wip

🐛 Disallow restore component when the library has been detached

.clj-kondo/config.edn

@@ -2,6 +2,7 @@
  {promesa.core/let clojure.core/let
   promesa.core/->> clojure.core/->>
   promesa.core/-> clojure.core/->
+  promesa.exec.csp/go-loop clojure.core/loop
   rumext.v2/defc clojure.core/defn
   rumext.v2/fnc clojure.core/fn
   app.common.data/export clojure.core/def
@@ -45,6 +46,15 @@
   :redundant-do
   {:level :off}
 
+  :earmuffed-var-not-dynamic
+  {:level :off}
+
+  :dynamic-var-not-earmuffed
+  {:level :off}
+
+  :used-underscored-binding
+  {:level :warning}
+
   :unused-binding
   {:exclude-destructured-as true
    :exclude-destructured-keys-in-fn-args false

CHANGES.md

@@ -1,14 +1,241 @@
 # CHANGELOG
 
-## :rocket: Next (1.17)
+## :rocket: 1.19.0
 
 ### :boom: Breaking changes & Deprecations
+
+### :sparkles: New features
+- Default naming of text layers [Taiga #2836](https://tree.taiga.io/project/penpot/us/2836)
+- Create typography style from a selected text layer[Taiga #3041](https://tree.taiga.io/project/penpot/us/3041)
+- Board as ruler origin [Taiga #4833](https://tree.taiga.io/project/penpot/us/4833)
+- Access tokens support [Taiga #4460](https://tree.taiga.io/project/penpot/us/4460)
+- Show interactions setting at the view mode [Taiga #1330](https://tree.taiga.io/project/penpot/issue/1330)
+
+### :bug: Bugs fixed
+- Fix files can be opened from multiple urls [Taiga #5310](https://tree.taiga.io/project/penpot/issue/5310)
+- Fix asset color item was created from the selected layer [Taiga #5180](https://tree.taiga.io/project/penpot/issue/5180)
+
+### :arrow_up: Deps updates
+
+### :heart: Community contributions by (Thank you!)
+- Update Typography palette order (by @akshay-gupta7) [Github #3156](https://github.com/penpot/penpot/pull/3156)
+- Palettes (color, typographies) empty state (by @akshay-gupta7) [Github #3160](https://github.com/penpot/penpot/pull/3160)
+- Duplicate objects via drag + alt (by @akshay-gupta7) [Github #3147](https://github.com/penpot/penpot/pull/3147)
+- Set line-height to auto as 1.2 (by @akshay-gupta7) [Github #3185](https://github.com/penpot/penpot/pull/3185)
+- Click to select full values at the design sidebar (by @akshay-gupta7) [Github #3179](https://github.com/penpot/penpot/pull/3179)
+- Fix rect filter bounds math (by @ryanbreen) [Github #3180](https://github.com/penpot/penpot/pull/3180)
+- Removed sizing variables from radius (by @ondrejkonec) [Github #3184](https://github.com/penpot/penpot/pull/3184)
+- Dashboard search, set focus after shortcut (by @akshay-gupta7) [Github #3196](https://github.com/penpot/penpot/pull/3196)
+- Library name dropdown arrow is overlapped by library name (by @ondrejkonec) [Taiga #5200](https://tree.taiga.io/project/penpot/issue/5200)
+- Reorder shadows (by @akshay-gupta7) [Github #3236](https://github.com/penpot/penpot/pull/3236)
+- Open project in new tab from workspace (by @akshay-gupta7) [Github #3246](https://github.com/penpot/penpot/pull/3246)
+- Distribute fix enabled when two elements were selected (by @dfelinto) [Github #3266](https://github.com/penpot/penpot/pull/3266)
+- Distribute vertical spacing failing for overlapped text (by @dfelinto) [Github #3267](https://github.com/penpot/penpot/pull/3267)
+
+## 1.18.6
+
+### :bug: Bugs fixed
+
+- Fix comments navigation from workspace [Taiga #5504](https://tree.taiga.io/project/penpot/issue/5504)
+
+### :sparkles: Enhancements
+
+- Add the ability to overwrite internal resolver with `PENPOT_INTERNAL_RESOLVER` environment
+  variable [GH #3310](https://github.com/penpot/penpot/issues/3310)
+
+## 1.18.5
+
+### :bug: Bugs fixed
+
+- Fix add flow option in contextual menu for frames
+- Fix issues related with invitations
+- Fix problem with undefined gaps
+- Add deleted fonts auto match mechanism
+
+## 1.18.4
+
+### :bug: Bugs fixed
+
+- Fix zooming while color picker breaks UI [GH #3214](https://github.com/penpot/penpot/issues/3214)
+- Fix problem with layout not reflowing on shape deletion [Taiga #5289](https://tree.taiga.io/project/penpot/issue/5289)
+- Fix extra long typography names on assets and palette [Taiga #5199](https://tree.taiga.io/project/penpot/issue/5199)
+- Fix background-color property on inspect code [Taiga #5300](https://tree.taiga.io/project/penpot/issue/5300)
+- Preview layer blend modes (by @akshay-gupta7) [Github #3235](https://github.com/penpot/penpot/pull/3235)
+
+## 1.18.3
+
+### :bug: Bugs fixed
+
+- Fix problem with rulers not placing correctly [Taiga #5093](https://tree.taiga.io/project/penpot/issue/5093)
+- Fix page context menu [Taiga #5145](https://tree.taiga.io/project/penpot/issue/5145)
+- Fix project file count [Taiga #5148](https://tree.taiga.io/project/penpot/issue/5148)
+- Fix OIDC roles checking mechanism [GH #3152](https://github.com/penpot/penpot/issues/3152)
+- Import updated translation strings from weblate
+
+### :arrow_up: Deps updates
+
+## 1.18.2
+
+### :bug: Bugs fixed
+
+- Fix problem with frame title rotation
+- Fix first level board "Show in view mode" is automatically unchecked [Taiga #5136](https://tree.taiga.io/project/penpot/issue/5136)
+
+## 1.18.1
+
+### :bug: Bugs fixed
+
+- Fix problems with imported SVG shadows [Taiga #4922](https://tree.taiga.io/project/penpot/issue/4922)
+- Fix problems with imported SVG embedded images and transforms [Taiga #4639](https://tree.taiga.io/project/penpot/issue/4639)
+
+## 1.18.0
+
+### :sparkles: New features
+
+- Adds more accessibility improvements in dashboard [Taiga #4577](https://tree.taiga.io/project/penpot/us/4577)
+- Adds paddings and gaps prediction on layout creation [Taiga #4838](https://tree.taiga.io/project/penpot/task/4838)
+- Add visual feedback when proportionally scaling text elements with **K** [Taiga #3415](https://tree.taiga.io/project/penpot/us/3415)
+- Add visualization and mouse control to paddings, margins and gaps in frames with layout [Taiga #4839](https://tree.taiga.io/project/penpot/task/4839)
+- Allow for absolute positioned elements inside layout [Taiga #4834](https://tree.taiga.io/project/penpot/us/4834)
+- Add z-index option for flex layout items [Taiga #2980](https://tree.taiga.io/project/penpot/us/2980)
+- Scale content proportionally affects strokes, shadows, blurs and corners [Taiga #1951](https://tree.taiga.io/project/penpot/us/1951)
+- Use tabulators to navigate layers [Taiga #5010](https://tree.taiga.io/project/penpot/issue/5010)
+
+### :bug: Bugs fixed
+
+- Fix problem with rules position on changing pages [Taiga #4847](https://tree.taiga.io/project/penpot/issue/4847)
+- Fix error streen when uploading wrong SVG [#2995](https://github.com/penpot/penpot/issues/2995)
+- Fix selecting children from hidden parent layers [Taiga #4934](https://tree.taiga.io/project/penpot/issue/4934)
+- Fix problem when undoing multiple selected colors [Taiga #4920](https://tree.taiga.io/project/penpot/issue/4920)
+- Allow selection of empty board by partial rect [Taiga #4806](https://tree.taiga.io/project/penpot/issue/4806)
+- Improve behavior for undo on text edition [Taiga #4693](https://tree.taiga.io/project/penpot/issue/4693)
+- Improve deeps selection of nested arboards [Taiga #4913](https://tree.taiga.io/project/penpot/issue/4913)
+- Fix problem on selection numeric inputs on Firefox [#2991](https://github.com/penpot/penpot/issues/2991)
+- Changed the text dominant-baseline to use ideographic [Taiga #4791](https://tree.taiga.io/project/penpot/issue/4791)
+- Viewer wrong translations [Github #3035](https://github.com/penpot/penpot/issues/3035)
+- Fix problem with text editor in Safari
+- Fix unlink library color when blur color picker input [#3026](https://github.com/penpot/penpot/issues/3026)
+- Fix snap pixel when moving path points on high zoom [#2930](https://github.com/penpot/penpot/issues/2930)
+- Fix shortcuts for zoom now take into account the mouse position [#2924](https://github.com/penpot/penpot/issues/2924)
+- Fix close colorpicker on Firefox when mouse-up is outside the picker [#2911](https://github.com/penpot/penpot/issues/2911)
+- Fix problems with touch devices and Wacom tablets [#2216](https://github.com/penpot/penpot/issues/2216)
+- Fix problem with board titles misplaced [Taiga #4738](https://tree.taiga.io/project/penpot/issue/4738)
+- Fix problem with alt getting stuck when alt+tab [Taiga #5013](https://tree.taiga.io/project/penpot/issue/5013)
+- Fix problem with z positioning of elements [Taiga #5014](https://tree.taiga.io/project/penpot/issue/5014)
+- Fix problem in Firefox with scroll jumping when changin pages [#3052](https://github.com/penpot/penpot/issues/3052)
+- Fix nested frame interaction created flow in wrong frame [Taiga #5043](https://tree.taiga.io/project/penpot/issue/5043)
+- Font-Kerning does not work on Artboard Export to PNG/JPG/PDF [#3029](https://github.com/penpot/penpot/issues/3029)
+- Fix manipulate duplicated project (delete, duplicate, rename, pin/unpin...) [Taiga #5027](https://tree.taiga.io/project/penpot/issue/5027)
+- Fix deleted files appear in search results [Taiga #5002](https://tree.taiga.io/project/penpot/issue/5002)
+- Fix problem with selected colors and texts [Taiga #5051](https://tree.taiga.io/project/penpot/issue/5051)
+- Fix problem when assigning color from palette or assets [Taiga #5050](https://tree.taiga.io/project/penpot/issue/5050)
+- Fix shortcuts for alignment [Taiga #5030](https://tree.taiga.io/project/penpot/issue/5030)
+- Fix path options not showing when editing rects or ellipses [Taiga #5053](https://tree.taiga.io/project/penpot/issue/5053)
+- Fix tooltips for some alignment options are truncated on design tab [Taiga #5040](https://tree.taiga.io/project/penpot/issue/5040)
+- Fix horizontal margins drag don't always start from place [Taiga #5020](https://tree.taiga.io/project/penpot/issue/5020)
+- Fix multiplayer username sometimes is not displayed correctly [Taiga #4400](https://tree.taiga.io/project/penpot/issue/4400)
+- Show warning when trying to invite a user that is already in members [Taiga #4147](https://tree.taiga.io/project/penpot/issue/4147)
+- Fix problem with text out of borders when changing from auto-width to fixed [Taiga #4308](https://tree.taiga.io/project/penpot/issue/4308)
+- Fix header not showing when exiting fullscreen mode in viewer [Taiga #4244](https://tree.taiga.io/project/penpot/issue/4244)
+- Fix visual problem in select options [Taiga #5028](https://tree.taiga.io/project/penpot/issue/5028)
+- Forbid empty names for assets [Taiga #5056](https://tree.taiga.io/project/penpot/issue/5056)
+- Select children after ungroup action [Taiga #4917](https://tree.taiga.io/project/penpot/issue/4917)
+- Fix problem with guides not showing when moving over nested frames [Taiga #4905](https://tree.taiga.io/project/penpot/issue/4905)
+- Fix change email and password for users signed in via social login [Taiga #4273](https://tree.taiga.io/project/penpot/issue/4273)
+- Fix drag and drop files from browser or file explorer under circumstances [Taiga #5054](https://tree.taiga.io/project/penpot/issue/5054)
+- Fix problem when copy/pasting shapes [Taiga #4931](https://tree.taiga.io/project/penpot/issue/4931)
+- Fix problem with color picker not able to change hue [Taiga #5065](https://tree.taiga.io/project/penpot/issue/5065)
+- Fix problem with outer stroke in texts [Taiga #5078](https://tree.taiga.io/project/penpot/issue/5078)
+- Fix problem with text carring over next line when changing to fixed [Taiga #5067](https://tree.taiga.io/project/penpot/issue/5067)
+- Fix don't show invite user hero to users with editor role [Taiga #5086](https://tree.taiga.io/project/penpot/issue/5086)
+- Fix enter emails on onboarding new user creating team [Taiga #5089](https://tree.taiga.io/project/penpot/issue/5089)
+- Fix invalid files amount after moving on dashboard [Taiga #5080](https://tree.taiga.io/project/penpot/issue/5080)
+- Fix dashboard left sidebar, the [x] overlaps the field [Taiga #5064](https://tree.taiga.io/project/penpot/issue/5064)
+- Fix expanded typography on assets sidebar is moving [Taiga #5063](https://tree.taiga.io/project/penpot/issue/5063)
+- Fix spelling mistake in confirmation after importing only 1 file [Taiga #5095](https://tree.taiga.io/project/penpot/issue/5095)
+- Fix problem with selection colors and texts [Taiga #5079](https://tree.taiga.io/project/penpot/issue/5079)
+- Remove "show in view mode" flag when moving frame to frame [Taiga #5091](https://tree.taiga.io/project/penpot/issue/5091)
+- Fix problem creating files in project page [Taiga #5060](https://tree.taiga.io/project/penpot/issue/5060)
+- Disable empty names on rename files [Taiga #5088](https://tree.taiga.io/project/penpot/issue/5088)
+- Fix problem with SVG and flex layout [Taiga #](https://tree.taiga.io/project/penpot/issue/5099)
+- Fix unpublish and delete shared library warning messages [Taiga #5090](https://tree.taiga.io/project/penpot/issue/5090)
+- Fix last update project timer update after creating new file [Taiga #5096](https://tree.taiga.io/project/penpot/issue/5096)
+- Fix dashboard scrolling using 'Page Up' and 'Page Down' [Taiga #5081](https://tree.taiga.io/project/penpot/issue/5081)
+- Fix view mode header buttons overlapping in small resolutions [Taiga #5058](https://tree.taiga.io/project/penpot/issue/5058)
+- Fix precision for wrap in flex [Taiga #5072](https://tree.taiga.io/project/penpot/issue/5072)
+- Fix relative position overlay positioning [Taiga #5092](https://tree.taiga.io/project/penpot/issue/5092)
+- Fix hide grid keyboard shortcut [Github #3071](https://github.com/penpot/penpot/pull/3071)
+- Fix problem with opacity in imported SVG's [Taiga #4923](https://tree.taiga.io/project/penpot/issue/4923)
+
+### :heart: Community contributions by (Thank you!)
+- To @ondrejkonec: for contributing to the code with:
+- Refactor CSS variables [Github #2948](https://github.com/penpot/penpot/pull/2948)
+
+## 1.17.3
+
+### :bug: Bugs fixed
+- Fix copy and paste very nested inside itself [Taiga #4848](https://tree.taiga.io/project/penpot/issue/4848)
+- Fix custom fonts not rendered correctly [Taiga #4874](https://tree.taiga.io/project/penpot/issue/4874)
+- Fix problem with shadows and blur on multiple selection
+- Fix problem with redo shortcut
+- Fix Component texts not displayed in assets panel [Taiga #4907](https://tree.taiga.io/project/penpot/issue/4907)
+- Fix search field has implemented shared styles for "close icon" and "search icon" [Taiga #4927](https://tree.taiga.io/project/penpot/issue/4927)
+- Fix Handling correctly slashes "/" in emails [Taiga #4906](https://tree.taiga.io/project/penpot/issue/4906)
+- Fix Change text color from selected colors [Taiga #4933](https://tree.taiga.io/project/penpot/issue/4933)
+
+### :sparkles: Enhancements
+
+- Adds environment variables for specifying the export and backend URI for the frontend docker image, thanks to @Supernova3339 for the initial PR and suggestion [Github #2984](https://github.com/penpot/penpot/issues/2984)
+
+## 1.17.2
+
+### :bug: Bugs fixed
+
+- Fix invite members button text [Taiga #4794](https://tree.taiga.io/project/penpot/issue/4794)
+- Fix problem with opacity in frames [Taiga #4795](https://tree.taiga.io/project/penpot/issue/4795)
+- Fix correct behaviour for space-around and added space-evenly option
+- Fix duplicate with alt and undo only undo one step [Taiga #4746](https://tree.taiga.io/project/penpot/issue/4746)
+- Fix problem creating frames inside layout [Taiga #4844](https://tree.taiga.io/project/penpot/issue/4844)
+- Fix paste board inside itself [Taiga #4775](https://tree.taiga.io/project/penpot/issue/4775)
+- Fix middle button panning can drag guides [Taiga #4266](https://tree.taiga.io/project/penpot/issue/4266)
+
+### :heart: Community contributions by (Thank you!)
+
+- To @ondrejkonec: for some code contributions on this release.
+
+## 1.17.1
+
+### :bug: Bugs fixed
+- Fix components groups items show the component name in list mode [Taiga #4770](https://tree.taiga.io/project/penpot/issue/4770)
+- Fix typing CMD+Z on MacOS turns the cursor into a Zoom cursor [Taiga #4778](https://tree.taiga.io/project/penpot/issue/4778)
+- Fix white space on small screens [Taiga #4774](https://tree.taiga.io/project/penpot/issue/4774)
+- Fix button spacing on delete acount modal [Taiga #4762](https://tree.taiga.io/project/penpot/issue/4762)
+- Fix invitations input on team management and onboarding modal [Taiga #4760](https://tree.taiga.io/project/penpot/issue/4760)
+- Fix weird numeration creating new elements in dashboard [Taiga #4755](https://tree.taiga.io/project/penpot/issue/4755)
+- Fix can move shape with lens zoom active [Taiga #4787](https://tree.taiga.io/project/penpot/issue/4787)
+- Fix social links broken [Taiga #4759](https://tree.taiga.io/project/penpot/issue/4759)
+- Fix tooltips on left toolbar [Taiga #4793](https://tree.taiga.io/project/penpot/issue/4793)
+
+## 1.17.0
+
 ### :sparkles: New features
 
 - Adds layout flex functionality for boards
 - Better overlays interactions on boards inside boards [Taiga #4386](https://tree.taiga.io/project/penpot/us/4386)
 - Show board miniature in manual overlay setting [Taiga #4475](https://tree.taiga.io/project/penpot/issue/4475)
 - Handoff visual improvements [Taiga #3124](https://tree.taiga.io/project/penpot/us/3124)
+- Dynamic alignment only in sight [Github 1971](https://github.com/penpot/penpot/issues/1971)
+- Add some accessibility to shortcut panel [Taiga #4713](https://tree.taiga.io/project/penpot/issue/4713)
+- Add shortcuts for text editing [Taiga #2052](https://tree.taiga.io/project/penpot/us/2052)
+- Second level boards treated as groups in terms of selection [Taiga #4269](https://tree.taiga.io/project/penpot/us/4269)
+- Performance improvements both for backend and frontend
+- Accessibility improvements for login area [Taiga #4353](https://tree.taiga.io/project/penpot/us/4353)
+- Outbound webhooks [Taiga #4577](https://tree.taiga.io/project/penpot/us/4577)
+- Add copy invitation link to the invitation options [Taiga #4213](https://tree.taiga.io/project/penpot/us/4213)
+- Dynamic alignment only in sight [Taiga #3537](https://tree.taiga.io/project/penpot/us/3537)
+- Improve naming of layers [Taiga #4036](https://tree.taiga.io/project/penpot/us/4036)
+- Add zoom lense [Taiga #4691](https://tree.taiga.io/project/penpot/us/4691)
+- Detect potential problems with custom font vertical metrics [Taiga #4697](https://tree.taiga.io/project/penpot/us/4697)
 
 ### :bug: Bugs fixed
 
@@ -19,11 +246,55 @@
 - Fix twitter support account link [Taiga #4279](https://tree.taiga.io/project/penpot/issue/4279)
 - Fix lang autodetect issue [Taiga #4277](https://tree.taiga.io/project/penpot/issue/4277)
 - Fix adding an extra page on import [Taiga #4543](https://tree.taiga.io/project/penpot/task/4543)
+- Fix unable to select text at assets inputs in firefox [Taiga #4572](https://tree.taiga.io/project/penpot/issue/4572)
+- Fix component sync when converting to path [Taiga #3642](https://tree.taiga.io/project/penpot/issue/3642)
+- Fix style for team invite in deutsch [Taiga #4614](https://tree.taiga.io/project/penpot/issue/4614)
+- Fix problem with text edition in Safari [Taiga #4046](https://tree.taiga.io/project/penpot/issue/4046)
+- Fix show outline with rounded corners on rects [Taiga #4053](https://tree.taiga.io/project/penpot/issue/4053)
+- Fix wrong interaction between comments and panning modes [Taiga #4297](https://tree.taiga.io/project/penpot/issue/4297)
+- Fix bad element positioning on interaction with fixed scroll [Github #2660](https://github.com/penpot/penpot/issues/2660)
+- Fix display type of component library not persistent [Taiga #4512](https://tree.taiga.io/project/penpot/issue/4512)
+- Fix problem when moving texts with keyboard [#2690](https://github.com/penpot/penpot/issues/2690)
+- Fix problem when drawing boxes won't detect mouse-up [Taiga #4618](https://tree.taiga.io/project/penpot/issue/4618)
+- Fix missing loading icon on shared libraries [Taiga #4148](https://tree.taiga.io/project/penpot/issue/4148)
+- Fix selection stroke missing in properties of multiple texts [Taiga #4048](https://tree.taiga.io/project/penpot/issue/4048)
+- Fix missing create component menu for frames [Github #2670](https://github.com/penpot/penpot/issues/2670)
+- Fix "currentColor" is not converted when importing SVG [Github 2276](https://github.com/penpot/penpot/issues/2276)
+- Fix incorrect color in properties of multiple bool shapes [Taiga #4355](https://tree.taiga.io/project/penpot/issue/4355)
+- Fix pressing the enter key gives you an internal error [Github 2675](https://github.com/penpot/penpot/issues/2675) [Github 2577](https://github.com/penpot/penpot/issues/2577)
+- Fix confirm group name with enter doesn't work in assets modal [Taiga #4506](https://tree.taiga.io/project/penpot/issue/4506)
+- Fix group/ungroup shapes inside a component [Taiga #4052](https://tree.taiga.io/project/penpot/issue/4052)
+- Fix wrong update of text in components [Taiga #4646](https://tree.taiga.io/project/penpot/issue/4646)
+- Fix problem with SVG imports with style [#2605](https://github.com/penpot/penpot/issues/2605)
+- Fix ghost shapes after sync groups in components [Taiga #4649](https://tree.taiga.io/project/penpot/issue/4649)
+- Fix layer orders messed up on move, group, reparent and undo [Github #2672](https://github.com/penpot/penpot/issues/2672)
+- Fix max height in library dialog [Github #2335](https://github.com/penpot/penpot/issues/2335)
+- Fix undo ungroup (shift+g) scrambles positions [Taiga #4674](https://tree.taiga.io/project/penpot/issue/4674)
+- Fix justified text is stretched [Github #2539](https://github.com/penpot/penpot/issues/2539)
+- Fix mousewheel on viewer inspector [Taiga #4221](https://tree.taiga.io/project/penpot/issue/4221)
+- Fix path edition activated on boards [Taiga #4105](https://tree.taiga.io/project/penpot/issue/4105)
+- Fix hidden layers inside groups become visible after the group visibility is changed[Taiga #4710](https://tree.taiga.io/project/penpot/issue/4710)
+- Fix format of HSLA color on viewer [Taiga #4393](https://tree.taiga.io/project/penpot/issue/4393)
+- Fix some typos [Taiga #4724](https://tree.taiga.io/project/penpot/issue/4724)
+- Fix ctrl+c for inspect code [Taiga #4739](https://tree.taiga.io/project/penpot/issue/4739)
+- Fix text in custom font is not at the expected position at export [Taiga #4394](https://tree.taiga.io/project/penpot/issue/4394)
+- Fix unneeded popup when updating local components [Taiga #4430](https://tree.taiga.io/project/penpot/issue/4430)
+- Fix multiuser - "Shadow" element is not updating immediately [Taiga #4709](https://tree.taiga.io/project/penpot/issue/4709)
+- Fix paths not flagged as modified when resized [Taiga #4742](https://tree.taiga.io/project/penpot/issue/4742)
+- Fix resend invitation doesn't reset the expiration date [Taiga #4741](https://tree.taiga.io/project/penpot/issue/4741)
+- Fix incorrect state after undo page creation [Taiga #4690](https://tree.taiga.io/project/penpot/issue/4690)
+- Fix copy paste texts with typography assets linked [Taiga #4750](https://tree.taiga.io/project/penpot/issue/4750)
 
-### :arrow_up: Deps updates
 ### :heart: Community contributions by (Thank you!)
+
+- To @iprithvitharun: let's make UX Writing contributions in Open Source a trend!
+
 ## 1.16.2-beta
 
+### :bug: Bugs fixed
+
+- Fix strage cursor behaviour after clicking viewport with text pool [Github #2447](https://github.com/penpot/penpot/issues/2447)
+
 ## 1.16.1-beta
 
 ### :bug: Bugs fixed
@@ -91,7 +362,6 @@
 - Fix grid not syncing immediately in multiuser [Taiga #4339](https://tree.taiga.io/project/penpot/issue/4339)
 - Fix custom font upload fails silently for unsupported formats [Taiga #4279](https://tree.taiga.io/project/penpot/issue/4280)
 
-### :arrow_up: Deps updates
 ### :heart: Community contributions by (Thank you!)
 
 - To @andrewzhurov for many code contributions on this release.

CONTRIBUTING.md

@@ -101,14 +101,14 @@ Each commit should have:
 
 Examples of good commit messages:
 
-- :bug: Fix unexpected error on launching modal
-- :bug: Set proper error message on generic error
-- :sparkles: Enable new modal for profile
-- :zap: Improve performance of dashboard navigation
-- :wrench: Update default backend configuration
-- :books: Add more documentation for authentication process
-- :ambulance: Fix critical bug on user registration process
-- :tada: Add new approach for user registration
+- `:bug: Fix unexpected error on launching modal`
+- `:bug: Set proper error message on generic error`
+- `:sparkles: Enable new modal for profile`
+- `:zap: Improve performance of dashboard navigation`
+- `:wrench: Update default backend configuration`
+- `:books: Add more documentation for authentication process`
+- `:ambulance: Fix critical bug on user registration process`
+- `:tada: Add new approach for user registration`
 
 
 ## Code of conduct ##

README.md

@@ -4,7 +4,7 @@
 
 <h1 align="center">
   <br>
-  <img src="https://penpot.app/images/readme/readme-logo.jpg" alt="PENPOT">
+  <img src="https://penpot.app/images/readme/git-readme-header.png" alt="PENPOT">
 </h1>
 
 <p align="center"><a href="https://www.mozilla.org/en-US/MPL/2.0" rel="nofollow"><img src="https://camo.githubusercontent.com/3fcf3d6b678ea15fde3cf7d6af0e242160366282d62a7c182d83a50bfee3f45e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4d504c2d322e302d626c75652e737667" alt="License: MPL-2.0" data-canonical-src="https://img.shields.io/badge/MPL-2.0-blue.svg" style="max-width:100%;"></a>
@@ -26,6 +26,8 @@
 
 ![feature-readme](https://user-images.githubusercontent.com/1045247/189871786-0b44f7cf-3a0a-4445-a87b-9919ec398bf7.gif)
 
+**:tada: [Important Notice!] :tada:** Our very first **Penpot Fest** is happening on June 28-30, Barcelona (Spain). **Secure yourself a ticket** to know everything about the present and future of Penpot and be part of the conversation! See details on the amazing venue and speakers lineup at [penpotfest.org](https://penpotfest.org)! :zap:
+
 Penpot is the first **Open Source** design and prototyping platform meant for cross-domain teams. Non dependent on operating systems, Penpot is web based and works with open standards (SVG). Penpot invites designers all over the world to fall in love with open source while getting developers excited about the design process in return.
 
 ## Table of contents ##
@@ -50,7 +52,7 @@ Being web based, Penpot is not dependent on operating systems or local installat
 Using SVG as no other design and prototyping tool does, Penpot files sport compatibility with most of the vectorial tools, are tech friendly and extremely easy to use on the web. We make sure you will always own your work.
 
 <p align="center">
-  <img src="https://penpot.app/images/open-source.png" alt="Open Source">
+  <img src="https://penpot.app/images/readme/git-open.png" alt="Open Source" style="width: 65%;">
 </p>
 
 
@@ -74,7 +76,7 @@ Here’s a step-by-step guide on [getting started with Docker.](https://help.pen
 If you prefer not to install Penpot in a local environment, [login or register on our Penpot cloud app](https://design.penpot.app). Create a team to work together on projects and share design assets or jump right away into Penpot and **start designing** on your own.
 
 <p align="center">
-  <img src="https://help.penpot.app/img/home-techguide.png" alt="Getting started">
+  <img src="https://penpot.app/images/readme/git-self-host.png" alt="Getting started" style="width: 65%;">
 </p>
 
 ## Community ##
@@ -93,7 +95,7 @@ You will find the following categories:
 - [Penpot in your language](https://community.penpot.app/c/penpot-in-your-language/12)
 
 <p align="center">
-  <img src="https://penpot.app/images/cross-teams.webp" alt="Community">
+  <img src="https://penpot.app/images/readme/git-collaborate.png" alt="Communnity" style="width: 65%;">
 </p>
 
 ## Contributing ##
@@ -111,7 +113,7 @@ Every sort of contribution will be very helpful to enhance Penpot. How you’ll
 To find (almost) everything you need to know on how to contribute to Penpot, refer to the [contributing-guide](https://help.penpot.app/contributing-guide/).
 
 <p align="center">
-  <img src="https://help.penpot.app/img/home-contributing.png" alt="Contributing">
+  <img src="https://penpot.app/images/readme/git-community.png" alt="Contributing" style="width: 65%;">
 </p>
 
 ## Resources ##
@@ -124,7 +126,7 @@ You can ask and answer questions, have open-ended conversations, and follow alon
 
 ✏️ [Tutorials](https://www.youtube.com/playlist?list=PLgcCPfOv5v54WpXhHmNO7T-YC7AE-SRsr)
 
-🏘️ [Architecture](https://help.penpot.app/technical-guide/architecture/)
+🏘️ [Architecture](https://help.penpot.app/technical-guide/developer/architecture/)
 
 📚 [Dev Diaries](https://penpot.app/dev-diaries.html)
 

THANKYOU.md

@@ -5,24 +5,25 @@ We want to thank to the amazing people that help us! Thank you! You're the best!
 ## Security
 * Husnain Iqbal (CEO OF ALPHA INFERNO PVT LTD)
 * [Shiraz Ali Khan](https://www.linkedin.com/in/shiraz-ali-khan-1ba508180/)
+* Vaibhav Shukla
 
 ## Internationalization
 * [00ff88](https://hosted.weblate.org/user/00ff88)
 * [AhmadHB](https://hosted.weblate.org/user/AhmadHB)
 * [Aimee](https://hosted.weblate.org/user/Aimee)
-* [alejandro.alonso](alejandro.https://hosted.weblate.org/user/alonso)
+* [alejandro.alonso](https://hosted.weblate.org/user/alejandro.alonso)
 * [alexpawlak](https://hosted.weblate.org/user/alexpawlak)
 * [allytiago](https://hosted.weblate.org/user/allytiago)
-* [alonso.torres](alonso.https://hosted.weblate.org/user/torres)
-* [andres.moya](andres.https://hosted.weblate.org/user/moya)
+* [alonso.torres](https://hosted.weblate.org/user/alonso.torres)
+* [andres.moya](https://hosted.weblate.org/user/andres.moya)
 * [antoniofsm](https://hosted.weblate.org/user/antoniofsm)
 * [ascarida](https://hosted.weblate.org/user/ascarida)
 * [Bechii](https://hosted.weblate.org/user/Bechii)
 * [Beeby](https://hosted.weblate.org/user/Beeby)
-* [bingling-sama](bingling-https://hosted.weblate.org/user/sama)
+* [bingling-sama](https://hosted.weblate.org/user/bingling-sama)
 * [devadarta](https://hosted.weblate.org/user/devadarta)
 * [diacritica](https://hosted.weblate.org/user/diacritica)
-* [dundzys.vincas](dundzys.https://hosted.weblate.org/user/vincas)
+* [dundzys.vincas](https://hosted.weblate.org/user/dundzys.vincas)
 * [Eranot](https://hosted.weblate.org/user/Eranot)
 * [erral](https://hosted.weblate.org/user/erral)
 * [ersen](https://hosted.weblate.org/user/ersen)

backend/build.clj

@@ -16,16 +16,11 @@
    {:src-dirs ["src" "resources"]
     :target-dir class-dir})
 
-  (b/compile-clj
-   {:basis basis
-    :src-dirs ["src"]
-    :class-dir class-dir})
-
   (b/uber
    {:class-dir class-dir
     :uber-file jar-file
     :main 'clojure.main
-    :exclude [#"goog.*" #"^javasist.*"]
+    :exclude [#".*Log4j2Plugins\.dat$"]
     :basis basis}))
 
 (defn compile [_]

backend/deps.edn

@@ -1,13 +1,12 @@
-{:deps
+{:mvn/repos
+ {"sonatype" {:url "https://oss.sonatype.org/content/repositories/snapshots/"}}
+
+ :deps
  {penpot/common {:local/root "../common"}
   org.clojure/clojure {:mvn/version "1.11.1"}
-  org.clojure/core.async {:mvn/version "1.5.648"}
+  org.clojure/core.async {:mvn/version "1.6.673"}
 
-  ;; Logging
-  org.zeromq/jeromq {:mvn/version "0.5.2"}
-
-  com.github.luben/zstd-jni {:mvn/version "1.5.2-4"}
-  org.clojure/data.fressian {:mvn/version "1.0.0"}
+  com.github.luben/zstd-jni {:mvn/version "1.5.2-5"}
 
   io.prometheus/simpleclient {:mvn/version "0.16.0"}
   io.prometheus/simpleclient_hotspot {:mvn/version "0.16.0"}
@@ -18,18 +17,20 @@
 
   io.prometheus/simpleclient_httpserver {:mvn/version "0.16.0"}
 
-  io.lettuce/lettuce-core {:mvn/version "6.2.1.RELEASE"}
+  io.lettuce/lettuce-core {:mvn/version "6.2.2.RELEASE"}
   java-http-clj/java-http-clj {:mvn/version "0.4.3"}
 
   funcool/yetti
-  {:git/tag "v9.11"
-   :git/sha "6f9197a"
+  {:git/tag "v9.15"
+   :git/sha "aa9b967"
    :git/url "https://github.com/funcool/yetti.git"
    :exclusions [org.slf4j/slf4j-api]}
 
-  com.github.seancorfield/next.jdbc {:mvn/version "1.3.834"}
+  com.github.seancorfield/next.jdbc {:mvn/version "1.3.847"}
   metosin/reitit-core {:mvn/version "0.5.18"}
-  org.postgresql/postgresql {:mvn/version "42.5.0"}
+
+  org.postgresql/postgresql {:mvn/version "42.6.0"}
+
   com.zaxxer/HikariCP {:mvn/version "5.0.1"}
 
   io.whitfin/siphash {:mvn/version "2.0.0"}
@@ -37,9 +38,9 @@
   buddy/buddy-hashers {:mvn/version "1.8.158"}
   buddy/buddy-sign {:mvn/version "3.4.333"}
 
-  com.github.ben-manes.caffeine/caffeine {:mvn/version "3.1.1"}
+  com.github.ben-manes.caffeine/caffeine {:mvn/version "3.1.5"}
 
-  org.jsoup/jsoup {:mvn/version "1.15.1"}
+  org.jsoup/jsoup {:mvn/version "1.15.3"}
   org.im4java/im4java
   {:git/tag "1.4.0-penpot-2"
    :git/sha "e2b3e16"
@@ -51,11 +52,12 @@
   integrant/integrant {:mvn/version "0.8.0"}
 
   dawran6/emoji {:mvn/version "0.1.5"}
-  markdown-clj/markdown-clj {:mvn/version "1.11.3"}
+  markdown-clj/markdown-clj {:mvn/version "1.11.4"}
 
   ;; Pretty Print specs
   pretty-spec/pretty-spec {:mvn/version "0.1.4"}
-  software.amazon.awssdk/s3 {:mvn/version "2.17.278"}}
+  software.amazon.awssdk/s3 {:mvn/version "2.19.29"}
+  }
 
  :paths ["src" "resources" "target/classes"]
  :aliases
@@ -70,7 +72,8 @@
    :extra-paths ["test" "dev"]}
 
   :build
-  {:extra-deps {io.github.clojure/tools.build {:git/tag "v0.8.3" :git/sha "0d20256"}}
+  {:extra-deps
+   {io.github.clojure/tools.build {:git/tag "v0.9.3" :git/sha "e537cd1"}}
    :ns-default build}
 
   :test

backend/dev/user.clj

@@ -8,10 +8,15 @@
   (:require
    [app.common.data :as d]
    [app.common.exceptions :as ex]
+   [app.common.fressian :as fres]
    [app.common.geom.matrix :as gmt]
    [app.common.logging :as l]
    [app.common.perf :as perf]
    [app.common.pprint :as pp]
+   [app.common.schema :as sm]
+   [app.common.schema.desc-js-like :as smdj]
+   [app.common.schema.desc-native :as smdn]
+   [app.common.schema.generators :as sg]
    [app.common.spec :as us]
    [app.common.transit :as t]
    [app.common.uuid :as uuid]
@@ -20,7 +25,6 @@
    [app.srepl.helpers]
    [app.srepl.main :as srepl]
    [app.util.blob :as blob]
-   [app.util.fressian :as fres]
    [app.util.json :as json]
    [app.util.time :as dt]
    [clj-async-profiler.core :as prof]
@@ -31,13 +35,20 @@
    [clojure.spec.alpha :as s]
    [clojure.stacktrace :as trace]
    [clojure.test :as test]
-   [clojure.test.check.generators :as gen]
+   [clojure.test.check.generators :as tgen]
    [clojure.tools.namespace.repl :as repl]
    [clojure.walk :refer [macroexpand-all]]
    [criterium.core  :as crit]
    [cuerdas.core :as str]
    [datoteka.core]
-   [integrant.core :as ig]))
+   [integrant.core :as ig]
+   [malli.core :as m]
+   [malli.dev.pretty :as mdp]
+   [malli.error :as me]
+   [malli.generator :as mg]
+   [malli.registry :as mr]
+   [malli.transform :as mt]
+   [malli.util :as mu]))
 
 (repl/disable-reload! (find-ns 'integrant.core))
 (set! *warn-on-reflection* true)
@@ -130,3 +141,39 @@
     (add-tap #(locking debug-tap
                 (prn "tap debug:" %)))
     1))
+
+
+(sm/def! ::test
+  [:map {:title "Foo"}
+   [:x :int]
+   [:y {:min 0} :double]
+   [:bar
+    [:map {:title "Bar"}
+     [:z :string]
+     [:v ::sm/uuid]]]
+   [:items
+    [:vector ::dt/instant]]])
+
+(sm/def! ::test2
+  [:multi {:title "Foo" :dispatch :type}
+   [:x
+    [:map {:title "FooX"}
+     [:type [:= :x]]
+     [:x :int]]]
+   [:y
+    [:map
+     [:type [:= :x]]
+     [:y [::sm/one-of #{:a :b :c}]]]]
+   [:z
+    [:map {:title "FooZ"}
+     [:z
+      [:multi {:title "Bar" :dispatch :type}
+       [:a
+        [:map
+         [:type [:= :a]]
+         [:a :int]]]
+       [:b
+        [:map
+         [:type [:= :b]]
+         [:b :int]]]]]]]])
+

backend/resources/app/email/change-email/en.html

@@ -103,9 +103,9 @@
             <td style="direction:ltr;font-size:0px;padding:0;text-align:center;">
               <!--[if mso | IE]>
                   <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
         <tr>
-      
+
             <td
                class="" style="vertical-align:top;width:600px;"
             >
@@ -129,9 +129,9 @@
               </div>
               <!--[if mso | IE]>
             </td>
-          
+
         </tr>
-      
+
                   </table>
                 <![endif]-->
             </td>
@@ -143,7 +143,7 @@
           </td>
         </tr>
       </table>
-      
+
       <table
          align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
       >
@@ -157,9 +157,9 @@
             <td style="direction:ltr;font-size:0px;padding:20px 0;text-align:center;">
               <!--[if mso | IE]>
                   <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
         <tr>
-      
+
             <td
                class="" style="vertical-align:top;width:600px;"
             >
@@ -211,9 +211,9 @@
               </div>
               <!--[if mso | IE]>
             </td>
-          
+
         </tr>
-      
+
                   </table>
                 <![endif]-->
             </td>
@@ -225,7 +225,7 @@
           </td>
         </tr>
       </table>
-      
+
       <table
          align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
       >
@@ -239,9 +239,9 @@
             <td style="direction:ltr;font-size:0px;padding:24px 0 0 0;text-align:center;">
               <!--[if mso | IE]>
                   <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
         <tr>
-      
+
             <td
                class="" style="vertical-align:top;width:425px;"
             >
@@ -257,9 +257,9 @@
               </div>
               <!--[if mso | IE]>
             </td>
-          
+
         </tr>
-      
+
                   </table>
                 <![endif]-->
             </td>
@@ -271,7 +271,7 @@
           </td>
         </tr>
       </table>
-      
+
       <table
          align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
       >
@@ -285,9 +285,9 @@
             <td style="direction:ltr;font-size:0px;padding:0;text-align:center;">
               <!--[if mso | IE]>
                   <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
         <tr>
-      
+
             <td
                class="" style="vertical-align:top;width:600px;"
             >
@@ -301,7 +301,7 @@
          align="center" border="0" cellpadding="0" cellspacing="0" role="presentation"
       >
         <tr>
-      
+
               <td>
             <![endif]-->
                       <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -321,7 +321,7 @@
                       </table>
                       <!--[if mso | IE]>
               </td>
-            
+
               <td>
             <![endif]-->
                       <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -341,7 +341,7 @@
                       </table>
                       <!--[if mso | IE]>
               </td>
-            
+
               <td>
             <![endif]-->
                       <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -361,7 +361,7 @@
                       </table>
                       <!--[if mso | IE]>
               </td>
-            
+
               <td>
             <![endif]-->
                       <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -370,7 +370,7 @@
                             <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="border-radius:3px;width:24px;">
                               <tr>
                                 <td style="font-size:0;height:24px;vertical-align:middle;width:24px;">
-                                  <a href="https://instagram.com/penpotapp/" target="_blank">
+                                  <a href="https://www.instagram.com/penpot.app/" target="_blank">
                                     <img height="24" src="{{ public-uri }}/images/email/logo-instagram.png" style="border-radius:3px;display:block;" width="24" />
                                   </a>
                                 </td>
@@ -381,7 +381,7 @@
                       </table>
                       <!--[if mso | IE]>
               </td>
-            
+
               <td>
             <![endif]-->
                       <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -390,7 +390,7 @@
                             <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="border-radius:3px;width:24px;">
                               <tr>
                                 <td style="font-size:0;height:24px;vertical-align:middle;width:24px;">
-                                  <a href="https://tree.taiga.io/project/uxbox" target="_blank">
+                                  <a href="https://tree.taiga.io/project/penpot" target="_blank">
                                     <img height="24" src="{{ public-uri }}/images/email/logo-taiga.png" style="border-radius:3px;display:block;" width="24" />
                                   </a>
                                 </td>
@@ -401,7 +401,7 @@
                       </table>
                       <!--[if mso | IE]>
               </td>
-            
+
           </tr>
         </table>
       <![endif]-->
@@ -411,9 +411,9 @@
               </div>
               <!--[if mso | IE]>
             </td>
-          
+
         </tr>
-      
+
                   </table>
                 <![endif]-->
             </td>
@@ -425,7 +425,7 @@
           </td>
         </tr>
       </table>
-      
+
       <table
          align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
       >
@@ -439,9 +439,9 @@
             <td style="direction:ltr;font-size:0px;padding:0 0 24px 0;text-align:center;">
               <!--[if mso | IE]>
                   <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
         <tr>
-      
+
             <td
                class="" style="vertical-align:top;width:600px;"
             >
@@ -457,9 +457,9 @@
               </div>
               <!--[if mso | IE]>
             </td>
-          
+
         </tr>
-      
+
                   </table>
                 <![endif]-->
             </td>

backend/resources/app/email/invite-to-team/en.html

@@ -103,9 +103,9 @@
             <td style="direction:ltr;font-size:0px;padding:0;text-align:center;">
               <!--[if mso | IE]>
                   <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
         <tr>
-      
+
             <td
                class="" style="vertical-align:top;width:600px;"
             >
@@ -129,9 +129,9 @@
               </div>
               <!--[if mso | IE]>
             </td>
-          
+
         </tr>
-      
+
                   </table>
                 <![endif]-->
             </td>
@@ -143,7 +143,7 @@
           </td>
         </tr>
       </table>
-      
+
       <table
          align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
       >
@@ -157,9 +157,9 @@
             <td style="direction:ltr;font-size:0px;padding:20px 0;text-align:center;">
               <!--[if mso | IE]>
                   <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
         <tr>
-      
+
             <td
                class="" style="vertical-align:top;width:600px;"
             >
@@ -201,9 +201,9 @@
               </div>
               <!--[if mso | IE]>
             </td>
-          
+
         </tr>
-      
+
                   </table>
                 <![endif]-->
             </td>
@@ -215,7 +215,7 @@
           </td>
         </tr>
       </table>
-      
+
       <table
          align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
       >
@@ -229,9 +229,9 @@
             <td style="direction:ltr;font-size:0px;padding:24px 0 0 0;text-align:center;">
               <!--[if mso | IE]>
                   <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
         <tr>
-      
+
             <td
                class="" style="vertical-align:top;width:425px;"
             >
@@ -247,9 +247,9 @@
               </div>
               <!--[if mso | IE]>
             </td>
-          
+
         </tr>
-      
+
                   </table>
                 <![endif]-->
             </td>
@@ -261,7 +261,7 @@
           </td>
         </tr>
       </table>
-      
+
       <table
          align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
       >
@@ -275,9 +275,9 @@
             <td style="direction:ltr;font-size:0px;padding:0;text-align:center;">
               <!--[if mso | IE]>
                   <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
         <tr>
-      
+
             <td
                class="" style="vertical-align:top;width:600px;"
             >
@@ -291,7 +291,7 @@
          align="center" border="0" cellpadding="0" cellspacing="0" role="presentation"
       >
         <tr>
-      
+
               <td>
             <![endif]-->
                       <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -311,7 +311,7 @@
                       </table>
                       <!--[if mso | IE]>
               </td>
-            
+
               <td>
             <![endif]-->
                       <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -331,7 +331,7 @@
                       </table>
                       <!--[if mso | IE]>
               </td>
-            
+
               <td>
             <![endif]-->
                       <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -351,7 +351,7 @@
                       </table>
                       <!--[if mso | IE]>
               </td>
-            
+
               <td>
             <![endif]-->
                       <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -360,7 +360,7 @@
                             <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="border-radius:3px;width:24px;">
                               <tr>
                                 <td style="font-size:0;height:24px;vertical-align:middle;width:24px;">
-                                  <a href="https://instagram.com/penpotapp/" target="_blank">
+                                  <a href="https://www.instagram.com/penpot.app/" target="_blank">
                                     <img height="24" src="{{ public-uri }}/images/email/logo-instagram.png" style="border-radius:3px;display:block;" width="24" />
                                   </a>
                                 </td>
@@ -371,7 +371,7 @@
                       </table>
                       <!--[if mso | IE]>
               </td>
-            
+
               <td>
             <![endif]-->
                       <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -380,7 +380,7 @@
                             <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="border-radius:3px;width:24px;">
                               <tr>
                                 <td style="font-size:0;height:24px;vertical-align:middle;width:24px;">
-                                  <a href="https://tree.taiga.io/project/uxbox" target="_blank">
+                                  <a href="https://tree.taiga.io/project/penpot" target="_blank">
                                     <img height="24" src="{{ public-uri }}/images/email/logo-taiga.png" style="border-radius:3px;display:block;" width="24" />
                                   </a>
                                 </td>
@@ -391,7 +391,7 @@
                       </table>
                       <!--[if mso | IE]>
               </td>
-            
+
           </tr>
         </table>
       <![endif]-->
@@ -401,9 +401,9 @@
               </div>
               <!--[if mso | IE]>
             </td>
-          
+
         </tr>
-      
+
                   </table>
                 <![endif]-->
             </td>
@@ -415,7 +415,7 @@
           </td>
         </tr>
       </table>
-      
+
       <table
          align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
       >
@@ -429,9 +429,9 @@
             <td style="direction:ltr;font-size:0px;padding:0 0 24px 0;text-align:center;">
               <!--[if mso | IE]>
                   <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
         <tr>
-      
+
             <td
                class="" style="vertical-align:top;width:600px;"
             >
@@ -447,9 +447,9 @@
               </div>
               <!--[if mso | IE]>
             </td>
-          
+
         </tr>
-      
+
                   </table>
                 <![endif]-->
             </td>

backend/resources/app/email/password-recovery/en.html

@@ -103,9 +103,9 @@
             <td style="direction:ltr;font-size:0px;padding:0;text-align:center;">
               <!--[if mso | IE]>
                   <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
         <tr>
-      
+
             <td
                class="" style="vertical-align:top;width:600px;"
             >
@@ -129,9 +129,9 @@
               </div>
               <!--[if mso | IE]>
             </td>
-          
+
         </tr>
-      
+
                   </table>
                 <![endif]-->
             </td>
@@ -143,7 +143,7 @@
           </td>
         </tr>
       </table>
-      
+
       <table
          align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
       >
@@ -157,9 +157,9 @@
             <td style="direction:ltr;font-size:0px;padding:20px 0;text-align:center;">
               <!--[if mso | IE]>
                   <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
         <tr>
-      
+
             <td
                class="" style="vertical-align:top;width:600px;"
             >
@@ -206,9 +206,9 @@
               </div>
               <!--[if mso | IE]>
             </td>
-          
+
         </tr>
-      
+
                   </table>
                 <![endif]-->
             </td>
@@ -220,7 +220,7 @@
           </td>
         </tr>
       </table>
-      
+
       <table
          align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
       >
@@ -234,9 +234,9 @@
             <td style="direction:ltr;font-size:0px;padding:24px 0 0 0;text-align:center;">
               <!--[if mso | IE]>
                   <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
         <tr>
-      
+
             <td
                class="" style="vertical-align:top;width:425px;"
             >
@@ -252,9 +252,9 @@
               </div>
               <!--[if mso | IE]>
             </td>
-          
+
         </tr>
-      
+
                   </table>
                 <![endif]-->
             </td>
@@ -266,7 +266,7 @@
           </td>
         </tr>
       </table>
-      
+
       <table
          align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
       >
@@ -280,9 +280,9 @@
             <td style="direction:ltr;font-size:0px;padding:0;text-align:center;">
               <!--[if mso | IE]>
                   <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
         <tr>
-      
+
             <td
                class="" style="vertical-align:top;width:600px;"
             >
@@ -296,7 +296,7 @@
          align="center" border="0" cellpadding="0" cellspacing="0" role="presentation"
       >
         <tr>
-      
+
               <td>
             <![endif]-->
                       <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -316,7 +316,7 @@
                       </table>
                       <!--[if mso | IE]>
               </td>
-            
+
               <td>
             <![endif]-->
                       <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -336,7 +336,7 @@
                       </table>
                       <!--[if mso | IE]>
               </td>
-            
+
               <td>
             <![endif]-->
                       <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -356,7 +356,7 @@
                       </table>
                       <!--[if mso | IE]>
               </td>
-            
+
               <td>
             <![endif]-->
                       <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -365,7 +365,7 @@
                             <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="border-radius:3px;width:24px;">
                               <tr>
                                 <td style="font-size:0;height:24px;vertical-align:middle;width:24px;">
-                                  <a href="https://instagram.com/penpotapp/" target="_blank">
+                                  <a href="https://www.instagram.com/penpot.app/" target="_blank">
                                     <img height="24" src="{{ public-uri }}/images/email/logo-instagram.png" style="border-radius:3px;display:block;" width="24" />
                                   </a>
                                 </td>
@@ -376,7 +376,7 @@
                       </table>
                       <!--[if mso | IE]>
               </td>
-            
+
               <td>
             <![endif]-->
                       <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -385,7 +385,7 @@
                             <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="border-radius:3px;width:24px;">
                               <tr>
                                 <td style="font-size:0;height:24px;vertical-align:middle;width:24px;">
-                                  <a href="https://tree.taiga.io/project/uxbox" target="_blank">
+                                  <a href="https://tree.taiga.io/project/penpot" target="_blank">
                                     <img height="24" src="{{ public-uri }}/images/email/logo-taiga.png" style="border-radius:3px;display:block;" width="24" />
                                   </a>
                                 </td>
@@ -396,7 +396,7 @@
                       </table>
                       <!--[if mso | IE]>
               </td>
-            
+
           </tr>
         </table>
       <![endif]-->
@@ -406,9 +406,9 @@
               </div>
               <!--[if mso | IE]>
             </td>
-          
+
         </tr>
-      
+
                   </table>
                 <![endif]-->
             </td>
@@ -420,7 +420,7 @@
           </td>
         </tr>
       </table>
-      
+
       <table
          align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
       >
@@ -434,9 +434,9 @@
             <td style="direction:ltr;font-size:0px;padding:0 0 24px 0;text-align:center;">
               <!--[if mso | IE]>
                   <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
         <tr>
-      
+
             <td
                class="" style="vertical-align:top;width:600px;"
             >
@@ -452,9 +452,9 @@
               </div>
               <!--[if mso | IE]>
             </td>
-          
+
         </tr>
-      
+
                   </table>
                 <![endif]-->
             </td>

backend/resources/app/email/register/en.html

@@ -103,9 +103,9 @@
             <td style="direction:ltr;font-size:0px;padding:0;text-align:center;">
               <!--[if mso | IE]>
                   <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
         <tr>
-      
+
             <td
                class="" style="vertical-align:top;width:600px;"
             >
@@ -129,9 +129,9 @@
               </div>
               <!--[if mso | IE]>
             </td>
-          
+
         </tr>
-      
+
                   </table>
                 <![endif]-->
             </td>
@@ -143,7 +143,7 @@
           </td>
         </tr>
       </table>
-      
+
       <table
          align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
       >
@@ -157,9 +157,9 @@
             <td style="direction:ltr;font-size:0px;padding:20px 0;text-align:center;">
               <!--[if mso | IE]>
                   <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
         <tr>
-      
+
             <td
                class="" style="vertical-align:top;width:600px;"
             >
@@ -201,9 +201,9 @@
               </div>
               <!--[if mso | IE]>
             </td>
-          
+
         </tr>
-      
+
                   </table>
                 <![endif]-->
             </td>
@@ -215,7 +215,7 @@
           </td>
         </tr>
       </table>
-      
+
       <table
          align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
       >
@@ -229,9 +229,9 @@
             <td style="direction:ltr;font-size:0px;padding:24px 0 0 0;text-align:center;">
               <!--[if mso | IE]>
                   <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
         <tr>
-      
+
             <td
                class="" style="vertical-align:top;width:425px;"
             >
@@ -247,9 +247,9 @@
               </div>
               <!--[if mso | IE]>
             </td>
-          
+
         </tr>
-      
+
                   </table>
                 <![endif]-->
             </td>
@@ -261,7 +261,7 @@
           </td>
         </tr>
       </table>
-      
+
       <table
          align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
       >
@@ -275,9 +275,9 @@
             <td style="direction:ltr;font-size:0px;padding:0;text-align:center;">
               <!--[if mso | IE]>
                   <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
         <tr>
-      
+
             <td
                class="" style="vertical-align:top;width:600px;"
             >
@@ -291,7 +291,7 @@
          align="center" border="0" cellpadding="0" cellspacing="0" role="presentation"
       >
         <tr>
-      
+
               <td>
             <![endif]-->
                       <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -311,7 +311,7 @@
                       </table>
                       <!--[if mso | IE]>
               </td>
-            
+
               <td>
             <![endif]-->
                       <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -331,7 +331,7 @@
                       </table>
                       <!--[if mso | IE]>
               </td>
-            
+
               <td>
             <![endif]-->
                       <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -351,7 +351,7 @@
                       </table>
                       <!--[if mso | IE]>
               </td>
-            
+
               <td>
             <![endif]-->
                       <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -360,7 +360,7 @@
                             <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="border-radius:3px;width:24px;">
                               <tr>
                                 <td style="font-size:0;height:24px;vertical-align:middle;width:24px;">
-                                  <a href="https://instagram.com/penpotapp/" target="_blank">
+                                  <a href="https://www.instagram.com/penpot.app/" target="_blank">
                                     <img height="24" src="{{ public-uri }}/images/email/logo-instagram.png" style="border-radius:3px;display:block;" width="24" />
                                   </a>
                                 </td>
@@ -371,7 +371,7 @@
                       </table>
                       <!--[if mso | IE]>
               </td>
-            
+
               <td>
             <![endif]-->
                       <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="float:none;display:inline-table;">
@@ -380,7 +380,7 @@
                             <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="border-radius:3px;width:24px;">
                               <tr>
                                 <td style="font-size:0;height:24px;vertical-align:middle;width:24px;">
-                                  <a href="https://tree.taiga.io/project/uxbox" target="_blank">
+                                  <a href="https://tree.taiga.io/project/penpot" target="_blank">
                                     <img height="24" src="{{ public-uri }}/images/email/logo-taiga.png" style="border-radius:3px;display:block;" width="24" />
                                   </a>
                                 </td>
@@ -391,7 +391,7 @@
                       </table>
                       <!--[if mso | IE]>
               </td>
-            
+
           </tr>
         </table>
       <![endif]-->
@@ -401,9 +401,9 @@
               </div>
               <!--[if mso | IE]>
             </td>
-          
+
         </tr>
-      
+
                   </table>
                 <![endif]-->
             </td>
@@ -415,7 +415,7 @@
           </td>
         </tr>
       </table>
-      
+
       <table
          align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600"
       >
@@ -429,9 +429,9 @@
             <td style="direction:ltr;font-size:0px;padding:0 0 24px 0;text-align:center;">
               <!--[if mso | IE]>
                   <table role="presentation" border="0" cellpadding="0" cellspacing="0">
-                
+
         <tr>
-      
+
             <td
                class="" style="vertical-align:top;width:600px;"
             >
@@ -447,9 +447,9 @@
               </div>
               <!--[if mso | IE]>
             </td>
-          
+
         </tr>
-      
+
                   </table>
                 <![endif]-->
             </td>

backend/resources/app/emails-mjml/change-email/en.mjml

@@ -1,66 +0,0 @@
-<mjml>
-
-  <mj-head>
-    <mj-font name="Source Sans Pro" href="https://fonts.googleapis.com/css?family=Source%20Sans%20Pro" />
-    <mj-attributes>
-      <mj-text font-family="Source Sans Pro, sans-serif" font-size="16px" color="#000000" line-height="150%" />
-      <mj-button background-color="#31EFB8" color="#1F1F1F" font-family="Source Sans Pro, sans-serif" font-size="16px" />
-    </mj-attributes>
-  </mj-head>
-
-  <mj-body background-color="#E5E5E5">
-
-    <mj-section padding="0">
-      <mj-column>
-        <mj-image src="{{ public-uri }}/images/email/uxbox-title.png"
-                  width="97px" height="32px" align="left" padding="16px" />
-      </mj-column>
-    </mj-section>
-
-    <mj-section background-color="#FFFFFF">
-      <mj-column>
-        <mj-text font-size="24px" font-weight="600">Hello {{name}}!</mj-text>
-        <mj-text>We received a request to change your current email to {{ pending-email }}.</mj-text>
-        <mj-text>Click to the link below to confirm the change:</mj-text>
-        <mj-button href="{{ public-uri }}/#/auth/verify-token?token={{token}}">
-          Confirm email change
-        </mj-button>
-        <mj-text>
-          If you received this email by mistake, please consider changing your password
-          for security reasons.
-        </mj-text>
-        <mj-text>Enjoy!</mj-text>
-        <mj-text>The Penpot team.</mj-text>
-      </mj-column>
-    </mj-section>
-
-    <mj-section padding="24px 0 0 0">
-      <mj-column width="425px">
-        <mj-text align="center" font-size="14px" color="#64666A">
-          Penpot is the first Open Source design and prototyping platform meant for cross-domain teams.
-        </mj-text>
-      </mj-column>
-    </mj-section>
-
-    <mj-section padding="0">
-      <mj-column>
-        <mj-social icon-size="24px" mode="horizontal">
-          <mj-social-element src="{{ public-uri }}/images/email/logo-uxbox.png" href="https://penpot.app/" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-twitter.png" href="https://twitter.com/penpotapp" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-github.png" href="https://github.com/penpot/" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-instagram.png" href="https://instagram.com/penpotapp/" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-taiga.png" href="https://tree.taiga.io/project/uxbox" padding="0 8px" />
-        </mj-social>
-      </mj-column>
-    </mj-section>
-
-    <mj-section padding="0 0 24px 0">
-      <mj-column>
-        <mj-text align="center" font-size="14px" color="#64666A" line-height="150%">
-          Penpot © 2020 | Made with &lt;3 and Open Source
-        </mj-text>
-      </mj-column>
-    </mj-section>
-
-  </mg-body>
-</mjml>

backend/resources/app/emails-mjml/invite-to-team/en.mjml

@@ -1,59 +0,0 @@
-<mjml>
-  <mj-head>
-    <mj-font name="Source Sans Pro" href="https://fonts.googleapis.com/css?family=Source%20Sans%20Pro" />
-    <mj-attributes>
-      <mj-text font-family="Source Sans Pro, sans-serif" font-size="16px" color="#000000" line-height="150%" />
-      <mj-button background-color="#31EFB8" color="#1F1F1F" font-family="Source Sans Pro, sans-serif" font-size="16px" />
-    </mj-attributes>
-  </mj-head>
-  <mj-body background-color="#E5E5E5">
-    <mj-section padding="0">
-      <mj-column>
-        <mj-image src="{{ public-uri }}/images/email/uxbox-title.png"
-                  width="97px" height="32px" align="left" padding="16px" />
-      </mj-column>
-    </mj-section>
-    <mj-section background-color="#FFFFFF">
-      <mj-column>
-        <mj-text font-size="24px" font-weight="600">Hello!</mj-text>
-        <mj-text>
-          {{invited-by}} has invited you to join the team “{{ team }}”.
-        </mj-text>
-        <mj-button href="{{ public-uri }}/#/auth/verify-token?token={{token}}">
-          Accept invite
-        </mj-button>
-        <mj-text>Enjoy!</mj-text>
-        <mj-text>The Penpot team.</mj-text>
-      </mj-column>
-    </mj-section>
-
-    <mj-section padding="24px 0 0 0">
-      <mj-column width="425px">
-        <mj-text align="center" font-size="14px" color="#64666A">
-          Penpot is the first Open Source design and prototyping platform meant for cross-domain teams.
-        </mj-text>
-      </mj-column>
-    </mj-section>
-
-    <mj-section padding="0">
-      <mj-column>
-        <mj-social icon-size="24px" mode="horizontal">
-          <mj-social-element src="{{ public-uri }}/images/email/logo-uxbox.png" href="https://penpot.app/" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-twitter.png" href="https://twitter.com/penpotapp" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-github.png" href="https://github.com/penpot/" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-instagram.png" href="https://instagram.com/penpotapp/" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-taiga.png" href="https://tree.taiga.io/project/uxbox" padding="0 8px" />
-        </mj-social>
-      </mj-column>
-    </mj-section>
-
-    <mj-section padding="0 0 24px 0">
-      <mj-column>
-        <mj-text align="center" font-size="14px" color="#64666A" line-height="150%">
-          Penpot © 2020 | Made with &lt;3 and Open Source
-        </mj-text>
-      </mj-column>
-    </mj-section>
-
-  </mg-body>
-</mjml>

backend/resources/app/emails-mjml/password-recovery/en.mjml

@@ -1,68 +0,0 @@
-<mjml>
-
-  <mj-head>
-    <mj-font name="Source Sans Pro" href="https://fonts.googleapis.com/css?family=Source%20Sans%20Pro" />
-    <mj-attributes>
-      <mj-text font-family="Source Sans Pro, sans-serif" font-size="16px" color="#000000" line-height="150%" />
-      <mj-button background-color="#31EFB8" color="#1F1F1F" font-family="Source Sans Pro, sans-serif" font-size="16px" />
-    </mj-attributes>
-  </mj-head>
-
-  <mj-body background-color="#E5E5E5">
-
-    <mj-section padding="0">
-      <mj-column>
-        <mj-image src="{{ public-uri }}/images/email/uxbox-title.png"
-                  width="97px" height="32px" align="left" padding="16px" />
-      </mj-column>
-    </mj-section>
-
-    <mj-section background-color="#FFFFFF">
-      <mj-column>
-        <mj-text font-size="24px" font-weight="600">Hello {{name}}!</mj-text>
-        <mj-text>
-          We have received a request to reset your password. Click the link
-          below to choose a new one:
-        </mj-text>
-        <mj-button href="{{ public-uri }}/#/auth/recovery?token={{token}}">
-          Reset password
-        </mj-button>
-        <mj-text>
-          If you received this email by mistake, you can safely ignore
-          it. Your password won't be changed.
-        </mj-text>
-        <mj-text>Enjoy!</mj-text>
-        <mj-text>The Penpot team.</mj-text>
-      </mj-column>
-    </mj-section>
-
-    <mj-section padding="24px 0 0 0">
-      <mj-column width="425px">
-        <mj-text align="center" font-size="14px" color="#64666A">
-          Penpot is the first Open Source design and prototyping platform meant for cross-domain teams.
-        </mj-text>
-      </mj-column>
-    </mj-section>
-
-    <mj-section padding="0">
-      <mj-column>
-        <mj-social icon-size="24px" mode="horizontal">
-          <mj-social-element src="{{ public-uri }}/images/email/logo-uxbox.png" href="https://penpot.app/" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-twitter.png" href="https://twitter.com/penpotapp" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-github.png" href="https://github.com/penpot/" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-instagram.png" href="https://instagram.com/penpotapp/" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-taiga.png" href="https://tree.taiga.io/project/uxbox" padding="0 8px" />
-        </mj-social>
-      </mj-column>
-    </mj-section>
-
-    <mj-section padding="0 0 24px 0">
-      <mj-column>
-        <mj-text align="center" font-size="14px" color="#64666A" line-height="150%">
-          Penpot © 2020 | Made with &lt;3 and Open Source
-        </mj-text>
-      </mj-column>
-    </mj-section>
-
-  </mg-body>
-</mjml>

backend/resources/app/emails-mjml/register/en.mjml

@@ -1,65 +0,0 @@
-<mjml>
-
-  <mj-head>
-    <mj-font name="Source Sans Pro" href="https://fonts.googleapis.com/css?family=Source%20Sans%20Pro" />
-    <mj-attributes>
-      <mj-text font-family="Source Sans Pro, sans-serif" font-size="16px" color="#000000" line-height="150%" />
-      <mj-button background-color="#31EFB8" color="#1F1F1F" font-family="Source Sans Pro, sans-serif" font-size="16px" />
-    </mj-attributes>
-  </mj-head>
-
-  <mj-body background-color="#E5E5E5">
-
-    <mj-section padding="0">
-      <mj-column>
-        <mj-image src="{{ public-uri }}/images/email/uxbox-title.png"
-                  width="97px" height="32px" align="left" padding="16px" />
-      </mj-column>
-    </mj-section>
-
-    <mj-section background-color="#FFFFFF">
-      <mj-column>
-        <mj-text font-size="24px" font-weight="600">Hello {{name}}!</mj-text>
-        <mj-text>
-          Thanks for signing up for your Penpot account! Please verify your
-          email using the link below and get started building mockups and
-          prototypes today!
-        </mj-text>
-        <mj-button href="{{ public-uri }}/#/auth/verify-token?token={{token}}">
-          Verify email
-        </mj-button>
-        <mj-text>Enjoy!</mj-text>
-        <mj-text>The Penpot team.</mj-text>
-      </mj-column>
-    </mj-section>
-
-    <mj-section padding="24px 0 0 0">
-      <mj-column width="425px">
-        <mj-text align="center" font-size="14px" color="#64666A">
-          Penpot is the first Open Source design and prototyping platform meant for cross-domain teams.
-        </mj-text>
-      </mj-column>
-    </mj-section>
-
-    <mj-section padding="0">
-      <mj-column>
-        <mj-social icon-size="24px" mode="horizontal">
-          <mj-social-element src="{{ public-uri }}/images/email/logo-uxbox.png" href="https://penpot.app/" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-twitter.png" href="https://twitter.com/penpotapp" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-github.png" href="https://github.com/penpot/" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-instagram.png" href="https://instagram.com/penpotapp/" padding="0 8px" />
-          <mj-social-element src="{{ public-uri }}/images/email/logo-taiga.png" href="https://tree.taiga.io/project/uxbox" padding="0 8px" />
-        </mj-social>
-      </mj-column>
-    </mj-section>
-
-    <mj-section padding="0 0 24px 0">
-      <mj-column>
-        <mj-text align="center" font-size="14px" color="#64666A" line-height="150%">
-          Penpot © 2020 | Made with &lt;3 and Open Source
-        </mj-text>
-      </mj-column>
-    </mj-section>
-
-  </mg-body>
-</mjml>

backend/resources/app/onboarding.edn

@@ -1,4 +1,8 @@
-[{:id "tutorial-for-beginners"
+[{:id "material-design-3"
+  :name "Material Design 3"
+  :thumbnail-uri "https://penpot.app/images/libraries/cover-md3.jpg"
+  :file-uri "https://github.com/penpot/penpot-files/raw/main/Material%20Design%203.penpot"}
+ {:id "tutorial-for-beginners"
   :name "Tutorial for beginners"
   :thumbnail-uri "https://penpot.app/images/libraries/tutorial-for-beginners.jpg"
   :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/tutorial-for-beginners.penpot"}
@@ -29,8 +33,4 @@
  {:id "whiteboarding-kit"
   :name "Whiteboarding Kit"
   :thumbnail-uri "https://penpot.app/images/libraries/cover-whiteboards.jpg"
-  :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/Whiteboarding-mapping-kit.penpot"}
- {:id "material-design-baseline"
-  :name "Material Design (baseline)"
-  :thumbnail-uri "https://penpot.app/images/libraries/cover-material.jpg"
-  :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/Material-Design-Kit.penpot"}]
+  :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/Whiteboarding-mapping-kit.penpot"}]

backend/resources/app/templates/api-doc-entry.tmpl

@@ -1,26 +1,40 @@
 <li class="rpc-item">
   <div class="rpc-row-info">
-    {# <div class="type">{{item.type}}</div> #}
     <div class="module">{{item.module}}:</div>
     <div class="name">{{item.name}}</div>
     <div class="tags">
       {% if item.deprecated %}
         <span class="tag">
-          <span>Deprecated:</span>
-          <span>since v{{item.deprecated}}</span>,
+          <span>DEPRECATED</span>
+        </span>
+      {% endif %}
+
+      {% if item.auth %}
+        <span class="tag">
+          <span>AUTH</span>
+        </span>
+      {% endif %}
+
+      {% if item.webhook %}
+        <span class="tag">
+          <span>WEBHOOK</span>
+        </span>
+      {% endif %}
+      {% if item.params-schema-js %}
+        <span class="tag">
+          <span>SC</span>
+        </span>
+      {% else %}
+        <span class="tag">
+          <span>SP</span>
         </span>
       {% endif %}
-      <span class="tag">
-        <span>Auth:</span>
-        <span>{% if item.auth %}YES{% else %}NO{% endif %}</span>
-      </span>
     </div>
   </div>
   <div class="rpc-row-detail hidden">
-    <h3>DOCSTRING:</h3>
+    <h4>DOCSTRING:</h4>
 
     <section class="padded-section">
-
       {% if item.added %}
         <p class="small"><strong>Added:</strong> on v{{item.added}}</p>
       {% endif %}
@@ -29,13 +43,18 @@
         <p class="small"><strong>Deprecated:</strong> since v{{item.deprecated}}</p>
       {% endif %}
 
+      {% if item.entrypoint %}
+        <p class="small"><strong>URI:</strong> <a href="{{item.entrypoint}}">{{item.entrypoint}}</a></p>
+      {% endif %}
+
       {% if item.docs %}
         <p class="docstring"> {{item.docs}}</p>
       {% endif %}
+
     </section>
 
     {% if item.changes %}
-      <h3>CHANGES:</h3>
+      <h4>CHANGES:</h4>
       <section class="padded-section">
 
         <ul class="changes">
@@ -46,9 +65,55 @@
       </section>
     {% endif %}
 
-    <h3>SPEC EXPLAIN:</h3>
-    <section class="padded-section">
-      <pre class="spec-explain">{{item.spec}}</pre>
-    </section>
+    {% if item.spec %}
+      <h4>PARAMS (SPEC):</h4>
+      <section class="padded-section">
+        <pre class="spec-explain">{{item.spec}}</pre>
+      </section>
+    {% endif %}
+
+    {% if param-style = "js" %}
+      {% if item.params-schema-js %}
+        <h4>PARAMS:</h4>
+        <section class="padded-section">
+          <pre class="params-schema">{{item.params-schema-js}}</pre>
+        </section>
+      {% endif %}
+
+      {% if item.result-schema-js %}
+        <h4>RESPONSE:</h4>
+        <section class="padded-section">
+          <pre class="result">{{item.result-schema-js}}</pre>
+        </section>
+      {% endif %}
+
+      {% if item.webhook-schema-js %}
+        <h4>WEBHOOK PAYLOAD:</h4>
+        <section class="padded-section">
+          <pre class="webhook">{{item.webhook-schema-js}}</pre>
+        </section>
+      {% endif %}
+    {% else %}
+      {% if item.params-schema-clj %}
+        <h4>PARAMS:</h4>
+        <section class="padded-section">
+          <pre class="params-schema">{{item.params-schema-clj}}</pre>
+        </section>
+      {% endif %}
+
+      {% if item.result-schema-clj %}
+        <h4>RESPONSE:</h4>
+        <section class="padded-section">
+          <pre class="result">{{item.result-schema-clj}}</pre>
+        </section>
+      {% endif %}
+
+      {% if item.webhook-schema-clj %}
+        <h4>WEBHOOK PAYLOAD:</h4>
+        <section class="padded-section">
+          <pre class="webhook">{{item.webhook-schema-clj}}</pre>
+        </section>
+      {% endif %}
+    {% endif %}
   </div>
 </li>

backend/resources/app/templates/api-doc.css

@@ -27,12 +27,78 @@ main {
 header {
   border-bottom: 1px solid #c0c0c0;
   display: flex;
+  flex-direction: column;
+  align-items: center;
   justify-content: center;
   width: 100%;
 }
 
-.rpc-doc-content {
+header .menu {
+  display: flex;
+  align-items: center;
+  margin-top: 5px;
+  margin-bottom: 10px;
+}
+
+header .menu nav {
+  list-style: none;
+  padding: 0px;
+  margin: 0px;
+  display: flex;
+  width: 45px;
+  justify-content: space-between;
+}
+
+header .menu nav > a {
+  list-style: none;
+  padding: 0px;
+  margin: 0px;
+  cursor: pointer;
+}
+
+header .menu nav > a.selected {
+  font-weight: 600;
+}
+
+b {
+  font-weight: 500;
+}
+
+h2 {
+  margin-top: 30px;
+}
+
+h3 {
+  font-weight: 400;
+  font-size: 11px;
   margin-top: 20px;
+  text-decoration: underline;
+}
+
+h4 {
+  font-weight: 300;
+  font-size: 11px;
+}
+
+.doc-content {
+  margin-top: 20px;
+  width: 100%;
+  display: flex;
+  flex-direction: column;
+  /* border: 1px solid red; */
+  padding: 5px;
+}
+
+.doc-content p {
+  line-height: 22px;
+  margin-bottom: 0px;
+}
+
+.doc-content h3 {
+  margin-bottom: 0px;
+}
+
+.rpc-doc-content {
   width: 100%;
   display: flex;
   flex-direction: column;
@@ -65,7 +131,7 @@ header {
 .rpc-row-info {
   cursor: pointer;
   display: flex;
-  background-color: #eeeeee;
+  background-color: #e5e5e5;
   padding: 5px 10px;
 }
 
@@ -108,6 +174,8 @@ header {
 .rpc-row-detail {
   padding: 5px 10px;
   padding-bottom: 20px;
+  border-left: 2px solid #e5e5e5;
+  border-right: 2px solid #e5e5e5;
 }
 
 .rpc-row-detail p {
@@ -143,3 +211,7 @@ header {
 p.small strong {
   font-size: 10px;
 }
+
+p.small a {
+  font-size: 10px;
+}

backend/resources/app/templates/api-doc.tmpl

@@ -20,26 +20,70 @@
     <main>
       <header>
         <h1>Penpot API Documentation (v{{version}})</h1>
+        <small class="menu">
+          [
+          <nav>
+            <a href="?type=js" {% if param-style = "js" %}class="selected"{% endif %}>JS</a>
+            <a href="?type=clj" {% if param-style = "cljs" %}class="selected"{% endif %}>CLJ</a>
+          </nav>
+          ]
+        </small>
       </header>
+      <section class="doc-content">
+        <h2>INTRODUCTION</h2>
+        <p>This documentation is intended to be a general overview of the penpot RPC API.
+          If you prefer, you can use <a href="/api/openapi.json">OpenAPI</a>
+          and/or <a href="/api/openapi">SwaggerUI</a> as alternative.</p>
+
+        <h2>GENERAL NOTES</h2>
+
+        <h3>Authentication</h3>
+        <p>The penpot backend right now offerts two way for authenticate the request:
+        <b>cookies</b> (the same mechanism that we use ourselves on accessing the API from the
+        web application) and <b>access tokens</b>.</p>
+
+        <p>The cookie can be obtained using the <b>`login-with-password`</b> rpc method,
+        on successful login it sets the <b>`auth-token`</b> cookie with the session
+        token.</p>
+
+        <p>The access token can be obtained on the appropriate section on profile settings
+        and it should be provided using <b>`Authorization`</b> header with <b>`Token
+        &lt;token-string&gt;`</b> value.</p>
+
+        <h3>Content Negotiation</h3>
+        <p>The penpot API by default operates indistinctly with: <b>`application/json`</b>
+        and <b>`application/transit+json`</b> content types. You should specify the
+        desired content-type on the <b>`Accept`</b> header, the transit encoding is used
+        by default.</p>
+
+
+        <h3>Limits</h3>
+        <p>The rate limit work per user basis (this means that different api keys share
+        the same rate limit). For now the limits are not documented because we are
+        studying and analyzing the data. As a general rule, it should not be abused, if an
+        abusive use is detected, we will proceed to block the user's access to the
+        API.</p>
+
+        <h3>Webhooks</h3>
+        <p>All methods that emit webhook events are marked with flag <b>WEBHOOK</b>, the
+        data structure defined on each method represents the <i>payload</i> of the
+        event.</p>
+        <p>The webhook event structure has this aspect:</p>
+        <br/>
+
+        <pre>
+{
+  "id": "db601c95-045f-808b-8002-362f08fcb621",
+  "name": "rename-file",
+  "props": &lt;payload&gt;,
+  "profileId": "db601c95-045f-808b-8002-361312e63531"
+}
+        </pre>
+      </section>
       <section class="rpc-doc-content">
-
-        <h2>RPC COMMAND METHODS:</h2>
+        <h2>RPC METHODS REFERENCE:</h2>
         <ul class="rpc-items">
-          {% for item in command-methods %}
-            {% include "app/templates/api-doc-entry.tmpl" with item=item %}
-          {% endfor %}
-        </ul>
-
-        <h2>RPC QUERY METHODS:</h2>
-        <ul class="rpc-items">
-          {% for item in query-methods %}
-            {% include "app/templates/api-doc-entry.tmpl" with item=item %}
-          {% endfor %}
-        </ul>
-
-        <h2>RPC MUTATION METHODS:</h2>
-        <ul class="rpc-items">
-          {% for item in mutation-methods %}
+          {% for item in methods %}
             {% include "app/templates/api-doc-entry.tmpl" with item=item %}
           {% endfor %}
         </ul>

backend/resources/app/templates/error-report.v2.tmpl

@@ -0,0 +1,112 @@
+ {% extends "app/templates/base.tmpl" %}
+
+{% block title %}
+penpot - error report v2 {{id}}
+{% endblock %}
+
+{% block content %}
+<nav>
+  <div>[<a href="/dbg/error">⮜</a>]</div>
+  <div>[<a href="#message">message</a>]</div>
+  <div>[<a href="#props">props</a>]</div>
+  <div>[<a href="#context">context</a>]</div>
+  {% if params %}
+  <div>[<a href="#params">request params</a>]</div>
+  {% endif %}
+  {% if data %}
+  <div>[<a href="#edata">error data</a>]</div>
+  {% endif %}
+  {% if spec-explain %}
+  <div>[<a href="#spec-explain">spec explain</a>]</div>
+  {% endif %}
+  {% if spec-problems %}
+  <div>[<a href="#spec-problems">spec problems</a>]</div>
+  {% endif %}
+  {% if spec-value %}
+  <div>[<a href="#spec-value">spec value</a>]</div>
+  {% endif %}
+  {% if trace %}
+  <div>[<a href="#trace">error trace</a>]</div>
+  {% endif %}
+</nav>
+<main>
+  <div class="table">
+    <div class="table-row multiline">
+      <div id="message" class="table-key">MESSAGE: </div>
+
+      <div class="table-val">
+        <h1>{{hint}}</h1>
+      </div>
+    </div>
+
+    <div class="table-row multiline">
+      <div id="props" class="table-key">LOG PROPS: </div>
+      <div class="table-val">
+        <pre>{{props}}</pre>
+      </div>
+    </div>
+
+    <div class="table-row multiline">
+      <div id="context" class="table-key">CONTEXT: </div>
+
+      <div class="table-val">
+        <pre>{{context}}</pre>
+      </div>
+    </div>
+
+    {% if params %}
+    <div class="table-row multiline">
+      <div id="params" class="table-key">REQUEST PARAMS: </div>
+      <div class="table-val">
+        <pre>{{params}}</pre>
+      </div>
+    </div>
+    {% endif %}
+
+    {% if data %}
+    <div class="table-row multiline">
+      <div id="edata" class="table-key">ERROR DATA: </div>
+      <div class="table-val">
+        <pre>{{data}}</pre>
+      </div>
+    </div>
+    {% endif %}
+
+    {% if spec-explain %}
+    <div class="table-row multiline">
+      <div id="spec-explain" class="table-key">SPEC EXPLAIN: </div>
+      <div class="table-val">
+        <pre>{{spec-explain}}</pre>
+      </div>
+    </div>
+    {% endif %}
+
+    {% if spec-problems %}
+    <div class="table-row multiline">
+      <div id="spec-problems" class="table-key">SPEC PROBLEMS: </div>
+      <div class="table-val">
+        <pre>{{spec-problems}}</pre>
+      </div>
+    </div>
+    {% endif %}
+
+    {% if spec-value %}
+    <div class="table-row multiline">
+      <div id="spec-value" class="table-key">SPEC VALUE: </div>
+      <div class="table-val">
+        <pre>{{spec-value}}</pre>
+      </div>
+    </div>
+    {% endif %}
+
+    {% if trace %}
+    <div class="table-row multiline">
+      <div id="trace" class="table-key">TRACE:</div>
+      <div class="table-val">
+        <pre>{{trace}}</pre>
+      </div>
+    </div>
+    {% endif %}
+  </div>
+</main>
+{% endblock %}

backend/resources/app/templates/error-report.v3.tmpl

@@ -0,0 +1,100 @@
+ {% extends "app/templates/base.tmpl" %}
+
+{% block title %}
+penpot - error report v2 {{id}}
+{% endblock %}
+
+{% block content %}
+<nav>
+  <div>[<a href="/dbg/error">⮜</a>]</div>
+  <div>[<a href="#message">message</a>]</div>
+  <div>[<a href="#props">props</a>]</div>
+  <div>[<a href="#context">context</a>]</div>
+  {% if params %}
+  <div>[<a href="#params">params</a>]</div>
+  {% endif %}
+  {% if data %}
+  <div>[<a href="#edata">data</a>]</div>
+  {% endif %}
+  {% if explain %}
+  <div>[<a href="#explain">explain</a>]</div>
+  {% endif %}
+  {% if value %}
+  <div>[<a href="#value">value</a>]</div>
+  {% endif %}
+  {% if trace %}
+  <div>[<a href="#trace">trace</a>]</div>
+  {% endif %}
+</nav>
+<main>
+  <div class="table">
+    <div class="table-row multiline">
+      <div id="message" class="table-key">MESSAGE: </div>
+
+      <div class="table-val">
+        <h1>{{hint}}</h1>
+      </div>
+    </div>
+
+    <div class="table-row multiline">
+      <div id="props" class="table-key">LOG PROPS: </div>
+      <div class="table-val">
+        <pre>{{props}}</pre>
+      </div>
+    </div>
+
+    <div class="table-row multiline">
+      <div id="context" class="table-key">CONTEXT: </div>
+
+      <div class="table-val">
+        <pre>{{context}}</pre>
+      </div>
+    </div>
+
+    {% if params %}
+    <div class="table-row multiline">
+      <div id="params" class="table-key">PARAMS: </div>
+      <div class="table-val">
+        <pre>{{params}}</pre>
+      </div>
+    </div>
+    {% endif %}
+
+    {% if data %}
+    <div class="table-row multiline">
+      <div id="edata" class="table-key">DATA: </div>
+      <div class="table-val">
+        <pre>{{data}}</pre>
+      </div>
+    </div>
+    {% endif %}
+
+    {% if value %}
+    <div class="table-row multiline">
+      <div id="value" class="table-key">VALIDATION VALUE: </div>
+      <div class="table-val">
+        <pre>{{value}}</pre>
+      </div>
+    </div>
+    {% endif %}
+
+    {% if explain %}
+    <div class="table-row multiline">
+      <div id="explain" class="table-key">EXPLAIN: </div>
+      <div class="table-val">
+        <pre>{{explain}}</pre>
+      </div>
+    </div>
+    {% endif %}
+
+    {% if trace %}
+    <div class="table-row multiline">
+      <div id="trace" class="table-key">TRACE:</div>
+      <div class="table-val">
+        <pre>{{trace}}</pre>
+      </div>
+    </div>
+    {% endif %}
+  </div>
+</main>
+{% endblock %}

backend/resources/app/templates/openapi.tmpl

@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <meta
+    name="description"
+    content="SwaggerUI"
+  />
+  <title>PENPOT Swagger UI</title>
+  <style>{{swagger-css|safe}}</style>
+</head>
+<body>
+<div id="swagger-ui"></div>
+<script>{{swagger-js|safe}}</script>
+<script>
+  window.onload = () => {
+    window.ui = SwaggerUIBundle({
+      url: '{{public-uri}}/api/openapi.json',
+      dom_id: '#swagger-ui',      
+      presets: [
+        SwaggerUIBundle.presets.apis,
+      ],
+    });
+  };
+</script>
+</body>
+</html>

backend/resources/app/templates/styles.css

@@ -23,6 +23,10 @@ input[type=text], input[type=submit] {
   padding: 3px;
 }
 
+pre {
+  white-space: pre-wrap;
+}
+
 main {
   margin: 20px;
 }

backend/resources/climit.edn

@@ -1,9 +1,14 @@
 ;; Example climit.edn file
-;; Required: concurrency
-;; Optional: queue-size, ommited means Integer/MAX_VALUE
-{:update-file   {:concurrency 1 :queue-size 3}
- :auth          {:concurrency 128}
- :process-font  {:concurrency 4 :queue-size 32}
- :process-image {:concurrency 8 :queue-size 32}
- :push-audit-events
- {:concurrency 1 :queue-size 3}}
+;; Required: permits
+;; Optional: queue, ommited means Integer/MAX_VALUE
+;; Optional: timeout, ommited means no timeout
+;; Note: queue and timeout are excluding
+{:update-file-by-id {:permits 1 :queue 3}
+ :update-file {:permits 20}
+
+ :derive-password {:permits 8}
+ :process-font  {:permits 4 :queue 32}
+ :process-image {:permits 8 :queue 32}
+
+ :submit-audit-events-by-profile
+ {:permits 1 :queue 3}}

backend/resources/log4j2-devenv.xml

@@ -3,22 +3,17 @@
   <Appenders>
     <Console name="console" target="SYSTEM_OUT">
       <PatternLayout pattern="[%d{YYYY-MM-dd HH:mm:ss.SSS}] %level{length=1} %logger{36} - %msg%n"
-                     alwaysWriteExceptions="false" />
+                     alwaysWriteExceptions="true" />
     </Console>
 
     <RollingFile name="main" fileName="logs/main.log" filePattern="logs/main-%i.log">
       <PatternLayout pattern="[%d{YYYY-MM-dd HH:mm:ss.SSS}] %level{length=1} %logger{36} - %msg%n"
-                     alwaysWriteExceptions="false" />
+                     alwaysWriteExceptions="true" />
       <Policies>
         <SizeBasedTriggeringPolicy size="50M"/>
       </Policies>
       <DefaultRolloverStrategy max="9"/>
     </RollingFile>
-
-    <JeroMQ name="zmq">
-      <Property name="endpoint">tcp://localhost:45556</Property>
-      <JsonLayout complete="false" compact="true" includeTimeMillis="true" stacktraceAsString="true" properties="true" />
-    </JeroMQ>
   </Appenders>
 
   <Loggers>
@@ -37,17 +32,12 @@
     <Logger name="app.rpc.climit" level="info" />
     <Logger name="app.rpc.mutations.files" level="info" />
 
-    <Logger name="app.cli" level="debug" additivity="false">
-      <AppenderRef ref="console"/>
-    </Logger>
-
     <Logger name="app.loggers" level="debug" additivity="false">
       <AppenderRef ref="main" level="debug" />
     </Logger>
 
     <Logger name="app" level="all" additivity="false">
       <AppenderRef ref="main" level="trace" />
-      <AppenderRef ref="zmq" level="debug" />
     </Logger>
 
     <Logger name="user" level="trace" additivity="false">

backend/resources/log4j2.xml

@@ -12,6 +12,7 @@
     <Logger name="com.zaxxer.hikari" level="error" />
     <Logger name="org.postgresql" level="error" />
 
+    <Logger name="app.util" level="info" />
     <Logger name="app" level="info" additivity="false">
       <AppenderRef ref="console" />
     </Logger>

backend/resources/rlimit.edn

@@ -3,8 +3,9 @@
 {:default
  [[:default :window "200000/h"]]
 
- #{:query/teams}
- [[:burst :bucket "5/1/5s"]]
+ ;; #{:command/get-teams}
+ ;; [[:burst :bucket "5/5/5s"]]
 
- #{:query/profile}
- [[:burst :bucket "100/60/1m"]]}
+ ;; #{:command/get-profile}
+ ;; [[:burst :bucket "60/60/1m"]]
+ }

backend/scripts/build

@@ -12,10 +12,11 @@ cp ../CHANGES.md target/classes/changelog.md;
 
 clojure -T:build jar;
 mv target/penpot.jar target/dist/penpot.jar
+cp resources/log4j2.xml target/dist/log4j2.xml
 cp scripts/run.template.sh target/dist/run.sh;
-cp scripts/manage.template.sh target/dist/manage.sh;
+cp scripts/manage.py target/dist/manage.py
 chmod +x target/dist/run.sh;
-chmod +x target/dist/manage.sh;
+chmod +x target/dist/manage.py
 
 # Prefetch
 bb ./scripts/prefetch-templates.clj resources/app/onboarding.edn builtin-templates/

backend/scripts/manage.py

@@ -0,0 +1,219 @@
+#!/usr/bin/env python3
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# Copyright (c) KALEIDOS INC
+
+import argparse
+import json
+import socket
+import sys
+
+from tabulate import tabulate
+from getpass import getpass
+from urllib.parse import urlparse
+
+PREPL_URI = "tcp://localhost:6063"
+
+def get_prepl_conninfo():
+    uri_data = urlparse(PREPL_URI)
+    if uri_data.scheme != "tcp":
+        raise RuntimeError(f"invalid PREPL_URI: {PREPL_URI}")
+
+    if not isinstance(uri_data.netloc, str):
+        raise RuntimeError(f"invalid PREPL_URI: {PREPL_URI}")
+
+    host, port = uri_data.netloc.split(":", 2)
+
+    if port is None:
+        port = 6063
+
+    if isinstance(port, str):
+        port = int(port)
+
+    return host, port
+
+def send_eval(expr):
+    host, port = get_prepl_conninfo()
+
+    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+        s.connect((host, port))
+        s.send(expr.encode("utf-8"))
+        s.send(b":repl/quit\n\n")
+
+        with s.makefile() as f:
+            result = json.load(f)
+            tag = result.get("tag", None)
+            if tag != "ret":
+                raise RuntimeError("unexpected response from PREPL")
+            return result.get("val", None), result.get("exception", None)
+
+def encode(val):
+    return json.dumps(json.dumps(val))
+
+def print_error(res):
+    for error in res["via"]:
+        print("ERR:", error["message"])
+        break
+
+def run_cmd(params):
+    try:
+        expr = "(app.srepl.ext/run-json-cmd {})".format(encode(params))
+        res, failed = send_eval(expr)
+        if failed:
+            print_error(res)
+            sys.exit(-1)
+
+        return res
+    except Exception as cause:
+        print("EXC:", str(cause))
+        sys.exit(-2)
+
+def create_profile(fullname, email, password):
+    params = {
+        "cmd": "create-profile",
+        "params": {
+            "fullname": fullname,
+            "email": email,
+            "password": password
+        }
+    }
+
+    res = run_cmd(params)
+    print(f"Created: {res['email']} / {res['id']}")
+
+def update_profile(email, fullname, password, is_active):
+    params = {
+        "cmd": "update-profile",
+        "params": {
+            "email": email,
+            "fullname": fullname,
+            "password": password,
+            "is_active": is_active
+        }
+    }
+
+    res = run_cmd(params)
+    if res is True:
+        print(f"Updated")
+    else:
+        print(f"No profile found with email {email}")
+
+def delete_profile(email, soft):
+    params = {
+        "cmd": "delete-profile",
+        "params": {
+            "email": email,
+            "soft": soft
+        }
+    }
+
+    res = run_cmd(params)
+    if res is True:
+        print(f"Deleted")
+    else:
+        print(f"No profile found with email {email}")
+
+def search_profile(email):
+    params = {
+        "cmd": "search-profile",
+        "params": {
+            "email": email,
+        }
+    }
+
+    res = run_cmd(params)
+
+    if isinstance(res, list):
+        print(tabulate(res, headers="keys"))
+
+def derive_password(password):
+    params = {
+        "cmd": "derive-password",
+        "params": {
+            "password": password,
+        }
+    }
+
+    res = run_cmd(params)
+    print(f"Derived password: \"{res}\"")
+
+available_commands = (
+    "create-profile",
+    "update-profile",
+    "delete-profile",
+    "search-profile",
+    "derive-password",
+)
+
+parser = argparse.ArgumentParser(
+    description=(
+        "Penpot Command Line Interface (CLI)"
+    )
+)
+
+parser.add_argument("-V", "--version", action="version", version="Penpot CLI %%develop%%")
+parser.add_argument("action", action="store", choices=available_commands)
+parser.add_argument("-f", "--force", help="force operation", action="store_true")
+parser.add_argument("-n", "--fullname", help="fullname", action="store")
+parser.add_argument("-e", "--email", help="email", action="store")
+parser.add_argument("-p", "--password", help="password", action="store")
+parser.add_argument("-c", "--connect", help="connect to PREPL", action="store", default="tcp://localhost:6063")
+
+args = parser.parse_args()
+
+PREPL_URI = args.connect
+
+if args.action == "create-profile":
+    email = args.email
+    password = args.password
+    fullname = args.fullname
+
+    if email is None:
+        email = input("Email: ")
+
+    if fullname is None:
+        fullname = input("Fullname: ")
+
+    if password is None:
+        password = getpass("Password: ")
+
+    create_profile(fullname, email, password)
+
+elif args.action == "update-profile":
+    email = args.email
+    password = args.password
+
+    if email is None:
+        email = input("Email: ")
+
+    if password is None:
+        password = getpass("Password: ")
+
+    update_profile(email, None, password, None)
+
+elif args.action == "derive-password":
+    password = args.password
+
+    if password is None:
+        password = getpass("Password: ")
+
+    derive_password(password)
+
+elif args.action == "delete-profile":
+    email = args.email
+    soft = not args.force
+
+    if email is None:
+        email = input("Email: ")
+
+    delete_profile(email, soft)
+
+elif args.action == "search-profile":
+    email = args.email
+    if email is None:
+        email = input("Email: ")
+
+    search_profile(email)

backend/scripts/manage.template.sh

@@ -1,19 +0,0 @@
-#!/usr/bin/env bash
-set +e
-JAVA_CMD=$(type -p java)
-
-set -e
-if [[ ! -n "$JAVA_CMD" ]]; then
-  if [[ -n "$JAVA_HOME" ]] && [[ -x "$JAVA_HOME/bin/java" ]]; then
-    JAVA_CMD="$JAVA_HOME/bin/java"
-  else
-    >&2 echo "Couldn't find 'java'. Please set JAVA_HOME."
-    exit 1
-  fi
-fi
-
-if [ -f ./environ ]; then
-   source ./environ
-fi
-
-exec $JAVA_CMD $JVM_OPTS -jar penpot.jar -m app.cli.manage "$@"

backend/scripts/repl

@@ -2,7 +2,29 @@
 
 export PENPOT_HOST=devenv
 export PENPOT_TENANT=dev
-export PENPOT_FLAGS="$PENPOT_FLAGS enable-backend-asserts enable-audit-log enable-transit-readable-response enable-demo-users disable-secure-session-cookies enable-smtp"
+export PENPOT_FLAGS="\
+       $PENPOT_FLAGS \
+       enable-registration
+       enable-login-with-password
+       enable-login-with-oidc \
+       enable-login-with-google \
+       enable-login-with-github \
+       enable-login-with-gitlab \
+       enable-backend-asserts \
+       enable-fdata-storage-pointer-map \
+       enable-fdata-storage-objets-map \
+       enable-audit-log \
+       enable-transit-readable-response \
+       enable-demo-users \
+       disable-secure-session-cookies \
+       enable-smtp \
+       enable-prepl-server \
+       enable-urepl-server \
+       enable-rpc-climit \
+       enable-rpc-rlimit \
+       enable-soft-rpc-rlimit \
+       enable-webhooks \
+       enable-access-tokens";
 
 # export PENPOT_DATABASE_URI="postgresql://172.17.0.1:5432/penpot"
 # export PENPOT_DATABASE_USERNAME="penpot"
@@ -28,18 +50,39 @@ export PENPOT_ASSETS_STORAGE_BACKEND=assets-s3
 export PENPOT_STORAGE_ASSETS_S3_ENDPOINT=http://minio:9000
 export PENPOT_STORAGE_ASSETS_S3_BUCKET=penpot
 
+#-J-Djdk.virtualThreadScheduler.parallelism=16
+
 export OPTIONS="
        -A:jmx-remote -A:dev \
        -J-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager \
-       -J-Dlog4j2.configurationFile=log4j2-devenv.xml \
-       -J-XX:+UseG1GC \
-       -J-XX:-OmitStackTraceInFastThrow \
-       -J-Xms50m -J-Xmx1024m \
        -J-Djdk.attach.allowAttachSelf \
+       -J-Dlog4j2.configurationFile=log4j2-devenv.xml \
+       -J-XX:-OmitStackTraceInFastThrow \
        -J-XX:+UnlockDiagnosticVMOptions \
-       -J-XX:+DebugNonSafepoints";
+       -J-XX:+DebugNonSafepoints \
+       -J-Djdk.tracePinnedThreads=full \
+       -J--enable-preview";
 
-# Uncomment for use the ImageMagick v7.x
+# Setup HEAP
+export OPTIONS="$OPTIONS -J-Xms50m -J-Xmx1024m"
+# export OPTIONS="$OPTIONS -J-Xms1100m -J-Xmx1100m -J-XX:+AlwaysPreTouch"
+
+# Increase virtual thread pool size
+# export OPTIONS="$OPTIONS -J-Djdk.virtualThreadScheduler.parallelism=16"
+
+# Disable C2 Compiler
+# export OPTIONS="$OPTIONS -J-XX:TieredStopAtLevel=1"
+
+# Disable all compilers
+# export OPTIONS="$OPTIONS -J-Xint"
+
+# Setup GC
+export OPTIONS="$OPTIONS -J-XX:+UseG1GC"
+
+# Setup GC
+# export OPTIONS="$OPTIONS -J-XX:+UseZGC"
+
+# Enable ImageMagick v7.x support
 # export OPTIONS="-J-Dim4java.useV7=true $OPTIONS";
 
 export OPTIONS_EVAL="nil"

backend/scripts/run.template.sh

@@ -18,5 +18,7 @@ if [ -f ./environ ]; then
     source ./environ
 fi
 
+export JVM_OPTS="-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager -Dlog4j2.configurationFile=log4j2.xml -XX:-OmitStackTraceInFastThrow --enable-preview $JVM_OPTS"
+
 set -x
 exec $JAVA_CMD $JVM_OPTS "$@" -jar penpot.jar -m app.main

backend/scripts/start-dev

@@ -2,7 +2,20 @@
 
 export PENPOT_HOST=devenv
 export PENPOT_TENANT=dev
-export PENPOT_FLAGS="$PENPOT_FLAGS enable-backend-asserts enable-audit-log enable-transit-readable-response enable-demo-users disable-secure-session-cookies enable-smtp"
+export PENPOT_FLAGS="\
+       $PENPOT_FLAGS \
+       enable-prepl-server \
+       enable-urepl-server \
+       enable-webhooks \
+       enable-backend-asserts \
+       enable-audit-log \
+       enable-transit-readable-response \
+       enable-demo-users \
+       enable-fdata-storage-pointer-map \
+       enable-fdata-storage-objets-map \
+       disable-secure-session-cookies \
+       enable-smtp \
+       enable-webhooks";
 
 set -ex
 

backend/src/app/auth.clj

@@ -0,0 +1,29 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.auth
+  (:require
+   [buddy.hashers :as hashers]
+   [promesa.exec :as px]))
+
+(def default-params
+  {:alg :argon2id
+   :memory (* 32768 2)
+   :iterations 5
+   :parallelism (px/get-available-processors)})
+
+(defn derive-password
+  [password]
+  (hashers/derive password default-params))
+
+(defn verify-password
+  [attempt password]
+  (try
+    (hashers/verify attempt password)
+    (catch Throwable _
+      {:update false
+       :valid false})))
+

backend/src/app/auth/ldap.clj

@@ -41,15 +41,18 @@
   (reduce-kv clojure.string/replace s replacements))
 
 (defn- search-user
-  [{:keys [conn attrs base-dn] :as cfg} email]
-  (let [query   (replace-several (:query cfg) ":username" email)
+  [{:keys [::conn base-dn] :as cfg} email]
+  (let [query  (replace-several (:query cfg) ":username" email)
+        attrs  [(:attrs-username cfg)
+                (:attrs-email cfg)
+                (:attrs-fullname cfg)]
         params  {:filter query
                  :sizelimit 1
                  :attributes attrs}]
     (first (ldap/search conn base-dn params))))
 
 (defn- retrieve-user
-  [{:keys [conn] :as cfg} {:keys [email password]}]
+  [{:keys [::conn] :as cfg} {:keys [email password]}]
   (when-let [{:keys [dn] :as user} (search-user cfg email)]
     (when (ldap/bind? conn dn password)
       {:fullname (get user (-> cfg :attrs-fullname keyword))
@@ -66,7 +69,7 @@
 (defn authenticate
   [cfg params]
   (with-open [conn (connect cfg)]
-    (when-let [user (-> (assoc cfg :conn conn)
+    (when-let [user (-> (assoc cfg ::conn conn)
                         (retrieve-user params))]
       (when-not (s/valid? ::info-data user)
         (let [explain (s/explain-str ::info-data user)]
@@ -100,17 +103,6 @@
                  :host (:host cfg) :port (:port cfg) :cause cause)
         nil))))
 
-(defn- prepare-attributes
-  [cfg]
-  (assoc cfg :attrs [(:attrs-username cfg)
-                     (:attrs-email cfg)
-                     (:attrs-fullname cfg)]))
-
-(defmethod ig/init-key ::provider
-  [_ cfg]
-  (when (:enabled? cfg)
-    (some-> cfg try-connectivity prepare-attributes)))
-
 (s/def ::enabled? ::us/boolean)
 (s/def ::host ::cf/ldap-host)
 (s/def ::port ::cf/ldap-port)
@@ -124,8 +116,7 @@
 (s/def ::attrs-fullname ::cf/ldap-attrs-fullname)
 (s/def ::attrs-username ::cf/ldap-attrs-username)
 
-(defmethod ig/pre-init-spec ::provider
-  [_]
+(s/def ::provider-params
   (s/keys :opt-un [::host ::port
                    ::ssl ::tls
                    ::enabled?
@@ -135,3 +126,14 @@
                    ::attrs-email
                    ::attrs-username
                    ::attrs-fullname]))
+(s/def ::provider
+  (s/nilable ::provider-params))
+
+(defmethod ig/pre-init-spec ::provider
+  [_]
+  (s/spec ::provider))
+
+(defmethod ig/init-key ::provider
+  [_ cfg]
+  (when (:enabled? cfg)
+    (try-connectivity cfg)))

backend/src/app/auth/oidc.clj

@@ -17,22 +17,18 @@
    [app.config :as cf]
    [app.db :as db]
    [app.http.client :as http]
-   [app.http.middleware :as hmw]
    [app.http.session :as session]
    [app.loggers.audit :as audit]
    [app.main :as-alias main]
-   [app.rpc.queries.profile :as profile]
+   [app.rpc.commands.profile :as profile]
    [app.tokens :as tokens]
    [app.util.json :as json]
    [app.util.time :as dt]
-   [app.worker :as wrk]
    [clojure.set :as set]
    [clojure.spec.alpha :as s]
    [cuerdas.core :as str]
    [integrant.core :as ig]
-   [promesa.core :as p]
-   [promesa.exec :as px]
-   [yetti.response :as yrs]))
+   [yetti.response :as-alias yrs]))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; HELPERS
@@ -50,7 +46,7 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
 (defn- discover-oidc-config
-  [cfg {:keys [::base-uri] :as opts}]
+  [cfg {:keys [base-uri] :as opts}]
   (let [discovery-uri (u/join base-uri ".well-known/openid-configuration")
         response      (ex/try! (http/req! cfg
                                           {:method :get :uri (str discovery-uri)}
@@ -64,10 +60,17 @@
         nil)
 
       (= 200 (:status response))
-      (let [data (json/decode (:body response))]
-        {:token-uri (get data :token_endpoint)
-         :auth-uri  (get data :authorization_endpoint)
-         :user-uri  (get data :userinfo_endpoint)})
+      (let [data      (json/decode (:body response))
+            token-uri (get data :token_endpoint)
+            auth-uri  (get data :authorization_endpoint)
+            user-uri  (get data :userinfo_endpoint)]
+        (l/debug :hint "oidc uris discovered"
+                 :token-uri token-uri
+                 :auth-uri auth-uri
+                 :user-uri user-uri)
+        {:token-uri token-uri
+         :auth-uri  auth-uri
+         :user-uri  user-uri})
 
       :else
       (do
@@ -110,7 +113,7 @@
     (if-let [opts (prepare-oidc-opts cfg)]
       (do
         (l/info :hint "provider initialized"
-                :provider :oidc
+                :provider "oidc"
                 :method (if (:discover? opts) "discover" "manual")
                 :client-id (:client-id opts)
                 :client-secret (obfuscate-string (:client-secret opts))
@@ -122,7 +125,7 @@
                 :roles      (:roles opts))
         opts)
       (do
-        (l/warn :hint "unable to initialize auth provider, missing configuration" :provider :oidc)
+        (l/warn :hint "unable to initialize auth provider, missing configuration" :provider "oidc")
         nil))))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -144,13 +147,13 @@
                (string? (:client-secret opts)))
         (do
           (l/info :hint "provider initialized"
-                  :provider :google
+                  :provider "google"
                   :client-id (:client-id opts)
                   :client-secret (obfuscate-string (:client-secret opts)))
           opts)
 
         (do
-          (l/warn :hint "unable to initialize auth provider, missing configuration" :provider :google)
+          (l/warn :hint "unable to initialize auth provider, missing configuration" :provider "google")
           nil)))))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -158,21 +161,23 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
 (defn- retrieve-github-email
-  [cfg tdata info]
-  (or (some-> info :email p/resolved)
-      (->> (http/req! cfg
-                      {:uri "https://api.github.com/user/emails"
-                       :headers {"Authorization" (dm/str (:type tdata) " " (:token tdata))}
-                       :timeout 6000
-                       :method :get})
-           (p/map (fn [{:keys [status body] :as response}]
-                    (when-not (s/int-in-range? 200 300 status)
-                      (ex/raise :type :internal
-                                :code :unable-to-retrieve-github-emails
-                                :hint "unable to retrieve github emails"
-                                :http-status status
-                                :http-body body))
-                    (->> response :body json/decode (filter :primary) first :email))))))
+  [cfg tdata props]
+  (or (some-> props :github/email)
+      (let [params {:uri "https://api.github.com/user/emails"
+                    :headers {"Authorization" (dm/str (:type tdata) " " (:token tdata))}
+                    :timeout 6000
+                    :method :get}
+
+            {:keys [status body]} (http/req! cfg params {:sync? true})]
+
+        (when-not (s/int-in-range? 200 300 status)
+          (ex/raise :type :internal
+                    :code :unable-to-retrieve-github-emails
+                    :hint "unable to retrieve github emails"
+                    :http-status status
+                    :http-body body))
+
+        (->> body json/decode (filter :primary) first :email))))
 
 (defmethod ig/pre-init-spec ::providers/github [_]
   (s/keys :req [::http/client]))
@@ -189,20 +194,20 @@
 
               ;; Additional hooks for provider specific way of
               ;; retrieve emails.
-              :get-email-fn           (partial retrieve-github-email cfg)}]
+              :get-email-fn  (partial retrieve-github-email cfg)}]
 
     (when (contains? cf/flags :login-with-github)
       (if (and (string? (:client-id opts))
                (string? (:client-secret opts)))
         (do
           (l/info :hint "provider initialized"
-                  :provider :github
+                  :provider "github"
                   :client-id (:client-id opts)
                   :client-secret (obfuscate-string (:client-secret opts)))
           opts)
 
         (do
-          (l/warn :hint "unable to initialize auth provider, missing configuration" :provider :github)
+          (l/warn :hint "unable to initialize auth provider, missing configuration" :provider "github")
           nil)))))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -225,20 +230,25 @@
                (string? (:client-secret opts)))
         (do
           (l/info :hint "provider initialized"
-                  :provider :gitlab
+                  :provider "gitlab"
                   :base-uri base
                   :client-id (:client-id opts)
                   :client-secret (obfuscate-string (:client-secret opts)))
           opts)
 
         (do
-          (l/warn :hint "unable to initialize auth provider, missing configuration" :provider :gitlab)
+          (l/warn :hint "unable to initialize auth provider, missing configuration" :provider "gitlab")
           nil)))))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; HANDLERS
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
+(defn- parse-attr-path
+  [provider path]
+  (let [[fitem & items] (str/split path "__")]
+    (into [(keyword (:name provider) fitem)] (map keyword) items)))
+
 (defn- build-redirect-uri
   [{:keys [provider] :as cfg}]
   (let [public (u/uri (cf/get :public-uri))]
@@ -275,69 +285,85 @@
                           "accept" "application/json"}
                 :uri (:token-uri provider)
                 :body (u/map->query-string params)}]
-    (->> (http/req! cfg req)
-         (p/map (fn [{:keys [status body] :as res}]
-                  (if (= status 200)
-                    (let [data (json/decode body)]
-                      {:token (get data :access_token)
-                       :type (get data :token_type)})
-                    (ex/raise :type :internal
-                              :code :unable-to-retrieve-token
-                              :http-status status
-                              :http-body body)))))))
+
+    (l/trace :hint "request access token"
+             :provider (:name provider)
+             :client-id (:client-id provider)
+             :client-secret (obfuscate-string (:client-secret provider))
+             :grant-type (:grant_type params)
+             :redirect-uri (:redirect_uri params))
+
+    (let [{:keys [status body]} (http/req! cfg req {:sync? true})]
+      (l/trace :hint "access token response" :status status :body body)
+      (if (= status 200)
+        (let [data (json/decode body)]
+          {:token (get data :access_token)
+           :type (get data :token_type)})
+
+        (ex/raise :type :internal
+                  :code :unable-to-retrieve-token
+                  :hint "unable to retrieve token"
+                  :http-status status
+                  :http-body body)))))
 
 (defn- retrieve-user-info
   [{:keys [provider] :as cfg} tdata]
-  (letfn [(retrieve []
-            (http/req! cfg
-                       {:uri (:user-uri provider)
-                        :headers {"Authorization" (str (:type tdata) " " (:token tdata))}
-                        :timeout 6000
-                        :method :get}))
-          (validate-response [response]
-            (when-not (s/int-in-range? 200 300 (:status response))
-              (ex/raise :type :internal
-                        :code :unable-to-retrieve-user-info
-                        :hint "unable to retrieve user info"
-                        :http-status (:status response)
-                        :http-body (:body response)))
-            response)
-
-          (get-email [info]
+  (letfn [(get-email [props]
             ;; Allow providers hook into this for custom email
             ;; retrieval method.
-            (if-let [get-email-fn (:get-email-fn provider)]
-              (get-email-fn tdata info)
-              (let [attr-kw (cf/get :oidc-email-attr :email)]
-                (get info attr-kw))))
 
-          (get-name [info]
-            (let [attr-kw (cf/get :oidc-name-attr :name)]
-              (get info attr-kw)))
+            (if-let [get-email-fn (:get-email-fn provider)]
+              (get-email-fn tdata props)
+              (let [attr-kw (cf/get :oidc-email-attr "email")
+                    attr-ph (parse-attr-path provider attr-kw)]
+                (get-in props attr-ph))))
+
+          (get-name [props]
+            (let [attr-kw (cf/get :oidc-name-attr "name")
+                  attr-ph (parse-attr-path provider attr-kw)]
+              (get-in props attr-ph)))
 
           (process-response [response]
-            (p/let [info  (-> response :body json/decode)
-                    email (get-email info)]
+            (let [info  (-> response :body json/decode)
+                  props (qualify-props provider info)
+                  email (get-email props)]
               {:backend  (:name provider)
+               :fullname (or (get-name props) email)
                :email    email
-               :fullname (or (get-name info) email)
-               :props    (->> (dissoc info :name :email)
-                              (qualify-props provider))}))
+               :props    props}))]
 
-          (validate-info [info]
-            (when-not (s/valid? ::info info)
-              (l/warn :hint "received incomplete profile info object (please set correct scopes)"
-                      :info (pr-str info))
-              (ex/raise :type :internal
-                        :code :incomplete-user-info
-                        :hint "inconmplete user info"
-                        :info info))
-            info)]
+    (l/trace :hint "request user info"
+             :uri (:user-uri provider)
+             :token (obfuscate-string (:token tdata))
+             :token-type (:type tdata))
 
-    (-> (retrieve)
-        (p/then validate-response)
-        (p/then process-response)
-        (p/then validate-info))))
+    (let [request  {:uri (:user-uri provider)
+                    :headers {"Authorization" (str (:type tdata) " " (:token tdata))}
+                    :timeout 6000
+                    :method :get}
+          response (http/req! cfg request {:sync? true})]
+
+      (l/trace :hint "user info response"
+               :status (:status response)
+               :body   (:body response))
+
+      (when-not (s/int-in-range? 200 300 (:status response))
+        (ex/raise :type :internal
+                  :code :unable-to-retrieve-user-info
+                  :hint "unable to retrieve user info"
+                  :http-status (:status response)
+                  :http-body (:body response)))
+
+      (let [info (process-response response)]
+        (l/trace :hint "authentication info" :info info)
+
+        (when-not (s/valid? ::info info)
+          (l/warn :hint "received incomplete profile info object (please set correct scopes)" :info info)
+          (ex/raise :type :internal
+                    :code :incomplete-user-info
+                    :hint "inconmplete user info"
+                    :info info))
+        info))))
 
 (s/def ::backend ::us/not-empty-string)
 (s/def ::email ::us/not-empty-string)
@@ -349,65 +375,59 @@
                    ::fullname
                    ::props]))
 
-(defn retrieve-info
+(defn get-info
   [{:keys [provider] :as cfg} {:keys [params] :as request}]
-  (letfn [(validate-oidc [info]
-            ;; If the provider is OIDC, we can proceed to check
-            ;; roles if they are defined.
-            (when (and (= "oidc" (:name provider))
-                       (seq (:roles provider)))
-              (let [provider-roles (into #{} (:roles provider))
-                    profile-roles  (let [attr  (cf/get :oidc-roles-attr :roles)
-                                         roles (get info attr)]
-                                     (cond
-                                       (string? roles) (into #{} (str/words roles))
-                                       (vector? roles) (into #{} roles)
-                                       :else #{}))]
+  (when-let [error (get params :error)]
+    (ex/raise :type :internal
+              :code :error-on-retrieving-code
+              :error-id error
+              :error-desc (get params :error_description)))
 
-                ;; check if profile has a configured set of roles
-                (when-not (set/subset? provider-roles profile-roles)
-                  (ex/raise :type :internal
-                            :code :unable-to-auth
-                            :hint "not enough permissions"))))
-            info)
+  (let [state  (get params :state)
+        code   (get params :code)
+        state  (tokens/verify (::main/props cfg) {:token state :iss :oauth})
+        token  (retrieve-access-token cfg code)
+        info   (retrieve-user-info cfg token)]
 
-          (post-process [state info]
-            (cond-> info
-              (some? (:invitation-token state))
-              (assoc :invitation-token (:invitation-token state))
+    ;; If the provider is OIDC, we can proceed to check
+    ;; roles if they are defined.
+    (when (and (= "oidc" (:name provider))
+               (seq (:roles provider)))
 
-              ;; If state token comes with props, merge them. The state token
-              ;; props can contain pm_ and utm_ prefixed query params.
-              (map? (:props state))
-              (update :props merge (:props state))))]
+      (let [expected-roles (into #{} (:roles provider))
+            current-roles  (let [roles-kw (cf/get :oidc-roles-attr "roles")
+                                 roles-ph (parse-attr-path provider roles-kw)
+                                 roles    (get-in (:props info) roles-ph)]
+                             (cond
+                               (string? roles) (into #{} (str/words roles))
+                               (vector? roles) (into #{} roles)
+                               :else #{}))]
 
-    (when-let [error (get params :error)]
-      (ex/raise :type :internal
-                :code :error-on-retrieving-code
-                :error-id error
-                :error-desc (get params :error_description)))
+        ;; check if profile has a configured set of roles
+        (when-not (set/subset? expected-roles current-roles)
+          (ex/raise :type :internal
+                    :code :unable-to-auth
+                    :hint "not enough permissions"))))
 
-    (let [state  (get params :state)
-          code   (get params :code)
-          state  (tokens/verify (::main/props cfg) {:token state :iss :oauth})]
-      (-> (p/resolved code)
-          (p/then #(retrieve-access-token cfg %))
-          (p/then #(retrieve-user-info cfg %))
-          (p/then' validate-oidc)
-          (p/then' (partial post-process state))))))
+    (cond-> info
+      (some? (:invitation-token state))
+      (assoc :invitation-token (:invitation-token state))
 
-(defn- retrieve-profile
-  [{:keys [::db/pool ::wrk/executor] :as cfg} info]
-  (px/with-dispatch executor
-    (with-open [conn (db/open pool)]
-      (some->> (:email info)
-               (profile/retrieve-profile-data-by-email conn)
-               (profile/populate-additional-data conn)
-               (profile/decode-profile-row)))))
+      ;; If state token comes with props, merge them. The state token
+      ;; props can contain pm_ and utm_ prefixed query params.
+      (map? (:props state))
+      (update :props merge (:props state)))))
+
+(defn- get-profile
+  [{:keys [::db/pool] :as cfg} info]
+  (dm/with-open [conn (db/open pool)]
+    (some->> (:email info)
+             (profile/get-profile-by-email conn))))
 
 (defn- redirect-response
   [uri]
-  (yrs/response :status 302 :headers {"location" (str uri)}))
+  {::yrs/status 302
+   ::yrs/headers {"location" (str uri)}})
 
 (defn- generate-error-redirect
   [_ error]
@@ -417,9 +437,9 @@
     (redirect-response uri)))
 
 (defn- generate-redirect
-  [{:keys [::session/session] :as cfg} request info profile]
+  [cfg request info profile]
   (if profile
-    (let [sxf    (session/create-fn session (:id profile))
+    (let [sxf    (session/create-fn cfg (:id profile))
           token  (or (:invitation-token info)
                      (tokens/generate (::main/props cfg)
                                       {:iss :auth
@@ -434,12 +454,11 @@
         (ex/raise :type :restriction
                   :code :profile-blocked))
 
-      (when-let [collector (::audit/collector cfg)]
-        (audit/submit! collector {:type "command"
-                                  :name "login"
-                                  :profile-id (:id profile)
-                                  :ip-addr (audit/parse-client-ip request)
-                                  :props (audit/profile->props profile)}))
+      (audit/submit! cfg {::audit/type "command"
+                          ::audit/name "login-with-oidc"
+                          ::audit/profile-id (:id profile)
+                          ::audit/ip-addr (audit/parse-client-ip request)
+                          ::audit/props (audit/profile->props profile)})
 
       (->> (redirect-response uri)
            (sxf request)))
@@ -455,6 +474,7 @@
           uri    (-> (u/uri (cf/get :public-uri))
                      (assoc :path "/#/auth/register/validate")
                      (assoc :query (u/map->query-string params)))]
+
       (redirect-response uri))))
 
 (defn- auth-handler
@@ -466,27 +486,24 @@
                                 :props props
                                 :exp (dt/in-future "4h")})
         uri   (build-auth-uri cfg state)]
-    (yrs/response 200 {:redirect-uri uri})))
+    {::yrs/status 200
+     ::yrs/body {:redirect-uri uri}}))
 
 (defn- callback-handler
   [cfg request]
-  (letfn [(process-request []
-            (p/let [info    (retrieve-info cfg request)
-                    profile (retrieve-profile cfg info)]
-              (generate-redirect cfg request info profile)))
-
-          (handle-error [cause]
-            (l/error :hint "error on oauth process" :cause cause)
-            (generate-error-redirect cfg cause))]
-
-    (-> (process-request)
-        (p/catch handle-error))))
+  (try
+    (let [info    (get-info cfg request)
+          profile (get-profile cfg info)]
+      (generate-redirect cfg request info profile))
+    (catch Throwable cause
+      (l/error :hint "error on oauth process" :cause cause)
+      (generate-error-redirect cfg cause))))
 
 (def provider-lookup
   {:compile
    (fn [& _]
-     (fn [handler]
-       (fn [{:keys [::providers] :as cfg} request]
+     (fn [handler {:keys [::providers] :as cfg}]
+       (fn [request]
          (let [provider (some-> request :path-params :provider keyword)]
            (if-let [provider (get providers provider)]
              (handler (assoc cfg :provider provider) request)
@@ -524,23 +541,21 @@
 
 (s/def ::providers (s/map-of ::us/keyword (s/nilable ::provider)))
 
+(s/def ::routes vector?)
+
 (defmethod ig/pre-init-spec ::routes
   [_]
-  (s/keys :req [::http/client
-                ::wrk/executor
+  (s/keys :req [::session/manager
+                ::http/client
                 ::main/props
                 ::db/pool
-                ::providers
-                ::session/session]))
+                ::providers]))
 
 (defmethod ig/init-key ::routes
-  [_ {:keys [::wrk/executor ::session/session] :as cfg}]
+  [_ cfg]
   (let [cfg (update cfg :provider d/without-nils)]
-    ["" {:middleware [[(:middleware session)]
-                      [hmw/with-dispatch executor]
-                      [hmw/with-config cfg]
-                      [provider-lookup]
-                      ]}
+    ["" {:middleware [[session/authz cfg]
+                      [provider-lookup cfg]]}
      ["/auth/oauth"
       ["/:provider"
        {:handler auth-handler
@@ -548,4 +563,3 @@
       ["/:provider/callback"
        {:handler callback-handler
         :allowed-methods #{:get}}]]]))
-

backend/src/app/cli/manage.clj

@@ -1,169 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.cli.manage
-  "A manage cli api."
-  (:require
-   [app.common.logging :as l]
-   [app.db :as db]
-   [app.main :as main]
-   [app.rpc.commands.auth :as cmd.auth]
-   [app.rpc.mutations.profile :as profile]
-   [app.rpc.queries.profile :refer [retrieve-profile-data-by-email]]
-   [clojure.string :as str]
-   [clojure.tools.cli :refer [parse-opts]]
-   [integrant.core :as ig])
-  (:import
-   java.io.Console))
-
-;; --- IMPL
-
-(defn init-system
-  []
-  (let [data (-> main/system-config
-                 (select-keys [:app.db/pool :app.metrics/metrics])
-                 (assoc :app.migrations/all {}))]
-    (-> data ig/prep ig/init)))
-
-(defn- read-from-console
-  [{:keys [label type] :or {type :text}}]
-  (let [^Console console (System/console)]
-    (when-not console
-      (l/error :hint "no console found, can proceed")
-      (System/exit 1))
-
-    (binding [*out* (.writer console)]
-      (print label " ")
-      (.flush *out*))
-
-    (case type
-      :text (.readLine console)
-      :password (String. (.readPassword console)))))
-
-(defn create-profile
-  [options]
-  (let [system   (init-system)
-        email    (or (:email options)
-                     (read-from-console {:label "Email:"}))
-        fullname (or (:fullname options)
-                     (read-from-console {:label "Full Name:"}))
-        password (or (:password options)
-                     (read-from-console {:label "Password:"
-                                         :type :password}))]
-    (try
-      (db/with-atomic [conn (:app.db/pool system)]
-        (->> (cmd.auth/create-profile conn
-                                     {:fullname fullname
-                                      :email email
-                                      :password password
-                                      :is-active true
-                                      :is-demo false})
-             (cmd.auth/create-profile-relations conn)))
-
-      (when (pos? (:verbosity options))
-        (println "User created successfully."))
-      (System/exit 0)
-
-      (catch Exception _e
-        (when (pos? (:verbosity options))
-          (println "Unable to create user, already exists."))
-        (System/exit 1)))))
-
-(defn reset-password
-  [options]
-  (let [system (init-system)]
-    (try
-      (db/with-atomic [conn (:app.db/pool system)]
-        (let [email    (or (:email options)
-                           (read-from-console {:label "Email:"}))
-              profile  (retrieve-profile-data-by-email conn email)]
-          (when-not profile
-            (when (pos? (:verbosity options))
-              (println "Profile does not exists."))
-            (System/exit 1))
-
-          (let [password (or (:password options)
-                             (read-from-console {:label "Password:"
-                                                 :type :password}))]
-            (profile/update-profile-password! conn (assoc profile :password password))
-            (when (pos? (:verbosity options))
-              (println "Password changed successfully.")))))
-      (System/exit 0)
-      (catch Exception e
-        (when (pos? (:verbosity options))
-          (println "Unable to change password."))
-        (when (= 2 (:verbosity options))
-          (.printStackTrace e))
-        (System/exit 1)))))
-
-;; --- CLI PARSE
-
-(def cli-options
-  ;; An option with a required argument
-  [["-u" "--email EMAIL" "Email Address"]
-   ["-p" "--password PASSWORD" "Password"]
-   ["-n" "--name FULLNAME" "Full Name"
-    :id :fullname]
-   ["-v" nil "Verbosity level"
-    :id :verbosity
-    :default 1
-    :update-fn inc]
-   ["-q" nil "Don't print to console"
-    :id :verbosity
-    :update-fn (constantly 0)]
-   ["-h" "--help"]])
-
-(defn usage
-  [options-summary]
-  (->> ["Penpot CLI management."
-        ""
-        "Usage: manage [options] action"
-        ""
-        "Options:"
-        options-summary
-        ""
-        "Actions:"
-        "  create-profile    Create new profile."
-        "  reset-password    Reset profile password."
-        ""]
-       (str/join \newline)))
-
-(defn error-msg [errors]
-  (str "The following errors occurred while parsing your command:\n\n"
-       (str/join \newline errors)))
-
-(defn validate-args
-  "Validate command line arguments. Either return a map indicating the program
-  should exit (with a error message, and optional ok status), or a map
-  indicating the action the program should take and the options provided."
-  [args]
-  (let [{:keys [options arguments errors summary] :as opts} (parse-opts args cli-options)]
-    (cond
-      (:help options) ; help => exit OK with usage summary
-      {:exit-message (usage summary) :ok? true}
-
-      errors ; errors => exit with description of errors
-      {:exit-message (error-msg errors)}
-
-      ;; custom validation on arguments
-      :else
-      (let [action (first arguments)]
-        (if (#{"create-profile" "reset-password"} action)
-          {:action (first arguments) :options options}
-          {:exit-message (usage summary)})))))
-
-(defn exit [status msg]
-  (println msg)
-  (System/exit status))
-
-(defn -main
-  [& args]
-  (let [{:keys [action options exit-message ok?]} (validate-args args)]
-    (if exit-message
-      (exit (if ok? 0 1) exit-message)
-      (case action
-        "create-profile" (create-profile options)
-        "reset-password" (reset-password options)))))

backend/src/app/config.clj

@@ -51,7 +51,6 @@
    :database-password "penpot"
 
    :default-blob-version 5
-   :loggers-zmq-uri "tcp://localhost:45556"
 
    :rpc-rlimit-config (fs/path "resources/rlimit.edn")
    :rpc-climit-config (fs/path "resources/climit.edn")
@@ -61,11 +60,9 @@
 
    :public-uri "http://localhost:3449"
    :host "localhost"
-   :tenant "main"
+   :tenant "default"
 
    :redis-uri "redis://redis/0"
-   :srepl-host "127.0.0.1"
-   :srepl-port 6062
 
    :assets-storage-backend :assets-fs
    :storage-assets-fs-directory "assets"
@@ -102,7 +99,7 @@
 (s/def ::audit-log-archive-uri ::us/string)
 (s/def ::audit-log-http-handler-concurrency ::us/integer)
 
-(s/def ::admins ::us/set-of-strings)
+(s/def ::admins ::us/set-of-valid-emails)
 (s/def ::file-change-snapshot-every ::us/integer)
 (s/def ::file-change-snapshot-timeout ::dt/duration)
 
@@ -127,6 +124,17 @@
 (s/def ::database-min-pool-size ::us/integer)
 (s/def ::database-max-pool-size ::us/integer)
 
+(s/def ::quotes-teams-per-profile ::us/integer)
+(s/def ::quotes-access-tokens-per-profile ::us/integer)
+(s/def ::quotes-projects-per-team ::us/integer)
+(s/def ::quotes-invitations-per-team ::us/integer)
+(s/def ::quotes-profiles-per-team ::us/integer)
+(s/def ::quotes-files-per-project ::us/integer)
+(s/def ::quotes-files-per-team ::us/integer)
+(s/def ::quotes-font-variants-per-team ::us/integer)
+(s/def ::quotes-comment-threads-per-file ::us/integer)
+(s/def ::quotes-comments-per-file ::us/integer)
+
 (s/def ::default-blob-version ::us/integer)
 (s/def ::error-report-webhook ::us/string)
 (s/def ::user-feedback-destination ::us/string)
@@ -145,9 +153,9 @@
 (s/def ::oidc-user-uri ::us/string)
 (s/def ::oidc-scopes ::us/set-of-strings)
 (s/def ::oidc-roles ::us/set-of-strings)
-(s/def ::oidc-roles-attr ::us/keyword)
-(s/def ::oidc-email-attr ::us/keyword)
-(s/def ::oidc-name-attr ::us/keyword)
+(s/def ::oidc-roles-attr ::us/string)
+(s/def ::oidc-email-attr ::us/string)
+(s/def ::oidc-name-attr ::us/string)
 (s/def ::host ::us/string)
 (s/def ::http-server-port ::us/integer)
 (s/def ::http-server-host ::us/string)
@@ -166,8 +174,6 @@
 (s/def ::ldap-ssl ::us/boolean)
 (s/def ::ldap-starttls ::us/boolean)
 (s/def ::ldap-user-query ::us/string)
-(s/def ::loggers-loki-uri ::us/string)
-(s/def ::loggers-zmq-uri ::us/string)
 (s/def ::media-directory ::us/string)
 (s/def ::media-uri ::us/string)
 (s/def ::profile-bounce-max-age ::dt/duration)
@@ -186,18 +192,15 @@
 (s/def ::smtp-ssl ::us/boolean)
 (s/def ::smtp-tls ::us/boolean)
 (s/def ::smtp-username (s/nilable ::us/string))
-(s/def ::srepl-host ::us/string)
-(s/def ::srepl-port ::us/integer)
+(s/def ::urepl-host ::us/string)
+(s/def ::urepl-port ::us/integer)
+(s/def ::prepl-host ::us/string)
+(s/def ::prepl-port ::us/integer)
 (s/def ::assets-storage-backend ::us/keyword)
-(s/def ::fdata-storage-backend ::us/keyword)
 (s/def ::storage-assets-fs-directory ::us/string)
 (s/def ::storage-assets-s3-bucket ::us/string)
 (s/def ::storage-assets-s3-region ::us/keyword)
 (s/def ::storage-assets-s3-endpoint ::us/string)
-(s/def ::storage-fdata-s3-bucket ::us/string)
-(s/def ::storage-fdata-s3-region ::us/keyword)
-(s/def ::storage-fdata-s3-prefix ::us/string)
-(s/def ::storage-fdata-s3-endpoint ::us/string)
 (s/def ::telemetry-uri ::us/string)
 (s/def ::telemetry-with-taiga ::us/boolean)
 (s/def ::tenant ::us/string)
@@ -266,14 +269,24 @@
                    ::ldap-starttls
                    ::ldap-user-query
                    ::local-assets-uri
-                   ::loggers-loki-uri
-                   ::loggers-zmq-uri
                    ::media-max-file-size
                    ::profile-bounce-max-age
                    ::profile-bounce-threshold
                    ::profile-complaint-max-age
                    ::profile-complaint-threshold
                    ::public-uri
+
+                   ::quotes-teams-per-profile
+                   ::quotes-access-tokens-per-profile
+                   ::quotes-projects-per-team
+                   ::quotes-invitations-per-team
+                   ::quotes-profiles-per-team
+                   ::quotes-files-per-project
+                   ::quotes-files-per-team
+                   ::quotes-font-variants-per-team
+                   ::quotes-comment-threads-per-file
+                   ::quotes-comments-per-file
+
                    ::redis-uri
                    ::registration-domain-whitelist
                    ::rpc-rlimit-config
@@ -292,19 +305,16 @@
                    ::smtp-tls
                    ::smtp-username
 
-                   ::srepl-host
-                   ::srepl-port
+                   ::urepl-host
+                   ::urepl-port
+                   ::prepl-host
+                   ::prepl-port
 
                    ::assets-storage-backend
                    ::storage-assets-fs-directory
                    ::storage-assets-s3-bucket
                    ::storage-assets-s3-region
                    ::storage-assets-s3-endpoint
-                   ::fdata-storage-backend
-                   ::storage-fdata-s3-bucket
-                   ::storage-fdata-s3-region
-                   ::storage-fdata-s3-prefix
-                   ::storage-fdata-s3-endpoint
                    ::telemetry-enabled
                    ::telemetry-uri
                    ::telemetry-referer
@@ -313,6 +323,7 @@
 
 (def default-flags
   [:enable-backend-api-doc
+   :enable-backend-openapi-doc
    :enable-backend-worker
    :enable-secure-session-cookies
    :enable-email-verification])
@@ -342,7 +353,7 @@
          (merge defaults)
          (us/conform ::config))
     (catch Throwable e
-      (when (ex/ex-info? e)
+      (when (ex/error? e)
         (println ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;")
         (println "Error on validating configuration:")
         (println (some-> e ex-data ex/explain))

backend/src/app/db.clj

@@ -17,7 +17,6 @@
    [app.db.sql :as sql]
    [app.metrics :as mtx]
    [app.util.json :as json]
-   [app.util.migrations :as mg]
    [app.util.time :as dt]
    [clojure.java.io :as io]
    [clojure.spec.alpha :as s]
@@ -32,7 +31,6 @@
    io.whitfin.siphash.SipHasherContainer
    java.io.InputStream
    java.io.OutputStream
-   java.lang.AutoCloseable
    java.sql.Connection
    java.sql.Savepoint
    org.postgresql.PGConnection
@@ -50,12 +48,9 @@
 ;; Initialization
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
-(declare apply-migrations!)
-
 (s/def ::connection-timeout ::us/integer)
 (s/def ::max-size ::us/integer)
 (s/def ::min-size ::us/integer)
-(s/def ::migrations map?)
 (s/def ::name keyword?)
 (s/def ::password ::us/string)
 (s/def ::uri ::us/not-empty-string)
@@ -64,26 +59,26 @@
 (s/def ::read-only? ::us/boolean)
 
 (s/def ::pool-options
-  (s/keys :opt-un [::uri ::name
-                   ::min-size
-                   ::max-size
-                   ::connection-timeout
-                   ::validation-timeout
-                   ::migrations
-                   ::username
-                   ::password
-                   ::mtx/metrics
-                   ::read-only?]))
+  (s/keys :opt [::uri
+                ::name
+                ::min-size
+                ::max-size
+                ::connection-timeout
+                ::validation-timeout
+                ::username
+                ::password
+                ::mtx/metrics
+                ::read-only?]))
 
 (def defaults
-  {:name :main
-   :min-size 0
-   :max-size 60
-   :connection-timeout 10000
-   :validation-timeout 10000
-   :idle-timeout 120000 ; 2min
-   :max-lifetime 1800000 ; 30m
-   :read-only? false})
+  {::name :main
+   ::min-size 0
+   ::max-size 60
+   ::connection-timeout 10000
+   ::validation-timeout 10000
+   ::idle-timeout 120000 ; 2min
+   ::max-lifetime 1800000 ; 30m
+   ::read-only? false})
 
 (defmethod ig/prep-key ::pool
   [_ cfg]
@@ -93,39 +88,23 @@
 (defmethod ig/pre-init-spec ::pool [_] ::pool-options)
 
 (defmethod ig/init-key ::pool
-  [_ {:keys [migrations read-only? uri] :as cfg}]
-  (if uri
-    (let [pool (create-pool cfg)]
-      (l/info :hint "initialize connection pool"
-              :name (d/name (:name cfg))
-              :uri uri
-              :read-only read-only?
-              :with-credentials (and (contains? cfg :username)
-                                     (contains? cfg :password))
-              :min-size (:min-size cfg)
-              :max-size (:max-size cfg))
-      (when-not read-only?
-        (some->> (seq migrations) (apply-migrations! pool)))
-      pool)
-
-    (do
-      (l/warn :hint "unable to initialize pool, missing url"
-              :name (d/name (:name cfg))
-              :read-only read-only?)
-      nil)))
+  [_ {:keys [::uri ::read-only?] :as cfg}]
+  (when uri
+    (l/info :hint "initialize connection pool"
+            :name (d/name (::name cfg))
+            :uri uri
+            :read-only read-only?
+            :with-credentials (and (contains? cfg ::username)
+                                   (contains? cfg ::password))
+            :min-size (::min-size cfg)
+          :max-size (::max-size cfg))
+    (create-pool cfg)))
 
 (defmethod ig/halt-key! ::pool
   [_ pool]
   (when pool
     (.close ^HikariDataSource pool)))
 
-(defn- apply-migrations!
-  [pool migrations]
-  (with-open [conn ^AutoCloseable (open pool)]
-    (mg/setup! conn)
-    (doseq [[name steps] migrations]
-      (mg/migrate! conn {:name (d/name name) :steps steps}))))
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; API & Impl
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -135,19 +114,19 @@
        "SET idle_in_transaction_session_timeout = 300000;"))
 
 (defn- create-datasource-config
-  [{:keys [metrics uri] :as cfg}]
+  [{:keys [::mtx/metrics ::uri] :as cfg}]
   (let [config (HikariConfig.)]
     (doto config
       (.setJdbcUrl           (str "jdbc:" uri))
-      (.setPoolName          (d/name (:name cfg)))
+      (.setPoolName          (d/name (::name cfg)))
       (.setAutoCommit true)
-      (.setReadOnly          (:read-only? cfg))
-      (.setConnectionTimeout (:connection-timeout cfg))
-      (.setValidationTimeout (:validation-timeout cfg))
-      (.setIdleTimeout       (:idle-timeout cfg))
-      (.setMaxLifetime       (:max-lifetime cfg))
-      (.setMinimumIdle       (:min-size cfg))
-      (.setMaximumPoolSize   (:max-size cfg))
+      (.setReadOnly          (::read-only? cfg))
+      (.setConnectionTimeout (::connection-timeout cfg))
+      (.setValidationTimeout (::validation-timeout cfg))
+      (.setIdleTimeout       (::idle-timeout cfg))
+      (.setMaxLifetime       (::max-lifetime cfg))
+      (.setMinimumIdle       (::min-size cfg))
+      (.setMaximumPoolSize   (::max-size cfg))
       (.setConnectionInitSql initsql)
       (.setInitializationFailTimeout -1))
 
@@ -157,8 +136,8 @@
            (PrometheusMetricsTrackerFactory.)
            (.setMetricsTrackerFactory config)))
 
-    (some->> ^String (:username cfg) (.setUsername config))
-    (some->> ^String (:password cfg) (.setPassword config))
+    (some->> ^String (::username cfg) (.setUsername config))
+    (some->> ^String (::password cfg) (.setPassword config))
 
     config))
 
@@ -166,15 +145,28 @@
   [v]
   (instance? javax.sql.DataSource v))
 
+(s/def ::conn some?)
+(s/def ::nilable-pool (s/nilable ::pool))
 (s/def ::pool pool?)
+(s/def ::pool-or-conn some?)
 
 (defn closed?
   [pool]
   (.isClosed ^HikariDataSource pool))
 
 (defn read-only?
-  [pool]
-  (.isReadOnly ^HikariDataSource pool))
+  [pool-or-conn]
+  (cond
+    (instance? HikariDataSource pool-or-conn)
+    (.isReadOnly ^HikariDataSource pool-or-conn)
+
+    (instance? Connection pool-or-conn)
+    (.isReadOnly ^Connection pool-or-conn)
+
+    :else
+    (ex/raise :type :internal
+              :code :invalid-connection
+              :hint "invalid connection provided")))
 
 (defn create-pool
   [cfg]
@@ -232,44 +224,46 @@
   [pool]
   (jdbc/get-connection pool))
 
+(def ^:private default-opts
+  {:builder-fn sql/as-kebab-maps})
+
 (defn exec!
   ([ds sv]
-   (exec! ds sv {}))
+   (jdbc/execute! ds sv default-opts))
   ([ds sv opts]
-   (jdbc/execute! ds sv (assoc opts :builder-fn sql/as-kebab-maps))))
+   (jdbc/execute! ds sv (merge default-opts opts))))
 
 (defn exec-one!
-  ([ds sv] (exec-one! ds sv {}))
+  ([ds sv]
+   (jdbc/execute-one! ds sv default-opts))
   ([ds sv opts]
-   (jdbc/execute-one! ds sv (assoc opts :builder-fn sql/as-kebab-maps))))
+   (jdbc/execute-one! ds sv
+                      (-> (merge default-opts opts)
+                          (assoc :return-keys (::return-keys? opts false))))))
 
 (defn insert!
-  ([ds table params] (insert! ds table params nil))
-  ([ds table params opts]
-   (exec-one! ds
-              (sql/insert table params opts)
-              (merge {:return-keys true} opts))))
+  [ds table params & {:as opts}]
+  (exec-one! ds
+             (sql/insert table params opts)
+             (merge {::return-keys? true} opts)))
 
 (defn insert-multi!
-  ([ds table cols rows] (insert-multi! ds table cols rows nil))
-  ([ds table cols rows opts]
-   (exec! ds
-          (sql/insert-multi table cols rows opts)
-          (merge {:return-keys true} opts))))
+  [ds table cols rows & {:as opts}]
+  (exec! ds
+         (sql/insert-multi table cols rows opts)
+         (merge {::return-keys? true} opts)))
 
 (defn update!
-  ([ds table params where] (update! ds table params where nil))
-  ([ds table params where opts]
-   (exec-one! ds
-              (sql/update table params where opts)
-              (merge {:return-keys true} opts))))
+  [ds table params where & {:as opts}]
+  (exec-one! ds
+             (sql/update table params where opts)
+             (merge {::return-keys? true} opts)))
 
 (defn delete!
-  ([ds table params] (delete! ds table params nil))
-  ([ds table params opts]
-   (exec-one! ds
-              (sql/delete table params opts)
-              (assoc opts :return-keys true))))
+  [ds table params & {:as opts}]
+  (exec-one! ds
+             (sql/delete table params opts)
+             (merge {::return-keys? true} opts)))
 
 (defn is-row-deleted?
   [{:keys [deleted-at]}]
@@ -278,56 +272,34 @@
           (inst-ms (dt/now)))))
 
 (defn get*
-  "Internal function for retrieve a single row from database that
-  matches a simple filters."
-  ([ds table params]
-   (get* ds table params nil))
-  ([ds table params {:keys [check-deleted?] :or {check-deleted? true} :as opts}]
-   (let [rows (exec! ds (sql/select table params opts))
-         rows (cond->> rows
-                check-deleted?
-                (remove is-row-deleted?))]
-     (first rows))))
+  "Retrieve a single row from database that matches a simple filters. Do
+  not raises exceptions."
+  [ds table params & {:as opts}]
+  (let [rows (exec! ds (sql/select table params opts))
+        rows (cond->> rows
+               (::remove-deleted? opts true)
+               (remove is-row-deleted?))]
+    (first rows)))
 
 (defn get
-  ([ds table params]
-   (get ds table params nil))
-  ([ds table params {:keys [check-deleted?] :or {check-deleted? true} :as opts}]
-   (let [row (get* ds table params opts)]
-     (when (and (not row) check-deleted?)
-       (ex/raise :type :not-found
-                 :code :object-not-found
-                 :table table
-                 :hint "database object not found"))
-     row)))
-
-(defn get-by-params
-  "DEPRECATED"
-  ([ds table params]
-   (get-by-params ds table params nil))
-  ([ds table params {:keys [check-not-found] :or {check-not-found true} :as opts}]
-   (let [row (get* ds table params (assoc opts :check-deleted? check-not-found))]
-     (when (and (not row) check-not-found)
-       (ex/raise :type :not-found
-                 :code :object-not-found
-                 :table table
-                 :hint "database object not found"))
-     row)))
+  "Retrieve a single row from database that matches a simple
+  filters. Raises :not-found exception if no object is found."
+  [ds table params & {:as opts}]
+  (let [row (get* ds table params opts)]
+    (when (and (not row) (::check-deleted? opts true))
+      (ex/raise :type :not-found
+                :code :object-not-found
+                :table table
+                :hint "database object not found"))
+    row))
 
 (defn get-by-id
-  ([ds table id]
-   (get ds table {:id id} nil))
-  ([ds table id opts]
-   (let [opts (cond-> opts
-                (contains? opts :check-not-found)
-                (assoc :check-deleted? (:check-not-found opts)))]
-     (get ds table {:id id} opts))))
+  [ds table id & {:as opts}]
+  (get ds table {:id id} opts))
 
 (defn query
-  ([ds table params]
-   (query ds table params nil))
-  ([ds table params opts]
-   (exec! ds (sql/select table params opts))))
+  [ds table params & {:as opts}]
+  (exec! ds (sql/select table params opts)))
 
 (defn pgobject?
   ([v]
@@ -389,12 +361,20 @@
   [data]
   (org.postgresql.util.PGInterval. ^String data))
 
+(defn connection?
+  [conn]
+  (instance? Connection conn))
+
 (defn savepoint
   ([^Connection conn]
    (.setSavepoint conn))
   ([^Connection conn label]
    (.setSavepoint conn (name label))))
 
+(defn release!
+  [^Connection conn ^Savepoint sp ]
+  (.releaseSavepoint conn sp))
+
 (defn rollback!
   ([^Connection conn]
    (.rollback conn))
@@ -470,6 +450,11 @@
       (.setType "jsonb")
       (.setValue (json/encode-str data)))))
 
+(defn get-update-count
+  [result]
+  (:next.jdbc/update-count result))
+
+
 ;; --- Locks
 
 (def ^:private siphash-state

backend/src/app/db/sql.clj

@@ -7,6 +7,7 @@
 (ns app.db.sql
   (:refer-clojure :exclude [update])
   (:require
+   [app.db :as-alias db]
    [clojure.string :as str]
    [next.jdbc.optional :as jdbc-opt]
    [next.jdbc.sql.builder :as sql]))
@@ -43,8 +44,10 @@
   ([table where-params opts]
    (let [opts (merge default-opts opts)
          opts (cond-> opts
-                (:for-update opts)    (assoc :suffix "FOR UPDATE")
-                (:for-key-share opts) (assoc :suffix "FOR KEY SHARE"))]
+                (::db/for-update? opts) (assoc :suffix "FOR UPDATE")
+                (::db/for-share? opts)  (assoc :suffix "FOR KEY SHARE")
+                (:for-update opts)      (assoc :suffix "FOR UPDATE")
+                (:for-key-share opts)   (assoc :suffix "FOR KEY SHARE"))]
      (sql/for-query table where-params opts))))
 
 (defn update

backend/src/app/email.clj

@@ -4,7 +4,7 @@
 ;;
 ;; Copyright (c) KALEIDOS INC
 
-(ns app.emails
+(ns app.email
   "Main api for send emails."
   (:require
    [app.common.exceptions :as ex]
@@ -14,7 +14,7 @@
    [app.config :as cf]
    [app.db :as db]
    [app.db.sql :as sql]
-   [app.emails.invite-to-team :as-alias emails.invite-to-team]
+   [app.email.invite-to-team :as-alias email.invite-to-team]
    [app.metrics :as mtx]
    [app.util.template :as tmpl]
    [app.worker :as wrk]
@@ -37,6 +37,7 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
 (defn- parse-address
+  ^"[Ljakarta.mail.internet.InternetAddress;"
   [v]
   (InternetAddress/parse ^String v))
 
@@ -64,14 +65,14 @@
     (some? bcc) (assign-recipient :bcc bcc)))
 
 (defn- assign-from
-  [mmsg {:keys [default-from]} {:keys [from] :as props}]
+  [mmsg {:keys [::default-from] :as cfg} {:keys [from] :as params}]
   (let [from (or from default-from)]
     (when from
       (let [from (parse-address from)]
         (.addFrom ^MimeMessage mmsg from)))))
 
 (defn- assign-reply-to
-  [mmsg {:keys [default-reply-to] :as cfg} {:keys [reply-to] :as params}]
+  [mmsg {:keys [::default-reply-to] :as cfg} {:keys [reply-to] :as params}]
   (let [reply-to (or reply-to default-reply-to)]
     (when reply-to
       (let [reply-to (parse-address reply-to)]
@@ -127,9 +128,8 @@
     mmsg))
 
 (defn- opts->props
-  [{:keys [username tls host port timeout default-from]
-    :or {timeout 30000}
-    :as opts}]
+  [{:keys [::username ::tls ::host ::port ::timeout ::default-from]
+    :or {timeout 30000}}]
   (reduce-kv
    (fn [^Properties props k v]
      (if (nil? v)
@@ -150,8 +150,9 @@
     "mail.smtp.connectiontimeout" timeout}))
 
 (defn- create-smtp-session
-  [opts]
-  (let [props (opts->props opts)]
+  ^Session
+  [cfg]
+  (let [props (opts->props cfg)]
     (Session/getInstance props)))
 
 (defn- create-smtp-message
@@ -171,7 +172,7 @@
 ;; TEMPLATE EMAIL IMPL
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
-(def ^:private email-path "app/emails/%(id)s/%(lang)s.%(type)s")
+(def ^:private email-path "app/email/%(id)s/%(lang)s.%(type)s")
 
 (defn- render-email-template-part
   [type id context]
@@ -257,15 +258,17 @@
   "Schedule an already defined email to be sent using asynchronously
   using worker task."
   [{:keys [::conn ::factory] :as context}]
-  (us/verify fn? factory)
   (us/verify some? conn)
-  (let [email (factory context)]
-    (wrk/submit! (assoc email
-                        ::wrk/task :sendmail
-                        ::wrk/delay 0
-                        ::wrk/max-retries 4
-                        ::wrk/priority 200
-                        ::wrk/conn conn))))
+  (let [email (if factory
+                (factory context)
+                (dissoc context ::conn))]
+    (wrk/submit! (merge
+                  {::wrk/task :sendmail
+                   ::wrk/delay 0
+                   ::wrk/max-retries 4
+                   ::wrk/priority 200
+                   ::wrk/conn conn}
+                  email))))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; SENDMAIL FN / TASK HANDLER
@@ -281,14 +284,14 @@
 (s/def ::default-from ::cf/smtp-default-from)
 
 (s/def ::smtp-config
-  (s/keys :opt-un [::username
-                   ::password
-                   ::tls
-                   ::ssl
-                   ::host
-                   ::port
-                   ::default-from
-                   ::default-reply-to]))
+  (s/keys :opt [::username
+                ::password
+                ::tls
+                ::ssl
+                ::host
+                ::port
+                ::default-from
+                ::default-reply-to]))
 
 (declare send-to-logger!)
 
@@ -304,8 +307,8 @@
       (let [session (create-smtp-session cfg)]
         (with-open [transport (.getTransport session (if (:ssl cfg) "smtps" "smtp"))]
           (.connect ^Transport transport
-                    ^String (:username cfg)
-                    ^String (:password cfg))
+                    ^String (::username cfg)
+                    ^String (::password cfg))
 
           (let [^MimeMessage message (create-smtp-message cfg session params)]
             (.sendMessage ^Transport transport
@@ -317,10 +320,10 @@
       (send-to-logger! cfg params))))
 
 (defmethod ig/pre-init-spec ::handler [_]
-  (s/keys :req-un [::sendmail ::mtx/metrics]))
+  (s/keys :req [::sendmail ::mtx/metrics]))
 
 (defmethod ig/init-key ::handler
-  [_ {:keys [sendmail]}]
+  [_ {:keys [::sendmail]}]
   (fn [{:keys [props] :as task}]
     (sendmail props)))
 
@@ -378,14 +381,14 @@
   "Password change confirmation email"
   (template-factory ::change-email))
 
-(s/def ::emails.invite-to-team/invited-by ::us/string)
-(s/def ::emails.invite-to-team/team ::us/string)
-(s/def ::emails.invite-to-team/token ::us/string)
+(s/def ::email.invite-to-team/invited-by ::us/string)
+(s/def ::email.invite-to-team/team ::us/string)
+(s/def ::email.invite-to-team/token ::us/string)
 
 (s/def ::invite-to-team
-  (s/keys :req-un [::emails.invite-to-team/invited-by
-                   ::emails.invite-to-team/token
-                   ::emails.invite-to-team/team]))
+  (s/keys :req-un [::email.invite-to-team/invited-by
+                   ::email.invite-to-team/token
+                   ::email.invite-to-team/team]))
 
 (def invite-to-team
   "Teams member invitation email."

backend/src/app/http.clj

@@ -6,23 +6,34 @@
 
 (ns app.http
   (:require
+   [app.auth.oidc :as-alias oidc]
    [app.common.data :as d]
    [app.common.logging :as l]
    [app.common.transit :as t]
+   [app.db :as-alias db]
+   [app.http.access-token :as actoken]
+   [app.http.assets :as-alias assets]
+   [app.http.awsns :as-alias awsns]
+   [app.http.debug :as-alias debug]
    [app.http.errors :as errors]
    [app.http.middleware :as mw]
    [app.http.session :as session]
+   [app.http.websocket :as-alias ws]
+   [app.main :as-alias main]
    [app.metrics :as mtx]
+   [app.rpc :as-alias rpc]
+   [app.rpc.doc :as-alias rpc.doc]
    [app.worker :as wrk]
    [clojure.spec.alpha :as s]
    [integrant.core :as ig]
+   [promesa.exec :as px]
    [reitit.core :as r]
    [reitit.middleware :as rr]
    [yetti.adapter :as yt]
    [yetti.request :as yrq]
-   [yetti.response :as yrs]))
+   [yetti.response :as-alias yrs]))
 
-(declare wrap-router)
+(declare router-handler)
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; HTTP SERVER
@@ -37,142 +48,131 @@
 (s/def ::max-body-size integer?)
 (s/def ::max-multipart-body-size integer?)
 (s/def ::io-threads integer?)
-(s/def ::worker-threads integer?)
 
 (defmethod ig/prep-key ::server
   [_ cfg]
-  (merge {:name "http"
-          :port 6060
-          :host "0.0.0.0"
-          :max-body-size (* 1024 1024 30)             ; 30 MiB
-          :max-multipart-body-size (* 1024 1024 120)} ; 120 MiB
+  (merge {::port 6060
+          ::host "0.0.0.0"
+          ::max-body-size (* 1024 1024 30)             ; 30 MiB
+          ::max-multipart-body-size (* 1024 1024 120)} ; 120 MiB
          (d/without-nils cfg)))
 
 (defmethod ig/pre-init-spec ::server [_]
-  (s/and
-   (s/keys :req-un [::port ::host ::name ::max-body-size ::max-multipart-body-size]
-           :opt-un [::router ::handler ::io-threads ::worker-threads ::wrk/executor])
-   (fn [cfg]
-     (or (contains? cfg :router)
-         (contains? cfg :handler)))))
+  (s/keys :req [::port ::host]
+          :opt [::max-body-size
+                ::max-multipart-body-size
+                ::router
+                ::handler
+                ::io-threads
+                ::wrk/executor]))
 
 (defmethod ig/init-key ::server
-  [_ {:keys [handler router port name host] :as cfg}]
-  (l/info :hint "starting http server" :port port :host host :name name)
+  [_ {:keys [::handler ::router ::host ::port] :as cfg}]
+  (l/info :hint "starting http server" :port port :host host)
   (let [options {:http/port port
                  :http/host host
-                 :http/max-body-size (:max-body-size cfg)
-                 :http/max-multipart-body-size (:max-multipart-body-size cfg)
-                 :xnio/io-threads (:io-threads cfg)
-                 :xnio/worker-threads (:worker-threads cfg)
-                 :xnio/dispatch (:executor cfg)
+                 :http/max-body-size (::max-body-size cfg)
+                 :http/max-multipart-body-size (::max-multipart-body-size cfg)
+                 :xnio/io-threads (or (::io-threads cfg)
+                                      (max 3 (px/get-available-processors)))
+                 :xnio/worker-threads (or (::worker-threads cfg)
+                                          (max 6 (px/get-available-processors)))
+                 :xnio/dispatch true
+                 :socket/backlog 4069
                  :ring/async true}
 
-        handler (if (some? router)
-                  (wrap-router router)
+        handler (cond
+                  (some? router)
+                  (router-handler router)
 
-                  handler)
-        server  (yt/server handler (d/without-nils options))]
-    (assoc cfg :server (yt/start! server))))
+                  (some? handler)
+                  handler
+
+                  :else
+                  (throw (UnsupportedOperationException. "handler or router are required")))
+
+        options (d/without-nils options)
+        server  (yt/server handler options)]
+
+    (assoc cfg ::server (yt/start! server))))
 
 (defmethod ig/halt-key! ::server
-  [_ {:keys [server name port] :as cfg}]
-  (l/info :msg "stopping http server" :name name :port port)
+  [_ {:keys [::server ::port] :as cfg}]
+  (l/info :msg "stopping http server" :port port)
   (yt/stop! server))
 
 (defn- not-found-handler
   [_ respond _]
-  (respond (yrs/response 404)))
+  (respond {::yrs/status 404}))
 
-(defn- wrap-router
+(defn- router-handler
   [router]
-  (letfn [(handler [request respond raise]
+  (letfn [(resolve-handler [request]
             (if-let [match (r/match-by-path router (yrq/path request))]
               (let [params  (:path-params match)
                     result  (:result match)
                     handler (or (:handler result) not-found-handler)
-                    request (-> request
-                                (assoc :path-params params)
-                                (update :params merge params))]
-                (handler request respond raise))
-              (not-found-handler request respond raise)))
+                    request (assoc request :path-params params)]
+                (partial handler request))
+              (partial not-found-handler request)))
 
-          (on-error [cause request respond]
+          (on-error [cause request]
             (let [{:keys [body] :as response} (errors/handle cause request)]
-              (respond
-               (cond-> response
-                 (map? body)
-                 (-> (update :headers assoc "content-type" "application/transit+json")
-                     (assoc :body (t/encode-str body {:type :json-verbose})))))))]
+              (cond-> response
+                (map? body)
+                (-> (update ::yrs/headers assoc "content-type" "application/transit+json")
+                    (assoc ::yrs/body (t/encode-str body {:type :json-verbose}))))))]
 
     (fn [request respond _]
-      (try
-        (handler request respond #(on-error % request respond))
-        (catch Throwable cause
-          (on-error cause request respond))))))
+      (let [handler  (resolve-handler request)
+            exchange (yrq/exchange request)]
+        (handler
+         (fn [response]
+           (yt/dispatch! exchange (partial respond response)))
+         (fn [cause]
+           (let [response (on-error cause request)]
+             (yt/dispatch! exchange (partial respond response)))))))))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; HTTP ROUTER
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
-(s/def ::assets map?)
-(s/def ::awsns-handler fn?)
-(s/def ::debug-routes (s/nilable vector?))
-(s/def ::doc-routes (s/nilable vector?))
-(s/def ::feedback fn?)
-(s/def ::oauth map?)
-(s/def ::oidc-routes (s/nilable vector?))
-(s/def ::rpc-routes (s/nilable vector?))
-(s/def ::session ::session/session)
-(s/def ::storage map?)
-(s/def ::ws fn?)
-
 (defmethod ig/pre-init-spec ::router [_]
-  (s/keys :req-un [::mtx/metrics
-                   ::ws
-                   ::storage
-                   ::assets
-                   ::session
-                   ::feedback
-                   ::awsns-handler
-                   ::debug-routes
-                   ::oidc-routes
-                   ::rpc-routes
-                   ::doc-routes]))
+  (s/keys :req [::session/manager
+                ::ws/routes
+                ::rpc/routes
+                ::rpc.doc/routes
+                ::oidc/routes
+                ::main/props
+                ::assets/routes
+                ::debug/routes
+                ::db/pool
+                ::mtx/routes
+                ::awsns/routes]))
 
 (defmethod ig/init-key ::router
-  [_ {:keys [ws session metrics assets feedback] :as cfg}]
+  [_ cfg]
   (rr/router
    [["" {:middleware [[mw/server-timing]
-                      [mw/format-response]
                       [mw/params]
+                      [mw/format-response]
                       [mw/parse-request]
-                      [session/middleware-1 session]
+                      [session/soft-auth cfg]
+                      [actoken/soft-auth cfg]
                       [mw/errors errors/handle]
-                      [mw/restrict-methods]]}
+                      [mw/restrict-methods]
+                      [mw/with-dispatch :vthread]]}
 
-     ["/metrics" {:handler (::mtx/handler metrics)
-                  :allowed-methods #{:get}}]
-
-     ["/assets" {:middleware [[session/middleware-2 session]]}
-      ["/by-id/:id" {:handler (:objects-handler assets)}]
-      ["/by-file-media-id/:id" {:handler (:file-objects-handler assets)}]
-      ["/by-file-media-id/:id/thumbnail" {:handler (:file-thumbnails-handler assets)}]]
-
-     (:debug-routes cfg)
+     (::mtx/routes cfg)
+     (::assets/routes cfg)
+     (::debug/routes cfg)
 
      ["/webhooks"
-      ["/sns" {:handler (:awsns-handler cfg)
-               :allowed-methods #{:post}}]]
+      (::awsns/routes cfg)]
 
-     ["/ws/notifications" {:middleware [[session/middleware-2 session]]
-                           :handler ws
-                           :allowed-methods #{:get}}]
+     (::ws/routes cfg)
 
-     ["/api" {:middleware [[mw/cors]
-                           [session/middleware-2 session]]}
-      ["/feedback" {:handler feedback
-                    :allowed-methods #{:post}}]
-      (:doc-routes cfg)
-      (:oidc-routes cfg)
-      (:rpc-routes cfg)]]]))
+     ["/api" {:middleware [[mw/cors]]}
+      (::oidc/routes cfg)
+      (::rpc.doc/routes cfg)
+      (::rpc/routes cfg)]]]))

backend/src/app/http/access_token.clj

@@ -0,0 +1,84 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.http.access-token
+  (:require
+   [app.common.logging :as l]
+   [app.config :as cf]
+   [app.db :as db]
+   [app.main :as-alias main]
+   [app.tokens :as tokens]
+   [yetti.request :as yrq]))
+
+(def header-re #"^Token\s+(.*)")
+
+(defn- get-token
+  [request]
+  (some->> (yrq/get-header request "authorization")
+           (re-matches header-re)
+           (second)))
+
+(defn- decode-token
+  [props token]
+  (when token
+    (tokens/verify props {:token token :iss "access-token"})))
+
+(def sql:get-token-data
+  "SELECT perms, profile_id, expires_at
+     FROM access_token
+    WHERE id = ?
+      AND (expires_at IS NULL 
+           OR (expires_at > now()));")
+
+(defn- get-token-data
+  [pool token-id]
+  (when-not (db/read-only? pool)
+    (some-> (db/exec-one! pool [sql:get-token-data token-id])
+            (update :perms db/decode-pgarray #{}))))
+
+(defn- wrap-soft-auth
+  "Soft Authentication, will be executed synchronously on the undertow
+  worker thread."
+  [handler {:keys [::main/props]}]
+  (letfn [(handle-request [request]
+            (try
+              (let [token  (get-token request)
+                    claims (decode-token props token)]
+                (cond-> request
+                  (map? claims)
+                  (assoc ::id (:tid claims))))
+              (catch Throwable cause
+                (l/trace :hint "exception on decoding malformed token" :cause cause)
+                request)))]
+
+    (fn [request respond raise]
+      (let [request (handle-request request)]
+        (handler request respond raise)))))
+
+(defn- wrap-authz
+  "Authorization middleware, will be executed synchronously on vthread."
+  [handler {:keys [::db/pool]}]
+  (fn [request]
+    (let [{:keys [perms profile-id expires-at]} (some->> (::id request) (get-token-data pool))]
+      (handler (cond-> request
+                 (some? perms)
+                 (assoc ::perms perms)
+                 (some? profile-id)
+                 (assoc ::profile-id profile-id)
+                 (some? expires-at)
+                 (assoc ::expires-at expires-at))))))
+
+(def soft-auth
+  {:name ::soft-auth
+   :compile (fn [& _]
+              (when (contains? cf/flags :access-tokens)
+                wrap-soft-auth))})
+
+(def authz
+  {:name ::authz
+   :compile (fn [& _]
+              (when (contains? cf/flags :access-tokens)
+                wrap-authz))})

backend/src/app/http/assets.clj

@@ -7,19 +7,16 @@
 (ns app.http.assets
   "Assets related handlers."
   (:require
+   [app.common.data :as d]
    [app.common.exceptions :as ex]
    [app.common.spec :as us]
    [app.common.uri :as u]
    [app.db :as db]
-   [app.metrics :as mtx]
    [app.storage :as sto]
    [app.util.time :as dt]
-   [app.worker :as wrk]
    [clojure.spec.alpha :as s]
    [integrant.core :as ig]
-   [promesa.core :as p]
-   [promesa.exec :as px]
-   [yetti.response :as yrs]))
+   [yetti.response :as-alias yrs]))
 
 (def ^:private cache-max-age
   (dt/duration {:hours 24}))
@@ -27,105 +24,87 @@
 (def ^:private signature-max-age
   (dt/duration {:hours 24 :minutes 15}))
 
-(defn coerce-id
-  [id]
-  (let [res (parse-uuid id)]
-    (when-not (uuid? res)
+(defn get-id
+  [{:keys [path-params]}]
+  (or (some-> path-params :id d/parse-uuid)
       (ex/raise :type :not-found
-                :hint "object not found"))
-    res))
+                :hunt "object not found")))
 
 (defn- get-file-media-object
-  [{:keys [pool executor] :as storage} id]
-  (px/with-dispatch executor
-    (let [id   (coerce-id id)
-          mobj (db/exec-one! pool ["select * from file_media_object where id=?" id])]
-      (when-not mobj
-        (ex/raise :type :not-found
-                  :hint "object does not found"))
-      mobj)))
+  [pool id]
+  (db/get pool :file-media-object {:id id}))
+
+(defn- serve-object-from-s3
+  [{:keys [::sto/storage] :as cfg} obj]
+  (let [{:keys [host port] :as url} (sto/get-object-url storage obj {:max-age signature-max-age})]
+    {::yrs/status  307
+     ::yrs/headers {"location" (str url)
+                    "x-host"   (cond-> host port (str ":" port))
+                    "x-mtype"  (-> obj meta :content-type)
+                    "cache-control" (str "max-age=" (inst-ms cache-max-age))}}))
+
+(defn- serve-object-from-fs
+  [{:keys [::path]} obj]
+  (let [purl    (u/join (u/uri path)
+                        (sto/object->relative-path obj))
+        mdata   (meta obj)
+        headers {"x-accel-redirect" (:path purl)
+                 "content-type" (:content-type mdata)
+                 "cache-control" (str "max-age=" (inst-ms cache-max-age))}]
+    {::yrs/status 204
+     ::yrs/headers headers}))
 
 (defn- serve-object
   "Helper function that returns the appropriate response depending on
   the storage object backend type."
-  [{:keys [storage] :as cfg} obj]
-  (let [mdata   (meta obj)
-        backend (sto/resolve-backend storage (:backend obj))]
-    (case (:type backend)
-      :s3
-      (p/let [{:keys [host port] :as url} (sto/get-object-url storage obj {:max-age signature-max-age})]
-        (yrs/response :status  307
-                      :headers {"location" (str url)
-                                "x-host"   (cond-> host port (str ":" port))
-                                "x-mtype"  (:content-type mdata)
-                                "cache-control" (str "max-age=" (inst-ms cache-max-age))}))
-
-      :fs
-      (p/let [purl (u/uri (:assets-path cfg))
-              purl (u/join purl (sto/object->relative-path obj))]
-        (yrs/response :status  204
-                      :headers {"x-accel-redirect" (:path purl)
-                                "content-type" (:content-type mdata)
-                                "cache-control" (str "max-age=" (inst-ms cache-max-age))})))))
+  [{:keys [::sto/storage] :as cfg} {:keys [backend] :as obj}]
+  (let [backend (sto/resolve-backend storage backend)]
+    (case (::sto/type backend)
+      :s3 (serve-object-from-s3 cfg obj)
+      :fs (serve-object-from-fs cfg obj))))
 
 (defn objects-handler
   "Handler that servers storage objects by id."
-  [{:keys [storage executor] :as cfg} request respond raise]
-  (-> (px/with-dispatch executor
-        (p/let [id  (get-in request [:path-params :id])
-                id  (coerce-id id)
-                obj (sto/get-object storage id)]
-          (if obj
-            (serve-object cfg obj)
-            (yrs/response 404))))
-
-      (p/bind p/wrap)
-      (p/then' respond)
-      (p/catch raise)))
+  [{:keys [::sto/storage] :as cfg} request]
+  (let [id  (get-id request)
+        obj (sto/get-object storage id)]
+    (if obj
+      (serve-object cfg obj)
+      {::yrs/status 404})))
 
 (defn- generic-handler
   "A generic handler helper/common code for file-media based handlers."
-  [{:keys [storage] :as cfg} request kf]
-  (p/let [id   (get-in request [:path-params :id])
-          mobj (get-file-media-object storage id)
-          obj  (sto/get-object storage (kf mobj))]
-    (if obj
-      (serve-object cfg obj)
-      (yrs/response 404))))
+  [{:keys [::sto/storage] :as cfg} request kf]
+  (let [pool (::db/pool storage)
+        id   (get-id request)
+        mobj (get-file-media-object pool id)
+        sobj (sto/get-object storage (kf mobj))]
+    (if sobj
+      (serve-object cfg sobj)
+      {::yrs/status 404})))
 
 (defn file-objects-handler
   "Handler that serves storage objects by file media id."
-  [cfg request respond raise]
-  (-> (generic-handler cfg request :media-id)
-      (p/then respond)
-      (p/catch raise)))
+  [cfg request]
+  (generic-handler cfg request :media-id))
 
 (defn file-thumbnails-handler
   "Handler that serves storage objects by thumbnail-id and quick
   fallback to file-media-id if no thumbnail is available."
-  [cfg request respond raise]
-  (-> (generic-handler cfg request #(or (:thumbnail-id %) (:media-id %)))
-      (p/then respond)
-      (p/catch raise)))
+  [cfg request]
+  (generic-handler cfg request #(or (:thumbnail-id %) (:media-id %))))
 
 ;; --- Initialization
 
-(s/def ::storage some?)
-(s/def ::assets-path ::us/string)
-(s/def ::cache-max-age ::dt/duration)
-(s/def ::signature-max-age ::dt/duration)
+(s/def ::path ::us/string)
+(s/def ::routes vector?)
 
-(defmethod ig/pre-init-spec ::handlers [_]
-  (s/keys :req-un [::storage
-                   ::wrk/executor
-                   ::mtx/metrics
-                   ::assets-path
-                   ::cache-max-age
-                   ::signature-max-age]))
+(defmethod ig/pre-init-spec ::routes [_]
+  (s/keys :req [::sto/storage  ::path]))
 
-(defmethod ig/init-key ::handlers
+(defmethod ig/init-key ::routes
   [_ cfg]
-  {:objects-handler (partial objects-handler cfg)
-   :file-objects-handler (partial file-objects-handler cfg)
-   :file-thumbnails-handler (partial file-thumbnails-handler cfg)})
-
+  ["/assets"
+   ["/by-id/:id" {:handler (partial objects-handler cfg)}]
+   ["/by-file-media-id/:id" {:handler (partial file-objects-handler cfg)}]
+   ["/by-file-media-id/:id/thumbnail" {:handler (partial file-thumbnails-handler cfg)}]])

backend/src/app/http/awsns.clj

@@ -21,25 +21,27 @@
    [jsonista.core :as j]
    [promesa.exec :as px]
    [yetti.request :as yrq]
-   [yetti.response :as yrs]))
+   [yetti.response :as-alias yrs]))
 
 (declare parse-json)
 (declare handle-request)
 (declare parse-notification)
 (declare process-report)
 
-(defmethod ig/pre-init-spec ::handler [_]
+(defmethod ig/pre-init-spec ::routes [_]
   (s/keys :req [::http/client
                 ::main/props
                 ::db/pool
                 ::wrk/executor]))
 
-(defmethod ig/init-key ::handler
+(defmethod ig/init-key ::routes
   [_ {:keys [::wrk/executor] :as cfg}]
-  (fn [request respond _]
-    (let [data (-> request yrq/body slurp)]
-      (px/run! executor #(handle-request cfg data)))
-    (respond (yrs/response 200))))
+  (letfn [(handler [request respond _]
+            (let [data (-> request yrq/body slurp)]
+              (px/run! executor #(handle-request cfg data)))
+            (respond {::yrs/status 200}))]
+    ["/sns" {:handler handler
+             :allowed-methods #{:post}}]))
 
 (defn handle-request
   [cfg data]
@@ -105,8 +107,7 @@
   [cfg headers]
   (let [tdata (get headers "x-penpot-data")]
     (when-not (str/empty? tdata)
-      (let [sprops (::main/props cfg)
-            result (tokens/verify sprops {:token tdata :iss :profile-identity})]
+      (let [result (tokens/verify (::main/props cfg) {:token tdata :iss :profile-identity})]
         (:profile-id result)))))
 
 (defn- parse-notification

backend/src/app/http/client.clj

@@ -11,7 +11,8 @@
    [app.worker :as wrk]
    [clojure.spec.alpha :as s]
    [integrant.core :as ig]
-   [java-http-clj.core :as http])
+   [java-http-clj.core :as http]
+   [promesa.core :as p])
   (:import
    java.net.http.HttpClient))
 
@@ -34,14 +35,30 @@
    (us/assert! ::client client)
    (if sync?
      (http/send req {:client client :as response-type})
-     (http/send-async req {:client client :as response-type}))))
+     (try
+       (http/send-async req {:client client :as response-type})
+       (catch Throwable cause
+         (p/rejected cause))))))
+
+(defn- resolve-client
+  [params]
+  (cond
+    (instance? HttpClient params)
+    params
+
+    (map? params)
+    (resolve-client (::client params))
+
+    :else
+    (throw (UnsupportedOperationException. "invalid arguments"))))
 
 (defn req!
   "A convencience toplevel function for gradual migration to a new API
   convention."
-  ([{:keys [::client] :as holder} request]
-   (us/assert! ::client-holder holder)
-   (send! client request {}))
-  ([{:keys [::client] :as holder} request options]
-   (us/assert! ::client-holder holder)
-   (send! client request options)))
+  ([cfg-or-client request]
+   (let [client (resolve-client cfg-or-client)]
+     (send! client request {})))
+  ([cfg-or-client request options]
+   (let [client (resolve-client cfg-or-client)]
+     (send! client request options))))
+

backend/src/app/http/debug.clj

@@ -13,15 +13,14 @@
    [app.common.uuid :as uuid]
    [app.config :as cf]
    [app.db :as db]
-   [app.http.middleware :as mw]
    [app.http.session :as session]
    [app.rpc.commands.binfile :as binf]
-   [app.rpc.commands.files.create :refer [create-file]]
-   [app.rpc.queries.profile :as profile]
+   [app.rpc.commands.files-create :refer [create-file]]
+   [app.rpc.commands.profile :as profile]
+   [app.storage :as-alias sto]
    [app.util.blob :as blob]
    [app.util.template :as tmpl]
    [app.util.time :as dt]
-   [app.worker :as wrk]
    [clojure.spec.alpha :as s]
    [cuerdas.core :as str]
    [datoteka.io :as io]
@@ -39,36 +38,40 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
 (defn authorized?
-  [pool {:keys [profile-id]}]
+  [pool {:keys [::session/profile-id]}]
   (or (= "devenv" (cf/get :host))
-      (let [profile (ex/ignoring (profile/retrieve-profile-data pool profile-id))
+      (let [profile (ex/ignoring (profile/get-profile pool profile-id))
             admins  (or (cf/get :admins) #{})]
         (contains? admins (:email profile)))))
 
 (defn prepare-response
   [body]
   (let [headers {"content-type" "application/transit+json"}]
-    (yrs/response :status 200 :body body :headers headers)))
+    {::yrs/status 200
+     ::yrs/body body
+     ::yrs/headers headers}))
 
 (defn prepare-download-response
   [body filename]
   (let [headers {"content-disposition" (str "attachment; filename=" filename)
                  "content-type" "application/octet-stream"}]
-    (yrs/response :status 200 :body body :headers headers)))
+    {::yrs/status 200
+     ::yrs/body body
+     ::yrs/headers headers}))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; INDEX
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
 (defn index-handler
-  [{:keys [pool]} request]
+  [{:keys [::db/pool]} request]
   (when-not (authorized? pool request)
     (ex/raise :type :authentication
               :code :only-admins-allowed))
-  (yrs/response :status  200
-                :headers {"content-type" "text/html"}
-                :body    (-> (io/resource "app/templates/debug.tmpl")
-                             (tmpl/render {}))))
+  {::yrs/status  200
+   ::yrs/headers {"content-type" "text/html"}
+   ::yrs/body    (-> (io/resource "app/templates/debug.tmpl")
+                     (tmpl/render {}))})
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; FILE CHANGES
@@ -81,7 +84,7 @@
   "select revn, changes, data from file_change where file_id=? and revn = ?")
 
 (defn- retrieve-file-data
-  [{:keys [pool]} {:keys [params profile-id] :as request}]
+  [{:keys [::db/pool]} {:keys [params ::session/profile-id] :as request}]
   (when-not (authorized? pool request)
     (ex/raise :type :authentication
               :code :only-admins-allowed))
@@ -107,17 +110,19 @@
         (prepare-download-response data filename)
 
         (contains? params :clone)
-        (let [project-id (some-> (profile/retrieve-additional-data pool profile-id) :default-project-id)
-              data       (some-> data blob/decode)]
+        (let [profile    (profile/get-profile pool profile-id)
+              project-id (:default-project-id profile)
+              data       (blob/decode data)]
           (create-file pool {:id (uuid/next)
                              :name (str "Cloned file: " filename)
                              :project-id project-id
                              :profile-id profile-id
                              :data data})
-          (yrs/response 201 "OK CREATED"))
+          {::yrs/status 201
+           ::yrs/body "OK CREATED"})
 
         :else
-        (prepare-response (some-> data blob/decode))))))
+        (prepare-response (blob/decode data))))))
 
 (defn- is-file-exists?
   [pool id]
@@ -125,8 +130,9 @@
     (-> (db/exec-one! pool [sql id]) :exists)))
 
 (defn- upload-file-data
-  [{:keys [pool]} {:keys [profile-id params] :as request}]
-  (let [project-id (some-> (profile/retrieve-additional-data pool profile-id) :default-project-id)
+  [{:keys [::db/pool]} {:keys [::session/profile-id params] :as request}]
+  (let [profile    (profile/get-profile pool profile-id)
+        project-id (:default-project-id profile)
         data       (some-> params :file :path io/read-as-bytes blob/decode)]
 
     (if (and data project-id)
@@ -141,7 +147,8 @@
             (db/update! pool :file
                         {:data (blob/encode data)}
                         {:id file-id})
-            (yrs/response 200 "OK UPDATED"))
+            {::yrs/status 200
+             ::yrs/body "OK UPDATED"})
 
           (do
             (create-file pool {:id file-id
@@ -149,9 +156,11 @@
                                :project-id project-id
                                :profile-id profile-id
                                :data data})
-            (yrs/response 201 "OK CREATED"))))
+            {::yrs/status 201
+             ::yrs/body "OK CREATED"})))
 
-      (yrs/response 500 "ERROR"))))
+      {::yrs/status 500
+       ::yrs/body "ERROR"})))
 
 (defn file-data-handler
   [cfg request]
@@ -162,7 +171,7 @@
               :code :method-not-found)))
 
 (defn file-changes-handler
-  [{:keys [pool]} {:keys [params] :as request}]
+  [{:keys [::db/pool]} {:keys [params] :as request}]
   (when-not (authorized? pool request)
     (ex/raise :type :authentication
               :code :only-admins-allowed))
@@ -202,46 +211,53 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
 (defn error-handler
-  [{:keys [pool]} request]
-  (letfn [(parse-id [request]
-            (let [id (get-in request [:path-params :id])
-                  id (parse-uuid id)]
-              (when (uuid? id)
-                id)))
-
-          (retrieve-report [id]
+  [{:keys [::db/pool]} request]
+  (letfn [(get-report [{:keys [path-params]}]
             (ex/ignoring
-             (some-> (db/get-by-id pool :server-error-report id) :content db/decode-transit-pgobject)))
+             (let [report-id (some-> path-params :id parse-uuid)]
+               (some-> (db/get-by-id pool :server-error-report report-id)
+                       (update :content db/decode-transit-pgobject)))))
 
-          (render-template [report]
-            (let [context (dissoc report
+          (render-template-v1 [{:keys [content]}]
+            (let [context (dissoc content
                                   :trace :cause :params :data :spec-problems :message
                                   :spec-explain :spec-value :error :explain :hint)
                   params  {:context       (pp/pprint-str context :width 200)
-                           :hint          (:hint report)
-                           :spec-explain  (:spec-explain report)
-                           :spec-problems (:spec-problems report)
-                           :spec-value    (:spec-value report)
-                           :data          (:data report)
-                           :trace         (or (:trace report)
-                                              (some-> report :error :trace))
-                           :params        (:params report)}]
+                           :hint          (:hint content)
+                           :spec-explain  (:spec-explain content)
+                           :spec-problems (:spec-problems content)
+                           :spec-value    (:spec-value content)
+                           :data          (:data content)
+                           :trace         (or (:trace content)
+                                              (some-> content :error :trace))
+                           :params        (:params content)}]
               (-> (io/resource "app/templates/error-report.tmpl")
-                  (tmpl/render params))))]
+                  (tmpl/render params))))
+
+          (render-template-v2 [{report :content}]
+            (-> (io/resource "app/templates/error-report.v2.tmpl")
+                (tmpl/render report)))
+
+          (render-template-v3 [{report :content}]
+            (-> (io/resource "app/templates/error-report.v3.tmpl")
+                (tmpl/render report)))
+          ]
 
     (when-not (authorized? pool request)
       (ex/raise :type :authentication
                 :code :only-admins-allowed))
 
-    (let [result (some-> (parse-id request)
-                         (retrieve-report)
-                         (render-template))]
-      (if result
-        (yrs/response :status 200
-                      :body result
-                      :headers {"content-type" "text/html; charset=utf-8"
-                                "x-robots-tag" "noindex"})
-        (yrs/response 404 "not found")))))
+    (if-let [report (get-report request)]
+      (let [result (case (:version report)
+                     1 (render-template-v1 report)
+                     2 (render-template-v2 report)
+                     3 (render-template-v3 report))]
+        {::yrs/status 200
+         ::yrs/body result
+         ::yrs/headers {"content-type" "text/html; charset=utf-8"
+                        "x-robots-tag" "noindex"}})
+      {::yrs/status 404
+       ::yrs/body "not found"})))
 
 (def sql:error-reports
   "SELECT id, created_at,
@@ -251,24 +267,24 @@
     LIMIT 100")
 
 (defn error-list-handler
-  [{:keys [pool]} request]
+  [{:keys [::db/pool]} request]
   (when-not (authorized? pool request)
     (ex/raise :type :authentication
               :code :only-admins-allowed))
   (let [items (->> (db/exec! pool [sql:error-reports])
                    (map #(update % :created-at dt/format-instant :rfc1123)))]
-    (yrs/response :status 200
-                  :body (-> (io/resource "app/templates/error-list.tmpl")
-                            (tmpl/render {:items items}))
-                  :headers {"content-type" "text/html; charset=utf-8"
-                            "x-robots-tag" "noindex"})))
+    {::yrs/status 200
+     ::yrs/body (-> (io/resource "app/templates/error-list.tmpl")
+                    (tmpl/render {:items items}))
+     ::yrs/headers {"content-type" "text/html; charset=utf-8"
+                    "x-robots-tag" "noindex"}}))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; EXPORT/IMPORT
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
 (defn export-handler
-  [{:keys [pool] :as cfg} {:keys [params profile-id] :as request}]
+  [{:keys [::db/pool] :as cfg} {:keys [params ::session/profile-id] :as request}]
 
   (let [file-ids (->> (:file-ids params)
                       (remove empty?)
@@ -287,7 +303,8 @@
                    (assoc ::binf/include-libraries? libs?)
                    (binf/export-to-tmpfile!))]
       (if clone?
-        (let [project-id (some-> (profile/retrieve-additional-data pool profile-id) :default-project-id)]
+        (let [profile    (profile/get-profile pool profile-id)
+              project-id (:default-project-id profile)]
           (binf/import!
            (assoc cfg
                   ::binf/input path
@@ -296,28 +313,28 @@
                   ::binf/profile-id profile-id
                   ::binf/project-id project-id))
 
-          (yrs/response
-           :status  200
-           :headers {"content-type" "text/plain"}
-           :body    "OK CLONED"))
+          {::yrs/status  200
+           ::yrs/headers {"content-type" "text/plain"}
+           ::yrs/body    "OK CLONED"})
+
+        {::yrs/status  200
+         ::yrs/body    (io/input-stream path)
+         ::yrs/headers {"content-type" "application/octet-stream"
+                        "content-disposition" (str "attachmen; filename=" (first file-ids) ".penpot")}}))))
 
-        (yrs/response
-         :status  200
-         :headers {"content-type" "application/octet-stream"
-                   "content-disposition" (str "attachmen; filename=" (first file-ids) ".penpot")}
-         :body    (io/input-stream path))))))
 
 
 (defn import-handler
-  [{:keys [pool] :as cfg} {:keys [params profile-id] :as request}]
+  [{:keys [::db/pool] :as cfg} {:keys [params ::session/profile-id] :as request}]
   (when-not (contains? params :file)
     (ex/raise :type :validation
               :code :missing-upload-file
               :hint "missing upload file"))
 
-  (let [project-id (some-> (profile/retrieve-additional-data pool profile-id) :default-project-id)
+  (let [profile    (profile/get-profile pool profile-id)
+        project-id (:default-project-id profile)
         overwrite? (contains? params :overwrite)
-        migrate? (contains? params :migrate)
+        migrate?   (contains? params :migrate)
         ignore-index-errors? (contains? params :ignore-index-errors)]
 
     (when-not project-id
@@ -334,10 +351,9 @@
             ::binf/profile-id profile-id
             ::binf/project-id project-id))
 
-    (yrs/response
-     :status  200
-     :headers {"content-type" "text/plain"}
-     :body    "OK")))
+    {::yrs/status  200
+     ::yrs/headers {"content-type" "text/plain"}
+     ::yrs/body    "OK"}))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; OTHER SMALL VIEWS/HANDLERS
@@ -345,15 +361,16 @@
 
 (defn health-handler
   "Mainly a task that performs a health check."
-  [{:keys [pool]} _]
-  (db/with-atomic [conn pool]
-    (try
-      (db/exec-one! conn ["select count(*) as count from server_prop;"])
-      (yrs/response 200 "OK")
-      (catch Throwable cause
-        (l/warn :hint "unable to execute query on health handler"
-                :cause cause)
-        (yrs/response 503 "KO")))))
+  [{:keys [::db/pool]} _]
+  (try
+    (db/exec-one! pool ["select count(*) as count from server_prop;"])
+    {::yrs/status 200
+     ::yrs/body "OK"}
+    (catch Throwable cause
+      (l/warn :hint "unable to execute query on health handler"
+              :cause cause)
+      {::yrs/status 503
+       ::yrs/body "KO"})))
 
 (defn changelog-handler
   [_ _]
@@ -362,10 +379,11 @@
           (md->html [text]
             (md/md-to-html-string text :replacement-transformers (into [transform-emoji] mdt/transformer-vector)))]
     (if-let [clog (io/resource "changelog.md")]
-      (yrs/response :status 200
-                    :headers {"content-type" "text/html; charset=utf-8"}
-                    :body (-> clog slurp md->html))
-      (yrs/response :status 404 :body "NOT FOUND"))))
+      {::yrs/status 200
+       ::yrs/headers {"content-type" "text/html; charset=utf-8"}
+       ::yrs/body (-> clog slurp md->html)}
+      {::yrs/status 404
+       ::yrs/body "NOT FOUND"})))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; INIT
@@ -375,32 +393,26 @@
   {:compile
    (fn [& _]
      (fn [handler pool]
-       (fn [request respond raise]
+       (fn [request]
          (if (authorized? pool request)
-           (handler request respond raise)
-           (raise (ex/error :type :authentication
-                            :code :only-admins-allowed))))))})
-
+           (handler request)
+           (ex/raise :type :authentication
+                     :code :only-admins-allowed)))))})
 
 (defmethod ig/pre-init-spec ::routes [_]
-  (s/keys :req-un [::db/pool ::wrk/executor ::session/session]))
+  (s/keys :req [::db/pool ::session/manager]))
 
 (defmethod ig/init-key ::routes
-  [_ {:keys [session pool executor] :as cfg}]
-  [["/readyz" {:middleware [[mw/with-dispatch executor]
-                            [mw/with-config cfg]]
-               :handler health-handler}]
-   ["/dbg" {:middleware [[session/middleware-2 session]
-                         [with-authorization pool]
-                         [mw/with-dispatch executor]
-                         [mw/with-config cfg]]}
-    ["" {:handler index-handler}]
-    ["/health" {:handler health-handler}]
-    ["/changelog" {:handler changelog-handler}]
-    ;; ["/error-by-id/:id" {:handler error-handler}]
-    ["/error/:id" {:handler error-handler}]
-    ["/error" {:handler error-list-handler}]
-    ["/file/export" {:handler export-handler}]
-    ["/file/import" {:handler import-handler}]
-    ["/file/data" {:handler file-data-handler}]
-    ["/file/changes" {:handler file-changes-handler}]]])
+  [_ {:keys [::db/pool] :as cfg}]
+  [["/readyz" {:handler (partial health-handler cfg)}]
+   ["/dbg" {:middleware [[session/authz cfg]
+                         [with-authorization pool]]}
+    ["" {:handler (partial index-handler cfg)}]
+    ["/health" {:handler (partial health-handler cfg)}]
+    ["/changelog" {:handler (partial changelog-handler cfg)}]
+    ["/error/:id" {:handler (partial error-handler cfg)}]
+    ["/error" {:handler (partial error-list-handler cfg)}]
+    ["/file/export" {:handler (partial export-handler cfg)}]
+    ["/file/import" {:handler (partial import-handler cfg)}]
+    ["/file/data" {:handler (partial file-data-handler cfg)}]
+    ["/file/changes" {:handler (partial file-changes-handler cfg)}]]])

backend/src/app/http/errors.clj

@@ -7,37 +7,37 @@
 (ns app.http.errors
   "A errors handling for the http server."
   (:require
-   [app.common.data :as d]
    [app.common.exceptions :as ex]
    [app.common.logging :as l]
+   [app.common.schema :as sm]
    [app.http :as-alias http]
+   [app.http.access-token :as-alias actoken]
+   [app.http.session :as-alias session]
    [clojure.spec.alpha :as s]
    [cuerdas.core :as str]
    [yetti.request :as yrq]
    [yetti.response :as yrs]))
 
-(def ^:dynamic *context* {})
-
 (defn- parse-client-ip
   [request]
   (or (some-> (yrq/get-header request "x-forwarded-for") (str/split ",") first)
       (yrq/get-header request "x-real-ip")
       (yrq/remote-addr request)))
 
-(defn get-context
+(defn request->context
+  "Extracts error report relevant context data from request."
   [request]
-  (let [claims (:session-token-claims request)]
-    (merge
-     *context*
-     {:path          (:path request)
-      :method        (:method request)
-      :params        (:params request)
-      :ip-addr       (parse-client-ip request)}
-     (d/without-nils
-      {:user-agent (yrq/get-header request "user-agent")
-       :frontend-version (or (yrq/get-header request "x-frontend-version")
-                             "unknown")
-       :profile-id   (:uid claims)}))))
+  (let [claims (-> {}
+                   (into (::session/token-claims request))
+                   (into (::actoken/token-claims request)))]
+    {:path       (:path request)
+     :method     (:method request)
+     :params     (:params request)
+     :ip-addr    (parse-client-ip request)
+     :user-agent (yrq/get-header request "user-agent")
+     :profile-id (:uid claims)
+     :version    (or (yrq/get-header request "x-frontend-version")
+                     "unknown")}))
 
 (defmulti handle-exception
   (fn [err & _rest]
@@ -47,16 +47,30 @@
 
 (defmethod handle-exception :authentication
   [err _]
-  (yrs/response 401 (ex-data err)))
+  {::yrs/status 401
+   ::yrs/body (ex-data err)})
+
+(defmethod handle-exception :authorization
+  [err _]
+  {::yrs/status 403
+   ::yrs/body (ex-data err)})
 
 (defmethod handle-exception :restriction
   [err _]
-  (yrs/response 400 (ex-data err)))
+  {::yrs/status 400
+   ::yrs/body (ex-data err)})
 
 (defmethod handle-exception :rate-limit
   [err _]
   (let [headers (-> err ex-data ::http/headers)]
-    (yrs/response :status 429 :body "" :headers headers)))
+    {::yrs/status 429
+     ::yrs/headers headers}))
+
+(defmethod handle-exception :concurrency-limit
+  [err _]
+  (let [headers (-> err ex-data ::http/headers)]
+    {::yrs/status 429
+     ::yrs/headers headers}))
 
 (defmethod handle-exception :validation
   [err _]
@@ -64,74 +78,99 @@
     (cond
       (= code :spec-validation)
       (let [explain (ex/explain data)]
-        (yrs/response :status 400
-                      :body   (-> data
-                                  (dissoc ::s/problems ::s/value)
-                                  (cond-> explain (assoc :explain explain)))))
+        {::yrs/status 400
+         ::yrs/body   (-> data
+                          (dissoc ::s/problems ::s/value)
+                          (cond-> explain (assoc :explain explain)))})
+
+      (= code :params-validation)
+      (let [explain (::sm/explain data)
+            payload (sm/humanize-data explain)]
+        {::yrs/status 400
+         ::yrs/body   (-> data
+                          (dissoc ::sm/explain)
+                          (assoc :data payload))})
 
       (= code :request-body-too-large)
-      (yrs/response :status 413 :body data)
+      {::yrs/status 413 ::yrs/body data}
 
       :else
-      (yrs/response :status 400 :body data))))
+      {::yrs/status 400 ::yrs/body data})))
 
 (defmethod handle-exception :assertion
   [error request]
-  (let [edata   (ex-data error)
-        explain (ex/explain edata)]
-    (l/error :hint (ex-message error)
-             :cause error
-             ::l/context (get-context request))
-    (yrs/response :status 500
-                  :body   {:type :server-error
-                           :code :assertion
-                           :data (-> edata
-                                     (dissoc ::s/problems ::s/value ::s/spec)
-                                     (cond-> explain (assoc :explain explain)))})))
+  (binding [l/*context* (request->context request)]
+    (let [{:keys [code] :as data} (ex-data error)]
+      (cond
+        (= code :data-validation)
+        (let [explain (::sm/explain data)
+              payload (sm/humanize-data explain)]
+          (l/error :hint "Data assertion error" :message (ex-message error) :cause error)
+          {::yrs/status 500
+           ::yrs/body   {:type :server-error
+                         :code :assertion
+                         :data (-> data
+                                   (dissoc ::sm/explain)
+                                   (assoc :data payload))}})
+
+        (= code :spec-validation)
+        (let [explain (ex/explain data)]
+          (l/error :hint "Spec assertion error" :message (ex-message error) :cause error)
+          {::yrs/status 500
+           ::yrs/body   {:type :server-error
+                         :code :assertion
+                         :data (-> data
+                                   (dissoc ::s/problems ::s/value ::s/spec)
+                                   (cond-> explain (assoc :explain explain)))}})
+
+        :else
+        (do
+          (l/error :hint "Assertion error" :message (ex-message error) :cause error)
+          {::yrs/status 500
+           ::yrs/body   {:type :server-error
+                         :code :assertion
+                         :data data}})))))
+
 
 (defmethod handle-exception :not-found
   [err _]
-  (yrs/response 404 (ex-data err)))
+  {::yrs/status 404
+   ::yrs/body (ex-data err)})
 
 (defmethod handle-exception :internal
   [error request]
-  (let [{:keys [code] :as edata} (ex-data error)]
-    (cond
-      (= :concurrency-limit-reached code)
-      (yrs/response 429)
-
-      :else
-      (do
-        (l/error :hint (ex-message error)
-                 :cause error
-                 ::l/context (get-context request))
-        (yrs/response 500 {:type :server-error
-                           :code :unhandled
-                           :hint (ex-message error)
-                           :data edata})))))
+  (binding [l/*context* (request->context request)]
+    (l/error :hint "Internal error" :message (ex-message error) :cause error)
+    {::yrs/status 500
+     ::yrs/body {:type :server-error
+                 :code :unhandled
+                 :hint (ex-message error)
+                 :data (ex-data error)}}))
 
 (defmethod handle-exception org.postgresql.util.PSQLException
   [error request]
   (let [state (.getSQLState ^java.sql.SQLException error)]
-    (l/error :hint (ex-message error)
-             :cause error
-             ::l/context (get-context request))
-    (cond
-      (= state "57014")
-      (yrs/response 504 {:type :server-error
-                         :code :statement-timeout
-                         :hint (ex-message error)})
+    (binding [l/*context* (request->context request)]
+      (l/error :hint "PSQL error" :message (ex-message error) :cause error)
+      (cond
+        (= state "57014")
+        {::yrs/status 504
+         ::yrs/body {:type :server-error
+                     :code :statement-timeout
+                     :hint (ex-message error)}}
 
-      (= state "25P03")
-      (yrs/response 504 {:type :server-error
-                         :code :idle-in-transaction-timeout
-                         :hint (ex-message error)})
+        (= state "25P03")
+        {::yrs/status 504
+         ::yrs/body {:type :server-error
+                     :code :idle-in-transaction-timeout
+                     :hint (ex-message error)}}
 
-      :else
-      (yrs/response 500 {:type :server-error
-                         :code :unexpected
-                         :hint (ex-message error)
-                         :state state}))))
+        :else
+        {::yrs/status 500
+         ::yrs/body {:type :server-error
+                     :code :unexpected
+                     :hint (ex-message error)
+                     :state state}}))))
 
 (defmethod handle-exception :default
   [error request]
@@ -139,13 +178,12 @@
     (cond
       ;; This means that exception is not a controlled exception.
       (nil? edata)
-      (do
-        (l/error :hint (ex-message error)
-                 :cause error
-                 ::l/context (get-context request))
-        (yrs/response 500 {:type :server-error
-                           :code :unexpected
-                           :hint (ex-message error)}))
+      (binding [l/*context* (request->context request)]
+        (l/error :hint "Unexpected error" :message (ex-message error) :cause error)
+        {::yrs/status 500
+         ::yrs/body {:type :server-error
+                     :code :unexpected
+                     :hint (ex-message error)}})
 
       ;; This is a special case for the idle-in-transaction error;
       ;; when it happens, the connection is automatically closed and
@@ -157,27 +195,17 @@
       (handle-exception (:handling edata) request)
 
       :else
-      (do
-        (l/error :hint (ex-message error)
-                 :cause error
-                 ::l/context (get-context request))
-        (yrs/response 500 {:type :server-error
-                           :code :unhandled
-                           :hint (ex-message error)
-                           :data edata})))))
+      (binding [l/*context* (request->context request)]
+        (l/error :hint "Unhandled error" :message (ex-message error) :cause error)
+        {::yrs/status 500
+         ::yrs/body {:type :server-error
+                     :code :unhandled
+                     :hint (ex-message error)
+                     :data edata}}))))
 
 (defn handle
   [cause request]
-  (cond
-    (or (instance? java.util.concurrent.CompletionException cause)
-        (instance? java.util.concurrent.ExecutionException cause))
-    (handle-exception (.getCause ^Throwable cause) request)
-
-    (ex/wrapped? cause)
-    (let [context (meta cause)
-          cause   (deref cause)]
-      (binding [*context* context]
-        (handle-exception cause request)))
-
-    :else
+  (if (or (instance? java.util.concurrent.CompletionException cause)
+          (instance? java.util.concurrent.ExecutionException cause))
+    (handle-exception (ex-cause cause) request)
     (handle-exception cause request)))

backend/src/app/http/feedback.clj

@@ -1,80 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.http.feedback
-  "A general purpose feedback module."
-  (:require
-   [app.common.data :as d]
-   [app.common.exceptions :as ex]
-   [app.common.spec :as us]
-   [app.config :as cf]
-   [app.db :as db]
-   [app.emails :as eml]
-   [app.rpc.queries.profile :as profile]
-   [app.worker :as wrk]
-   [clojure.spec.alpha :as s]
-   [integrant.core :as ig]
-   [promesa.core :as p]
-   [promesa.exec :as px]
-   [yetti.request :as yrq]
-   [yetti.response :as yrs]))
-
-(declare ^:private send-feedback)
-(declare ^:private handler)
-
-(defmethod ig/pre-init-spec ::handler [_]
-  (s/keys :req-un [::db/pool ::wrk/executor]))
-
-(defmethod ig/init-key ::handler
-  [_ {:keys [executor] :as cfg}]
-  (let [enabled? (contains? cf/flags :user-feedback)]
-    (if enabled?
-      (fn [request respond raise]
-        (-> (px/submit! executor #(handler cfg request))
-            (p/then' respond)
-            (p/catch raise)))
-      (fn [_ _ raise]
-        (raise (ex/error :type :validation
-                         :code :feedback-disabled
-                         :hint "feedback module is disabled"))))))
-
-(defn- handler
-  [{:keys [pool] :as cfg} {:keys [profile-id] :as request}]
-  (let [ftoken (cf/get :feedback-token ::no-token)
-        token  (yrq/get-header request "x-feedback-token")
-        params (d/merge (:params request)
-                        (:body-params request))]
-    (cond
-      (uuid? profile-id)
-      (let [profile (profile/retrieve-profile-data pool profile-id)
-            params  (assoc params :from (:email profile))]
-        (send-feedback pool profile params))
-
-      (= token ftoken)
-      (send-feedback cfg nil params))
-
-    (yrs/response 204)))
-
-(s/def ::content ::us/string)
-(s/def ::from    ::us/email)
-(s/def ::subject ::us/string)
-(s/def ::feedback
-  (s/keys :req-un [::from ::subject ::content]))
-
-(defn- send-feedback
-  [pool profile params]
-  (let [params      (us/conform ::feedback params)
-        destination (cf/get :feedback-destination)]
-    (eml/send! {::eml/conn pool
-                ::eml/factory eml/feedback
-                :from     destination
-                :to       destination
-                :profile  profile
-                :reply-to (:from params)
-                :email    (:from params)
-                :subject  (:subject params)
-                :content  (:content params)})
-    nil))

backend/src/app/http/middleware.clj

@@ -14,6 +14,7 @@
    [cuerdas.core :as str]
    [promesa.core :as p]
    [promesa.exec :as px]
+   [promesa.util :as pu]
    [yetti.adapter :as yt]
    [yetti.middleware :as ymw]
    [yetti.request :as yrq]
@@ -22,7 +23,10 @@
    com.fasterxml.jackson.core.JsonParseException
    com.fasterxml.jackson.core.io.JsonEOFException
    io.undertow.server.RequestTooBigException
-   java.io.OutputStream))
+   java.io.OutputStream
+   java.io.InputStream))
+
+(set! *warn-on-reflection* true)
 
 (def server-timing
   {:name ::server-timing
@@ -44,14 +48,14 @@
             (let [header (yrq/get-header request "content-type")]
               (cond
                 (str/starts-with? header "application/transit+json")
-                (with-open [is (yrq/body request)]
+                (with-open [^InputStream is (yrq/body request)]
                   (let [params (t/read! (t/reader is))]
                     (-> request
                         (assoc :body-params params)
                         (update :params merge params))))
 
                 (str/starts-with? header "application/json")
-                (with-open [is (yrq/body request)]
+                (with-open [^InputStream is (yrq/body request)]
                   (let [params (json/decode is json-mapper)]
                     (-> request
                         (assoc :body-params params)
@@ -62,6 +66,11 @@
 
           (handle-error [raise cause]
             (cond
+              (instance? RuntimeException cause)
+              (if-let [cause (ex-cause cause)]
+                (handle-error raise cause)
+                (raise cause))
+
               (instance? RequestTooBigException cause)
               (raise (ex/error :type :validation
                                :code :request-body-too-large
@@ -78,12 +87,11 @@
               (raise cause)))]
 
     (fn [request respond raise]
-      (when-let [request (try
-                           (process-request request)
-                           (catch RuntimeException cause
-                             (handle-error raise (or (.getCause cause) cause)))
-                           (catch Throwable cause
-                             (handle-error raise cause)))]
+      (if (= (yrq/method request) :post)
+        (let [request (ex/try! (process-request request))]
+          (if (ex/exception? request)
+            (handle-error raise request)
+            (handler request respond raise)))
         (handler request respond raise)))))
 
 (def parse-request
@@ -95,12 +103,7 @@
   needed because transit-java calls flush very aggresivelly on each
   object write."
   [^java.io.OutputStream os ^long chunk-size]
-  (proxy [java.io.BufferedOutputStream] [os (int chunk-size)]
-    ;; Explicitly do not forward flush
-    (flush [])
-    (close []
-      (proxy-super flush)
-      (proxy-super close))))
+  (yetti.util.BufferedOutputStream. os (int chunk-size)))
 
 (def ^:const buffer-size (:xnio/buffer-size yt/defaults))
 
@@ -110,13 +113,10 @@
             (reify yrs/StreamableResponseBody
               (-write-body-to-stream [_ _ output-stream]
                 (try
-                  (with-open [bos (buffered-output-stream output-stream buffer-size)]
+                  (with-open [^OutputStream bos (buffered-output-stream output-stream buffer-size)]
                     (let [tw (t/writer bos opts)]
                       (t/write! tw data)))
-
-                  (catch java.io.IOException _cause
-                    ;; Do nothing, EOF means client closes connection abruptly
-                    nil)
+                  (catch java.io.IOException _)
                   (catch Throwable cause
                     (l/warn :hint "unexpected error on encoding response"
                             :cause cause))
@@ -127,13 +127,10 @@
             (reify yrs/StreamableResponseBody
               (-write-body-to-stream [_ _ output-stream]
                 (try
-
-                  (with-open [bos (buffered-output-stream output-stream buffer-size)]
+                  (with-open [^OutputStream bos (buffered-output-stream output-stream buffer-size)]
                     (json/write! bos data json-mapper))
 
-                  (catch java.io.IOException _cause
-                    ;; Do nothing, EOF means client closes connection abruptly
-                    nil)
+                  (catch java.io.IOException _)
                   (catch Throwable cause
                     (l/warn :hint "unexpected error on encoding response"
                             :cause cause))
@@ -141,15 +138,15 @@
                     (.close ^OutputStream output-stream))))))
 
           (format-response-with-json [response _]
-            (let [body (yrs/body response)]
+            (let [body (::yrs/body response)]
               (if (or (boolean? body) (coll? body))
                 (-> response
-                    (update :headers assoc "content-type" "application/json")
-                    (assoc :body (json-streamable-body body)))
+                    (update ::yrs/headers assoc "content-type" "application/json")
+                    (assoc ::yrs/body (json-streamable-body body)))
                 response)))
 
           (format-response-with-transit [response request]
-            (let [body (yrs/body response)]
+            (let [body (::yrs/body response)]
               (if (or (boolean? body) (coll? body))
                 (let [qs   (yrq/query request)
                       opts (if (or (contains? cf/flags :transit-readable-response)
@@ -157,12 +154,17 @@
                              {:type :json-verbose}
                              {:type :json})]
                   (-> response
-                      (update :headers assoc "content-type" "application/transit+json")
-                      (assoc :body (transit-streamable-body body opts))))
+                      (update ::yrs/headers assoc "content-type" "application/transit+json")
+                      (assoc ::yrs/body (transit-streamable-body body opts))))
                 response)))
 
+          (format-from-params [{:keys [query-params] :as request}]
+            (and (= "json" (get query-params :_fmt))
+                 "application/json"))
+
           (format-response [response request]
-            (let [accept (yrq/get-header request "accept")]
+            (let [accept (or (format-from-params request)
+                             (yrq/get-header request "accept"))]
               (cond
                 (or (= accept "application/transit+json")
                     (str/includes? accept "application/transit+json"))
@@ -182,8 +184,7 @@
     (fn [request respond raise]
       (handler request
                (fn [response]
-                 (let [response (process-response response request)]
-                   (respond response)))
+                 (respond (process-response response request)))
                raise))))
 
 (def format-response
@@ -192,74 +193,59 @@
 
 (defn wrap-errors
   [handler on-error]
-  (fn [request respond _]
+  (fn [request respond raise]
     (handler request respond (fn [cause]
-                               (-> cause (on-error request) respond)))))
+                               (try
+                                 (respond (on-error cause request))
+                                 (catch Throwable cause
+                                   (raise cause)))))))
 
 (def errors
   {:name ::errors
    :compile (constantly wrap-errors)})
 
+(defn- with-cors-headers
+  [headers origin]
+  (-> headers
+      (assoc "access-control-allow-origin" origin)
+      (assoc "access-control-allow-methods" "GET,POST,DELETE,OPTIONS,PUT,HEAD,PATCH")
+      (assoc "access-control-allow-credentials" "true")
+      (assoc "access-control-expose-headers" "x-requested-with, content-type, cookie")
+      (assoc "access-control-allow-headers" "x-frontend-version, content-type, accept, x-requested-width")))
+
 (defn wrap-cors
   [handler]
-  (if-not (contains? cf/flags :cors)
-    handler
-    (letfn [(add-headers [headers request]
-              (let [origin (yrq/get-header request "origin")]
-                (-> headers
-                    (assoc "access-control-allow-origin" origin)
-                    (assoc "access-control-allow-methods" "GET,POST,DELETE,OPTIONS,PUT,HEAD,PATCH")
-                    (assoc "access-control-allow-credentials" "true")
-                    (assoc "access-control-expose-headers" "x-requested-with, content-type, cookie")
-                    (assoc "access-control-allow-headers" "x-frontend-version, content-type, accept, x-requested-width"))))
-
-            (update-response [response request]
-              (update response :headers add-headers request))]
-
-      (fn [request respond raise]
-        (if (= (yrq/method request) :options)
-          (-> (yrs/response 200)
-              (update-response request)
-              (respond))
-          (handler request
-                   (fn [response]
-                     (respond (update-response response request)))
-                   raise))))))
+  (fn [request]
+    (let [response (if (= (yrq/method request) :options)
+                     {::yrs/status 200}
+                     (handler request))
+          origin   (yrq/get-header request "origin")]
+      (update response ::yrs/headers with-cors-headers origin))))
 
 (def cors
   {:name ::cors
-   :compile (constantly wrap-cors)})
-
-(defn compile-restrict-methods
-  [data _]
-  (when-let [allowed (:allowed-methods data)]
-    (fn [handler]
-      (fn [request respond raise]
-        (let [method (yrq/method request)]
-          (if (contains? allowed method)
-            (handler request respond raise)
-            (respond (yrs/response 405))))))))
+   :compile (fn [& _]
+              (when (contains? cf/flags :cors)
+                wrap-cors))})
 
 (def restrict-methods
   {:name ::restrict-methods
-   :compile compile-restrict-methods})
+   :compile
+   (fn [data _]
+     (when-let [allowed (:allowed-methods data)]
+       (fn [handler]
+         (fn [request respond raise]
+           (let [method (yrq/method request)]
+             (if (contains? allowed method)
+               (handler request respond raise)
+               (respond {::yrs/status 405})))))))})
 
 (def with-dispatch
   {:name ::with-dispatch
    :compile
    (fn [& _]
      (fn [handler executor]
-       (fn [request respond raise]
-         (-> (px/submit! executor #(handler request))
-             (p/bind p/wrap)
-             (p/then respond)
-             (p/catch raise)))))})
-
-(def with-config
-  {:name ::with-config
-   :compile
-   (fn [& _]
-     (fn [handler config]
-       (fn
-         ([request] (handler config request))
-         ([request respond raise] (handler config request respond raise)))))})
+       (let [executor (px/resolve-executor executor)]
+         (fn [request respond raise]
+           (->> (px/submit! executor (partial handler request))
+                (p/fnly (pu/handler respond raise)))))))})

backend/src/app/http/session.clj

@@ -9,16 +9,17 @@
   (:require
    [app.common.data :as d]
    [app.common.logging :as l]
+   [app.common.spec :as us]
    [app.config :as cf]
    [app.db :as db]
    [app.db.sql :as sql]
+   [app.http.session.tasks :as-alias tasks]
+   [app.main :as-alias main]
    [app.tokens :as tokens]
    [app.util.time :as dt]
-   [app.worker :as wrk]
    [clojure.spec.alpha :as s]
+   [cuerdas.core :as str]
    [integrant.core :as ig]
-   [promesa.core :as p]
-   [promesa.exec :as px]
    [yetti.request :as yrq]))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -44,98 +45,83 @@
 
 (defprotocol ISessionManager
   (read [_ key])
-  (decode [_ key])
   (write! [_ key data])
   (update! [_ data])
   (delete! [_ key]))
 
-(s/def ::session #(satisfies? ISessionManager %))
+(s/def ::manager #(satisfies? ISessionManager %))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; STORAGE IMPL
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
+(s/def ::session-params
+  (s/keys :req-un [::user-agent
+                   ::profile-id
+                   ::created-at]))
+
 (defn- prepare-session-params
-  [sprops data]
-  (let [profile-id (:profile-id data)
-        user-agent (:user-agent data)
-        created-at (or (:created-at data) (dt/now))
-        token      (tokens/generate sprops {:iss "authentication"
-                                            :iat created-at
-                                            :uid profile-id})]
-    {:user-agent user-agent
-     :profile-id profile-id
-     :created-at created-at
-     :updated-at created-at
-     :id token}))
+  [key params]
+  (us/assert! ::us/not-empty-string key)
+  (us/assert! ::session-params params)
+
+  {:user-agent (:user-agent params)
+   :profile-id (:profile-id params)
+   :created-at (:created-at params)
+   :updated-at (:created-at params)
+   :id key})
 
 (defn- database-manager
-  [{:keys [pool sprops executor]}]
+  [pool]
   (reify ISessionManager
     (read [_ token]
-      (px/with-dispatch executor
-        (db/exec-one! pool (sql/select :http-session {:id token}))))
+      (db/exec-one! pool (sql/select :http-session {:id token})))
 
-    (decode [_ token]
-      (px/with-dispatch executor
-        (tokens/verify sprops {:token token :iss "authentication"})))
+    (write! [_ key params]
+      (let [params (prepare-session-params key params)]
+        (db/insert! pool :http-session params)
+        params))
 
-    (write! [_ _ data]
-      (px/with-dispatch executor
-        (let [params (prepare-session-params sprops data)]
-          (db/insert! pool :http-session params)
-          params)))
-
-    (update! [_ data]
+    (update! [_ params]
       (let [updated-at (dt/now)]
-        (px/with-dispatch executor
-          (db/update! pool :http-session
-                      {:updated-at updated-at}
-                      {:id (:id data)})
-          (assoc data :updated-at updated-at))))
+        (db/update! pool :http-session
+                    {:updated-at updated-at}
+                    {:id (:id params)})
+        (assoc params :updated-at updated-at)))
 
     (delete! [_ token]
-      (px/with-dispatch executor
-        (db/delete! pool :http-session {:id token})
-        nil))))
+      (db/delete! pool :http-session {:id token})
+      nil)))
 
 (defn inmemory-manager
-  [{:keys [sprops executor]}]
+  []
   (let [cache (atom {})]
     (reify ISessionManager
       (read [_ token]
-        (p/do (get @cache token)))
+        (get @cache token))
 
-      (decode [_ token]
-        (px/with-dispatch executor
-          (tokens/verify sprops {:token token :iss "authentication"})))
+      (write! [_ key params]
+        (let [params (prepare-session-params key params)]
+          (swap! cache assoc key params)
+          params))
 
-      (write! [_ _ data]
-        (p/do
-          (let [{:keys [token] :as params} (prepare-session-params sprops data)]
-            (swap! cache assoc token params)
-            params)))
-
-      (update! [_ data]
-        (p/do
-          (let [updated-at (dt/now)]
-            (swap! cache update (:id data) assoc :updated-at updated-at)
-            (assoc data :updated-at updated-at))))
+      (update! [_ params]
+        (let [updated-at (dt/now)]
+          (swap! cache update (:id params) assoc :updated-at updated-at)
+          (assoc params :updated-at updated-at)))
 
       (delete! [_ token]
-        (p/do
-          (swap! cache dissoc token)
-          nil)))))
+        (swap! cache dissoc token)
+        nil))))
 
-(s/def ::sprops map?)
 (defmethod ig/pre-init-spec ::manager [_]
-  (s/keys :req-un [::db/pool ::wrk/executor ::sprops]))
+  (s/keys :req [::db/pool]))
 
 (defmethod ig/init-key ::manager
-  [_ {:keys [pool] :as cfg}]
+  [_ {:keys [::db/pool]}]
   (if (db/read-only? pool)
-    (inmemory-manager cfg)
-    (database-manager cfg)))
+    (inmemory-manager)
+    (database-manager pool)))
 
 (defmethod ig/halt-key! ::manager
   [_ _])
@@ -144,100 +130,111 @@
 ;; MANAGER IMPL
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
-(declare assign-auth-token-cookie)
-(declare assign-authenticated-cookie)
-(declare clear-auth-token-cookie)
-(declare clear-authenticated-cookie)
+(declare ^:private assign-auth-token-cookie)
+(declare ^:private assign-authenticated-cookie)
+(declare ^:private clear-auth-token-cookie)
+(declare ^:private clear-authenticated-cookie)
+(declare ^:private gen-token)
 
 (defn create-fn
-  [manager profile-id]
+  [{:keys [::manager ::main/props]} profile-id]
+  (us/assert! ::manager manager)
+  (us/assert! ::us/uuid profile-id)
+
   (fn [request response]
     (let [uagent  (yrq/get-header request "user-agent")
           params  {:profile-id profile-id
-                   :user-agent uagent}]
-      (-> (write! manager nil params)
-          (p/then (fn [session]
-                    (l/trace :hint "create" :profile-id profile-id)
-                    (-> response
-                        (assign-auth-token-cookie session)
-                        (assign-authenticated-cookie session))))))))
+                   :user-agent uagent
+                   :created-at (dt/now)}
+          token   (gen-token props params)
+          session (write! manager token params)]
+      (l/trace :hint "create" :profile-id (str profile-id))
+      (-> response
+          (assign-auth-token-cookie session)
+          (assign-authenticated-cookie session)))))
+
 (defn delete-fn
-  [manager]
-  (letfn [(delete [{:keys [profile-id] :as request}]
-            (let [cname   (cf/get :auth-token-cookie-name default-auth-token-cookie-name)
-                  cookie  (yrq/get-cookie request cname)]
-              (l/trace :hint "delete" :profile-id profile-id)
-              (some->> (:value cookie) (delete! manager))))]
-    (fn [request response]
-      (p/do
-        (delete request)
-        (-> response
-            (assoc :status 204)
-            (assoc :body nil)
-            (clear-auth-token-cookie)
-            (clear-authenticated-cookie))))))
+  [{:keys [::manager]}]
+  (us/assert! ::manager manager)
+  (fn [request response]
+    (let [cname   (cf/get :auth-token-cookie-name default-auth-token-cookie-name)
+          cookie  (yrq/get-cookie request cname)]
+      (l/trace :hint "delete" :profile-id (:profile-id request))
+      (some->> (:value cookie) (delete! manager))
+      (-> response
+          (assoc :status 204)
+          (assoc :body nil)
+          (clear-auth-token-cookie)
+          (clear-authenticated-cookie)))))
 
-(def middleware-1
-  (letfn [(wrap-handler [manager handler request respond raise]
+(defn- gen-token
+  [props {:keys [profile-id created-at]}]
+  (tokens/generate props {:iss "authentication"
+                          :iat created-at
+                          :uid profile-id}))
+(defn- decode-token
+  [props token]
+  (when token
+    (tokens/verify props {:token token :iss "authentication"})))
+
+(defn- get-token
+  [request]
+  (let [cname  (cf/get :auth-token-cookie-name default-auth-token-cookie-name)
+        cookie (some-> (yrq/get-cookie request cname) :value)]
+    (when-not (str/empty? cookie)
+      cookie)))
+
+(defn- get-session
+  [manager token]
+  (some->> token (read manager)))
+
+(defn- renew-session?
+  [{:keys [updated-at] :as session}]
+  (and (dt/instant? updated-at)
+       (let [elapsed (dt/diff updated-at (dt/now))]
+         (neg? (compare default-renewal-max-age elapsed)))))
+
+(defn- wrap-soft-auth
+  [handler {:keys [::manager ::main/props]}]
+  (us/assert! ::manager manager)
+  (letfn [(handle-request [request]
             (try
-              (let [claims  (some->> (cf/get :auth-token-cookie-name default-auth-token-cookie-name)
-                                     (yrq/get-cookie request)
-                                     (decode manager))
-                    request (cond-> request
-                              (some? claims)
-                              (assoc :session-token-claims claims))]
-                (handler request respond raise))
-              (catch Throwable _
-                (handler request respond raise))))]
+              (let [token  (get-token request)
+                    claims (decode-token props token)]
+                (cond-> request
+                  (map? claims)
+                  (-> (assoc ::token-claims claims)
+                      (assoc ::token token))))
+              (catch Throwable cause
+                (l/trace :hint "exception on decoding malformed token" :cause cause)
+                request)))]
 
-    {:name :session-1
-     :compile (fn [& _]
-                (fn [handler manager]
-                  (partial wrap-handler manager handler)))}))
+    (fn [request respond raise]
+      (let [request (handle-request request)]
+        (handler request respond raise)))))
 
-(def middleware-2
-  (letfn [(wrap-handler [manager handler request respond raise]
-            (-> (retrieve-session manager request)
-                (p/finally (fn [session cause]
-                             (cond
-                               (some? cause)
-                               (raise cause)
+(defn- wrap-authz
+  [handler {:keys [::manager]}]
+  (us/assert! ::manager manager)
+  (fn [request]
+    (let [session  (get-session manager (::token request))
+          request  (cond-> request
+                     (some? session)
+                     (assoc ::profile-id (:profile-id session)
+                            ::id (:id session)))]
 
-                               (nil? session)
-                               (handler request respond raise)
+      (cond-> (handler request)
+        (renew-session? session)
+        (-> (assign-auth-token-cookie session)
+            (assign-authenticated-cookie session))))))
 
-                               :else
-                               (let [request (-> request
-                                                 (assoc :profile-id (:profile-id session))
-                                                 (assoc :session-id (:id session)))
-                                     respond (cond-> respond
-                                               (renew-session? session)
-                                               (wrap-respond manager session))]
-                                 (handler request respond raise)))))))
+(def soft-auth
+  {:name ::soft-auth
+   :compile (constantly wrap-soft-auth)})
 
-          (retrieve-session [manager request]
-            (let [cname  (cf/get :auth-token-cookie-name default-auth-token-cookie-name)
-                  cookie (yrq/get-cookie request cname)]
-              (some->> (:value cookie) (read manager))))
-
-          (renew-session? [{:keys [updated-at] :as session}]
-            (and (dt/instant? updated-at)
-                 (let [elapsed (dt/diff updated-at (dt/now))]
-                   (neg? (compare default-renewal-max-age elapsed)))))
-
-          ;; Wrap respond with session renewal code
-          (wrap-respond [respond manager session]
-            (fn [response]
-              (p/let [session (update! manager session)]
-                (-> response
-                    (assign-auth-token-cookie session)
-                    (assign-authenticated-cookie session)
-                    (respond)))))]
-
-    {:name :session-2
-     :compile (fn [& _]
-                (fn [handler manager]
-                  (partial wrap-handler manager handler)))}))
+(def authz
+  {:name ::authz
+   :compile (constantly wrap-authz)})
 
 ;; --- IMPL
 
@@ -263,13 +260,16 @@
 (defn- assign-authenticated-cookie
   [response {updated-at :updated-at}]
   (let [max-age    (cf/get :auth-token-cookie-max-age default-cookie-max-age)
+        domain     (cf/get :authenticated-cookie-domain)
+        cname      (cf/get :authenticated-cookie-name "authenticated")
+
         created-at (or updated-at (dt/now))
         renewal    (dt/plus created-at default-renewal-max-age)
         expires    (dt/plus created-at max-age)
+
         comment    (str "Renewal at: " (dt/format-instant renewal :rfc1123))
         secure?    (contains? cf/flags :secure-session-cookies)
-        domain     (cf/get :authenticated-cookie-domain)
-        name       (cf/get :authenticated-cookie-name "authenticated")
+
         cookie     {:domain domain
                     :expires expires
                     :path "/"
@@ -279,41 +279,46 @@
                     :secure secure?}]
     (cond-> response
       (string? domain)
-      (update :cookies assoc name cookie))))
+      (update :cookies assoc cname cookie))))
 
 (defn- clear-auth-token-cookie
   [response]
   (let [cname (cf/get :auth-token-cookie-name default-auth-token-cookie-name)]
-    (update response :cookies assoc cname {:path "/" :value "" :max-age -1})))
+    (update response :cookies assoc cname {:path "/" :value "" :max-age 0})))
 
 (defn- clear-authenticated-cookie
   [response]
-  (let [cname   (cf/get :authenticated-cookie-name default-authenticated-cookie-name)
+  (let [cname  (cf/get :authenticated-cookie-name default-authenticated-cookie-name)
         domain (cf/get :authenticated-cookie-domain)]
     (cond-> response
       (string? domain)
-      (update :cookies assoc cname {:domain domain :path "/" :value "" :max-age -1}))))
+      (update :cookies assoc cname {:domain domain :path "/" :value "" :max-age 0}))))
 
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; TASK: SESSION GC
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
-(declare sql:delete-expired)
+(s/def ::tasks/max-age ::dt/duration)
 
-(s/def ::max-age ::dt/duration)
+(defmethod ig/pre-init-spec ::tasks/gc [_]
+  (s/keys :req [::db/pool]
+          :opt [::tasks/max-age]))
 
-(defmethod ig/pre-init-spec ::gc-task [_]
-  (s/keys :req-un [::db/pool]
-          :opt-un [::max-age]))
-
-(defmethod ig/prep-key ::gc-task
+(defmethod ig/prep-key ::tasks/gc
   [_ cfg]
-  (merge {:max-age default-cookie-max-age}
-         (d/without-nils cfg)))
+  (let [max-age (cf/get :auth-token-cookie-max-age default-cookie-max-age)]
+    (merge {::tasks/max-age max-age} (d/without-nils cfg))))
 
-(defmethod ig/init-key ::gc-task
-  [_ {:keys [pool max-age] :as cfg}]
+(def ^:private
+  sql:delete-expired
+  "delete from http_session
+    where updated_at < now() - ?::interval
+       or (updated_at is null and
+           created_at < now() - ?::interval)")
+
+(defmethod ig/init-key ::tasks/gc
+  [_ {:keys [::db/pool ::tasks/max-age] :as cfg}]
   (l/debug :hint "initializing session gc task" :max-age max-age)
   (fn [_]
     (db/with-atomic [conn pool]
@@ -325,9 +330,3 @@
                  :deleted result)
         result))))
 
-(def ^:private
-  sql:delete-expired
-  "delete from http_session
-    where updated_at < now() - ?::interval
-       or (updated_at is null and
-           created_at < now() - ?::interval)")

backend/src/app/http/websocket.clj

@@ -12,13 +12,14 @@
    [app.common.pprint :as pp]
    [app.common.spec :as us]
    [app.db :as db]
+   [app.http.session :as session]
    [app.metrics :as mtx]
    [app.msgbus :as mbus]
    [app.util.time :as dt]
    [app.util.websocket :as ws]
-   [clojure.core.async :as a]
    [clojure.spec.alpha :as s]
    [integrant.core :as ig]
+   [promesa.exec.csp :as sp]
    [yetti.websocket :as yws]))
 
 (def recv-labels
@@ -33,71 +34,38 @@
 
 (def state (atom {}))
 
-(defn- on-connect
-  [{:keys [metrics]} wsp]
-  (let [created-at (dt/now)]
-    (swap! state assoc (::ws/id @wsp) wsp)
-    (mtx/run! metrics
-              :id :websocket-active-connections
-              :inc 1)
-    (fn []
-      (swap! state dissoc (::ws/id @wsp))
-      (mtx/run! metrics :id :websocket-active-connections :dec 1)
-      (mtx/run! metrics
-                :id :websocket-session-timing
-                :val (/ (inst-ms (dt/diff created-at (dt/now))) 1000.0)))))
-
-(defn- on-rcv-message
-  [{:keys [metrics]} _ message]
-  (mtx/run! metrics
-            :id :websocket-messages-total
-            :labels recv-labels
-            :inc 1)
-  message)
-
-(defn- on-snd-message
-  [{:keys [metrics]} _ message]
-  (mtx/run! metrics
-            :id :websocket-messages-total
-            :labels send-labels
-            :inc 1)
-  message)
-
 ;; REPL HELPERS
 
 (defn repl-get-connections-for-file
   [file-id]
   (->> (vals @state)
        (filter #(= file-id (-> % deref ::file-subscription :file-id)))
-       (map deref)
        (map ::ws/id)))
 
 (defn repl-get-connections-for-team
   [team-id]
   (->> (vals @state)
        (filter #(= team-id (-> % deref ::team-subscription :team-id)))
-       (map deref)
        (map ::ws/id)))
 
 (defn repl-close-connection
   [id]
-  (when-let [wsp (get @state id)]
-    (a/>!! (::ws/close-ch @wsp) [8899 "closed from server"])
-    (a/close! (::ws/close-ch @wsp))))
+  (when-let [{:keys [::ws/close-ch] :as wsp} (get @state id)]
+    (sp/put! close-ch [8899 "closed from server"])
+    (sp/close! close-ch)))
 
 (defn repl-get-connection-info
   [id]
   (when-let [wsp (get @state id)]
     {:id               id
-     :created-at       (::created-at @wsp)
-     :profile-id       (::profile-id @wsp)
-     :session-id       (::session-id @wsp)
-     :user-agent       (::ws/user-agent @wsp)
-     :ip-addr          (::ws/remote-addr @wsp)
-     :last-activity-at (::ws/last-activity-at @wsp)
-     :http-session-id  (::ws/http-session-id @wsp)
-     :subscribed-file  (-> wsp deref ::file-subscription :file-id)
-     :subscribed-team  (-> wsp deref ::team-subscription :team-id)}))
+     :created-at       (::created-at wsp)
+     :profile-id       (::profile-id wsp)
+     :session-id       (::session-id wsp)
+     :user-agent       (::ws/user-agent wsp)
+     :ip-addr          (::ws/remote-addr wsp)
+     :last-activity-at (::ws/last-activity-at wsp)
+     :subscribed-file  (-> wsp ::file-subscription :file-id)
+     :subscribed-team  (-> wsp ::team-subscription :team-id)}))
 
 (defn repl-print-connection-info
   [id]
@@ -117,235 +85,234 @@
   (fn [_ _ message]
     (:type message)))
 
-(defmethod handle-message :connect
-  [cfg wsp _]
+(defmethod handle-message :open
+  [{:keys [::mbus/msgbus]} {:keys [::ws/id ::ws/output-ch ::ws/state ::profile-id ::session-id] :as wsp} _]
+  (l/trace :fn "handle-message" :event "open" :conn-id id)
+  (let [ch (sp/chan :buf (sp/dropping-buffer 16)
+                    :xf  (remove #(= (:session-id %) session-id)))]
 
-  (let [msgbus     (:msgbus cfg)
-        conn-id    (::ws/id @wsp)
-        profile-id (::profile-id @wsp)
-        session-id (::session-id @wsp)
-        output-ch  (::ws/output-ch @wsp)
+    ;; Subscribe to the profile channel and forward all messages to websocket output
+    ;; channel (send them to the client).
+    (swap! state assoc ::profile-subscription {:channel ch})
 
-        xform      (remove #(= (:session-id %) session-id))
-        channel    (a/chan (a/dropping-buffer 16) xform)]
+    ;; Forward the subscription messages directly to the websocket output channel
+    (sp/pipe ch output-ch false)
 
-    (l/trace :fn "handle-message" :event "connect" :conn-id conn-id)
+    ;; Subscribe to the profile topic on msgbus/redis
+    (mbus/sub! msgbus :topic profile-id :chan ch)))
 
-    ;; Subscribe to the profile channel and forward all messages to
-    ;; websocket output channel (send them to the client).
-    (swap! wsp assoc ::profile-subscription channel)
-    (a/pipe channel output-ch false)
-    (mbus/sub! msgbus :topic profile-id :chan channel)))
+(defmethod handle-message :close
+  [{:keys [::mbus/msgbus]} {:keys [::ws/id ::ws/state ::profile-id ::session-id]} _]
+  (l/trace :fn "handle-message" :event "close" :conn-id id)
+  (let [psub (::profile-subscription @state)
+        fsub (::file-subscription @state)
+        tsub (::team-subscription @state)
+        msg  {:type :disconnect
+              :subs-id profile-id
+              :profile-id profile-id
+              :session-id session-id}]
 
-(defmethod handle-message :disconnect
-  [cfg wsp _]
-  (let [msgbus     (:msgbus cfg)
-        conn-id    (::ws/id @wsp)
-        profile-id (::profile-id @wsp)
-        session-id (::session-id @wsp)
-        profile-ch (::profile-subscription @wsp)
-        fsub       (::file-subscription @wsp)
-        tsub       (::team-subscription @wsp)
+      ;; Close profile subscription if exists
+      (when-let [ch (:channel psub)]
+        (sp/close! ch)
+        (mbus/purge! msgbus [ch]))
 
-        message    {:type :disconnect
-                    :subs-id profile-id
-                    :profile-id profile-id
-                    :session-id session-id}]
-
-    (l/trace :fn "handle-message"
-             :event :disconnect
-             :conn-id conn-id)
-
-    (a/go
-      ;; Close the main profile subscription
-      (a/close! profile-ch)
-      (a/<! (mbus/purge! msgbus [profile-ch]))
-
-      ;; Close tram subscription if exists
-      (when-let [channel (:channel tsub)]
-        (a/close! channel)
-        (a/<! (mbus/purge! msgbus channel)))
+      ;; Close team subscription if exists
+      (when-let [ch (:channel tsub)]
+        (sp/close! ch)
+        (mbus/purge! msgbus [ch]))
 
+      ;; Close file subscription if exists
       (when-let [{:keys [topic channel]} fsub]
-        (a/close! channel)
-        (a/<! (mbus/purge! msgbus channel))
-        (a/<! (mbus/pub! msgbus :topic topic :message message))))))
+        (sp/close! channel)
+        (mbus/purge! msgbus [channel])
+        (mbus/pub! msgbus :topic topic :message msg))))
 
 (defmethod handle-message :subscribe-team
-  [cfg wsp {:keys [team-id] :as params}]
-  (let [msgbus     (:msgbus cfg)
-        conn-id    (::ws/id @wsp)
-        session-id (::session-id @wsp)
-        output-ch  (::ws/output-ch @wsp)
-        prev-subs  (get @wsp ::team-subscription)
-        xform      (comp
-                    (remove #(= (:session-id %) session-id))
-                    (map #(assoc % :subs-id team-id)))
+  [{:keys [::mbus/msgbus]} {:keys [::ws/id ::ws/state ::ws/output-ch ::session-id]} {:keys [team-id] :as params}]
+  (l/trace :fn "handle-message" :event "subscribe-team" :team-id team-id :conn-id id)
+  (let [prev-subs (get @state ::team-subscription)
+        channel   (sp/chan :buf (sp/dropping-buffer 64)
+                           :xf  (comp
+                                 (remove #(= (:session-id %) session-id))
+                                 (map #(assoc % :subs-id team-id))))]
 
-        channel    (a/chan (a/dropping-buffer 64) xform)]
+    (sp/pipe channel output-ch false)
+    (mbus/sub! msgbus :topic team-id :chan channel)
 
-    (l/trace :fn "handle-message"
-             :event :subscribe-team
-             :team-id team-id
-             :conn-id conn-id)
+    (let [subs {:team-id team-id :channel channel :topic team-id}]
+      (swap! state assoc ::team-subscription subs))
 
-    (a/pipe channel output-ch false)
+    ;; Close previous subscription if exists
+    (when-let [ch (:channel prev-subs)]
+      (sp/close! ch)
+      (mbus/purge! msgbus [ch]))))
 
-    (let [state {:team-id team-id :channel channel :topic team-id}]
-      (swap! wsp assoc ::team-subscription state))
-
-    (a/go
-      ;; Close previous subscription if exists
-      (when-let [channel (:channel prev-subs)]
-        (a/close! channel)
-        (a/<! (mbus/purge! msgbus channel))))
-
-    (a/go
-      (a/<! (mbus/sub! msgbus :topic team-id :chan channel)))))
 
 (defmethod handle-message :subscribe-file
-  [cfg wsp {:keys [file-id] :as params}]
-  (let [msgbus     (:msgbus cfg)
-        conn-id    (::ws/id @wsp)
-        profile-id (::profile-id @wsp)
-        session-id (::session-id @wsp)
-        output-ch  (::ws/output-ch @wsp)
-        prev-subs  (::file-subscription @wsp)
-        xform      (comp (remove #(= (:session-id %) session-id))
-                         (map #(assoc % :subs-id file-id)))
-        channel    (a/chan (a/dropping-buffer 64) xform)]
+  [{:keys [::mbus/msgbus]} {:keys [::ws/id ::ws/state ::ws/output-ch ::session-id ::profile-id]} {:keys [file-id] :as params}]
+  (l/trace :fn "handle-message" :event "subscribe-file" :file-id file-id :conn-id id)
+  (let [psub (::file-subscription @state)
+        fch  (sp/chan :buf (sp/dropping-buffer 64)
+                      :xf  (comp (remove #(= (:session-id %) session-id))
+                                 (map #(assoc % :subs-id file-id))))]
 
-    (l/trace :fn "handle-message"
-             :event :subscribe-file
-             :file-id file-id
-             :conn-id conn-id)
+    (let [subs {:file-id file-id :channel fch :topic file-id}]
+      (swap! state assoc ::file-subscription subs))
 
-    (let [state {:file-id file-id :channel channel :topic file-id}]
-      (swap! wsp assoc ::file-subscription state))
+    ;; Close previous subscription if exists
+    (when-let [ch (:channel psub)]
+      (sp/close! ch)
+      (mbus/purge! msgbus [ch]))
 
-    (a/go
-      ;; Close previous subscription if exists
-      (when-let [channel (:channel prev-subs)]
-        (a/close! channel)
-        (a/<! (mbus/purge! msgbus channel))))
-
-    ;; Message forwarding
-    (a/go
-      (loop []
-        (when-let [{:keys [type] :as message} (a/<! channel)]
-          (when (or (= :join-file type)
-                    (= :leave-file type)
-                    (= :disconnect type))
-            (let [message {:type :presence
-                           :file-id file-id
-                           :session-id session-id
+    (sp/go-loop []
+      (when-let [{:keys [type] :as message} (sp/take! fch)]
+        (sp/put! output-ch message)
+        (when (or (= :join-file type)
+                  (= :leave-file type)
+                  (= :disconnect type))
+          (let [message {:type :presence
+                         :file-id file-id
+                         :session-id session-id
                            :profile-id profile-id}]
-              (a/<! (mbus/pub! msgbus :topic file-id :message message))))
-          (a/>! output-ch message)
-          (recur))))
+            (mbus/pub! msgbus
+                       :topic file-id
+                       :message message)))
+        (recur)))
 
-    (a/go
-      ;; Subscribe to file topic
-      (a/<! (mbus/sub! msgbus :topic file-id :chan channel))
+    ;; Subscribe to file topic
+    (mbus/sub! msgbus :topic file-id :chan fch)
 
-      ;; Notifify the rest of participants of the new connection.
-      (let [message {:type :join-file
-                     :file-id file-id
-                     :subs-id file-id
-                     :session-id session-id
-                     :profile-id profile-id}]
-        (a/<! (mbus/pub! msgbus :topic file-id :message message))))))
+    ;; Notifify the rest of participants of the new connection.
+    (let [message {:type :join-file
+                   :file-id file-id
+                   :subs-id file-id
+                   :session-id session-id
+                   :profile-id profile-id}]
+      (mbus/pub! msgbus :topic file-id :message message))))
 
 (defmethod handle-message :unsubscribe-file
-  [cfg wsp {:keys [file-id] :as params}]
-  (let [msgbus     (:msgbus cfg)
-        conn-id    (::ws/id @wsp)
-        session-id (::session-id @wsp)
-        profile-id (::profile-id @wsp)
-        subs       (::file-subscription @wsp)
+  [{:keys [::mbus/msgbus]} {:keys [::ws/id ::ws/state ::session-id ::profile-id]} {:keys [file-id] :as params}]
+  (l/trace :fn "handle-message" :event "unsubscribe-file" :file-id file-id :conn-id id)
 
-        message    {:type :leave-file
-                    :file-id file-id
-                    :session-id session-id
-                    :profile-id profile-id}]
+  (let [subs    (::file-subscription @state)
+        message {:type :leave-file
+                 :file-id file-id
+                 :session-id session-id
+                 :profile-id profile-id}]
 
-    (l/trace :fn "handle-message"
-             :event :unsubscribe-file
-             :file-id file-id
-             :conn-id conn-id)
-
-    (a/go
-      (when (= (:file-id subs) file-id)
-        (let [channel (:channel subs)]
-          (a/close! channel)
-          (a/<! (mbus/purge! msgbus channel))
-          (a/<! (mbus/pub! msgbus :topic file-id :message message)))))))
+    (when (= (:file-id subs) file-id)
+      (mbus/pub! msgbus :topic file-id :message message)
+      (let [ch (:channel subs)]
+        (sp/close! ch)
+        (mbus/purge! msgbus [ch])))))
 
 (defmethod handle-message :keepalive
   [_ _ _]
-  (l/trace :fn "handle-message" :event :keepalive)
-  (a/go :nothing))
+  (l/trace :fn "handle-message" :event :keepalive))
+
+(defmethod handle-message :broadcast
+  [{:keys [::mbus/msgbus]} {:keys [::ws/id ::session-id ::profile-id]} message]
+  (l/trace :fn "handle-message" :event "broadcast" :conn-id id)
+  (let [message (-> message
+                    (assoc :subs-id profile-id)
+                    (assoc :profile-id profile-id)
+                    (assoc :session-id session-id))]
+    (mbus/pub! msgbus :topic profile-id :message message)))
 
 (defmethod handle-message :pointer-update
-  [cfg wsp {:keys [file-id] :as message}]
-  (let [msgbus     (:msgbus cfg)
-        profile-id (::profile-id @wsp)
-        session-id (::session-id @wsp)
-        subs       (::file-subscription @wsp)
-        message    (-> message
-                       (assoc :subs-id file-id)
-                       (assoc :profile-id profile-id)
-                       (assoc :session-id session-id))]
-    (a/go
-      ;; Only allow receive pointer updates when active subscription
-      (when subs
-        (a/<! (mbus/pub! msgbus :topic file-id :message message))))))
+  [{:keys [::mbus/msgbus]} {:keys [::ws/state ::session-id ::profile-id]} {:keys [file-id] :as message}]
+  (when (::file-subscription @state)
+    (let [message (-> message
+                      (assoc :subs-id file-id)
+                      (assoc :profile-id profile-id)
+                      (assoc :session-id session-id))]
+      (mbus/pub! msgbus :topic file-id :message message))))
 
 (defmethod handle-message :default
-  [_ wsp message]
-  (let [conn-id (::ws/id @wsp)]
-    (l/warn :hint "received unexpected message"
-            :message message
-            :conn-id conn-id)
-    (a/go :none)))
+  [_ {:keys [::ws/id]} message]
+  (l/warn :hint "received unexpected message"
+          :message message
+          :conn-id id))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; HTTP HANDLER
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
-(s/def ::msgbus ::mbus/msgbus)
-(s/def ::session-id ::us/uuid)
+(defn- on-connect
+  [{:keys [::mtx/metrics]} {:keys [::ws/id] :as wsp}]
+  (let [created-at (dt/now)]
+    (l/trace :fn "on-connect" :conn-id id)
+    (swap! state assoc id wsp)
+    (mtx/run! metrics
+              :id :websocket-active-connections
+              :inc 1)
 
+    (assoc wsp ::ws/on-disconnect
+           (fn []
+             (l/trace :fn "on-disconnect" :conn-id id)
+             (swap! state dissoc id)
+             (mtx/run! metrics :id :websocket-active-connections :dec 1)
+             (mtx/run! metrics
+                       :id :websocket-session-timing
+                       :val (/ (inst-ms (dt/diff created-at (dt/now))) 1000.0))))))
+
+(defn- on-rcv-message
+  [{:keys [::mtx/metrics ::profile-id ::session-id]} message]
+  (mtx/run! metrics
+            :id :websocket-messages-total
+            :labels recv-labels
+            :inc 1)
+  (assoc message :profile-id profile-id :session-id session-id))
+
+(defn- on-snd-message
+  [{:keys [::mtx/metrics]} message]
+  (mtx/run! metrics
+            :id :websocket-messages-total
+            :labels send-labels
+            :inc 1)
+  message)
+
+
+(s/def ::session-id ::us/uuid)
 (s/def ::handler-params
   (s/keys :req-un [::session-id]))
 
-(defmethod ig/pre-init-spec ::handler [_]
-  (s/keys :req-un [::msgbus ::db/pool ::mtx/metrics]))
+(defn- http-handler
+  [cfg {:keys [params ::session/profile-id] :as request}]
+  (let [{:keys [session-id]} (us/conform ::handler-params params)]
+    (cond
+      (not profile-id)
+      (ex/raise :type :authentication
+                :hint "Authentication required.")
 
-(defmethod ig/init-key ::handler
+      (not (yws/upgrade-request? request))
+      (ex/raise :type :validation
+                :code :websocket-request-expected
+                :hint "this endpoint only accepts websocket connections")
+
+      :else
+      (do
+        (l/trace :hint "websocket request" :profile-id profile-id :session-id session-id)
+        (->> (ws/handler
+              ::ws/on-rcv-message (partial on-rcv-message cfg)
+              ::ws/on-snd-message (partial on-snd-message cfg)
+              ::ws/on-connect (partial on-connect cfg)
+              ::ws/handler (partial handle-message cfg)
+              ::profile-id profile-id
+              ::session-id session-id)
+             (yws/upgrade request))))))
+
+(defmethod ig/pre-init-spec ::routes [_]
+  (s/keys :req [::mbus/msgbus
+                ::mtx/metrics
+                ::db/pool
+                ::session/manager]))
+
+(s/def ::routes vector?)
+
+(defmethod ig/init-key ::routes
   [_ cfg]
-  (fn [{:keys [profile-id params] :as req} respond raise]
-    (let [{:keys [session-id]} (us/conform ::handler-params params)]
-      (cond
-        (not profile-id)
-        (raise (ex/error :type :authentication
-                         :hint "Authentication required."))
-
-        (not (yws/upgrade-request? req))
-        (raise (ex/error :type :validation
-                         :code :websocket-request-expected
-                         :hint "this endpoint only accepts websocket connections"))
-
-        :else
-        (do
-          (l/trace :hint "websocket request" :profile-id profile-id :session-id session-id)
-
-          (->> (ws/handler
-                ::ws/on-rcv-message (partial on-rcv-message cfg)
-                ::ws/on-snd-message (partial on-snd-message cfg)
-                ::ws/on-connect (partial on-connect cfg)
-                ::ws/handler (partial handle-message cfg)
-                ::profile-id profile-id
-                ::session-id session-id)
-               (yws/upgrade req)
-               (respond)))))))
+  ["/ws/notifications" {:middleware [[session/authz cfg]]
+                        :handler (partial http-handler cfg)
+                        :allowed-methods #{:get}}])

backend/src/app/loggers/audit.clj

@@ -8,6 +8,7 @@
   "Services related to the user activity (audit log)."
   (:require
    [app.common.data :as d]
+   [app.common.data.macros :as dm]
    [app.common.exceptions :as ex]
    [app.common.logging :as l]
    [app.common.spec :as us]
@@ -15,19 +16,22 @@
    [app.common.uuid :as uuid]
    [app.config :as cf]
    [app.db :as db]
-   [app.http.client :as http]
+   [app.http :as-alias http]
+   [app.http.access-token :as-alias actoken]
+   [app.http.client :as http.client]
    [app.loggers.audit.tasks :as-alias tasks]
    [app.loggers.webhooks :as-alias webhooks]
    [app.main :as-alias main]
-   [app.metrics :as mtx]
+   [app.rpc :as-alias rpc]
+   [app.rpc.retry :as rtry]
    [app.tokens :as tokens]
+   [app.util.services :as-alias sv]
    [app.util.time :as dt]
    [app.worker :as wrk]
    [clojure.spec.alpha :as s]
    [cuerdas.core :as str]
    [integrant.core :as ig]
    [lambdaisland.uri :as u]
-   [promesa.core :as p]
    [promesa.exec :as px]
    [yetti.request :as yrq]))
 
@@ -74,31 +78,32 @@
       (merge (:props profile))
       (d/without-nils)))
 
-(defn clean-props
-  [{:keys [profile-id] :as event}]
-  (let [invalid-keys #{:session-id
-                       :password
-                       :old-password
-                       :token}
-        xform (comp
-               (remove (fn [kv]
-                         (qualified-keyword? (first kv))))
-               (remove (fn [kv]
-                         (contains? invalid-keys (first kv))))
-               (remove (fn [[k v]]
-                         (and (= k :profile-id)
-                              (= v profile-id))))
-               (filter (fn [[_ v]]
-                         (or (string? v)
-                             (keyword? v)
-                             (uuid? v)
-                             (boolean? v)
-                             (number? v)))))]
+(def reserved-props
+  #{:session-id
+    :password
+    :old-password
+    :token})
 
-    (update event :props #(into {} xform %))))
+(defn clean-props
+  [props]
+  (into {}
+        (comp
+         (d/without-nils)
+         (d/without-qualified)
+         (remove #(contains? reserved-props (key %))))
+        props))
 
 ;; --- SPECS
 
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; COLLECTOR
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+;; Defines a service that collects the audit/activity log using
+;; internal database. Later this audit log can be transferred to
+;; an external storage and data cleared.
+
 (s/def ::profile-id ::us/uuid)
 (s/def ::name ::us/string)
 (s/def ::type ::us/string)
@@ -111,25 +116,18 @@
   (s/or :fn fn? :str string? :kw keyword?))
 
 (s/def ::event
-  (s/keys :req-un [::type ::name ::profile-id]
-          :opt-un [::ip-addr ::props]
-          :opt [::webhooks/event?
+  (s/keys :req [::type ::name ::profile-id]
+          :opt [::ip-addr
+                ::props
+                ::webhooks/event?
                 ::webhooks/batch-timeout
                 ::webhooks/batch-key]))
 
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; COLLECTOR
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-;; Defines a service that collects the audit/activity log using
-;; internal database. Later this audit log can be transferred to
-;; an external storage and data cleared.
-
 (s/def ::collector
   (s/keys :req [::wrk/executor ::db/pool]))
 
 (defmethod ig/pre-init-spec ::collector [_]
-  (s/keys :req [::db/pool ::wrk/executor ::mtx/metrics]))
+  (s/keys :req [::db/pool ::wrk/executor]))
 
 (defmethod ig/init-key ::collector
   [_ {:keys [::db/pool] :as cfg}]
@@ -140,51 +138,117 @@
     :else
     cfg))
 
-(defn- persist-event!
-  [pool event]
+(defn prepare-event
+  [cfg mdata params result]
+  (let [resultm    (meta result)
+        request    (-> params meta ::http/request)
+        profile-id (or (::profile-id resultm)
+                       (:profile-id result)
+                       (::rpc/profile-id params)
+                       uuid/zero)
+
+        props      (-> (or (::replace-props resultm)
+                           (-> params
+                               (merge (::props resultm))
+                               (dissoc :profile-id)
+                               (dissoc :type)))
+
+                       (clean-props))
+
+        token-id  (::actoken/id request)
+        context   (d/without-nils
+                   {:access-token-id (some-> token-id str)})]
+
+    {::type (or (::type resultm)
+                (::rpc/type cfg))
+     ::name (or (::name resultm)
+                (::sv/name mdata))
+     ::profile-id profile-id
+     ::ip-addr (some-> request parse-client-ip)
+     ::props props
+     ::context context
+
+     ;; NOTE: for batch-key lookup we need the params as-is
+     ;; because the rpc api does not need to know the
+     ;; audit/webhook specific object layout.
+     ::rpc/params params
+
+     ::webhooks/batch-key
+     (or (::webhooks/batch-key mdata)
+         (::webhooks/batch-key resultm))
+
+     ::webhooks/batch-timeout
+     (or (::webhooks/batch-timeout mdata)
+         (::webhooks/batch-timeout resultm))
+
+     ::webhooks/event?
+     (or (::webhooks/event? mdata)
+         (::webhooks/event? resultm)
+         false)}))
+
+(defn- handle-event!
+  [conn-or-pool event]
   (us/verify! ::event event)
   (let [params {:id (uuid/next)
-                :name (:name event)
-                :type (:type event)
-                :profile-id (:profile-id event)
-                :tracked-at (dt/now)
-                :ip-addr (:ip-addr event)
-                :props (:props event)}]
+                :name (::name event)
+                :type (::type event)
+                :profile-id (::profile-id event)
+                :ip-addr (::ip-addr event)
+                :context (::context event)
+                :props (::props event)}]
 
     (when (contains? cf/flags :audit-log)
-      (db/insert! pool :audit-log
-                  (-> params
-                      (update :props db/tjson)
-                      (update :ip-addr db/inet)
-                      (assoc :source "backend"))))
+      ;; NOTE: this operation may cause primary key conflicts on inserts
+      ;; because of the timestamp precission (two concurrent requests), in
+      ;; this case we just retry the operation.
+      (rtry/with-retry {::rtry/when rtry/conflict-exception?
+                        ::rtry/max-retries 6
+                        ::rtry/label "persist-audit-log"
+                        ::db/conn (dm/check db/connection? conn-or-pool)}
+        (let [now (dt/now)]
+          (db/insert! conn-or-pool :audit-log
+                      (-> params
+                          (update :props db/tjson)
+                          (update :context db/tjson)
+                          (update :ip-addr db/inet)
+                          (assoc :created-at now)
+                          (assoc :tracked-at now)
+                          (assoc :source "backend"))))))
 
     (when (and (contains? cf/flags :webhooks)
                (::webhooks/event? event))
       (let [batch-key     (::webhooks/batch-key event)
-            batch-timeout (::webhooks/batch-timeout event)]
-        (wrk/submit! ::wrk/conn pool
+            batch-timeout (::webhooks/batch-timeout event)
+            label         (dm/str "rpc:" (:name params))
+            label         (cond
+                            (ifn? batch-key)    (dm/str label ":" (batch-key (::rpc/params event)))
+                            (string? batch-key) (dm/str label ":" batch-key)
+                            :else               label)
+            dedupe?       (boolean (and batch-key batch-timeout))]
+
+        (wrk/submit! ::wrk/conn conn-or-pool
                      ::wrk/task :process-webhook-event
                      ::wrk/queue :webhooks
                      ::wrk/max-retries 0
                      ::wrk/delay (or batch-timeout 0)
-                     ::wrk/label (cond
-                                   (fn? batch-key)        (batch-key (:props event))
-                                   (keyword? batch-key)   (name batch-key)
-                                   (string? batch-key)    batch-key
-                                   :else                  "default")
-                     ::wrk/dedupe true
-                     ::webhooks/event (-> params
-                                          (dissoc :ip-addr)
-                                          (dissoc :type)))))))
+                     ::wrk/dedupe dedupe?
+                     ::wrk/label label
+
+                     ::webhooks/event
+                     (-> params
+                         (dissoc :ip-addr)
+                         (dissoc :type)))))
+    params))
 
 (defn submit!
   "Submit audit event to the collector."
-  [{:keys [::wrk/executor ::db/pool] :as collector} params]
-  (us/assert! ::collector collector)
-  (->> (px/submit! executor (partial persist-event! pool (d/without-nils params)))
-       (p/merr (fn [cause]
-                 (l/error :hint "audit: unexpected error processing event" :cause cause)
-                 (p/resolved nil)))))
+  [cfg params]
+  (let [conn (or (::db/conn cfg) (::db/pool cfg))]
+    (us/assert! ::db/pool-or-conn conn)
+    (try
+      (handle-event! conn (d/without-nils params))
+      (catch Throwable cause
+        (l/error :hint "audit: unexpected error processing event" :cause cause)))))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; TASK: ARCHIVE
@@ -198,7 +262,7 @@
 (s/def ::tasks/uri ::us/string)
 
 (defmethod ig/pre-init-spec ::tasks/archive-task [_]
-  (s/keys :req [::db/pool ::main/props ::http/client]))
+  (s/keys :req [::db/pool ::main/props ::http.client/client]))
 
 (defmethod ig/init-key ::tasks/archive
   [_ cfg]
@@ -222,7 +286,7 @@
             (if n
               (do
                 (px/sleep 100)
-                (recur (+ total n)))
+                (recur (+ total ^long n)))
               (when (pos? total)
                 (l/debug :hint "events archived" :total total)))))))))
 
@@ -231,7 +295,7 @@
      from audit_log
     where archived_at is null
     order by created_at asc
-    limit 256
+    limit 128
       for update skip locked;")
 
 (defn archive-events
@@ -272,7 +336,7 @@
                            :method :post
                            :headers headers
                            :body body}
-                  resp    (http/req! cfg params {:sync? true})]
+                  resp    (http.client/req! cfg params {:sync? true})]
               (if (= (:status resp) 204)
                 true
                 (do
@@ -307,7 +371,7 @@
     where archived_at is not null")
 
 (defn- clean-archived
-  [{:keys [pool]}]
+  [{:keys [::db/pool]}]
   (let [result (db/exec-one! pool [sql:clean-archived])
         result (:next.jdbc/update-count result)]
     (l/debug :hint "delete archived audit log entries" :deleted result)

backend/src/app/loggers/database.clj

@@ -7,16 +7,18 @@
 (ns app.loggers.database
   "A specific logger impl that persists errors on the database."
   (:require
+   [app.common.data :as d]
+   [app.common.exceptions :as ex]
    [app.common.logging :as l]
-   [app.common.uuid :as uuid]
+   [app.common.pprint :as pp]
+   [app.common.schema :as sm]
+   [app.common.spec :as us]
    [app.config :as cf]
    [app.db :as db]
-   [app.util.async :as aa]
-   [app.worker :as wrk]
-   [clojure.core.async :as a]
    [clojure.spec.alpha :as s]
-   [cuerdas.core :as str]
-   [integrant.core :as ig]))
+   [integrant.core :as ig]
+   [promesa.exec :as px]
+   [promesa.exec.csp :as sp]))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Error Listener
@@ -27,67 +29,88 @@
 (defonce enabled (atom true))
 
 (defn- persist-on-database!
-  [{:keys [pool] :as cfg} {:keys [id] :as event}]
+  [pool id report]
   (when-not (db/read-only? pool)
-    (db/insert! pool :server-error-report {:id id :content (db/tjson event)})))
+    (db/insert! pool :server-error-report
+                {:id id
+                 :version 3
+                 :content (db/tjson report)})))
 
-(defn- parse-event-data
-  [event]
-  (reduce-kv
-   (fn [acc k v]
-     (cond
-       (= k :id)         (assoc acc k (uuid/uuid v))
-       (= k :profile-id) (assoc acc k (uuid/uuid v))
-       (str/blank? v)    acc
-       :else             (assoc acc k v)))
-   {}
-   event))
+(defn record->report
+  [{:keys [::l/context ::l/message ::l/props ::l/logger ::l/level ::l/cause] :as record}]
+  (us/assert! ::l/record record)
 
-(defn parse-event
-  [event]
-  (-> (parse-event-data event)
-      (assoc :hint (or (:hint event) (:message event)))
-      (assoc :tenant (cf/get :tenant))
-      (assoc :host (cf/get :host))
-      (assoc :public-uri (cf/get :public-uri))
-      (assoc :version (:full cf/version))
-      (update :id #(or % (uuid/next)))))
+  (let [data (ex-data cause)]
+    (merge
+     {:context (-> context
+                   (assoc :tenant (cf/get :tenant))
+                   (assoc :host (cf/get :host))
+                   (assoc :public-uri (cf/get :public-uri))
+                   (assoc :version (:full cf/version))
+                   (assoc :logger-name logger)
+                   (assoc :logger-level level)
+                   (dissoc :params)
+                   (pp/pprint-str :width 200))
 
-(defn handle-event
-  [{:keys [executor] :as cfg} event]
-  (aa/with-thread executor
-    (try
-      (let [event (parse-event event)
-            uri   (cf/get :public-uri)]
+      :props   (pp/pprint-str props :width 200)
+      :hint    (or (ex-message cause) @message)
+      :trace   (ex/format-throwable cause :data? false :explain? false :header? false :summary? false)}
 
-        (l/debug :hint "registering error on database" :id (:id event)
-                 :uri (str uri "/dbg/error/" (:id event)))
+     (when-let [params (:params context)]
+       {:params (pp/pprint-str params :width 200)})
 
-        (persist-on-database! cfg event))
-      (catch Exception cause
-        (l/warn :hint "unexpected exception on database error logger" :cause cause)))))
+     (when-let [data (some-> data (dissoc ::s/problems ::s/value ::s/spec ::sm/explain :hint))]
+       {:data (pp/pprint-str data :width 200)})
+
+     (when-let [value (-> data ::sm/explain :value)]
+       {:value (pp/pprint-str value :width 200)})
+
+     (when-let [explain (ex/explain data)]
+       {:explain explain}))))
+
+
+(defn error-record?
+  [{:keys [::l/level ::l/cause]}]
+  (and (= :error level)
+       (ex/exception? cause)))
+
+(defn- handle-event
+  [{:keys [::db/pool]} {:keys [::l/id] :as record}]
+  (try
+    (let [uri    (cf/get :public-uri)
+          report (-> record record->report d/without-nils)]
+      (l/debug :hint "registering error on database" :id id
+               :uri (str uri "/dbg/error/" id))
+
+      (persist-on-database! pool id report))
+    (catch Throwable cause
+      (l/warn :hint "unexpected exception on database error logger" :cause cause))))
 
 (defmethod ig/pre-init-spec ::reporter [_]
-  (s/keys :req-un [::wrk/executor ::db/pool ::receiver]))
-
-(defn error-event?
-  [event]
-  (= "error" (:logger/level event)))
+  (s/keys :req [::db/pool]))
 
 (defmethod ig/init-key ::reporter
-  [_ {:keys [receiver] :as cfg}]
-  (l/info :msg "initializing database error persistence")
-  (let [output (a/chan (a/sliding-buffer 5) (filter error-event?))]
-    (receiver :sub output)
-    (a/go-loop []
-      (let [msg (a/<! output)]
-        (if (nil? msg)
-          (l/info :msg "stopping error reporting loop")
-          (do
-            (a/<! (handle-event cfg msg))
-            (recur)))))
-    output))
+  [_ cfg]
+  (let [input (sp/chan :buf (sp/sliding-buffer 32)
+                       :xf  (filter error-record?))]
+    (add-watch l/log-record ::reporter #(sp/put! input %4))
+
+    (px/thread {:name "penpot/database-reporter" :virtual true}
+      (l/info :hint "initializing database error persistence")
+      (try
+        (loop []
+          (when-let [record (sp/take! input)]
+            (handle-event cfg record)
+            (recur)))
+        (catch InterruptedException _
+          (l/debug :hint "reporter interrupted"))
+        (catch Throwable cause
+          (l/error :hint "unexpected error" :cause cause))
+        (finally
+          (sp/close! input)
+          (remove-watch l/log-record ::reporter)
+          (l/info :hint "reporter terminated"))))))
 
 (defmethod ig/halt-key! ::reporter
-  [_ output]
-  (a/close! output))
+  [_ thread]
+  (some-> thread px/interrupt!))

backend/src/app/loggers/loki.clj

@@ -1,89 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.loggers.loki
-  "A Loki integration."
-  (:require
-   [app.common.logging :as l]
-   [app.config :as cf]
-   [app.http.client :as http]
-   [app.loggers.zmq :as lzmq]
-   [app.util.json :as json]
-   [clojure.core.async :as a]
-   [clojure.spec.alpha :as s]
-   [integrant.core :as ig]
-   [promesa.exec :as px]))
-
-(declare ^:private handle-event)
-
-(defmethod ig/pre-init-spec ::reporter [_]
-  (s/keys :req [::http/client
-                ::lzmq/receiver]))
-
-(defmethod ig/init-key ::reporter
-  [_ cfg]
-  (when-let [uri (cf/get :loggers-loki-uri)]
-    (px/thread
-      {:name "penpot/loki-reporter"}
-      (l/info :hint "reporter started" :uri uri)
-      (let [input (a/chan (a/dropping-buffer 2048))
-            cfg   (assoc cfg ::uri uri)]
-
-        (try
-          (lzmq/sub! (::lzmq/receiver cfg) input)
-          (loop []
-            (when-let [msg (a/<!! input)]
-              (handle-event cfg msg)
-              (recur)))
-
-          (catch InterruptedException _
-            (l/debug :hint "reporter interrupted"))
-          (catch Throwable cause
-            (l/error :hint "unexpected exception"
-                     :cause cause))
-          (finally
-            (a/close! input)
-            (l/info :hint "reporter terminated")))))))
-
-(defmethod ig/halt-key! ::reporter
-  [_ thread]
-  (some-> thread px/interrupt!))
-
-(defn- prepare-payload
-  [event]
-  (let [labels {:host    (cf/get :host)
-                :tenant  (cf/get :tenant)
-                :version (:full cf/version)
-                :logger  (:logger/name event)
-                :level   (:logger/level event)}]
-    {:streams
-     [{:stream labels
-       :values [[(str (* (inst-ms (:created-at event)) 1000000))
-                 (str (:message event)
-                      (when-let [error (:trace event)]
-                        (str "\n" error)))]]}]}))
-
-(defn- make-request
-  [{:keys [::uri] :as cfg} payload]
-  (http/req! cfg
-             {:uri uri
-              :timeout 3000
-              :method :post
-              :headers {"content-type" "application/json"}
-              :body (json/encode payload)}
-             {:sync? true}))
-
-(defn- handle-event
-  [cfg event]
-  (try
-    (let [payload  (prepare-payload event)
-          response (make-request cfg payload)]
-      (when-not (= 204 (:status response))
-        (l/error :hint "error on sending log to loki (unexpected response)"
-                 :response (pr-str response))))
-    (catch Throwable cause
-      (l/error :hint "error on sending log to loki (unexpected exception)"
-               :cause cause))))

backend/src/app/loggers/mattermost.clj

@@ -7,24 +7,35 @@
 (ns app.loggers.mattermost
   "A mattermost integration for error reporting."
   (:require
+   [app.common.exceptions :as ex]
    [app.common.logging :as l]
+   [app.common.spec :as us]
    [app.config :as cf]
    [app.http.client :as http]
    [app.loggers.database :as ldb]
-   [app.loggers.zmq :as lzmq]
    [app.util.json :as json]
-   [clojure.core.async :as a]
    [clojure.spec.alpha :as s]
    [integrant.core :as ig]
-   [promesa.exec :as px]))
+   [promesa.exec :as px]
+   [promesa.exec.csp :as sp]))
 
 (defonce enabled (atom true))
 
 (defn- send-mattermost-notification!
-  [cfg {:keys [host id public-uri] :as event}]
-  (let [text (str "Exception on (host: " host ", url: " public-uri "/dbg/error/" id ")\n"
-             (when-let [pid (:profile-id event)]
-               (str "- profile-id: #uuid-" pid "\n")))
+  [cfg {:keys [id public-uri] :as report}]
+  (let [text (str "Exception: " public-uri "/dbg/error/" id " "
+                  (when-let [pid (:profile-id report)]
+                    (str "(pid: #uuid-" pid ")"))
+                  "\n"
+                  "```\n"
+                  "- host: `" (:host report) "`\n"
+                  "- tenant: `" (:tenant report) "`\n"
+                  "- version: `" (:version report) "`\n"
+                  "\n"
+                  "Trace:\n"
+                  (:trace report)
+                  "```")
+
         resp (http/req! cfg
                         {:uri (cf/get :error-report-webhook)
                          :method :post
@@ -36,32 +47,42 @@
       (l/warn :hint "error on sending data"
               :response (pr-str resp)))))
 
+(defn record->report
+  [{:keys [::l/context ::l/id ::l/cause] :as record}]
+  (us/assert! ::l/record record)
+  {:id         id
+   :tenant     (cf/get :tenant)
+   :host       (cf/get :host)
+   :public-uri (cf/get :public-uri)
+   :version    (:full cf/version)
+   :profile-id (:profile-id context)
+   :trace      (ex/format-throwable cause :detail? false :header? false)})
+
 (defn handle-event
-  [cfg event]
-  (try
-    (let [event (ldb/parse-event event)]
-      (when @enabled
-        (send-mattermost-notification! cfg event)))
-    (catch Throwable cause
-      (l/warn :hint "unhandled error"
-              :cause cause))))
+  [cfg record]
+  (when @enabled
+    (try
+      (let [report (record->report record)]
+        (send-mattermost-notification! cfg report))
+      (catch Throwable cause
+        (l/warn :hint "unhandled error" :cause cause)))))
 
 (defmethod ig/pre-init-spec ::reporter [_]
-  (s/keys :req [::http/client
-                ::lzmq/receiver]))
+  (s/keys :req [::http/client]))
 
 (defmethod ig/init-key ::reporter
   [_ cfg]
   (when-let [uri (cf/get :error-report-webhook)]
     (px/thread
-      {:name "penpot/mattermost-reporter"}
-      (l/info :msg "initializing error reporter" :uri uri)
-      (let [input (a/chan (a/sliding-buffer 128)
-                          (filter #(= (:logger/level %) "error")))]
+      {:name "penpot/mattermost-reporter"
+       :virtual true}
+      (l/info :hint "initializing error reporter" :uri uri)
+      (let [input (sp/chan :buf (sp/sliding-buffer 128)
+                           :xf (filter ldb/error-record?))]
+        (add-watch l/log-record ::reporter #(sp/put! input %4))
         (try
-          (lzmq/sub! (::lzmq/receiver cfg) input)
           (loop []
-            (when-let [msg (a/<!! input)]
+            (when-let [msg (sp/take! input)]
               (handle-event cfg msg)
               (recur)))
           (catch InterruptedException _
@@ -69,7 +90,8 @@
           (catch Throwable cause
             (l/error :hint "unexpected error" :cause cause))
           (finally
-            (a/close! input)
+            (sp/close! input)
+            (remove-watch l/log-record ::reporter)
             (l/info :hint "reporter terminated")))))))
 
 (defmethod ig/halt-key! ::reporter

backend/src/app/loggers/webhooks.clj

@@ -8,6 +8,7 @@
   "A mattermost integration for error reporting."
   (:require
    [app.common.data :as d]
+   [app.common.data.macros :as dm]
    [app.common.logging :as l]
    [app.common.transit :as t]
    [app.common.uri :as uri]
@@ -21,15 +22,24 @@
    [cuerdas.core :as str]
    [integrant.core :as ig]))
 
+;; --- HELPERS
+
+(defn key-fn
+  [k & keys]
+  (fn [params]
+    (reduce #(dm/str %1 ":" (get params %2))
+            (dm/str (get params k))
+            keys)))
+
 ;; --- PROC
 
 (defn- lookup-webhooks-by-team
   [pool team-id]
-  (db/exec! pool ["select * from webhook where team_id=? and is_active=true" team-id]))
+  (db/exec! pool ["select w.* from webhook as w where team_id=? and is_active=true" team-id]))
 
 (defn- lookup-webhooks-by-project
   [pool project-id]
-  (let [sql [(str "select * from webhook as w"
+  (let [sql [(str "select w.* from webhook as w"
                   "  join project as p on (p.team_id = w.team_id)"
                   " where p.id = ? and w.is_active = true")
              project-id]]
@@ -37,7 +47,7 @@
 
 (defn- lookup-webhooks-by-file
   [pool file-id]
-  (let [sql [(str "select * from webhook as w"
+  (let [sql [(str "select w.* from webhook as w"
                   "  join project as p on (p.team_id = w.team_id)"
                   "  join file as f on (f.project_id = p.id)"
                   " where f.id = ? and w.is_active = true")
@@ -62,7 +72,6 @@
                :name (:name event))
 
       (when-let [items (lookup-webhooks cfg event)]
-        ;; (app.common.pprint/pprint items)
         (l/trace :hint "webhooks found for event" :total (count items))
 
         (db/with-atomic [conn pool]
@@ -102,7 +111,7 @@
                               " where id=?")
                          err
                          (:id whook)]
-                    res (db/exec-one! pool sql {:return-keys true})]
+                    res (db/exec-one! pool sql {::db/return-keys? true})]
                 (when (>= (:error-count res) max-errors)
                   (db/update! pool :webhook {:is-active false} {:id (:id whook)})))
 
@@ -169,6 +178,9 @@
     (instance? java.net.ConnectException cause)
     "connection-error"
 
+    (instance? java.lang.IllegalArgumentException cause)
+    "invalid-uri"
+
     (instance? java.net.http.HttpConnectTimeoutException cause)
     "timeout"
     ))

backend/src/app/loggers/zmq.clj

@@ -1,130 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.loggers.zmq
-  "A generic ZMQ listener."
-  (:require
-   [app.common.exceptions :as ex]
-   [app.common.logging :as l]
-   [app.config :as cf]
-   [app.loggers.zmq.receiver :as-alias receiver]
-   [app.util.json :as json]
-   [app.util.time :as dt]
-   [clojure.core.async :as a]
-   [clojure.spec.alpha :as s]
-   [cuerdas.core :as str]
-   [integrant.core :as ig]
-   [promesa.exec :as px])
-  (:import
-   org.zeromq.SocketType
-   org.zeromq.ZMQ$Socket
-   org.zeromq.ZContext))
-
-(declare prepare)
-(declare start-rcv-loop)
-
-(defmethod ig/init-key ::receiver
-  [_ cfg]
-  (let [uri    (cf/get :loggers-zmq-uri)
-        buffer (a/chan 1)
-        output (a/chan 1 (comp (filter map?)
-                               (keep prepare)))
-        mult   (a/mult output)
-        thread (when uri
-                 (px/thread
-                   {:name "penpot/zmq-receiver"
-                    :daemon false}
-                   (l/info :hint "receiver started")
-                   (try
-                     (start-rcv-loop buffer uri)
-                     (catch InterruptedException _
-                       (l/debug :hint "receiver interrupted"))
-                     (catch java.lang.IllegalStateException cause
-                       (if (= "errno 4" (ex-message cause))
-                         (l/debug :hint "receiver interrupted")
-                         (l/error :hint "unhandled error" :cause cause)))
-                     (catch Throwable cause
-                       (l/error :hint "unhandled error" :cause cause))
-                     (finally
-                       (l/info :hint "receiver terminated")))))]
-
-    (a/pipe buffer output)
-    (-> cfg
-        (assoc ::receiver/mult mult)
-        (assoc ::receiver/thread thread)
-        (assoc ::receiver/output output)
-        (assoc ::receiver/buffer buffer))))
-
-(s/def ::receiver/mult some?)
-(s/def ::receiver/thread #(instance? Thread %))
-(s/def ::receiver/output some?)
-(s/def ::receiver/buffer some?)
-(s/def ::receiver
-  (s/keys :req [::receiver/mult
-                ::receiver/thread
-                ::receiver/output
-                ::receiver/buffer]))
-
-(defn sub!
-  [{:keys [::receiver/mult]} ch]
-  (a/tap mult ch))
-
-(defmethod ig/halt-key! ::receiver
-  [_ {:keys [::receiver/buffer ::receiver/thread]}]
-  (some-> thread px/interrupt!)
-  (some-> buffer a/close!))
-
-(def ^:private json-mapper
-  (json/mapper
-   {:encode-key-fn str/camel
-    :decode-key-fn (comp keyword str/kebab)}))
-
-(defn- start-rcv-loop
-  [output endpoint]
-  (let [zctx   (ZContext. 1)
-        socket (.. zctx (createSocket SocketType/SUB))]
-    (try
-      (.. socket (connect ^String endpoint))
-      (.. socket (subscribe ""))
-      (.. socket (setReceiveTimeOut 5000))
-      (loop []
-        (let [msg (.recv ^ZMQ$Socket socket)
-              msg (ex/ignoring (json/decode msg json-mapper))
-              msg (if (nil? msg) :empty msg)]
-          (when (a/>!! output msg)
-            (recur))))
-
-      (finally
-        (.close ^java.lang.AutoCloseable socket)
-        (.destroy ^ZContext zctx)))))
-
-(s/def ::logger-name string?)
-(s/def ::level string?)
-(s/def ::thread string?)
-(s/def ::time-millis integer?)
-(s/def ::message string?)
-(s/def ::context-map map?)
-(s/def ::thrown map?)
-
-(s/def ::log4j-event
-  (s/keys :req-un [::logger-name ::level ::thread ::time-millis ::message]
-          :opt-un [::context-map ::thrown]))
-
-(defn- prepare
-  [event]
-  (if (s/valid? ::log4j-event event)
-    (merge {:message      (:message event)
-            :created-at   (dt/instant (:time-millis event))
-            :logger/name  (:logger-name event)
-            :logger/level (str/lower (:level event))}
-
-           (when-let [trace (-> event :thrown :extended-stack-trace)]
-             {:trace trace})
-
-           (:context-map event))
-    (do
-      (l/warn :hint "invalid event" :event event)
-      nil)))

backend/src/app/main.clj

@@ -6,25 +6,38 @@
 
 (ns app.main
   (:require
+   [app.auth.ldap :as-alias ldap]
    [app.auth.oidc :as-alias oidc]
    [app.auth.oidc.providers :as-alias oidc.providers]
    [app.common.logging :as l]
    [app.config :as cf]
    [app.db :as-alias db]
+   [app.email :as-alias email]
+   [app.http :as-alias http]
+   [app.http.assets :as-alias http.assets]
+   [app.http.awsns :as http.awsns]
    [app.http.client :as-alias http.client]
-   [app.http.session :as-alias http.session]
-   [app.loggers.audit :as-alias audit]
+   [app.http.debug :as-alias http.debug]
+   [app.http.session :as-alias session]
+   [app.http.session.tasks :as-alias session.tasks]
+   [app.http.websocket :as http.ws]
    [app.loggers.audit.tasks :as-alias audit.tasks]
    [app.loggers.webhooks :as-alias webhooks]
-   [app.loggers.zmq :as-alias lzmq]
    [app.metrics :as-alias mtx]
    [app.metrics.definition :as-alias mdef]
+   [app.msgbus :as-alias mbus]
    [app.redis :as-alias rds]
+   [app.rpc :as-alias rpc]
+   [app.rpc.doc :as-alias rpc.doc]
+   [app.srepl :as-alias srepl]
    [app.storage :as-alias sto]
+   [app.storage.fs :as-alias sto.fs]
+   [app.storage.s3 :as-alias sto.s3]
    [app.util.time :as dt]
    [app.worker :as-alias wrk]
    [cuerdas.core :as str]
-   [integrant.core :as ig])
+   [integrant.core :as ig]
+   [promesa.exec :as px])
   (:gen-class))
 
 (def default-metrics
@@ -89,15 +102,15 @@
     ::mdef/labels ["name"]
     ::mdef/type :summary}
 
-   :rpc-climit-queue-size
-   {::mdef/name "penpot_rpc_climit_queue_size"
-    ::mdef/help "Current number of queued submissions on the CLIMIT."
+   :rpc-climit-queue
+   {::mdef/name "penpot_rpc_climit_queue"
+    ::mdef/help "Current number of queued submissions."
     ::mdef/labels ["name"]
     ::mdef/type :gauge}
 
-   :rpc-climit-concurrency
-   {::mdef/name "penpot_rpc_climit_concurrency"
-    ::mdef/help "Current number of used concurrency capacity on the CLIMIT"
+   :rpc-climit-permits
+   {::mdef/name "penpot_rpc_climit_permits"
+    ::mdef/help "Current number of available permits"
     ::mdef/labels ["name"]
     ::mdef/type :gauge}
 
@@ -151,22 +164,18 @@
 
 (def system-config
   {::db/pool
-   {:uri        (cf/get :database-uri)
-    :username   (cf/get :database-username)
-    :password   (cf/get :database-password)
-    :read-only  (cf/get :database-readonly false)
-    :metrics    (ig/ref ::mtx/metrics)
-    :migrations (ig/ref :app.migrations/all)
-    :name       :main
-    :min-size   (cf/get :database-min-pool-size 0)
-    :max-size   (cf/get :database-max-pool-size 60)}
+   {::db/uri        (cf/get :database-uri)
+    ::db/username   (cf/get :database-username)
+    ::db/password   (cf/get :database-password)
+    ::db/read-only? (cf/get :database-readonly false)
+    ::db/min-size   (cf/get :database-min-pool-size 0)
+    ::db/max-size   (cf/get :database-max-pool-size 60)
+    ::mtx/metrics   (ig/ref ::mtx/metrics)}
 
    ;; Default thread pool for IO operations
    ::wrk/executor
-   {::wrk/parallelism (cf/get :default-executor-parallelism 100)}
-
-   ::wrk/scheduled-executor
-   {::wrk/parallelism (cf/get :scheduled-executor-parallelism 20)}
+   {::wrk/parallelism (cf/get :default-executor-parallelism
+                              (+ 3 (* (px/get-available-processors) 3)))}
 
    ::wrk/monitor
    {::mtx/metrics  (ig/ref ::mtx/metrics)
@@ -174,64 +183,58 @@
     ::wrk/executor (ig/ref ::wrk/executor)}
 
    :app.migrations/migrations
-   {}
+   {::db/pool (ig/ref ::db/pool)}
 
    ::mtx/metrics
    {:default default-metrics}
 
-   :app.migrations/all
-   {:main (ig/ref :app.migrations/migrations)}
+   ::mtx/routes
+   {::mtx/metrics (ig/ref ::mtx/metrics)}
 
    ::rds/redis
-   {::rds/uri     (cf/get :redis-uri)
-    ::mtx/metrics (ig/ref ::mtx/metrics)}
+   {::rds/uri      (cf/get :redis-uri)
+    ::mtx/metrics  (ig/ref ::mtx/metrics)
+    ::wrk/executor (ig/ref ::wrk/executor)}
 
-   :app.msgbus/msgbus
-   {:backend   (cf/get :msgbus-backend :redis)
-    :executor  (ig/ref ::wrk/executor)
-    :redis     (ig/ref ::rds/redis)}
+   ::mbus/msgbus
+   {::wrk/executor  (ig/ref ::wrk/executor)
+    ::rds/redis     (ig/ref ::rds/redis)}
 
    :app.storage.tmp/cleaner
-   {::wrk/executor (ig/ref ::wrk/executor)
-    ::wrk/scheduled-executor (ig/ref ::wrk/scheduled-executor)}
+   {::wrk/executor (ig/ref ::wrk/executor)}
 
    ::sto/gc-deleted-task
-   {:pool     (ig/ref ::db/pool)
-    :storage  (ig/ref ::sto/storage)
-    :executor (ig/ref ::wrk/executor)}
+   {::db/pool      (ig/ref ::db/pool)
+    ::sto/storage  (ig/ref ::sto/storage)}
 
    ::sto/gc-touched-task
-   {:pool (ig/ref ::db/pool)}
+   {::db/pool (ig/ref ::db/pool)}
 
    ::http.client/client
    {::wrk/executor (ig/ref ::wrk/executor)}
 
-   :app.http.session/manager
-   {:pool     (ig/ref ::db/pool)
-    :sprops   (ig/ref :app.setup/props)
-    :executor (ig/ref ::wrk/executor)}
+   ::session/manager
+   {::db/pool (ig/ref ::db/pool)}
 
-   :app.http.session/gc-task
-   {:pool        (ig/ref ::db/pool)
-    :max-age     (cf/get :auth-token-cookie-max-age)}
+   ::session.tasks/gc
+   {::db/pool (ig/ref ::db/pool)}
 
-   :app.http.awsns/handler
+   ::http.awsns/routes
    {::props              (ig/ref :app.setup/props)
     ::db/pool            (ig/ref ::db/pool)
     ::http.client/client (ig/ref ::http.client/client)
     ::wrk/executor       (ig/ref ::wrk/executor)}
 
-   :app.http/server
-   {:port        (cf/get :http-server-port)
-    :host        (cf/get :http-server-host)
-    :router      (ig/ref :app.http/router)
-    :metrics     (ig/ref ::mtx/metrics)
-    :executor    (ig/ref ::wrk/executor)
-    :io-threads  (cf/get :http-server-io-threads)
-    :max-body-size           (cf/get :http-server-max-body-size)
-    :max-multipart-body-size (cf/get :http-server-max-multipart-body-size)}
+   ::http/server
+   {::http/port                    (cf/get :http-server-port)
+    ::http/host                    (cf/get :http-server-host)
+    ::http/router                  (ig/ref ::http/router)
+    ::wrk/executor                 (ig/ref ::wrk/executor)
+    ::http/io-threads              (cf/get :http-server-io-threads)
+    ::http/max-body-size           (cf/get :http-server-max-body-size)
+    ::http/max-multipart-body-size (cf/get :http-server-max-multipart-body-size)}
 
-   :app.auth.ldap/provider
+   ::ldap/provider
    {:host           (cf/get :ldap-host)
     :port           (cf/get :ldap-port)
     :ssl            (cf/get :ldap-ssl)
@@ -258,84 +261,71 @@
    {::http.client/client (ig/ref ::http.client/client)}
 
    ::oidc/routes
-   {::http.client/client   (ig/ref ::http.client/client)
-    ::db/pool              (ig/ref ::db/pool)
-    ::props                (ig/ref :app.setup/props)
-    ::wrk/executor         (ig/ref ::wrk/executor)
-    ::oidc/providers       {:google (ig/ref ::oidc.providers/google)
-                            :github (ig/ref ::oidc.providers/github)
-                            :gitlab (ig/ref ::oidc.providers/gitlab)
-                            :oidc   (ig/ref ::oidc.providers/generic)}
-    ::audit/collector      (ig/ref ::audit/collector)
-    ::http.session/session (ig/ref :app.http.session/manager)}
+   {::http.client/client (ig/ref ::http.client/client)
+    ::db/pool            (ig/ref ::db/pool)
+    ::props              (ig/ref :app.setup/props)
+    ::oidc/providers     {:google (ig/ref ::oidc.providers/google)
+                          :github (ig/ref ::oidc.providers/github)
+                          :gitlab (ig/ref ::oidc.providers/gitlab)
+                          :oidc   (ig/ref ::oidc.providers/generic)}
+    ::session/manager    (ig/ref ::session/manager)}
 
-
-   ;; TODO: revisit the dependencies of this service, looks they are too much unused of them
    :app.http/router
-   {:assets        (ig/ref :app.http.assets/handlers)
-    :feedback      (ig/ref :app.http.feedback/handler)
-    :session       (ig/ref :app.http.session/manager)
-    :awsns-handler (ig/ref :app.http.awsns/handler)
-    :debug-routes  (ig/ref :app.http.debug/routes)
-    :oidc-routes   (ig/ref ::oidc/routes)
-    :ws            (ig/ref :app.http.websocket/handler)
-    :metrics       (ig/ref ::mtx/metrics)
-    :public-uri    (cf/get :public-uri)
-    :storage       (ig/ref ::sto/storage)
-    :rpc-routes    (ig/ref :app.rpc/routes)
-    :doc-routes    (ig/ref :app.rpc.doc/routes)
-    :executor      (ig/ref ::wrk/executor)}
+   {::session/manager    (ig/ref ::session/manager)
+    ::db/pool            (ig/ref ::db/pool)
+    ::rpc/routes         (ig/ref ::rpc/routes)
+    ::rpc.doc/routes     (ig/ref ::rpc.doc/routes)
+    ::props              (ig/ref :app.setup/props)
+    ::mtx/routes         (ig/ref ::mtx/routes)
+    ::oidc/routes        (ig/ref ::oidc/routes)
+    ::http.debug/routes  (ig/ref ::http.debug/routes)
+    ::http.assets/routes (ig/ref ::http.assets/routes)
+    ::http.ws/routes     (ig/ref ::http.ws/routes)
+    ::http.awsns/routes  (ig/ref ::http.awsns/routes)}
 
    :app.http.debug/routes
-   {:pool     (ig/ref ::db/pool)
-    :executor (ig/ref ::wrk/executor)
-    :storage  (ig/ref ::sto/storage)
-    :session  (ig/ref :app.http.session/manager)}
+   {::db/pool         (ig/ref ::db/pool)
+    ::wrk/executor    (ig/ref ::wrk/executor)
+    ::session/manager (ig/ref ::session/manager)
+    ::sto/storage     (ig/ref ::sto/storage)}
 
-   :app.http.websocket/handler
-   {:pool     (ig/ref ::db/pool)
-    :metrics  (ig/ref ::mtx/metrics)
-    :msgbus   (ig/ref :app.msgbus/msgbus)}
+   ::http.ws/routes
+   {::db/pool         (ig/ref ::db/pool)
+    ::mtx/metrics     (ig/ref ::mtx/metrics)
+    ::mbus/msgbus     (ig/ref ::mbus/msgbus)
+    ::session/manager (ig/ref ::session/manager)}
 
-   :app.http.assets/handlers
-   {:metrics           (ig/ref ::mtx/metrics)
-    :assets-path       (cf/get :assets-path)
-    :storage           (ig/ref ::sto/storage)
-    :executor          (ig/ref ::wrk/executor)
-    :cache-max-age     (dt/duration {:hours 24})
-    :signature-max-age (dt/duration {:hours 24 :minutes 5})}
-
-   :app.http.feedback/handler
-   {:pool     (ig/ref ::db/pool)
-    :executor (ig/ref ::wrk/executor)}
+   :app.http.assets/routes
+   {::http.assets/path  (cf/get :assets-path)
+    ::http.assets/cache-max-age (dt/duration {:hours 24})
+    ::http.assets/cache-max-agesignature-max-age (dt/duration {:hours 24 :minutes 5})
+    ::sto/storage  (ig/ref ::sto/storage)
+    ::wrk/executor (ig/ref ::wrk/executor)}
 
    :app.rpc/climit
-   {:metrics  (ig/ref ::mtx/metrics)
-    :executor (ig/ref ::wrk/executor)}
+   {::mtx/metrics  (ig/ref ::mtx/metrics)
+    ::wrk/executor (ig/ref ::wrk/executor)}
 
    :app.rpc/rlimit
-   {:executor  (ig/ref ::wrk/executor)
-    :scheduled-executor (ig/ref ::wrk/scheduled-executor)}
+   {::wrk/executor (ig/ref ::wrk/executor)}
 
    :app.rpc/methods
-   {::audit/collector    (ig/ref ::audit/collector)
-    ::http.client/client (ig/ref ::http.client/client)
+   {::http.client/client (ig/ref ::http.client/client)
     ::db/pool            (ig/ref ::db/pool)
     ::wrk/executor       (ig/ref ::wrk/executor)
+    ::session/manager    (ig/ref ::session/manager)
+    ::ldap/provider      (ig/ref ::ldap/provider)
+    ::sto/storage        (ig/ref ::sto/storage)
+    ::mtx/metrics        (ig/ref ::mtx/metrics)
+    ::mbus/msgbus        (ig/ref ::mbus/msgbus)
+    ::rds/redis          (ig/ref ::rds/redis)
+
+    ::rpc/climit         (ig/ref ::rpc/climit)
+    ::rpc/rlimit         (ig/ref ::rpc/rlimit)
+
+    ::props              (ig/ref :app.setup/props)
 
     :pool                (ig/ref ::db/pool)
-    :session             (ig/ref :app.http.session/manager)
-    :sprops              (ig/ref :app.setup/props)
-    :metrics             (ig/ref ::mtx/metrics)
-    :storage             (ig/ref ::sto/storage)
-    :msgbus              (ig/ref :app.msgbus/msgbus)
-    :public-uri          (cf/get :public-uri)
-    :redis               (ig/ref ::rds/redis)
-    :ldap                (ig/ref :app.auth.ldap/provider)
-    :http-client         (ig/ref ::http.client/client)
-    :climit              (ig/ref :app.rpc/climit)
-    :rlimit              (ig/ref :app.rpc/rlimit)
-    :executor            (ig/ref ::wrk/executor)
     :templates           (ig/ref :app.setup/builtin-templates)
     }
 
@@ -343,12 +333,16 @@
    {:methods (ig/ref :app.rpc/methods)}
 
    :app.rpc/routes
-   {:methods (ig/ref :app.rpc/methods)}
+   {::rpc/methods     (ig/ref :app.rpc/methods)
+    ::db/pool         (ig/ref ::db/pool)
+    ::wrk/executor    (ig/ref ::wrk/executor)
+    ::session/manager (ig/ref ::session/manager)
+    ::props           (ig/ref :app.setup/props)}
 
    ::wrk/registry
-   {:metrics (ig/ref ::mtx/metrics)
-    :tasks
-    {:sendmail           (ig/ref :app.emails/handler)
+   {::mtx/metrics (ig/ref ::mtx/metrics)
+    ::wrk/tasks
+    {:sendmail           (ig/ref ::email/handler)
      :objects-gc         (ig/ref :app.tasks.objects-gc/handler)
      :file-gc            (ig/ref :app.tasks.file-gc/handler)
      :file-xlog-gc       (ig/ref :app.tasks.file-xlog-gc/handler)
@@ -356,7 +350,7 @@
      :storage-gc-touched (ig/ref ::sto/gc-touched-task)
      :tasks-gc           (ig/ref :app.tasks.tasks-gc/handler)
      :telemetry          (ig/ref :app.tasks.telemetry/handler)
-     :session-gc         (ig/ref :app.http.session/gc-task)
+     :session-gc         (ig/ref ::session.tasks/gc)
      :audit-log-archive  (ig/ref ::audit.tasks/archive)
      :audit-log-gc       (ig/ref ::audit.tasks/gc)
 
@@ -365,58 +359,57 @@
      :run-webhook
      (ig/ref ::webhooks/run-webhook-handler)}}
 
+   ::email/sendmail
+   {::email/host             (cf/get :smtp-host)
+    ::email/port             (cf/get :smtp-port)
+    ::email/ssl              (cf/get :smtp-ssl)
+    ::email/tls              (cf/get :smtp-tls)
+    ::email/username         (cf/get :smtp-username)
+    ::email/password         (cf/get :smtp-password)
+    ::email/default-reply-to (cf/get :smtp-default-reply-to)
+    ::email/default-from     (cf/get :smtp-default-from)}
 
-   :app.emails/sendmail
-   {:host             (cf/get :smtp-host)
-    :port             (cf/get :smtp-port)
-    :ssl              (cf/get :smtp-ssl)
-    :tls              (cf/get :smtp-tls)
-    :username         (cf/get :smtp-username)
-    :password         (cf/get :smtp-password)
-    :default-reply-to (cf/get :smtp-default-reply-to)
-    :default-from     (cf/get :smtp-default-from)}
-
-   :app.emails/handler
-   {:sendmail (ig/ref :app.emails/sendmail)
-    :metrics  (ig/ref ::mtx/metrics)}
+   ::email/handler
+   {::email/sendmail (ig/ref ::email/sendmail)
+    ::mtx/metrics    (ig/ref ::mtx/metrics)}
 
    :app.tasks.tasks-gc/handler
-   {:pool    (ig/ref ::db/pool)
-    :max-age cf/deletion-delay}
+   {::db/pool (ig/ref ::db/pool)}
 
    :app.tasks.objects-gc/handler
-   {:pool    (ig/ref ::db/pool)
-    :storage (ig/ref ::sto/storage)}
+   {::db/pool     (ig/ref ::db/pool)
+    ::sto/storage (ig/ref ::sto/storage)}
 
    :app.tasks.file-gc/handler
-   {:pool (ig/ref ::db/pool)}
+   {::db/pool     (ig/ref ::db/pool)
+    ::sto/storage (ig/ref ::sto/storage)}
 
    :app.tasks.file-xlog-gc/handler
-   {:pool (ig/ref ::db/pool)}
+   {::db/pool (ig/ref ::db/pool)}
 
    :app.tasks.telemetry/handler
    {::db/pool            (ig/ref ::db/pool)
     ::http.client/client (ig/ref ::http.client/client)
     ::props              (ig/ref :app.setup/props)}
 
-   :app.srepl/server
-   {:port (cf/get :srepl-port)
-    :host (cf/get :srepl-host)}
+   [::srepl/urepl ::srepl/server]
+   {::srepl/port (cf/get :urepl-port 6062)
+    ::srepl/host (cf/get :urepl-host "localhost")}
+
+   [::srepl/prepl ::srepl/server]
+   {::srepl/port (cf/get :prepl-port 6063)
+    ::srepl/host (cf/get :prepl-host "localhost")}
 
    :app.setup/builtin-templates
    {::http.client/client (ig/ref ::http.client/client)}
 
    :app.setup/props
-   {:pool (ig/ref ::db/pool)
-    :key  (cf/get :secret-key)}
+   {::db/pool    (ig/ref ::db/pool)
+    ::key        (cf/get :secret-key)
 
-   ::lzmq/receiver
-   {}
-
-   ::audit/collector
-   {::db/pool           (ig/ref ::db/pool)
-    ::wrk/executor      (ig/ref ::wrk/executor)
-    ::mtx/metrics       (ig/ref ::mtx/metrics)}
+    ;; NOTE: this dependency is only necessary for proper initialization ordering, props
+    ;; module requires the migrations to run before initialize.
+    ::migrations (ig/ref :app.migrations/migrations)}
 
    ::audit.tasks/archive
    {::props              (ig/ref :app.setup/props)
@@ -434,46 +427,33 @@
    {::db/pool            (ig/ref ::db/pool)
     ::http.client/client (ig/ref ::http.client/client)}
 
-   :app.loggers.loki/reporter
-   {::lzmq/receiver      (ig/ref ::lzmq/receiver)
-    ::http.client/client (ig/ref ::http.client/client)}
-
    :app.loggers.mattermost/reporter
-   {::lzmq/receiver      (ig/ref ::lzmq/receiver)
-    ::http.client/client (ig/ref ::http.client/client)}
+   {::http.client/client (ig/ref ::http.client/client)}
 
    :app.loggers.database/reporter
-   {:receiver (ig/ref :app.loggers.zmq/receiver)
-    :pool     (ig/ref ::db/pool)
-    :executor (ig/ref ::wrk/executor)}
+   {::db/pool (ig/ref ::db/pool)}
 
    ::sto/storage
-   {:pool     (ig/ref ::db/pool)
-    :executor (ig/ref ::wrk/executor)
-
-    :backends
+   {::db/pool      (ig/ref ::db/pool)
+    ::wrk/executor (ig/ref ::wrk/executor)
+    ::sto/backends
     {:assets-s3 (ig/ref [::assets :app.storage.s3/backend])
-     :assets-fs (ig/ref [::assets :app.storage.fs/backend])
-
-     ;; keep this for backward compatibility
-     :s3        (ig/ref [::assets :app.storage.s3/backend])
-     :fs        (ig/ref [::assets :app.storage.fs/backend])}}
+     :assets-fs (ig/ref [::assets :app.storage.fs/backend])}}
 
    [::assets :app.storage.s3/backend]
-   {:region   (cf/get :storage-assets-s3-region)
-    :endpoint (cf/get :storage-assets-s3-endpoint)
-    :bucket   (cf/get :storage-assets-s3-bucket)
-    :executor (ig/ref ::wrk/executor)}
+   {::sto.s3/region   (cf/get :storage-assets-s3-region)
+    ::sto.s3/endpoint (cf/get :storage-assets-s3-endpoint)
+    ::sto.s3/bucket   (cf/get :storage-assets-s3-bucket)
+    ::wrk/executor    (ig/ref ::wrk/executor)}
 
    [::assets :app.storage.fs/backend]
-   {:directory (cf/get :storage-assets-fs-directory)}
+   {::sto.fs/directory (cf/get :storage-assets-fs-directory)}
    })
 
 
 (def worker-config
   {::wrk/cron
-   {::wrk/scheduled-executor  (ig/ref ::wrk/scheduled-executor)
-    ::wrk/registry            (ig/ref ::wrk/registry)
+   {::wrk/registry            (ig/ref ::wrk/registry)
     ::db/pool                 (ig/ref ::db/pool)
     ::wrk/entries
     [{:cron #app/cron "0 0 * * * ?" ;; hourly

backend/src/app/media.clj

@@ -10,10 +10,16 @@
    [app.common.data :as d]
    [app.common.exceptions :as ex]
    [app.common.media :as cm]
+   [app.common.schema :as sm]
+   [app.common.schema.generators :as sg]
+   [app.common.schema.openapi :as-alias oapi]
    [app.common.spec :as us]
    [app.config :as cf]
+   [app.db :as-alias db]
+   [app.storage :as-alias sto]
    [app.storage.tmp :as tmp]
    [app.util.svg :as svg]
+   [app.util.time :as dt]
    [buddy.core.bytes :as bb]
    [buddy.core.codecs :as bc]
    [clojure.java.shell :as sh]
@@ -26,6 +32,9 @@
    org.im4java.core.IMOperation
    org.im4java.core.Info))
 
+(def default-max-file-size
+  (* 1024 1024 30)) ; 30 MiB
+
 (s/def ::path fs/path?)
 (s/def ::filename string?)
 (s/def ::size integer?)
@@ -41,6 +50,27 @@
   (s/keys :req-un [::path]
           :opt-un [::mtype]))
 
+(sm/def! ::fs/path
+  {:type ::fs/path
+   :pred fs/path?
+   :type-properties
+   {:title "path"
+    :description "filesystem path"
+    :error/message "expected a valid fs path instance"
+    :gen/gen (sg/generator :string)
+    ::oapi/type "string"
+    ::oapi/format "unix-path"
+    ::oapi/decode fs/path}})
+
+(sm/def! ::upload
+  [:map {:title "Upload"}
+   [:filename :string]
+   [:size :int]
+   [:path ::fs/path]
+   [:mtype {:optional true} :string]
+   [:headers {:optional true}
+    [:map-of :string :string]]])
+
 (defn validate-media-type!
   ([upload] (validate-media-type! upload cm/valid-image-types))
   ([upload allowed]
@@ -51,6 +81,16 @@
 
    upload))
 
+(defn validate-media-size!
+  [upload]
+  (when (> (:size upload) (cf/get :media-max-file-size default-max-file-size))
+    (ex/raise :type :restriction
+              :code :media-max-file-size-reached
+              :hint (str/ffmt "the uploaded file size % is greater than the maximum %"
+                              (:size upload)
+                              default-max-file-size)))
+  upload)
+
 (defmulti process :cmd)
 (defmulti process-error class)
 
@@ -166,7 +206,7 @@
           (ex/raise :type :validation
                     :code :invalid-svg-file
                     :hint "uploaded svg does not provides dimensions"))
-        (merge input info))
+        (merge input info {:ts (dt/now)}))
 
       (let [instance (Info. (str path))
             mtype'   (.getProperty instance "Mime type")]
@@ -181,7 +221,8 @@
         ;; any frame.
         (assoc input
                :width  (.getPageWidth instance)
-               :height (.getPageHeight instance))))))
+               :height (.getPageHeight instance)
+               :ts (dt/now))))))
 
 (defmethod process-error org.im4java.core.InfoException
   [error]
@@ -297,8 +338,7 @@
   "Given storage map, returns a storage configured with the appropriate
   backend for assets and optional connection attached."
   ([storage]
-   (assoc storage :backend (cf/get :assets-storage-backend :assets-fs)))
-  ([storage conn]
-   (-> storage
-       (assoc :conn conn)
-       (assoc :backend (cf/get :assets-storage-backend :assets-fs)))))
+   (assoc storage ::sto/backend (cf/get :assets-storage-backend :assets-fs)))
+  ([storage pool-or-conn]
+   (-> (configure-assets-storage storage)
+       (assoc ::db/pool-or-conn pool-or-conn))))

backend/src/app/metrics.clj

@@ -87,13 +87,26 @@
      ::definitions definitions
      ::registry registry}))
 
+
 (defn- handler
-  [registry _ respond _]
+  [registry _]
   (let [samples  (.metricFamilySamples ^CollectorRegistry registry)
         writer   (StringWriter.)]
     (TextFormat/write004 writer samples)
-    (respond {:headers {"content-type" TextFormat/CONTENT_TYPE_004}
-              :body (.toString writer)})))
+    {:headers {"content-type" TextFormat/CONTENT_TYPE_004}
+              :body (.toString writer)}))
+
+
+
+(s/def ::routes vector?)
+(defmethod ig/pre-init-spec ::routes [_]
+  (s/keys :req [::metrics]))
+
+(defmethod ig/init-key ::routes
+  [_ {:keys [::metrics]}]
+  (let [registry (::registry metrics)]
+    ["/metrics" {:handler (partial handler registry)
+                 :allowed-methods #{:get}}]))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Implementation
@@ -132,7 +145,7 @@
 
 (defmethod run-collector! :counter
   [{:keys [::mdef/instance]} {:keys [inc labels] :or {inc 1 labels default-empty-labels}}]
-  (let [instance (.labels instance (if (is-array? labels) labels (into-array String labels)))]
+  (let [instance (.labels ^Counter instance (if (is-array? labels) labels (into-array String labels)))]
     (.inc ^Counter$Child instance (double inc))))
 
 (defmethod run-collector! :gauge

backend/src/app/migrations.clj

@@ -6,8 +6,12 @@
 
 (ns app.migrations
   (:require
+   [app.common.data.macros :as dm]
+   [app.common.logging :as l]
+   [app.db :as db]
    [app.migrations.clj.migration-0023 :as mg0023]
    [app.util.migrations :as mg]
+   [clojure.spec.alpha :as s]
    [integrant.core :as ig]))
 
 (def migrations
@@ -271,7 +275,69 @@
 
    {:name "0087-mod-task-table"
     :fn (mg/resource "app/migrations/sql/0087-mod-task-table.sql")}
+
+   {:name "0088-mod-team-profile-rel-table"
+    :fn (mg/resource "app/migrations/sql/0088-mod-team-profile-rel-table.sql")}
+
+   {:name "0089-mod-project-profile-rel-table"
+    :fn (mg/resource "app/migrations/sql/0089-mod-project-profile-rel-table.sql")}
+
+   {:name "0090-mod-http-session-table"
+    :fn (mg/resource "app/migrations/sql/0090-mod-http-session-table.sql")}
+
+   {:name "0091-mod-team-project-profile-rel-table"
+    :fn (mg/resource "app/migrations/sql/0091-mod-team-project-profile-rel-table.sql")}
+
+   {:name "0092-mod-team-invitation-table"
+    :fn (mg/resource "app/migrations/sql/0092-mod-team-invitation-table.sql")}
+
+   {:name "0093-del-file-share-tokens-table"
+    :fn (mg/resource "app/migrations/sql/0093-del-file-share-tokens-table.sql")}
+
+   {:name "0094-del-profile-attr-table"
+    :fn (mg/resource "app/migrations/sql/0094-del-profile-attr-table.sql")}
+
+   {:name "0095-del-storage-data-table"
+    :fn (mg/resource "app/migrations/sql/0095-del-storage-data-table.sql")}
+
+   {:name "0096-del-storage-pending-table"
+    :fn (mg/resource "app/migrations/sql/0096-del-storage-pending-table.sql")}
+
+   {:name "0098-add-quotes-table"
+    :fn (mg/resource "app/migrations/sql/0098-add-quotes-table.sql")}
+
+   {:name "0099-add-access-token-table"
+    :fn (mg/resource "app/migrations/sql/0099-add-access-token-table.sql")}
+
+   {:name "0100-mod-profile-indexes"
+    :fn (mg/resource "app/migrations/sql/0100-mod-profile-indexes.sql")}
+
+   {:name "0101-mod-server-error-report-table"
+    :fn (mg/resource "app/migrations/sql/0101-mod-server-error-report-table.sql")}
+
+   {:name "0102-mod-access-token-table"
+    :fn (mg/resource "app/migrations/sql/0102-mod-access-token-table.sql")}
+
+   {:name "0103-mod-file-object-thumbnail-table"
+    :fn (mg/resource "app/migrations/sql/0103-mod-file-object-thumbnail-table.sql")}
+
+   {:name "0104-mod-file-thumbnail-table"
+    :fn (mg/resource "app/migrations/sql/0104-mod-file-thumbnail-table.sql")}
+
    ])
 
+(defn apply-migrations!
+  [pool name migrations]
+  (dm/with-open [conn (db/open pool)]
+    (mg/setup! conn)
+    (mg/migrate! conn {:name name :steps migrations})))
 
-(defmethod ig/init-key ::migrations [_ _] migrations)
+(defmethod ig/pre-init-spec ::migrations
+  [_]
+  (s/keys :req [::db/pool]))
+
+(defmethod ig/init-key ::migrations
+  [module {:keys [::db/pool]}]
+  (when-not (db/read-only? pool)
+    (l/info :hint "running migrations" :module module)
+    (some->> (seq migrations) (apply-migrations! pool "main"))))

backend/src/app/migrations/sql/0088-mod-team-profile-rel-table.sql

@@ -0,0 +1,3 @@
+ALTER TABLE team_profile_rel DROP CONSTRAINT team_profile_rel_pkey;
+ALTER TABLE team_profile_rel ADD COLUMN id uuid DEFAULT uuid_generate_v4() PRIMARY KEY;
+ALTER TABLE team_profile_rel ADD CONSTRAINT team_profile_rel_unique UNIQUE (team_id, profile_id);

backend/src/app/migrations/sql/0089-mod-project-profile-rel-table.sql

@@ -0,0 +1,3 @@
+ALTER TABLE project_profile_rel DROP CONSTRAINT project_profile_rel_pkey;
+ALTER TABLE project_profile_rel ADD COLUMN id uuid DEFAULT uuid_generate_v4() PRIMARY KEY;
+ALTER TABLE project_profile_rel ADD CONSTRAINT project_profile_rel_unique UNIQUE (project_id, profile_id);

backend/src/app/migrations/sql/0090-mod-http-session-table.sql

@@ -0,0 +1,2 @@
+ALTER TABLE http_session DROP CONSTRAINT http_session_pkey;
+ALTER TABLE http_session ADD CONSTRAINT http_session_pkey PRIMARY KEY (id);

backend/src/app/migrations/sql/0091-mod-team-project-profile-rel-table.sql

@@ -0,0 +1,3 @@
+ALTER TABLE team_project_profile_rel DROP CONSTRAINT team_project_profile_rel_pkey;
+ALTER TABLE team_project_profile_rel ADD COLUMN id uuid DEFAULT uuid_generate_v4() PRIMARY KEY;
+ALTER TABLE team_project_profile_rel ADD CONSTRAINT team_project_profile_rel_unique UNIQUE (team_id, project_id, profile_id);

backend/src/app/migrations/sql/0092-mod-team-invitation-table.sql

@@ -0,0 +1,3 @@
+ALTER TABLE team_invitation DROP CONSTRAINT team_invitation_pkey;
+ALTER TABLE team_invitation ADD COLUMN id uuid DEFAULT uuid_generate_v4() PRIMARY KEY;
+ALTER TABLE team_invitation ADD CONSTRAINT team_invitation_unique UNIQUE (team_id, email_to);

backend/src/app/migrations/sql/0093-del-file-share-tokens-table.sql

@@ -0,0 +1 @@
+DROP TABLE file_share_token;

backend/src/app/migrations/sql/0094-del-profile-attr-table.sql

@@ -0,0 +1 @@
+DROP TABLE profile_attr;

backend/src/app/migrations/sql/0095-del-storage-data-table.sql

@@ -0,0 +1 @@
+DROP TABLE storage_data;

backend/src/app/migrations/sql/0096-del-storage-pending-table.sql

@@ -0,0 +1 @@
+DROP TABLE storage_pending;

backend/src/app/migrations/sql/0098-add-quotes-table.sql

@@ -0,0 +1,82 @@
+CREATE TABLE usage_quote (
+  id uuid NOT NULL DEFAULT uuid_generate_v4() PRIMARY KEY,
+  target text NOT NULL,
+  quote bigint NOT NULL,
+
+  profile_id uuid NULL REFERENCES profile(id) ON DELETE CASCADE DEFERRABLE,
+  project_id uuid NULL REFERENCES project(id) ON DELETE CASCADE DEFERRABLE,
+  team_id uuid NULL REFERENCES team(id) ON DELETE CASCADE DEFERRABLE,
+  file_id uuid NULL REFERENCES file(id) ON DELETE CASCADE DEFERRABLE
+);
+
+ALTER TABLE usage_quote
+  ALTER COLUMN target SET STORAGE external;
+
+CREATE INDEX usage_quote__profile_id__idx ON usage_quote(profile_id, target);
+CREATE INDEX usage_quote__project_id__idx ON usage_quote(project_id, target);
+CREATE INDEX usage_quote__team_id__idx ON usage_quote(team_id, target);
+
+-- DROP TABLE IF EXISTS usage_quote_test;
+-- CREATE TABLE usage_quote_test (
+--   id bigserial NOT NULL PRIMARY KEY,
+--   target text NOT NULL,
+--   quote bigint NOT NULL,
+
+--   profile_id bigint NULL,
+--   team_id bigint NULL,
+--   project_id bigint NULL,
+--   file_id bigint NULL
+-- );
+
+-- ALTER TABLE usage_quote_test
+--   ALTER COLUMN target SET STORAGE external;
+
+-- CREATE INDEX usage_quote_test__profile_id__idx ON usage_quote_test(profile_id, target);
+-- CREATE INDEX usage_quote_test__project_id__idx ON usage_quote_test(project_id, target);
+-- CREATE INDEX usage_quote_test__team_id__idx ON usage_quote_test(team_id, target);
+-- -- CREATE INDEX usage_quote_test__target__idx ON usage_quote_test(target);
+
+-- DELETE FROM usage_quote_test;
+
+-- INSERT INTO usage_quote_test (target, quote, profile_id, team_id, project_id)
+-- SELECT 'files-per-project', 50*RANDOM(), 2000*RANDOM(), null, null
+--   FROM generate_series(1, 5000);
+
+-- INSERT INTO usage_quote_test (target, quote, profile_id, team_id, project_id)
+-- SELECT 'files-per-project', 200*RANDOM(), 300*RANDOM(), 300*RANDOM(), null
+--   FROM generate_series(1, 1000);
+
+-- INSERT INTO usage_quote_test (target, quote, profile_id, team_id, project_id)
+-- SELECT 'files-per-project', 100*RANDOM(), 300*RANDOM(), null, 300*RANDOM()
+--   FROM generate_series(1, 1000);
+
+-- INSERT INTO usage_quote_test (target, quote, profile_id, team_id, project_id)
+-- SELECT 'files-per-project', 100*RANDOM(), 300*RANDOM(), 300*RANDOM(), 300*RANDOM()
+--   FROM generate_series(1, 1000);
+
+-- INSERT INTO usage_quote_test (target, quote, profile_id, team_id, project_id)
+-- SELECT 'files-per-project', 30*RANDOM(), null, 2000*RANDOM(), null
+--   FROM generate_series(1, 5000);
+
+-- INSERT INTO usage_quote_test (target, quote, profile_id, team_id, project_id)
+-- SELECT 'files-per-project', 10*RANDOM(), null, null, 2000*RANDOM()
+--   FROM generate_series(1, 5000);
+
+-- VACUUM ANALYZE usage_quote_test;
+
+-- select * from usage_quote_test
+--  where target = 'files-per-project'
+--    and profile_id = 1
+--    and team_id is null
+--    and project_id is null;
+
+-- select * from usage_quote_test
+--  where target = 'files-per-project'
+--    and ((team_id = 1 and (profile_id = 1 or profile_id is null)) or
+--         (profile_id = 1 and team_id is null and project_id is null));
+
+-- select * from usage_quote_test
+--  where target = 'files-per-project'
+--    and ((project_id = 1 and (profile_id = 1 or profile_id is null)) or
+--         (team_id = 1 and (profile_id = 1 or profile_id is null)) or
+--         (profile_id = 1 and team_id is null and project_id is null));

backend/src/app/migrations/sql/0099-add-access-token-table.sql

@@ -0,0 +1,19 @@
+DROP TABLE IF EXISTS access_token;
+CREATE TABLE access_token (
+  id uuid NOT NULL DEFAULT uuid_generate_v4() PRIMARY KEY,
+  profile_id uuid NOT NULL REFERENCES profile(id) ON DELETE CASCADE DEFERRABLE,
+
+  created_at timestamptz NOT NULL DEFAULT now(),
+  updated_at timestamptz NOT NULL DEFAULT now(),
+
+  name text NOT NULL,
+  token text NOT NULL,
+  perms text[] NULL
+);
+
+ALTER TABLE access_token
+  ALTER COLUMN name SET STORAGE external,
+  ALTER COLUMN token SET STORAGE external,
+  ALTER COLUMN perms SET STORAGE external;
+
+CREATE INDEX access_token__profile_id__idx ON access_token(profile_id);

backend/src/app/migrations/sql/0100-mod-profile-indexes.sql

@@ -0,0 +1,31 @@
+ALTER TABLE profile
+  ADD COLUMN default_project_id uuid NULL REFERENCES project(id) ON DELETE SET NULL DEFERRABLE,
+  ADD COLUMN default_team_id uuid NULL REFERENCES team(id) ON DELETE SET NULL DEFERRABLE;
+
+CREATE INDEX profile__default_project__idx ON profile(default_project_id);
+CREATE INDEX profile__default_team__idx ON profile(default_team_id);
+
+with profiles as (
+  select p.id,
+         tpr.team_id as default_team_id,
+         ppr.project_id as default_project_id
+    from profile as p
+    join team_profile_rel as tpr
+      on (tpr.profile_id = p.id and
+          tpr.is_owner is true)
+    join project_profile_rel as ppr
+      on (ppr.profile_id = p.id and
+          ppr.is_owner is true)
+    join project as pj
+      on (pj.id = ppr.project_id)
+    join team as tm
+      on (tm.id = tpr.team_id)
+   where pj.is_default is true
+     and tm.is_default is true
+     and pj.team_id = tm.id
+)
+update profile
+   set default_team_id = p.default_team_id,
+       default_project_id = p.default_project_id
+  from profiles as p
+ where profile.id = p.id;

backend/src/app/migrations/sql/0101-mod-server-error-report-table.sql

@@ -0,0 +1,2 @@
+ALTER TABLE server_error_report
+ ADD COLUMN version integer DEFAULT 1;

backend/src/app/migrations/sql/0102-mod-access-token-table.sql

@@ -0,0 +1,2 @@
+ALTER TABLE access_token
+ ADD COLUMN expires_at timestamptz NULL;

backend/src/app/migrations/sql/0103-mod-file-object-thumbnail-table.sql

@@ -0,0 +1,2 @@
+ALTER TABLE file_object_thumbnail
+  ADD COLUMN media_id uuid NULL REFERENCES storage_object(id) ON DELETE CASCADE DEFERRABLE;

backend/src/app/migrations/sql/0104-mod-file-thumbnail-table.sql

@@ -0,0 +1,2 @@
+ALTER TABLE file_thumbnail
+  ADD COLUMN media_id uuid NULL REFERENCES storage_object(id) ON DELETE CASCADE DEFERRABLE;

backend/src/app/msgbus.clj

@@ -8,20 +8,18 @@
   "The msgbus abstraction implemented using redis as underlying backend."
   (:require
    [app.common.data :as d]
-   [app.common.exceptions :as ex]
    [app.common.logging :as l]
    [app.common.spec :as us]
    [app.common.transit :as t]
    [app.config :as cfg]
-   [app.redis :as redis]
-   [app.util.async :as aa]
+   [app.redis :as rds]
    [app.util.time :as dt]
    [app.worker :as wrk]
-   [clojure.core.async :as a]
    [clojure.spec.alpha :as s]
    [integrant.core :as ig]
    [promesa.core :as p]
-   [promesa.exec :as px]))
+   [promesa.exec :as px]
+   [promesa.exec.csp :as sp]))
 
 (set! *warn-on-reflection* true)
 
@@ -34,132 +32,116 @@
 (def ^:private xform-prefix-topic
   (map (fn [obj] (update obj :topic prefix-topic))))
 
-(declare ^:private redis-connect)
-(declare ^:private redis-disconnect)
-(declare ^:private redis-pub)
-(declare ^:private redis-sub)
-(declare ^:private redis-unsub)
+(declare ^:private redis-pub!)
+(declare ^:private redis-sub!)
+(declare ^:private redis-unsub!)
 (declare ^:private start-io-loop!)
 (declare ^:private subscribe-to-topics)
 (declare ^:private unsubscribe-channels)
 
-(defmethod ig/prep-key ::msgbus
-  [_ cfg]
-  (merge {:buffer-size 128
-          :timeout (dt/duration {:seconds 30})}
-         (d/without-nils cfg)))
-
-(s/def ::cmd-ch ::aa/channel)
-(s/def ::rcv-ch ::aa/channel)
-(s/def ::pub-ch ::aa/channel)
+(s/def ::cmd-ch sp/chan?)
+(s/def ::rcv-ch sp/chan?)
+(s/def ::pub-ch sp/chan?)
 (s/def ::state ::us/agent)
-(s/def ::pconn ::redis/connection-holder)
-(s/def ::sconn ::redis/connection-holder)
+(s/def ::pconn ::rds/connection-holder)
+(s/def ::sconn ::rds/connection-holder)
 (s/def ::msgbus
   (s/keys :req [::cmd-ch ::rcv-ch ::pub-ch ::state ::pconn ::sconn ::wrk/executor]))
 
-(s/def ::buffer-size ::us/integer)
-
 (defmethod ig/pre-init-spec ::msgbus [_]
-  (s/keys :req-un [::buffer-size ::redis/timeout ::redis/redis ::wrk/executor]))
+  (s/keys :req [::rds/redis ::wrk/executor]))
+
+(defmethod ig/prep-key ::msgbus
+  [_ cfg]
+  (-> cfg
+      (assoc ::buffer-size 128)
+      (assoc ::timeout (dt/duration {:seconds 30}))))
 
 (defmethod ig/init-key ::msgbus
-  [_ {:keys [buffer-size executor] :as cfg}]
+  [_ {:keys [::buffer-size ::wrk/executor ::timeout ::rds/redis] :as cfg}]
   (l/info :hint "initialize msgbus" :buffer-size buffer-size)
-  (let [cmd-ch (a/chan buffer-size)
-        rcv-ch (a/chan (a/dropping-buffer buffer-size))
-        pub-ch (a/chan (a/dropping-buffer buffer-size) xform-prefix-topic)
+  (let [cmd-ch (sp/chan :buf buffer-size)
+        rcv-ch (sp/chan :buf (sp/dropping-buffer buffer-size))
+        pub-ch (sp/chan :buf (sp/dropping-buffer buffer-size)
+                        :xf  xform-prefix-topic)
         state  (agent {})
-        msgbus (-> (redis-connect cfg)
+
+        pconn  (rds/connect redis :timeout timeout)
+        sconn  (rds/connect redis :type :pubsub :timeout timeout)
+        msgbus (-> cfg
+                   (assoc ::pconn pconn)
+                   (assoc ::sconn sconn)
                    (assoc ::cmd-ch cmd-ch)
                    (assoc ::rcv-ch rcv-ch)
                    (assoc ::pub-ch pub-ch)
                    (assoc ::state state)
                    (assoc ::wrk/executor executor))]
 
-    (us/verify! ::msgbus msgbus)
-
-    (set-error-handler! state #(l/error :cause % :hint "unexpected error on agent" ::l/async false))
+    (set-error-handler! state #(l/error :cause % :hint "unexpected error on agent" ::l/sync? true))
     (set-error-mode! state :continue)
-    (start-io-loop! msgbus)
 
-    msgbus))
-
-(defn sub!
-  [{:keys [::state ::wrk/executor] :as cfg} & {:keys [topic topics chan]}]
-  (let [done-ch (a/chan)
-        topics  (into [] (map prefix-topic) (if topic [topic] topics))]
-    (l/debug :hint "subscribe" :topics topics)
-    (send-via executor state subscribe-to-topics cfg topics chan done-ch)
-    done-ch))
-
-(defn pub!
-  [{::keys [pub-ch]} & {:as params}]
-  (a/go
-    (a/>! pub-ch params)))
-
-(defn purge!
-  [{:keys [::state ::wrk/executor] :as msgbus} chans]
-  (l/trace :hint "purge" :chans (count chans))
-  (let [done-ch (a/chan)]
-    (send-via executor state unsubscribe-channels msgbus chans done-ch)
-    done-ch))
+    (assoc msgbus ::io-thr (start-io-loop! msgbus))))
 
 (defmethod ig/halt-key! ::msgbus
   [_ msgbus]
-  (redis-disconnect msgbus)
-  (a/close! (::cmd-ch msgbus))
-  (a/close! (::rcv-ch msgbus))
-  (a/close! (::pub-ch msgbus)))
+  (px/interrupt! (::io-thr msgbus))
+  (sp/close! (::cmd-ch msgbus))
+  (sp/close! (::rcv-ch msgbus))
+  (sp/close! (::pub-ch msgbus))
+  (d/close! (::pconn msgbus))
+  (d/close! (::sconn msgbus)))
+
+(defn sub!
+  [{:keys [::state ::wrk/executor] :as cfg} & {:keys [topic topics chan]}]
+  (let [topics (into [] (map prefix-topic) (if topic [topic] topics))]
+    (l/debug :hint "subscribe" :topics topics :chan (hash chan))
+    (send-via executor state subscribe-to-topics cfg topics chan)
+    nil))
+
+(defn pub!
+  [{::keys [pub-ch]} & {:as params}]
+  (sp/put! pub-ch params))
+
+(defn purge!
+  [{:keys [::state ::wrk/executor] :as msgbus} chans]
+  (l/debug :hint "purge" :chans (count chans))
+  (send-via executor state unsubscribe-channels msgbus chans)
+  nil)
 
 ;; --- IMPL
 
-(defn- redis-connect
-  [{:keys [timeout redis] :as cfg}]
-  (let [pconn (redis/connect redis :timeout timeout)
-        sconn (redis/connect redis :type :pubsub :timeout timeout)]
-    {::pconn pconn
-     ::sconn sconn}))
-
-(defn- redis-disconnect
-  [{:keys [::pconn ::sconn] :as cfg}]
-  (d/close! pconn)
-  (d/close! sconn))
-
 (defn- conj-subscription
   "A low level function that is responsible to create on-demand
   subscriptions on redis. It reuses the same subscription if it is
-  already established. Intended to be executed in agent."
+  already established."
   [nsubs cfg topic chan]
   (let [nsubs (if (nil? nsubs) #{chan} (conj nsubs chan))]
     (when (= 1 (count nsubs))
-      (l/trace :hint "open subscription" :topic topic ::l/async false)
-      (redis-sub cfg topic))
+      (l/trace :hint "open subscription" :topic topic ::l/sync? true)
+      (redis-sub! cfg topic))
     nsubs))
 
 (defn- disj-subscription
   "A low level function responsible on removing subscriptions. The
   subscription is truly removed from redis once no single local
-  subscription is look for it. Intended to be executed in agent."
+  subscription is look for it."
   [nsubs cfg topic chan]
   (let [nsubs (disj nsubs chan)]
     (when (empty? nsubs)
-      (l/trace :hint "close subscription" :topic topic ::l/async false)
-      (redis-unsub cfg topic))
+      (l/trace :hint "close subscription" :topic topic ::l/sync? true)
+      (redis-unsub! cfg topic))
     nsubs))
 
 (defn- subscribe-to-topics
-  "Function responsible to attach local subscription to the
-  state. Intended to be used in agent."
-  [state cfg topics chan done-ch]
-  (aa/with-closing done-ch
-    (let [state (update state :chans assoc chan topics)]
-      (reduce (fn [state topic]
-                (update-in state [:topics topic] conj-subscription cfg topic chan))
-              state
-              topics))))
+  "Function responsible to attach local subscription to the state."
+  [state cfg topics chan]
+  (let [state (update state :chans assoc chan topics)]
+    (reduce (fn [state topic]
+              (update-in state [:topics topic] conj-subscription cfg topic chan))
+            state
+            topics)))
 
-(defn- unsubscribe-single-channel
+(defn- unsubscribe-channel
   "Auxiliary function responsible on removing a single local
   subscription from the state."
   [state cfg chan]
@@ -174,87 +156,113 @@
   "Function responsible from detach from state a seq of channels,
   useful when client disconnects or in-bulk unsubscribe
   operations. Intended to be executed in agent."
-  [state cfg channels done-ch]
-  (aa/with-closing done-ch
-    (reduce #(unsubscribe-single-channel %1 cfg %2) state channels)))
+  [state cfg channels]
+  (reduce #(unsubscribe-channel %1 cfg %2) state channels))
 
 (defn- create-listener
   [rcv-ch]
-  (redis/pubsub-listener
+  (rds/pubsub-listener
    :on-message (fn [_ topic message]
                  ;; There are no back pressure, so we use a slidding
                  ;; buffer for cases when the pubsub broker sends
                  ;; more messages that we can process.
                  (let [val {:topic topic :message (t/decode message)}]
-                   (when-not (a/offer! rcv-ch val)
+                   (when-not (sp/offer! rcv-ch val)
                      (l/warn :msg "dropping message on subscription loop"))))))
 
+(defn- process-input!
+  [{:keys [::state ::wrk/executor] :as cfg} topic message]
+  (let [chans (get-in @state [:topics topic])]
+    (when-let [closed (loop [chans  (seq chans)
+                             closed #{}]
+                        (if-let [ch (first chans)]
+                          (if (sp/put! ch message)
+                            (recur (rest chans) closed)
+                            (recur (rest chans) (conj closed ch)))
+                          (seq closed)))]
+      (send-via executor state unsubscribe-channels cfg closed))))
+
+
 (defn start-io-loop!
   [{:keys [::sconn ::rcv-ch ::pub-ch ::state ::wrk/executor] :as cfg}]
-  (redis/add-listener! sconn (create-listener rcv-ch))
-  (letfn [(send-to-topic [topic message]
-            (a/go-loop [chans  (seq (get-in @state [:topics topic]))
-                        closed #{}]
-              (if-let [ch (first chans)]
-                (if (a/>! ch message)
-                  (recur (rest chans) closed)
-                  (recur (rest chans) (conj closed ch)))
-                (seq closed))))
+  (rds/add-listener! sconn (create-listener rcv-ch))
 
-          (process-incoming [{:keys [topic message]}]
-            (a/go
-              (when-let [closed (a/<! (send-to-topic topic message))]
-                (send-via executor state unsubscribe-channels cfg closed nil))))
-          ]
-    (px/thread
-      {:name "penpot/msgbus-io-loop"}
+  (px/thread
+    {:name "penpot/msgbus/io-loop"
+     :virtual true}
+    (try
       (loop []
-        (let [[val port] (a/alts!! [pub-ch rcv-ch])]
+        (let [timeout-ch (sp/timeout-chan 1000)
+              [val port] (sp/alts! [timeout-ch pub-ch rcv-ch])]
           (cond
-            (nil? val)
-            (do
-              (l/trace :hint "stopping io-loop, nil received")
-              (send-via executor state (fn [state]
-                                         (->> (vals state)
-                                              (mapcat identity)
-                                              (filter some?)
-                                              (run! a/close!))
-                                         nil)))
-
-            (= port rcv-ch)
-            (do
-              (a/<!! (process-incoming val))
+            (identical? port timeout-ch)
+            (let [closed (->> (:chans @state)
+                              (map key)
+                              (filter sp/closed?))]
+              (when (seq closed)
+                (send-via executor state unsubscribe-channels cfg closed)
+                (l/debug :hint "proactively purge channels" :count (count closed)))
               (recur))
 
-            (= port pub-ch)
-            (let [result (a/<!! (redis-pub cfg val))]
-              (when (ex/exception? result)
-                (l/error :hint "unexpected error on publishing"
-                         :message val
-                         :cause result))
-              (recur))))))))
+            (nil? val)
+            (throw (InterruptedException. "internally interrupted"))
 
-(defn- redis-pub
+            (identical? port rcv-ch)
+            (let [{:keys [topic message]} val]
+              (process-input! cfg topic message)
+              (recur))
+
+            (identical? port pub-ch)
+            (do
+              (redis-pub! cfg val)
+              (recur)))))
+
+      (catch InterruptedException _
+        (l/trace :hint "io-loop thread interrumpted"))
+
+      (catch Throwable cause
+        (l/error :hint "unexpected exception on io-loop thread"
+                 :cause cause))
+      (finally
+        (l/trace :hint "clearing io-loop state")
+        (when-let [chans (:chans @state)]
+          (run! sp/close! (keys chans)))
+
+        (l/debug :hint "io-loop thread terminated")))))
+
+
+(defn- redis-pub!
   "Publish a message to the redis server. Asynchronous operation,
   intended to be used in core.async go blocks."
   [{:keys [::pconn] :as cfg} {:keys [topic message]}]
-  (let [message (t/encode message)
-        res     (a/chan 1)]
-    (-> (redis/publish! pconn topic message)
-        (p/finally (fn [_ cause]
-                     (when (and cause (redis/open? pconn))
-                       (a/offer! res cause))
-                     (a/close! res))))
-    res))
+  (try
+    (p/await! (rds/publish! pconn topic (t/encode message)))
+    (catch InterruptedException cause
+      (throw cause))
+    (catch Throwable cause
+      (l/error :hint "unexpected error on publishing"
+               :message message
+               :cause cause))))
 
-(defn redis-sub
+(defn- redis-sub!
   "Create redis subscription. Blocking operation, intended to be used
   inside an agent."
   [{:keys [::sconn] :as cfg} topic]
-  (redis/subscribe! sconn topic))
+  (try
+    (rds/subscribe! sconn topic)
+    (catch InterruptedException cause
+      (throw cause))
+    (catch Throwable cause
+      (l/trace :hint "exception on subscribing" :topic topic :cause cause))))
 
-(defn redis-unsub
+(defn- redis-unsub!
   "Removes redis subscription. Blocking operation, intended to be used
   inside an agent."
   [{:keys [::sconn] :as cfg} topic]
-  (redis/unsubscribe! sconn topic))
+  (try
+    (rds/unsubscribe! sconn topic)
+    (catch InterruptedException cause
+      (throw cause))
+    (catch Throwable cause
+      (l/trace :hint "exception on unsubscribing" :topic topic :cause cause))))
+

backend/src/app/redis.clj

@@ -8,17 +8,21 @@
   "The msgbus abstraction implemented using redis as underlying backend."
   (:require
    [app.common.data :as d]
+   [app.common.exceptions :as ex]
    [app.common.logging :as l]
    [app.common.spec :as us]
    [app.metrics :as mtx]
    [app.redis.script :as-alias rscript]
+   [app.util.cache :as cache]
    [app.util.time :as dt]
+   [app.worker :as-alias wrk]
    [clojure.core :as c]
    [clojure.java.io :as io]
    [clojure.spec.alpha :as s]
    [cuerdas.core :as str]
    [integrant.core :as ig]
-   [promesa.core :as p])
+   [promesa.core :as p]
+   [promesa.exec :as px])
   (:import
    clojure.lang.IDeref
    clojure.lang.MapEntry
@@ -87,7 +91,7 @@
 (s/def ::connect? ::us/boolean)
 (s/def ::io-threads ::us/integer)
 (s/def ::worker-threads ::us/integer)
-(s/def ::cache #(instance? clojure.lang.Atom %))
+(s/def ::cache some?)
 
 (s/def ::redis
   (s/keys :req [::resources
@@ -99,11 +103,11 @@
 
 (defmethod ig/prep-key ::redis
   [_ cfg]
-  (let [runtime (Runtime/getRuntime)
-        cpus    (.availableProcessors ^Runtime runtime)]
+  (let [cpus    (px/get-available-processors)
+        threads (max 1 (int (* cpus 0.2)))]
     (merge {::timeout (dt/duration "10s")
-            ::io-threads (max 3 cpus)
-            ::worker-threads (max 3 cpus)}
+            ::io-threads (max 3 threads)
+            ::worker-threads (max 3 threads)}
            (d/without-nils cfg))))
 
 (defmethod ig/pre-init-spec ::redis [_]
@@ -129,6 +133,15 @@
 (def string-codec
   (RedisCodec/of StringCodec/UTF8 StringCodec/UTF8))
 
+(defn- create-cache
+  [{:keys [::wrk/executor] :as cfg}]
+  (letfn [(on-remove [key val cause]
+            (l/trace :hint "evict connection (cache)" :key key :reason cause)
+            (some-> val d/close!))]
+    (cache/create :executor executor
+                  :on-remove on-remove
+                  :keepalive "5m")))
+
 (defn- initialize-resources
   "Initialize redis connection resources"
   [{:keys [::uri ::io-threads ::worker-threads ::connect?] :as cfg}]
@@ -145,19 +158,21 @@
                       (timer ^Timer timer)
                       (build))
 
-        redis-uri (RedisURI/create ^String uri)]
+        redis-uri (RedisURI/create ^String uri)
+        cfg       (-> cfg
+                      (assoc ::resources resources)
+                      (assoc ::timer timer)
+                      (assoc ::redis-uri redis-uri))]
 
-    (-> cfg
-        (assoc ::resources resources)
-        (assoc ::timer timer)
-        (assoc ::cache (atom {}))
-        (assoc ::redis-uri redis-uri))))
+    (assoc cfg ::cache (create-cache cfg))))
 
 (defn- shutdown-resources
   [{:keys [::resources ::cache ::timer]}]
-  (run! d/close! (vals @cache))
+  (cache/invalidate-all! cache)
+
   (when resources
     (.shutdown ^ClientResources resources))
+
   (when timer
     (.stop ^Timer timer)))
 
@@ -173,6 +188,7 @@
                   :default (.connect ^RedisClient client ^RedisCodec codec)
                   :pubsub  (.connectPubSub ^RedisClient client ^RedisCodec codec))]
 
+    (l/trc :hint "connect" :hid (hash client))
     (.setTimeout ^StatefulConnection conn ^Duration timeout)
     (reify
       IDeref
@@ -180,8 +196,9 @@
 
       AutoCloseable
       (close [_]
-        (.close ^StatefulConnection conn)
-        (.shutdown ^RedisClient client)))))
+        (ex/ignoring (.close ^StatefulConnection conn))
+        (ex/ignoring (.shutdown ^RedisClient client))
+        (l/trc :hint "disconnect" :hid (hash client))))))
 
 (defn connect
   [state & {:as opts}]
@@ -193,19 +210,14 @@
 
 (defn get-or-connect
   [{:keys [::cache] :as state} key options]
-  (-> state
-      (assoc ::connection
-             (or (get @cache key)
-                 (-> (swap! cache (fn [cache]
-                                    (when-let [prev (get cache key)]
-                                      (d/close! prev))
-                                    (assoc cache key (connect* state options))))
-                     (get key))))
-      (dissoc ::cache)))
+  (us/assert! ::redis state)
+  (let [connection (cache/get cache key (fn [_] (connect* state options)))]
+    (-> state
+        (dissoc ::cache)
+        (assoc ::connection connection))))
 
 (defn add-listener!
   [{:keys [::connection] :as conn} listener]
-  (us/assert! ::connection-holder conn)
   (us/assert! ::pubsub-connection connection)
   (us/assert! ::pubsub-listener listener)
   (.addListener ^StatefulRedisPubSubConnection @connection
@@ -213,10 +225,9 @@
   conn)
 
 (defn publish!
-  [{:keys [::connection] :as conn} topic message]
+  [{:keys [::connection]} topic message]
   (us/assert! ::us/string topic)
   (us/assert! ::us/bytes message)
-  (us/assert! ::connection-holder conn)
   (us/assert! ::default-connection connection)
 
   (let [pcomm (.async ^StatefulRedisConnection @connection)]
@@ -224,8 +235,7 @@
 
 (defn subscribe!
   "Blocking operation, intended to be used on a thread/agent thread."
-  [{:keys [::connection] :as conn} & topics]
-  (us/assert! ::connection-holder conn)
+  [{:keys [::connection]} & topics]
   (us/assert! ::pubsub-connection connection)
   (try
     (let [topics (into-array String (map str topics))
@@ -236,8 +246,7 @@
 
 (defn unsubscribe!
   "Blocking operation, intended to be used on a thread/agent thread."
-  [{:keys [::connection] :as conn} & topics]
-  (us/assert! ::connection-holder conn)
+  [{:keys [::connection]} & topics]
   (us/assert! ::pubsub-connection connection)
   (try
     (let [topics (into-array String (map str topics))
@@ -247,8 +256,8 @@
       (throw (InterruptedException. (ex-message cause))))))
 
 (defn rpush!
-  [{:keys [::connection] :as conn} key payload]
-  (us/assert! ::connection-holder conn)
+  [{:keys [::connection]} key payload]
+  (us/assert! ::default-connection connection)
   (us/assert! (or (and (vector? payload)
                        (every? bytes? payload))
                   (bytes? payload)))
@@ -270,8 +279,8 @@
       (throw (InterruptedException. (ex-message cause))))))
 
 (defn blpop!
-  [{:keys [::connection] :as conn} timeout & keys]
-  (us/assert! ::connection-holder conn)
+  [{:keys [::connection]} timeout & keys]
+  (us/assert! ::default-connection connection)
   (try
     (let [keys    (into-array Object (map str keys))
           cmd     (.sync ^StatefulRedisConnection @connection)
@@ -286,8 +295,7 @@
       (throw (InterruptedException. (ex-message cause))))))
 
 (defn open?
-  [{:keys [::connection] :as conn}]
-  (us/assert! ::connection-holder conn)
+  [{:keys [::connection]}]
   (us/assert! ::pubsub-connection connection)
   (.isOpen ^StatefulConnection @connection))
 
@@ -335,7 +343,7 @@
 (defn eval!
   [{:keys [::mtx/metrics ::connection] :as state} script]
   (us/assert! ::redis state)
-  (us/assert! ::connection-holder state)
+  (us/assert! ::default-connection connection)
   (us/assert! ::rscript/script script)
 
   (let [cmd   (.async ^StatefulRedisConnection @connection)
@@ -348,7 +356,7 @@
                 (do
                   (l/error :hint "no script found" :name sname :cause cause)
                   (->> (load-script)
-                       (p/mapcat eval-script)))
+                       (p/mcat eval-script)))
                 (if-let [on-error (::rscript/on-error script)]
                   (on-error cause)
                   (p/rejected cause))))
@@ -379,15 +387,16 @@
             (load-script []
               (l/trace :hint "load script" :name sname)
               (->> (.scriptLoad ^RedisScriptingAsyncCommands cmd
-                               ^String (read-script))
-                   (p/map (fn [sha]
-                            (swap! scripts-cache assoc sname sha)
-                            sha))))]
+                                ^String (read-script))
+                   (p/fmap (fn [sha]
+                             (swap! scripts-cache assoc sname sha)
+                             sha))))]
 
-      (if-let [sha (get @scripts-cache sname)]
-        (eval-script sha)
-        (->> (load-script)
-             (p/mapcat eval-script))))))
+      (p/await!
+       (if-let [sha (get @scripts-cache sname)]
+         (eval-script sha)
+         (->> (load-script)
+              (p/mapcat eval-script)))))))
 
 (defn timeout-exception?
   [cause]

backend/src/app/rpc.clj

@@ -6,17 +6,20 @@
 
 (ns app.rpc
   (:require
+   [app.auth.ldap :as-alias ldap]
    [app.common.data :as d]
    [app.common.exceptions :as ex]
    [app.common.logging :as l]
+   [app.common.schema :as sm]
    [app.common.spec :as us]
-   [app.common.uuid :as uuid]
+   [app.config :as cf]
    [app.db :as db]
    [app.http :as-alias http]
+   [app.http.access-token :as actoken]
    [app.http.client :as-alias http.client]
-   [app.http.session :as-alias http.session]
+   [app.http.session :as session]
    [app.loggers.audit :as audit]
-   [app.loggers.webhooks :as-alias webhooks]
+   [app.main :as-alias main]
    [app.metrics :as mtx]
    [app.msgbus :as-alias mbus]
    [app.rpc.climit :as climit]
@@ -26,27 +29,26 @@
    [app.rpc.rlimit :as rlimit]
    [app.storage :as-alias sto]
    [app.util.services :as sv]
-   [app.util.time :as ts]
+   [app.util.time :as dt]
    [app.worker :as-alias wrk]
    [clojure.spec.alpha :as s]
    [integrant.core :as ig]
    [promesa.core :as p]
-   [promesa.exec :as px]
    [yetti.request :as yrq]
    [yetti.response :as yrs]))
 
+(s/def ::profile-id ::us/uuid)
+
 (defn- default-handler
   [_]
   (p/rejected (ex/error :type :not-found)))
 
 (defn- handle-response-transformation
   [response request mdata]
-  (let [transform-fn (reduce (fn [res-fn transform-fn]
-                               (fn [request response]
-                                 (p/then (res-fn request response) #(transform-fn request %))))
-                             (constantly response)
-                             (::response-transform-fns mdata))]
-    (transform-fn request response)))
+  (reduce (fn [response transform-fn]
+            (transform-fn request response))
+          response
+          (::response-transform-fns mdata)))
 
 (defn- handle-before-comple-hook
   [response mdata]
@@ -57,282 +59,209 @@
 (defn- handle-response
   [request result]
   (if (fn? result)
-    (p/wrap (result request))
+    (result request)
     (let [mdata (meta result)]
-      (p/-> (yrs/response {:status  (::http/status mdata 200)
-                           :headers (::http/headers mdata {})
-                           :body    (rph/unwrap result)})
-            (handle-response-transformation request mdata)
-            (handle-before-comple-hook mdata)))))
+      (-> {::yrs/status  (::http/status mdata 200)
+           ::yrs/headers (::http/headers mdata {})
+           ::yrs/body    (rph/unwrap result)}
+          (handle-response-transformation request mdata)
+          (handle-before-comple-hook mdata)))))
 
-(defn- rpc-query-handler
-  "Ring handler that dispatches query requests and convert between
-  internal async flow into ring async flow."
-  [methods {:keys [profile-id session-id params] :as request} respond raise]
-  (let [type   (keyword (:type params))
-        data   (into {::http/request request} params)
-        data   (if profile-id
-                 (assoc data :profile-id profile-id ::session-id session-id)
-                 (dissoc data :profile-id))
-        method (get methods type default-handler)]
-
-    (-> (method data)
-        (p/then (partial handle-response request))
-        (p/then respond)
-        (p/catch (fn [cause]
-                   (let [context {:profile-id profile-id}]
-                     (raise (ex/wrap-with-context cause context))))))))
-
-(defn- rpc-mutation-handler
-  "Ring handler that dispatches mutation requests and convert between
-  internal async flow into ring async flow."
-  [methods {:keys [profile-id session-id params] :as request} respond raise]
-  (let [type   (keyword (:type params))
-        data   (into {::http/request request} params)
-        data   (if profile-id
-                 (assoc data :profile-id profile-id ::session-id session-id)
-                 (dissoc data :profile-id))
-
-        method (get methods type default-handler)]
-    (-> (method data)
-        (p/then (partial handle-response request))
-        (p/then respond)
-        (p/catch (fn [cause]
-                   (let [context {:profile-id profile-id}]
-                     (raise (ex/wrap-with-context cause context))))))))
-
-(defn- rpc-command-handler
+(defn- rpc-handler
   "Ring handler that dispatches cmd requests and convert between
   internal async flow into ring async flow."
-  [methods {:keys [profile-id session-id params] :as request} respond raise]
-  (let [cmd    (keyword (:command params))
-        etag   (yrq/get-header request "if-none-match")
-        data   (into {::http/request request ::cond/key etag} params)
-        data   (if profile-id
-                 (assoc data :profile-id profile-id ::session-id session-id)
-                 (dissoc data :profile-id))
+  [methods {:keys [params path-params] :as request}]
+  (let [type       (keyword (:type path-params))
+        etag       (yrq/get-header request "if-none-match")
+        profile-id (or (::session/profile-id request)
+                       (::actoken/profile-id request))
+
+        data       (-> params
+                       (assoc ::request-at (dt/now))
+                       (assoc ::session/id (::session/id request))
+                       (assoc ::cond/key etag)
+                       (cond-> (uuid? profile-id)
+                         (assoc ::profile-id profile-id)))
+
+        data       (vary-meta data assoc ::http/request request)
+        method     (get methods type default-handler)]
 
-        method (get methods cmd default-handler)]
     (binding [cond/*enabled* true]
-      (-> (method data)
-          (p/then (partial handle-response request))
-          (p/then respond)
-          (p/catch (fn [cause]
-                     (let [context {:profile-id profile-id}]
-                       (raise (ex/wrap-with-context cause context)))))))))
+      (let [response (method data)]
+        (handle-response request response)))))
 
 (defn- wrap-metrics
   "Wrap service method with metrics measurement."
-  [{:keys [metrics ::metrics-id]} f mdata]
+  [{:keys [::mtx/metrics ::metrics-id]} f mdata]
   (let [labels (into-array String [(::sv/name mdata)])]
     (fn [cfg params]
-      (let [tp (ts/tpoint)]
-        (p/finally
+      (let [tp (dt/tpoint)]
+        (try
           (f cfg params)
-          (fn [_ _]
+          (finally
             (mtx/run! metrics
                       :id metrics-id
                       :val (inst-ms (tp))
                       :labels labels)))))))
 
-(defn- wrap-dispatch
-  "Wraps service method into async flow, with the ability to dispatching
-  it to a preconfigured executor service."
-  [{:keys [executor] :as cfg} f mdata]
-  (with-meta
-    (fn [cfg params]
-      (->> (px/submit! executor (px/wrap-bindings #(f cfg params)))
-           (p/mapcat p/wrap)
-           (p/map rph/wrap)))
-    mdata))
+(defn- wrap-authentication
+  [_ f mdata]
+  (fn [cfg params]
+    (let [profile-id (::profile-id params)]
+      (if (and (::auth mdata true) (not (uuid? profile-id)))
+        (ex/raise :type :authentication
+                  :code :authentication-required
+                  :hint "authentication required for this endpoint")
+        (f cfg params)))))
 
 (defn- wrap-audit
-  [cfg f mdata]
-  (if-let [collector (::audit/collector cfg)]
-    (letfn [(handle-audit [params result]
-              (let [resultm    (meta result)
-                    request    (::http/request params)
-                    profile-id (or (::audit/profile-id resultm)
-                                   (:profile-id result)
-                                   (:profile-id params)
-                                   uuid/zero)
-
-                    props      (or (::audit/replace-props resultm)
-                                   (-> params
-                                       (d/without-qualified)
-                                       (merge (::audit/props resultm))
-                                       (dissoc :profile-id)
-                                       (dissoc :type)))
-
-                    event      {:type (or (::audit/type resultm)
-                                          (::type cfg))
-                                :name (or (::audit/name resultm)
-                                          (::sv/name mdata))
-                                :profile-id profile-id
-                                :ip-addr (some-> request audit/parse-client-ip)
-                                :props props
-                                ::webhooks/batch-key
-                                (or (::webhooks/batch-key mdata)
-                                    (::webhooks/batch-key resultm))
-
-                                ::webhooks/batch-timeout
-                                (or (::webhooks/batch-timeout mdata)
-                                    (::webhooks/batch-timeout resultm))
-
-                                ::webhooks/event?
-                                (or (::webhooks/event? mdata)
-                                    (::webhooks/event? resultm)
-                                    false)}]
-
-                (audit/submit! collector event)))
-
-            (handle-request [cfg params]
-              (->> (f cfg params)
-                   (p/mcat (fn [result]
-                             (->> (handle-audit params result)
-                                  (p/map (constantly result)))))))]
-      (if-not (::audit/skip mdata)
-        (with-meta handle-request mdata)
-        f))
+  [_ f mdata]
+  (if (or (contains? cf/flags :webhooks)
+          (contains? cf/flags :audit-log))
+    (if-not (::audit/skip mdata)
+      (fn [cfg params]
+        (let [result (f cfg params)]
+          (->> (audit/prepare-event cfg mdata params result)
+               (audit/submit! cfg))
+          result))
+      f)
     f))
 
+(defn- wrap-spec-conform
+  [_ f mdata]
+  ;; NOTE: skip spec conform operation on rpc methods that already
+  ;; uses malli validation mechanism.
+  (if (contains? mdata ::sm/params)
+    f
+    (if-let [spec (ex/ignoring (s/spec (::sv/spec mdata)))]
+      (fn [cfg params]
+        (f cfg (us/conform spec params)))
+      f)))
+
+(defn- wrap-params-validation
+  [_ f mdata]
+  (if-let [schema (::sm/params mdata)]
+    (let [schema  (sm/schema schema)
+          valid?  (sm/validator schema)
+          explain (sm/explainer schema)
+          decode  (sm/decoder schema sm/default-transformer)]
+
+      (fn [cfg params]
+        (let [params (decode params)]
+          (if (valid? params)
+            (f cfg params)
+            (ex/raise :type :validation
+                      :code :params-validation
+                      ::sm/explain (explain params))))))
+    f))
+
+(defn- wrap-output-validation
+  [_ f mdata]
+  (if (contains? cf/flags :rpc-output-validation)
+    (or (when-let [schema (::sm/result mdata)]
+          (let [schema  (sm/schema schema)
+                valid?  (sm/validator schema)
+                explain (sm/explainer schema)]
+            (fn [cfg params]
+              (let [response (f cfg params)]
+                (when (map? response)
+                  (when-not (valid? response)
+                    (ex/raise :type :validation
+                              :code :data-validation
+                              ::sm/explain (explain response))))
+                response))))
+        f)
+    f))
+
+(defn- wrap-all
+  [cfg f mdata]
+  (as-> f $
+    (wrap-metrics cfg $ mdata)
+    (cond/wrap cfg $ mdata)
+    (retry/wrap-retry cfg $ mdata)
+    (climit/wrap cfg $ mdata)
+    (rlimit/wrap cfg $ mdata)
+    (wrap-audit cfg $ mdata)
+    (wrap-spec-conform cfg $ mdata)
+    (wrap-output-validation cfg $ mdata)
+    (wrap-params-validation cfg $ mdata)
+    (wrap-authentication cfg $ mdata)))
+
 (defn- wrap
   [cfg f mdata]
-  (let [f     (as-> f $
-                (wrap-dispatch cfg $ mdata)
-                (cond/wrap cfg $ mdata)
-                (retry/wrap-retry cfg $ mdata)
-                (wrap-metrics cfg $ mdata)
-                (climit/wrap cfg $ mdata)
-                (rlimit/wrap cfg $ mdata)
-                (wrap-audit cfg $ mdata))
-
-        spec  (or (::sv/spec mdata) (s/spec any?))
-        auth? (:auth mdata true)]
-
-    (l/debug :hint "register method" :name (::sv/name mdata))
-    (with-meta
-      (fn [{:keys [::request] :as params}]
-        ;; Raise authentication error when rpc method requires auth but
-        ;; no profile-id is found in the request.
-
-        (p/do!
-         (if (and auth? (not (uuid? (:profile-id params))))
-           (ex/raise :type :authentication
-                     :code :authentication-required
-                     :hint "authentication required for this endpoint")
-           (let [params (us/conform spec (dissoc params ::request))]
-             (f cfg (assoc params ::request request))))))
-      mdata)))
+  (l/debug :hint "register method" :name (::sv/name mdata))
+  (let [f (wrap-all cfg f mdata)]
+    (partial f cfg)))
 
 (defn- process-method
-  [cfg vfn]
-  (let [mdata (meta vfn)]
-    [(keyword (::sv/name mdata))
-     (wrap cfg vfn mdata)]))
-
-(defn- resolve-query-methods
-  [cfg]
-  (let [cfg (assoc cfg ::type "query" ::metrics-id :rpc-query-timing)]
-    (->> (sv/scan-ns 'app.rpc.queries.projects
-                     'app.rpc.queries.files
-                     'app.rpc.queries.teams
-                     'app.rpc.queries.comments
-                     'app.rpc.queries.profile
-                     'app.rpc.queries.viewer
-                     'app.rpc.queries.fonts)
-         (map (partial process-method cfg))
-         (into {}))))
-
-(defn- resolve-mutation-methods
-  [cfg]
-  (let [cfg (assoc cfg ::type "mutation" ::metrics-id :rpc-mutation-timing)]
-    (->> (sv/scan-ns 'app.rpc.mutations.media
-                     'app.rpc.mutations.profile
-                     'app.rpc.mutations.files
-                     'app.rpc.mutations.comments
-                     'app.rpc.mutations.projects
-                     'app.rpc.mutations.teams
-                     'app.rpc.mutations.management
-                     'app.rpc.mutations.fonts
-                     'app.rpc.mutations.share-link
-                     'app.rpc.mutations.verify-token)
-         (map (partial process-method cfg))
-         (into {}))))
+  [cfg [vfn mdata]]
+  [(keyword (::sv/name mdata)) [mdata (wrap cfg vfn mdata)]])
 
 (defn- resolve-command-methods
   [cfg]
   (let [cfg (assoc cfg ::type "command" ::metrics-id :rpc-command-timing)]
-    (->> (sv/scan-ns 'app.rpc.commands.binfile
-                     'app.rpc.commands.comments
-                     'app.rpc.commands.management
-                     'app.rpc.commands.verify-token
-                     'app.rpc.commands.search
-                     'app.rpc.commands.auth
-                     'app.rpc.commands.ldap
-                     'app.rpc.commands.demo
-                     'app.rpc.commands.webhooks
-                     'app.rpc.commands.audit
-                     'app.rpc.commands.files
-                     'app.rpc.commands.files.update
-                     'app.rpc.commands.files.create
-                     'app.rpc.commands.files.temp)
+    (->> (sv/scan-ns
+          'app.rpc.commands.access-token
+          'app.rpc.commands.audit
+          'app.rpc.commands.auth
+          'app.rpc.commands.feedback
+          'app.rpc.commands.fonts
+          'app.rpc.commands.binfile
+          'app.rpc.commands.comments
+          'app.rpc.commands.demo
+          'app.rpc.commands.files
+          'app.rpc.commands.files-create
+          'app.rpc.commands.files-share
+          'app.rpc.commands.files-temp
+          'app.rpc.commands.files-update
+          'app.rpc.commands.files-thumbnails
+          'app.rpc.commands.ldap
+          'app.rpc.commands.management
+          'app.rpc.commands.media
+          'app.rpc.commands.profile
+          'app.rpc.commands.projects
+          'app.rpc.commands.search
+          'app.rpc.commands.teams
+          'app.rpc.commands.verify-token
+          'app.rpc.commands.viewer
+          'app.rpc.commands.webhooks)
          (map (partial process-method cfg))
          (into {}))))
 
-(s/def ::ldap (s/nilable map?))
-(s/def ::msgbus ::mbus/msgbus)
-(s/def ::climit (s/nilable ::climit/climit))
-(s/def ::rlimit (s/nilable ::rlimit/rlimit))
-
-(s/def ::public-uri ::us/not-empty-string)
-(s/def ::sprops map?)
-
 (defmethod ig/pre-init-spec ::methods [_]
-  (s/keys :req [::audit/collector
+  (s/keys :req [::session/manager
                 ::http.client/client
                 ::db/pool
+                ::mbus/msgbus
+                ::ldap/provider
+                ::sto/storage
+                ::mtx/metrics
+                ::main/props
                 ::wrk/executor]
-          :req-un [::sto/storage
-                   ::http.session/session
-                   ::sprops
-                   ::public-uri
-                   ::msgbus
-                   ::rlimit
-                   ::climit
-                   ::wrk/executor
-                   ::mtx/metrics
-                   ::db/pool
-                   ::ldap]))
+          :opt [::climit
+                ::rlimit]
+          :req-un [::db/pool]))
 
 (defmethod ig/init-key ::methods
   [_ cfg]
-  {:mutations (resolve-mutation-methods cfg)
-   :queries   (resolve-query-methods cfg)
-   :commands  (resolve-command-methods cfg)})
-
-(s/def ::mutations
-  (s/map-of keyword? fn?))
-
-(s/def ::queries
-  (s/map-of keyword? fn?))
-
-(s/def ::commands
-  (s/map-of keyword? fn?))
+  (let [cfg (d/without-nils cfg)]
+    (resolve-command-methods cfg)))
 
 (s/def ::methods
-  (s/keys :req-un [::mutations
-                   ::queries
-                   ::commands]))
+  (s/map-of keyword? (s/tuple map? fn?)))
+
+(s/def ::routes vector?)
 
 (defmethod ig/pre-init-spec ::routes [_]
-  (s/keys :req-un [::methods]))
+  (s/keys :req [::methods
+                ::db/pool
+                ::main/props
+                ::wrk/executor
+                ::session/manager]))
 
 (defmethod ig/init-key ::routes
-  [_ {:keys [methods] :as cfg}]
-  [["/rpc"
-    ["/command/:command" {:handler (partial rpc-command-handler (:commands methods))}]
-    ["/query/:type" {:handler (partial rpc-query-handler (:queries methods))}]
-    ["/mutation/:type" {:handler (partial rpc-mutation-handler (:mutations methods))
-                        :allowed-methods #{:post}}]]])
-
+  [_ {:keys [::methods] :as cfg}]
+  (let [methods (update-vals methods peek)]
+    [["/rpc" {:middleware [[session/authz cfg]
+                           [actoken/authz cfg]]}
+      ["/command/:type" {:handler (partial rpc-handler methods)}]]]))

backend/src/app/rpc/climit.clj

@@ -6,14 +6,16 @@
 
 (ns app.rpc.climit
   "Concurrencly limiter for RPC."
+  (:refer-clojure :exclude [run!])
   (:require
-   [app.common.data :as d]
    [app.common.exceptions :as ex]
    [app.common.logging :as l]
    [app.common.spec :as us]
    [app.config :as cf]
    [app.metrics :as mtx]
    [app.rpc :as-alias rpc]
+   [app.rpc.climit.config :as-alias config]
+   [app.util.cache :as cache]
    [app.util.services :as-alias sv]
    [app.util.time :as dt]
    [app.worker :as-alias wrk]
@@ -23,182 +25,200 @@
    [integrant.core :as ig]
    [promesa.core :as p]
    [promesa.exec :as px]
-   [promesa.exec.bulkhead :as pxb])
+   [promesa.exec.bulkhead :as pbh])
   (:import
-   com.github.benmanes.caffeine.cache.Cache
-   com.github.benmanes.caffeine.cache.CacheLoader
-   com.github.benmanes.caffeine.cache.Caffeine
-   com.github.benmanes.caffeine.cache.RemovalListener))
+   clojure.lang.ExceptionInfo))
 
-(defn- capacity-exception?
-  [o]
-  (and (ex/ex-info? o)
-       (let [data (ex-data o)]
-         (and (= :bulkhead-error (:type data))
-              (= :capacity-limit-reached (:code data))))))
+(set! *warn-on-reflection* true)
 
-(defn invoke!
-  [limiter f]
-  (->> (px/submit! limiter f)
-       (p/hcat (fn [result cause]
-                 (cond
-                   (capacity-exception? cause)
-                   (p/rejected
-                    (ex/error :type :internal
-                              :code :concurrency-limit-reached
-                              :queue (-> limiter meta :bkey name)
-                              :cause cause))
+(defn- create-bulkhead-cache
+  [{:keys [::wrk/executor]} config]
+  (letfn [(load-fn [key]
+            (let [config (get config (nth key 0))]
+              (l/trace :hint "insert into cache" :key key)
+              (pbh/create :permits (or (:permits config) (:concurrency config))
+                          :queue (or (:queue config) (:queue-size config))
+                          :timeout (:timeout config)
+                          :executor executor
+                          :type (:type config :semaphore))))
 
-                   (some? cause)
-                   (p/rejected cause)
+          (on-remove [_ _ cause]
+            (l/trace :hint "evict from cache" :key key :reason (str cause)))]
 
-                   :else
-                   (p/resolved result))))))
+    (cache/create :executor :same-thread
+                  :on-remove on-remove
+                  :keepalive "5m"
+                  :load-fn load-fn)))
 
-(defn- create-limiter
-  [{:keys [executor metrics concurrency queue-size bkey skey]}]
-  (let [labels   (into-array String [(name bkey)])
-        on-queue (fn [instance]
-                   (l/trace :hint "enqueued"
-                            :key (name bkey)
-                            :skey (str skey)
-                            :queue-size (get instance ::pxb/current-queue-size)
-                            :concurrency (get instance ::pxb/current-concurrency))
-                   (mtx/run! metrics
-                             :id :rpc-climit-queue-size
-                             :val (get instance ::pxb/current-queue-size)
-                             :labels labels)
-                   (mtx/run! metrics
-                             :id :rpc-climit-concurrency
-                             :val (get instance ::pxb/current-concurrency)
-                             :labels labels))
-
-        on-run   (fn [instance task]
-                   (let [elapsed (- (inst-ms (dt/now))
-                                    (inst-ms task))]
-                     (l/trace :hint "execute"
-                              :key (name bkey)
-                              :skey (str skey)
-                              :elapsed (str elapsed "ms"))
-                     (mtx/run! metrics
-                               :id :rpc-climit-timing
-                               :val elapsed
-                               :labels labels)
-                     (mtx/run! metrics
-                               :id :rpc-climit-queue-size
-                               :val (get instance ::pxb/current-queue-size)
-                               :labels labels)
-                     (mtx/run! metrics
-                               :id :rpc-climit-concurrency
-                               :val (get instance ::pxb/current-concurrency)
-                               :labels labels)))
-
-        options  {:executor executor
-                  :concurrency concurrency
-                  :queue-size (or queue-size Integer/MAX_VALUE)
-                  :on-queue on-queue
-                  :on-run on-run}]
-
-    (-> (pxb/create options)
-        (vary-meta assoc :bkey bkey :skey skey))))
-
-(defn- create-cache
-  [{:keys [executor] :as params} config]
-  (let [listener (reify RemovalListener
-                   (onRemoval [_ key _val cause]
-                     (l/trace :hint "cache: remove" :key key :reason (str cause))))
-
-        loader   (reify CacheLoader
-                   (load [_ key]
-                     (let [[bkey skey] key]
-                       (when-let [config (get config bkey)]
-                         (-> (merge params config)
-                             (assoc :bkey bkey)
-                             (assoc :skey skey)
-                             (create-limiter))))))]
-
-  (.. (Caffeine/newBuilder)
-      (weakValues)
-      (executor executor)
-      (removalListener listener)
-      (build loader))))
-
-(defprotocol IConcurrencyManager)
-
-(s/def ::concurrency ::us/integer)
-(s/def ::queue-size ::us/integer)
+(s/def ::config/permits ::us/integer)
+(s/def ::config/queue ::us/integer)
+(s/def ::config/timeout ::us/integer)
 (s/def ::config
   (s/map-of keyword?
-            (s/keys :req-un [::concurrency]
-                    :opt-un [::queue-size])))
+            (s/keys :opt-un [::config/permits
+                             ::config/queue
+                             ::config/timeout])))
 
 (defmethod ig/prep-key ::rpc/climit
   [_ cfg]
-  (merge {:path (cf/get :rpc-climit-config)}
-         (d/without-nils cfg)))
+  (assoc cfg ::path (cf/get :rpc-climit-config)))
 
+(s/def ::path ::fs/path)
 (defmethod ig/pre-init-spec ::rpc/climit [_]
-  (s/keys :req-un [::wrk/executor ::mtx/metrics ::fs/path]))
+  (s/keys :req [::wrk/executor ::mtx/metrics ::path]))
 
 (defmethod ig/init-key ::rpc/climit
-  [_ {:keys [path] :as params}]
+  [_ {:keys [::path ::mtx/metrics ::wrk/executor] :as cfg}]
   (when (contains? cf/flags :rpc-climit)
-    (if-let [config (some->> path slurp edn/read-string)]
-      (do
-        (l/info :hint "initializing concurrency limit" :config (str path))
-        (us/verify! ::config config)
+    (when-let [params (some->> path slurp edn/read-string)]
+      (l/info :hint "initializing concurrency limit" :config (str path))
+      (us/verify! ::config params)
+      {::cache (create-bulkhead-cache cfg params)
+       ::config params
+       ::wrk/executor executor
+       ::mtx/metrics metrics})))
 
-        (let [cache (create-cache params config)]
-          ^{::cache cache}
-          (reify
-            IConcurrencyManager
-            clojure.lang.IDeref
-            (deref [_] config)
+(s/def ::cache cache/cache?)
+(s/def ::instance
+  (s/keys :req [::cache ::config ::wrk/executor]))
 
-            clojure.lang.ILookup
-            (valAt [_ key]
-              (let [key (if (vector? key) key [key])]
-                (.get ^Cache cache key))))))
-
-      (l/warn :hint "unable to load configuration" :config (str path)))))
-
-
-(s/def ::climit #(satisfies? IConcurrencyManager %))
+(s/def ::rpc/climit
+  (s/nilable ::instance))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; PUBLIC API
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
+(defn invoke!
+  [cache metrics id key f]
+  (let [limiter (cache/get cache [id key])
+        tpoint  (dt/tpoint)
+        labels  (into-array String [(name id)])
+
+        wrapped
+        (fn []
+          (let [elapsed (tpoint)
+                stats   (pbh/get-stats limiter)]
+            (l/trace :hint "executed"
+                     :id (name id)
+                     :key key
+                     :fnh (hash f)
+                     :permits (:permits stats)
+                     :queue (:queue stats)
+                     :max-permits (:max-permits stats)
+                     :max-queue (:max-queue stats)
+                     :elapsed (dt/format-duration elapsed))
+            (mtx/run! metrics
+                      :id :rpc-climit-timing
+                      :val (inst-ms elapsed)
+                      :labels labels)
+            (try
+              (f)
+              (finally
+                (let [elapsed (tpoint)]
+                  (l/trace :hint "finished"
+                           :id (name id)
+                           :key key
+                           :fnh (hash f)
+                           :permits (:permits stats)
+                           :queue (:queue stats)
+                           :max-permits (:max-permits stats)
+                           :max-queue (:max-queue stats)
+                           :elapsed (dt/format-duration elapsed)))))))
+        measure!
+        (fn [stats]
+          (mtx/run! metrics
+                    :id :rpc-climit-queue
+                    :val (:queue stats)
+                    :labels labels)
+          (mtx/run! metrics
+                    :id :rpc-climit-permits
+                    :val (:permits stats)
+                    :labels labels))]
+
+    (try
+      (let [stats (pbh/get-stats limiter)]
+        (measure! stats)
+        (l/trace :hint "enqueued"
+                 :id (name id)
+                 :key key
+                 :fnh (hash f)
+                 :permits (:permits stats)
+                 :queue (:queue stats)
+                 :max-permits (:max-permits stats)
+                 :max-queue (:max-queue stats))
+        (pbh/invoke! limiter wrapped))
+      (catch ExceptionInfo cause
+        (let [{:keys [type code]} (ex-data cause)]
+          (if (= :bulkhead-error type)
+            (ex/raise :type :concurrency-limit
+                      :code code
+                      :hint "concurrency limit reached")
+            (throw cause))))
+
+      (finally
+        (measure! (pbh/get-stats limiter))))))
+
+
+(defn run!
+  [{:keys [::id ::cache ::mtx/metrics]} f]
+  (if (and cache id)
+    (invoke! cache metrics id nil f)
+    (f)))
+
+(defn submit!
+  [{:keys [::id ::cache ::wrk/executor ::mtx/metrics]} f]
+  (let [f (partial px/submit! executor (px/wrap-bindings f))]
+    (if (and cache id)
+      (p/await! (invoke! cache metrics id nil f))
+      (p/await! (f)))))
+
+(defn configure
+  ([{:keys [::rpc/climit]} id]
+   (us/assert! ::rpc/climit climit)
+   (assoc climit ::id id))
+  ([{:keys [::rpc/climit]} id executor]
+   (us/assert! ::rpc/climit climit)
+   (-> climit
+       (assoc ::id id)
+       (assoc ::wrk/executor executor))))
+
+(defmacro with-dispatch!
+  "Dispatch blocking operation to a separated thread protected with the
+  specified concurrency limiter. If climit is not active, the function
+  will be scheduled to execute without concurrency monitoring."
+  [instance & body]
+  (if (vector? instance)
+    `(-> (app.rpc.climit/configure ~@instance)
+         (app.rpc.climit/run! (^:once fn* [] ~@body)))
+    `(run! ~instance (^:once fn* [] ~@body))))
+
 (defmacro with-dispatch
-  [lim & body]
-  `(if ~lim
-     (invoke! ~lim (^:once fn [] (p/wrap (do ~@body))))
-     (p/wrap (do ~@body))))
+  "Dispatch blocking operation to a separated thread protected with
+  the specified semaphore.
+  DEPRECATED"
+  [& params]
+  `(with-dispatch! ~@params))
+
+(def noop-fn (constantly nil))
 
 (defn wrap
-  [{:keys [climit]} f {:keys [::queue ::key-fn] :as mdata}]
-  (if (and (some? climit)
-           (some? queue))
-    (if-let [config (get @climit queue)]
-      (do
+  [{:keys [::rpc/climit ::mtx/metrics]} f {:keys [::id ::key-fn] :or {key-fn noop-fn} :as mdata}]
+  (if (and (some? climit) (some? id))
+    (if-let [config (get-in climit [::config id])]
+      (let [cache (::cache climit)]
         (l/debug :hint "wrap: instrumenting method"
-                 :limit-name (name queue)
+                 :limit (name id)
                  :service-name (::sv/name mdata)
-                 :queue-size (or (:queue-size config) Integer/MAX_VALUE)
-                 :concurrency (:concurrency config)
+                 :timeout (:timeout config)
+                 :permits (:permits config)
+                 :queue (:queue config)
                  :keyed? (some? key-fn))
-        (if (some? key-fn)
-          (fn [cfg params]
-            (let [key [queue (key-fn params)]
-                  lim (get climit key)]
-              (invoke! lim (partial f cfg params))))
+        (fn [cfg params]
+          (invoke! cache metrics id (key-fn params) (partial f cfg params))))
 
-          (let [lim (get climit queue)]
-            (fn [cfg params]
-              (invoke! lim (partial f cfg params))))))
       (do
-        (l/warn :hint "wrap: no config found"
-                :queue (name queue)
-                :service (::sv/name mdata))
+        (l/warn :hint "no config found for specified queue" :id id)
         f))
+
     f))

backend/src/app/rpc/commands/access_token.clj

@@ -0,0 +1,94 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.rpc.commands.access-token
+  (:require
+   [app.common.spec :as us]
+   [app.common.uuid :as uuid]
+   [app.db :as db]
+   [app.main :as-alias main]
+   [app.rpc :as-alias rpc]
+   [app.rpc.doc :as-alias doc]
+   [app.rpc.quotes :as quotes]
+   [app.tokens :as tokens]
+   [app.util.services :as sv]
+   [app.util.time :as dt]
+   [clojure.spec.alpha :as s]))
+
+(defn- decode-row
+  [row]
+  (dissoc row :perms))
+
+(defn create-access-token
+  [{:keys [::db/conn ::main/props]} profile-id name expiration]
+  (let [created-at (dt/now)
+        token-id   (uuid/next)
+        token      (tokens/generate props {:iss "access-token"
+                                           :tid token-id
+                                           :iat created-at})
+
+        expires-at (some-> expiration dt/in-future)]
+
+    (db/insert! conn :access-token
+                {:id token-id
+                 :name name
+                 :token token
+                 :profile-id profile-id
+                 :created-at created-at
+                 :updated-at created-at
+                 :expires-at expires-at
+                 :perms (db/create-array conn "text" [])})))
+
+
+(defn repl-create-access-token
+  [{:keys [::db/pool] :as system} profile-id name expiration]
+  (db/with-atomic [conn pool]
+    (let [props (:app.setup/props system)]
+      (create-access-token {::db/conn conn ::main/props props}
+                           profile-id
+                           name
+                           expiration))))
+
+(s/def ::name ::us/not-empty-string)
+(s/def ::expiration ::dt/duration)
+
+(s/def ::create-access-token
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::name]
+          :opt-un [::expiration]))
+
+(sv/defmethod ::create-access-token
+  {::doc/added "1.18"}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id name expiration]}]
+  (db/with-atomic [conn pool]
+    (let [cfg (assoc cfg ::db/conn conn)]
+      (quotes/check-quote! conn
+                           {::quotes/id ::quotes/access-tokens-per-profile
+                            ::quotes/profile-id profile-id})
+      (-> (create-access-token cfg profile-id name expiration)
+          (decode-row)))))
+
+(s/def ::delete-access-token
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::us/id]))
+
+(sv/defmethod ::delete-access-token
+  {::doc/added "1.18"}
+  [{:keys [::db/pool]} {:keys [::rpc/profile-id id]}]
+  (db/delete! pool :access-token {:id id :profile-id profile-id})
+  nil)
+
+(s/def ::get-access-tokens
+  (s/keys :req [::rpc/profile-id]))
+
+(sv/defmethod ::get-access-tokens
+  {::doc/added "1.18"}
+  [{:keys [::db/pool]} {:keys [::rpc/profile-id]}]
+  (->> (db/query pool :access-token
+                 {:profile-id profile-id}
+                 {:order-by [[:expires-at :asc] [:created-at :asc]]
+                  :columns [:id :name :perms :created-at :updated-at :expires-at]})
+       (mapv decode-row)))

backend/src/app/rpc/commands/audit.clj

@@ -15,15 +15,13 @@
    [app.db :as db]
    [app.http :as-alias http]
    [app.loggers.audit :as audit]
+   [app.rpc :as-alias rpc]
    [app.rpc.climit :as-alias climit]
    [app.rpc.doc :as-alias doc]
    [app.rpc.helpers :as rph]
    [app.util.services :as sv]
    [app.util.time :as dt]
-   [app.worker :as wrk]
-   [clojure.spec.alpha :as s]
-   [promesa.core :as p]
-   [promesa.exec :as px]))
+   [clojure.spec.alpha :as s]))
 
 (defn- event->row [event]
   [(uuid/next)
@@ -41,8 +39,9 @@
    :profile-id :ip-addr :props :context])
 
 (defn- handle-events
-  [{:keys [::db/pool]} {:keys [profile-id events ::http/request] :as params}]
-  (let [ip-addr (audit/parse-client-ip request)
+  [{:keys [::db/pool]} {:keys [::rpc/profile-id events] :as params}]
+  (let [request (-> params meta ::http/request)
+        ip-addr (audit/parse-client-ip request)
         xform   (comp
                  (map #(assoc % :profile-id profile-id))
                  (map #(assoc % :ip-addr ip-addr))
@@ -53,7 +52,6 @@
     (when (seq events)
       (db/insert-multi! pool :audit-log event-columns events))))
 
-(s/def ::profile-id ::us/uuid)
 (s/def ::name ::us/string)
 (s/def ::type ::us/string)
 (s/def ::props (s/map-of ::us/keyword any?))
@@ -67,20 +65,26 @@
 (s/def ::events (s/every ::event))
 
 (s/def ::push-audit-events
-  (s/keys :req-un [::events ::profile-id]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::events]))
 
 (sv/defmethod ::push-audit-events
-  {::climit/queue :push-audit-events
-   ::climit/key-fn :profile-id
+  {::climit/id :submit-audit-events-by-profile
+   ::climit/key-fn ::rpc/profile-id
    ::audit/skip true
    ::doc/added "1.17"}
-  [{:keys [::db/pool ::wrk/executor] :as cfg} params]
+  [{:keys [::db/pool] :as cfg} params]
   (if (or (db/read-only? pool)
           (not (contains? cf/flags :audit-log)))
     (do
       (l/warn :hint "audit: http handler disabled or db is read-only")
       (rph/wrap nil))
 
-    (->> (px/submit! executor #(handle-events cfg params))
-         (p/fmap (constantly nil)))))
+    (do
+      (try
+        (handle-events cfg params)
+        (catch Throwable cause
+          (l/error :hint "unexpected error on persisting audit events from frontend"
+                   :cause cause)))
 
+      (rph/wrap nil))))

backend/src/app/rpc/commands/auth.clj

@@ -8,22 +8,23 @@
   (:require
    [app.common.data :as d]
    [app.common.exceptions :as ex]
+   [app.common.logging :as l]
    [app.common.spec :as us]
    [app.common.uuid :as uuid]
    [app.config :as cf]
    [app.db :as db]
-   [app.emails :as eml]
+   [app.email :as eml]
    [app.http.session :as session]
    [app.loggers.audit :as audit]
-   [app.rpc.climit :as climit]
+   [app.main :as-alias main]
+   [app.rpc :as-alias rpc]
+   [app.rpc.commands.profile :as profile]
+   [app.rpc.commands.teams :as teams]
    [app.rpc.doc :as-alias doc]
    [app.rpc.helpers :as rph]
-   [app.rpc.mutations.teams :as teams]
-   [app.rpc.queries.profile :as profile]
    [app.tokens :as tokens]
    [app.util.services :as sv]
    [app.util.time :as dt]
-   [buddy.hashers :as hashers]
    [clojure.spec.alpha :as s]
    [cuerdas.core :as str]))
 
@@ -31,7 +32,6 @@
 (s/def ::fullname ::us/not-empty-string)
 (s/def ::lang ::us/string)
 (s/def ::path ::us/string)
-(s/def ::profile-id ::us/uuid)
 (s/def ::password ::us/not-empty-string)
 (s/def ::old-password ::us/not-empty-string)
 (s/def ::theme ::us/string)
@@ -40,22 +40,6 @@
 
 ;; ---- HELPERS
 
-(defn derive-password
-  [password]
-  (hashers/derive password
-                  {:alg :argon2id
-                   :memory 16384
-                   :iterations 20
-                   :parallelism 2}))
-
-(defn verify-password
-  [attempt password]
-  (try
-    (hashers/verify attempt password)
-    (catch Exception _e
-      {:update false
-       :valid false})))
-
 (defn email-domain-in-whitelist?
   "Returns true if email's domain is in the given whitelist or if
   given whitelist is an empty string."
@@ -67,38 +51,29 @@
                             (str/split #"@" 2))]
       (contains? domains candidate))))
 
-(def ^:private sql:profile-existence
-  "select exists (select * from profile
-                   where email = ?
-                     and deleted_at is null) as val")
-
-(defn check-profile-existence!
-  [conn {:keys [email] :as params}]
-  (let [email  (str/lower email)
-        result (db/exec-one! conn [sql:profile-existence email])]
-    (when (:val result)
-      (ex/raise :type :validation
-                :code :email-already-exists))
-    params))
-
 ;; ---- COMMAND: login with password
 
 (defn login-with-password
-  [{:keys [pool session sprops] :as cfg} {:keys [email password] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [email password] :as params}]
 
-  (when-not (contains? cf/flags :login)
+  (when-not (or (contains? cf/flags :login)
+                (contains? cf/flags :login-with-password))
     (ex/raise :type :restriction
               :code :login-disabled
               :hint "login is disabled in this instance"))
 
-  (letfn [(check-password [profile password]
-            (when (= (:password profile) "!")
+  (letfn [(check-password [conn profile password]
+            (if (= (:password profile) "!")
               (ex/raise :type :validation
                         :code :account-without-password
-                        :hint "the current account does not have password"))
-            (:valid (verify-password password (:password profile))))
+                        :hint "the current account does not have password")
+              (let [result (profile/verify-password cfg password (:password profile))]
+                (when (:update result)
+                  (l/trace :hint "updating profile password" :id (:id profile) :email (:email profile))
+                  (profile/update-profile-password! conn (assoc profile :password password)))
+                (:valid result))))
 
-          (validate-profile [profile]
+          (validate-profile [conn profile]
             (when-not profile
               (ex/raise :type :validation
                         :code :wrong-credentials))
@@ -108,7 +83,7 @@
             (when (:is-blocked profile)
               (ex/raise :type :restriction
                         :code :profile-blocked))
-            (when-not (check-password profile password)
+            (when-not (check-password conn profile password)
               (ex/raise :type :validation
                         :code :wrong-credentials))
             (when-let [deleted-at (:deleted-at profile)]
@@ -119,24 +94,22 @@
             profile)]
 
     (db/with-atomic [conn pool]
-      (let [profile    (->> (profile/retrieve-profile-data-by-email conn email)
-                            (validate-profile)
-                            (profile/strip-private-attrs)
-                            (profile/populate-additional-data conn)
-                            (profile/decode-profile-row))
+      (let [profile    (->> (profile/get-profile-by-email conn email)
+                            (validate-profile conn)
+                            (profile/strip-private-attrs))
 
             invitation (when-let [token (:invitation-token params)]
-                         (tokens/verify sprops {:token token :iss :team-invitation}))
+                         (tokens/verify (::main/props cfg) {:token token :iss :team-invitation}))
 
             ;; If invitation member-id does not matches the profile-id, we just proceed to ignore the
             ;; invitation because invitations matches exactly; and user can't login with other email and
             ;; accept invitation with other email
             response   (if (and (some? invitation) (= (:id profile) (:member-id invitation)))
                          {:invitation-token (:invitation-token params)}
-                         profile)]
-
+                         (assoc profile :is-admin (let [admins (cf/get :admins)]
+                                                    (contains? admins (:email profile)))))]
         (-> response
-            (rph/with-transform (session/create-fn session (:id profile)))
+            (rph/with-transform (session/create-fn cfg (:id profile)))
             (rph/with-meta {::audit/props (audit/profile->props profile)
                             ::audit/profile-id (:id profile)}))))))
 
@@ -146,8 +119,7 @@
 
 (sv/defmethod ::login-with-password
   "Performs authentication using penpot password."
-  {:auth false
-   ::climit/queue :auth
+  {::rpc/auth false
    ::doc/added "1.15"}
   [cfg params]
   (login-with-password cfg params))
@@ -155,25 +127,25 @@
 ;; ---- COMMAND: Logout
 
 (s/def ::logout
-  (s/keys :opt-un [::profile-id]))
+  (s/keys :opt [::rpc/profile-id]))
 
 (sv/defmethod ::logout
   "Clears the authentication cookie and logout the current session."
-  {:auth false
+  {::rpc/auth false
    ::doc/added "1.15"}
-  [{:keys [session] :as cfg} _]
-  (rph/with-transform {} (session/delete-fn session)))
+  [cfg _]
+  (rph/with-transform {} (session/delete-fn cfg)))
 
 ;; ---- COMMAND: Recover Profile
 
 (defn recover-profile
-  [{:keys [pool sprops] :as cfg} {:keys [token password]}]
+  [{:keys [::db/pool] :as cfg} {:keys [token password]}]
   (letfn [(validate-token [token]
-            (let [tdata (tokens/verify sprops {:token token :iss :password-recovery})]
+            (let [tdata (tokens/verify (::main/props cfg) {:token token :iss :password-recovery})]
               (:profile-id tdata)))
 
           (update-password [conn profile-id]
-            (let [pwd (derive-password password)]
+            (let [pwd (profile/derive-password cfg password)]
               (db/update! conn :profile {:password pwd} {:id profile-id})))]
 
     (db/with-atomic [conn pool]
@@ -186,8 +158,7 @@
   (s/keys :req-un [::token ::password]))
 
 (sv/defmethod ::recover-profile
-  {:auth false
-   ::climit/queue :auth
+  {::rpc/auth false
    ::doc/added "1.15"}
   [cfg params]
   (recover-profile cfg params))
@@ -195,17 +166,19 @@
 ;; ---- COMMAND: Prepare Register
 
 (defn validate-register-attempt!
-  [{:keys [pool sprops]} params]
+  [{:keys [::db/pool] :as cfg} params]
 
   (when-not (contains? cf/flags :registration)
-    (if-not (contains? params :invitation-token)
+    (when-not (contains? params :invitation-token)
       (ex/raise :type :restriction
-                :code :registration-disabled)
-      (let [invitation (tokens/verify sprops {:token (:invitation-token params) :iss :team-invitation})]
-        (when-not (= (:email params) (:member-email invitation))
-          (ex/raise :type :restriction
-                    :code :email-does-not-match-invitation
-                    :hint "email should match the invitation")))))
+                :code :registration-disabled)))
+
+  (when (contains? params :invitation-token)
+    (let [invitation (tokens/verify (::main/props cfg) {:token (:invitation-token params) :iss :team-invitation})]
+      (when-not (= (:email params) (:member-email invitation))
+        (ex/raise :type :restriction
+                  :code :email-does-not-match-invitation
+                  :hint "email should match the invitation"))))
 
   (when-let [domains (cf/get :registration-domain-whitelist)]
     (when-not (email-domain-in-whitelist? domains (:email params))
@@ -235,11 +208,11 @@
     (pos? (compare elapsed register-retry-threshold))))
 
 (defn prepare-register
-  [{:keys [pool sprops] :as cfg} params]
+  [{:keys [::db/pool] :as cfg} params]
 
   (validate-register-attempt! cfg params)
 
-  (let [profile (when-let [profile (profile/retrieve-profile-data-by-email pool (:email params))]
+  (let [profile (when-let [profile (profile/get-profile-by-email pool (:email params))]
                   (cond
                     (:is-blocked profile)
                     (ex/raise :type :restriction
@@ -264,7 +237,7 @@
 
         params (d/without-nils params)
 
-        token  (tokens/generate sprops params)]
+        token  (tokens/generate (::main/props cfg) params)]
     (with-meta {:token token}
       {::audit/profile-id uuid/zero})))
 
@@ -273,17 +246,18 @@
           :opt-un [::invitation-token]))
 
 (sv/defmethod ::prepare-register-profile
-  {:auth false
+  {::rpc/auth false
    ::doc/added "1.15"}
   [cfg params]
   (prepare-register cfg params))
 
 ;; ---- COMMAND: Register Profile
 
-(defn create-profile
+(defn create-profile!
   "Create the profile entry on the database with limited set of input
   attrs (all the other attrs are filled with default values)."
-  [conn params]
+  [conn {:keys [email] :as params}]
+  (us/assert! ::us/email email)
   (let [id        (or (:id params) (uuid/next))
         props     (-> (audit/extract-utm-params params)
                       (merge (:props params))
@@ -292,9 +266,7 @@
                               :nudge {:big 10 :small 1}})
                       (db/tjson))
 
-        password  (if-let [password (:password params)]
-                    (derive-password password)
-                    "!")
+        password  (or (:password params) "!")
 
         locale    (:locale params)
         locale    (when (and (string? locale) (not (str/blank? locale)))
@@ -304,7 +276,7 @@
         is-demo   (:is-demo params false)
         is-muted  (:is-muted params false)
         is-active (:is-active params false)
-        email     (str/lower (:email params))
+        email     (str/lower email)
 
         params    {:id id
                    :fullname (:fullname params)
@@ -319,35 +291,38 @@
                    :is-demo is-demo}]
     (try
       (-> (db/insert! conn :profile params)
-          (profile/decode-profile-row))
+          (profile/decode-row))
       (catch org.postgresql.util.PSQLException e
         (let [state (.getSQLState e)]
           (if (not= state "23505")
             (throw e)
             (ex/raise :type :validation
                       :code :email-already-exists
+                      :hint "email already exists"
                       :cause e)))))))
 
-(defn create-profile-relations
-  [conn profile]
-  (let [team (teams/create-team conn {:profile-id (:id profile)
+(defn create-profile-rels!
+  [conn {:keys [id] :as profile}]
+  (let [team (teams/create-team conn {:profile-id id
                                       :name "Default"
                                       :is-default true})]
-    (-> profile
-        (profile/strip-private-attrs)
-        (assoc :default-team-id (:id team))
-        (assoc :default-project-id (:default-project-id team)))))
+    (-> (db/update! conn :profile
+                    {:default-team-id (:id team)
+                     :default-project-id  (:default-project-id team)}
+                    {:id id})
+        (profile/decode-row))))
+
 
 (defn send-email-verification!
-  [conn sprops profile]
-  (let [vtoken (tokens/generate sprops
+  [conn props profile]
+  (let [vtoken (tokens/generate props
                                 {:iss :verify-email
                                  :exp (dt/in-future "72h")
                                  :profile-id (:id profile)
                                  :email (:email profile)})
         ;; NOTE: this token is mainly used for possible complains
         ;; identification on the sns webhook
-        ptoken (tokens/generate sprops
+        ptoken (tokens/generate props
                                 {:iss :profile-identity
                                  :profile-id (:id profile)
                                  :exp (dt/in-future {:days 30})})]
@@ -360,35 +335,33 @@
                 :extra-data ptoken})))
 
 (defn register-profile
-  [{:keys [conn sprops session] :as cfg} {:keys [token] :as params}]
-  (let [claims     (tokens/verify sprops {:token token :iss :prepared-register})
+  [{:keys [::db/conn] :as cfg} {:keys [token] :as params}]
+  (let [claims     (tokens/verify (::main/props cfg) {:token token :iss :prepared-register})
         params     (merge params claims)
 
         is-active  (or (:is-active params)
-                       (not (contains? cf/flags :email-verification))
-
-                       ;; DEPRECATED: v1.15
-                       (contains? cf/flags :insecure-register))
+                       (not (contains? cf/flags :email-verification)))
 
         profile    (if-let [profile-id (:profile-id claims)]
-                     (profile/retrieve-profile conn profile-id)
-                     (->> (assoc params :is-active is-active)
-                          (create-profile conn)
-                          (create-profile-relations conn)
-                          (profile/decode-profile-row)))
+                     (profile/get-profile conn profile-id)
+                     (let [params (-> params
+                                      (assoc :is-active is-active)
+                                      (update :password #(profile/derive-password cfg %)))]
+                       (->> (create-profile! conn params)
+                            (create-profile-rels! conn))))
+
         invitation (when-let [token (:invitation-token params)]
-                     (tokens/verify sprops {:token token :iss :team-invitation}))]
+                     (tokens/verify (::main/props cfg) {:token token :iss :team-invitation}))]
 
     ;; If profile is filled in claims, means it tries to register
     ;; again, so we proceed to update the modified-at attr
     ;; accordingly.
     (when-let [id (:profile-id claims)]
       (db/update! conn :profile {:modified-at (dt/now)} {:id id})
-      (when-let [collector (::audit/collector cfg)]
-        (audit/submit! collector
-                       {:type "fact"
-                        :name "register-profile-retry"
-                        :profile-id id})))
+      (audit/submit! cfg
+                     {::audit/type "fact"
+                      ::audit/name "register-profile-retry"
+                      ::audit/profile-id id}))
 
     (cond
       ;; If invitation token comes in params, this is because the
@@ -399,10 +372,10 @@
       ;; email.
       (and (some? invitation) (= (:email profile) (:member-email invitation)))
       (let [claims (assoc invitation :member-id  (:id profile))
-            token  (tokens/generate sprops claims)
+            token  (tokens/generate (::main/props cfg) claims)
             resp   {:invitation-token token}]
         (-> resp
-            (rph/with-transform (session/create-fn session (:id profile)))
+            (rph/with-transform (session/create-fn cfg (:id profile)))
             (rph/with-meta {::audit/replace-props (audit/profile->props profile)
                             ::audit/profile-id (:id profile)})))
 
@@ -411,7 +384,7 @@
       ;; we need to mark this session as logged.
       (not= "penpot" (:auth-backend profile))
       (-> (profile/strip-private-attrs profile)
-          (rph/with-transform (session/create-fn session (:id profile)))
+          (rph/with-transform (session/create-fn cfg (:id profile)))
           (rph/with-meta {::audit/replace-props (audit/profile->props profile)
                           ::audit/profile-id (:id profile)}))
 
@@ -419,14 +392,14 @@
       ;; to sign in the user directly, without email verification.
       (true? is-active)
       (-> (profile/strip-private-attrs profile)
-          (rph/with-transform (session/create-fn session (:id profile)))
+          (rph/with-transform (session/create-fn cfg (:id profile)))
           (rph/with-meta {::audit/replace-props (audit/profile->props profile)
                           ::audit/profile-id (:id profile)}))
 
       ;; In all other cases, send a verification email.
       :else
       (do
-        (send-email-verification! conn sprops profile)
+        (send-email-verification! conn (::main/props cfg) profile)
         (rph/with-meta profile
           {::audit/replace-props (audit/profile->props profile)
            ::audit/profile-id (:id profile)})))))
@@ -435,33 +408,32 @@
   (s/keys :req-un [::token ::fullname]))
 
 (sv/defmethod ::register-profile
-  {:auth false
-   ::climit/queue :auth
+  {::rpc/auth false
    ::doc/added "1.15"}
-  [{:keys [pool] :as cfg} params]
+  [{:keys [::db/pool] :as cfg} params]
   (db/with-atomic [conn pool]
-    (-> (assoc cfg :conn conn)
+    (-> (assoc cfg ::db/conn conn)
         (register-profile params))))
 
 ;; ---- COMMAND: Request Profile Recovery
 
 (defn request-profile-recovery
-  [{:keys [pool sprops] :as cfg} {:keys [email] :as params}]
+  [{:keys [::db/pool] :as cfg} {:keys [email] :as params}]
   (letfn [(create-recovery-token [{:keys [id] :as profile}]
-            (let [token (tokens/generate sprops
+            (let [token (tokens/generate (::main/props cfg)
                                          {:iss :password-recovery
                                           :exp (dt/in-future "15m")
                                           :profile-id id})]
               (assoc profile :token token)))
 
           (send-email-notification [conn profile]
-            (let [ptoken (tokens/generate sprops
+            (let [ptoken (tokens/generate (::main/props cfg)
                                           {:iss :profile-identity
                                            :profile-id (:id profile)
                                            :exp (dt/in-future {:days 30})})]
               (eml/send! {::eml/conn conn
                           ::eml/factory eml/password-recovery
-                          :public-uri (:public-uri cfg)
+                          :public-uri (cf/get :public-uri)
                           :to (:email profile)
                           :token (:token profile)
                           :name (:fullname profile)
@@ -469,7 +441,7 @@
               nil))]
 
     (db/with-atomic [conn pool]
-      (when-let [profile (profile/retrieve-profile-data-by-email conn email)]
+      (when-let [profile (profile/get-profile-by-email conn email)]
         (when-not (eml/allow-send-emails? conn profile)
           (ex/raise :type :validation
                     :code :profile-is-muted
@@ -493,7 +465,7 @@
   (s/keys :req-un [::email]))
 
 (sv/defmethod ::request-profile-recovery
-  {:auth false
+  {::rpc/auth false
    ::doc/added "1.15"}
   [cfg params]
   (request-profile-recovery cfg params))

backend/src/app/rpc/commands/binfile.clj

@@ -8,22 +8,29 @@
   (:refer-clojure :exclude [assert])
   (:require
    [app.common.data :as d]
+   [app.common.data.macros :as dm]
    [app.common.exceptions :as ex]
+   [app.common.files.features :as ffeat]
+   [app.common.fressian :as fres]
    [app.common.logging :as l]
    [app.common.pages.migrations :as pmg]
    [app.common.spec :as us]
    [app.common.uuid :as uuid]
    [app.config :as cf]
    [app.db :as db]
+   [app.loggers.audit :as-alias audit]
+   [app.loggers.webhooks :as-alias webhooks]
    [app.media :as media]
+   [app.rpc :as-alias rpc]
    [app.rpc.commands.files :as files]
+   [app.rpc.commands.projects :as projects]
    [app.rpc.doc :as-alias doc]
-   [app.rpc.queries.projects :as projects]
+   [app.rpc.helpers :as rph]
    [app.storage :as sto]
    [app.storage.tmp :as tmp]
    [app.tasks.file-gc]
    [app.util.blob :as blob]
-   [app.util.fressian :as fres]
+   [app.util.objects-map :as omap]
    [app.util.pointer-map :as pmap]
    [app.util.services :as sv]
    [app.util.time :as dt]
@@ -39,8 +46,7 @@
    java.io.DataInputStream
    java.io.DataOutputStream
    java.io.InputStream
-   java.io.OutputStream
-   java.lang.AutoCloseable))
+   java.io.OutputStream))
 
 (set! *warn-on-reflection* true)
 
@@ -103,20 +109,20 @@
 
 (defn write-byte!
   [^DataOutputStream output data]
-  (l/trace :fn "write-byte!" :data data :position @*position* ::l/async false)
+  (l/trace :fn "write-byte!" :data data :position @*position* ::l/sync? true)
   (.writeByte output (byte data))
   (swap! *position* inc))
 
 (defn read-byte!
   [^DataInputStream input]
   (let [v (.readByte input)]
-    (l/trace :fn "read-byte!" :val v :position @*position* ::l/async false)
+    (l/trace :fn "read-byte!" :val v :position @*position* ::l/sync? true)
     (swap! *position* inc)
     v))
 
 (defn write-long!
   [^DataOutputStream output data]
-  (l/trace :fn "write-long!" :data data :position @*position* ::l/async false)
+  (l/trace :fn "write-long!" :data data :position @*position* ::l/sync? true)
   (.writeLong output (long data))
   (swap! *position* + 8))
 
@@ -124,14 +130,14 @@
 (defn read-long!
   [^DataInputStream input]
   (let [v (.readLong input)]
-    (l/trace :fn "read-long!" :val v :position @*position* ::l/async false)
+    (l/trace :fn "read-long!" :val v :position @*position* ::l/sync? true)
     (swap! *position* + 8)
     v))
 
 (defn write-bytes!
   [^DataOutputStream output ^bytes data]
   (let [size (alength data)]
-    (l/trace :fn "write-bytes!" :size size :position @*position* ::l/async false)
+    (l/trace :fn "write-bytes!" :size size :position @*position* ::l/sync? true)
     (.write output data 0 size)
     (swap! *position* + size)))
 
@@ -139,7 +145,7 @@
   [^InputStream input ^bytes buff]
   (let [size   (alength buff)
         readed (.readNBytes input buff 0 size)]
-    (l/trace :fn "read-bytes!" :expected (alength buff) :readed readed :position @*position* ::l/async false)
+    (l/trace :fn "read-bytes!" :expected (alength buff) :readed readed :position @*position* ::l/sync? true)
     (swap! *position* + readed)
     readed))
 
@@ -147,7 +153,7 @@
 
 (defn write-uuid!
   [^DataOutputStream output id]
-  (l/trace :fn "write-uuid!" :position @*position* :WRITTEN? (.size output) ::l/async false)
+  (l/trace :fn "write-uuid!" :position @*position* :WRITTEN? (.size output) ::l/sync? true)
 
   (doto output
     (write-byte! (get-mark :uuid))
@@ -156,7 +162,7 @@
 
 (defn read-uuid!
   [^DataInputStream input]
-  (l/trace :fn "read-uuid!" :position @*position* ::l/async false)
+  (l/trace :fn "read-uuid!" :position @*position* ::l/sync? true)
   (let [m (read-byte! input)]
     (assert-mark m :uuid)
     (let [a (read-long! input)
@@ -165,7 +171,7 @@
 
 (defn write-obj!
   [^DataOutputStream output data]
-  (l/trace :fn "write-obj!" :position @*position* ::l/async false)
+  (l/trace :fn "write-obj!" :position @*position* ::l/sync? true)
   (let [^bytes data (fres/encode data)]
     (doto output
       (write-byte! (get-mark :obj))
@@ -174,7 +180,7 @@
 
 (defn read-obj!
   [^DataInputStream input]
-  (l/trace :fn "read-obj!" :position @*position* ::l/async false)
+  (l/trace :fn "read-obj!" :position @*position* ::l/sync? true)
   (let [m (read-byte! input)]
     (assert-mark m :obj)
     (let [size (read-long! input)]
@@ -185,14 +191,14 @@
 
 (defn write-label!
   [^DataOutputStream output label]
-  (l/trace :fn "write-label!" :label label :position @*position* ::l/async false)
+  (l/trace :fn "write-label!" :label label :position @*position* ::l/sync? true)
   (doto output
     (write-byte! (get-mark :label))
     (write-obj! label)))
 
 (defn read-label!
   [^DataInputStream input]
-  (l/trace :fn "read-label!" :position @*position* ::l/async false)
+  (l/trace :fn "read-label!" :position @*position* ::l/sync? true)
   (let [m (read-byte! input)]
     (assert-mark m :label)
     (read-obj! input)))
@@ -202,7 +208,7 @@
   (l/trace :fn "write-header!"
            :version version
            :position @*position*
-           ::l/async false)
+           ::l/sync? true)
   (let [vers   (-> version name (subs 1) parse-long)
         output (io/data-output-stream output)]
     (doto output
@@ -212,7 +218,7 @@
 
 (defn read-header!
   [^InputStream input]
-  (l/trace :fn "read-header!" :position @*position* ::l/async false)
+  (l/trace :fn "read-header!" :position @*position* ::l/sync? true)
   (let [input (io/data-input-stream input)
         mark  (read-byte! input)
         mnum  (read-long! input)
@@ -229,13 +235,13 @@
 (defn copy-stream!
   [^OutputStream output ^InputStream input ^long size]
   (let [written (io/copy! input output :size size)]
-    (l/trace :fn "copy-stream!" :position @*position* :size size :written written ::l/async false)
+    (l/trace :fn "copy-stream!" :position @*position* :size size :written written ::l/sync? true)
     (swap! *position* + written)
     written))
 
 (defn write-stream!
   [^DataOutputStream output stream size]
-  (l/trace :fn "write-stream!" :position @*position* ::l/async false :size size)
+  (l/trace :fn "write-stream!" :position @*position* ::l/sync? true :size size)
   (doto output
     (write-byte! (get-mark :stream))
     (write-long! size))
@@ -244,7 +250,7 @@
 
 (defn read-stream!
   [^DataInputStream input]
-  (l/trace :fn "read-stream!" :position @*position* ::l/async false)
+  (l/trace :fn "read-stream!" :position @*position* ::l/sync? true)
   (let [m (read-byte! input)
         s (read-long! input)
         p (tmp/tempfile :prefix "penpot.binfile.")]
@@ -258,7 +264,7 @@
     (if (> s temp-file-threshold)
       (with-open [^OutputStream output (io/output-stream p)]
         (let [readed (io/copy! input output :offset 0 :size s)]
-          (l/trace :fn "read-stream*!" :expected s :readed readed :position @*position* ::l/async false)
+          (l/trace :fn "read-stream*!" :expected s :readed readed :position @*position* ::l/sync? true)
           (swap! *position* + readed)
           [s p]))
       [s (io/read-as-bytes input :size s)])))
@@ -290,18 +296,18 @@
 
 (defn- retrieve-file
   [pool file-id]
-  (with-open [conn (db/open pool)]
+  (dm/with-open [conn (db/open pool)]
     (binding [pmap/*load-fn* (partial files/load-pointer conn file-id)]
       (some-> (db/get* conn :file {:id file-id})
               (files/decode-row)
-              (update :data files/process-pointers deref)))))
+              (files/process-pointers deref)))))
 
 (def ^:private sql:file-media-objects
   "SELECT * FROM file_media_object WHERE id = ANY(?)")
 
 (defn- retrieve-file-media
   [pool {:keys [data id] :as file}]
-  (with-open [^AutoCloseable conn (db/open pool)]
+  (dm/with-open [conn (db/open pool)]
     (let [ids (app.tasks.file-gc/collect-used-media data)
           ids (db/create-array conn "uuid" ids)]
 
@@ -335,7 +341,7 @@
 
 (defn- retrieve-libraries
   [pool ids]
-  (with-open [^AutoCloseable conn (db/open pool)]
+  (dm/with-open [conn (db/open pool)]
     (let [ids (db/create-array conn "uuid" ids)]
       (map :id (db/exec! pool [sql:file-libraries ids])))))
 
@@ -345,10 +351,9 @@
 
 (defn- retrieve-library-relations
   [pool ids]
-  (with-open [^AutoCloseable conn (db/open pool)]
+  (dm/with-open [conn (db/open pool)]
     (db/exec! conn [sql:file-library-rels (db/create-array conn "uuid" ids)])))
 
-
 (defn- create-or-update-file
   [conn params]
   (let [sql (str "INSERT INTO file (id, project_id, name, revn, is_shared, data, created_at, modified_at) "
@@ -432,9 +437,8 @@
 (s/def ::embed-assets? (s/nilable ::us/boolean))
 
 (s/def ::write-export-options
-  (s/keys :req-un [::db/pool ::sto/storage]
-          :req    [::output ::file-ids]
-          :opt    [::include-libraries? ::embed-assets?]))
+  (s/keys :req [::db/pool ::sto/storage ::output ::file-ids]
+          :opt [::include-libraries? ::embed-assets?]))
 
 (defn write-export!
   "Do the exportation of a specified file in custom penpot binary
@@ -447,6 +451,7 @@
   `::embed-assets?`: instead of including the libraries, embed in the
   same file library all assets used from external libraries."
   [{:keys [::include-libraries? ::embed-assets?] :as options}]
+
   (us/assert! ::write-export-options options)
   (us/verify!
    :expr (not (and include-libraries? embed-assets?))
@@ -460,7 +465,7 @@
     (with-open [output (io/data-output-stream output)]
       (binding [*state* (volatile! {})]
         (run! (fn [section]
-                (l/debug :hint "write section" :section section ::l/async false)
+                (l/debug :hint "write section" :section section ::l/sync? true)
                 (write-label! output section)
                 (let [options (-> options
                                   (assoc ::output output)
@@ -471,7 +476,7 @@
               [:v1/metadata :v1/files :v1/rels :v1/sobjects])))))
 
 (defmethod write-section :v1/metadata
-  [{:keys [pool ::output ::file-ids ::include-libraries?]}]
+  [{:keys [::db/pool ::output ::file-ids ::include-libraries?]}]
   (let [libs  (when include-libraries?
                 (retrieve-libraries pool file-ids))
         files (into file-ids libs)]
@@ -479,7 +484,7 @@
     (vswap! *state* assoc :files files)))
 
 (defmethod write-section :v1/files
-  [{:keys [pool ::output ::embed-assets?]}]
+  [{:keys [::db/pool ::output ::embed-assets?]}]
 
   ;; Initialize SIDS with empty vector
   (vswap! *state* assoc :sids [])
@@ -494,7 +499,7 @@
       (l/debug :hint "write penpot file"
                :id file-id
                :media (count media)
-               ::l/async false)
+               ::l/sync? true)
 
       (doto output
         (write-obj! file)
@@ -503,31 +508,31 @@
       (vswap! *state* update :sids into storage-object-id-xf media))))
 
 (defmethod write-section :v1/rels
-  [{:keys [pool  ::output ::include-libraries?]}]
+  [{:keys [::db/pool ::output ::include-libraries?]}]
   (let [rels  (when include-libraries?
                 (retrieve-library-relations pool (-> *state* deref :files)))]
-    (l/debug :hint "found rels" :total (count rels) ::l/async false)
+    (l/debug :hint "found rels" :total (count rels) ::l/sync? true)
     (write-obj! output rels)))
 
 (defmethod write-section :v1/sobjects
-  [{:keys [storage ::output]}]
+  [{:keys [::sto/storage ::output]}]
   (let [sids    (-> *state* deref :sids)
         storage (media/configure-assets-storage storage)]
     (l/debug :hint "found sobjects"
              :items (count sids)
-             ::l/async false)
+             ::l/sync? true)
 
     ;; Write all collected storage objects
     (write-obj! output sids)
 
     (doseq [id sids]
-      (let [{:keys [size] :as obj} @(sto/get-object storage id)]
-        (l/debug :hint "write sobject" :id id ::l/async false)
+      (let [{:keys [size] :as obj} (sto/get-object storage id)]
+        (l/debug :hint "write sobject" :id id ::l/sync? true)
         (doto output
           (write-uuid! id)
           (write-obj! (meta obj)))
 
-        (with-open [^InputStream stream @(sto/get-object-data storage obj)]
+        (with-open [^InputStream stream (sto/get-object-data storage obj)]
           (let [written (write-stream! output stream size)]
             (when (not= written size)
               (ex/raise :type :validation
@@ -551,9 +556,8 @@
 (s/def ::ignore-index-errors? (s/nilable ::us/boolean))
 
 (s/def ::read-import-options
-  (s/keys :req-un [::db/pool ::sto/storage]
-          :req    [::project-id ::input]
-          :opt    [::overwrite? ::migrate? ::ignore-index-errors?]))
+  (s/keys :req [::db/pool ::sto/storage ::project-id ::input]
+          :opt [::overwrite? ::migrate? ::ignore-index-errors?]))
 
 (defn read-import!
   "Do the importation of the specified resource in penpot custom binary
@@ -576,14 +580,14 @@
     (read-import (assoc options ::version version ::timestamp timestamp))))
 
 (defmethod read-import :v1
-  [{:keys [pool ::input] :as options}]
+  [{:keys [::db/pool ::input] :as options}]
   (with-open [input (zstd-input-stream input)]
     (with-open [input (io/data-input-stream input)]
       (db/with-atomic [conn pool]
         (db/exec-one! conn ["SET CONSTRAINTS ALL DEFERRED;"])
         (binding [*state* (volatile! {:media [] :index {}})]
           (run! (fn [section]
-                  (l/debug :hint "reading section" :section section ::l/async false)
+                  (l/debug :hint "reading section" :section section ::l/sync? true)
                   (assert-read-label! input section)
                   (let [options (-> options
                                     (assoc ::section section)
@@ -601,16 +605,27 @@
 (defmethod read-section :v1/metadata
   [{:keys [::input]}]
   (let [{:keys [version files]} (read-obj! input)]
-    (l/debug :hint "metadata readed" :version (:full version) :files files ::l/async false)
+    (l/debug :hint "metadata readed" :version (:full version) :files files ::l/sync? true)
     (vswap! *state* update :index update-index files)
     (vswap! *state* assoc :version version :files files)))
 
+(defn- postprocess-file
+  [data]
+  (let [omap-wrap ffeat/*wrap-with-objects-map-fn*
+        pmap-wrap ffeat/*wrap-with-pointer-map-fn*]
+    (-> data
+        (update :pages-index update-vals #(update % :objects omap-wrap))
+        (update :pages-index update-vals pmap-wrap)
+        (update :components update-vals #(d/update-when % :objects omap-wrap))
+        (update :components pmap-wrap))))
+
 (defmethod read-section :v1/files
   [{:keys [conn ::input ::migrate? ::project-id ::timestamp ::overwrite?]}]
   (doseq [expected-file-id (-> *state* deref :files)]
-    (let [file    (read-obj! input)
-          media'  (read-obj! input)
-          file-id (:id file)]
+    (let [file     (read-obj! input)
+          media'   (read-obj! input)
+          file-id  (:id file)
+          features (files/get-default-features)]
 
       (when (not= file-id expected-file-id)
         (ex/raise :type :validation
@@ -618,40 +633,49 @@
                   :hint "the penpot file seems corrupt, found unexpected uuid (file-id)"))
 
       ;; Update index using with media
-      (l/debug :hint "update index with media" ::l/async false)
+      (l/debug :hint "update index with media" ::l/sync? true)
       (vswap! *state* update :index update-index (map :id media'))
 
       ;; Store file media for later insertion
-      (l/debug :hint "update media references" ::l/async false)
+      (l/debug :hint "update media references" ::l/sync? true)
       (vswap! *state* update :media into (map #(update % :id lookup-index)) media')
 
-      (l/debug :hint "processing file" :file-id file-id ::l/async false)
+      (l/debug :hint "processing file" :file-id file-id ::features features ::l/sync? true)
 
-      (let [file-id' (lookup-index file-id)
-            data     (-> (:data file)
-                         (assoc :id file-id')
-                         (cond-> migrate? (pmg/migrate-data))
-                         (update :pages-index relink-shapes)
-                         (update :components relink-shapes)
-                         (update :media relink-media))
+      (binding [ffeat/*current* features
+                ffeat/*wrap-with-objects-map-fn* (if (features "storage/objects-map") omap/wrap identity)
+                ffeat/*wrap-with-pointer-map-fn* (if (features "storage/pointer-map") pmap/wrap identity)
+                pmap/*tracked* (atom {})]
 
-            params  {:id file-id'
-                     :project-id project-id
-                     :name (:name file)
-                     :revn (:revn file)
-                     :is-shared (:is-shared file)
-                     :data (blob/encode data)
-                     :created-at timestamp
-                     :modified-at timestamp}]
+        (let [file-id' (lookup-index file-id)
+              data     (-> (:data file)
+                           (assoc :id file-id')
+                           (cond-> migrate? (pmg/migrate-data))
+                           (update :pages-index relink-shapes)
+                           (update :components relink-shapes)
+                           (update :media relink-media)
+                           (postprocess-file))
 
-        (l/debug :hint "create file" :id file-id' ::l/async false)
+              params  {:id file-id'
+                       :project-id project-id
+                       :features (db/create-array conn "text" features)
+                       :name (:name file)
+                       :revn (:revn file)
+                       :is-shared (:is-shared file)
+                       :data (blob/encode data)
+                       :created-at timestamp
+                       :modified-at timestamp}]
 
-        (if overwrite?
-          (create-or-update-file conn params)
-          (db/insert! conn :file params))
+          (l/debug :hint "create file" :id file-id' ::l/sync? true)
 
-        (when overwrite?
-          (db/delete! conn :file-thumbnail {:file-id file-id'}))))))
+          (if overwrite?
+            (create-or-update-file conn params)
+            (db/insert! conn :file params))
+
+          (files/persist-pointers! conn file-id')
+
+          (when overwrite?
+            (db/delete! conn :file-thumbnail {:file-id file-id'})))))))
 
 (defmethod read-section :v1/rels
   [{:keys [conn ::input ::timestamp]}]
@@ -665,11 +689,11 @@
         (l/debug :hint "create file library link"
                  :file-id (:file-id rel)
                  :lib-id (:library-file-id rel)
-                 ::l/async false)
+                 ::l/sync? true)
         (db/insert! conn :file-library-rel rel)))))
 
 (defmethod read-section :v1/sobjects
-  [{:keys [storage conn ::input ::overwrite?]}]
+  [{:keys [::sto/storage conn ::input ::overwrite?]}]
   (let [storage (media/configure-assets-storage storage)
         ids     (read-obj! input)]
 
@@ -682,7 +706,7 @@
                     :code :inconsistent-penpot-file
                     :hint "the penpot file seems corrupt, found unexpected uuid (storage-object-id)"))
 
-        (l/debug :hint "readed storage object" :id id ::l/async false)
+        (l/debug :hint "readed storage object" :id id ::l/sync? true)
 
         (let [[size resource] (read-stream! input)
               hash            (sto/calculate-hash resource)
@@ -694,20 +718,20 @@
                                   (assoc ::sto/touched-at (dt/now))
                                   (assoc :bucket "file-media-object"))
 
-              sobject         @(sto/put-object! storage params)]
+              sobject         (sto/put-object! storage params)]
 
-          (l/debug :hint "persisted storage object" :id id :new-id (:id sobject) ::l/async false)
+          (l/debug :hint "persisted storage object" :id id :new-id (:id sobject) ::l/sync? true)
           (vswap! *state* update :index assoc id (:id sobject)))))
 
     (doseq [item (:media @*state*)]
       (l/debug :hint "inserting file media object"
                :id (:id item)
                :file-id (:file-id item)
-               ::l/async false)
+               ::l/sync? true)
 
       (let [file-id (lookup-index (:file-id item))]
         (if (= file-id (:file-id item))
-          (l/warn :hint "ignoring file media object" :file-id (:file-id item) ::l/async false)
+          (l/warn :hint "ignoring file media object" :file-id (:file-id item) ::l/sync? true)
           (db/insert! conn :file-media-object
                       (-> item
                           (assoc :file-id file-id)
@@ -718,7 +742,7 @@
 (defn- lookup-index
   [id]
   (let [val (get-in @*state* [:index id])]
-    (l/trace :fn "lookup-index" :id id :val val ::l/async false)
+    (l/trace :fn "lookup-index" :id id :val val ::l/sync? true)
     (when (and (not (::ignore-index-errors? *options*)) (not val))
       (ex/raise :type :validation
                 :code :incomplete-index
@@ -731,7 +755,7 @@
          index index]
     (if-let [id (first items)]
       (let [new-id (if (::overwrite? *options*) id (uuid/next))]
-        (l/trace :fn "update-index" :id id :new-id new-id ::l/async false)
+        (l/trace :fn "update-index" :id id :new-id new-id ::l/sync? true)
         (recur (rest items)
                (assoc index id new-id)))
       index)))
@@ -779,7 +803,7 @@
                        (try
                          (process-map-form form)
                          (catch Throwable cause
-                           (l/warn :hint "failed form" :form (pr-str form) ::l/async false)
+                           (l/warn :hint "failed form" :form (pr-str form) ::l/sync? true)
                            (throw cause)))
                        form))
                    data)))
@@ -810,7 +834,7 @@
         cs (volatile! nil)]
     (try
       (l/info :hint "start exportation" :export-id id)
-      (with-open [^AutoCloseable output (io/output-stream output)]
+      (dm/with-open [output (io/output-stream output)]
         (binding [*position* (atom 0)]
           (write-export! (assoc cfg ::output output))))
 
@@ -833,19 +857,19 @@
 (defn export-to-tmpfile!
   [cfg]
   (let [path (tmp/tempfile :prefix "penpot.export.")]
-    (with-open [^AutoCloseable output (io/output-stream path)]
+    (dm/with-open [output (io/output-stream path)]
       (export! cfg output)
       path)))
 
 (defn import!
   [{:keys [::input] :as cfg}]
   (let [id (uuid/next)
-        ts (dt/now)
+        tp (dt/tpoint)
         cs (volatile! nil)]
+    (l/info :hint "import: started" :import-id id)
     (try
-      (l/info :hint "start importation" :import-id id)
       (binding [*position* (atom 0)]
-        (with-open [^AutoCloseable input (io/input-stream input)]
+        (dm/with-open [input (io/input-stream input)]
           (read-import! (assoc cfg ::input input))))
 
       (catch Throwable cause
@@ -853,25 +877,28 @@
         (throw cause))
 
       (finally
-        (l/info :hint "importation finished" :import-id id
-                :elapsed (str (inst-ms (dt/diff ts (dt/now))) "ms")
+        (l/info :hint "import: terminated"
+                :import-id id
+                :elapsed (dt/format-duration (tp))
                 :error? (some? @cs)
-                :cause @cs)))))
+                :cause @cs
+                )))))
 
 ;; --- Command: export-binfile
 
 (s/def ::file-id ::us/uuid)
-(s/def ::profile-id ::us/uuid)
 (s/def ::include-libraries? ::us/boolean)
 (s/def ::embed-assets? ::us/boolean)
 
 (s/def ::export-binfile
-  (s/keys :req-un [::profile-id ::file-id ::include-libraries? ::embed-assets?]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::file-id ::include-libraries? ::embed-assets?]))
 
 (sv/defmethod ::export-binfile
   "Export a penpot file in a binary format."
-  {::doc/added "1.15"}
-  [{:keys [pool] :as cfg} {:keys [profile-id file-id include-libraries? embed-assets?] :as params}]
+  {::doc/added "1.15"
+   ::webhooks/event? true}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id include-libraries? embed-assets?] :as params}]
   (files/check-read-permissions! pool profile-id file-id)
   (let [body (reify yrs/StreamableResponseBody
                (-write-body-to-stream [_ _ output-stream]
@@ -882,19 +909,25 @@
                      (export! output-stream))))]
 
     (fn [_]
-      (yrs/response 200 body {"content-type" "application/octet-stream"}))))
+      {::yrs/status 200
+       ::yrs/body body
+       ::yrs/headers {"content-type" "application/octet-stream"}})))
 
 (s/def ::file ::media/upload)
 (s/def ::import-binfile
-  (s/keys :req-un [::profile-id ::project-id ::file]))
+  (s/keys :req [::rpc/profile-id]
+          :req-un [::project-id ::file]))
 
 (sv/defmethod ::import-binfile
   "Import a penpot file in a binary format."
-  {::doc/added "1.15"}
-  [{:keys [pool] :as cfg} {:keys [profile-id project-id file] :as params}]
+  {::doc/added "1.15"
+   ::webhooks/event? true}
+  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id project-id file] :as params}]
   (db/with-atomic [conn pool]
     (projects/check-read-permissions! conn profile-id project-id)
-    (import! (assoc cfg
-                    ::input (:path file)
-                    ::project-id project-id
-                    ::ignore-index-errors? true))))
+    (let [ids (import! (assoc cfg
+                              ::input (:path file)
+                              ::project-id project-id
+                              ::ignore-index-errors? true))]
+      (rph/with-meta ids
+        {::audit/props {:file nil :file-ids ids}}))))