-header request "x-forwarded-for") (str/split ",") first)
+      (rreq/get-header request "x-real-ip")
+      (some-> (rreq/remote-addr request) str)))
 
 (defn extract-utm-params
   "Extracts additional data from params and namespace them under
@@ -92,6 +95,15 @@
 
 ;; --- SPECS
 
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; COLLECTOR
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+;; Defines a service that collects the audit/activity log using
+;; internal database. Later this audit log can be transferred to
+;; an external storage and data cleared.
+
 (s/def ::profile-id ::us/uuid)
 (s/def ::name ::us/string)
 (s/def ::type ::us/string)
@@ -104,20 +116,13 @@
   (s/or :fn fn? :str string? :kw keyword?))
 
 (s/def ::event
-  (s/keys :req-un [::type ::name ::profile-id]
-          :opt-un [::ip-addr ::props]
-          :opt [::webhooks/event?
+  (s/keys :req [::type ::name ::profile-id]
+          :opt [::ip-addr
+                ::props
+                ::webhooks/event?
                 ::webhooks/batch-timeout
                 ::webhooks/batch-key]))
 
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; COLLECTOR
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-;; Defines a service that collects the audit/activity log using
-;; internal database. Later this audit log can be transferred to
-;; an external storage and data cleared.
-
 (s/def ::collector
   (s/keys :req [::wrk/executor ::db/pool]))
 
@@ -133,15 +138,64 @@
     :else
     cfg))
 
+(defn prepare-event
+  [cfg mdata params result]
+  (let [resultm    (meta result)
+        request    (-> params meta ::http/request)
+        profile-id (or (::profile-id resultm)
+                       (:profile-id result)
+                       (::rpc/profile-id params)
+                       uuid/zero)
+
+        props      (-> (or (::replace-props resultm)
+                           (-> params
+                               (merge (::props resultm))
+                               (dissoc :profile-id)
+                               (dissoc :type)))
+
+                       (clean-props))
+
+        token-id  (::actoken/id request)
+        context   (d/without-nils
+                   {:access-token-id (some-> token-id str)})]
+
+    {::type (or (::type resultm)
+                (::rpc/type cfg))
+     ::name (or (::name resultm)
+                (::sv/name mdata))
+     ::profile-id profile-id
+     ::ip-addr (some-> request parse-client-ip)
+     ::props props
+     ::context context
+
+     ;; NOTE: for batch-key lookup we need the params as-is
+     ;; because the rpc api does not need to know the
+     ;; audit/webhook specific object layout.
+     ::rpc/params params
+
+     ::webhooks/batch-key
+     (or (::webhooks/batch-key mdata)
+         (::webhooks/batch-key resultm))
+
+     ::webhooks/batch-timeout
+     (or (::webhooks/batch-timeout mdata)
+         (::webhooks/batch-timeout resultm))
+
+     ::webhooks/event?
+     (or (::webhooks/event? mdata)
+         (::webhooks/event? resultm)
+         false)}))
+
 (defn- handle-event!
   [conn-or-pool event]
   (us/verify! ::event event)
   (let [params {:id (uuid/next)
-                :name (:name event)
-                :type (:type event)
-                :profile-id (:profile-id event)
-                :ip-addr (:ip-addr event)
-                :props (:props event)}]
+                :name (::name event)
+                :type (::type event)
+                :profile-id (::profile-id event)
+                :ip-addr (::ip-addr event)
+                :context (::context event)
+                :props (::props event)}]
 
     (when (contains? cf/flags :audit-log)
       ;; NOTE: this operation may cause primary key conflicts on inserts
@@ -149,11 +203,13 @@
       ;; this case we just retry the operation.
       (rtry/with-retry {::rtry/when rtry/conflict-exception?
                         ::rtry/max-retries 6
-                        ::rtry/label "persist-audit-log"}
+                        ::rtry/label "persist-audit-log"
+                        ::db/conn (dm/check db/connection? conn-or-pool)}
         (let [now (dt/now)]
           (db/insert! conn-or-pool :audit-log
                       (-> params
                           (update :props db/tjson)
+                          (update :context db/tjson)
                           (update :ip-addr db/inet)
                           (assoc :created-at now)
                           (assoc :tracked-at now)
@@ -186,9 +242,8 @@
 
 (defn submit!
   "Submit audit event to the collector."
-  [{:keys [::wrk/executor] :as cfg} params]
+  [cfg params]
   (let [conn (or (::db/conn cfg) (::db/pool cfg))]
-    (us/assert! ::wrk/executor executor)
     (us/assert! ::db/pool-or-conn conn)
     (try
       (handle-event! conn (d/without-nils params))
@@ -207,7 +262,7 @@
 (s/def ::tasks/uri ::us/string)
 
 (defmethod ig/pre-init-spec ::tasks/archive-task [_]
-  (s/keys :req [::db/pool ::main/props ::http/client]))
+  (s/keys :req [::db/pool ::main/props ::http.client/client]))
 
 (defmethod ig/init-key ::tasks/archive
   [_ cfg]
@@ -231,7 +286,7 @@
             (if n
               (do
                 (px/sleep 100)
-                (recur (+ total n)))
+                (recur (+ total ^long n)))
               (when (pos? total)
                 (l/debug :hint "events archived" :total total)))))))))
 
@@ -281,7 +336,7 @@
                            :method :post
                            :headers headers
                            :body body}
-                  resp    (http/req! cfg params {:sync? true})]
+                  resp    (http.client/req! cfg params {:sync? true})]
               (if (= (:status resp) 204)
                 true
                 (do

backend/src/app/loggers/database.clj

@@ -11,6 +11,7 @@
    [app.common.exceptions :as ex]
    [app.common.logging :as l]
    [app.common.pprint :as pp]
+   [app.common.schema :as sm]
    [app.common.spec :as us]
    [app.config :as cf]
    [app.db :as db]
@@ -32,35 +33,51 @@
   (when-not (db/read-only? pool)
     (db/insert! pool :server-error-report
                 {:id id
-                 :version 2
+                 :version 3
                  :content (db/tjson report)})))
 
 (defn record->report
   [{:keys [::l/context ::l/message ::l/props ::l/logger ::l/level ::l/cause] :as record}]
   (us/assert! ::l/record record)
+  (if (or (instance? java.util.concurrent.CompletionException cause)
+          (instance? java.util.concurrent.ExecutionException cause))
+    (-> record
+        (assoc ::trace (ex/format-throwable cause :data? false :explain? false :header? false :summary? false))
+        (assoc ::l/cause (ex-cause cause))
+        (record->report))
 
-  (merge
-   {:context (-> context
-                 (assoc :tenant (cf/get :tenant))
-                 (assoc :host (cf/get :host))
-                 (assoc :public-uri (cf/get :public-uri))
-                 (assoc :version (:full cf/version))
-                 (assoc :logger-name logger)
-                 (assoc :logger-level level)
-                 (dissoc :params)
-                 (pp/pprint-str :width 200))
-    :params  (some-> (:params context)
-                     (pp/pprint-str :width 200))
-    :props   (pp/pprint-str props :width 200)
-    :hint    (or (ex-message cause) @message)
-    :trace   (ex/format-throwable cause :data? false :explain? false :header? false :summary? false)}
+    (let [data (ex-data cause)
+          ctx  (-> context
+                   (assoc :tenant (cf/get :tenant))
+                   (assoc :host (cf/get :host))
+                   (assoc :public-uri (cf/get :public-uri))
+                   (assoc :logger/name logger)
+                   (assoc :logger/level level)
+                   (dissoc :request/params :value :params :data))]
+      (merge
+       {:context (-> (into (sorted-map) ctx)
+                     (pp/pprint-str :length 50))
+        :props   (pp/pprint-str props :length 50)
+        :hint    (or (ex-message cause) @message)
+        :trace   (or (::trace record)
+                     (ex/format-throwable cause :data? false :explain? false :header? false :summary? false))}
 
-   (when-let [data (ex-data cause)]
-     {:spec-value    (some-> (::s/value data) (pp/pprint-str :width 200))
-      :spec-explain  (ex/explain data)
-      :data          (-> data
-                         (dissoc ::s/problems ::s/value ::s/spec :hint)
-                         (pp/pprint-str :width 200))})))
+       (when-let [params (or (:request/params context) (:params context))]
+         {:params (pp/pprint-str params :length 30 :level 12)})
+
+       (when-let [value (:value context)]
+         {:value (pp/pprint-str value :length 30 :level 12)})
+
+       (when-let [data (some-> data (dissoc ::s/problems ::s/value ::s/spec ::sm/explain :hint))]
+         {:data (pp/pprint-str data :length 30 :level 12)})
+
+       (when-let [explain (ex/explain data :length 30 :level 12)]
+         {:explain explain})))))
+
+(defn error-record?
+  [{:keys [::l/level ::l/cause]}]
+  (and (= :error level)
+       (ex/exception? cause)))
 
 (defn- handle-event
   [{:keys [::db/pool]} {:keys [::l/id] :as record}]
@@ -74,20 +91,16 @@
     (catch Throwable cause
       (l/warn :hint "unexpected exception on database error logger" :cause cause))))
 
-(defn error-record?
-  [{:keys [::l/level ::l/cause]}]
-  (and (= :error level)
-       (ex/exception? cause)))
-
 (defmethod ig/pre-init-spec ::reporter [_]
   (s/keys :req [::db/pool]))
 
 (defmethod ig/init-key ::reporter
   [_ cfg]
-  (let [input (sp/chan (sp/sliding-buffer 32) (filter error-record?))]
+  (let [input (sp/chan :buf (sp/sliding-buffer 64)
+                       :xf  (filter error-record?))]
     (add-watch l/log-record ::reporter #(sp/put! input %4))
-    (px/thread
-      {:name "penpot/database-reporter" :virtual true}
+
+    (px/thread {:name "penpot/database-reporter"}
       (l/info :hint "initializing database error persistence")
       (try
         (loop []

backend/src/app/loggers/mattermost.clj

@@ -30,7 +30,9 @@
                   "```\n"
                   "- host: `" (:host report) "`\n"
                   "- tenant: `" (:tenant report) "`\n"
-                  "- version: `" (:version report) "`\n"
+                  "- request-path: `" (:request-path report) "`\n"
+                  "- frontend-version: `" (:frontend-version report) "`\n"
+                  "- backend-version: `" (:backend-version report) "`\n"
                   "\n"
                   "Trace:\n"
                   (:trace report)
@@ -50,13 +52,15 @@
 (defn record->report
   [{:keys [::l/context ::l/id ::l/cause] :as record}]
   (us/assert! ::l/record record)
-  {:id         id
-   :tenant     (cf/get :tenant)
-   :host       (cf/get :host)
-   :public-uri (cf/get :public-uri)
-   :version    (:full cf/version)
-   :profile-id (:profile-id context)
-   :trace      (ex/format-throwable cause :detail? false :header? false)})
+  {:id               id
+   :tenant           (cf/get :tenant)
+   :host             (cf/get :host)
+   :public-uri       (cf/get :public-uri)
+   :backend-version  (or (:version/backend context) (:full cf/version))
+   :frontend-version (:version/frontend context)
+   :profile-id       (:request/profile-id context)
+   :request-path     (:request/path context)
+   :trace            (ex/format-throwable cause :detail? false :header? false)})
 
 (defn handle-event
   [cfg record]
@@ -77,7 +81,8 @@
       {:name "penpot/mattermost-reporter"
        :virtual true}
       (l/info :hint "initializing error reporter" :uri uri)
-      (let [input (sp/chan (sp/sliding-buffer 128) (filter ldb/error-record?))]
+      (let [input (sp/chan :buf (sp/sliding-buffer 128)
+                           :xf (filter ldb/error-record?))]
         (add-watch l/log-record ::reporter #(sp/put! input %4))
         (try
           (loop []

backend/src/app/loggers/webhooks.clj

@@ -182,5 +182,4 @@
     "invalid-uri"
 
     (instance? java.net.http.HttpConnectTimeoutException cause)
-    "timeout"
-    ))
+    "timeout"))

backend/src/app/main.clj

@@ -10,11 +10,11 @@
    [app.auth.oidc :as-alias oidc]
    [app.auth.oidc.providers :as-alias oidc.providers]
    [app.common.logging :as l]
+   [app.common.svg :as csvg]
    [app.config :as cf]
    [app.db :as-alias db]
    [app.email :as-alias email]
    [app.http :as-alias http]
-   [app.http.access-token :as-alias actoken]
    [app.http.assets :as-alias http.assets]
    [app.http.awsns :as http.awsns]
    [app.http.client :as-alias http.client]
@@ -30,14 +30,20 @@
    [app.redis :as-alias rds]
    [app.rpc :as-alias rpc]
    [app.rpc.doc :as-alias rpc.doc]
+   [app.setup :as-alias setup]
    [app.srepl :as-alias srepl]
    [app.storage :as-alias sto]
    [app.storage.fs :as-alias sto.fs]
    [app.storage.s3 :as-alias sto.s3]
    [app.util.time :as dt]
    [app.worker :as-alias wrk]
+   [cider.nrepl :refer [cider-nrepl-handler]]
+   [clojure.test :as test]
+   [clojure.tools.namespace.repl :as repl]
    [cuerdas.core :as str]
-   [integrant.core :as ig])
+   [integrant.core :as ig]
+   [nrepl.server :as nrepl]
+   [promesa.exec :as px])
   (:gen-class))
 
 (def default-metrics
@@ -102,15 +108,15 @@
     ::mdef/labels ["name"]
     ::mdef/type :summary}
 
-   :rpc-climit-queue-size
-   {::mdef/name "penpot_rpc_climit_queue_size"
-    ::mdef/help "Current number of queued submissions on the CLIMIT."
+   :rpc-climit-queue
+   {::mdef/name "penpot_rpc_climit_queue"
+    ::mdef/help "Current number of queued submissions."
     ::mdef/labels ["name"]
     ::mdef/type :gauge}
 
-   :rpc-climit-concurrency
-   {::mdef/name "penpot_rpc_climit_concurrency"
-    ::mdef/help "Current number of used concurrency capacity on the CLIMIT"
+   :rpc-climit-permits
+   {::mdef/name "penpot_rpc_climit_permits"
+    ::mdef/help "Current number of available permits"
     ::mdef/labels ["name"]
     ::mdef/type :gauge}
 
@@ -154,12 +160,6 @@
    {::mdef/name "penpot_executors_running_threads"
     ::mdef/help "Current number of threads with state RUNNING."
     ::mdef/labels ["name"]
-    ::mdef/type :gauge}
-
-   :executors-queued-submissions
-   {::mdef/name "penpot_executors_queued_submissions"
-    ::mdef/help "Current number of queued submissions."
-    ::mdef/labels ["name"]
     ::mdef/type :gauge}})
 
 (def system-config
@@ -174,15 +174,12 @@
 
    ;; Default thread pool for IO operations
    ::wrk/executor
-   {::wrk/parallelism (cf/get :default-executor-parallelism 100)}
-
-   ::wrk/scheduled-executor
-   {::wrk/parallelism (cf/get :scheduled-executor-parallelism 20)}
+   {}
 
    ::wrk/monitor
    {::mtx/metrics  (ig/ref ::mtx/metrics)
-    ::wrk/name     "default"
-    ::wrk/executor (ig/ref ::wrk/executor)}
+    ::wrk/executor (ig/ref ::wrk/executor)
+    ::wrk/name     "default"}
 
    :app.migrations/migrations
    {::db/pool (ig/ref ::db/pool)}
@@ -194,17 +191,16 @@
    {::mtx/metrics (ig/ref ::mtx/metrics)}
 
    ::rds/redis
-   {::rds/uri     (cf/get :redis-uri)
-    ::mtx/metrics (ig/ref ::mtx/metrics)}
+   {::rds/uri      (cf/get :redis-uri)
+    ::mtx/metrics  (ig/ref ::mtx/metrics)
+    ::wrk/executor (ig/ref ::wrk/executor)}
 
    ::mbus/msgbus
-   {:backend   (cf/get :msgbus-backend :redis)
-    :executor  (ig/ref ::wrk/executor)
-    :redis     (ig/ref ::rds/redis)}
+   {::wrk/executor  (ig/ref ::wrk/executor)
+    ::rds/redis     (ig/ref ::rds/redis)}
 
    :app.storage.tmp/cleaner
-   {::wrk/executor (ig/ref ::wrk/executor)
-    ::wrk/scheduled-executor (ig/ref ::wrk/scheduled-executor)}
+   {::wrk/executor (ig/ref ::wrk/executor)}
 
    ::sto/gc-deleted-task
    {::db/pool      (ig/ref ::db/pool)
@@ -214,33 +210,23 @@
    {::db/pool (ig/ref ::db/pool)}
 
    ::http.client/client
-   {::wrk/executor (ig/ref ::wrk/executor)}
+   {}
 
    ::session/manager
-   {::db/pool      (ig/ref ::db/pool)
-    ::wrk/executor (ig/ref ::wrk/executor)
-    ::props        (ig/ref :app.setup/props)}
-
-   ::actoken/manager
-   {::db/pool      (ig/ref ::db/pool)
-    ::wrk/executor (ig/ref ::wrk/executor)
-    ::props        (ig/ref :app.setup/props)}
+   {::db/pool (ig/ref ::db/pool)}
 
    ::session.tasks/gc
    {::db/pool (ig/ref ::db/pool)}
 
    ::http.awsns/routes
-   {::props              (ig/ref :app.setup/props)
+   {::props              (ig/ref ::setup/props)
     ::db/pool            (ig/ref ::db/pool)
-    ::http.client/client (ig/ref ::http.client/client)
-    ::wrk/executor       (ig/ref ::wrk/executor)}
+    ::http.client/client (ig/ref ::http.client/client)}
 
    ::http/server
    {::http/port                    (cf/get :http-server-port)
     ::http/host                    (cf/get :http-server-host)
     ::http/router                  (ig/ref ::http/router)
-    ::http/metrics                 (ig/ref ::mtx/metrics)
-    ::http/executor                (ig/ref ::wrk/executor)
     ::http/io-threads              (cf/get :http-server-io-threads)
     ::http/max-body-size           (cf/get :http-server-max-body-size)
     ::http/max-multipart-body-size (cf/get :http-server-max-multipart-body-size)}
@@ -274,8 +260,7 @@
    ::oidc/routes
    {::http.client/client (ig/ref ::http.client/client)
     ::db/pool            (ig/ref ::db/pool)
-    ::props              (ig/ref :app.setup/props)
-    ::wrk/executor       (ig/ref ::wrk/executor)
+    ::props              (ig/ref ::setup/props)
     ::oidc/providers     {:google (ig/ref ::oidc.providers/google)
                           :github (ig/ref ::oidc.providers/github)
                           :gitlab (ig/ref ::oidc.providers/gitlab)
@@ -284,12 +269,10 @@
 
    :app.http/router
    {::session/manager    (ig/ref ::session/manager)
-    ::actoken/manager    (ig/ref ::actoken/manager)
-    ::wrk/executor       (ig/ref ::wrk/executor)
     ::db/pool            (ig/ref ::db/pool)
     ::rpc/routes         (ig/ref ::rpc/routes)
     ::rpc.doc/routes     (ig/ref ::rpc.doc/routes)
-    ::props              (ig/ref :app.setup/props)
+    ::props              (ig/ref ::setup/props)
     ::mtx/routes         (ig/ref ::mtx/routes)
     ::oidc/routes        (ig/ref ::oidc/routes)
     ::http.debug/routes  (ig/ref ::http.debug/routes)
@@ -297,32 +280,29 @@
     ::http.ws/routes     (ig/ref ::http.ws/routes)
     ::http.awsns/routes  (ig/ref ::http.awsns/routes)}
 
-   :app.http.debug/routes
+   ::http.debug/routes
    {::db/pool         (ig/ref ::db/pool)
-    ::wrk/executor    (ig/ref ::wrk/executor)
     ::session/manager (ig/ref ::session/manager)
-    ::sto/storage     (ig/ref ::sto/storage)}
+    ::sto/storage     (ig/ref ::sto/storage)
+    ::props           (ig/ref ::setup/props)}
 
-   :app.http.websocket/routes
+   ::http.ws/routes
    {::db/pool         (ig/ref ::db/pool)
     ::mtx/metrics     (ig/ref ::mtx/metrics)
-    ::mbus/msgbus     (ig/ref :app.msgbus/msgbus)
+    ::mbus/msgbus     (ig/ref ::mbus/msgbus)
     ::session/manager (ig/ref ::session/manager)}
 
    :app.http.assets/routes
    {::http.assets/path  (cf/get :assets-path)
     ::http.assets/cache-max-age (dt/duration {:hours 24})
     ::http.assets/cache-max-agesignature-max-age (dt/duration {:hours 24 :minutes 5})
-    ::sto/storage  (ig/ref ::sto/storage)
-    ::wrk/executor (ig/ref ::wrk/executor)}
+    ::sto/storage  (ig/ref ::sto/storage)}
 
    :app.rpc/climit
-   {::mtx/metrics  (ig/ref ::mtx/metrics)
-    ::wrk/executor (ig/ref ::wrk/executor)}
+   {::mtx/metrics  (ig/ref ::mtx/metrics)}
 
    :app.rpc/rlimit
-   {::wrk/executor           (ig/ref ::wrk/executor)
-    ::wrk/scheduled-executor (ig/ref ::wrk/scheduled-executor)}
+   {::wrk/executor (ig/ref ::wrk/executor)}
 
    :app.rpc/methods
    {::http.client/client (ig/ref ::http.client/client)
@@ -334,15 +314,14 @@
     ::mtx/metrics        (ig/ref ::mtx/metrics)
     ::mbus/msgbus        (ig/ref ::mbus/msgbus)
     ::rds/redis          (ig/ref ::rds/redis)
+    ::csvg/optimizer     (ig/ref ::csvg/optimizer)
 
     ::rpc/climit         (ig/ref ::rpc/climit)
     ::rpc/rlimit         (ig/ref ::rpc/rlimit)
+    ::setup/templates    (ig/ref ::setup/templates)
+    ::props              (ig/ref ::setup/props)
 
-    ::props              (ig/ref :app.setup/props)
-
-    :pool                (ig/ref ::db/pool)
-    :templates           (ig/ref :app.setup/builtin-templates)
-    }
+    :pool                (ig/ref ::db/pool)}
 
    :app.rpc.doc/routes
    {:methods (ig/ref :app.rpc/methods)}
@@ -350,10 +329,8 @@
    :app.rpc/routes
    {::rpc/methods     (ig/ref :app.rpc/methods)
     ::db/pool         (ig/ref ::db/pool)
-    ::wrk/executor    (ig/ref ::wrk/executor)
     ::session/manager (ig/ref ::session/manager)
-    ::actoken/manager (ig/ref ::actoken/manager)
-    ::props           (ig/ref :app.setup/props)}
+    ::props           (ig/ref ::setup/props)}
 
    ::wrk/registry
    {::mtx/metrics (ig/ref ::mtx/metrics)
@@ -397,7 +374,8 @@
     ::sto/storage (ig/ref ::sto/storage)}
 
    :app.tasks.file-gc/handler
-   {::db/pool (ig/ref ::db/pool)}
+   {::db/pool     (ig/ref ::db/pool)
+    ::sto/storage (ig/ref ::sto/storage)}
 
    :app.tasks.file-xlog-gc/handler
    {::db/pool (ig/ref ::db/pool)}
@@ -405,7 +383,7 @@
    :app.tasks.telemetry/handler
    {::db/pool            (ig/ref ::db/pool)
     ::http.client/client (ig/ref ::http.client/client)
-    ::props              (ig/ref :app.setup/props)}
+    ::props              (ig/ref ::setup/props)}
 
    [::srepl/urepl ::srepl/server]
    {::srepl/port (cf/get :urepl-port 6062)
@@ -415,10 +393,9 @@
    {::srepl/port (cf/get :prepl-port 6063)
     ::srepl/host (cf/get :prepl-host "localhost")}
 
-   :app.setup/builtin-templates
-   {::http.client/client (ig/ref ::http.client/client)}
+   ::setup/templates {}
 
-   :app.setup/props
+   ::setup/props
    {::db/pool    (ig/ref ::db/pool)
     ::key        (cf/get :secret-key)
 
@@ -426,8 +403,11 @@
     ;; module requires the migrations to run before initialize.
     ::migrations (ig/ref :app.migrations/migrations)}
 
+   ::csvg/optimizer
+   {}
+
    ::audit.tasks/archive
-   {::props              (ig/ref :app.setup/props)
+   {::props              (ig/ref ::setup/props)
     ::db/pool            (ig/ref ::db/pool)
     ::http.client/client (ig/ref ::http.client/client)}
 
@@ -450,26 +430,23 @@
 
    ::sto/storage
    {::db/pool      (ig/ref ::db/pool)
-    ::wrk/executor (ig/ref ::wrk/executor)
     ::sto/backends
     {:assets-s3 (ig/ref [::assets :app.storage.s3/backend])
      :assets-fs (ig/ref [::assets :app.storage.fs/backend])}}
 
    [::assets :app.storage.s3/backend]
-   {::sto.s3/region   (cf/get :storage-assets-s3-region)
-    ::sto.s3/endpoint (cf/get :storage-assets-s3-endpoint)
-    ::sto.s3/bucket   (cf/get :storage-assets-s3-bucket)
-    ::wrk/executor    (ig/ref ::wrk/executor)}
+   {::sto.s3/region     (cf/get :storage-assets-s3-region)
+    ::sto.s3/endpoint   (cf/get :storage-assets-s3-endpoint)
+    ::sto.s3/bucket     (cf/get :storage-assets-s3-bucket)
+    ::sto.s3/io-threads (cf/get :storage-assets-s3-io-threads)}
 
    [::assets :app.storage.fs/backend]
-   {::sto.fs/directory (cf/get :storage-assets-fs-directory)}
-   })
+   {::sto.fs/directory (cf/get :storage-assets-fs-directory)}})
 
 
 (def worker-config
   {::wrk/cron
-   {::wrk/scheduled-executor  (ig/ref ::wrk/scheduled-executor)
-    ::wrk/registry            (ig/ref ::wrk/registry)
+   {::wrk/registry            (ig/ref ::wrk/registry)
     ::db/pool                 (ig/ref ::db/pool)
     ::wrk/entries
     [{:cron #app/cron "0 0 * * * ?" ;; hourly
@@ -538,22 +515,65 @@
                                    (merge worker-config))
                                  (ig/prep)
                                  (ig/init))))
-  (l/info :hint "welcome to penpot"
-          :flags (str/join "," (map name cf/flags))
-          :worker? (contains? cf/flags :backend-worker)
-          :version (:full cf/version)))
+  (l/inf :hint "welcome to penpot"
+         :flags (str/join "," (map name cf/flags))
+         :worker? (contains? cf/flags :backend-worker)
+         :version (:full cf/version)))
 
 (defn stop
   []
   (alter-var-root #'system (fn [sys]
                              (when sys (ig/halt! sys))
                              nil)))
+(defn restart
+  []
+  (stop)
+  (repl/refresh :after 'app.main/start))
+
+(defn restart-all
+  []
+  (stop)
+  (repl/refresh-all :after 'app.main/start))
+
+(defmacro run-bench
+  [& exprs]
+  `(do
+     (require 'criterium.core)
+     (criterium.core/with-progress-reporting (crit/quick-bench (do ~@exprs) :verbose))))
+
+(defn run-tests
+  ([] (run-tests #"^backend-tests.*-test$"))
+  ([o]
+   (repl/refresh)
+   (cond
+     (instance? java.util.regex.Pattern o)
+     (test/run-all-tests o)
+
+     (symbol? o)
+     (if-let [sns (namespace o)]
+       (do (require (symbol sns))
+           (test/test-vars [(resolve o)]))
+       (test/test-ns o)))))
+
+(repl/disable-reload! (find-ns 'integrant.core))
 
 (defn -main
   [& _args]
   (try
-    (start)
+    (let [p (promise)]
+      (when (contains? cf/flags :nrepl-server)
+        (l/inf :hint "start nrepl server" :port 6064)
+        (nrepl/start-server :bind "0.0.0.0" :port 6064 :handler cider-nrepl-handler))
+
+      (start)
+      (deref p))
     (catch Throwable cause
-      (l/error :hint (ex-message cause)
-               :cause cause)
+      (binding [*out* *err*]
+        (println "==== ERROR ===="))
+      (.printStackTrace cause)
+      (when-let [cause' (ex-cause cause)]
+        (binding [*out* *err*]
+          (println "==== CAUSE ===="))
+        (.printStackTrace cause'))
+      (px/sleep 500)
       (System/exit -1))))

backend/src/app/media.clj

@@ -10,12 +10,16 @@
    [app.common.data :as d]
    [app.common.exceptions :as ex]
    [app.common.media :as cm]
+   [app.common.schema :as sm]
+   [app.common.schema.generators :as sg]
+   [app.common.schema.openapi :as-alias oapi]
    [app.common.spec :as us]
+   [app.common.svg :as csvg]
    [app.config :as cf]
    [app.db :as-alias db]
    [app.storage :as-alias sto]
    [app.storage.tmp :as tmp]
-   [app.util.svg :as svg]
+   [app.util.time :as dt]
    [buddy.core.bytes :as bb]
    [buddy.core.codecs :as bc]
    [clojure.java.shell :as sh]
@@ -28,6 +32,9 @@
    org.im4java.core.IMOperation
    org.im4java.core.Info))
 
+(def default-max-file-size
+  (* 1024 1024 30)) ; 30 MiB
+
 (s/def ::path fs/path?)
 (s/def ::filename string?)
 (s/def ::size integer?)
@@ -43,6 +50,27 @@
   (s/keys :req-un [::path]
           :opt-un [::mtype]))
 
+(sm/def! ::fs/path
+  {:type ::fs/path
+   :pred fs/path?
+   :type-properties
+   {:title "path"
+    :description "filesystem path"
+    :error/message "expected a valid fs path instance"
+    :gen/gen (sg/generator :string)
+    ::oapi/type "string"
+    ::oapi/format "unix-path"
+    ::oapi/decode fs/path}})
+
+(sm/def! ::upload
+  [:map {:title "Upload"}
+   [:filename :string]
+   [:size :int]
+   [:path ::fs/path]
+   [:mtype {:optional true} :string]
+   [:headers {:optional true}
+    [:map-of :string :string]]])
+
 (defn validate-media-type!
   ([upload] (validate-media-type! upload cm/valid-image-types))
   ([upload allowed]
@@ -53,6 +81,16 @@
 
    upload))
 
+(defn validate-media-size!
+  [upload]
+  (when (> (:size upload) (cf/get :media-max-file-size default-max-file-size))
+    (ex/raise :type :restriction
+              :code :media-max-file-size-reached
+              :hint (str/ffmt "the uploaded file size % is greater than the maximum %"
+                              (:size upload)
+                              default-max-file-size)))
+  upload)
+
 (defmulti process :cmd)
 (defmulti process-error class)
 
@@ -163,12 +201,12 @@
   (us/assert ::input input)
   (let [{:keys [path mtype]} input]
     (if (= mtype "image/svg+xml")
-      (let [info (some-> path slurp svg/pre-process svg/parse get-basic-info-from-svg)]
+      (let [info (some-> path slurp csvg/parse get-basic-info-from-svg)]
         (when-not info
           (ex/raise :type :validation
                     :code :invalid-svg-file
                     :hint "uploaded svg does not provides dimensions"))
-        (merge input info))
+        (merge input info {:ts (dt/now)}))
 
       (let [instance (Info. (str path))
             mtype'   (.getProperty instance "Mime type")]
@@ -183,7 +221,8 @@
         ;; any frame.
         (assoc input
                :width  (.getPageWidth instance)
-               :height (.getPageHeight instance))))))
+               :height (.getPageHeight instance)
+               :ts (dt/now))))))
 
 (defmethod process-error org.im4java.core.InfoException
   [error]

backend/src/app/metrics.clj

@@ -89,12 +89,12 @@
 
 
 (defn- handler
-  [registry _ respond _]
+  [registry _]
   (let [samples  (.metricFamilySamples ^CollectorRegistry registry)
         writer   (StringWriter.)]
     (TextFormat/write004 writer samples)
-    (respond {:headers {"content-type" TextFormat/CONTENT_TYPE_004}
-              :body (.toString writer)})))
+    {:headers {"content-type" TextFormat/CONTENT_TYPE_004}
+     :body (.toString writer)}))
 
 
 

backend/src/app/migrations.clj

@@ -315,7 +315,29 @@
    {:name "0101-mod-server-error-report-table"
     :fn (mg/resource "app/migrations/sql/0101-mod-server-error-report-table.sql")}
 
-  ])
+   {:name "0102-mod-access-token-table"
+    :fn (mg/resource "app/migrations/sql/0102-mod-access-token-table.sql")}
+
+   {:name "0103-mod-file-object-thumbnail-table"
+    :fn (mg/resource "app/migrations/sql/0103-mod-file-object-thumbnail-table.sql")}
+
+   {:name "0104-mod-file-thumbnail-table"
+    :fn (mg/resource "app/migrations/sql/0104-mod-file-thumbnail-table.sql")}
+
+   {:name "0105-mod-file-change-table"
+    :fn (mg/resource "app/migrations/sql/0105-mod-file-change-table.sql")}
+
+   {:name "0105-mod-server-error-report-table"
+    :fn (mg/resource "app/migrations/sql/0105-mod-server-error-report-table.sql")}
+
+   {:name "0106-add-file-tagged-object-thumbnail-table"
+    :fn (mg/resource "app/migrations/sql/0106-add-file-tagged-object-thumbnail-table.sql")}
+
+   {:name "0106-mod-team-table"
+    :fn (mg/resource "app/migrations/sql/0106-mod-team-table.sql")}
+
+   {:name "0107-mod-file-tagged-object-thumbnail-table"
+    :fn (mg/resource "app/migrations/sql/0107-mod-file-tagged-object-thumbnail-table.sql")}])
 
 (defn apply-migrations!
   [pool name migrations]

backend/src/app/migrations/sql/0102-mod-access-token-table.sql

@@ -0,0 +1,2 @@
+ALTER TABLE access_token
+ ADD COLUMN expires_at timestamptz NULL;

backend/src/app/migrations/sql/0103-mod-file-object-thumbnail-table.sql

@@ -0,0 +1,2 @@
+ALTER TABLE file_object_thumbnail
+  ADD COLUMN media_id uuid NULL REFERENCES storage_object(id) ON DELETE CASCADE DEFERRABLE;

backend/src/app/migrations/sql/0104-mod-file-thumbnail-table.sql

@@ -0,0 +1,2 @@
+ALTER TABLE file_thumbnail
+  ADD COLUMN media_id uuid NULL REFERENCES storage_object(id) ON DELETE CASCADE DEFERRABLE;

backend/src/app/migrations/sql/0105-mod-file-change-table.sql

@@ -0,0 +1,9 @@
+ALTER TABLE file_change
+  ADD COLUMN label text NULL;
+
+ALTER TABLE file_change
+  ALTER COLUMN label SET STORAGE external;
+
+CREATE INDEX file_change__label__idx
+    ON file_change (file_id, label)
+ WHERE label is not null;

backend/src/app/migrations/sql/0105-mod-server-error-report-table.sql

@@ -0,0 +1,2 @@
+CREATE INDEX server_error_report__created_at__idx
+    ON server_error_report ( created_at );

backend/src/app/migrations/sql/0106-add-file-tagged-object-thumbnail-table.sql

@@ -0,0 +1,10 @@
+CREATE TABLE file_tagged_object_thumbnail (
+  file_id uuid NOT NULL REFERENCES file(id) ON DELETE CASCADE DEFERRABLE,
+  tag text DEFAULT 'frame',
+  object_id text NOT NULL,
+
+  media_id uuid NOT NULL REFERENCES storage_object(id) ON DELETE CASCADE DEFERRABLE,
+  created_at timestamptz NOT NULL DEFAULT now(),
+
+  PRIMARY KEY(file_id, tag, object_id)
+);

backend/src/app/migrations/sql/0106-mod-team-table.sql

@@ -0,0 +1 @@
+ALTER TABLE team ADD COLUMN features text[] NULL DEFAULT null;

backend/src/app/migrations/sql/0107-mod-file-tagged-object-thumbnail-table.sql

@@ -0,0 +1,2 @@
+CREATE INDEX file_tagged_object_thumbnail__media_id__idx
+    ON file_tagged_object_thumbnail (media_id);

backend/src/app/msgbus.clj

@@ -8,20 +8,18 @@
   "The msgbus abstraction implemented using redis as underlying backend."
   (:require
    [app.common.data :as d]
-   [app.common.exceptions :as ex]
    [app.common.logging :as l]
    [app.common.spec :as us]
    [app.common.transit :as t]
    [app.config :as cfg]
-   [app.redis :as redis]
-   [app.util.async :as aa]
+   [app.redis :as rds]
    [app.util.time :as dt]
    [app.worker :as wrk]
-   [clojure.core.async :as a]
    [clojure.spec.alpha :as s]
    [integrant.core :as ig]
    [promesa.core :as p]
-   [promesa.exec :as px]))
+   [promesa.exec :as px]
+   [promesa.exec.csp :as sp]))
 
 (set! *warn-on-reflection* true)
 
@@ -34,132 +32,116 @@
 (def ^:private xform-prefix-topic
   (map (fn [obj] (update obj :topic prefix-topic))))
 
-(declare ^:private redis-connect)
-(declare ^:private redis-disconnect)
-(declare ^:private redis-pub)
-(declare ^:private redis-sub)
-(declare ^:private redis-unsub)
+(declare ^:private redis-pub!)
+(declare ^:private redis-sub!)
+(declare ^:private redis-unsub!)
 (declare ^:private start-io-loop!)
 (declare ^:private subscribe-to-topics)
 (declare ^:private unsubscribe-channels)
 
-(defmethod ig/prep-key ::msgbus
-  [_ cfg]
-  (merge {:buffer-size 128
-          :timeout (dt/duration {:seconds 30})}
-         (d/without-nils cfg)))
-
-(s/def ::cmd-ch ::aa/channel)
-(s/def ::rcv-ch ::aa/channel)
-(s/def ::pub-ch ::aa/channel)
+(s/def ::cmd-ch sp/chan?)
+(s/def ::rcv-ch sp/chan?)
+(s/def ::pub-ch sp/chan?)
 (s/def ::state ::us/agent)
-(s/def ::pconn ::redis/connection-holder)
-(s/def ::sconn ::redis/connection-holder)
+(s/def ::pconn ::rds/connection-holder)
+(s/def ::sconn ::rds/connection-holder)
 (s/def ::msgbus
   (s/keys :req [::cmd-ch ::rcv-ch ::pub-ch ::state ::pconn ::sconn ::wrk/executor]))
 
-(s/def ::buffer-size ::us/integer)
-
 (defmethod ig/pre-init-spec ::msgbus [_]
-  (s/keys :req-un [::buffer-size ::redis/timeout ::redis/redis ::wrk/executor]))
+  (s/keys :req [::rds/redis ::wrk/executor]))
+
+(defmethod ig/prep-key ::msgbus
+  [_ cfg]
+  (-> cfg
+      (assoc ::buffer-size 128)
+      (assoc ::timeout (dt/duration {:seconds 30}))))
 
 (defmethod ig/init-key ::msgbus
-  [_ {:keys [buffer-size executor] :as cfg}]
+  [_ {:keys [::buffer-size ::wrk/executor ::timeout ::rds/redis] :as cfg}]
   (l/info :hint "initialize msgbus" :buffer-size buffer-size)
-  (let [cmd-ch (a/chan buffer-size)
-        rcv-ch (a/chan (a/dropping-buffer buffer-size))
-        pub-ch (a/chan (a/dropping-buffer buffer-size) xform-prefix-topic)
+  (let [cmd-ch (sp/chan :buf buffer-size)
+        rcv-ch (sp/chan :buf (sp/dropping-buffer buffer-size))
+        pub-ch (sp/chan :buf (sp/dropping-buffer buffer-size)
+                        :xf  xform-prefix-topic)
         state  (agent {})
-        msgbus (-> (redis-connect cfg)
+
+        pconn  (rds/connect redis :timeout timeout)
+        sconn  (rds/connect redis :type :pubsub :timeout timeout)
+        msgbus (-> cfg
+                   (assoc ::pconn pconn)
+                   (assoc ::sconn sconn)
                    (assoc ::cmd-ch cmd-ch)
                    (assoc ::rcv-ch rcv-ch)
                    (assoc ::pub-ch pub-ch)
                    (assoc ::state state)
                    (assoc ::wrk/executor executor))]
 
-    (us/verify! ::msgbus msgbus)
-
     (set-error-handler! state #(l/error :cause % :hint "unexpected error on agent" ::l/sync? true))
     (set-error-mode! state :continue)
-    (start-io-loop! msgbus)
 
-    msgbus))
-
-(defn sub!
-  [{:keys [::state ::wrk/executor] :as cfg} & {:keys [topic topics chan]}]
-  (let [done-ch (a/chan)
-        topics  (into [] (map prefix-topic) (if topic [topic] topics))]
-    (l/debug :hint "subscribe" :topics topics)
-    (send-via executor state subscribe-to-topics cfg topics chan done-ch)
-    done-ch))
-
-(defn pub!
-  [{::keys [pub-ch]} & {:as params}]
-  (a/go
-    (a/>! pub-ch params)))
-
-(defn purge!
-  [{:keys [::state ::wrk/executor] :as msgbus} chans]
-  (l/trace :hint "purge" :chans (count chans))
-  (let [done-ch (a/chan)]
-    (send-via executor state unsubscribe-channels msgbus chans done-ch)
-    done-ch))
+    (assoc msgbus ::io-thr (start-io-loop! msgbus))))
 
 (defmethod ig/halt-key! ::msgbus
   [_ msgbus]
-  (redis-disconnect msgbus)
-  (a/close! (::cmd-ch msgbus))
-  (a/close! (::rcv-ch msgbus))
-  (a/close! (::pub-ch msgbus)))
+  (px/interrupt! (::io-thr msgbus))
+  (sp/close! (::cmd-ch msgbus))
+  (sp/close! (::rcv-ch msgbus))
+  (sp/close! (::pub-ch msgbus))
+  (d/close! (::pconn msgbus))
+  (d/close! (::sconn msgbus)))
+
+(defn sub!
+  [{:keys [::state ::wrk/executor] :as cfg} & {:keys [topic topics chan]}]
+  (let [topics (into [] (map prefix-topic) (if topic [topic] topics))]
+    (l/debug :hint "subscribe" :topics topics :chan (hash chan))
+    (send-via executor state subscribe-to-topics cfg topics chan)
+    nil))
+
+(defn pub!
+  [{::keys [pub-ch]} & {:as params}]
+  (sp/put! pub-ch params))
+
+(defn purge!
+  [{:keys [::state ::wrk/executor] :as msgbus} chans]
+  (l/debug :hint "purge" :chans (count chans))
+  (send-via executor state unsubscribe-channels msgbus chans)
+  nil)
 
 ;; --- IMPL
 
-(defn- redis-connect
-  [{:keys [timeout redis] :as cfg}]
-  (let [pconn (redis/connect redis :timeout timeout)
-        sconn (redis/connect redis :type :pubsub :timeout timeout)]
-    {::pconn pconn
-     ::sconn sconn}))
-
-(defn- redis-disconnect
-  [{:keys [::pconn ::sconn] :as cfg}]
-  (d/close! pconn)
-  (d/close! sconn))
-
 (defn- conj-subscription
   "A low level function that is responsible to create on-demand
   subscriptions on redis. It reuses the same subscription if it is
-  already established. Intended to be executed in agent."
+  already established."
   [nsubs cfg topic chan]
   (let [nsubs (if (nil? nsubs) #{chan} (conj nsubs chan))]
     (when (= 1 (count nsubs))
       (l/trace :hint "open subscription" :topic topic ::l/sync? true)
-      (redis-sub cfg topic))
+      (redis-sub! cfg topic))
     nsubs))
 
 (defn- disj-subscription
   "A low level function responsible on removing subscriptions. The
   subscription is truly removed from redis once no single local
-  subscription is look for it. Intended to be executed in agent."
+  subscription is look for it."
   [nsubs cfg topic chan]
   (let [nsubs (disj nsubs chan)]
     (when (empty? nsubs)
       (l/trace :hint "close subscription" :topic topic ::l/sync? true)
-      (redis-unsub cfg topic))
+      (redis-unsub! cfg topic))
     nsubs))
 
 (defn- subscribe-to-topics
-  "Function responsible to attach local subscription to the
-  state. Intended to be used in agent."
-  [state cfg topics chan done-ch]
-  (aa/with-closing done-ch
-    (let [state (update state :chans assoc chan topics)]
-      (reduce (fn [state topic]
-                (update-in state [:topics topic] conj-subscription cfg topic chan))
-              state
-              topics))))
+  "Function responsible to attach local subscription to the state."
+  [state cfg topics chan]
+  (let [state (update state :chans assoc chan topics)]
+    (reduce (fn [state topic]
+              (update-in state [:topics topic] conj-subscription cfg topic chan))
+            state
+            topics)))
 
-(defn- unsubscribe-single-channel
+(defn- unsubscribe-channel
   "Auxiliary function responsible on removing a single local
   subscription from the state."
   [state cfg chan]
@@ -174,87 +156,113 @@
   "Function responsible from detach from state a seq of channels,
   useful when client disconnects or in-bulk unsubscribe
   operations. Intended to be executed in agent."
-  [state cfg channels done-ch]
-  (aa/with-closing done-ch
-    (reduce #(unsubscribe-single-channel %1 cfg %2) state channels)))
+  [state cfg channels]
+  (reduce #(unsubscribe-channel %1 cfg %2) state channels))
 
 (defn- create-listener
   [rcv-ch]
-  (redis/pubsub-listener
+  (rds/pubsub-listener
    :on-message (fn [_ topic message]
                  ;; There are no back pressure, so we use a slidding
                  ;; buffer for cases when the pubsub broker sends
                  ;; more messages that we can process.
                  (let [val {:topic topic :message (t/decode message)}]
-                   (when-not (a/offer! rcv-ch val)
+                   (when-not (sp/offer! rcv-ch val)
                      (l/warn :msg "dropping message on subscription loop"))))))
 
+(defn- process-input!
+  [{:keys [::state ::wrk/executor] :as cfg} topic message]
+  (let [chans (get-in @state [:topics topic])]
+    (when-let [closed (loop [chans  (seq chans)
+                             closed #{}]
+                        (if-let [ch (first chans)]
+                          (if (sp/put! ch message)
+                            (recur (rest chans) closed)
+                            (recur (rest chans) (conj closed ch)))
+                          (seq closed)))]
+      (send-via executor state unsubscribe-channels cfg closed))))
+
+
 (defn start-io-loop!
   [{:keys [::sconn ::rcv-ch ::pub-ch ::state ::wrk/executor] :as cfg}]
-  (redis/add-listener! sconn (create-listener rcv-ch))
-  (letfn [(send-to-topic [topic message]
-            (a/go-loop [chans  (seq (get-in @state [:topics topic]))
-                        closed #{}]
-              (if-let [ch (first chans)]
-                (if (a/>! ch message)
-                  (recur (rest chans) closed)
-                  (recur (rest chans) (conj closed ch)))
-                (seq closed))))
+  (rds/add-listener! sconn (create-listener rcv-ch))
 
-          (process-incoming [{:keys [topic message]}]
-            (a/go
-              (when-let [closed (a/<! (send-to-topic topic message))]
-                (send-via executor state unsubscribe-channels cfg closed nil))))
-          ]
-    (px/thread
-      {:name "penpot/msgbus-io-loop"}
+  (px/thread
+    {:name "penpot/msgbus/io-loop"
+     :virtual true}
+    (try
       (loop []
-        (let [[val port] (a/alts!! [pub-ch rcv-ch])]
+        (let [timeout-ch (sp/timeout-chan 1000)
+              [val port] (sp/alts! [timeout-ch pub-ch rcv-ch])]
           (cond
-            (nil? val)
-            (do
-              (l/trace :hint "stopping io-loop, nil received")
-              (send-via executor state (fn [state]
-                                         (->> (vals state)
-                                              (mapcat identity)
-                                              (filter some?)
-                                              (run! a/close!))
-                                         nil)))
-
-            (= port rcv-ch)
-            (do
-              (a/<!! (process-incoming val))
+            (identical? port timeout-ch)
+            (let [closed (->> (:chans @state)
+                              (map key)
+                              (filter sp/closed?))]
+              (when (seq closed)
+                (send-via executor state unsubscribe-channels cfg closed)
+                (l/debug :hint "proactively purge channels" :count (count closed)))
               (recur))
 
-            (= port pub-ch)
-            (let [result (a/<!! (redis-pub cfg val))]
-              (when (ex/exception? result)
-                (l/error :hint "unexpected error on publishing"
-                         :message val
-                         :cause result))
-              (recur))))))))
+            (nil? val)
+            (throw (InterruptedException. "internally interrupted"))
 
-(defn- redis-pub
+            (identical? port rcv-ch)
+            (let [{:keys [topic message]} val]
+              (process-input! cfg topic message)
+              (recur))
+
+            (identical? port pub-ch)
+            (do
+              (redis-pub! cfg val)
+              (recur)))))
+
+      (catch InterruptedException _
+        (l/trace :hint "io-loop thread interrumpted"))
+
+      (catch Throwable cause
+        (l/error :hint "unexpected exception on io-loop thread"
+                 :cause cause))
+      (finally
+        (l/trace :hint "clearing io-loop state")
+        (when-let [chans (:chans @state)]
+          (run! sp/close! (keys chans)))
+
+        (l/debug :hint "io-loop thread terminated")))))
+
+
+(defn- redis-pub!
   "Publish a message to the redis server. Asynchronous operation,
   intended to be used in core.async go blocks."
   [{:keys [::pconn] :as cfg} {:keys [topic message]}]
-  (let [message (t/encode message)
-        res     (a/chan 1)]
-    (-> (redis/publish! pconn topic message)
-        (p/finally (fn [_ cause]
-                     (when (and cause (redis/open? pconn))
-                       (a/offer! res cause))
-                     (a/close! res))))
-    res))
+  (try
+    (p/await! (rds/publish! pconn topic (t/encode message)))
+    (catch InterruptedException cause
+      (throw cause))
+    (catch Throwable cause
+      (l/error :hint "unexpected error on publishing"
+               :message message
+               :cause cause))))
 
-(defn redis-sub
+(defn- redis-sub!
   "Create redis subscription. Blocking operation, intended to be used
   inside an agent."
   [{:keys [::sconn] :as cfg} topic]
-  (redis/subscribe! sconn topic))
+  (try
+    (rds/subscribe! sconn topic)
+    (catch InterruptedException cause
+      (throw cause))
+    (catch Throwable cause
+      (l/trace :hint "exception on subscribing" :topic topic :cause cause))))
 
-(defn redis-unsub
+(defn- redis-unsub!
   "Removes redis subscription. Blocking operation, intended to be used
   inside an agent."
   [{:keys [::sconn] :as cfg} topic]
-  (redis/unsubscribe! sconn topic))
+  (try
+    (rds/unsubscribe! sconn topic)
+    (catch InterruptedException cause
+      (throw cause))
+    (catch Throwable cause
+      (l/trace :hint "exception on unsubscribing" :topic topic :cause cause))))
+

backend/src/app/redis.clj

@@ -8,17 +8,21 @@
   "The msgbus abstraction implemented using redis as underlying backend."
   (:require
    [app.common.data :as d]
+   [app.common.exceptions :as ex]
    [app.common.logging :as l]
    [app.common.spec :as us]
    [app.metrics :as mtx]
    [app.redis.script :as-alias rscript]
+   [app.util.cache :as cache]
    [app.util.time :as dt]
+   [app.worker :as-alias wrk]
    [clojure.core :as c]
    [clojure.java.io :as io]
    [clojure.spec.alpha :as s]
    [cuerdas.core :as str]
    [integrant.core :as ig]
-   [promesa.core :as p])
+   [promesa.core :as p]
+   [promesa.exec :as px])
   (:import
    clojure.lang.IDeref
    clojure.lang.MapEntry
@@ -87,7 +91,7 @@
 (s/def ::connect? ::us/boolean)
 (s/def ::io-threads ::us/integer)
 (s/def ::worker-threads ::us/integer)
-(s/def ::cache #(instance? clojure.lang.Atom %))
+(s/def ::cache some?)
 
 (s/def ::redis
   (s/keys :req [::resources
@@ -99,11 +103,11 @@
 
 (defmethod ig/prep-key ::redis
   [_ cfg]
-  (let [runtime (Runtime/getRuntime)
-        cpus    (.availableProcessors ^Runtime runtime)]
+  (let [cpus    (px/get-available-processors)
+        threads (max 1 (int (* cpus 0.2)))]
     (merge {::timeout (dt/duration "10s")
-            ::io-threads (max 3 cpus)
-            ::worker-threads (max 3 cpus)}
+            ::io-threads (max 3 threads)
+            ::worker-threads (max 3 threads)}
            (d/without-nils cfg))))
 
 (defmethod ig/pre-init-spec ::redis [_]
@@ -129,6 +133,15 @@
 (def string-codec
   (RedisCodec/of StringCodec/UTF8 StringCodec/UTF8))
 
+(defn- create-cache
+  [{:keys [::wrk/executor] :as cfg}]
+  (letfn [(on-remove [key val cause]
+            (l/trace :hint "evict connection (cache)" :key key :reason cause)
+            (some-> val d/close!))]
+    (cache/create :executor executor
+                  :on-remove on-remove
+                  :keepalive "5m")))
+
 (defn- initialize-resources
   "Initialize redis connection resources"
   [{:keys [::uri ::io-threads ::worker-threads ::connect?] :as cfg}]
@@ -145,19 +158,21 @@
                       (timer ^Timer timer)
                       (build))
 
-        redis-uri (RedisURI/create ^String uri)]
+        redis-uri (RedisURI/create ^String uri)
+        cfg       (-> cfg
+                      (assoc ::resources resources)
+                      (assoc ::timer timer)
+                      (assoc ::redis-uri redis-uri))]
 
-    (-> cfg
-        (assoc ::resources resources)
-        (assoc ::timer timer)
-        (assoc ::cache (atom {}))
-        (assoc ::redis-uri redis-uri))))
+    (assoc cfg ::cache (create-cache cfg))))
 
 (defn- shutdown-resources
   [{:keys [::resources ::cache ::timer]}]
-  (run! d/close! (vals @cache))
+  (cache/invalidate-all! cache)
+
   (when resources
     (.shutdown ^ClientResources resources))
+
   (when timer
     (.stop ^Timer timer)))
 
@@ -173,6 +188,7 @@
                   :default (.connect ^RedisClient client ^RedisCodec codec)
                   :pubsub  (.connectPubSub ^RedisClient client ^RedisCodec codec))]
 
+    (l/trc :hint "connect" :hid (hash client))
     (.setTimeout ^StatefulConnection conn ^Duration timeout)
     (reify
       IDeref
@@ -180,8 +196,9 @@
 
       AutoCloseable
       (close [_]
-        (.close ^StatefulConnection conn)
-        (.shutdown ^RedisClient client)))))
+        (ex/ignoring (.close ^StatefulConnection conn))
+        (ex/ignoring (.shutdown ^RedisClient client))
+        (l/trc :hint "disconnect" :hid (hash client))))))
 
 (defn connect
   [state & {:as opts}]
@@ -194,15 +211,10 @@
 (defn get-or-connect
   [{:keys [::cache] :as state} key options]
   (us/assert! ::redis state)
-  (-> state
-      (assoc ::connection
-             (or (get @cache key)
-                 (-> (swap! cache (fn [cache]
-                                    (when-let [prev (get cache key)]
-                                      (d/close! prev))
-                                    (assoc cache key (connect* state options))))
-                     (get key))))
-      (dissoc ::cache)))
+  (let [connection (cache/get cache key (fn [_] (connect* state options)))]
+    (-> state
+        (dissoc ::cache)
+        (assoc ::connection connection))))
 
 (defn add-listener!
   [{:keys [::connection] :as conn} listener]
@@ -344,7 +356,7 @@
                 (do
                   (l/error :hint "no script found" :name sname :cause cause)
                   (->> (load-script)
-                       (p/mapcat eval-script)))
+                       (p/mcat eval-script)))
                 (if-let [on-error (::rscript/on-error script)]
                   (on-error cause)
                   (p/rejected cause))))
@@ -375,15 +387,16 @@
             (load-script []
               (l/trace :hint "load script" :name sname)
               (->> (.scriptLoad ^RedisScriptingAsyncCommands cmd
-                               ^String (read-script))
-                   (p/map (fn [sha]
-                            (swap! scripts-cache assoc sname sha)
-                            sha))))]
+                                ^String (read-script))
+                   (p/fmap (fn [sha]
+                             (swap! scripts-cache assoc sname sha)
+                             sha))))]
 
-      (if-let [sha (get @scripts-cache sname)]
-        (eval-script sha)
-        (->> (load-script)
-             (p/mapcat eval-script))))))
+      (p/await!
+       (if-let [sha (get @scripts-cache sname)]
+         (eval-script sha)
+         (->> (load-script)
+              (p/mapcat eval-script)))))))
 
 (defn timeout-exception?
   [cause]

backend/src/app/rpc.clj

@@ -10,8 +10,8 @@
    [app.common.data :as d]
    [app.common.exceptions :as ex]
    [app.common.logging :as l]
+   [app.common.schema :as sm]
    [app.common.spec :as us]
-   [app.common.uuid :as uuid]
    [app.config :as cf]
    [app.db :as db]
    [app.http :as-alias http]
@@ -19,7 +19,6 @@
    [app.http.client :as-alias http.client]
    [app.http.session :as session]
    [app.loggers.audit :as audit]
-   [app.loggers.webhooks :as-alias webhooks]
    [app.main :as-alias main]
    [app.metrics :as mtx]
    [app.msgbus :as-alias mbus]
@@ -31,13 +30,11 @@
    [app.storage :as-alias sto]
    [app.util.services :as sv]
    [app.util.time :as dt]
-   [app.worker :as-alias wrk]
    [clojure.spec.alpha :as s]
    [integrant.core :as ig]
    [promesa.core :as p]
-   [promesa.exec :as px]
-   [yetti.request :as yrq]
-   [yetti.response :as yrs]))
+   [ring.request :as rreq]
+   [ring.response :as rres]))
 
 (s/def ::profile-id ::us/uuid)
 
@@ -47,12 +44,10 @@
 
 (defn- handle-response-transformation
   [response request mdata]
-  (let [transform-fn (reduce (fn [res-fn transform-fn]
-                               (fn [request response]
-                                 (p/then (res-fn request response) #(transform-fn request %))))
-                             (constantly response)
-                             (::response-transform-fns mdata))]
-    (transform-fn request response)))
+  (reduce (fn [response transform-fn]
+            (transform-fn request response))
+          response
+          (::response-transform-fns mdata)))
 
 (defn- handle-before-comple-hook
   [response mdata]
@@ -62,90 +57,39 @@
 
 (defn- handle-response
   [request result]
-  (if (fn? result)
-    (p/wrap (result request))
-    (let [mdata (meta result)]
-      (p/-> (yrs/response {:status  (::http/status mdata 200)
-                           :headers (::http/headers mdata {})
-                           :body    (rph/unwrap result)})
-            (handle-response-transformation request mdata)
-            (handle-before-comple-hook mdata)))))
+  (let [mdata    (meta result)
+        response (if (fn? result)
+                   (result request)
+                   (let [result (rph/unwrap result)]
+                     {::rres/status  (::http/status mdata 200)
+                      ::rres/headers (::http/headers mdata {})
+                      ::rres/body    result}))]
+    (-> response
+        (handle-response-transformation request mdata)
+        (handle-before-comple-hook mdata))))
 
-(defn- rpc-query-handler
-  "Ring handler that dispatches query requests and convert between
-  internal async flow into ring async flow."
-  [methods {:keys [params path-params] :as request} respond raise]
-  (let [type       (keyword (:type path-params))
-        profile-id (or (::session/profile-id request)
-                       (::actoken/profile-id request))
-
-        data       (-> params
-                       (assoc ::request-at (dt/now))
-                       (assoc ::http/request request))
-        data       (if profile-id
-                     (-> data
-                         (assoc :profile-id profile-id)
-                         (assoc ::profile-id profile-id))
-                     (dissoc data :profile-id ::profile-id))
-        method     (get methods type default-handler)]
-
-    (->> (method data)
-         (p/mcat (partial handle-response request))
-         (p/fnly (fn [response cause]
-                   (if cause
-                     (raise cause)
-                     (respond response)))))))
-
-(defn- rpc-mutation-handler
-  "Ring handler that dispatches mutation requests and convert between
-  internal async flow into ring async flow."
-  [methods {:keys [params path-params] :as request} respond raise]
-  (let [type       (keyword (:type path-params))
-        profile-id (or (::session/profile-id request)
-                       (::actoken/profile-id request))
-        data       (-> params
-                       (assoc ::request-at (dt/now))
-                       (assoc ::http/request request))
-        data       (if profile-id
-                     (-> data
-                         (assoc :profile-id profile-id)
-                         (assoc ::profile-id profile-id))
-                     (dissoc data :profile-id))
-        method     (get methods type default-handler)]
-
-    (->> (method data)
-         (p/mcat (partial handle-response request))
-         (p/fnly (fn [response cause]
-                   (if cause
-                     (raise cause)
-                     (respond response)))))))
-
-(defn- rpc-command-handler
+(defn- rpc-handler
   "Ring handler that dispatches cmd requests and convert between
   internal async flow into ring async flow."
-  [methods {:keys [params path-params] :as request} respond raise]
+  [methods {:keys [params path-params] :as request}]
   (let [type       (keyword (:type path-params))
-        etag       (yrq/get-header request "if-none-match")
+        etag       (rreq/get-header request "if-none-match")
         profile-id (or (::session/profile-id request)
                        (::actoken/profile-id request))
 
         data       (-> params
                        (assoc ::request-at (dt/now))
                        (assoc ::session/id (::session/id request))
-                       (assoc ::http/request request)
                        (assoc ::cond/key etag)
                        (cond-> (uuid? profile-id)
                          (assoc ::profile-id profile-id)))
 
-        method    (get methods type default-handler)]
+        data       (vary-meta data assoc ::http/request request)
+        method     (get methods type default-handler)]
 
     (binding [cond/*enabled* true]
-      (->> (method data)
-           (p/mcat (partial handle-response request))
-           (p/fnly (fn [response cause]
-                     (if cause
-                       (raise cause)
-                       (respond response))))))))
+      (let [response (method data)]
+        (handle-response request response)))))
 
 (defn- wrap-metrics
   "Wrap service method with metrics measurement."
@@ -153,127 +97,91 @@
   (let [labels (into-array String [(::sv/name mdata)])]
     (fn [cfg params]
       (let [tp (dt/tpoint)]
-        (->> (f cfg params)
-             (p/fnly (fn [_ _]
-                       (mtx/run! metrics
-                                 :id metrics-id
-                                 :val (inst-ms (tp))
-                                 :labels labels))))))))
-
+        (try
+          (f cfg params)
+          (finally
+            (mtx/run! metrics
+                      :id metrics-id
+                      :val (inst-ms (tp))
+                      :labels labels)))))))
 
 (defn- wrap-authentication
   [_ f mdata]
   (fn [cfg params]
     (let [profile-id (::profile-id params)]
       (if (and (::auth mdata true) (not (uuid? profile-id)))
-        (p/rejected
-         (ex/error :type :authentication
-                   :code :authentication-required
-                   :hint "authentication required for this endpoint"))
+        (ex/raise :type :authentication
+                  :code :authentication-required
+                  :hint "authentication required for this endpoint")
         (f cfg params)))))
 
-(defn- wrap-access-token
-  "Wraps service method with access token validation."
-  [_ f {:keys [::sv/name] :as mdata}]
-  (if (contains? cf/flags :access-tokens)
-    (fn [cfg params]
-      (let [request (::http/request params)]
-        (if (contains? request ::actoken/id)
-          (let [perms (::actoken/perms request #{})]
-            (if (contains? perms name)
-              (f cfg params)
-              (p/rejected
-               (ex/error :type :authorization
-                         :code :operation-not-allowed
-                         :allowed perms))))
-          (f cfg params))))
-    f))
-
-(defn- wrap-dispatch
-  "Wraps service method into async flow, with the ability to dispatching
-  it to a preconfigured executor service."
-  [{:keys [::wrk/executor] :as cfg} f mdata]
-  (with-meta
-    (fn [cfg params]
-      (->> (px/submit! executor (px/wrap-bindings #(f cfg params)))
-           (p/mapcat p/wrap)
-           (p/map rph/wrap)))
-    mdata))
-
 (defn- wrap-audit
-  [cfg f mdata]
+  [_ f mdata]
   (if (or (contains? cf/flags :webhooks)
           (contains? cf/flags :audit-log))
-    (letfn [(handle-audit [params result]
-              (let [resultm    (meta result)
-                    request    (::http/request params)
-
-                    profile-id (or (::audit/profile-id resultm)
-                                   (:profile-id result)
-                                   (if (= (::type cfg) "command")
-                                     (::profile-id params)
-                                     (:profile-id params))
-                                   uuid/zero)
-
-                    props      (-> (or (::audit/replace-props resultm)
-                                       (-> params
-                                           (merge (::audit/props resultm))
-                                           (dissoc :profile-id)
-                                           (dissoc :type)))
-                                   (audit/clean-props))
-
-                    event      {:type (or (::audit/type resultm)
-                                          (::type cfg))
-                                :name (or (::audit/name resultm)
-                                          (::sv/name mdata))
-                                :profile-id profile-id
-                                :ip-addr (some-> request audit/parse-client-ip)
-                                :props props
-
-                                ;; NOTE: for batch-key lookup we need the params as-is
-                                ;; because the rpc api does not need to know the
-                                ;; audit/webhook specific object layout.
-                                ::params (dissoc params ::http/request)
-
-                                ::webhooks/batch-key
-                                (or (::webhooks/batch-key mdata)
-                                    (::webhooks/batch-key resultm))
-
-                                ::webhooks/batch-timeout
-                                (or (::webhooks/batch-timeout mdata)
-                                    (::webhooks/batch-timeout resultm))
-
-                                ::webhooks/event?
-                                (or (::webhooks/event? mdata)
-                                    (::webhooks/event? resultm)
-                                    false)}]
-
-                (audit/submit! cfg event)))
-
-            (handle-request [cfg params]
-              (->> (f cfg params)
-                   (p/fnly (fn [result cause]
-                             (when-not cause
-                               (handle-audit params result))))))]
-
-      (if-not (::audit/skip mdata)
-        (with-meta handle-request mdata)
-        f))
+    (if-not (::audit/skip mdata)
+      (fn [cfg params]
+        (let [result (f cfg params)]
+          (->> (audit/prepare-event cfg mdata params result)
+               (audit/submit! cfg))
+          result))
+      f)
     f))
 
 (defn- wrap-spec-conform
   [_ f mdata]
-  (let [spec (or (::sv/spec mdata) (s/spec any?))]
-    (fn [cfg params]
-      (let [params (ex/try! (us/conform spec params))]
-        (if (ex/exception? params)
-          (p/rejected params)
-          (f cfg params))))))
+  ;; NOTE: skip spec conform operation on rpc methods that already
+  ;; uses malli validation mechanism.
+  (if (contains? mdata ::sm/params)
+    f
+    (if-let [spec (ex/ignoring (s/spec (::sv/spec mdata)))]
+      (fn [cfg params]
+        (f cfg (us/conform spec params)))
+      f)))
+
+;; TODO: integrate with sm/define
+
+(defn- wrap-params-validation
+  [_ f mdata]
+  (if-let [schema (::sm/params mdata)]
+    (let [schema   (if (sm/lazy-schema? schema)
+                     schema
+                     (sm/define schema))
+          validate (sm/validator schema)
+          explain  (sm/explainer schema)
+          decode   (sm/decoder schema)]
+      (fn [cfg params]
+        (let [params (decode params)]
+          (if (validate params)
+            (f cfg params)
+            (ex/raise :type :validation
+                      :code :params-validation
+                      ::sm/explain (explain params))))))
+    f))
+
+(defn- wrap-output-validation
+  [_ f mdata]
+  (if (contains? cf/flags :rpc-output-validation)
+    (or (when-let [schema (::sm/result mdata)]
+          (let [schema   (if (sm/lazy-schema? schema)
+                           schema
+                           (sm/define schema))
+                validate (sm/validator schema)
+                explain  (sm/explainer schema)]
+            (fn [cfg params]
+              (let [response (f cfg params)]
+                (when (map? response)
+                  (when-not (validate response)
+                    (ex/raise :type :validation
+                              :code :data-validation
+                              ::sm/explain (explain response))))
+                response))))
+        f)
+    f))
 
 (defn- wrap-all
   [cfg f mdata]
   (as-> f $
-    (wrap-dispatch cfg $ mdata)
     (wrap-metrics cfg $ mdata)
     (cond/wrap cfg $ mdata)
     (retry/wrap-retry cfg $ mdata)
@@ -281,43 +189,19 @@
     (rlimit/wrap cfg $ mdata)
     (wrap-audit cfg $ mdata)
     (wrap-spec-conform cfg $ mdata)
-    (wrap-authentication cfg $ mdata)
-    (wrap-access-token cfg $ mdata)))
+    (wrap-output-validation cfg $ mdata)
+    (wrap-params-validation cfg $ mdata)
+    (wrap-authentication cfg $ mdata)))
 
 (defn- wrap
   [cfg f mdata]
   (l/debug :hint "register method" :name (::sv/name mdata))
   (let [f (wrap-all cfg f mdata)]
-    (with-meta #(f cfg %) mdata)))
+    (partial f cfg)))
 
 (defn- process-method
-  [cfg vfn]
-  (let [mdata (meta vfn)]
-    [(keyword (::sv/name mdata))
-     (wrap cfg vfn mdata)]))
-
-(defn- resolve-query-methods
-  [cfg]
-  (let [cfg (assoc cfg ::type "query" ::metrics-id :rpc-query-timing)]
-    (->> (sv/scan-ns
-          'app.rpc.queries.projects
-          'app.rpc.queries.profile
-          'app.rpc.queries.viewer
-          'app.rpc.queries.fonts)
-         (map (partial process-method cfg))
-         (into {}))))
-
-(defn- resolve-mutation-methods
-  [cfg]
-  (let [cfg (assoc cfg ::type "mutation" ::metrics-id :rpc-mutation-timing)]
-    (->> (sv/scan-ns
-          'app.rpc.mutations.media
-          'app.rpc.mutations.profile
-          'app.rpc.mutations.projects
-          'app.rpc.mutations.fonts
-          'app.rpc.mutations.share-link)
-         (map (partial process-method cfg))
-         (into {}))))
+  [cfg [vfn mdata]]
+  [(keyword (::sv/name mdata)) [mdata (wrap cfg vfn mdata)]])
 
 (defn- resolve-command-methods
   [cfg]
@@ -336,6 +220,8 @@
           'app.rpc.commands.files-share
           'app.rpc.commands.files-temp
           'app.rpc.commands.files-update
+          'app.rpc.commands.files-snapshot
+          'app.rpc.commands.files-thumbnails
           'app.rpc.commands.ldap
           'app.rpc.commands.management
           'app.rpc.commands.media
@@ -357,8 +243,7 @@
                 ::ldap/provider
                 ::sto/storage
                 ::mtx/metrics
-                ::main/props
-                ::wrk/executor]
+                ::main/props]
           :opt [::climit
                 ::rlimit]
           :req-un [::db/pool]))
@@ -366,23 +251,10 @@
 (defmethod ig/init-key ::methods
   [_ cfg]
   (let [cfg (d/without-nils cfg)]
-    {:mutations (resolve-mutation-methods cfg)
-     :queries   (resolve-query-methods cfg)
-     :commands  (resolve-command-methods cfg)}))
-
-(s/def ::mutations
-  (s/map-of keyword? fn?))
-
-(s/def ::queries
-  (s/map-of keyword? fn?))
-
-(s/def ::commands
-  (s/map-of keyword? fn?))
+    (resolve-command-methods cfg)))
 
 (s/def ::methods
-  (s/keys :req-un [::mutations
-                   ::queries
-                   ::commands]))
+  (s/map-of keyword? (s/tuple map? fn?)))
 
 (s/def ::routes vector?)
 
@@ -390,16 +262,11 @@
   (s/keys :req [::methods
                 ::db/pool
                 ::main/props
-                ::wrk/executor
-                ::session/manager
-                ::actoken/manager]))
+                ::session/manager]))
 
 (defmethod ig/init-key ::routes
   [_ {:keys [::methods] :as cfg}]
-  [["/rpc" {:middleware [[session/authz cfg]
-                         [actoken/authz cfg]]}
-    ["/command/:type" {:handler (partial rpc-command-handler (:commands methods))}]
-    ["/query/:type" {:handler (partial rpc-query-handler (:queries methods))}]
-    ["/mutation/:type" {:handler (partial rpc-mutation-handler (:mutations methods))
-                        :allowed-methods #{:post}}]]])
-
+  (let [methods (update-vals methods peek)]
+    [["/rpc" {:middleware [[session/authz cfg]
+                           [actoken/authz cfg]]}
+      ["/command/:type" {:handler (partial rpc-handler methods)}]]]))

backend/src/app/rpc/climit.clj

@@ -6,14 +6,16 @@
 
 (ns app.rpc.climit
   "Concurrencly limiter for RPC."
+  (:refer-clojure :exclude [run!])
   (:require
-   [app.common.data :as d]
    [app.common.exceptions :as ex]
    [app.common.logging :as l]
    [app.common.spec :as us]
    [app.config :as cf]
    [app.metrics :as mtx]
    [app.rpc :as-alias rpc]
+   [app.rpc.climit.config :as-alias config]
+   [app.util.cache :as cache]
    [app.util.services :as-alias sv]
    [app.util.time :as dt]
    [app.worker :as-alias wrk]
@@ -23,184 +25,183 @@
    [integrant.core :as ig]
    [promesa.core :as p]
    [promesa.exec :as px]
-   [promesa.exec.bulkhead :as pxb])
+   [promesa.exec.bulkhead :as pbh])
   (:import
-   com.github.benmanes.caffeine.cache.Cache
-   com.github.benmanes.caffeine.cache.CacheLoader
-   com.github.benmanes.caffeine.cache.Caffeine
-   com.github.benmanes.caffeine.cache.RemovalListener))
+   clojure.lang.ExceptionInfo))
 
-(defn- capacity-exception?
-  [o]
-  (and (ex/error? o)
-       (let [data (ex-data o)]
-         (and (= :bulkhead-error (:type data))
-              (= :capacity-limit-reached (:code data))))))
+(set! *warn-on-reflection* true)
 
-(defn invoke!
-  [limiter f]
-  (->> (px/submit! limiter f)
-       (p/hcat (fn [result cause]
-                 (cond
-                   (capacity-exception? cause)
-                   (p/rejected
-                    (ex/error :type :internal
-                              :code :concurrency-limit-reached
-                              :queue (-> limiter meta ::bkey name)
-                              :cause cause))
+(defn- id->str
+  [id]
+  (-> (str id)
+      (subs 1)))
 
-                   (some? cause)
-                   (p/rejected cause)
+(defn- create-bulkhead-cache
+  [config]
+  (letfn [(load-fn [[id skey]]
+            (when-let [config (get config id)]
+              (l/trc :hint "insert into cache" :id (id->str id) :key skey)
+              (pbh/create :permits (or (:permits config) (:concurrency config))
+                          :queue (or (:queue config) (:queue-size config))
+                          :timeout (:timeout config)
+                          :type :semaphore)))
 
-                   :else
-                   (p/resolved result))))))
+          (on-remove [key _ cause]
+            (let [[id skey] key]
+              (l/trc :hint "evict from cache" :id (id->str id) :key skey :reason (str cause))))]
 
-(defn- create-limiter
-  [{:keys [::wrk/executor ::mtx/metrics ::bkey ::skey concurrency queue-size]}]
-  (let [labels   (into-array String [(name bkey)])
-        on-queue (fn [instance]
-                   (l/trace :hint "enqueued"
-                            :key (name bkey)
-                            :skey (str skey)
-                            :queue-size (get instance ::pxb/current-queue-size)
-                            :concurrency (get instance ::pxb/current-concurrency))
-                   (mtx/run! metrics
-                             :id :rpc-climit-queue-size
-                             :val (get instance ::pxb/current-queue-size)
-                             :labels labels)
-                   (mtx/run! metrics
-                             :id :rpc-climit-concurrency
-                             :val (get instance ::pxb/current-concurrency)
-                             :labels labels))
+    (cache/create :executor :same-thread
+                  :on-remove on-remove
+                  :keepalive "5m"
+                  :load-fn load-fn)))
 
-        on-run   (fn [instance task]
-                   (let [elapsed (- (inst-ms (dt/now))
-                                    (inst-ms task))]
-                     (l/trace :hint "execute"
-                              :key (name bkey)
-                              :skey (str skey)
-                              :elapsed (str elapsed "ms"))
-                     (mtx/run! metrics
-                               :id :rpc-climit-timing
-                               :val elapsed
-                               :labels labels)
-                     (mtx/run! metrics
-                               :id :rpc-climit-queue-size
-                               :val (get instance ::pxb/current-queue-size)
-                               :labels labels)
-                     (mtx/run! metrics
-                               :id :rpc-climit-concurrency
-                               :val (get instance ::pxb/current-concurrency)
-                               :labels labels)))
-
-        options  {:executor executor
-                  :concurrency concurrency
-                  :queue-size (or queue-size Integer/MAX_VALUE)
-                  :on-queue on-queue
-                  :on-run on-run}]
-
-    (-> (pxb/create options)
-        (vary-meta assoc ::bkey bkey ::skey skey))))
-
-(defn- create-cache
-  [{:keys [::wrk/executor] :as params} config]
-  (let [listener (reify RemovalListener
-                   (onRemoval [_ key _val cause]
-                     (l/trace :hint "cache: remove" :key key :reason (str cause))))
-
-        loader   (reify CacheLoader
-                   (load [_ key]
-                     (let [[bkey skey] key]
-                       (when-let [config (get config bkey)]
-                         (-> (merge params config)
-                             (assoc ::bkey bkey)
-                             (assoc ::skey skey)
-                             (create-limiter))))))]
-
-  (.. (Caffeine/newBuilder)
-      (weakValues)
-      (executor executor)
-      (removalListener listener)
-      (build loader))))
-
-(defprotocol IConcurrencyManager)
-
-(s/def ::concurrency ::us/integer)
-(s/def ::queue-size ::us/integer)
+(s/def ::config/permits ::us/integer)
+(s/def ::config/queue ::us/integer)
+(s/def ::config/timeout ::us/integer)
 (s/def ::config
   (s/map-of keyword?
-            (s/keys :req-un [::concurrency]
-                    :opt-un [::queue-size])))
+            (s/keys :opt-un [::config/permits
+                             ::config/queue
+                             ::config/timeout])))
 
 (defmethod ig/prep-key ::rpc/climit
   [_ cfg]
-  (merge {::path (cf/get :rpc-climit-config)}
-         (d/without-nils cfg)))
+  (assoc cfg ::path (cf/get :rpc-climit-config)))
 
 (s/def ::path ::fs/path)
-
 (defmethod ig/pre-init-spec ::rpc/climit [_]
-  (s/keys :req [::wrk/executor ::mtx/metrics ::path]))
+  (s/keys :req [::mtx/metrics ::path]))
 
 (defmethod ig/init-key ::rpc/climit
-  [_ {:keys [::path] :as params}]
+  [_ {:keys [::path ::mtx/metrics] :as cfg}]
   (when (contains? cf/flags :rpc-climit)
-    (if-let [config (some->> path slurp edn/read-string)]
-      (do
-        (l/info :hint "initializing concurrency limit" :config (str path))
-        (us/verify! ::config config)
-
-        (let [cache (create-cache params config)]
-          ^{::cache cache}
-          (reify
-            IConcurrencyManager
-            clojure.lang.IDeref
-            (deref [_] config)
-
-            clojure.lang.ILookup
-            (valAt [_ key]
-              (let [key (if (vector? key) key [key])]
-                (.get ^Cache cache key))))))
-
-      (l/warn :hint "unable to load configuration" :config (str path)))))
+    (when-let [params (some->> path slurp edn/read-string)]
+      (l/inf :hint "initializing concurrency limit" :config (str path))
+      (us/verify! ::config params)
+      {::cache (create-bulkhead-cache params)
+       ::config params
+       ::mtx/metrics metrics})))
 
+(s/def ::cache cache/cache?)
+(s/def ::instance
+  (s/keys :req [::cache ::config]))
 
 (s/def ::rpc/climit
-  (s/nilable #(satisfies? IConcurrencyManager %)))
+  (s/nilable ::instance))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; PUBLIC API
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
-(defmacro with-dispatch
-  [lim & body]
-  `(if ~lim
-     (invoke! ~lim (^:once fn [] (p/wrap (do ~@body))))
-     (p/wrap (do ~@body))))
+(defn invoke!
+  [cache metrics id key f]
+  (if-let [limiter (cache/get cache [id key])]
+    (let [tpoint  (dt/tpoint)
+          labels  (into-array String [(id->str id)])
+          wrapped (fn []
+                    (let [elapsed (tpoint)
+                          stats   (pbh/get-stats limiter)]
+                      (l/trc :hint "acquired"
+                             :id (id->str id)
+                             :key key
+                             :permits (:permits stats)
+                             :queue (:queue stats)
+                             :max-permits (:max-permits stats)
+                             :max-queue (:max-queue stats)
+                             :elapsed (dt/format-duration elapsed))
+
+                      (mtx/run! metrics
+                                :id :rpc-climit-timing
+                                :val (inst-ms elapsed)
+                                :labels labels)
+                      (try
+                        (f)
+                        (finally
+                          (let [elapsed (tpoint)]
+                            (l/trc :hint "finished"
+                                   :id (id->str id)
+                                   :key key
+                                   :permits (:permits stats)
+                                   :queue (:queue stats)
+                                   :max-permits (:max-permits stats)
+                                   :max-queue (:max-queue stats)
+                                   :elapsed (dt/format-duration elapsed)))))))
+          measure!
+          (fn [stats]
+            (mtx/run! metrics
+                      :id :rpc-climit-queue
+                      :val (:queue stats)
+                      :labels labels)
+            (mtx/run! metrics
+                      :id :rpc-climit-permits
+                      :val (:permits stats)
+                      :labels labels))]
+
+      (try
+        (let [stats (pbh/get-stats limiter)]
+          (measure! stats)
+          (l/trc :hint "enqueued"
+                 :id (id->str id)
+                 :key key
+                 :permits (:permits stats)
+                 :queue (:queue stats)
+                 :max-permits (:max-permits stats)
+                 :max-queue (:max-queue stats))
+          (pbh/invoke! limiter wrapped))
+        (catch ExceptionInfo cause
+          (let [{:keys [type code]} (ex-data cause)]
+            (if (= :bulkhead-error type)
+              (ex/raise :type :concurrency-limit
+                        :code code
+                        :hint "concurrency limit reached")
+              (throw cause))))
+
+        (finally
+          (measure! (pbh/get-stats limiter)))))
+
+    (do
+      (l/wrn :hint "unable to load limiter" :id (id->str id))
+      (f))))
+
+(defn configure
+  [{:keys [::rpc/climit]} id]
+  (us/assert! ::rpc/climit climit)
+  (assoc climit ::id id))
+
+(defn run!
+  "Run a function in context of climit.
+  Intended to be used in virtual threads."
+  ([{:keys [::id ::cache ::mtx/metrics]} f]
+   (if (and cache id)
+     (invoke! cache metrics id nil f)
+     (f)))
+
+  ([{:keys [::id ::cache ::mtx/metrics]} f executor]
+   (let [f #(p/await! (px/submit! executor f))]
+     (if (and cache id)
+       (invoke! cache metrics id nil f)
+       (f)))))
+
+(def noop-fn (constantly nil))
 
 (defn wrap
-  [{:keys [::rpc/climit]} f {:keys [::queue ::key-fn] :as mdata}]
-  (if (and (some? climit)
-           (some? queue))
-    (if-let [config (get @climit queue)]
+  [{:keys [::rpc/climit ::mtx/metrics]} f {:keys [::id ::key-fn] :or {key-fn noop-fn} :as mdata}]
+  (if (and (some? climit) (some? id))
+    (if-let [config (get-in climit [::config id])]
+      (let [cache (::cache climit)]
+        (l/dbg :hint "instrumenting method"
+               :limit (id->str id)
+               :service-name (::sv/name mdata)
+               :timeout (:timeout config)
+               :permits (:permits config)
+               :queue (:queue config)
+               :keyed? (not= key-fn noop-fn))
+
+        (fn [cfg params]
+          (invoke! cache metrics id (key-fn params) (partial f cfg params))))
+
       (do
-        (l/debug :hint "wrap: instrumenting method"
-                 :limit-name (name queue)
-                 :service-name (::sv/name mdata)
-                 :queue-size (or (:queue-size config) Integer/MAX_VALUE)
-                 :concurrency (:concurrency config)
-                 :keyed? (some? key-fn))
-        (if (some? key-fn)
-          (fn [cfg params]
-            (let [key [queue (key-fn params)]
-                  lim (get climit key)]
-              (invoke! lim (partial f cfg params))))
-          (let [lim (get climit queue)]
-            (fn [cfg params]
-              (invoke! lim (partial f cfg params))))))
-      (do
-        (l/warn :hint "wrap: no config found"
-                :queue (name queue)
-                :service (::sv/name mdata))
+        (l/wrn :hint "no config found for specified queue" :id (id->str id))
         f))
+
     f))

backend/src/app/rpc/commands/access_token.clj

@@ -19,18 +19,19 @@
    [clojure.spec.alpha :as s]))
 
 (defn- decode-row
-  [{:keys [perms] :as row}]
-  (cond-> row
-    (db/pgarray? perms "text")
-    (assoc :perms (db/decode-pgarray perms #{}))))
+  [row]
+  (dissoc row :perms))
 
-(defn- create-access-token
-  [{:keys [::conn ::main/props]} profile-id name perms]
+(defn create-access-token
+  [{:keys [::db/conn ::main/props]} profile-id name expiration]
   (let [created-at (dt/now)
         token-id   (uuid/next)
         token      (tokens/generate props {:iss "access-token"
                                            :tid token-id
-                                           :iat created-at})]
+                                           :iat created-at})
+
+        expires-at (some-> expiration dt/in-future)]
+
     (db/insert! conn :access-token
                 {:id token-id
                  :name name
@@ -38,33 +39,36 @@
                  :profile-id profile-id
                  :created-at created-at
                  :updated-at created-at
-                 :perms (db/create-array conn "text" perms)})))
+                 :expires-at expires-at
+                 :perms (db/create-array conn "text" [])})))
+
 
 (defn repl-create-access-token
-  [{:keys [::db/pool] :as system} profile-id name perms]
+  [{:keys [::db/pool] :as system} profile-id name expiration]
   (db/with-atomic [conn pool]
     (let [props (:app.setup/props system)]
-      (create-access-token {::conn conn ::main/props props}
+      (create-access-token {::db/conn conn ::main/props props}
                            profile-id
                            name
-                           perms))))
+                           expiration))))
 
 (s/def ::name ::us/not-empty-string)
-(s/def ::perms ::us/set-of-strings)
+(s/def ::expiration ::dt/duration)
 
 (s/def ::create-access-token
   (s/keys :req [::rpc/profile-id]
-          :req-un [::name ::perms]))
+          :req-un [::name]
+          :opt-un [::expiration]))
 
 (sv/defmethod ::create-access-token
   {::doc/added "1.18"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id name perms]}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id name expiration]}]
   (db/with-atomic [conn pool]
-    (let [cfg (assoc cfg ::conn conn)]
+    (let [cfg (assoc cfg ::db/conn conn)]
       (quotes/check-quote! conn
                            {::quotes/id ::quotes/access-tokens-per-profile
                             ::quotes/profile-id profile-id})
-      (-> (create-access-token cfg profile-id name perms)
+      (-> (create-access-token cfg profile-id name expiration)
           (decode-row)))))
 
 (s/def ::delete-access-token
@@ -83,5 +87,8 @@
 (sv/defmethod ::get-access-tokens
   {::doc/added "1.18"}
   [{:keys [::db/pool]} {:keys [::rpc/profile-id]}]
-  (->> (db/query pool :access-token {:profile-id profile-id})
+  (->> (db/query pool :access-token
+                 {:profile-id profile-id}
+                 {:order-by [[:expires-at :asc] [:created-at :asc]]
+                  :columns [:id :name :perms :created-at :updated-at :expires-at]})
        (mapv decode-row)))

backend/src/app/rpc/commands/audit.clj

@@ -9,7 +9,7 @@
   (:require
    [app.common.data :as d]
    [app.common.logging :as l]
-   [app.common.spec :as us]
+   [app.common.schema :as sm]
    [app.common.uuid :as uuid]
    [app.config :as cf]
    [app.db :as db]
@@ -19,12 +19,7 @@
    [app.rpc.climit :as-alias climit]
    [app.rpc.doc :as-alias doc]
    [app.rpc.helpers :as rph]
-   [app.util.services :as sv]
-   [app.util.time :as dt]
-   [app.worker :as wrk]
-   [clojure.spec.alpha :as s]
-   [promesa.core :as p]
-   [promesa.exec :as px]))
+   [app.util.services :as sv]))
 
 (defn- event->row [event]
   [(uuid/next)
@@ -42,8 +37,9 @@
    :profile-id :ip-addr :props :context])
 
 (defn- handle-events
-  [{:keys [::db/pool]} {:keys [::rpc/profile-id events ::http/request]}]
-  (let [ip-addr (audit/parse-client-ip request)
+  [{:keys [::db/pool]} {:keys [::rpc/profile-id events] :as params}]
+  (let [request (-> params meta ::http/request)
+        ip-addr (audit/parse-client-ip request)
         xform   (comp
                  (map #(assoc % :profile-id profile-id))
                  (map #(assoc % :ip-addr ip-addr))
@@ -54,34 +50,38 @@
     (when (seq events)
       (db/insert-multi! pool :audit-log event-columns events))))
 
-(s/def ::name ::us/string)
-(s/def ::type ::us/string)
-(s/def ::props (s/map-of ::us/keyword any?))
-(s/def ::timestamp dt/instant?)
-(s/def ::context (s/map-of ::us/keyword any?))
+(def schema:event
+  [:map {:title "Event"}
+   [:name [:string {:max 250}]]
+   [:type [:string {:max 250}]]
+   [:props
+    [:map-of :keyword :any]]
+   [:context {:optional true}
+    [:map-of :keyword :any]]])
 
-(s/def ::event
-  (s/keys :req-un [::type ::name ::props ::timestamp]
-          :opt-un [::context]))
-
-(s/def ::events (s/every ::event))
-
-(s/def ::push-audit-events
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::events]))
+(def schema:push-audit-events
+  [:map {:title "push-audit-events"}
+   [:events [:vector schema:event]]])
 
 (sv/defmethod ::push-audit-events
-  {::climit/queue :push-audit-events
+  {::climit/id :submit-audit-events/by-profile
    ::climit/key-fn ::rpc/profile-id
+   ::sm/params schema:push-audit-events
    ::audit/skip true
+   ::doc/skip true
    ::doc/added "1.17"}
-  [{:keys [::db/pool ::wrk/executor] :as cfg} params]
+  [{:keys [::db/pool] :as cfg} params]
   (if (or (db/read-only? pool)
           (not (contains? cf/flags :audit-log)))
     (do
       (l/warn :hint "audit: http handler disabled or db is read-only")
       (rph/wrap nil))
 
-    (->> (px/submit! executor #(handle-events cfg params))
-         (p/fmap (constantly nil)))))
+    (do
+      (try
+        (handle-events cfg params)
+        (catch Throwable cause
+          (l/error :hint "unexpected error on persisting audit events from frontend"
+                   :cause cause)))
 
+      (rph/wrap nil))))

backend/src/app/rpc/commands/auth.clj

@@ -8,8 +8,11 @@
   (:require
    [app.auth :as auth]
    [app.common.data :as d]
+   [app.common.data.macros :as dm]
    [app.common.exceptions :as ex]
-   [app.common.spec :as us]
+   [app.common.features :as cfeat]
+   [app.common.logging :as l]
+   [app.common.schema :as sm]
    [app.common.uuid :as uuid]
    [app.config :as cf]
    [app.db :as db]
@@ -18,7 +21,6 @@
    [app.loggers.audit :as audit]
    [app.main :as-alias main]
    [app.rpc :as-alias rpc]
-   [app.rpc.climit :as climit]
    [app.rpc.commands.profile :as profile]
    [app.rpc.commands.teams :as teams]
    [app.rpc.doc :as-alias doc]
@@ -26,31 +28,13 @@
    [app.tokens :as tokens]
    [app.util.services :as sv]
    [app.util.time :as dt]
-   [clojure.spec.alpha :as s]
    [cuerdas.core :as str]))
 
-(s/def ::email ::us/email)
-(s/def ::fullname ::us/not-empty-string)
-(s/def ::lang ::us/string)
-(s/def ::path ::us/string)
-(s/def ::password ::us/not-empty-string)
-(s/def ::old-password ::us/not-empty-string)
-(s/def ::theme ::us/string)
-(s/def ::invitation-token ::us/not-empty-string)
-(s/def ::token ::us/not-empty-string)
+(def schema:password
+  [::sm/word-string {:max 500}])
 
-;; ---- HELPERS
-
-(defn email-domain-in-whitelist?
-  "Returns true if email's domain is in the given whitelist or if
-  given whitelist is an empty string."
-  [domains email]
-  (if (or (empty? domains)
-          (nil? domains))
-    true
-    (let [[_ candidate] (-> (str/lower email)
-                            (str/split #"@" 2))]
-      (contains? domains candidate))))
+(def schema:token
+  [::sm/word-string {:max 6000}])
 
 ;; ---- COMMAND: login with password
 
@@ -63,14 +47,18 @@
               :code :login-disabled
               :hint "login is disabled in this instance"))
 
-  (letfn [(check-password [profile password]
-            (when (= (:password profile) "!")
+  (letfn [(check-password [conn profile password]
+            (if (= (:password profile) "!")
               (ex/raise :type :validation
                         :code :account-without-password
-                        :hint "the current account does not have password"))
-            (:valid (auth/verify-password password (:password profile))))
+                        :hint "the current account does not have password")
+              (let [result (profile/verify-password cfg password (:password profile))]
+                (when (:update result)
+                  (l/trace :hint "updating profile password" :id (:id profile) :email (:email profile))
+                  (profile/update-profile-password! conn (assoc profile :password password)))
+                (:valid result))))
 
-          (validate-profile [profile]
+          (validate-profile [conn profile]
             (when-not profile
               (ex/raise :type :validation
                         :code :wrong-credentials))
@@ -80,7 +68,7 @@
             (when (:is-blocked profile)
               (ex/raise :type :restriction
                         :code :profile-blocked))
-            (when-not (check-password profile password)
+            (when-not (check-password conn profile password)
               (ex/raise :type :validation
                         :code :wrong-credentials))
             (when-let [deleted-at (:deleted-at profile)]
@@ -92,8 +80,7 @@
 
     (db/with-atomic [conn pool]
       (let [profile    (->> (profile/get-profile-by-email conn email)
-                            (validate-profile)
-                            (profile/decode-row)
+                            (validate-profile conn)
                             (profile/strip-private-attrs))
 
             invitation (when-let [token (:invitation-token params)]
@@ -111,23 +98,22 @@
             (rph/with-meta {::audit/props (audit/profile->props profile)
                             ::audit/profile-id (:id profile)}))))))
 
-(s/def ::login-with-password
-  (s/keys :req-un [::email ::password]
-          :opt-un [::invitation-token]))
+(def schema:login-with-password
+  [:map {:title "login-with-password"}
+   [:email ::sm/email]
+   [:password schema:password]
+   [:invitation-token {:optional true} schema:token]])
 
 (sv/defmethod ::login-with-password
   "Performs authentication using penpot password."
   {::rpc/auth false
-   ::climit/queue :auth
-   ::doc/added "1.15"}
+   ::doc/added "1.15"
+   ::sm/params schema:login-with-password}
   [cfg params]
   (login-with-password cfg params))
 
 ;; ---- COMMAND: Logout
 
-(s/def ::logout
-  (s/keys :opt [::rpc/profile-id]))
-
 (sv/defmethod ::logout
   "Clears the authentication cookie and logout the current session."
   {::rpc/auth false
@@ -144,7 +130,7 @@
               (:profile-id tdata)))
 
           (update-password [conn profile-id]
-            (let [pwd (auth/derive-password password)]
+            (let [pwd (profile/derive-password cfg password)]
               (db/update! conn :profile {:password pwd} {:id profile-id})))]
 
     (db/with-atomic [conn pool]
@@ -152,14 +138,15 @@
            (update-password conn))
       nil)))
 
-(s/def ::token ::us/not-empty-string)
-(s/def ::recover-profile
-  (s/keys :req-un [::token ::password]))
+(def schema:recover-profile
+  [:map {:title "recover-profile"}
+   [:token schema:token]
+   [:password schema:password]])
 
 (sv/defmethod ::recover-profile
   {::rpc/auth false
-   ::climit/queue :auth
-   ::doc/added "1.15"}
+   ::doc/added "1.15"
+   ::sm/params schema:recover-profile}
   [cfg params]
   (recover-profile cfg params))
 
@@ -169,19 +156,20 @@
   [{:keys [::db/pool] :as cfg} params]
 
   (when-not (contains? cf/flags :registration)
-    (if-not (contains? params :invitation-token)
+    (when-not (contains? params :invitation-token)
       (ex/raise :type :restriction
-                :code :registration-disabled)
-      (let [invitation (tokens/verify (::main/props cfg) {:token (:invitation-token params) :iss :team-invitation})]
-        (when-not (= (:email params) (:member-email invitation))
-          (ex/raise :type :restriction
-                    :code :email-does-not-match-invitation
-                    :hint "email should match the invitation")))))
+                :code :registration-disabled)))
 
-  (when-let [domains (cf/get :registration-domain-whitelist)]
-    (when-not (email-domain-in-whitelist? domains (:email params))
-      (ex/raise :type :validation
-                :code :email-domain-is-not-allowed)))
+  (when (contains? params :invitation-token)
+    (let [invitation (tokens/verify (::main/props cfg) {:token (:invitation-token params) :iss :team-invitation})]
+      (when-not (= (:email params) (:member-email invitation))
+        (ex/raise :type :restriction
+                  :code :email-does-not-match-invitation
+                  :hint "email should match the invitation"))))
+
+  (when-not (auth/email-domain-in-whitelist? (:email params))
+    (ex/raise :type :validation
+              :code :email-domain-is-not-allowed))
 
   ;; Don't allow proceed in preparing registration if the profile is
   ;; already reported as spammer.
@@ -239,13 +227,16 @@
     (with-meta {:token token}
       {::audit/profile-id uuid/zero})))
 
-(s/def ::prepare-register-profile
-  (s/keys :req-un [::email ::password]
-          :opt-un [::invitation-token]))
+(def schema:prepare-register-profile
+  [:map {:title "prepare-register-profile"}
+   [:email ::sm/email]
+   [:password schema:password]
+   [:invitation-token {:optional true} schema:token]])
 
 (sv/defmethod ::prepare-register-profile
   {::rpc/auth false
-   ::doc/added "1.15"}
+   ::doc/added "1.15"
+   ::sm/params schema:prepare-register-profile}
   [cfg params]
   (prepare-register cfg params))
 
@@ -255,7 +246,7 @@
   "Create the profile entry on the database with limited set of input
   attrs (all the other attrs are filled with default values)."
   [conn {:keys [email] :as params}]
-  (us/assert! ::us/email email)
+  (dm/assert! ::sm/email email)
   (let [id        (or (:id params) (uuid/next))
         props     (-> (audit/extract-utm-params params)
                       (merge (:props params))
@@ -264,9 +255,7 @@
                               :nudge {:big 10 :small 1}})
                       (db/tjson))
 
-        password  (if-let [password (:password params)]
-                    (auth/derive-password password)
-                    "!")
+        password  (or (:password params) "!")
 
         locale    (:locale params)
         locale    (when (and (string? locale) (not (str/blank? locale)))
@@ -303,9 +292,12 @@
 
 (defn create-profile-rels!
   [conn {:keys [id] :as profile}]
-  (let [team (teams/create-team conn {:profile-id id
-                                      :name "Default"
-                                      :is-default true})]
+  (let [features (cfeat/get-enabled-features cf/flags)
+        team     (teams/create-team conn
+                                    {:profile-id id
+                                     :name "Default"
+                                     :features features
+                                     :is-default true})]
     (-> (db/update! conn :profile
                     {:default-team-id (:id team)
                      :default-project-id  (:default-project-id team)}
@@ -335,17 +327,20 @@
                 :extra-data ptoken})))
 
 (defn register-profile
-  [{:keys [::db/conn] :as cfg} {:keys [token] :as params}]
+  [{:keys [::db/conn] :as cfg} {:keys [token fullname] :as params}]
   (let [claims     (tokens/verify (::main/props cfg) {:token token :iss :prepared-register})
-        params     (merge params claims)
+        params     (assoc claims :fullname fullname)
 
         is-active  (or (:is-active params)
                        (not (contains? cf/flags :email-verification)))
 
         profile    (if-let [profile-id (:profile-id claims)]
                      (profile/get-profile conn profile-id)
-                     (->> (create-profile! conn (assoc params :is-active is-active))
-                          (create-profile-rels! conn)))
+                     (let [params (-> params
+                                      (assoc :is-active is-active)
+                                      (update :password #(profile/derive-password cfg %)))]
+                       (->> (create-profile! conn params)
+                            (create-profile-rels! conn))))
 
         invitation (when-let [token (:invitation-token params)]
                      (tokens/verify (::main/props cfg) {:token token :iss :team-invitation}))]
@@ -356,9 +351,9 @@
     (when-let [id (:profile-id claims)]
       (db/update! conn :profile {:modified-at (dt/now)} {:id id})
       (audit/submit! cfg
-                     {:type "fact"
-                      :name "register-profile-retry"
-                      :profile-id id}))
+                     {::audit/type "fact"
+                      ::audit/name "register-profile-retry"
+                      ::audit/profile-id id}))
 
     (cond
       ;; If invitation token comes in params, this is because the
@@ -401,13 +396,16 @@
           {::audit/replace-props (audit/profile->props profile)
            ::audit/profile-id (:id profile)})))))
 
-(s/def ::register-profile
-  (s/keys :req-un [::token ::fullname]))
+
+(def schema:register-profile
+  [:map {:title "register-profile"}
+   [:token schema:token]
+   [:fullname [::sm/word-string {:max 100}]]])
 
 (sv/defmethod ::register-profile
   {::rpc/auth false
-   ::climit/queue :auth
-   ::doc/added "1.15"}
+   ::doc/added "1.15"
+   ::sm/params schema:register-profile}
   [{:keys [::db/pool] :as cfg} params]
   (db/with-atomic [conn pool]
     (-> (assoc cfg ::db/conn conn)
@@ -459,12 +457,15 @@
              (create-recovery-token)
              (send-email-notification conn))))))
 
-(s/def ::request-profile-recovery
-  (s/keys :req-un [::email]))
+
+(def schema:request-profile-recovery
+  [:map {:title "request-profile-recovery"}
+   [:email ::sm/email]])
 
 (sv/defmethod ::request-profile-recovery
   {::rpc/auth false
-   ::doc/added "1.15"}
+   ::doc/added "1.15"
+   ::sm/params schema:request-profile-recovery}
   [cfg params]
   (request-profile-recovery cfg params))
 

backend/src/app/rpc/commands/binfile.clj

@@ -9,44 +9,53 @@
   (:require
    [app.common.data :as d]
    [app.common.exceptions :as ex]
-   [app.common.files.features :as ffeat]
+   [app.common.features :as cfeat]
+   [app.common.files.defaults :as cfd]
+   [app.common.files.migrations :as fmg]
+   [app.common.files.validate :as fval]
+   [app.common.fressian :as fres]
    [app.common.logging :as l]
-   [app.common.pages.migrations :as pmg]
+   [app.common.schema :as sm]
    [app.common.spec :as us]
+   [app.common.types.file :as ctf]
    [app.common.uuid :as uuid]
    [app.config :as cf]
    [app.db :as db]
+   [app.features.components-v2 :as feat.compv2]
+   [app.features.fdata :as feat.fdata]
+   [app.http.sse :as sse]
    [app.loggers.audit :as-alias audit]
    [app.loggers.webhooks :as-alias webhooks]
    [app.media :as media]
    [app.rpc :as-alias rpc]
    [app.rpc.commands.files :as files]
    [app.rpc.commands.projects :as projects]
+   [app.rpc.commands.teams :as teams]
    [app.rpc.doc :as-alias doc]
-   [app.rpc.helpers :as rph]
    [app.storage :as sto]
    [app.storage.tmp :as tmp]
    [app.tasks.file-gc]
    [app.util.blob :as blob]
-   [app.util.fressian :as fres]
-   [app.util.objects-map :as omap]
    [app.util.pointer-map :as pmap]
    [app.util.services :as sv]
    [app.util.time :as dt]
+   [app.worker :as-alias wrk]
+   [clojure.set :as set]
    [clojure.spec.alpha :as s]
    [clojure.walk :as walk]
    [cuerdas.core :as str]
    [datoteka.io :as io]
-   [yetti.adapter :as yt]
-   [yetti.response :as yrs])
+   [promesa.core :as p]
+   [promesa.util :as pu]
+   [ring.response :as rres]
+   [yetti.adapter :as yt])
   (:import
    com.github.luben.zstd.ZstdInputStream
    com.github.luben.zstd.ZstdOutputStream
    java.io.DataInputStream
    java.io.DataOutputStream
    java.io.InputStream
-   java.io.OutputStream
-   java.lang.AutoCloseable))
+   java.io.OutputStream))
 
 (set! *warn-on-reflection* true)
 
@@ -294,30 +303,46 @@
   [output & {:keys [level] :or {level 0}}]
   (ZstdOutputStream. ^OutputStream output (int level)))
 
-(defn- retrieve-file
-  [pool file-id]
-  (with-open [^AutoCloseable conn (db/open pool)]
-    (binding [pmap/*load-fn* (partial files/load-pointer conn file-id)]
-      (some-> (db/get* conn :file {:id file-id})
-              (files/decode-row)
-              (update :data files/process-pointers deref)))))
+(defn- get-files
+  [cfg ids]
+  (db/run! cfg (fn [{:keys [::db/conn]}]
+                 (let [sql (str "SELECT id FROM file "
+                                " WHERE id = ANY(?) ")
+                       ids (db/create-array conn "uuid" ids)]
+                   (->> (db/exec! conn [sql ids])
+                        (into [] (map :id))
+                        (not-empty))))))
 
-(def ^:private sql:file-media-objects
-  "SELECT * FROM file_media_object WHERE id = ANY(?)")
+(defn- get-file
+  [cfg file-id]
+  (db/run! cfg (fn [{:keys [::db/conn] :as cfg}]
+                 (binding [pmap/*load-fn* (partial feat.fdata/load-pointer cfg file-id)]
+                   (some-> (db/get* conn :file {:id file-id} {::db/remove-deleted? false})
+                           (files/decode-row)
+                           (update :data feat.fdata/process-pointers deref))))))
 
-(defn- retrieve-file-media
-  [pool {:keys [data id] :as file}]
-  (with-open [^AutoCloseable conn (db/open pool)]
+(defn- get-file-media
+  [{:keys [::db/pool]} {:keys [data id] :as file}]
+  (pu/with-open [conn (db/open pool)]
     (let [ids (app.tasks.file-gc/collect-used-media data)
-          ids (db/create-array conn "uuid" ids)]
+          ids (db/create-array conn "uuid" ids)
+          sql (str "SELECT * FROM file_media_object WHERE id = ANY(?)")]
 
       ;; We assoc the file-id again to the file-media-object row
       ;; because there are cases that used objects refer to other
       ;; files and we need to ensure in the exportation process that
       ;; all ids matches
-      (->> (db/exec! conn [sql:file-media-objects ids])
+      (->> (db/exec! conn [sql ids])
            (mapv #(assoc % :file-id id))))))
 
+(defn- get-file-thumbnails
+  "Return all file thumbnails for a given file."
+  [{:keys [::db/pool]} id]
+  (pu/with-open [conn (db/open pool)]
+    (let [sql "SELECT * FROM file_tagged_object_thumbnail WHERE file_id = ?"]
+      (->> (db/exec! conn [sql id])
+           (mapv #(dissoc % :file-id))))))
+
 (def ^:private storage-object-id-xf
   (comp
    (mapcat (juxt :media-id :thumbnail-id))
@@ -325,37 +350,34 @@
 
 (def ^:private sql:file-libraries
   "WITH RECURSIVE libs AS (
-     SELECT fl.id, fl.deleted_at
+     SELECT fl.id
        FROM file AS fl
        JOIN file_library_rel AS flr ON (flr.library_file_id = fl.id)
       WHERE flr.file_id = ANY(?)
     UNION
-     SELECT fl.id, fl.deleted_at
+     SELECT fl.id
        FROM file AS fl
        JOIN file_library_rel AS flr ON (flr.library_file_id = fl.id)
        JOIN libs AS l ON (flr.file_id = l.id)
    )
    SELECT DISTINCT l.id
-     FROM libs AS l
-    WHERE l.deleted_at IS NULL OR l.deleted_at > now();")
+     FROM libs AS l")
 
-(defn- retrieve-libraries
-  [pool ids]
-  (with-open [^AutoCloseable conn (db/open pool)]
+(defn- get-libraries
+  [{:keys [::db/pool]} ids]
+  (pu/with-open [conn (db/open pool)]
     (let [ids (db/create-array conn "uuid" ids)]
       (map :id (db/exec! pool [sql:file-libraries ids])))))
 
-(def ^:private sql:file-library-rels
-  "SELECT * FROM file_library_rel
-    WHERE file_id = ANY(?)")
+(defn- get-library-relations
+  [cfg ids]
+  (db/run! cfg (fn [{:keys [::db/conn]}]
+                 (let [ids (db/create-array conn "uuid" ids)
+                       sql (str "SELECT flr.* FROM file_library_rel AS flr "
+                                " WHERE flr.file_id = ANY(?)")]
+                   (db/exec! conn [sql ids])))))
 
-(defn- retrieve-library-relations
-  [pool ids]
-  (with-open [^AutoCloseable conn (db/open pool)]
-    (db/exec! conn [sql:file-library-rels (db/create-array conn "uuid" ids)])))
-
-
-(defn- create-or-update-file
+(defn- create-or-update-file!
   [conn params]
   (let [sql (str "INSERT INTO file (id, project_id, name, revn, is_shared, data, created_at, modified_at) "
                  "VALUES (?, ?, ?, ?, ?, ?, ?, ?) "
@@ -373,13 +395,13 @@
 
 ;; --- GENERAL PURPOSE DYNAMIC VARS
 
-(def ^:dynamic *state*)
-(def ^:dynamic *options*)
+(def ^:dynamic *state* nil)
+(def ^:dynamic *options* nil)
 
 ;; --- EXPORT WRITER
 
 (defn- embed-file-assets
-  [data conn file-id]
+  [data cfg file-id]
   (letfn [(walk-map-form [form state]
             (cond
               (uuid? (:fill-color-ref-file form))
@@ -409,7 +431,7 @@
             ;; NOTE: there is a possibility that shape refers to an
             ;; non-existant file because the file was removed. In this
             ;; case we just ignore the asset.
-            (if-let [lib (retrieve-file conn lib-id)]
+            (if-let [lib (get-file cfg lib-id)]
               (reduce (partial process-asset lib) data items)
               data))
 
@@ -462,78 +484,104 @@
 (defmethod write-export :default
   [{:keys [::output] :as options}]
   (write-header! output :v1)
-  (with-open [output (zstd-output-stream output :level 12)]
-    (with-open [output (io/data-output-stream output)]
-      (binding [*state* (volatile! {})]
-        (run! (fn [section]
-                (l/debug :hint "write section" :section section ::l/sync? true)
-                (write-label! output section)
-                (let [options (-> options
-                                  (assoc ::output output)
-                                  (assoc ::section section))]
-                  (binding [*options* options]
-                    (write-section options))))
+  (pu/with-open [output (zstd-output-stream output :level 12)
+                 output (io/data-output-stream output)]
+    (binding [*state* (volatile! {})]
+      (run! (fn [section]
+              (l/dbg :hint "write section" :section section ::l/sync? true)
+              (write-label! output section)
+              (let [options (-> options
+                                (assoc ::output output)
+                                (assoc ::section section))]
+                (binding [*options* options]
+                  (write-section options))))
 
-              [:v1/metadata :v1/files :v1/rels :v1/sobjects])))))
+            [:v1/metadata :v1/files :v1/rels :v1/sobjects]))))
 
 (defmethod write-section :v1/metadata
-  [{:keys [::db/pool ::output ::file-ids ::include-libraries?]}]
-  (let [libs  (when include-libraries?
-                (retrieve-libraries pool file-ids))
-        files (into file-ids libs)]
-    (write-obj! output {:version cf/version :files files})
-    (vswap! *state* assoc :files files)))
+  [{:keys [::output ::file-ids ::include-libraries?] :as cfg}]
+  (if-let [fids (get-files cfg file-ids)]
+    (let [lids (when include-libraries?
+                 (get-libraries cfg file-ids))
+          ids  (into fids lids)]
+      (write-obj! output {:version cf/version :files ids})
+      (vswap! *state* assoc :files ids))
+    (ex/raise :type :not-found
+              :code :files-not-found
+              :hint "unable to retrieve files for export")))
 
 (defmethod write-section :v1/files
-  [{:keys [::db/pool ::output ::embed-assets?]}]
+  [{:keys [::output ::embed-assets? ::include-libraries?] :as cfg}]
 
   ;; Initialize SIDS with empty vector
   (vswap! *state* assoc :sids [])
 
   (doseq [file-id (-> *state* deref :files)]
-    (let [file  (cond-> (retrieve-file pool file-id)
-                  embed-assets?
-                  (update :data embed-file-assets pool file-id))
+    (let [detach?    (and (not embed-assets?) (not include-libraries?))
+          thumbnails (get-file-thumbnails cfg file-id)
+          file       (cond-> (get-file cfg file-id)
+                       detach?
+                       (-> (ctf/detach-external-references file-id)
+                           (dissoc :libraries))
 
-          media (retrieve-file-media pool file)]
+                       embed-assets?
+                       (update :data embed-file-assets cfg file-id)
 
-      (l/debug :hint "write penpot file"
-               :id file-id
-               :media (count media)
-               ::l/sync? true)
+                       :always
+                       (assoc :thumbnails thumbnails))
+
+          media      (get-file-media cfg file)]
+
+      (l/dbg :hint "write penpot file"
+             :id (str file-id)
+             :name (:name file)
+             :thumbnails (count thumbnails)
+             :features (:features file)
+             :media (count media)
+             ::l/sync? true)
+
+      (doseq [item media]
+        (l/dbg :hint "write penpot file media object" :id (:id item) ::l/sync? true))
+
+      (doseq [item thumbnails]
+        (l/dbg :hint "write penpot file object thumbnail" :media-id (str (:media-id item)) ::l/sync? true))
 
       (doto output
         (write-obj! file)
         (write-obj! media))
 
-      (vswap! *state* update :sids into storage-object-id-xf media))))
+      (vswap! *state* update :sids into storage-object-id-xf media)
+      (vswap! *state* update :sids into storage-object-id-xf thumbnails))))
 
 (defmethod write-section :v1/rels
-  [{:keys [::db/pool ::output ::include-libraries?]}]
-  (let [rels  (when include-libraries?
-                (retrieve-library-relations pool (-> *state* deref :files)))]
-    (l/debug :hint "found rels" :total (count rels) ::l/sync? true)
+  [{:keys [::output ::include-libraries?] :as cfg}]
+  (let [ids  (-> *state* deref :files)
+        rels (when include-libraries?
+               (get-library-relations cfg ids))]
+    (l/dbg :hint "found rels" :total (count rels) ::l/sync? true)
     (write-obj! output rels)))
 
 (defmethod write-section :v1/sobjects
   [{:keys [::sto/storage ::output]}]
   (let [sids    (-> *state* deref :sids)
         storage (media/configure-assets-storage storage)]
-    (l/debug :hint "found sobjects"
-             :items (count sids)
-             ::l/sync? true)
+
+    (l/dbg :hint "found sobjects"
+           :items (count sids)
+           ::l/sync? true)
 
     ;; Write all collected storage objects
     (write-obj! output sids)
 
     (doseq [id sids]
-      (let [{:keys [size] :as obj} @(sto/get-object storage id)]
-        (l/debug :hint "write sobject" :id id ::l/sync? true)
+      (let [{:keys [size] :as obj} (sto/get-object storage id)]
+        (l/dbg :hint "write sobject" :id (str id) ::l/sync? true)
+
         (doto output
           (write-uuid! id)
           (write-obj! (meta obj)))
 
-        (with-open [^InputStream stream @(sto/get-object-data storage obj)]
+        (pu/with-open [stream (sto/get-object-data storage obj)]
           (let [written (write-stream! output stream size)]
             (when (not= written size)
               (ex/raise :type :validation
@@ -550,15 +598,16 @@
 (defmulti read-import ::version)
 (defmulti read-section ::section)
 
+(s/def ::profile-id ::us/uuid)
 (s/def ::project-id ::us/uuid)
 (s/def ::input io/input-stream?)
 (s/def ::overwrite? (s/nilable ::us/boolean))
-(s/def ::migrate? (s/nilable ::us/boolean))
 (s/def ::ignore-index-errors? (s/nilable ::us/boolean))
 
+;; FIXME: replace with schema
 (s/def ::read-import-options
-  (s/keys :req [::db/pool ::sto/storage ::project-id ::input]
-          :opt [::overwrite? ::migrate? ::ignore-index-errors?]))
+  (s/keys :req [::db/pool ::sto/storage ::project-id ::profile-id ::input]
+          :opt [::overwrite? ::ignore-index-errors?]))
 
 (defn read-import!
   "Do the importation of the specified resource in penpot custom binary
@@ -568,9 +617,6 @@
   `::overwrite?`: if true, instead of creating new files and remapping id references,
   it reuses all ids and updates existing objects; defaults to `false`.
 
-  `::migrate?`: if true, applies the migration before persisting the
-  file data; defaults to `false`.
-
   `::ignore-index-errors?`: if true, do not fail on index lookup errors, can
   happen with broken files; defaults to: `false`.
   "
@@ -580,123 +626,233 @@
   (let [version (read-header! input)]
     (read-import (assoc options ::version version ::timestamp timestamp))))
 
-(defmethod read-import :v1
-  [{:keys [::db/pool ::input] :as options}]
-  (with-open [input (zstd-input-stream input)]
-    (with-open [input (io/data-input-stream input)]
-      (db/with-atomic [conn pool]
-        (db/exec-one! conn ["SET CONSTRAINTS ALL DEFERRED;"])
-        (binding [*state* (volatile! {:media [] :index {}})]
-          (run! (fn [section]
-                  (l/debug :hint "reading section" :section section ::l/sync? true)
-                  (assert-read-label! input section)
-                  (let [options (-> options
-                                    (assoc ::section section)
-                                    (assoc ::input input)
-                                    (assoc :conn conn))]
-                    (binding [*options* options]
-                      (read-section options))))
-                [:v1/metadata :v1/files :v1/rels :v1/sobjects])
+(defn- read-import-v1
+  [{:keys [::db/conn ::project-id ::profile-id ::input] :as options}]
+  (db/exec-one! conn ["SET idle_in_transaction_session_timeout = 0"])
+  (db/exec-one! conn ["SET CONSTRAINTS ALL DEFERRED"])
 
-          ;; Knowing that the ids of the created files are in
-          ;; index, just lookup them and return it as a set
-          (let [files (-> *state* deref :files)]
-            (into #{} (keep #(get-in @*state* [:index %])) files)))))))
+  (pu/with-open [input (zstd-input-stream input)
+                 input (io/data-input-stream input)]
+    (binding [*state* (volatile! {:media [] :index {}})]
+      (let [team      (teams/get-team conn
+                                      :profile-id profile-id
+                                      :project-id project-id)
+
+            validate? (contains? cf/flags :file-validation)
+            features  (cfeat/get-team-enabled-features cf/flags team)]
+
+        (sse/tap {:type :import-progress
+                  :section :read-import})
+
+        ;; Process all sections
+        (run! (fn [section]
+                (l/dbg :hint "reading section" :section section ::l/sync? true)
+                (assert-read-label! input section)
+                (let [options (-> options
+                                  (assoc ::enabled-features features)
+                                  (assoc ::section section)
+                                  (assoc ::input input))]
+                  (binding [*options* options]
+                    (sse/tap {:type :import-progress
+                              :section section})
+                    (read-section options))))
+              [:v1/metadata :v1/files :v1/rels :v1/sobjects])
+
+        ;; Run all pending migrations
+        (doseq [[feature file-id] (-> *state* deref :pending-to-migrate)]
+          (case feature
+            "components/v2"
+            (feat.compv2/migrate-file! options file-id
+                                       :validate? validate?
+                                       :throw-on-validate? true)
+
+            "fdata/shape-data-type"
+            nil
+
+            (ex/raise :type :internal
+                      :code :no-migration-defined
+                      :hint (str/ffmt "no migation for feature '%' on file importation" feature)
+                      :feature feature)))
+
+        ;; Knowing that the ids of the created files are in index,
+        ;; just lookup them and return it as a set
+        (let [files (-> *state* deref :files)]
+          (into #{} (keep #(get-in @*state* [:index %])) files))))))
+
+(defmethod read-import :v1
+  [options]
+  (db/tx-run! options read-import-v1))
 
 (defmethod read-section :v1/metadata
   [{:keys [::input]}]
   (let [{:keys [version files]} (read-obj! input)]
-    (l/debug :hint "metadata readed" :version (:full version) :files files ::l/sync? true)
+    (l/dbg :hint "metadata readed"
+           :version (:full version)
+           :files (mapv str files)
+           ::l/sync? true)
     (vswap! *state* update :index update-index files)
     (vswap! *state* assoc :version version :files files)))
 
-(defn- postprocess-file
-  [data]
-  (let [omap-wrap ffeat/*wrap-with-objects-map-fn*
-        pmap-wrap ffeat/*wrap-with-pointer-map-fn*]
-    (-> data
-        (update :pages-index update-vals #(update % :objects omap-wrap))
-        (update :pages-index update-vals pmap-wrap)
-        (update :components update-vals #(update % :objects omap-wrap))
-        (update :components pmap-wrap))))
+(defn- get-remaped-thumbnails
+  [thumbnails file-id]
+  (mapv (fn [thumbnail]
+          (-> thumbnail
+              (assoc :file-id file-id)
+              (update :object-id #(str/replace-first % #"^(.*?)/" (str file-id "/")))))
+        thumbnails))
+
+(defn- process-file
+  [{:keys [id] :as file}]
+  (-> file
+      (update :data (fn [fdata]
+                      (-> fdata
+                          (assoc :id id)
+                          (dissoc :recent-colors)
+                          (cond-> (> (:version fdata) cfd/version)
+                            (assoc :version cfd/version))
+                          ;; FIXME: We're temporarily activating all
+                          ;; migrations because a problem in the
+                          ;; environments messed up with the version
+                          ;; numbers When this problem is fixed delete
+                          ;; the following line
+                          (cond-> (> (:version fdata) 22)
+                            (assoc :version 22)))))
+      (fmg/migrate-file)
+      (update :data (fn [fdata]
+                      (-> fdata
+                          (update :pages-index relink-shapes)
+                          (update :components relink-shapes)
+                          (update :media relink-media)
+                          (d/without-nils))))))
+
 
 (defmethod read-section :v1/files
-  [{:keys [conn ::input ::migrate? ::project-id ::timestamp ::overwrite?]}]
+  [{:keys [::db/conn ::input ::project-id ::enabled-features ::timestamp ::overwrite?] :as system}]
+
   (doseq [expected-file-id (-> *state* deref :files)]
-    (let [file     (read-obj! input)
-          media'   (read-obj! input)
-          file-id  (:id file)
-          features files/default-features]
+    (let [file       (read-obj! input)
+          media      (read-obj! input)
+
+          file-id    (:id file)
+          file-id'   (lookup-index file-id)
+
+          thumbnails (:thumbnails file)]
 
       (when (not= file-id expected-file-id)
         (ex/raise :type :validation
                   :code :inconsistent-penpot-file
+                  :found-id file-id
+                  :expected-id expected-file-id
                   :hint "the penpot file seems corrupt, found unexpected uuid (file-id)"))
 
-      ;; Update index using with media
-      (l/debug :hint "update index with media" ::l/sync? true)
-      (vswap! *state* update :index update-index (map :id media'))
+      (l/dbg :hint "processing file"
+             :id (str file-id)
+             :features (:features file)
+             :version (-> file :data :version)
+             :media (count media)
+             :thumbnails (count thumbnails)
+             ::l/sync? true)
 
-      ;; Store file media for later insertion
-      (l/debug :hint "update media references" ::l/sync? true)
-      (vswap! *state* update :media into (map #(update % :id lookup-index)) media')
+      (when (seq thumbnails)
+        (let [thumbnails (get-remaped-thumbnails thumbnails file-id')]
+          (l/dbg :hint "updated index with thumbnails" :total (count thumbnails) ::l/sync? true)
+          (vswap! *state* update :thumbnails (fnil into []) thumbnails)))
 
-      (l/debug :hint "processing file" :file-id file-id ::features features ::l/sync? true)
+      (when (seq media)
+        ;; Update index with media
+        (l/dbg :hint "update index with media" :total (count media) ::l/sync? true)
+        (vswap! *state* update :index update-index (map :id media))
 
-      (binding [ffeat/*current* features
-                ffeat/*wrap-with-objects-map-fn* (if (features "storage/objects-map") omap/wrap identity)
-                ffeat/*wrap-with-pointer-map-fn* (if (features "storage/pointer-map") pmap/wrap identity)
-                pmap/*tracked* (atom {})]
+        ;; Store file media for later insertion
+        (l/dbg :hint "update media references" ::l/sync? true)
+        (vswap! *state* update :media into (map #(update % :id lookup-index)) media))
 
-        (let [file-id' (lookup-index file-id)
-              data     (-> (:data file)
-                           (assoc :id file-id')
-                           (cond-> migrate? (pmg/migrate-data))
-                           (update :pages-index relink-shapes)
-                           (update :components relink-shapes)
-                           (update :media relink-media)
-                           (postprocess-file))
+      (let [file (-> file
+                     (assoc :id file-id')
+                     (process-file))
 
-              params  {:id file-id'
-                       :project-id project-id
-                       :features (db/create-array conn "text" features)
-                       :name (:name file)
-                       :revn (:revn file)
-                       :is-shared (:is-shared file)
-                       :data (blob/encode data)
-                       :created-at timestamp
-                       :modified-at timestamp}]
+            ;; All features that are enabled and requires explicit migration are
+            ;; added to the state for a posterior migration step.
+            _    (doseq [feature (-> enabled-features
+                                     (set/difference cfeat/no-migration-features)
+                                     (set/difference (:features file)))]
+                   (vswap! *state* update :pending-to-migrate (fnil conj []) [feature file-id']))
 
-          (l/debug :hint "create file" :id file-id' ::l/sync? true)
+            file (-> file
+                     (assoc :project-id project-id)
+                     (assoc :created-at timestamp)
+                     (assoc :modified-at timestamp)
+                     (dissoc :thumbnails)
+                     (update :features
+                             (fn [features]
+                               (let [features (cfeat/check-supported-features! features)]
+                                 (-> enabled-features
+                                     (set/difference cfeat/frontend-only-features)
+                                     (set/union features))))))
+
+            _    (when (contains? cf/flags :file-schema-validation)
+                   (fval/validate-file-schema! file))
+
+            _    (when (contains? cf/flags :soft-file-schema-validation)
+                   (let [result (ex/try! (fval/validate-file-schema! file))]
+                     (when (ex/exception? result)
+                       (l/error :hint "file schema validation error" :cause result))))
+
+            file (if (contains? (:features file) "fdata/objects-map")
+                   (feat.fdata/enable-objects-map file)
+                   file)
+
+            file (if (contains? (:features file) "fdata/pointer-map")
+                   (binding [pmap/*tracked* (pmap/create-tracked)]
+                     (let [file (feat.fdata/enable-pointer-map file)]
+                       (feat.fdata/persist-pointers! system file-id')
+                       file))
+                   file)
+
+            file (-> file
+                     (update :features #(db/create-array conn "text" %))
+                     (update :data blob/encode))]
+
+          (l/dbg :hint "create file" :id (str file-id') ::l/sync? true)
 
           (if overwrite?
-            (create-or-update-file conn params)
-            (db/insert! conn :file params))
-
-          (files/persist-pointers! conn file-id')
+            (create-or-update-file! conn file)
+            (db/insert! conn :file file))
 
           (when overwrite?
-            (db/delete! conn :file-thumbnail {:file-id file-id'})))))))
+            (db/delete! conn :file-thumbnail {:file-id file-id'}))
+
+          file-id'))))
 
 (defmethod read-section :v1/rels
-  [{:keys [conn ::input ::timestamp]}]
-  (let [rels (read-obj! input)]
+  [{:keys [::db/conn ::input ::timestamp]}]
+  (let [rels (read-obj! input)
+        ids  (into #{} (-> *state* deref :files))]
     ;; Insert all file relations
-    (doseq [rel rels]
+    (doseq [{:keys [library-file-id] :as rel} rels]
       (let [rel (-> rel
                     (assoc :synced-at timestamp)
                     (update :file-id lookup-index)
                     (update :library-file-id lookup-index))]
-        (l/debug :hint "create file library link"
-                 :file-id (:file-id rel)
-                 :lib-id (:library-file-id rel)
-                 ::l/sync? true)
-        (db/insert! conn :file-library-rel rel)))))
+
+        (if (contains? ids library-file-id)
+          (do
+            (l/dbg :hint "create file library link"
+                   :file-id (:file-id rel)
+                   :lib-id (:library-file-id rel)
+                   ::l/sync? true)
+            (db/insert! conn :file-library-rel rel))
+
+          (l/warn :hint "ignoring file library link"
+                  :file-id (:file-id rel)
+                  :lib-id (:library-file-id rel)
+                  ::l/sync? true))))))
 
 (defmethod read-section :v1/sobjects
-  [{:keys [::sto/storage conn ::input ::overwrite?]}]
+  [{:keys [::sto/storage ::db/conn ::input ::overwrite? ::timestamp]}]
   (let [storage (media/configure-assets-storage storage)
-        ids     (read-obj! input)]
+        ids     (read-obj! input)
+        thumb?  (into #{} (map :media-id) (:thumbnails @*state*))]
 
     (doseq [expected-storage-id ids]
       (let [id    (read-uuid! input)
@@ -707,43 +863,62 @@
                     :code :inconsistent-penpot-file
                     :hint "the penpot file seems corrupt, found unexpected uuid (storage-object-id)"))
 
-        (l/debug :hint "readed storage object" :id id ::l/sync? true)
+        (l/dbg :hint "readed storage object" :id (str id) ::l/sync? true)
 
         (let [[size resource] (read-stream! input)
               hash            (sto/calculate-hash resource)
               content         (-> (sto/content resource size)
                                   (sto/wrap-with-hash hash))
+
               params          (-> mdata
-                                  (assoc ::sto/deduplicate? true)
                                   (assoc ::sto/content content)
-                                  (assoc ::sto/touched-at (dt/now))
-                                  (assoc :bucket "file-media-object"))
+                                  (assoc ::sto/deduplicate? true)
+                                  (assoc ::sto/touched-at timestamp))
 
-              sobject         @(sto/put-object! storage params)]
+              params          (if (thumb? id)
+                                (assoc params :bucket "file-object-thumbnail")
+                                (assoc params :bucket "file-media-object"))
+
+              sobject         (sto/put-object! storage params)]
+
+          (l/dbg :hint "persisted storage object"
+                 :old-id (str id)
+                 :new-id (str (:id sobject))
+                 :is-thumbnail (boolean (thumb? id))
+                 ::l/sync? true)
 
-          (l/debug :hint "persisted storage object" :id id :new-id (:id sobject) ::l/sync? true)
           (vswap! *state* update :index assoc id (:id sobject)))))
 
     (doseq [item (:media @*state*)]
-      (l/debug :hint "inserting file media object"
-               :id (:id item)
-               :file-id (:file-id item)
-               ::l/sync? true)
+      (l/dbg :hint "inserting file media object"
+             :id (str (:id item))
+             :file-id (str (:file-id item))
+             ::l/sync? true)
 
       (let [file-id (lookup-index (:file-id item))]
         (if (= file-id (:file-id item))
-          (l/warn :hint "ignoring file media object" :file-id (:file-id item) ::l/sync? true)
+          (l/warn :hint "ignoring file media object" :file-id (str file-id) ::l/sync? true)
           (db/insert! conn :file-media-object
                       (-> item
                           (assoc :file-id file-id)
                           (d/update-when :media-id lookup-index)
                           (d/update-when :thumbnail-id lookup-index))
-                      {:on-conflict-do-nothing overwrite?}))))))
+                      {::db/on-conflict-do-nothing? overwrite?}))))
+
+    (doseq [item (:thumbnails @*state*)]
+      (let [item (update item :media-id lookup-index)]
+        (l/dbg :hint "inserting file object thumbnail"
+               :file-id (str (:file-id item))
+               :media-id (str (:media-id item))
+               :object-id (:object-id item)
+               ::l/sync? true)
+        (db/insert! conn :file-tagged-object-thumbnail item
+                    {::db/on-conflict-do-nothing? overwrite?})))))
 
 (defn- lookup-index
   [id]
   (let [val (get-in @*state* [:index id])]
-    (l/trace :fn "lookup-index" :id id :val val ::l/sync? true)
+    (l/trc :fn "lookup-index" :id id :val val ::l/sync? true)
     (when (and (not (::ignore-index-errors? *options*)) (not val))
       (ex/raise :type :validation
                 :code :incomplete-index
@@ -756,7 +931,7 @@
          index index]
     (if-let [id (first items)]
       (let [new-id (if (::overwrite? *options*) id (uuid/next))]
-        (l/trace :fn "update-index" :id id :new-id new-id ::l/sync? true)
+        (l/trc :fn "update-index" :id id :new-id new-id ::l/sync? true)
         (recur (rest items)
                (assoc index id new-id)))
       index)))
@@ -774,8 +949,7 @@
               (update-in [:metadata :id] lookup-index)
 
               ;; Relink paths with fill image
-              (and (map? (:fill-image form))
-                   (= :path (:type form)))
+              (map? (:fill-image form))
               (update-in [:fill-image :id] lookup-index)
 
               ;; This covers old shapes and the new :fills.
@@ -834,8 +1008,8 @@
         ab (volatile! false)
         cs (volatile! nil)]
     (try
-      (l/info :hint "start exportation" :export-id id)
-      (with-open [^AutoCloseable output (io/output-stream output)]
+      (l/info :hint "start exportation" :export-id (str id))
+      (pu/with-open [output (io/output-stream output)]
         (binding [*position* (atom 0)]
           (write-export! (assoc cfg ::output output))))
 
@@ -850,7 +1024,7 @@
         (throw cause))
 
       (finally
-        (l/info :hint "exportation finished" :export-id id
+        (l/info :hint "exportation finished" :export-id (str id)
                 :elapsed (str (inst-ms (tp)) "ms")
                 :aborted @ab
                 :cause @cs)))))
@@ -858,7 +1032,7 @@
 (defn export-to-tmpfile!
   [cfg]
   (let [path (tmp/tempfile :prefix "penpot.export.")]
-    (with-open [^AutoCloseable output (io/output-stream path)]
+    (pu/with-open [output (io/output-stream path)]
       (export! cfg output)
       path)))
 
@@ -867,10 +1041,10 @@
   (let [id (uuid/next)
         tp (dt/tpoint)
         cs (volatile! nil)]
-    (l/info :hint "import: started" :import-id id)
+    (l/info :hint "import: started" :id (str id))
     (try
       (binding [*position* (atom 0)]
-        (with-open [^AutoCloseable input (io/input-stream input)]
+        (pu/with-open [input (io/input-stream input)]
           (read-import! (assoc cfg ::input input))))
 
       (catch Throwable cause
@@ -879,54 +1053,78 @@
 
       (finally
         (l/info :hint "import: terminated"
-                :import-id id
+                :id (str id)
                 :elapsed (dt/format-duration (tp))
-                :error? (some? @cs)
-                :cause @cs
-                )))))
+                :error? (some? @cs))))))
+
 
 ;; --- Command: export-binfile
 
-(s/def ::file-id ::us/uuid)
-(s/def ::include-libraries? ::us/boolean)
-(s/def ::embed-assets? ::us/boolean)
-
-(s/def ::export-binfile
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::file-id ::include-libraries? ::embed-assets?]))
+(def ^:private
+  schema:export-binfile
+  (sm/define
+    [:map {:title "export-binfile"}
+     [:file-id ::sm/uuid]
+     [:include-libraries? :boolean]
+     [:embed-assets? :boolean]]))
 
 (sv/defmethod ::export-binfile
   "Export a penpot file in a binary format."
   {::doc/added "1.15"
-   ::webhooks/event? true}
+   ::webhooks/event? true
+   ::sm/result schema:export-binfile}
   [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id include-libraries? embed-assets?] :as params}]
   (files/check-read-permissions! pool profile-id file-id)
-  (let [body (reify yrs/StreamableResponseBody
-               (-write-body-to-stream [_ _ output-stream]
-                 (-> cfg
-                     (assoc ::file-ids [file-id])
-                     (assoc ::embed-assets? embed-assets?)
-                     (assoc ::include-libraries? include-libraries?)
-                     (export! output-stream))))]
+  (fn [_]
+    {::rres/status 200
+     ::rres/headers {"content-type" "application/octet-stream"}
+     ::rres/body (reify rres/StreamableResponseBody
+                   (-write-body-to-stream [_ _ output-stream]
+                     (-> cfg
+                         (assoc ::file-ids [file-id])
+                         (assoc ::embed-assets? embed-assets?)
+                         (assoc ::include-libraries? include-libraries?)
+                         (export! output-stream))))}))
 
-    (fn [_]
-      (yrs/response 200 body {"content-type" "application/octet-stream"}))))
 
-(s/def ::file ::media/upload)
-(s/def ::import-binfile
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::project-id ::file]))
+;; --- Command: import-binfile
+
+(def ^:private
+  schema:import-binfile
+  (sm/define
+    [:map {:title "import-binfile"}
+     [:project-id ::sm/uuid]
+     [:file ::media/upload]]))
+
+(declare ^:private import-binfile)
 
 (sv/defmethod ::import-binfile
   "Import a penpot file in a binary format."
   {::doc/added "1.15"
-   ::webhooks/event? true}
+   ::webhooks/event? true
+   ::sse/stream? true
+   ::sm/params schema:import-binfile}
   [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id project-id file] :as params}]
-  (db/with-atomic [conn pool]
-    (projects/check-read-permissions! conn profile-id project-id)
-    (let [ids (import! (assoc cfg
-                              ::input (:path file)
-                              ::project-id project-id
-                              ::ignore-index-errors? true))]
-      (rph/with-meta ids
-        {::audit/props {:file nil :file-ids ids}}))))
+  (projects/check-read-permissions! pool profile-id project-id)
+  (let [params (-> cfg
+                   (assoc ::input (:path file))
+                   (assoc ::project-id project-id)
+                   (assoc ::profile-id profile-id)
+                   (assoc ::ignore-index-errors? true))]
+    (with-meta
+      (sse/response #(import-binfile params))
+      {::audit/props {:file nil}})))
+
+(defn- import-binfile
+  [{:keys [::wrk/executor ::project-id] :as params}]
+  (db/tx-run! params
+              (fn [{:keys [::db/conn] :as params}]
+                ;; NOTE: the importation process performs some operations that
+                ;; are not very friendly with virtual threads, and for avoid
+                ;; unexpected blocking of other concurrent operations we
+                ;; dispatch that operation to a dedicated executor.
+                (let [result (p/thread-call executor (partial import! params))]
+                  (db/update! conn :project
+                              {:modified-at (dt/now)}
+                              {:id project-id})
+                  (deref result)))))

backend/src/app/rpc/commands/comments.clj

@@ -12,6 +12,7 @@
    [app.common.spec :as us]
    [app.common.uuid :as uuid]
    [app.db :as db]
+   [app.features.fdata :as feat.fdata]
    [app.loggers.audit :as-alias audit]
    [app.loggers.webhooks :as-alias webhooks]
    [app.rpc :as-alias rpc]
@@ -19,8 +20,8 @@
    [app.rpc.commands.teams :as teams]
    [app.rpc.doc :as-alias doc]
    [app.rpc.quotes :as quotes]
+   [app.rpc.retry :as rtry]
    [app.util.pointer-map :as pmap]
-   [app.util.retry :as rtry]
    [app.util.services :as sv]
    [app.util.time :as dt]
    [clojure.spec.alpha :as s]))
@@ -43,15 +44,17 @@
 
 (defn- get-file
   "A specialized version of get-file for comments module."
-  [conn file-id page-id]
-  (binding [pmap/*load-fn* (partial files/load-pointer conn file-id)]
-    (if-let [{:keys [data] :as file} (some-> (db/exec-one! conn [sql:get-file file-id]) (files/decode-row))]
+  [{:keys [::db/conn] :as cfg} file-id page-id]
+  (if-let [{:keys [data] :as file} (some-> (db/exec-one! conn [sql:get-file file-id])
+                                           (files/decode-row))]
+    (binding [pmap/*load-fn* (partial feat.fdata/load-pointer cfg file-id)]
       (-> file
           (assoc :page-name (dm/get-in data [:pages-index page-id :name]))
-          (assoc :page-id page-id))
-      (ex/raise :type :not-found
-                :code :object-not-found
-                :hint "file not found"))))
+          (assoc :page-id page-id)))
+
+    (ex/raise :type :not-found
+              :code :object-not-found
+              :hint "file not found")))
 
 (defn- get-comment-thread
   [conn thread-id & {:as opts}]
@@ -101,7 +104,7 @@
 (sv/defmethod ::get-comment-threads
   {::doc/added "1.15"}
   [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id share-id] :as params}]
-  (with-open [conn (db/open pool)]
+  (dm/with-open [conn (db/open pool)]
     (files/check-comment-permissions! conn profile-id file-id share-id)
     (get-comment-threads conn profile-id file-id)))
 
@@ -144,7 +147,7 @@
 (sv/defmethod ::get-unread-comment-threads
   {::doc/added "1.15"}
   [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id] :as params}]
-  (with-open [conn (db/open pool)]
+  (dm/with-open [conn (db/open pool)]
     (teams/check-read-permissions! conn profile-id team-id)
     (get-unread-comment-threads conn profile-id team-id)))
 
@@ -191,7 +194,7 @@
 (sv/defmethod ::get-comment-thread
   {::doc/added "1.15"}
   [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id id share-id] :as params}]
-  (with-open [conn (db/open pool)]
+  (dm/with-open [conn (db/open pool)]
     (files/check-comment-permissions! conn profile-id file-id share-id)
     (let [sql (str "with threads as (" sql:comment-threads ")"
                    "select * from threads where id = ?")]
@@ -211,7 +214,7 @@
 (sv/defmethod ::get-comments
   {::doc/added "1.15"}
   [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id thread-id share-id] :as params}]
-  (with-open [conn (db/open pool)]
+  (dm/with-open [conn (db/open pool)]
     (let [{:keys [file-id] :as thread} (get-comment-thread conn thread-id)]
       (files/check-comment-permissions! conn profile-id file-id share-id)
       (get-comments conn thread-id))))
@@ -263,7 +266,7 @@
   {::doc/added "1.15"
    ::doc/changes ["1.15" "Imported from queries and renamed."]}
   [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id share-id]}]
-  (with-open [conn (db/open pool)]
+  (dm/with-open [conn (db/open pool)]
     (files/check-comment-permissions! conn profile-id file-id share-id)
     (get-file-comments-users conn file-id profile-id)))
 
@@ -288,37 +291,37 @@
 (sv/defmethod ::create-comment-thread
   {::doc/added "1.15"
    ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg}
-   {:keys [::rpc/profile-id ::rpc/request-at file-id page-id share-id position content frame-id]}]
+  [cfg {:keys [::rpc/profile-id ::rpc/request-at file-id page-id share-id position content frame-id]}]
+  (db/tx-run! cfg
+              (fn [{:keys [::db/conn] :as cfg}]
+                (files/check-comment-permissions! conn profile-id file-id share-id)
+                (let [{:keys [team-id project-id page-name] :as file} (get-file cfg file-id page-id)]
 
-  (db/with-atomic [conn pool]
-    (let [{:keys [team-id project-id page-name] :as file} (get-file conn file-id page-id)]
-      (files/check-comment-permissions! conn profile-id file-id share-id)
+                  (run! (partial quotes/check-quote! conn)
+                        (list {::quotes/id ::quotes/comment-threads-per-file
+                               ::quotes/profile-id profile-id
+                               ::quotes/team-id team-id
+                               ::quotes/project-id project-id
+                               ::quotes/file-id file-id}
+                              {::quotes/id ::quotes/comments-per-file
+                               ::quotes/profile-id profile-id
+                               ::quotes/team-id team-id
+                               ::quotes/project-id project-id
+                               ::quotes/file-id file-id}))
 
-      (run! (partial quotes/check-quote! conn)
-            (list {::quotes/id ::quotes/comment-threads-per-file
-                   ::quotes/profile-id profile-id
-                   ::quotes/team-id team-id
-                   ::quotes/project-id project-id
-                   ::quotes/file-id file-id}
-                  {::quotes/id ::quotes/comments-per-file
-                   ::quotes/profile-id profile-id
-                   ::quotes/team-id team-id
-                   ::quotes/project-id project-id
-                   ::quotes/file-id file-id}))
-
-      (rtry/with-retry {::rtry/when rtry/conflict-exception?
-                        ::rtry/max-retries 3
-                        ::rtry/label "create-comment-thread"}
-        (create-comment-thread conn
-                               {:created-at request-at
-                                :profile-id profile-id
-                                :file-id file-id
-                                :page-id page-id
-                                :page-name page-name
-                                :position position
-                                :content content
-                                :frame-id frame-id})))))
+                  (rtry/with-retry {::rtry/when rtry/conflict-exception?
+                                    ::rtry/max-retries 3
+                                    ::rtry/label "create-comment-thread"
+                                    ::db/conn conn}
+                    (create-comment-thread conn
+                                           {:created-at request-at
+                                            :profile-id profile-id
+                                            :file-id file-id
+                                            :page-id page-id
+                                            :page-name page-name
+                                            :position position
+                                            :content content
+                                            :frame-id frame-id}))))))
 
 
 (defn- create-comment-thread
@@ -401,8 +404,7 @@
 
 ;; --- COMMAND: Add Comment
 
-(declare get-comment-thread)
-(declare create-comment)
+(declare ^:private get-comment-thread)
 
 (s/def ::create-comment
   (s/keys :req [::rpc/profile-id]
@@ -412,49 +414,51 @@
 (sv/defmethod ::create-comment
   {::doc/added "1.15"
    ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id ::rpc/request-at thread-id share-id content] :as params}]
-  (db/with-atomic [conn pool]
-    (let [{:keys [file-id page-id] :as thread} (get-comment-thread conn thread-id ::db/for-update? true)
-          {:keys [team-id project-id page-name] :as file} (get-file conn file-id page-id)]
+  [cfg {:keys [::rpc/profile-id ::rpc/request-at thread-id share-id content]}]
+  (db/tx-run! cfg
+              (fn [{:keys [::db/conn] :as cfg}]
+                (let [{:keys [file-id page-id] :as thread} (get-comment-thread conn thread-id ::db/for-update? true)
+                      {:keys [team-id project-id page-name] :as file} (get-file cfg file-id page-id)]
 
-      (files/check-comment-permissions! conn profile-id (:id file) share-id)
-      (quotes/check-quote! conn
-                           {::quotes/id ::quotes/comments-per-file
-                            ::quotes/profile-id profile-id
-                            ::quotes/team-id team-id
-                            ::quotes/project-id project-id
-                            ::quotes/file-id (:id file)})
+                  (files/check-comment-permissions! conn profile-id (:id file) share-id)
+                  (quotes/check-quote! conn
+                                       {::quotes/id ::quotes/comments-per-file
+                                        ::quotes/profile-id profile-id
+                                        ::quotes/team-id team-id
+                                        ::quotes/project-id project-id
+                                        ::quotes/file-id (:id file)})
 
-      ;; Update the page-name cached attribute on comment thread table.
-      (when (not= page-name (:page-name thread))
-        (db/update! conn :comment-thread
-                    {:page-name page-name}
-                    {:id thread-id}))
+                  ;; Update the page-name cached attribute on comment thread table.
+                  (when (not= page-name (:page-name thread))
+                    (db/update! conn :comment-thread
+                                {:page-name page-name}
+                                {:id thread-id}))
 
-      (let [comment (db/insert! conn :comment
-                                {:id (uuid/next)
-                                 :created-at request-at
-                                 :modified-at request-at
-                                 :thread-id thread-id
-                                 :owner-id profile-id
-                                 :content content})
-            props    {:file-id file-id
-                      :share-id nil}]
+                  (let [comment (db/insert! conn :comment
+                                            {:id (uuid/next)
+                                             :created-at request-at
+                                             :modified-at request-at
+                                             :thread-id thread-id
+                                             :owner-id profile-id
+                                             :content content})
+                        props    {:file-id file-id
+                                  :share-id nil}]
 
-        ;; Update thread modified-at attribute and assoc the current
-        ;; profile to the participant set.
-        (db/update! conn :comment-thread
-                    {:modified-at request-at
-                     :participants (-> (:participants thread #{})
-                                       (conj profile-id)
-                                       (db/tjson))}
-                    {:id thread-id})
+                    ;; Update thread modified-at attribute and assoc the current
+                    ;; profile to the participant set.
+                    (db/update! conn :comment-thread
+                                {:modified-at request-at
+                                 :participants (-> (:participants thread #{})
+                                                   (conj profile-id)
+                                                   (db/tjson))}
+                                {:id thread-id})
 
-        ;; Update the current profile status in relation to the
-        ;; current thread.
-        (upsert-comment-thread-status! conn profile-id thread-id request-at)
+                    ;; Update the current profile status in relation to the
+                    ;; current thread.
+                    (upsert-comment-thread-status! conn profile-id thread-id request-at)
+
+                    (vary-meta comment assoc ::audit/props props))))))
 
-        (vary-meta comment assoc ::audit/props props)))))
 
 ;; --- COMMAND: Update Comment
 
@@ -465,29 +469,31 @@
 
 (sv/defmethod ::update-comment
   {::doc/added "1.15"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id ::rpc/request-at id share-id content] :as params}]
-  (db/with-atomic [conn pool]
-    (let [{:keys [thread-id] :as comment} (get-comment conn id ::db/for-update? true)
-          {:keys [file-id page-id owner-id] :as thread} (get-comment-thread conn thread-id ::db/for-update? true)]
+  [cfg {:keys [::rpc/profile-id ::rpc/request-at id share-id content]}]
 
-      (files/check-comment-permissions! conn profile-id file-id share-id)
+  (db/tx-run! cfg
+              (fn [{:keys [::db/conn] :as cfg}]
+                (let [{:keys [thread-id owner-id] :as comment} (get-comment conn id ::db/for-update? true)
+                      {:keys [file-id page-id] :as thread} (get-comment-thread conn thread-id ::db/for-update? true)]
 
-      ;; Don't allow edit comments to not owners
-      (when-not (= owner-id profile-id)
-        (ex/raise :type :validation
-                  :code :not-allowed))
+                  (files/check-comment-permissions! conn profile-id file-id share-id)
 
-      (let [{:keys [page-name] :as file} (get-file conn file-id page-id)]
-        (db/update! conn :comment
-                    {:content content
-                     :modified-at request-at}
-                    {:id id})
+                  ;; Don't allow edit comments to not owners
+                  (when-not (= owner-id profile-id)
+                    (ex/raise :type :validation
+                              :code :not-allowed))
 
-        (db/update! conn :comment-thread
-                    {:modified-at request-at
-                     :page-name page-name}
-                    {:id thread-id})
-        nil))))
+                  (let [{:keys [page-name] :as file} (get-file cfg file-id page-id)]
+                    (db/update! conn :comment
+                                {:content content
+                                 :modified-at request-at}
+                                {:id id})
+
+                    (db/update! conn :comment-thread
+                                {:modified-at request-at
+                                 :page-name page-name}
+                                {:id thread-id})
+                    nil)))))
 
 ;; --- COMMAND: Delete Comment Thread
 
@@ -498,7 +504,7 @@
 
 (sv/defmethod ::delete-comment-thread
   {::doc/added "1.15"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id share-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id share-id]}]
   (db/with-atomic [conn pool]
     (let [{:keys [owner-id file-id] :as thread} (get-comment-thread conn id ::db/for-update? true)]
       (files/check-comment-permissions! conn profile-id file-id share-id)
@@ -538,12 +544,12 @@
 
 (sv/defmethod ::update-comment-thread-position
   {::doc/added "1.15"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id position frame-id share-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id ::rpc/request-at id position frame-id share-id]}]
   (db/with-atomic [conn pool]
     (let [{:keys [file-id] :as thread} (get-comment-thread conn id ::db/for-update? true)]
       (files/check-comment-permissions! conn profile-id file-id share-id)
       (db/update! conn :comment-thread
-                  {:modified-at (::rpc/request-at params)
+                  {:modified-at request-at
                    :position (db/pgpoint position)
                    :frame-id frame-id}
                   {:id (:id thread)})
@@ -558,12 +564,12 @@
 
 (sv/defmethod ::update-comment-thread-frame
   {::doc/added "1.15"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id frame-id share-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id ::rpc/request-at id frame-id share-id]}]
   (db/with-atomic [conn pool]
     (let [{:keys [file-id] :as thread} (get-comment-thread conn id ::db/for-update? true)]
       (files/check-comment-permissions! conn profile-id file-id share-id)
       (db/update! conn :comment-thread
-                  {:modified-at (::rpc/request-at params)
+                  {:modified-at request-at
                    :frame-id frame-id}
                   {:id id})
       nil)))

backend/src/app/rpc/commands/demo.clj

@@ -13,6 +13,7 @@
    [app.loggers.audit :as audit]
    [app.rpc :as-alias rpc]
    [app.rpc.commands.auth :as auth]
+   [app.rpc.commands.profile :as profile]
    [app.rpc.doc :as-alias doc]
    [app.util.services :as sv]
    [app.util.time :as dt]
@@ -48,7 +49,7 @@
                   :fullname fullname
                   :is-active true
                   :deleted-at (dt/in-future cf/deletion-delay)
-                  :password password
+                  :password (profile/derive-password cfg password)
                   :props {}}]
 
     (db/with-atomic [conn pool]

backend/src/app/rpc/commands/files_create.clj

@@ -7,15 +7,20 @@
 (ns app.rpc.commands.files-create
   (:require
    [app.common.data :as d]
-   [app.common.files.features :as ffeat]
+   [app.common.data.macros :as dm]
+   [app.common.features :as cfeat]
+   [app.common.schema :as sm]
    [app.common.types.file :as ctf]
    [app.common.uuid :as uuid]
+   [app.config :as cf]
    [app.db :as db]
+   [app.features.fdata :as feat.fdata]
    [app.loggers.audit :as-alias audit]
    [app.loggers.webhooks :as-alias webhooks]
    [app.rpc :as-alias rpc]
    [app.rpc.commands.files :as files]
    [app.rpc.commands.projects :as projects]
+   [app.rpc.commands.teams :as teams]
    [app.rpc.doc :as-alias doc]
    [app.rpc.permissions :as perms]
    [app.rpc.quotes :as quotes]
@@ -24,7 +29,7 @@
    [app.util.pointer-map :as pmap]
    [app.util.services :as sv]
    [app.util.time :as dt]
-   [clojure.spec.alpha :as s]))
+   [clojure.set :as set]))
 
 (defn create-file-role!
   [conn {:keys [file-id profile-id role]}]
@@ -34,24 +39,34 @@
          (db/insert! conn :file-profile-rel))))
 
 (defn create-file
-  [conn {:keys [id name project-id is-shared data revn
-                modified-at deleted-at create-page
-                ignore-sync-until features]
-         :or {is-shared false revn 0 create-page true}
-         :as params}]
-  (let [id       (or id (:id data) (uuid/next))
-        features (-> (into files/default-features features)
-                     (files/check-features-compatibility!))
+  [{:keys [::db/conn] :as cfg}
+   {:keys [id name project-id is-shared revn
+           modified-at deleted-at create-page
+           ignore-sync-until features]
+    :or {is-shared false revn 0 create-page true}
+    :as params}]
 
-        data     (or data
-                     (binding [ffeat/*current* features
-                               ffeat/*wrap-with-objects-map-fn* (if (features "storate/objects-map") omap/wrap identity)
-                               ffeat/*wrap-with-pointer-map-fn* (if (features "storage/pointer-map") pmap/wrap identity)]
-                       (if create-page
-                         (ctf/make-file-data id)
-                         (ctf/make-file-data id nil))))
+  (dm/assert!
+   "expected a valid connection"
+   (db/connection? conn))
+
+  (let [id       (or id (uuid/next))
+
+        pointers (pmap/create-tracked)
+        pmap?    (contains? features "fdata/pointer-map")
+        omap?    (contains? features "fdata/objects-map")
+
+        data     (binding [pmap/*tracked* pointers
+                           cfeat/*current* features
+                           cfeat/*wrap-with-objects-map-fn* (if omap? omap/wrap identity)
+                           cfeat/*wrap-with-pointer-map-fn* (if pmap? pmap/wrap identity)]
+                   (if create-page
+                     (ctf/make-file-data id)
+                     (ctf/make-file-data id nil)))
+
+        features (->> (set/difference features cfeat/frontend-only-features)
+                      (db/create-array conn "text"))
 
-        features (db/create-array conn "text" features)
         file     (db/insert! conn :file
                              (d/without-nils
                               {:id id
@@ -65,37 +80,70 @@
                                :modified-at modified-at
                                :deleted-at deleted-at}))]
 
+    (binding [pmap/*tracked* pointers]
+      (feat.fdata/persist-pointers! cfg id))
+
     (->> (assoc params :file-id id :role :owner)
          (create-file-role! conn))
 
     (db/update! conn :project
-      {:modified-at (dt/now)}
-      {:id project-id})
+                {:modified-at (dt/now)}
+                {:id project-id})
 
     (files/decode-row file)))
 
-(s/def ::create-file
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::files/name
-                   ::files/project-id]
-          :opt-un [::files/id
-                   ::files/is-shared
-                   ::files/features]))
+(def ^:private schema:create-file
+  [:map {:title "create-file"}
+   [:name :string]
+   [:project-id ::sm/uuid]
+   [:id {:optional true} ::sm/uuid]
+   [:is-shared {:optional true} :boolean]
+   [:features {:optional true} ::cfeat/features]])
 
 (sv/defmethod ::create-file
   {::doc/added "1.17"
-   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id project-id] :as params}]
-  (db/with-atomic [conn pool]
-    (projects/check-edition-permissions! conn profile-id project-id)
-    (let [team-id (files/get-team-id conn project-id)
-          params  (assoc params :profile-id profile-id)]
+   ::doc/module :files
+   ::webhooks/event? true
+   ::sm/params schema:create-file}
+  [cfg {:keys [::rpc/profile-id project-id] :as params}]
+  (db/tx-run! cfg
+              (fn [{:keys [::db/conn] :as cfg}]
+                (projects/check-edition-permissions! conn profile-id project-id)
+                (let [team     (teams/get-team conn
+                                               :profile-id profile-id
+                                               :project-id project-id)
+                      team-id  (:id team)
 
-      (run! (partial quotes/check-quote! conn)
-            (list {::quotes/id ::quotes/files-per-project
-                   ::quotes/team-id team-id
-                   ::quotes/profile-id profile-id
-                   ::quotes/project-id project-id}))
+                      ;; When we create files, we only need to respect the team
+                      ;; features, because some features can be enabled
+                      ;; globally, but the team is still not migrated properly.
+                      features (-> (cfeat/get-team-enabled-features cf/flags team)
+                                   (cfeat/check-client-features! (:features params)))
 
-      (-> (create-file conn params)
-          (vary-meta assoc ::audit/props {:team-id team-id})))))
+                      ;; We also include all no migration features declared by
+                      ;; client; that enables the ability to enable a runtime
+                      ;; feature on frontend and make it permanent on file
+                      features (-> (:features params #{})
+                                   (set/intersection cfeat/no-migration-features)
+                                   (set/union features))
+
+                      params   (-> params
+                                   (assoc :profile-id profile-id)
+                                   (assoc :features features))]
+
+                  (run! (partial quotes/check-quote! conn)
+                        (list {::quotes/id ::quotes/files-per-project
+                               ::quotes/team-id team-id
+                               ::quotes/profile-id profile-id
+                               ::quotes/project-id project-id}))
+
+                  ;; When newly computed features does not match exactly with
+                  ;; the features defined on team row, we update it.
+                  (when (not= features (:features team))
+                    (let [features (db/create-array conn "text" features)]
+                      (db/update! conn :team
+                                  {:features features}
+                                  {:id team-id})))
+
+                  (-> (create-file cfg params)
+                      (vary-meta assoc ::audit/props {:team-id team-id}))))))

backend/src/app/rpc/commands/files_share.clj

@@ -36,7 +36,8 @@
 
   Share links are resources that allows external users access to specific
   pages of a file with specific permissions (who-comment and who-inspect)."
-  {::doc/added "1.18"}
+  {::doc/added "1.18"
+   ::doc/module :files}
   [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
   (db/with-atomic [conn pool]
     (files/check-edition-permissions! conn profile-id file-id)
@@ -62,7 +63,8 @@
           :req-un [::us/id]))
 
 (sv/defmethod ::delete-share-link
-  {::doc/added "1.18"}
+  {::doc/added "1.18"
+   ::doc/module ::files}
   [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
   (db/with-atomic [conn pool]
     (let [slink (db/get-by-id conn :share-link id)]

backend/src/app/rpc/commands/files_snapshot.clj

@@ -0,0 +1,135 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.rpc.commands.files-snapshot
+  (:require
+   [app.common.exceptions :as ex]
+   [app.common.logging :as l]
+   [app.common.schema :as sm]
+   [app.common.uuid :as uuid]
+   [app.config :as cf]
+   [app.db :as db]
+   [app.main :as-alias main]
+   [app.media :as media]
+   [app.rpc :as-alias rpc]
+   [app.rpc.commands.profile :as profile]
+   [app.rpc.doc :as-alias doc]
+   [app.storage :as sto]
+   [app.util.services :as sv]
+   [app.util.time :as dt]))
+
+(defn check-authorized!
+  [{:keys [::db/pool]} profile-id]
+  (when-not (or (= "devenv" (cf/get :host))
+                (let [profile (ex/ignoring (profile/get-profile pool profile-id))
+                      admins  (or (cf/get :admins) #{})]
+                  (contains? admins (:email profile))))
+    (ex/raise :type :authentication
+              :code :authentication-required
+              :hint "only admins allowed")))
+
+(defn get-file-snapshots
+  [{:keys [::db/conn]} {:keys [file-id limit start-at]
+                        :or {limit Long/MAX_VALUE}}]
+  (let [query    (str "select id, label, revn, created_at "
+                      "  from file_change "
+                      " where file_id = ? "
+                      "   and created_at < ? "
+                      "   and data is not null "
+                      " order by created_at desc "
+                      " limit ?")
+        start-at (or start-at (dt/now))
+        limit    (min limit 20)]
+
+    (->> (db/exec! conn [query file-id start-at limit])
+         (mapv (fn [row]
+                 (update row :created-at dt/format-instant :rfc1123))))))
+
+(def ^:private schema:get-file-snapshots
+  [:map [:file-id ::sm/uuid]])
+
+(sv/defmethod ::get-file-snapshots
+  {::doc/added "1.20"
+   ::doc/skip true
+   ::sm/params schema:get-file-snapshots}
+  [cfg {:keys [::rpc/profile-id] :as params}]
+  (check-authorized! cfg profile-id)
+  (db/run! cfg #(get-file-snapshots % params)))
+
+(defn restore-file-snapshot!
+  [{:keys [::db/conn ::sto/storage] :as cfg} {:keys [file-id id]}]
+  (let [storage  (media/configure-assets-storage storage conn)
+        params   {:id id :file-id file-id}
+        options  {:columns [:id :data :revn]}
+        snapshot (db/get* conn :file-change params options)]
+
+    (when (and (some? snapshot)
+               (some? (:data snapshot)))
+
+      (l/debug :hint "snapshot found"
+               :snapshot-id (:id snapshot)
+               :file-id file-id)
+
+      (db/update! conn :file
+                  {:data (:data snapshot)}
+                  {:id file-id})
+
+      ;; clean object thumbnails
+      (let [sql (str "delete from file_object_thumbnail "
+                     " where file_id=? returning media_id")
+            res (db/exec! conn [sql file-id])]
+
+        (doseq [media-id (into #{} (keep :media-id) res)]
+          (sto/del-object! storage media-id)))
+
+      ;; clean object thumbnails
+      (let [sql (str "delete from file_thumbnail "
+                     " where file_id=? returning media_id")
+            res (db/exec! conn [sql file-id])]
+        (doseq [media-id (into #{} (keep :media-id) res)]
+          (sto/del-object! storage media-id)))
+
+      {:id (:id snapshot)})))
+
+(def ^:private schema:restore-file-snapshot
+  [:map
+   [:file-id ::sm/uuid]
+   [:id ::sm/uuid]])
+
+(sv/defmethod ::restore-file-snapshot
+  {::doc/added "1.20"
+   ::doc/skip true
+   ::sm/params schema:restore-file-snapshot}
+  [cfg {:keys [::rpc/profile-id] :as params}]
+  (check-authorized! cfg profile-id)
+  (db/tx-run! cfg #(restore-file-snapshot! % params)))
+
+(defn take-file-snapshot!
+  [{:keys [::db/conn]} {:keys [file-id label]}]
+  (when-let [file (db/get* conn :file {:id file-id})]
+    (let [id    (uuid/next)
+          label (or label (str "Snapshot at " (dt/format-instant (dt/now) :rfc1123)))]
+      (l/debug :hint "persisting file snapshot" :file-id file-id :label label)
+      (db/insert! conn :file-change
+                  {:id id
+                   :revn (:revn file)
+                   :data (:data file)
+                   :features (:features file)
+                   :file-id (:id file)
+                   :label label})
+      {:id id})))
+
+(def ^:private schema:take-file-snapshot
+  [:map [:file-id ::sm/uuid]])
+
+(sv/defmethod ::take-file-snapshot
+  {::doc/added "1.20"
+   ::doc/skip true
+   ::sm/params schema:take-file-snapshot}
+  [cfg {:keys [::rpc/profile-id] :as params}]
+  (check-authorized! cfg profile-id)
+  (db/tx-run! cfg #(take-file-snapshot! % params)))
+

backend/src/app/rpc/commands/files_temp.clj

@@ -7,21 +7,26 @@
 (ns app.rpc.commands.files-temp
   (:require
    [app.common.exceptions :as ex]
-   [app.common.pages :as cp]
+   [app.common.features :as cfeat]
+   [app.common.files.changes :as fch]
    [app.common.spec :as us]
    [app.common.uuid :as uuid]
+   [app.config :as cf]
    [app.db :as db]
    [app.rpc :as-alias rpc]
    [app.rpc.commands.files :as files]
-   [app.rpc.commands.files-create :refer [create-file]]
+   [app.rpc.commands.files-create :as files.create]
    [app.rpc.commands.files-update :as-alias files.update]
    [app.rpc.commands.projects :as projects]
+   [app.rpc.commands.teams :as teams]
    [app.rpc.doc :as-alias doc]
    [app.util.blob :as blob]
    [app.util.services :as sv]
    [app.util.time :as dt]
+   [clojure.set :as set]
    [clojure.spec.alpha :as s]))
 
+
 ;; --- MUTATION COMMAND: create-temp-file
 
 (s/def ::create-page ::us/boolean)
@@ -36,26 +41,37 @@
                    ::create-page]))
 
 (sv/defmethod ::create-temp-file
-  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id project-id] :as params}]
-  (db/with-atomic [conn pool]
-    (projects/check-edition-permissions! conn profile-id project-id)
-    (create-file conn (assoc params :profile-id profile-id :deleted-at (dt/in-future {:days 1})))))
+  {::doc/added "1.17"
+   ::doc/module :files}
+  [cfg {:keys [::rpc/profile-id project-id] :as params}]
+  (db/tx-run! cfg (fn [{:keys [::db/conn] :as cfg}]
+                    (projects/check-edition-permissions! conn profile-id project-id)
+                    (let [team     (teams/get-team conn
+                                                   :profile-id profile-id
+                                                   :project-id project-id)
+
+                          ;; When we create files, we only need to respect the team
+                          ;; features, because some features can be enabled
+                          ;; globally, but the team is still not migrated properly.
+                          features (-> (cfeat/get-team-enabled-features cf/flags team)
+                                       (cfeat/check-client-features! (:features params)))
+
+                          ;; We also include all no migration features declared by
+                          ;; client; that enables the ability to enable a runtime
+                          ;; feature on frontend and make it permanent on file
+                          features (-> (:features params #{})
+                                       (set/intersection cfeat/no-migration-features)
+                                       (set/union features))
+
+                          params   (-> params
+                                       (assoc :profile-id profile-id)
+                                       (assoc :deleted-at (dt/in-future {:days 1}))
+                                       (assoc :features features))]
+
+                      (files.create/create-file cfg params)))))
 
 ;; --- MUTATION COMMAND: update-temp-file
 
-(defn update-temp-file
-  [conn {:keys [profile-id session-id id revn changes] :as params}]
-  (db/insert! conn :file-change
-              {:id (uuid/next)
-               :session-id session-id
-               :profile-id profile-id
-               :created-at (dt/now)
-               :file-id id
-               :revn revn
-               :data nil
-               :changes (blob/encode changes)}))
-
 (s/def ::update-temp-file
   (s/keys :req [::rpc/profile-id]
           :req-un [::files.update/changes
@@ -64,11 +80,20 @@
                    ::files/id]))
 
 (sv/defmethod ::update-temp-file
-  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
-  (db/with-atomic [conn pool]
-    (update-temp-file conn (assoc params :profile-id profile-id))
-    nil))
+  {::doc/added "1.17"
+   ::doc/module :files}
+  [cfg {:keys [::rpc/profile-id session-id id revn changes] :as params}]
+  (db/tx-run! cfg (fn [{:keys [::db/conn]}]
+                    (db/insert! conn :file-change
+                                {:id (uuid/next)
+                                 :session-id session-id
+                                 :profile-id profile-id
+                                 :created-at (dt/now)
+                                 :file-id id
+                                 :revn revn
+                                 :data nil
+                                 :changes (blob/encode changes)})
+                    nil)))
 
 ;; --- MUTATION COMMAND: persist-temp-file
 
@@ -84,16 +109,16 @@
       (ex/raise :type :validation
                 :code :cant-persist-already-persisted-file))
 
-    (loop [revs (seq revs)
-           data (blob/decode (:data file))]
-      (if-let [rev (first revs)]
-        (recur (rest revs)
-               (->> rev :changes blob/decode (cp/process-changes data)))
-        (db/update! conn :file
-                    {:deleted-at nil
-                     :revn revn
-                     :data (blob/encode data)}
-                    {:id id})))
+
+    (let [data
+          (->> revs
+               (mapcat #(->> % :changes blob/decode))
+               (fch/process-changes (blob/decode (:data file))))]
+      (db/update! conn :file
+                  {:deleted-at nil
+                   :revn revn
+                   :data (blob/encode data)}
+                  {:id id}))
     nil))
 
 (s/def ::persist-temp-file
@@ -101,8 +126,9 @@
           :req-un [::files/id]))
 
 (sv/defmethod ::persist-temp-file
-  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
-  (db/with-atomic [conn pool]
-    (files/check-edition-permissions! conn profile-id id)
-    (persist-temp-file conn params)))
+  {::doc/added "1.17"
+   ::doc/module :files}
+  [cfg {:keys [::rpc/profile-id id] :as params}]
+  (db/tx-run! cfg (fn [{:keys [::db/conn]}]
+                    (files/check-edition-permissions! conn profile-id id)
+                    (persist-temp-file conn params))))

backend/src/app/rpc/commands/files_thumbnails.clj

@@ -0,0 +1,371 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.rpc.commands.files-thumbnails
+  (:require
+   [app.common.data :as d]
+   [app.common.data.macros :as dm]
+   [app.common.features :as cfeat]
+   [app.common.files.helpers :as cfh]
+   [app.common.files.migrations :as fmg]
+   [app.common.geom.shapes :as gsh]
+   [app.common.schema :as sm]
+   [app.common.thumbnails :as thc]
+   [app.common.types.shape-tree :as ctt]
+   [app.config :as cf]
+   [app.db :as db]
+   [app.features.fdata :as feat.fdata]
+   [app.loggers.audit :as-alias audit]
+   [app.loggers.webhooks :as-alias webhooks]
+   [app.media :as media]
+   [app.rpc :as-alias rpc]
+   [app.rpc.climit :as-alias climit]
+   [app.rpc.commands.files :as files]
+   [app.rpc.commands.teams :as teams]
+   [app.rpc.cond :as-alias cond]
+   [app.rpc.doc :as-alias doc]
+   [app.storage :as sto]
+   [app.util.pointer-map :as pmap]
+   [app.util.services :as sv]
+   [app.util.time :as dt]
+   [clojure.spec.alpha :as s]
+   [cuerdas.core :as str]))
+
+;; --- FEATURES
+
+(def long-cache-duration
+  (dt/duration {:days 7}))
+
+;; --- COMMAND QUERY: get-file-object-thumbnails
+
+(defn- get-object-thumbnails-by-tag
+  [conn file-id tag]
+  (let [sql (str/concat
+             "select object_id, media_id, tag "
+             "  from file_tagged_object_thumbnail"
+             " where file_id=? and tag=?")
+        res (db/exec! conn [sql file-id tag])]
+    (->> res
+         (d/index-by :object-id (fn [row]
+                                  (files/resolve-public-uri (:media-id row))))
+         (d/without-nils))))
+
+(defn- get-object-thumbnails
+  ([conn file-id]
+   (let [sql (str/concat
+              "select object_id, media_id, tag "
+              "  from file_tagged_object_thumbnail"
+              " where file_id=?")
+         res (db/exec! conn [sql file-id])]
+     (->> res
+          (d/index-by :object-id (fn [row]
+                                   (files/resolve-public-uri (:media-id row))))
+          (d/without-nils))))
+
+  ([conn file-id object-ids]
+   (let [sql (str/concat
+              "select object_id, media_id, tag "
+              "  from file_tagged_object_thumbnail"
+              " where file_id=? and object_id = ANY(?)")
+         ids (db/create-array conn "text" (seq object-ids))
+         res (db/exec! conn [sql file-id ids])]
+
+     (->> res
+          (d/index-by :object-id (fn [row]
+                                   (files/resolve-public-uri (:media-id row))))
+          (d/without-nils)))))
+
+(sv/defmethod ::get-file-object-thumbnails
+  "Retrieve a file object thumbnails."
+  {::doc/added "1.17"
+   ::doc/module :files
+   ::sm/params [:map {:title "get-file-object-thumbnails"}
+                [:file-id ::sm/uuid]
+                [:tag {:optional true} :string]]
+   ::sm/result [:map-of :string :string]
+   ::cond/get-object #(files/get-minimal-file %1 (:file-id %2))
+   ::cond/reuse-key? true
+   ::cond/key-fn files/get-file-etag}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id tag] :as params}]
+  (dm/with-open [conn (db/open pool)]
+    (files/check-read-permissions! conn profile-id file-id)
+    (if tag
+      (get-object-thumbnails-by-tag conn file-id tag)
+      (get-object-thumbnails conn file-id))))
+
+;; --- COMMAND QUERY: get-file-data-for-thumbnail
+
+;; We need to improve how we set frame for thumbnail in order to avoid
+;; loading all pages into memory for find the frame set for thumbnail.
+
+(defn get-file-data-for-thumbnail
+  [{:keys [::db/conn] :as cfg} {:keys [data id] :as file}]
+  (letfn [;; function responsible on finding the frame marked to be
+          ;; used as thumbnail; the returned frame always have
+          ;; the :page-id set to the page that it belongs.
+          (get-thumbnail-frame [{:keys [data]}]
+            (d/seek #(or (:use-for-thumbnail %)
+                         (:use-for-thumbnail? %)) ; NOTE: backward comp (remove on v1.21)
+                    (for [page  (-> data :pages-index vals)
+                          frame (-> page :objects ctt/get-frames)]
+                      (assoc frame :page-id (:id page)))))
+
+          ;; function responsible to filter objects data structure of
+          ;; all unneeded shapes if a concrete frame is provided. If no
+          ;; frame, the objects is returned untouched.
+          (filter-objects [objects frame-id]
+            (d/index-by :id (cfh/get-children-with-self objects frame-id)))
+
+          ;; function responsible of assoc available thumbnails
+          ;; to frames and remove all children shapes from objects if
+          ;; thumbnails is available
+          (assoc-thumbnails [objects page-id thumbnails]
+            (loop [objects objects
+                   frames  (filter cfh/frame-shape? (vals objects))]
+
+              (if-let [frame  (-> frames first)]
+                (let [frame-id  (:id frame)
+                      object-id (thc/fmt-object-id (:id file) page-id frame-id "frame")
+                      frame     (if-let [thumb (get thumbnails object-id)]
+                                  (assoc frame :thumbnail thumb :shapes [])
+                                  (dissoc frame :thumbnail))
+
+                      children-ids
+                      (cfh/get-children-ids objects frame-id)
+
+                      bounds
+                      (when (:show-content frame)
+                        (gsh/shapes->rect (cons frame (map (d/getf objects) children-ids))))
+
+                      frame
+                      (cond-> frame
+                        (some? bounds)
+                        (assoc :children-bounds bounds))]
+
+                  (if (:thumbnail frame)
+                    (recur (-> objects
+                               (assoc frame-id frame)
+                               (d/without-keys children-ids))
+                           (rest frames))
+                    (recur (assoc objects frame-id frame)
+                           (rest frames))))
+
+                objects)))]
+
+    (let [frame     (get-thumbnail-frame file)
+          frame-id  (:id frame)
+          page-id   (or (:page-id frame)
+                        (-> data :pages first))
+
+          page      (dm/get-in data [:pages-index page-id])
+          page      (cond-> page (pmap/pointer-map? page) deref)
+          frame-ids (if (some? frame) (list frame-id) (map :id (ctt/get-frames (:objects page))))
+
+          obj-ids   (map #(thc/fmt-object-id (:id file) page-id % "frame") frame-ids)
+          thumbs    (get-object-thumbnails conn id obj-ids)]
+
+      (cond-> page
+        ;; If we have frame, we need to specify it on the page level
+        ;; and remove the all other unrelated objects.
+        (some? frame-id)
+        (-> (assoc :thumbnail-frame-id frame-id)
+            (update :objects filter-objects frame-id))
+
+        ;; Assoc the available thumbnails and prune not visible shapes
+        ;; for avoid transfer unnecessary data.
+        :always
+        (update :objects assoc-thumbnails page-id thumbs)))))
+
+(def ^:private
+  schema:get-file-data-for-thumbnail
+  (sm/define
+    [:map {:title "get-file-data-for-thumbnail"}
+     [:file-id ::sm/uuid]
+     [:features {:optional true} ::cfeat/features]]))
+
+(def ^:private
+  schema:partial-file
+  (sm/define
+    [:map {:title "PartialFile"}
+     [:id ::sm/uuid]
+     [:revn {:min 0} :int]
+     [:page :any]]))
+
+(sv/defmethod ::get-file-data-for-thumbnail
+  "Retrieves the data for generate the thumbnail of the file. Used
+  mainly for render thumbnails on dashboard."
+  {::doc/added "1.17"
+   ::doc/module :files
+   ::sm/params schema:get-file-data-for-thumbnail
+   ::sm/result schema:partial-file}
+  [cfg {:keys [::rpc/profile-id file-id] :as params}]
+  (db/run! cfg (fn [{:keys [::db/conn] :as cfg}]
+                 (files/check-read-permissions! conn profile-id file-id)
+
+                 (let [team     (teams/get-team conn
+                                                :profile-id profile-id
+                                                :file-id file-id)
+
+                       file     (binding [pmap/*load-fn* (partial feat.fdata/load-pointer cfg file-id)]
+                                  (-> (files/get-file cfg file-id :migrate? false)
+                                      (update :data feat.fdata/process-pointers deref)
+                                      (fmg/migrate-file)))]
+
+                   (-> (cfeat/get-team-enabled-features cf/flags team)
+                       (cfeat/check-client-features! (:features params))
+                       (cfeat/check-file-features! (:features file) (:features params)))
+
+                   {:file-id file-id
+                    :revn (:revn file)
+                    :page (get-file-data-for-thumbnail cfg file)}))))
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; MUTATION COMMANDS
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+;; --- MUTATION COMMAND: create-file-object-thumbnail
+
+(def ^:private sql:create-object-thumbnail
+  "insert into file_tagged_object_thumbnail(file_id, object_id, media_id, tag)
+   values (?, ?, ?, ?)
+       on conflict(file_id, tag, object_id) do
+          update set media_id = ?
+   returning *;")
+
+(defn- create-file-object-thumbnail!
+  [{:keys [::db/conn ::sto/storage]} file-id object-id media tag]
+
+  (let [path  (:path media)
+        mtype (:mtype media)
+        hash  (sto/calculate-hash path)
+        data  (-> (sto/content path)
+                  (sto/wrap-with-hash hash))
+        media (sto/put-object! storage
+                               {::sto/content data
+                                ::sto/deduplicate? true
+                                ::sto/touched-at (dt/now)
+                                :content-type mtype
+                                :bucket "file-object-thumbnail"})]
+
+    (db/exec-one! conn [sql:create-object-thumbnail file-id object-id
+                        (:id media) tag (:id media)])))
+
+(def schema:create-file-object-thumbnail
+  [:map {:title "create-file-object-thumbnail"}
+   [:file-id ::sm/uuid]
+   [:object-id :string]
+   [:media ::media/upload]
+   [:tag {:optional true} :string]])
+
+(sv/defmethod ::create-file-object-thumbnail
+  {::doc/added "1.19"
+   ::doc/module :files
+   ::climit/id :file-thumbnail-ops
+   ::climit/key-fn ::rpc/profile-id
+   ::audit/skip true
+   ::sm/params schema:create-file-object-thumbnail}
+
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id object-id media tag]}]
+  (db/with-atomic [conn pool]
+    (files/check-edition-permissions! conn profile-id file-id)
+    (media/validate-media-type! media)
+    (media/validate-media-size! media)
+
+    (when-not (db/read-only? conn)
+      (-> cfg
+          (update ::sto/storage media/configure-assets-storage)
+          (assoc ::db/conn conn)
+          (create-file-object-thumbnail! file-id object-id media (or tag "frame"))))))
+
+;; --- MUTATION COMMAND: delete-file-object-thumbnail
+
+(defn- delete-file-object-thumbnail!
+  [{:keys [::db/conn ::sto/storage]} file-id object-id]
+  (when-let [{:keys [media-id]} (db/get* conn :file-tagged-object-thumbnail
+                                         {:file-id file-id
+                                          :object-id object-id}
+                                         {::db/for-update? true})]
+
+    (sto/touch-object! storage media-id)
+    (db/delete! conn :file-tagged-object-thumbnail
+                {:file-id file-id
+                 :object-id object-id})
+    nil))
+
+(s/def ::delete-file-object-thumbnail
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::file-id ::object-id]))
+
+(sv/defmethod ::delete-file-object-thumbnail
+  {::doc/added "1.19"
+   ::doc/module :files
+   ::climit/id :file-thumbnail-ops
+   ::climit/key-fn ::rpc/profile-id
+   ::audit/skip true}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id object-id]}]
+
+  (db/with-atomic [conn pool]
+    (files/check-edition-permissions! conn profile-id file-id)
+
+    (when-not (db/read-only? conn)
+      (-> cfg
+          (update ::sto/storage media/configure-assets-storage)
+          (assoc ::db/conn conn)
+          (delete-file-object-thumbnail! file-id object-id))
+      nil)))
+
+;; --- MUTATION COMMAND: create-file-thumbnail
+
+(def ^:private sql:create-file-thumbnail
+  "insert into file_thumbnail (file_id, revn, media_id, props)
+   values (?, ?, ?, ?::jsonb)
+       on conflict(file_id, revn) do
+          update set media_id=?, props=?, updated_at=now();")
+
+(defn- create-file-thumbnail!
+  [{:keys [::db/conn ::sto/storage]} {:keys [file-id revn props media] :as params}]
+  (media/validate-media-type! media)
+  (media/validate-media-size! media)
+
+  (let [props (db/tjson (or props {}))
+        path  (:path media)
+        mtype (:mtype media)
+        hash  (sto/calculate-hash path)
+        data  (-> (sto/content path)
+                  (sto/wrap-with-hash hash))
+        media (sto/put-object! storage
+                               {::sto/content data
+                                ::sto/deduplicate? false
+                                :content-type mtype
+                                :bucket "file-thumbnail"})]
+    (db/exec-one! conn [sql:create-file-thumbnail file-id revn
+                        (:id media) props
+                        (:id media) props])
+    media))
+
+(sv/defmethod ::create-file-thumbnail
+  "Creates or updates the file thumbnail. Mainly used for paint the
+  grid thumbnails."
+  {::doc/added "1.19"
+   ::doc/module :files
+   ::audit/skip true
+   ::climit/id :file-thumbnail-ops
+   ::climit/key-fn ::rpc/profile-id
+   ::sm/params [:map {:title "create-file-thumbnail"}
+                [:file-id ::sm/uuid]
+                [:revn :int]
+                [:media ::media/upload]]}
+
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
+  (db/with-atomic [conn pool]
+    (files/check-edition-permissions! conn profile-id file-id)
+    (when-not (db/read-only? conn)
+      (let [media (-> cfg
+                      (update ::sto/storage media/configure-assets-storage)
+                      (assoc ::db/conn conn)
+                      (create-file-thumbnail! params))]
+
+        {:uri (files/resolve-public-uri (:id media))}))))

backend/src/app/rpc/commands/files_update.clj

@@ -6,23 +6,27 @@
 
 (ns app.rpc.commands.files-update
   (:require
+   [app.common.data :as d]
    [app.common.exceptions :as ex]
-   [app.common.files.features :as ffeat]
+   [app.common.features :as cfeat]
+   [app.common.files.changes :as cpc]
+   [app.common.files.migrations :as fmg]
+   [app.common.files.validate :as val]
    [app.common.logging :as l]
-   [app.common.pages :as cp]
-   [app.common.pages.migrations :as pmg]
-   [app.common.spec :as us]
-   [app.common.types.file :as ctf]
+   [app.common.schema :as sm]
    [app.common.uuid :as uuid]
    [app.config :as cf]
    [app.db :as db]
+   [app.features.fdata :as feat.fdata]
+   [app.http.errors :as errors]
    [app.loggers.audit :as audit]
    [app.loggers.webhooks :as webhooks]
    [app.metrics :as mtx]
    [app.msgbus :as mbus]
    [app.rpc :as-alias rpc]
-   [app.rpc.climit :as-alias climit]
+   [app.rpc.climit :as climit]
    [app.rpc.commands.files :as files]
+   [app.rpc.commands.teams :as teams]
    [app.rpc.doc :as-alias doc]
    [app.rpc.helpers :as rph]
    [app.util.blob :as blob]
@@ -30,35 +34,37 @@
    [app.util.pointer-map :as pmap]
    [app.util.services :as sv]
    [app.util.time :as dt]
-   [clojure.spec.alpha :as s]))
+   [app.worker :as-alias wrk]
+   [clojure.set :as set]))
 
-;; --- SPECS
+;; --- SCHEMA
 
-(s/def ::changes
-  (s/coll-of map? :kind vector?))
+(def ^:private
+  schema:update-file
+  (sm/define
+    [:map {:title "update-file"}
+     [:id ::sm/uuid]
+     [:session-id ::sm/uuid]
+     [:revn {:min 0} :int]
+     [:features {:optional true} ::cfeat/features]
+     [:changes {:optional true} [:vector ::cpc/change]]
+     [:changes-with-metadata {:optional true}
+      [:vector [:map
+                [:changes [:vector ::cpc/change]]
+                [:hint-origin {:optional true} :keyword]
+                [:hint-events {:optional true} [:vector :string]]]]]
+     [:skip-validate {:optional true} :boolean]]))
 
-(s/def ::hint-origin ::us/keyword)
-(s/def ::hint-events
-  (s/every ::us/keyword :kind vector?))
-
-(s/def ::change-with-metadata
-  (s/keys :req-un [::changes]
-          :opt-un [::hint-origin
-                   ::hint-events]))
-
-(s/def ::changes-with-metadata
-  (s/every ::change-with-metadata :kind vector?))
-
-(s/def ::session-id ::us/uuid)
-(s/def ::revn ::us/integer)
-(s/def ::update-file
-  (s/and
-   (s/keys :req [::rpc/profile-id]
-           :req-un [::files/id ::session-id ::revn]
-           :opt-un [::changes ::changes-with-metadata ::features])
-   (fn [o]
-     (or (contains? o :changes)
-         (contains? o :changes-with-metadata)))))
+(def ^:private
+  schema:update-file-result
+  (sm/define
+    [:vector {:title "update-file-result"}
+     [:map
+      [:changes [:vector ::cpc/change]]
+      [:file-id ::sm/uuid]
+      [:id ::sm/uuid]
+      [:revn {:min 0} :int]
+      [:session-id ::sm/uuid]]]))
 
 ;; --- HELPERS
 
@@ -68,7 +74,7 @@
 (def ^:private library-change-types
   #{:add-color :mod-color :del-color
     :add-media :mod-media :del-media
-    :add-component :mod-component :del-component
+    :add-component :mod-component :del-component :restore-component
     :add-typography :mod-typography :del-typography})
 
 (def ^:private file-change-types
@@ -78,8 +84,7 @@
 (defn- library-change?
   [{:keys [type] :as change}]
   (or (contains? library-change-types type)
-      (and (contains? file-change-types type)
-           (some? (:component-id change)))))
+      (contains? file-change-types type)))
 
 (def ^:private sql:get-file
   "SELECT f.*, p.team_id
@@ -101,24 +106,25 @@
 
 (defn- wrap-with-pointer-map-context
   [f]
-  (fn [{:keys [conn] :as cfg} {:keys [id] :as file}]
-    (binding [pmap/*tracked* (atom {})
-              pmap/*load-fn* (partial files/load-pointer conn id)
-              ffeat/*wrap-with-pointer-map-fn* pmap/wrap]
+  (fn [cfg {:keys [id] :as file}]
+    (binding [pmap/*tracked* (pmap/create-tracked)
+              pmap/*load-fn* (partial feat.fdata/load-pointer cfg id)
+              cfeat/*wrap-with-pointer-map-fn* pmap/wrap]
       (let [result (f cfg file)]
-        (files/persist-pointers! conn id)
+        (feat.fdata/persist-pointers! cfg id)
         result))))
 
 (defn- wrap-with-objects-map-context
   [f]
   (fn [cfg file]
-    (binding [ffeat/*wrap-with-objects-map-fn* omap/wrap]
+    (binding [cfeat/*wrap-with-objects-map-fn* omap/wrap]
       (f cfg file))))
 
 (declare get-lagged-changes)
 (declare send-notifications!)
 (declare update-file)
 (declare update-file*)
+(declare update-file-data)
 (declare take-snapshot?)
 
 ;; If features are specified from params and the final feature
@@ -126,68 +132,94 @@
 ;; database.
 
 (sv/defmethod ::update-file
-  {::climit/queue :update-file
-   ::climit/key-fn :id
+  {::climit/id :update-file/by-profile
+   ::climit/key-fn ::rpc/profile-id
    ::webhooks/event? true
    ::webhooks/batch-timeout (dt/duration "2m")
    ::webhooks/batch-key (webhooks/key-fn ::rpc/profile-id :id)
-   ::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
-  (db/with-atomic [conn pool]
-    (files/check-edition-permissions! conn profile-id id)
-    (db/xact-lock! conn id)
 
-    (let [cfg    (assoc cfg :conn conn)
-          params (assoc params :profile-id profile-id)
-          tpoint (dt/tpoint)]
-      (-> (update-file cfg params)
-          (rph/with-defer #(let [elapsed (tpoint)]
-                             (l/trace :hint "update-file" :time (dt/format-duration elapsed))))))))
+   ::sm/params schema:update-file
+   ::sm/result schema:update-file-result
+   ::doc/module :files
+   ::doc/added "1.17"}
+  [cfg {:keys [::rpc/profile-id id] :as params}]
+  (db/tx-run! cfg (fn [{:keys [::db/conn] :as cfg}]
+                    (files/check-edition-permissions! conn profile-id id)
+                    (db/xact-lock! conn id)
+
+                    (let [file     (get-file conn id)
+                          team     (teams/get-team conn
+                                                   :profile-id profile-id
+                                                   :team-id (:team-id file))
+
+                          features (-> (cfeat/get-team-enabled-features cf/flags team)
+                                       (cfeat/check-client-features! (:features params))
+                                       (cfeat/check-file-features! (:features file) (:features params)))
+
+                          params   (assoc params
+                                          :profile-id profile-id
+                                          :features features
+                                          :team team
+                                          :file file)
+
+                          tpoint   (dt/tpoint)]
+
+                      ;; When newly computed features does not match exactly with
+                      ;; the features defined on team row, we update it.
+                      (when (not= features (:features team))
+                        (let [features (db/create-array conn "text" features)]
+                          (db/update! conn :team
+                                      {:features features}
+                                      {:id (:id team)})))
+
+                      (binding [l/*context* (some-> (meta params)
+                                                    (get :app.http/request)
+                                                    (errors/request->context))]
+                        (-> (update-file cfg params)
+                            (rph/with-defer #(let [elapsed (tpoint)]
+                                               (l/trace :hint "update-file" :time (dt/format-duration elapsed))))))))))
 
 (defn update-file
-  [{:keys [conn ::mtx/metrics] :as cfg} {:keys [profile-id id changes changes-with-metadata] :as params}]
-  (let [file     (get-file conn id)
-        features (->> (concat (:features file)
-                              (:features params))
-                      (into files/default-features)
-                      (files/check-features-compatibility!))]
+  [{:keys [::db/conn ::mtx/metrics] :as cfg}
+   {:keys [id file features changes changes-with-metadata] :as params}]
+  (let [features  (-> features
+                      (set/difference cfeat/frontend-only-features)
+                      (set/union (:features file)))
 
-    (files/check-edition-permissions! conn profile-id (:id file))
+        update-fn (cond-> update-file*
+                    (contains? features "fdata/pointer-map")
+                    (wrap-with-pointer-map-context)
 
-    (binding [ffeat/*current*  features
-              ffeat/*previous* (:features file)]
-      (let [update-fn (cond-> update-file*
-                        (contains? features "storage/pointer-map")
-                        (wrap-with-pointer-map-context)
+                    (contains? features "fdata/objects-map")
+                    (wrap-with-objects-map-context))
 
-                        (contains? features "storage/objects-map")
-                        (wrap-with-objects-map-context))
+        changes   (if changes-with-metadata
+                    (->> changes-with-metadata (mapcat :changes) vec)
+                    (vec changes))]
 
-            file      (assoc file :features features)
-            changes   (if changes-with-metadata
-                        (->> changes-with-metadata (mapcat :changes) vec)
-                        (vec changes))
+    (when (> (:revn params)
+             (:revn file))
+      (ex/raise :type :validation
+                :code :revn-conflict
+                :hint "The incoming revision number is greater that stored version."
+                :context {:incoming-revn (:revn params)
+                          :stored-revn (:revn file)}))
 
-            params    (-> params
-                          (assoc :file file)
-                          (assoc :changes changes)
-                          (assoc ::created-at (dt/now)))]
+    (mtx/run! metrics {:id :update-file-changes :inc (count changes)})
 
-        (when (> (:revn params)
-                 (:revn file))
-          (ex/raise :type :validation
-                    :code :revn-conflict
-                    :hint "The incoming revision number is greater that stored version."
-                    :context {:incoming-revn (:revn params)
-                              :stored-revn (:revn file)}))
+    (when (not= features (:features file))
+      (let [features (db/create-array conn "text" features)]
+        (db/update! conn :file
+                    {:features features}
+                    {:id id})))
 
-        (mtx/run! metrics {:id :update-file-changes :inc (count changes)})
-
-        (when (not= features (:features file))
-          (let [features (db/create-array conn "text" features)]
-            (db/update! conn :file
-                        {:features features}
-                        {:id id})))
+    (binding [cfeat/*current*  features
+              cfeat/*previous* (:features file)]
+      (let [file   (assoc file :features features)
+            params (-> params
+                       (assoc :file file)
+                       (assoc :changes changes)
+                       (assoc ::created-at (dt/now)))]
 
         (-> (update-fn cfg params)
             (vary-meta assoc ::audit/replace-props
@@ -198,23 +230,16 @@
                         :team-id    (:team-id file)}))))))
 
 (defn- update-file*
-  [{:keys [conn] :as cfg} {:keys [profile-id file changes session-id ::created-at] :as params}]
-  (let [file (-> file
-                 (update :revn inc)
-                 (update :data (fn [data]
-                                 (cond-> data
-                                   :always
-                                   (-> (blob/decode)
-                                       (assoc :id (:id file))
-                                       (pmg/migrate-data))
+  [{:keys [::db/conn ::wrk/executor] :as cfg}
+   {:keys [profile-id file changes session-id ::created-at skip-validate] :as params}]
+  (let [;; Process the file data in the CLIMIT context; scheduling it
+        ;; to be executed on a separated executor for avoid to do the
+        ;; CPU intensive operation on vthread.
 
-                                   (and (contains? ffeat/*current* "components/v2")
-                                        (not (contains? ffeat/*previous* "components/v2")))
-                                   (ctf/migrate-to-components-v2)
+        update-fdata-fn (partial update-file-data cfg file changes skip-validate)
+        file            (-> (climit/configure cfg :update-file/global)
+                            (climit/run! update-fdata-fn executor))]
 
-                                   :always
-                                   (-> (cp/process-changes changes)
-                                       (blob/encode))))))]
     (db/insert! conn :file-change
                 {:id (uuid/next)
                  :session-id session-id
@@ -246,6 +271,74 @@
       ;; Retrieve and return lagged data
       (get-lagged-changes conn params))))
 
+(defn- soft-validate-file-schema!
+  [file]
+  (try
+    (val/validate-file-schema! file)
+    (catch Throwable cause
+      (l/error :hint "file schema validation error" :cause cause))))
+
+(defn- soft-validate-file!
+  [file libs]
+  (try
+    (val/validate-file! file libs)
+    (catch Throwable cause
+      (l/error :hint "file validation error"
+               :cause cause))))
+
+(defn- update-file-data
+  [{:keys [::db/conn] :as cfg} file changes skip-validate]
+  (let [file (update file :data (fn [data]
+                                  (-> data
+                                      (blob/decode)
+                                      (assoc :id (:id file))
+                                      (fmg/migrate-data)
+                                      (d/without-nils))))
+
+        ;; WARNING: this ruins performance; maybe we need to find
+        ;; some other way to do general validation
+        libs (when (and (or (contains? cf/flags :file-validation)
+                            (contains? cf/flags :soft-file-validation))
+                        (not skip-validate))
+               (->> (files/get-file-libraries conn (:id file))
+                    (into [file] (map (fn [{:keys [id]}]
+                                        (binding [pmap/*load-fn* (partial feat.fdata/load-pointer cfg id)
+                                                  pmap/*tracked* nil]
+                                          (-> (files/get-file cfg id :migrate? false)
+                                              (feat.fdata/process-pointers deref) ; ensure all pointers resolved
+                                              (fmg/migrate-file))))))
+                    (d/index-by :id)))
+
+        file (-> (files/check-version! file)
+                 (update :revn inc)
+                 (update :data cpc/process-changes changes))]
+
+    (when (contains? cf/flags :soft-file-validation)
+      (soft-validate-file! file libs))
+
+    (when (contains? cf/flags :soft-file-schema-validation)
+      (soft-validate-file-schema! file))
+
+    (when (and (contains? cf/flags :file-validation)
+               (not skip-validate))
+      (val/validate-file! file libs))
+
+    (when (and (contains? cf/flags :file-schema-validation)
+               (not skip-validate))
+      (val/validate-file-schema! file))
+
+    (cond-> file
+      (and (contains? cfeat/*current* "fdata/objects-map")
+           (not (contains? cfeat/*previous* "fdata/objects-map")))
+      (feat.fdata/enable-objects-map)
+
+      (and (contains? cfeat/*current* "fdata/pointer-map")
+           (not (contains? cfeat/*previous* "fdata/pointer-map")))
+      (feat.fdata/enable-pointer-map)
+
+      :always
+      (update :data blob/encode))))
+
 (defn- take-snapshot?
   "Defines the rule when file `data` snapshot should be saved."
   [{:keys [revn modified-at] :as file}]
@@ -273,11 +366,10 @@
        (vec)))
 
 (defn- send-notifications!
-  [{:keys [conn] :as cfg} {:keys [file changes session-id] :as params}]
+  [cfg {:keys [file team changes session-id] :as params}]
   (let [lchanges (filter library-change? changes)
         msgbus   (::mbus/msgbus cfg)]
 
-    ;; Asynchronously publish message to the msgbus
     (mbus/pub! msgbus
                :topic (:id file)
                :message {:type :file-change
@@ -288,15 +380,12 @@
                          :changes changes})
 
     (when (and (:is-shared file) (seq lchanges))
-      (let [team-id (or (:team-id file)
-                        (files/get-team-id conn (:project-id file)))]
-        ;; Asynchronously publish message to the msgbus
-        (mbus/pub! msgbus
-                   :topic team-id
-                   :message {:type :library-change
-                             :profile-id (:profile-id params)
-                             :file-id (:id file)
-                             :session-id session-id
-                             :revn (:revn file)
-                             :modified-at (dt/now)
-                             :changes lchanges})))))
+      (mbus/pub! msgbus
+                 :topic (:id team)
+                 :message {:type :library-change
+                           :profile-id (:profile-id params)
+                           :file-id (:id file)
+                           :session-id session-id
+                           :revn (:revn file)
+                           :modified-at (dt/now)
+                           :changes lchanges}))))

backend/src/app/rpc/commands/fonts.clj

@@ -6,7 +6,7 @@
 
 (ns app.rpc.commands.fonts
   (:require
-   [app.common.data :as d]
+   [app.common.data.macros :as dm]
    [app.common.exceptions :as ex]
    [app.common.spec :as us]
    [app.common.uuid :as uuid]
@@ -26,9 +26,7 @@
    [app.util.services :as sv]
    [app.util.time :as dt]
    [app.worker :as-alias wrk]
-   [clojure.spec.alpha :as s]
-   [promesa.core :as p]
-   [promesa.exec :as px]))
+   [clojure.spec.alpha :as s]))
 
 (def valid-weight #{100 200 300 400 500 600 700 800 900 950})
 (def valid-style #{"normal" "italic"})
@@ -39,6 +37,7 @@
 (s/def ::id ::us/uuid)
 (s/def ::name ::us/not-empty-string)
 (s/def ::project-id ::us/uuid)
+(s/def ::share-id ::us/uuid)
 (s/def ::style valid-style)
 (s/def ::team-id ::us/uuid)
 (s/def ::weight valid-weight)
@@ -50,7 +49,8 @@
    (s/keys :req [::rpc/profile-id]
            :opt-un [::team-id
                     ::file-id
-                    ::project-id])
+                    ::project-id
+                    ::share-id])
    (fn [o]
      (or (contains? o :team-id)
          (contains? o :file-id)
@@ -58,8 +58,8 @@
 
 (sv/defmethod ::get-font-variants
   {::doc/added "1.18"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id file-id project-id] :as params}]
-  (with-open [conn (db/open pool)]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id file-id project-id share-id] :as params}]
+  (dm/with-open [conn (db/open pool)]
     (cond
       (uuid? team-id)
       (do
@@ -77,8 +77,9 @@
 
       (uuid? file-id)
       (let [file    (db/get-by-id conn :file file-id {:columns [:id :project-id]})
-            project (db/get-by-id conn :project (:project-id file) {:columns [:id :team-id]})]
-        (files/check-read-permissions! conn profile-id file-id)
+            project (db/get-by-id conn :project (:project-id file) {:columns [:id :team-id]})
+            perms   (files/get-permissions conn profile-id file-id share-id)]
+        (files/check-read-permissions! perms)
         (db/query conn :team-font-variant
                   {:team-id (:team-id project)
                    :deleted-at nil})))))
@@ -107,50 +108,45 @@
     (create-font-variant cfg (assoc params :profile-id profile-id))))
 
 (defn create-font-variant
-  [{:keys [::sto/storage ::db/pool ::wrk/executor ::rpc/climit]} {:keys [data] :as params}]
-  (letfn [(generate-fonts [data]
-            (climit/with-dispatch (:process-font climit)
-              (media/run {:cmd :generate-fonts :input data})))
+  [{:keys [::sto/storage ::db/pool] :as cfg} {:keys [data] :as params}]
+  (letfn [(generate-missing! [data]
+            (let [data (media/run {:cmd :generate-fonts :input data})]
+              (when (and (not (contains? data "font/otf"))
+                         (not (contains? data "font/ttf"))
+                         (not (contains? data "font/woff"))
+                         (not (contains? data "font/woff2")))
+                (ex/raise :type :validation
+                          :code :invalid-font-upload
+                          :hint "invalid font upload, unable to generate missing font assets"))
+              data))
 
-          ;; Function responsible of calculating cryptographyc hash of
-          ;; the provided data.
-          (calculate-hash [data]
-            (px/with-dispatch executor
-              (sto/calculate-hash data)))
-
-          (validate-data [data]
-            (when (and (not (contains? data "font/otf"))
-                       (not (contains? data "font/ttf"))
-                       (not (contains? data "font/woff"))
-                       (not (contains? data "font/woff2")))
-              (ex/raise :type :validation
-                        :code :invalid-font-upload))
-            data)
-
-          (persist-font-object [data mtype]
+          (prepare-font [data mtype]
             (when-let [resource (get data mtype)]
-              (p/let [hash    (calculate-hash resource)
-                      content (-> (sto/content resource)
-                                  (sto/wrap-with-hash hash))]
-                (sto/put-object! storage {::sto/content content
-                                          ::sto/touched-at (dt/now)
-                                          ::sto/deduplicate? true
-                                          :content-type mtype
-                                          :bucket "team-font-variant"}))))
+              (let [hash    (sto/calculate-hash resource)
+                    content (-> (sto/content resource)
+                                (sto/wrap-with-hash hash))]
+                {::sto/content content
+                 ::sto/touched-at (dt/now)
+                 ::sto/deduplicate? true
+                 :content-type mtype
+                 :bucket "team-font-variant"})))
 
-          (persist-fonts [data]
-            (p/let [otf   (persist-font-object data "font/otf")
-                    ttf   (persist-font-object data "font/ttf")
-                    woff1 (persist-font-object data "font/woff")
-                    woff2 (persist-font-object data "font/woff2")]
+          (persist-fonts-files! [data]
+            (let [otf-params (prepare-font data "font/otf")
+                  ttf-params (prepare-font data "font/ttf")
+                  wf1-params (prepare-font data "font/woff")
+                  wf2-params (prepare-font data "font/woff2")]
+              (cond-> {}
+                (some? otf-params)
+                (assoc :otf (sto/put-object! storage otf-params))
+                (some? ttf-params)
+                (assoc :ttf (sto/put-object! storage ttf-params))
+                (some? wf1-params)
+                (assoc :woff1 (sto/put-object! storage wf1-params))
+                (some? wf2-params)
+                (assoc :woff2 (sto/put-object! storage wf2-params)))))
 
-              (d/without-nils
-               {:otf otf
-                :ttf ttf
-                :woff1 woff1
-                :woff2 woff2})))
-
-          (insert-into-db [{:keys [woff1 woff2 otf ttf]}]
+          (insert-font-variant! [{:keys [woff1 woff2 otf ttf]}]
             (db/insert! pool :team-font-variant
                         {:id (uuid/next)
                          :team-id (:team-id params)
@@ -161,16 +157,14 @@
                          :woff1-file-id (:id woff1)
                          :woff2-file-id (:id woff2)
                          :otf-file-id (:id otf)
-                         :ttf-file-id (:id ttf)}))
-          ]
+                         :ttf-file-id (:id ttf)}))]
 
-    (->> (generate-fonts data)
-         (p/fmap validate-data)
-         (p/mcat executor persist-fonts)
-         (p/fmap executor insert-into-db)
-         (p/fmap (fn [result]
-                   (let [params (update params :data (comp vec keys))]
-                     (rph/with-meta result {::audit/replace-props params})))))))
+    (let [data   (-> (climit/configure cfg :process-font/global)
+                     (climit/run! (partial generate-missing! data)
+                                  (::wrk/executor cfg)))
+          assets (persist-fonts-files! data)
+          result (insert-font-variant! assets)]
+      (vary-meta result assoc ::audit/replace-props (update params :data (comp vec keys))))))
 
 ;; --- UPDATE FONT FAMILY
 

backend/src/app/rpc/commands/ldap.clj

@@ -38,7 +38,8 @@
   "Performs the authentication using LDAP backend. Only works if LDAP
   is properly configured and enabled with `login-with-ldap` flag."
   {::rpc/auth false
-   ::doc/added "1.15"}
+   ::doc/added "1.15"
+   ::doc/module :auth}
   [{:keys [::main/props ::ldap/provider] :as cfg} params]
   (when-not provider
     (ex/raise :type :restriction
@@ -77,13 +78,13 @@
                             ::audit/profile-id (:id profile)}))))))
 
 (defn- login-or-register
-  [{:keys [::db/pool] :as cfg} info]
-  (db/with-atomic [conn pool]
-    (or (some->> (:email info)
-                 (profile/get-profile-by-email conn)
-                 (profile/decode-row))
-        (->> (assoc info :is-active true :is-demo false)
-             (auth/create-profile! conn)
-             (auth/create-profile-rels! conn)
-             (profile/strip-private-attrs)))))
-
+  [cfg info]
+  (db/tx-run! cfg
+              (fn [{:keys [::db/conn] :as cfg}]
+                (or (some->> (:email info)
+                             (profile/get-profile-by-email conn)
+                             (profile/decode-row))
+                    (->> (assoc info :is-active true :is-demo false)
+                         (auth/create-profile! conn)
+                         (auth/create-profile-rels! conn)
+                         (profile/strip-private-attrs))))))

backend/src/app/rpc/commands/management.clj

@@ -9,46 +9,50 @@
   (:require
    [app.common.data :as d]
    [app.common.exceptions :as ex]
-   [app.common.pages.migrations :as pmg]
-   [app.common.spec :as us]
+   [app.common.features :as cfeat]
+   [app.common.files.migrations :as pmg]
+   [app.common.schema :as sm]
    [app.common.uuid :as uuid]
+   [app.config :as cf]
    [app.db :as db]
+   [app.features.fdata :as feat.fdata]
+   [app.http.sse :as sse]
    [app.loggers.webhooks :as-alias webhooks]
    [app.rpc :as-alias rpc]
    [app.rpc.commands.binfile :as binfile]
    [app.rpc.commands.files :as files]
    [app.rpc.commands.projects :as proj]
-   [app.rpc.commands.teams :as teams :refer [create-project-role create-project]]
+   [app.rpc.commands.teams :as teams]
    [app.rpc.doc :as-alias doc]
+   [app.setup :as-alias setup]
+   [app.setup.templates :as tmpl]
    [app.util.blob :as blob]
    [app.util.pointer-map :as pmap]
    [app.util.services :as sv]
    [app.util.time :as dt]
-   [clojure.spec.alpha :as s]
-   [clojure.walk :as walk]))
+   [app.worker :as-alias wrk]
+   [clojure.walk :as walk]
+   [promesa.core :as p]
+   [promesa.exec :as px]))
 
 ;; --- COMMAND: Duplicate File
 
 (declare duplicate-file)
 
-(s/def ::id ::us/uuid)
-(s/def ::project-id ::us/uuid)
-(s/def ::file-id ::us/uuid)
-(s/def ::team-id ::us/uuid)
-(s/def ::name ::us/string)
-
-(s/def ::duplicate-file
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::file-id]
-          :opt-un [::name]))
+(def ^:private
+  schema:duplicate-file
+  (sm/define
+    [:map {:title "duplicate-file"}
+     [:file-id ::sm/uuid]
+     [:name {:optional true} :string]]))
 
 (sv/defmethod ::duplicate-file
   "Duplicate a single file in the same team."
   {::doc/added "1.16"
-   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
-  (db/with-atomic [conn pool]
-    (duplicate-file conn (assoc params :profile-id profile-id))))
+   ::webhooks/event? true
+   ::sm/params schema:duplicate-file}
+  [cfg {:keys [::rpc/profile-id] :as params}]
+  (db/tx-run! cfg duplicate-file (assoc params :profile-id profile-id)))
 
 (defn- remap-id
   [item index key]
@@ -57,7 +61,7 @@
     (assoc key (get index (get item key) (get item key)))))
 
 (defn- process-file
-  [conn {:keys [id] :as file} index]
+  [cfg index {:keys [id] :as file}]
   (letfn [(process-form [form]
             (cond-> form
               ;; Relink library items
@@ -100,35 +104,45 @@
                                  (dissoc k))
                              res)))
                        media
-                       media))]
-    (-> file
-        (update :id #(get index %))
-        (update :data
-                (fn [data]
-                  (binding [pmap/*load-fn* (partial files/load-pointer conn id)
-                            pmap/*tracked* (atom {})]
-                    (let [file-id (get index id)
-                          data    (-> data
-                                      (blob/decode)
-                                      (assoc :id file-id)
-                                      (pmg/migrate-data)
-                                      (update :pages-index relink-shapes)
-                                      (update :components relink-shapes)
-                                      (update :media relink-media)
-                                      (d/without-nils)
-                                      (files/process-pointers pmap/clone)
-                                      (blob/encode))]
-                      (files/persist-pointers! conn file-id)
-                      data)))))))
+                       media))
 
-(def sql:retrieve-used-libraries
+          (process-file [{:keys [id] :as file}]
+            (-> file
+                (update :data assoc :id id)
+                (update :data feat.fdata/process-pointers deref)
+                (pmg/migrate-file)
+                (update :data (fn [data]
+                                (-> data
+                                    (update :pages-index relink-shapes)
+                                    (update :components relink-shapes)
+                                    (update :media relink-media)
+                                    (d/without-nils))))))]
+
+    (let [new-id (get index id)
+          file   (binding [pmap/*load-fn* (partial feat.fdata/load-pointer cfg id)]
+                   (-> (assoc file :id new-id)
+                       (process-file)))
+
+          file (if (contains? (:features file) "fdata/objects-map")
+                 (feat.fdata/enable-objects-map file)
+                 file)
+
+          file (if (contains? (:features file) "fdata/pointer-map")
+                 (binding [pmap/*tracked* (pmap/create-tracked)]
+                   (let [file (feat.fdata/enable-pointer-map file)]
+                     (feat.fdata/persist-pointers! cfg (:id file))
+                     file))
+                 file)]
+      file)))
+
+(def sql:get-used-libraries
   "select flr.*
      from file_library_rel as flr
     inner join file as l on (flr.library_file_id = l.id)
     where flr.file_id = ?
       and l.deleted_at is null")
 
-(def sql:retrieve-used-media-objects
+(def sql:get-used-media-objects
   "select fmo.*
      from file_media_object as fmo
     inner join storage_object as so on (fmo.media_id = so.id)
@@ -136,9 +150,9 @@
       and so.deleted_at is null")
 
 (defn duplicate-file*
-  [conn {:keys [profile-id file index project-id name flibs fmeds]} {:keys [reset-shared-flag]}]
-  (let [flibs    (or flibs (db/exec! conn [sql:retrieve-used-libraries (:id file)]))
-        fmeds    (or fmeds (db/exec! conn [sql:retrieve-used-media-objects (:id file)]))
+  [{:keys [::db/conn] :as cfg} {:keys [profile-id file index project-id name flibs fmeds]} {:keys [reset-shared-flag]}]
+  (let [flibs    (or flibs (db/exec! conn [sql:get-used-libraries (:id file)]))
+        fmeds    (or fmeds (db/exec! conn [sql:get-used-media-objects (:id file)]))
 
         ;; memo uniform creation/modification date
         now      (dt/now)
@@ -179,65 +193,72 @@
                     (assoc :modified-at now)
                     (assoc :ignore-sync-until ignore))
 
-        file    (process-file conn file index)]
+        file    (process-file cfg index file)]
+
+    (db/insert! conn :file
+                (-> file
+                    (update :features #(db/create-array conn "text" %))
+                    (update :data blob/encode))
+                {::db/return-keys? false})
 
-    (db/insert! conn :file file)
     (db/insert! conn :file-profile-rel
                 {:file-id (:id file)
                  :profile-id profile-id
                  :is-owner true
                  :is-admin true
-                 :can-edit true})
+                 :can-edit true}
+                {::db/return-keys? false})
 
     (doseq [params flibs]
-      (db/insert! conn :file-library-rel params))
+      (db/insert! conn :file-library-rel params ::db/return-keys? false))
 
     (doseq [params fmeds]
-      (db/insert! conn :file-media-object params))
+      (db/insert! conn :file-media-object params ::db/return-keys? false))
 
     file))
 
 (defn duplicate-file
-  [conn {:keys [profile-id file-id] :as params}]
-  (let [file   (db/get-by-id conn :file file-id)
+  [{:keys [::db/conn] :as cfg} {:keys [profile-id file-id] :as params}]
+  (let [;; We don't touch the original file on duplication
+        file   (files/get-file cfg file-id :migrate? false)
         index  {file-id (uuid/next)}
         params (assoc params :index index :file file)]
     (proj/check-edition-permissions! conn profile-id (:project-id file))
     (db/exec-one! conn ["SET CONSTRAINTS ALL DEFERRED"])
-    (-> (duplicate-file* conn params {:reset-shared-flag true})
-        (update :data blob/decode)
-        (update :features db/decode-pgarray #{}))))
+    (duplicate-file* cfg params {:reset-shared-flag true})))
 
 ;; --- COMMAND: Duplicate Project
 
 (declare duplicate-project)
 
-(s/def ::duplicate-project
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::project-id]
-          :opt-un [::name]))
+(def ^:private
+  schema:duplicate-project
+  (sm/define
+    [:map {:title "duplicate-project"}
+     [:project-id ::sm/uuid]
+     [:name {:optional true} :string]]))
 
 (sv/defmethod ::duplicate-project
   "Duplicate an entire project with all the files"
   {::doc/added "1.16"
-   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} params]
-  (db/with-atomic [conn pool]
-    (duplicate-project conn (assoc params :profile-id (::rpc/profile-id params)))))
+   ::webhooks/event? true
+   ::sm/params schema:duplicate-project}
+  [cfg {:keys [::rpc/profile-id] :as params}]
+  (db/tx-run! cfg duplicate-project (assoc params :profile-id profile-id)))
 
 (defn duplicate-project
-  [conn {:keys [profile-id project-id name] :as params}]
+  [{:keys [::db/conn] :as cfg} {:keys [profile-id project-id name] :as params}]
 
   ;; Defer all constraints
   (db/exec-one! conn ["SET CONSTRAINTS ALL DEFERRED"])
 
   (let [project (-> (db/get-by-id conn :project project-id)
                     (assoc :is-pinned false))
-        
+
         files   (db/query conn :file
-                  {:project-id (:id project)
-                   :deleted-at nil}
-                  {:columns [:id]})
+                          {:project-id (:id project)
+                           :deleted-at nil}
+                          {:columns [:id]})
 
         project (cond-> project
                   (string? name)
@@ -251,8 +272,8 @@
 
     ;; create the duplicated project and assign the current profile as
     ;; a project owner
-    (create-project conn project)
-    (create-project-role conn profile-id (:id project) :owner)
+    (teams/create-project conn project)
+    (teams/create-project-role conn profile-id (:id project) :owner)
 
     ;; duplicate all files
     (let [index  (reduce #(assoc %1 (:id %2) (uuid/next)) {} files)
@@ -261,18 +282,18 @@
                      (assoc :project-id (:id project))
                      (assoc :index index))]
       (doseq [{:keys [id]} files]
-        (let [file   (db/get-by-id conn :file id)
+        (let [file   (files/get-file cfg id :migrate? false)
               params (assoc params :file file)
               opts   {:reset-shared-flag false}]
-          (duplicate-file* conn params opts))))
+          (duplicate-file* cfg params opts))))
 
     ;; return the created project
     project))
 
 ;; --- COMMAND: Move file
 
-(def sql:retrieve-files
-  "select id, project_id from file where id = ANY(?)")
+(def sql:get-files
+  "select id, features, project_id from file where id = ANY(?)")
 
 (def sql:move-files
   "update file set project_id = ? where id = ANY(?)")
@@ -293,14 +314,20 @@
       and rel.library_file_id = br.library_file_id")
 
 (defn move-files
-  [conn {:keys [profile-id ids project-id] :as params}]
+  [{:keys [::db/conn] :as cfg} {:keys [profile-id ids project-id] :as params}]
 
   (let [fids    (db/create-array conn "uuid" ids)
-        files   (db/exec! conn [sql:retrieve-files fids])
+        files   (->> (db/exec! conn [sql:get-files fids])
+                     (map files/decode-row))
         source  (into #{} (map :project-id) files)
         pids    (->> (conj source project-id)
                      (db/create-array conn "uuid"))]
 
+    (when (contains? source project-id)
+      (ex/raise :type :validation
+                :code :cant-move-to-same-project
+                :hint "Unable to move a file to the same project"))
+
     ;; Check if we have permissions on the destination project
     (proj/check-edition-permissions! conn profile-id project-id)
 
@@ -308,10 +335,15 @@
     (doseq [project-id source]
       (proj/check-edition-permissions! conn profile-id project-id))
 
-    (when (contains? source project-id)
-      (ex/raise :type :validation
-                :code :cant-move-to-same-project
-                :hint "Unable to move a file to the same project"))
+    ;; Check the team compatibility
+    (let [orig-team (teams/get-team conn :profile-id profile-id :project-id (first source))
+          dest-team (teams/get-team conn :profile-id profile-id :project-id project-id)]
+      (cfeat/check-teams-compatibility! orig-team dest-team)
+
+      ;; Check if all pending to move files are compaib
+      (let [features (cfeat/get-team-enabled-features cf/flags dest-team)]
+        (doseq [file files]
+          (cfeat/check-file-features! features (:features file)))))
 
     ;; move all files to the project
     (db/exec-one! conn [sql:move-files project-id fids])
@@ -319,38 +351,65 @@
     ;; delete possible broken relations on moved files
     (db/exec-one! conn [sql:delete-broken-relations pids])
 
+    ;; Update the modification date of the all affected projects
+    ;; ensuring that the destination project is the most recent one.
+    (doseq [project-id (into (list project-id) source)]
+
+      ;; NOTE: as this is executed on virtual thread, sleeping does
+      ;; not causes major issues, and allows an easy way to set a
+      ;; trully different modification date to each file.
+      (px/sleep 10)
+      (db/update! conn :project
+                  {:modified-at (dt/now)}
+                  {:id project-id}))
+
     nil))
 
-(s/def ::ids (s/every ::us/uuid :kind set?))
-(s/def ::move-files
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::ids ::project-id]))
+(def ^:private
+  schema:move-files
+  (sm/define
+    [:map {:title "move-files"}
+     [:ids ::sm/set-of-uuid]
+     [:project-id ::sm/uuid]]))
 
 (sv/defmethod ::move-files
   "Move a set of files from one project to other."
   {::doc/added "1.16"
-   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
-  (db/with-atomic [conn pool]
-    (move-files conn (assoc params :profile-id profile-id))))
+   ::webhooks/event? true
+   ::sm/params schema:move-files}
+  [cfg {:keys [::rpc/profile-id] :as params}]
+  (db/tx-run! cfg #(move-files % (assoc params :profile-id profile-id))))
 
 ;; --- COMMAND: Move project
 
 (defn move-project
-  [conn {:keys [profile-id team-id project-id] :as params}]
+  [{:keys [::db/conn] :as cfg} {:keys [profile-id team-id project-id] :as params}]
   (let [project (db/get-by-id conn :project project-id {:columns [:id :team-id]})
         pids    (->> (db/query conn :project {:team-id (:team-id project)} {:columns [:id]})
                      (map :id)
                      (db/create-array conn "uuid"))]
 
-    (teams/check-edition-permissions! conn profile-id (:team-id project))
-    (teams/check-edition-permissions! conn profile-id team-id)
-
     (when (= team-id (:team-id project))
       (ex/raise :type :validation
                 :code :cant-move-to-same-team
                 :hint "Unable to move a project to same team"))
 
+    (teams/check-edition-permissions! conn profile-id (:team-id project))
+    (teams/check-edition-permissions! conn profile-id team-id)
+
+    ;; Check the teams compatibility
+    (let [orig-team (teams/get-team conn :profile-id profile-id :team-id (:team-id project))
+          dest-team (teams/get-team conn :profile-id profile-id :team-id team-id)]
+      (cfeat/check-teams-compatibility! orig-team dest-team)
+
+      ;; Check if all pending to move files are compaib
+      (let [features (cfeat/get-team-enabled-features cf/flags dest-team)]
+        (doseq [file (->> (db/query conn :file
+                                    {:project-id project-id}
+                                    {:columns [:features]})
+                          (map files/decode-row))]
+          (cfeat/check-file-features! features (:features file)))))
+
     ;; move project to the destination team
     (db/update! conn :project
                 {:team-id team-id}
@@ -361,61 +420,74 @@
 
     nil))
 
-
-(s/def ::move-project
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::team-id ::project-id]))
+(def ^:private
+  schema:move-project
+  (sm/define
+    [:map {:title "move-project"}
+     [:team-id ::sm/uuid]
+     [:project-id ::sm/uuid]]))
 
 (sv/defmethod ::move-project
-  "Move projects between teams."
+  "Move projects between teams"
   {::doc/added "1.16"
-   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
-  (db/with-atomic [conn pool]
-    (move-project conn (assoc params :profile-id profile-id))))
+   ::webhooks/event? true
+   ::sm/params schema:move-project}
+  [cfg {:keys [::rpc/profile-id] :as params}]
+  (db/tx-run! cfg #(move-project % (assoc params :profile-id profile-id))))
 
 ;; --- COMMAND: Clone Template
 
-(declare clone-template)
+(def ^:private
+  schema:clone-template
+  (sm/define
+    [:map {:title "clone-template"}
+     [:project-id ::sm/uuid]
+     [:template-id ::sm/word-string]]))
 
-(s/def ::template-id ::us/not-empty-string)
-(s/def ::clone-template
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::project-id ::template-id]))
+(declare ^:private clone-template)
 
 (sv/defmethod ::clone-template
   "Clone into the specified project the template by its id."
   {::doc/added "1.16"
-   ::webhooks/event? true}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
-  (db/with-atomic [conn pool]
-    (-> (assoc cfg :conn conn)
-        (clone-template (assoc params :profile-id profile-id)))))
-
-(defn- clone-template
-  [{:keys [conn templates] :as cfg} {:keys [profile-id template-id project-id]}]
-  (let [template (d/seek #(= (:id %) template-id) templates)
-        project  (db/get-by-id conn :project project-id {:columns [:id :team-id]})]
-
-    (teams/check-edition-permissions! conn profile-id (:team-id project))
+   ::sse/stream? true
+   ::webhooks/event? true
+   ::sm/params schema:clone-template}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id project-id template-id] :as params}]
+  (let [project   (db/get-by-id pool :project project-id {:columns [:id :team-id]})
+        _         (teams/check-edition-permissions! pool profile-id (:team-id project))
+        template  (tmpl/get-template-stream cfg template-id)
+        params    (-> cfg
+                      (assoc ::binfile/input template)
+                      (assoc ::binfile/project-id (:id project))
+                      (assoc ::binfile/profile-id profile-id)
+                      (assoc ::binfile/ignore-index-errors? true)
+                      (assoc ::binfile/migrate? true))]
 
     (when-not template
       (ex/raise :type :not-found
                 :code :template-not-found
                 :hint "template not found"))
 
-    (-> cfg
-        (assoc ::binfile/input (:path template))
-        (assoc ::binfile/project-id (:id project))
-        (assoc ::binfile/ignore-index-errors? true)
-        (assoc ::binfile/migrate? true)
-        (binfile/import!))))
+    (sse/response #(clone-template params))))
 
+(defn- clone-template
+  [{:keys [::wrk/executor ::binfile/project-id] :as params}]
+  (db/tx-run! params
+              (fn [{:keys [::db/conn] :as params}]
+                ;; NOTE: the importation process performs some operations that
+                ;; are not very friendly with virtual threads, and for avoid
+                ;; unexpected blocking of other concurrent operations we
+                ;; dispatch that operation to a dedicated executor.
+                (let [result (p/thread-call executor (partial binfile/import! params))]
+                  (db/update! conn :project
+                              {:modified-at (dt/now)}
+                              {:id project-id})
 
-;; --- COMMAND: Retrieve list of builtin templates
+                  (deref result)))))
 
-(s/def ::retrieve-list-of-builtin-templates any?)
+;; --- COMMAND: Get list of builtin templates
 
-(sv/defmethod ::retrieve-list-of-builtin-templates
+(sv/defmethod ::get-builtin-templates
+  {::doc/added "1.19"}
   [cfg _params]
-  (mapv #(select-keys % [:id :name :thumbnail-uri]) (:templates cfg)))
+  (mapv #(select-keys % [:id :name]) (::setup/templates cfg)))

backend/src/app/rpc/commands/media.clj

@@ -23,13 +23,10 @@
    [app.storage :as sto]
    [app.storage.tmp :as tmp]
    [app.util.services :as sv]
-   [app.util.time :as dt]
    [app.worker :as-alias wrk]
    [clojure.spec.alpha :as s]
    [cuerdas.core :as str]
-   [datoteka.io :as io]
-   [promesa.core :as p]
-   [promesa.exec :as px]))
+   [datoteka.io :as io]))
 
 (def default-max-file-size
   (* 1024 1024 10)) ; 10 MiB
@@ -45,15 +42,6 @@
 (s/def ::file-id ::us/uuid)
 (s/def ::team-id ::us/uuid)
 
-(defn validate-content-size!
-  [content]
-  (when (> (:size content) (cf/get :media-max-file-size default-max-file-size))
-    (ex/raise :type :restriction
-              :code :media-max-file-size-reached
-              :hint (str/ffmt "the uploaded file size % is greater than the maximum %"
-                              (:size content)
-                              default-max-file-size))))
-
 ;; --- Create File Media object (upload)
 
 (declare create-file-media-object)
@@ -72,16 +60,15 @@
   (let [cfg (update cfg ::sto/storage media/configure-assets-storage)]
     (files/check-edition-permissions! pool profile-id file-id)
     (media/validate-media-type! content)
-    (validate-content-size! content)
-    (->> (create-file-media-object cfg params)
-         (p/fmap (fn [object]
-                   (with-meta object
-                     {::audit/replace-props
-                      {:name (:name params)
-                       :file-id file-id
-                       :is-local (:is-local params)
-                       :size (:size content)
-                       :mtype (:mtype content)}}))))))
+    (media/validate-media-size! content)
+    (let [object (db/run! cfg #(create-file-media-object % params))
+          props  {:name (:name params)
+                  :file-id file-id
+                  :is-local (:is-local params)
+                  :size (:size content)
+                  :mtype (:mtype content)}]
+      (with-meta object
+        {::audit/replace-props props}))))
 
 (defn- big-enough-for-thumbnail?
   "Checks if the provided image info is big enough for
@@ -118,71 +105,62 @@
 ;; witch holds the reference to storage object (it some kind of
 ;; inverse, soft referential integrity).
 
+(defn- process-main-image
+  [info]
+  (let [hash (sto/calculate-hash (:path info))
+        data (-> (sto/content (:path info))
+                 (sto/wrap-with-hash hash))]
+    {::sto/content data
+     ::sto/deduplicate? true
+     ::sto/touched-at (:ts info)
+     :content-type (:mtype info)
+     :bucket "file-media-object"}))
+
+(defn- process-thumb-image
+  [info]
+  (let [thumb (-> thumbnail-options
+                  (assoc :cmd :generic-thumbnail)
+                  (assoc :input info)
+                  (media/run))
+        hash  (sto/calculate-hash (:data thumb))
+        data  (-> (sto/content (:data thumb) (:size thumb))
+                  (sto/wrap-with-hash hash))]
+    {::sto/content data
+     ::sto/deduplicate? true
+     ::sto/touched-at (:ts info)
+     :content-type (:mtype thumb)
+     :bucket "file-media-object"}))
+
+(defn- process-image
+  [content]
+  (let [info (media/run {:cmd :info :input content})]
+    (cond-> info
+      (and (not (svg-image? info))
+           (big-enough-for-thumbnail? info))
+      (assoc ::thumb (process-thumb-image info))
+
+      :always
+      (assoc ::image (process-main-image info)))))
+
 (defn create-file-media-object
-  [{:keys [::sto/storage ::db/pool climit ::wrk/executor]}
+  [{:keys [::sto/storage ::db/conn ::wrk/executor] :as cfg}
    {:keys [id file-id is-local name content]}]
-  (letfn [;; Function responsible to retrieve the file information, as
-          ;; it is synchronous operation it should be wrapped into
-          ;; with-dispatch macro.
-          (get-info [content]
-            (climit/with-dispatch (:process-image climit)
-              (media/run {:cmd :info :input content})))
 
-          ;; Function responsible of calculating cryptographyc hash of
-          ;; the provided data.
-          (calculate-hash [data]
-            (px/with-dispatch executor
-              (sto/calculate-hash data)))
+  (let [result (-> (climit/configure cfg :process-image/global)
+                   (climit/run! (partial process-image content) executor))
 
-          ;; Function responsible of generating thumnail. As it is synchronous
-          ;; opetation, it should be wrapped into with-dispatch macro
-          (generate-thumbnail [info]
-            (climit/with-dispatch (:process-image climit)
-              (media/run (assoc thumbnail-options
-                                :cmd :generic-thumbnail
-                                :input info))))
+        image  (sto/put-object! storage (::image result))
+        thumb  (when-let [params (::thumb result)]
+                 (sto/put-object! storage params))]
 
-          (create-thumbnail [info]
-            (when (and (not (svg-image? info))
-                       (big-enough-for-thumbnail? info))
-              (p/let [thumb   (generate-thumbnail info)
-                      hash    (calculate-hash (:data thumb))
-                      content (-> (sto/content (:data thumb) (:size thumb))
-                                  (sto/wrap-with-hash hash))]
-                (sto/put-object! storage
-                                 {::sto/content content
-                                  ::sto/deduplicate? true
-                                  ::sto/touched-at (dt/now)
-                                  :content-type (:mtype thumb)
-                                  :bucket "file-media-object"}))))
-
-          (create-image [info]
-            (p/let [data    (:path info)
-                    hash    (calculate-hash data)
-                    content (-> (sto/content data)
-                                (sto/wrap-with-hash hash))]
-              (sto/put-object! storage
-                               {::sto/content content
-                                ::sto/deduplicate? true
-                                ::sto/touched-at (dt/now)
-                                :content-type (:mtype info)
-                                :bucket "file-media-object"})))
-
-          (insert-into-database [info image thumb]
-            (px/with-dispatch executor
-              (db/exec-one! pool [sql:create-file-media-object
-                                  (or id (uuid/next))
-                                  file-id is-local name
-                                  (:id image)
-                                  (:id thumb)
-                                  (:width info)
-                                  (:height info)
-                                  (:mtype info)])))]
-
-    (p/let [info  (get-info content)
-            thumb (create-thumbnail info)
-            image (create-image info)]
-      (insert-into-database info image thumb))))
+    (db/exec-one! conn [sql:create-file-media-object
+                        (or id (uuid/next))
+                        file-id is-local name
+                        (:id image)
+                        (:id thumb)
+                        (:width result)
+                        (:height result)
+                        (:mtype result)])))
 
 ;; --- Create File Media Object (from URL)
 
@@ -194,15 +172,16 @@
           :opt-un [::id ::name]))
 
 (sv/defmethod ::create-file-media-object-from-url
-  {::doc/added "1.17"}
+  {::doc/added "1.17"
+   ::doc/deprecated "1.19"}
   [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id] :as params}]
   (let [cfg (update cfg ::sto/storage media/configure-assets-storage)]
     (files/check-edition-permissions! pool profile-id file-id)
-    (create-file-media-object-from-url cfg params)))
+    (db/run! cfg #(create-file-media-object-from-url % params))))
 
-(defn- create-file-media-object-from-url
-  [cfg {:keys [url name] :as params}]
-  (letfn [(parse-and-validate-size [headers]
+(defn download-image
+  [{:keys [::http/client]} uri]
+  (letfn [(parse-and-validate [{:keys [headers] :as response}]
             (let [size     (some-> (get headers "content-length") d/parse-integer)
                   mtype    (get headers "content-type")
                   format   (cm/mtype->format mtype)
@@ -225,32 +204,32 @@
                           :code :media-type-not-allowed
                           :hint "seems like the url points to an invalid media object"))
 
-              {:size size
-               :mtype mtype
-               :format format}))
+              {:size size :mtype mtype :format format}))]
 
-          (download-media [uri]
-            (-> (http/req! cfg {:method :get :uri uri} {:response-type :input-stream})
-                (p/then process-response)))
+    (let [{:keys [body] :as response} (http/req! client
+                                                 {:method :get :uri uri}
+                                                 {:response-type :input-stream :sync? true})
+          {:keys [size mtype]} (parse-and-validate response)
+          path    (tmp/tempfile :prefix "penpot.media.download.")
+          written (io/write-to-file! body path :size size)]
 
-          (process-response [{:keys [body headers] :as response}]
-            (let [{:keys [size mtype]} (parse-and-validate-size headers)
-                  path                 (tmp/tempfile :prefix "penpot.media.download.")
-                  written              (io/write-to-file! body path :size size)]
+      (when (not= written size)
+        (ex/raise :type :internal
+                  :code :mismatch-write-size
+                  :hint "unexpected state: unable to write to file"))
 
-              (when (not= written size)
-                (ex/raise :type :internal
-                          :code :mismatch-write-size
-                          :hint "unexpected state: unable to write to file"))
+      {:filename "tempfile"
+       :size size
+       :path path
+       :mtype mtype})))
 
-              {:filename "tempfile"
-               :size size
-               :path path
-               :mtype mtype}))]
-
-    (p/let [content (download-media url)]
-      (->> (merge params {:content content :name (or name (:filename content))})
-           (create-file-media-object cfg)))))
+(defn- create-file-media-object-from-url
+  [cfg {:keys [url name] :as params}]
+  (let [content (download-image cfg url)
+        params  (-> params
+                    (assoc :content content)
+                    (assoc :name (or name (:filename content))))]
+    (create-file-media-object cfg params)))
 
 ;; --- Clone File Media object (Upload and create from url)
 

backend/src/app/rpc/commands/profile.clj

@@ -9,7 +9,7 @@
    [app.auth :as auth]
    [app.common.data :as d]
    [app.common.exceptions :as ex]
-   [app.common.spec :as us]
+   [app.common.schema :as sm]
    [app.common.uuid :as uuid]
    [app.config :as cf]
    [app.db :as db]
@@ -27,25 +27,41 @@
    [app.util.services :as sv]
    [app.util.time :as dt]
    [app.worker :as-alias wrk]
-   [clojure.spec.alpha :as s]
-   [cuerdas.core :as str]
-   [promesa.core :as p]
-   [promesa.exec :as px]))
+   [cuerdas.core :as str]))
 
+(declare check-profile-existence!)
 (declare decode-row)
+(declare derive-password)
+(declare filter-props)
 (declare get-profile)
 (declare strip-private-attrs)
-(declare filter-props)
-(declare check-profile-existence!)
+(declare verify-password)
+
+(def ^:private
+  schema:profile
+  (sm/define
+    [:map {:title "Profile"}
+     [:id ::sm/uuid]
+     [:fullname [::sm/word-string {:max 250}]]
+     [:email ::sm/email]
+     [:is-active {:optional true} :boolean]
+     [:is-blocked {:optional true} :boolean]
+     [:is-demo {:optional true} :boolean]
+     [:is-muted {:optional true} :boolean]
+     [:created-at {:optional true} ::sm/inst]
+     [:modified-at {:optional true} ::sm/inst]
+     [:default-project-id {:optional true} ::sm/uuid]
+     [:default-team-id {:optional true} ::sm/uuid]
+     [:props {:optional true}
+      [:map-of {:title "ProfileProps"} :keyword :any]]]))
 
 ;; --- QUERY: Get profile (own)
 
-(s/def ::get-profile
-  (s/keys :opt [::rpc/profile-id]))
-
 (sv/defmethod ::get-profile
   {::rpc/auth false
-   ::doc/added "1.18"}
+   ::doc/added "1.18"
+   ::sm/params [:map]
+   ::sm/result schema:profile}
   [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id]}]
   ;; We need to return the anonymous profile object in two cases, when
   ;; no profile-id is in session, and when db call raises not found. In all other
@@ -63,22 +79,22 @@
   (-> (db/get-by-id conn :profile id attrs)
       (decode-row)))
 
-
 ;; --- MUTATION: Update Profile (own)
 
-(s/def ::email ::us/email)
-(s/def ::fullname ::us/not-empty-string)
-(s/def ::lang ::us/string)
-(s/def ::theme ::us/string)
-
-(s/def ::update-profile
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::fullname]
-          :opt-un [::lang ::theme]))
+(def ^:private
+  schema:update-profile
+  (sm/define
+    [:map {:title "update-profile"}
+     [:fullname [::sm/word-string {:max 250}]]
+     [:lang {:optional true} [:string {:max 5}]]
+     [:theme {:optional true} [:string {:max 250}]]]))
 
 (sv/defmethod ::update-profile
-  {::doc/added "1.0"}
+  {::doc/added "1.0"
+   ::sm/params schema:update-profile
+   ::sm/result schema:profile}
   [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id fullname lang theme] :as params}]
+
   (db/with-atomic [conn pool]
     ;; NOTE: we need to retrieve the profile independently if we use
     ;; it or not for explicit locking and avoid concurrent updates of
@@ -90,8 +106,7 @@
           profile (-> profile
                       (assoc :fullname fullname)
                       (assoc :lang lang)
-                      (assoc :theme theme))
-          ]
+                      (assoc :theme theme))]
 
       (db/update! conn :profile
                   {:fullname fullname
@@ -112,18 +127,23 @@
 (declare update-profile-password!)
 (declare invalidate-profile-session!)
 
-(s/def ::password ::us/not-empty-string)
-(s/def ::old-password (s/nilable ::us/string))
-
-(s/def ::update-profile-password
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::password ::old-password]))
+(def ^:private
+  schema:update-profile-password
+  (sm/define
+    [:map {:title "update-profile-password"}
+     [:password [::sm/word-string {:max 500}]]
+     ;; Social registered users don't have old-password
+     [:old-password {:optional true} [:maybe [::sm/word-string {:max 500}]]]]))
 
 (sv/defmethod ::update-profile-password
-  {::climit/queue :auth}
+  {:doc/added "1.0"
+   ::sm/params schema:update-profile-password
+   ::sm/result :nil}
+
   [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id password] :as params}]
   (db/with-atomic [conn pool]
-    (let [profile    (validate-password! conn (assoc params :profile-id profile-id))
+    (let [cfg        (assoc cfg ::db/conn conn)
+          profile    (validate-password! cfg (assoc params :profile-id profile-id))
           session-id (::session/id params)]
 
       (when (= (str/lower (:email profile))
@@ -133,20 +153,20 @@
                   :hint "you can't use your email as password"))
 
       (update-profile-password! conn (assoc profile :password password))
-      (invalidate-profile-session! conn profile-id session-id)
+      (invalidate-profile-session! cfg profile-id session-id)
       nil)))
 
 (defn- invalidate-profile-session!
   "Removes all sessions except the current one."
-  [conn profile-id session-id]
+  [{:keys [::db/conn]} profile-id session-id]
   (let [sql "delete from http_session where profile_id = ? and id != ?"]
     (:next.jdbc/update-count (db/exec-one! conn [sql profile-id session-id]))))
 
 (defn- validate-password!
-  [conn {:keys [profile-id old-password] :as params}]
+  [{:keys [::db/conn] :as cfg} {:keys [profile-id old-password] :as params}]
   (let [profile (db/get-by-id conn :profile profile-id ::db/for-update? true)]
     (when (and (not= (:password profile) "!")
-               (not (:valid (auth/verify-password old-password (:password profile)))))
+               (not (:valid (verify-password cfg old-password (:password profile)))))
       (ex/raise :type :validation
                 :code :old-password-not-match))
     profile))
@@ -163,73 +183,65 @@
 (declare upload-photo)
 (declare update-profile-photo)
 
-(s/def ::file ::media/upload)
-(s/def ::update-profile-photo
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::file]))
+(def ^:private
+  schema:update-profile-photo
+  (sm/define
+    [:map {:title "update-profile-photo"}
+     [:file ::media/upload]]))
 
 (sv/defmethod ::update-profile-photo
+  {:doc/added "1.1"
+   ::sm/params schema:update-profile-photo
+   ::sm/result :nil}
   [cfg {:keys [::rpc/profile-id file] :as params}]
   ;; Validate incoming mime type
   (media/validate-media-type! file #{"image/jpeg" "image/png" "image/webp"})
   (let [cfg (update cfg ::sto/storage media/configure-assets-storage)]
     (update-profile-photo cfg (assoc params :profile-id profile-id))))
 
-;; TODO: reimplement it without p/let
-
 (defn update-profile-photo
-  [{:keys [::db/pool ::sto/storage ::wrk/executor] :as cfg} {:keys [profile-id file] :as params}]
-  (letfn [(on-uploaded [photo]
-            (let [profile (db/get-by-id pool :profile profile-id ::db/for-update? true)]
+  [{:keys [::db/pool ::sto/storage] :as cfg} {:keys [profile-id file] :as params}]
+  (let [photo   (upload-photo cfg params)
+        profile (db/get-by-id pool :profile profile-id ::db/for-update? true)]
 
-              ;; Schedule deletion of old photo
-              (when-let [id (:photo-id profile)]
-                (sto/touch-object! storage id))
+    ;; Schedule deletion of old photo
+    (when-let [id (:photo-id profile)]
+      (sto/touch-object! storage id))
 
-              ;; Save new photo
-              (db/update! pool :profile
-                          {:photo-id (:id photo)}
-                          {:id profile-id})
+    ;; Save new photo
+    (db/update! pool :profile
+                {:photo-id (:id photo)}
+                {:id profile-id})
 
-              (-> (rph/wrap)
-                  (rph/with-meta {::audit/replace-props
-                                  {:file-name (:filename file)
-                                   :file-size (:size file)
-                                   :file-path (str (:path file))
-                                   :file-mtype (:mtype file)}}))))]
-    (->> (upload-photo cfg params)
-         (p/fmap executor on-uploaded))))
+    (-> (rph/wrap)
+        (rph/with-meta {::audit/replace-props
+                        {:file-name (:filename file)
+                         :file-size (:size file)
+                         :file-path (str (:path file))
+                         :file-mtype (:mtype file)}}))))
+
+(defn- generate-thumbnail!
+  [file]
+  (let [input   (media/run {:cmd :info :input file})
+        thumb   (media/run {:cmd :profile-thumbnail
+                            :format :jpeg
+                            :quality 85
+                            :width 256
+                            :height 256
+                            :input input})
+        hash    (sto/calculate-hash (:data thumb))
+        content (-> (sto/content (:data thumb) (:size thumb))
+                    (sto/wrap-with-hash hash))]
+    {::sto/content content
+     ::sto/deduplicate? true
+     :bucket "profile"
+     :content-type (:mtype thumb)}))
 
 (defn upload-photo
-  [{:keys [::sto/storage ::wrk/executor climit] :as cfg} {:keys [file]}]
-  (letfn [(get-info [content]
-            (climit/with-dispatch (:process-image climit)
-              (media/run {:cmd :info :input content})))
-
-          (generate-thumbnail [info]
-            (climit/with-dispatch (:process-image climit)
-              (media/run {:cmd :profile-thumbnail
-                          :format :jpeg
-                          :quality 85
-                          :width 256
-                          :height 256
-                          :input info})))
-
-          ;; Function responsible of calculating cryptographyc hash of
-          ;; the provided data.
-          (calculate-hash [data]
-            (px/with-dispatch executor
-              (sto/calculate-hash data)))]
-
-    (p/let [info    (get-info file)
-            thumb   (generate-thumbnail info)
-            hash    (calculate-hash (:data thumb))
-            content (-> (sto/content (:data thumb) (:size thumb))
-                        (sto/wrap-with-hash hash))]
-      (sto/put-object! storage {::sto/content content
-                                ::sto/deduplicate? true
-                                :bucket "profile"
-                                :content-type (:mtype thumb)}))))
+  [{:keys [::sto/storage ::wrk/executor] :as cfg} {:keys [file]}]
+  (let [params (-> (climit/configure cfg :process-image/global)
+                   (climit/run! (partial generate-thumbnail! file) executor))]
+    (sto/put-object! storage params)))
 
 
 ;; --- MUTATION: Request Email Change
@@ -237,11 +249,15 @@
 (declare ^:private request-email-change!)
 (declare ^:private change-email-immediately!)
 
-(s/def ::request-email-change
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::email]))
+(def ^:private
+  schema:request-email-change
+  (sm/define
+    [:map {:title "request-email-change"}
+     [:email ::sm/email]]))
 
 (sv/defmethod ::request-email-change
+  {::doc/added "1.0"
+   ::sm/params schema:request-email-change}
   [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id email] :as params}]
   (db/with-atomic [conn pool]
     (let [profile (db/get-by-id conn :profile profile-id)
@@ -302,12 +318,15 @@
 
 ;; --- MUTATION: Update Profile Props
 
-(s/def ::props map?)
-(s/def ::update-profile-props
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::props]))
+(def ^:private
+  schema:update-profile-props
+  (sm/define
+    [:map {:title "update-profile-props"}
+     [:props [:map-of :keyword :any]]]))
 
 (sv/defmethod ::update-profile-props
+  {::doc/added "1.0"
+   ::sm/params schema:update-profile-props}
   [{:keys [::db/pool]} {:keys [::rpc/profile-id props]}]
   (db/with-atomic [conn pool]
     (let [profile (get-profile conn profile-id ::db/for-update? true)
@@ -327,15 +346,12 @@
 
       (filter-props props))))
 
-
 ;; --- MUTATION: Delete Profile
 
 (declare ^:private get-owned-teams-with-participants)
 
-(s/def ::delete-profile
-  (s/keys :req [::rpc/profile-id]))
-
 (sv/defmethod ::delete-profile
+  {::doc/added "1.0"}
   [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
   (db/with-atomic [conn pool]
     (let [teams      (get-owned-teams-with-participants conn profile-id)
@@ -419,6 +435,19 @@
   [props]
   (into {} (filter (fn [[k _]] (simple-ident? k))) props))
 
+(defn derive-password
+  [cfg password]
+  (when password
+    (-> (climit/configure cfg :derive-password/global)
+        (climit/run! (partial auth/derive-password password)
+                     (::wrk/executor cfg)))))
+
+(defn verify-password
+  [cfg password password-data]
+  (-> (climit/configure cfg :derive-password/global)
+      (climit/run! (partial auth/verify-password password password-data)
+                   (::wrk/executor cfg))))
+
 (defn decode-row
   [{:keys [props] :as row}]
   (cond-> row

backend/src/app/rpc/commands/projects.clj

@@ -6,6 +6,7 @@
 
 (ns app.rpc.commands.projects
   (:require
+   [app.common.data.macros :as dm]
    [app.common.spec :as us]
    [app.db :as db]
    [app.loggers.audit :as-alias audit]
@@ -49,11 +50,11 @@
         is-owner (boolean (some :is-owner rows))
         is-admin (boolean (some :is-admin rows))
         can-edit (boolean (some :can-edit rows))]
-     (when (seq rows)
-       {:is-owner is-owner
-        :is-admin (or is-owner is-admin)
-        :can-edit (or is-owner is-admin can-edit)
-        :can-read true})))
+    (when (seq rows)
+      {:is-owner is-owner
+       :is-admin (or is-owner is-admin)
+       :can-edit (or is-owner is-admin can-edit)
+       :can-read true})))
 
 (def has-edit-permissions?
   (perms/make-edition-predicate-fn get-permissions))
@@ -79,7 +80,7 @@
 (sv/defmethod ::get-projects
   {::doc/added "1.18"}
   [{:keys [::db/pool]} {:keys [::rpc/profile-id team-id]}]
-  (with-open [conn (db/open pool)]
+  (dm/with-open [conn (db/open pool)]
     (teams/check-read-permissions! conn profile-id team-id)
     (get-projects conn profile-id team-id)))
 
@@ -114,7 +115,7 @@
 (sv/defmethod ::get-all-projects
   {::doc/added "1.18"}
   [{:keys [::db/pool]} {:keys [::rpc/profile-id]}]
-  (with-open [conn (db/open pool)]
+  (dm/with-open [conn (db/open pool)]
     (get-all-projects conn profile-id)))
 
 (def sql:all-projects
@@ -157,7 +158,7 @@
 (sv/defmethod ::get-project
   {::doc/added "1.18"}
   [{:keys [::db/pool]} {:keys [::rpc/profile-id id]}]
-  (with-open [conn (db/open pool)]
+  (dm/with-open [conn (db/open pool)]
     (let [project (db/get-by-id conn :project id)]
       (check-read-permissions! conn profile-id id)
       project)))

backend/src/app/rpc/commands/search.clj

@@ -9,6 +9,7 @@
    [app.common.spec :as us]
    [app.db :as db]
    [app.rpc :as-alias rpc]
+   [app.rpc.commands.files :refer [resolve-public-uri]]
    [app.rpc.doc :as-alias doc]
    [app.util.services :as sv]
    [clojure.spec.alpha :as s]))
@@ -37,12 +38,15 @@
    )
    select distinct
           f.id,
+          f.revn,
           f.project_id,
           f.created_at,
           f.modified_at,
           f.name,
-          f.is_shared
+          f.is_shared,
+          ft.media_id
      from file as f
+     left join file_thumbnail as ft on (ft.file_id = f.id and ft.revn = f.revn)
     inner join projects as pr on (f.project_id = pr.id)
     where f.name ilike ('%' || ? || '%')
       and (f.deleted_at is null or f.deleted_at > now())
@@ -50,10 +54,16 @@
 
 (defn search-files
   [conn profile-id team-id search-term]
-  (db/exec! conn [sql:search-files
-                  profile-id team-id
-                  profile-id team-id
-                  search-term]))
+  (->> (db/exec! conn [sql:search-files
+                       profile-id team-id
+                       profile-id team-id
+                       search-term])
+       (mapv (fn [row]
+               (if-let [media-id (:media-id row)]
+                 (-> row
+                     (dissoc :media-id)
+                     (assoc :thumbnail-uri (resolve-public-uri media-id)))
+                 (dissoc row :media-id))))))
 
 (s/def ::team-id ::us/uuid)
 (s/def ::search-files ::us/string)
@@ -64,6 +74,7 @@
           :opt-un [::search-term]))
 
 (sv/defmethod ::search-files
-  {::doc/added "1.17"}
+  {::doc/added "1.17"
+   ::doc/module :files}
   [{:keys [::db/pool]} {:keys [::rpc/profile-id team-id search-term]}]
   (some->> search-term (search-files pool profile-id team-id)))

backend/src/app/rpc/commands/teams.clj

@@ -7,8 +7,11 @@
 (ns app.rpc.commands.teams
   (:require
    [app.common.data :as d]
+   [app.common.data.macros :as dm]
    [app.common.exceptions :as ex]
+   [app.common.features :as cfeat]
    [app.common.logging :as l]
+   [app.common.schema :as sm]
    [app.common.spec :as us]
    [app.common.uuid :as uuid]
    [app.config :as cf]
@@ -27,11 +30,8 @@
    [app.tokens :as tokens]
    [app.util.services :as sv]
    [app.util.time :as dt]
-   [app.worker :as-alias wrk]
    [clojure.spec.alpha :as s]
-   [cuerdas.core :as str]
-   [promesa.core :as p]
-   [promesa.exec :as px]))
+   [cuerdas.core :as str]))
 
 ;; --- Helpers & Specs
 
@@ -56,11 +56,11 @@
         is-owner (boolean (some :is-owner rows))
         is-admin (boolean (some :is-admin rows))
         can-edit (boolean (some :can-edit rows))]
-     (when (seq rows)
-       {:is-owner is-owner
-        :is-admin (or is-owner is-admin)
-        :can-edit (or is-owner is-admin can-edit)
-        :can-read true})))
+    (when (seq rows)
+      {:is-owner is-owner
+       :is-admin (or is-owner is-admin)
+       :can-edit (or is-owner is-admin can-edit)
+       :can-read true})))
 
 (def has-admin-permissions?
   (perms/make-admin-predicate-fn get-permissions))
@@ -80,20 +80,26 @@
 (def check-read-permissions!
   (perms/make-check-fn has-read-permissions?))
 
+(defn decode-row
+  [{:keys [features] :as row}]
+  (cond-> row
+    (some? features) (assoc :features (db/decode-pgarray features #{}))))
+
 ;; --- Query: Teams
 
-(declare retrieve-teams)
+(declare get-teams)
 
-(s/def ::get-teams
-  (s/keys :req [::rpc/profile-id]))
+(def ^:private schema:get-teams
+  [:map {:title "get-teams"}])
 
 (sv/defmethod ::get-teams
-  {::doc/added "1.17"}
+  {::doc/added "1.17"
+   ::sm/params schema:get-teams}
   [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
-  (with-open [conn (db/open pool)]
-    (retrieve-teams conn profile-id)))
+  (dm/with-open [conn (db/open pool)]
+    (get-teams conn profile-id)))
 
-(def sql:teams
+(def sql:get-teams-with-permissions
   "select t.*,
           tp.is_owner,
           tp.is_admin,
@@ -118,37 +124,77 @@
         (dissoc :is-owner :is-admin :can-edit)
         (assoc :permissions permissions))))
 
-(defn retrieve-teams
+(defn get-teams
   [conn profile-id]
   (let [profile (profile/get-profile conn profile-id)]
-    (->> (db/exec! conn [sql:teams (:default-team-id profile) profile-id])
-         (mapv process-permissions))))
+    (->> (db/exec! conn [sql:get-teams-with-permissions (:default-team-id profile) profile-id])
+         (map decode-row)
+         (map process-permissions)
+         (vec))))
 
 ;; --- Query: Team (by ID)
 
-(declare retrieve-team)
+(declare get-team)
 
-(s/def ::get-team
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::id]))
+(def ^:private schema:get-team
+  [:and
+   [:map {:title "get-team"}
+    [:id {:optional true} ::sm/uuid]
+    [:file-id {:optional true} ::sm/uuid]]
+
+   [:fn (fn [params]
+          (or (contains? params :id)
+              (contains? params :file-id)))]])
 
 (sv/defmethod ::get-team
-  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id]}]
-  (with-open [conn (db/open pool)]
-    (retrieve-team conn profile-id id)))
+  {::doc/added "1.17"
+   ::sm/params schema:get-team}
+  [{:keys [::db/pool]} {:keys [::rpc/profile-id id file-id]}]
+  (get-team pool :profile-id profile-id :team-id id :file-id file-id))
 
-(defn retrieve-team
-  [conn profile-id team-id]
-  (let [profile (profile/get-profile conn profile-id)
-        sql     (str "WITH teams AS (" sql:teams ") SELECT * FROM teams WHERE id=?")
-        result  (db/exec-one! conn [sql (:default-team-id profile) profile-id team-id])]
+(defn get-team
+  [conn & {:keys [profile-id team-id project-id file-id] :as params}]
+
+  (dm/assert!
+   "connection or pool is mandatory"
+   (or (db/connection? conn)
+       (db/pool? conn)))
+
+  (dm/assert!
+   "profile-id is mandatory"
+   (uuid? profile-id))
+
+  (let [{:keys [default-team-id] :as profile} (profile/get-profile conn profile-id)
+        result (cond
+                 (some? team-id)
+                 (let [sql (str "WITH teams AS (" sql:get-teams-with-permissions
+                                ") SELECT * FROM teams WHERE id=?")]
+                   (db/exec-one! conn [sql default-team-id profile-id team-id]))
+
+                 (some? project-id)
+                 (let [sql (str "WITH teams AS (" sql:get-teams-with-permissions ") "
+                                "SELECT t.* FROM teams AS t "
+                                "  JOIN project AS p ON (p.team_id = t.id) "
+                                " WHERE p.id=?")]
+                   (db/exec-one! conn [sql default-team-id profile-id project-id]))
+
+                 (some? file-id)
+                 (let [sql (str "WITH teams AS (" sql:get-teams-with-permissions ") "
+                                "SELECT t.* FROM teams AS t "
+                                "  JOIN project AS p ON (p.team_id = t.id) "
+                                "  JOIN file AS f ON (f.project_id = p.id) "
+                                " WHERE f.id=?")]
+                   (db/exec-one! conn [sql default-team-id profile-id file-id]))
+
+                 :else
+                 (throw (IllegalArgumentException. "invalid arguments")))]
 
     (when-not result
       (ex/raise :type :not-found
                 :code :team-does-not-exist))
-
-    (process-permissions result)))
+    (-> result
+        (decode-row)
+        (process-permissions))))
 
 ;; --- Query: Team Members
 
@@ -164,44 +210,48 @@
      join profile as p on (p.id = tp.profile_id)
     where tp.team_id = ?")
 
-(defn retrieve-team-members
+(defn get-team-members
   [conn team-id]
   (db/exec! conn [sql:team-members team-id]))
 
-(s/def ::team-id ::us/uuid)
-(s/def ::get-team-members
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::team-id]))
+(def ^:private schema:get-team-memebrs
+  [:map {:title "get-team-members"}
+   [:team-id ::sm/uuid]])
 
 (sv/defmethod ::get-team-members
-  {::doc/added "1.17"}
+  {::doc/added "1.17"
+   ::sm/params schema:get-team-memebrs}
   [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id]}]
-  (with-open [conn (db/open pool)]
+  (dm/with-open [conn (db/open pool)]
     (check-read-permissions! conn profile-id team-id)
-    (retrieve-team-members conn team-id)))
-
+    (get-team-members conn team-id)))
 
 ;; --- Query: Team Users
 
-(declare retrieve-users)
-(declare retrieve-team-for-file)
+(declare get-users)
+(declare get-team-for-file)
 
-(s/def ::get-team-users
-  (s/and (s/keys :req [::rpc/profile-id]
-                 :opt-un [::team-id ::file-id])
-         #(or (:team-id %) (:file-id %))))
+(def ^:private schema:get-team-users
+  [:and {:title "get-team-users"}
+   [:map
+    [:team-id {:optional true} ::sm/uuid]
+    [:file-id {:optional true} ::sm/uuid]]
+   [:fn #(or (contains? % :team-id)
+             (contains? % :file-id))]])
 
 (sv/defmethod ::get-team-users
-  {::doc/added "1.17"}
+  "Get team users by team-id or by file-id"
+  {::doc/added "1.17"
+   ::sm/params schema:get-team-users}
   [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id file-id]}]
-  (with-open [conn (db/open pool)]
+  (dm/with-open [conn (db/open pool)]
     (if team-id
       (do
         (check-read-permissions! conn profile-id team-id)
-        (retrieve-users conn team-id))
-      (let [{team-id :id} (retrieve-team-for-file conn file-id)]
+        (get-users conn team-id))
+      (let [{team-id :id} (get-team-for-file conn file-id)]
         (check-read-permissions! conn profile-id team-id)
-        (retrieve-users conn team-id)))))
+        (get-users conn team-id)))))
 
 ;; This is a similar query to team members but can contain more data
 ;; because some user can be explicitly added to project or file (not
@@ -232,44 +282,44 @@
      join file as f on (p.id = f.project_id)
     where f.id = ?")
 
-(defn retrieve-users
+(defn get-users
   [conn team-id]
   (db/exec! conn [sql:team-users team-id team-id team-id]))
 
-(defn retrieve-team-for-file
+(defn get-team-for-file
   [conn file-id]
   (->> [sql:team-by-file file-id]
        (db/exec-one! conn)))
 
 ;; --- Query: Team Stats
 
-(declare retrieve-team-stats)
+(declare get-team-stats)
 
-(s/def ::get-team-stats
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::team-id]))
+(def ^:private schema:get-team-stats
+  [:map {:title "get-team-stats"}
+   [:team-id ::sm/uuid]])
 
 (sv/defmethod ::get-team-stats
-  {::doc/added "1.17"}
+  {::doc/added "1.17"
+   ::sm/params schema:get-team-stats}
   [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id]}]
-  (with-open [conn (db/open pool)]
+  (dm/with-open [conn (db/open pool)]
     (check-read-permissions! conn profile-id team-id)
-    (retrieve-team-stats conn team-id)))
+    (get-team-stats conn team-id)))
 
 (def sql:team-stats
   "select (select count(*) from project where team_id = ?) as projects,
           (select count(*) from file as f join project as p on (p.id = f.project_id) where p.team_id = ?) as files")
 
-(defn retrieve-team-stats
+(defn get-team-stats
   [conn team-id]
   (db/exec-one! conn [sql:team-stats team-id team-id]))
 
-
 ;; --- Query: Team invitations
 
-(s/def ::get-team-invitations
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::team-id]))
+(def ^:private schema:get-team-invitations
+  [:map {:title "get-team-invitations"}
+   [:team-id ::sm/uuid]])
 
 (def sql:team-invitations
   "select email_to as email, role, (valid_until < now()) as expired
@@ -281,9 +331,10 @@
        (mapv #(update % :role keyword))))
 
 (sv/defmethod ::get-team-invitations
-  {::doc/added "1.17"}
+  {::doc/added "1.17"
+   ::sm/params schema:get-team-invitations}
   [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id]}]
-  (with-open [conn (db/open pool)]
+  (dm/with-open [conn (db/open pool)]
     (check-read-permissions! conn profile-id team-id)
     (get-team-invitations conn team-id)))
 
@@ -296,25 +347,32 @@
 (declare ^:private create-team-role)
 (declare ^:private create-team-default-project)
 
-(s/def ::create-team
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::name]
-          :opt-un [::id]))
+(def ^:private schema:create-team
+  [:map {:title "create-team"}
+   [:name :string]
+   [:features {:optional true} ::cfeat/features]
+   [:id {:optional true} ::sm/uuid]])
 
 (sv/defmethod ::create-team
-  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id] :as params}]
-  (db/with-atomic [conn pool]
-    (quotes/check-quote! conn {::quotes/id ::quotes/teams-per-profile
-                               ::quotes/profile-id profile-id})
+  {::doc/added "1.17"
+   ::sm/params schema:create-team}
+  [cfg {:keys [::rpc/profile-id] :as params}]
+  (db/tx-run! cfg (fn [{:keys [::db/conn] :as cfg}]
+                    (quotes/check-quote! conn {::quotes/id ::quotes/teams-per-profile
+                                               ::quotes/profile-id profile-id})
 
-    (create-team conn (assoc params :profile-id profile-id))))
+                    (let [features (-> (cfeat/get-enabled-features cf/flags)
+                                       (cfeat/check-client-features! (:features params)))]
+                      (create-team cfg (assoc params
+                                              :profile-id profile-id
+                                              :features features))))))
 
 (defn create-team
   "This is a complete team creation process, it creates the team
   object and all related objects (default role and default project)."
-  [conn params]
-  (let [team    (create-team* conn params)
+  [cfg-or-conn params]
+  (let [conn    (db/get-connection cfg-or-conn)
+        team    (create-team* conn params)
         params  (assoc params
                        :team-id (:id team)
                        :role :owner)
@@ -323,13 +381,16 @@
     (assoc team :default-project-id (:id project))))
 
 (defn- create-team*
-  [conn {:keys [id name is-default] :as params}]
+  [conn {:keys [id name is-default features] :as params}]
   (let [id         (or id (uuid/next))
-        is-default (if (boolean? is-default) is-default false)]
-    (db/insert! conn :team
-                {:id id
-                 :name name
-                 :is-default is-default})))
+        is-default (if (boolean? is-default) is-default false)
+        features   (db/create-array conn "text" features)
+        team       (db/insert! conn :team
+                               {:id id
+                                :name name
+                                :features features
+                                :is-default is-default})]
+    (decode-row team)))
 
 (defn- create-team-role
   [conn {:keys [profile-id team-id role] :as params}]
@@ -395,7 +456,7 @@
 (defn leave-team
   [conn {:keys [profile-id id reassign-to]}]
   (let [perms   (get-permissions conn profile-id id)
-        members (retrieve-team-members conn id)]
+        members (get-team-members conn id)]
 
     (cond
       ;; we can only proceed if there are more members in the team
@@ -479,10 +540,15 @@
 
 (s/def ::team-id ::us/uuid)
 (s/def ::member-id ::us/uuid)
+(s/def ::role #{:owner :admin :editor})
+
 ;; Temporarily disabled viewer role
 ;; https://tree.taiga.io/project/penpot/issue/1083
-;; (s/def ::role #{:owner :admin :editor :viewer})
-(s/def ::role #{:owner :admin :editor})
+(def valid-roles
+  #{:owner :admin :editor #_:viewer})
+
+(def schema:role
+  [::sm/one-of valid-roles])
 
 (defn role->params
   [role]
@@ -499,7 +565,7 @@
   ;; convenience, if this becomes a bottleneck or problematic,
   ;; we will change it to more efficient fetch mechanisms.
   (let [perms   (get-permissions conn profile-id team-id)
-        members (retrieve-team-members conn team-id)
+        members (get-team-members conn team-id)
         member  (d/seek #(= member-id (:id %)) members)
 
         is-owner? (:is-owner perms)
@@ -594,10 +660,9 @@
     (update-team-photo cfg (assoc params :profile-id profile-id))))
 
 (defn update-team-photo
-  [{:keys [::db/pool ::sto/storage ::wrk/executor] :as cfg} {:keys [profile-id team-id] :as params}]
-  (p/let [team  (px/with-dispatch executor
-                  (retrieve-team pool profile-id team-id))
-          photo (profile/upload-photo cfg params)]
+  [{:keys [::db/pool ::sto/storage] :as cfg} {:keys [profile-id team-id] :as params}]
+  (let [team  (get-team pool :profile-id profile-id :team-id team-id)
+        photo (profile/upload-photo cfg params)]
 
     (db/with-atomic [conn pool]
       (check-admin-permissions! conn profile-id team-id)
@@ -608,8 +673,8 @@
 
       ;; Save new photo
       (db/update! pool :team
-        {:photo-id (:id photo)}
-        {:id team-id})
+                  {:photo-id (:id photo)}
+                  {:id team-id})
 
       (assoc team :photo-id (:id photo)))))
 
@@ -670,7 +735,8 @@
                           (role->params role))]
 
         ;; Insert the invited member to the team
-        (db/insert! conn :team-profile-rel params {:on-conflict-do-nothing true})
+        (db/insert! conn :team-profile-rel params
+                    {::db/on-conflict-do-nothing? true})
 
         ;; If profile is not yet verified, mark it as verified because
         ;; accepting an invitation link serves as verification.
@@ -701,13 +767,13 @@
           (l/info :hint "invitation token" :token itoken))
 
         (audit/submit! cfg
-                       {:type "action"
-                        :name (if updated?
-                                "update-team-invitation"
-                                "create-team-invitation")
-                        :profile-id (:id profile)
-                        :props (-> (dissoc tprops :profile-id)
-                                   (d/without-nils))})
+                       {::audit/type "action"
+                        ::audit/name (if updated?
+                                       "update-team-invitation"
+                                       "create-team-invitation")
+                        ::audit/profile-id (:id profile)
+                        ::audit/props (-> (dissoc tprops :profile-id)
+                                          (d/without-nils))})
 
         (eml/send! {::eml/conn conn
                     ::eml/factory eml/invite-to-team
@@ -720,29 +786,22 @@
 
         itoken))))
 
-(s/def ::email ::us/email)
-(s/def ::emails ::us/set-of-valid-emails)
-(s/def ::create-team-invitations
-  (s/keys :req [::rpc/profile-id]
-          :req-un [::team-id ::role]
-          :opt-un [::email ::emails]))
+(def ^:private schema:create-team-invitations
+  [:map {:title "create-team-invitations"}
+   [:team-id ::sm/uuid]
+   [:role [::sm/one-of #{:owner :admin :editor}]]
+   [:emails ::sm/set-of-emails]])
 
 (sv/defmethod ::create-team-invitations
   "A rpc call that allow to send a single or multiple invitations to
   join the team."
-  {::doc/added "1.17"}
-  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id email emails role] :as params}]
+  {::doc/added "1.17"
+   ::sm/params schema:create-team-invitations}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id emails role] :as params}]
   (db/with-atomic [conn pool]
     (let [perms    (get-permissions conn profile-id team-id)
           profile  (db/get-by-id conn :profile profile-id)
-          team     (db/get-by-id conn :team team-id)
-
-          ;; Members emails. We don't re-send inviation to already existing members
-          member?  (into #{}
-                         (map :email)
-                         (db/exec! conn [sql:team-members team-id]))
-
-          emails   (cond-> (or emails #{}) (string? email) (conj email))]
+          team     (db/get-by-id conn :team team-id)]
 
       (run! (partial quotes/check-quote! conn)
             (list {::quotes/id ::quotes/invitations-per-team
@@ -765,15 +824,22 @@
                   :hint "looks like the profile has reported repeatedly as spam or has permanent bounces"))
 
       (let [cfg         (assoc cfg ::db/conn conn)
-            invitations (->> emails
-                             (remove member?)
-                             (map (fn [email]
-                                    {:email (str/lower email)
-                                     :team team
-                                     :profile profile
-                                     :role role}))
-                             (keep (partial create-invitation cfg)))]
-        (with-meta (vec invitations)
+            members     (->> (db/exec! conn [sql:team-members team-id])
+                             (into #{} (map :email)))
+
+            invitations (into #{}
+                              (comp
+                               ;;  We don't re-send inviation to already existing members
+                               (remove (partial contains? members))
+                               (map (fn [email]
+                                      {:email (str/lower email)
+                                       :team team
+                                       :profile profile
+                                       :role role}))
+                               (keep (partial create-invitation cfg)))
+                              emails)]
+        (with-meta {:total (count invitations)
+                    :invitations invitations}
           {::audit/props {:invitations (count invitations)}})))))
 
 
@@ -784,14 +850,24 @@
   (s/merge ::create-team
            (s/keys :req-un [::emails ::role])))
 
+
+(def ^:private schema:create-team-with-invitations
+  [:map {:title "create-team-with-invitations"}
+   [:name :string]
+   [:features {:optional true} ::cfeat/features]
+   [:id {:optional true} ::sm/uuid]
+   [:emails ::sm/set-of-emails]
+   [:role schema:role]])
+
 (sv/defmethod ::create-team-with-invitations
-  {::doc/added "1.17"}
+  {::doc/added "1.17"
+   ::sm/params schema:create-team-with-invitations}
   [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id emails role] :as params}]
   (db/with-atomic [conn pool]
     (let [params   (assoc params :profile-id profile-id)
-          team     (create-team conn params)
-          profile  (db/get-by-id conn :profile profile-id)
-          cfg      (assoc cfg ::db/conn conn)]
+          cfg      (assoc cfg ::db/conn conn)
+          team     (create-team cfg params)
+          profile  (db/get-by-id conn :profile profile-id)]
 
       ;; Create invitations for all provided emails.
       (->> emails
@@ -815,13 +891,13 @@
                    ::quotes/incr (count emails)}))
 
       (audit/submit! cfg
-                     {:type "command"
-                      :name "create-team-invitations"
-                      :profile-id profile-id
-                      :props {:emails emails
-                              :role role
-                              :profile-id profile-id
-                              :invitations (count emails)}})
+                     {::audit/type "command"
+                      ::audit/name "create-team-invitations"
+                      ::audit/profile-id profile-id
+                      ::audit/props {:emails emails
+                                     :role role
+                                     :profile-id profile-id
+                                     :invitations (count emails)}})
 
       (vary-meta team assoc ::audit/props {:invitations (count emails)}))))
 

backend/src/app/rpc/commands/verify_token.clj

@@ -34,7 +34,8 @@
 
 (sv/defmethod ::verify-token
   {::rpc/auth false
-   ::doc/added "1.15"}
+   ::doc/added "1.15"
+   ::doc/module :auth}
   [{:keys [::db/pool] :as cfg} {:keys [token] :as params}]
   (db/with-atomic [conn pool]
     (let [claims (tokens/verify (::main/props cfg) {:token token})
@@ -104,7 +105,7 @@
                           ::quotes/team-id team-id})
 
     ;; Insert the invited member to the team
-    (db/insert! conn :team-profile-rel params {:on-conflict-do-nothing true})
+    (db/insert! conn :team-profile-rel params {::db/on-conflict-do-nothing? true})
 
     ;; If profile is not yet verified, mark it as verified because
     ;; accepting an invitation link serves as verification.

backend/src/app/rpc/commands/viewer.clj

@@ -7,28 +7,50 @@
 (ns app.rpc.commands.viewer
   (:require
    [app.common.exceptions :as ex]
+   [app.common.features :as cfeat]
+   [app.common.schema :as sm]
+   [app.config :as cf]
    [app.db :as db]
    [app.rpc :as-alias rpc]
    [app.rpc.commands.comments :as comments]
    [app.rpc.commands.files :as files]
+   [app.rpc.commands.teams :as teams]
    [app.rpc.cond :as-alias cond]
    [app.rpc.doc :as-alias doc]
-   [app.util.services :as sv]
-   [clojure.spec.alpha :as s]))
+   [app.util.services :as sv]))
 
 ;; --- QUERY: View Only Bundle
 
-(defn- get-project
-  [conn id]
-  (db/get-by-id conn :project id {:columns [:id :name :team-id]}))
+(defn- remove-not-allowed-pages
+  [data allowed]
+  (-> data
+      (update :pages (fn [pages] (filterv #(contains? allowed %) pages)))
+      (update :pages-index select-keys allowed)))
 
-(defn- get-bundle
-  [conn file-id profile-id features]
-  (let [file    (files/get-file conn file-id features)
-        project (get-project conn (:project-id file))
-        libs    (files/get-file-libraries conn file-id features)
+(defn- get-view-only-bundle
+  [{:keys [::db/conn] :as cfg} {:keys [profile-id file-id ::perms] :as params}]
+  (let [file    (files/get-file cfg file-id)
+
+        project (db/get conn :project
+                        {:id (:project-id file)}
+                        {:columns [:id :name :team-id]})
+
+        team    (-> (db/get conn :team {:id (:team-id project)})
+                    (teams/decode-row))
+
+        _       (-> (cfeat/get-team-enabled-features cf/flags team)
+                    (cfeat/check-client-features! (:features params))
+                    (cfeat/check-file-features! (:features file)))
+
+        file    (cond-> file
+                  (= :share-link (:type perms))
+                  (update :data remove-not-allowed-pages (:pages perms))
+
+                  :always
+                  (update :data select-keys [:id :options :pages :pages-index :components]))
+
+        libs    (files/get-file-libraries conn file-id)
         users   (comments/get-file-comments-users conn file-id profile-id)
-
         links   (->> (db/query conn :share-link {:file-id file-id})
                      (mapv (fn [row]
                              (-> row
@@ -41,56 +63,43 @@
                                  (dissoc :flags)))))
 
         fonts   (db/query conn :team-font-variant
-                          {:team-id (:team-id project)
+                          {:team-id (:id team)
                            :deleted-at nil})]
 
-    {:file file
-     :users users
+    {:users users
      :fonts fonts
      :project project
      :share-links links
-     :libraries libs}))
+     :libraries libs
+     :file file
+     :team team
+     :permissions perms}))
 
-(defn- remove-not-allowed-pages
-  [data allowed]
-  (-> data
-      (update :pages (fn [pages] (filterv #(contains? allowed %) pages)))
-      (update :pages-index select-keys allowed)))
-
-(defn get-view-only-bundle
-  [conn {:keys [profile-id file-id share-id features] :as params}]
-  (let [perms  (files/get-permissions conn profile-id file-id share-id)
-        bundle (-> (get-bundle conn file-id profile-id features)
-                   (assoc :permissions perms))]
-
-    ;; When we have neither profile nor share, we just return a not
-    ;; found response to the user.
-    (when-not perms
-      (ex/raise :type :not-found
-                :code :object-not-found
-                :hint "object not found"))
-
-    (update bundle :file
-            (fn [file]
-              (cond-> file
-                (= :share-link (:type perms))
-                (update :data remove-not-allowed-pages (:pages perms))
-
-                :always
-                (update :data select-keys [:id :options :pages :pages-index]))))))
-
-(s/def ::get-view-only-bundle
-  (s/keys :req-un [::files/file-id]
-          :opt-un [::files/share-id
-                   ::files/features]
-          :opt [::rpc/profile-id]))
+(def schema:get-view-only-bundle
+  [:map {:title "get-view-only-bundle"}
+   [:file-id ::sm/uuid]
+   [:share-id {:optional true} ::sm/uuid]
+   [:features {:optional true} ::cfeat/features]])
 
 (sv/defmethod ::get-view-only-bundle
   {::rpc/auth false
-   ::cond/get-object #(files/get-minimal-file %1 (:file-id %2))
-   ::cond/key-fn files/get-file-etag
-   ::cond/reuse-key? true
-   ::doc/added "1.17"}
-  [{:keys [::db/pool]} {:keys [::rpc/profile-id] :as params}]
-  (with-open [conn (db/open pool)]
-    (get-view-only-bundle conn (assoc params :profile-id profile-id))))
+   ::doc/added "1.17"
+   ::sm/params schema:get-view-only-bundle}
+  [system {:keys [::rpc/profile-id file-id share-id] :as params}]
+  (db/run! system
+           (fn [{:keys [::db/conn] :as system}]
+             (let [perms  (files/get-permissions conn profile-id file-id share-id)
+                   params (-> params
+                              (assoc ::perms perms)
+                              (assoc :profile-id profile-id))]
+
+                  ;; When we have neither profile nor share, we just return a not
+               ;; found response to the user.
+               (when-not perms
+                 (ex/raise :type :not-found
+                           :code :object-not-found
+                           :hint "object not found"))
+
+               (get-view-only-bundle system params)))))
+
+

backend/src/app/rpc/commands/webhooks.clj

@@ -6,6 +6,7 @@
 
 (ns app.rpc.commands.webhooks
   (:require
+   [app.common.data.macros :as dm]
    [app.common.exceptions :as ex]
    [app.common.spec :as us]
    [app.common.uri :as u]
@@ -18,10 +19,8 @@
    [app.rpc.doc :as-alias doc]
    [app.util.services :as sv]
    [app.util.time :as dt]
-   [app.worker :as-alias wrk]
    [clojure.spec.alpha :as s]
-   [cuerdas.core :as str]
-   [promesa.core :as p]))
+   [cuerdas.core :as str]))
 
 (defn decode-row
   [{:keys [uri] :as row}]
@@ -48,30 +47,25 @@
 
 (defn- validate-webhook!
   [cfg whook params]
-  (letfn [(handle-exception [exception]
-            (if-let [hint (webhooks/interpret-exception exception)]
-              (ex/raise :type :validation
-                        :code :webhook-validation
-                        :hint hint)
-              (ex/raise :type :internal
-                        :code :webhook-validation
-                        :cause exception)))
-
-          (handle-response [response]
-            (when-let [hint (webhooks/interpret-response response)]
-              (ex/raise :type :validation
-                        :code :webhook-validation
-                        :hint hint)))]
-
-    (if (not= (:uri whook) (:uri params))
-      (->> (http/req! cfg {:method :head
-                           :uri (str (:uri params))
-                           :timeout (dt/duration "3s")})
-           (p/hmap (fn [response exception]
-                     (if exception
-                       (handle-exception exception)
-                       (handle-response response)))))
-      (p/resolved nil))))
+  (when (not= (:uri whook) (:uri params))
+    (let [response (ex/try!
+                    (http/req! cfg
+                               {:method :head
+                                :uri (str (:uri params))
+                                :timeout (dt/duration "3s")}
+                               {:sync? true}))]
+      (if (ex/exception? response)
+        (if-let [hint (webhooks/interpret-exception response)]
+          (ex/raise :type :validation
+                    :code :webhook-validation
+                    :hint hint)
+          (ex/raise :type :internal
+                    :code :webhook-validation
+                    :cause response))
+        (when-let [hint (webhooks/interpret-response response)]
+          (ex/raise :type :validation
+                    :code :webhook-validation
+                    :hint hint))))))
 
 (defn- validate-quotes!
   [{:keys [::db/pool]} {:keys [team-id]}]
@@ -106,22 +100,22 @@
 
 (sv/defmethod ::create-webhook
   {::doc/added "1.17"}
-  [{:keys [::db/pool ::wrk/executor] :as cfg} {:keys [::rpc/profile-id team-id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id] :as params}]
   (check-edition-permissions! pool profile-id team-id)
   (validate-quotes! cfg params)
-  (->> (validate-webhook! cfg nil params)
-       (p/fmap executor (fn [_] (insert-webhook! cfg params)))))
+  (validate-webhook! cfg nil params)
+  (insert-webhook! cfg params))
 
 (s/def ::update-webhook
   (s/keys :req-un [::id ::uri ::mtype ::is-active]))
 
 (sv/defmethod ::update-webhook
   {::doc/added "1.17"}
-  [{:keys [::db/pool ::wrk/executor] :as cfg} {:keys [::rpc/profile-id id] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id id] :as params}]
   (let [whook (-> (db/get pool :webhook {:id id}) (decode-row))]
     (check-edition-permissions! pool profile-id (:team-id whook))
-    (->> (validate-webhook! cfg whook params)
-         (p/fmap executor (fn [_] (update-webhook! cfg whook params))))))
+    (validate-webhook! cfg whook params)
+    (update-webhook! cfg whook params)))
 
 (s/def ::delete-webhook
   (s/keys :req [::rpc/profile-id]
@@ -149,7 +143,7 @@
 
 (sv/defmethod ::get-webhooks
   [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id team-id]}]
-  (with-open [conn (db/open pool)]
+  (dm/with-open [conn (db/open pool)]
     (check-read-permissions! conn profile-id team-id)
     (->> (db/exec! conn [sql:get-webhooks team-id])
          (mapv decode-row))))