wip

.circleci/config.yml

@@ -11,11 +11,11 @@ jobs:
       - image: cimg/redis:7.0.5
 
     working_directory: ~/repo
-    resource_class: medium+
+    resource_class: large
 
     environment:
-      JAVA_OPTS: -Xmx4g -Xms100m -XX:+UseSerialGC
-      NODE_OPTIONS: --max-old-space-size=4096
+      # Customize the JVM maximum heap limit
+      JVM_OPTS: -Xmx4g
 
     steps:
       - checkout
@@ -28,101 +28,71 @@ jobs:
            - v1-dependencies-
 
       - run: cd .clj-kondo && cat config.edn
-      - run: cat .cljfmt.edn
-      - run: clj-kondo --version
 
       - run:
-          name: "backend fmt check"
+          name: frontend styles prettier
+          working_directory: "./frontend"
+          command: |
+            yarn install
+            yarn run lint-scss
+
+      - run:
+          name: common lint
+          working_directory: "./common"
+          command: |
+            clj-kondo --version
+            clj-kondo --parallel --lint src/
+
+      - run:
+          name: frontend lint
+          working_directory: "./frontend"
+          command: |
+            clj-kondo --version
+            clj-kondo --parallel --lint src/
+
+      - run:
+          name: backend lint
           working_directory: "./backend"
           command: |
-            yarn install
-            yarn run fmt:clj:check
+            clj-kondo --version
+            clj-kondo --parallel --lint src/
 
       - run:
-          name: "exporter fmt check"
-          working_directory: "./exporter"
-          command: |
-            yarn install
-            yarn run fmt:clj:check
-
-      - run:
-          name: "common fmt check"
           working_directory: "./common"
-          command: |
-            yarn install
-            yarn run fmt:clj:check
-
-      - run:
-          name: "frontend fmt check"
-          working_directory: "./frontend"
-          command: |
-            yarn install
-            yarn run fmt:clj:check
-
-      - run:
-          name: "common linter check"
-          working_directory: "./common"
-          command: |
-            yarn install
-            yarn run lint:clj
-
-      - run:
-          name: "frontend linter check"
-          working_directory: "./frontend"
-          command: |
-            yarn install
-            yarn run lint:scss
-            yarn run lint:clj
-
-      - run:
-          name: "backend linter check"
-          working_directory: "./backend"
-          command: |
-            yarn install
-            yarn run lint:clj
-
-      - run:
-          name: "exporter linter check"
-          working_directory: "./exporter"
-          command: |
-            yarn install
-            yarn run lint:clj
-
-      - run:
-          name: "common tests"
-          working_directory: "./common"
-          command: |
-            yarn test
-            clojure -M:dev:test
-
-      - run:
-          name: "frontend tests"
-          working_directory: "./frontend"
+          name: common tests
           command: |
             yarn install
             yarn test
+            clojure -X:dev:test :patterns '["common-tests.*-test"]'
+
+          environment:
+            PATH: /usr/local/nodejs/bin/:/usr/local/bin:/bin:/usr/bin
+            JVM_OPTS: -Xmx4g
+            NODE_OPTIONS: --max-old-space-size=4096
 
       - run:
-          name: "frontend integration tests"
-          working_directory: "./frontend"
-          command: |
-            yarn install
-            yarn run compile
-            clojure -M:dev:shadow-cljs release main
-            yarn playwright install --with-deps chromium
-            yarn e2e:test
-
-      - run:
-          name: "backend tests"
+          name: backend test
           working_directory: "./backend"
           command: |
-            clojure -M:dev:test
+            clojure -X:dev:test :patterns '["backend-tests.*-test"]'
 
           environment:
             PENPOT_TEST_DATABASE_URI: "postgresql://localhost/penpot_test"
             PENPOT_TEST_DATABASE_USERNAME: penpot_test
             PENPOT_TEST_DATABASE_PASSWORD: penpot_test
             PENPOT_TEST_REDIS_URI: "redis://localhost/1"
+            JVM_OPTS: -Xmx4g
+
+      - run:
+          name: frontend tests
+          working_directory: "./frontend"
+          command: |
+            yarn install
+            yarn test
+
+          environment:
+            PATH: /usr/local/nodejs/bin/:/usr/local/bin:/bin:/usr/bin
+            NODE_OPTIONS: --max-old-space-size=4096
 
       - save_cache:
          paths:

.clj-kondo/config.edn

@@ -2,11 +2,10 @@
  {promesa.core/let clojure.core/let
   promesa.core/->> clojure.core/->>
   promesa.core/-> clojure.core/->
-  promesa.exec.csp/go-loop clojure.core/loop
   rumext.v2/defc clojure.core/defn
-  promesa.util/with-open clojure.core/with-open
-  app.common.schema.generators/let clojure.core/let
+  rumext.v2/fnc clojure.core/fn
   app.common.data/export clojure.core/def
+  app.db/with-atomic clojure.core/with-open
   app.common.data.macros/get-in clojure.core/get-in
   app.common.data.macros/with-open clojure.core/with-open
   app.common.data.macros/select-keys clojure.core/select-keys
@@ -15,28 +14,16 @@
  :hooks
  {:analyze-call
   {app.common.data.macros/export hooks.export/export
+   potok.core/reify hooks.export/potok-reify
    app.util.services/defmethod hooks.export/service-defmethod
-   app.common.record/defrecord hooks.export/penpot-defrecord
-   app.db/with-atomic hooks.export/penpot-with-atomic
-   potok.v2.core/reify hooks.export/potok-reify
-   rumext.v2/fnc hooks.export/rumext-fnc
-   rumext.v2/lazy-component hooks.export/rumext-lazycomponent
-   shadow.lazy/loadable hooks.export/rumext-lazycomponent
    }}
 
  :output
  {:exclude-files
   ["data_readers.clj"
-   "src/app/util/perf.cljs"
-   "src/app/common/logging.cljc"
-   "src/app/common/exceptions.cljc"
-   "^(?:backend|frontend|exporter|common)/build.clj"
-   "^(?:backend|frontend|exporter|common)/deps.edn"
-   "^(?:backend|frontend|exporter|common)/scripts/"
-   "^(?:backend|frontend|exporter|common)/dev/"
-   "^(?:backend|frontend|exporter|common)/test/"]
-
-  :linter-name true}
+   "app/util/perf.cljs"
+   "app/common/logging.cljc"
+   "app/common/exceptions.cljc"]}
 
  :linters
  {:unsorted-required-namespaces
@@ -72,3 +59,4 @@
    :exclude-destructured-keys-in-fn-args false
    }
   }}
+

.clj-kondo/hooks/export.clj

@@ -12,7 +12,6 @@
 
 (def registry (atom {}))
 
-
 (defn potok-reify
   [{:keys [:node :filename] :as params}]
   (let [[rnode rtype & other] (:children node)
@@ -38,76 +37,8 @@
                           (api/token-node rsym)
                           (api/vector-node [])]
                          other))]
-
-      ;; (prn (api/sexpr result))
-
       {:node result})))
 
-(defn penpot-with-atomic
-  [{:keys [node]}]
-  (let [[params & body] (rest (:children node))]
-    (if (api/vector-node? params)
-      (let [[sym val opts] (:children params)]
-        (when-not (and sym val)
-          (throw (ex-info "No sym and val provided" {})))
-        {:node (api/list-node
-                (list*
-                 (api/token-node 'let)
-                 (api/vector-node [sym val])
-                 opts
-                 body))})
-
-      {:node (api/list-node
-              (into [(api/token-node 'let)
-                     (api/vector-node [params params])]
-                    body))})))
-
-(defn rumext-fnc
-  [{:keys [node]}]
-  (let [[cname mdata params & body] (rest (:children node))
-        [params body] (if (api/vector-node? mdata)
-                        [mdata (cons params body)]
-                        [params body])]
-    (let [result (api/list-node
-                  (into [(api/token-node 'fn)
-                         params]
-                        (cons mdata body)))]
-      {:node result})))
-
-
-(defn rumext-lazycomponent
-  [{:keys [node]}]
-  (let [[cname mdata params & body] (rest (:children node))
-        [params body] (if (api/vector-node? mdata)
-                        [mdata (cons params body)]
-                        [params body])]
-    (let [result (api/list-node [(api/token-node 'constantly) nil])]
-      ;; (prn (api/sexpr result))
-      {:node result})))
-
-
-(defn penpot-defrecord
-  [{:keys [:node]}]
-  (let [[rnode rtype rparams & other] (:children node)
-
-        nodes [(api/token-node (symbol "do"))
-               (api/list-node
-                (into [(api/token-node (symbol (name (:value rnode)))) rtype rparams] other))
-               (api/list-node
-                [(api/token-node (symbol "defn"))
-                 (api/token-node (symbol (str "pos->" (:string-value rtype))))
-                 (api/vector-node
-                  (->> (:children rparams)
-                       (mapv (fn [t]
-                               (api/token-node (symbol (str "_" (:string-value t))))))))
-                 (api/token-node nil)])]
-
-        result (api/list-node nodes)]
-
-    ;; (prn "=====>" (into {} rparams))
-    ;; (prn (api/sexpr result))
-    {:node result}))
-
 (defn clojure-specify
   [{:keys [:node]}]
   (let [[rnode rtype & other] (:children node)
@@ -117,6 +48,7 @@
                        other))]
     {:node result}))
 
+
 (defn service-defmethod
   [{:keys [:node]}]
   (let [[rnode rtype ?meta & other] (:children node)

.cljfmt.edn

@@ -1,9 +0,0 @@
-{:sort-ns-references? true
- :remove-multiple-non-indenting-spaces? false
- :remove-surrounding-whitespace? true
- :remove-consecutive-blank-lines? false
- :extra-indents {rumext.v2/fnc [[:inner 0]]
-                 cljs.test/async [[:inner 0]]
-                 promesa.exec/thread [[:inner 0]]
-                 specify! [[:inner 0] [:inner 1]]}
- }

.editorconfig

@@ -1,13 +0,0 @@
-root = true
-
-[*.{cljs,cljc,clj,js,css,scss,html,yml,yaml,json,mustache}]
-charset = utf-8
-
-indent_size = 2
-indent_style = space
-
-end_of_line = lf
-
-insert_final_newline = true
-
-trim_trailing_whitespace = true

.gitignore

@@ -1,16 +1,7 @@
-.pnp.*
-.yarn/*
-!.yarn/patches
-!.yarn/plugins
-!.yarn/releases
-!.yarn/sdks
-!.yarn/versions
 *-init.clj
-*.css.json
 *.jar
 *.orig
 *.penpot
-*.css.json
 .calva
 .clj-kondo
 .cpcache
@@ -23,7 +14,6 @@
 /*.jpg
 /*.md
 /*.png
-/*.svg
 /*.sql
 /*.txt
 /*.yml
@@ -57,7 +47,6 @@
 /frontend/package-lock.json
 /frontend/resources/fonts/experiments
 /frontend/resources/public/*
-/frontend/storybook-static/
 /frontend/target/
 /other/
 /scripts/
@@ -68,8 +57,3 @@
 /web
 clj-profiler/
 node_modules
-frontend/.storybook/preview-body.html
-/test-results/
-/playwright-report/
-/blob-report/
-/playwright/.cache/

.vscode/settings.json

@@ -1,9 +1,5 @@
 {
-  "files.exclude": {
-    "**/.clj-kondo": true,
-    "**/.cpcache": true,
-    "**/.lsp": true,
-    "**/.shadow-cljs": true,
-    "**/node_modules": true
+  "files.associations": {
+    "stdint.h": "c"
   }
 }

.yarnrc.yml

@@ -1,11 +0,0 @@
-enableGlobalCache: true
-
-enableImmutableCache: false
-
-enableImmutableInstalls: false
-
-enableTelemetry: false
-
-httpTimeout: 600000
-
-nodeLinker: node-modules

CHANGES.md

@@ -1,534 +1,21 @@
 # CHANGELOG
 
-## 2.1.0
-
-### :rocket: Epics and highlights
-
-### :boom: Breaking changes & Deprecations
-
-### :heart: Community contributions (Thank you!)
-
-### :sparkles: New features
-
-- Improve auth process [Taiga #7094](https://tree.taiga.io/project/penpot/us/7094)
-- Add locking degrees increment (hold shift) on path edition [Taiga #7761](https://tree.taiga.io/project/penpot/issue/7761)
-- Persistence & Concurrent Edition Enhancements [Taiga #5657](https://tree.taiga.io/project/penpot/us/5657)
-- Allow library colors as recent colors [Taiga #7640](https://tree.taiga.io/project/penpot/issue/7640)
-- Missing scroll in viewmode comments [Taiga #7427](https://tree.taiga.io/project/penpot/issue/7427)
-- Comments in View mode should mimic the positioning behavior of the Workspace [Taiga #7346](https://tree.taiga.io/project/penpot/issue/7346)
-- Misaligned input on comments [Taiga #7461](https://tree.taiga.io/project/penpot/issue/7461)
-
-### :bug: Bugs fixed
-
-- Fix selection rectangle appears on scroll [Taiga #7525](https://tree.taiga.io/project/penpot/issue/7525)
-- Fix layer tree not expanding to the bottom edge [Taiga #7466](https://tree.taiga.io/project/penpot/issue/7466)
-- Fix guides move when board is moved by inputs [Taiga #8010](https://tree.taiga.io/project/penpot/issue/8010)
-- Fix clickable area of Penptot logo in the viewer [Taiga #7988](https://tree.taiga.io/project/penpot/issue/7988)
-- Fix constraints dropdown when selecting multiple shapes [Taiga #7686](https://tree.taiga.io/project/penpot/issue/7686)
-- Layout and scrollign fixes for the bottom palette [Taiga #7559](https://tree.taiga.io/project/penpot/issue/7559)
-- Fix expand libraries when search results are present [Taiga #7876](https://tree.taiga.io/project/penpot/issue/7876)
-- Fix color palette default library [Taiga #8029](https://tree.taiga.io/project/penpot/issue/8029)
-- Component Library is lost after exporting/importing in .zip format [Github #4672](https://github.com/penpot/penpot/issues/4672)
-- Fix problem with moving+selection not working properly [Taiga #7943](https://tree.taiga.io/project/penpot/issue/7943)
-- Fix problem with flex layout fit to content not positioning correctly children [Taiga #7537](https://tree.taiga.io/project/penpot/issue/7537)
-- Fix black line is displaying after show main [Taiga #7653](https://tree.taiga.io/project/penpot/issue/7653)
-- Fix "Share prototypes" modal remains open [Taiga #7442](https://tree.taiga.io/project/penpot/issue/7442)
-- Fix "Components visibility and opacity" [#4694](https://github.com/penpot/penpot/issues/4694)
-- Fix "Attribute overrides in copies are not exported in zip file" [Taiga #8072](https://tree.taiga.io/project/penpot/issue/8072)
-- Fix group not automatically selected in the Layers panel after creation [Taiga #8078](https://tree.taiga.io/project/penpot/issue/8078)
-- Fix export boards loses opacity [Taiga #7592](https://tree.taiga.io/project/penpot/issue/7592)
-- Fix change color on imported svg also changes the stroke alignment[Taiga #7673](https://github.com/penpot/penpot/pull/7673)
-- Fix show in view mode and interactions workflow [Taiga #4711](https://github.com/penpot/penpot/pull/4711)
-- Fix internal error when I set up a stroke for some objects without and with stroke [Taiga #7558](https://tree.taiga.io/project/penpot/issue/7558)
-- Toolbar keeps toggling on and off on spacebar press [Taiga #7654](https://github.com/penpot/penpot/pull/7654)
-- Fix toolbar keeps hiding when click outside workspace [Taiga #7776](https://tree.taiga.io/project/penpot/issue/7776)
-- Fix open overlay relative to a frame [Taiga #7563](https://tree.taiga.io/project/penpot/issue/7563)
-- Workspace-palette items stay hidden when opening with keyboard-shortcut [Taiga #7489](https://tree.taiga.io/project/penpot/issue/7489)
-- Fix SVG attrs are not handled correctly when exporting/importing in .zip [Taiga #7920](https://tree.taiga.io/project/penpot/issue/7920)
-- Fix validation error when detaching with two nested copies and a swap [Taiga #8095](https://tree.taiga.io/project/penpot/issue/8095)
-- Export shapes that are rotated act a bit strange when reimported [Taiga #7585](https://tree.taiga.io/project/penpot/issue/7585)
-- Penpot crashes when a new colorpicker is created while uploading an image to another instance [Taiga #8119](https://tree.taiga.io/project/penpot/issue/8119)
-- Removing Underline and Strikethrough Affects the Previous Text Object [Taiga #8103](https://tree.taiga.io/project/penpot/issue/8103)
-- Color library loses association with shapes when exporting/importing the document [Taiga #8132](https://tree.taiga.io/project/penpot/issue/8132)
-- Fix can't collapse groups when searching in the assets tab [Taiga #8125](https://tree.taiga.io/project/penpot/issue/8125)
-- Fix 'Detach instance' shortcut is not working [Taiga #8102](https://tree.taiga.io/project/penpot/issue/8102)
-- Fix import file message does not detect 0 as error [Taiga #6824](https://tree.taiga.io/project/penpot/issue/6824)
-- Image Color Library is not persisted when exporting/importing in .zip [Taiga #8131](https://tree.taiga.io/project/penpot/issue/8131)
-
-## 2.0.3
-
-### :bug: Bugs fixed
-
-- Fix chrome scrollbar styling [Taiga #7852](https://tree.taiga.io/project/penpot/issue/7852)
-- Fix incorrect password encoding on create-profile manage scritp [Github #3651](https://github.com/penpot/penpot/issues/3651)
-
-## 2.0.2
-
-### :sparkles: Enhancements
-
-- Fix locking contention on cron subsystem (causes backend start blocking)
-- Fix locking contention on file object thumbails backend RPC calls
-
-### :bug: Bugs fixed
-
-- Fix color palette sorting [Taiga #7458](https://tree.taiga.io/project/penpot/issue/7458)
-- Fix style scoping problem with imported SVG [Taiga #7671](https://tree.taiga.io/project/penpot/issue/7671)
-
-
-## 2.0.1
-
-### :bug: Bugs fixed
-
-- Fix different issues related to components v2 migrations including [Github #4443](https://github.com/penpot/penpot/issues/4443)
-
-
-## 2.0.0 - I Just Can't Get Enough
-
-### :rocket: Epics and highlights
-- Grid CSS layout [Taiga #4915](https://tree.taiga.io/project/penpot/epic/4915)
-- UI redesign [Taiga #4958](https://tree.taiga.io/project/penpot/epic/4958)
-- New components System [Taiga #2662](https://tree.taiga.io/project/penpot/epic/2662)
-- Swap components [Taiga #1331](https://tree.taiga.io/project/penpot/us/1331)
-- Images as fill  [Taiga #2983](https://tree.taiga.io/project/penpot/us/2983)
-- HTML code generation [Taiga #5277](https://tree.taiga.io/project/penpot/us/5277)
-- Light and dark themes [Taiga #2287](https://tree.taiga.io/project/penpot/us/2287)
-
-### :boom: Breaking changes & Deprecations
-
-- New strokes default to inside border [Taiga #6847](https://tree.taiga.io/project/penpot/issue/6847)
-- Change default z ordering on layers in flex layout. The previous behavior was inconsistent with how HTML works and we changed it to be more consistent. Previous layers that overlapped could be hidden, the fastest way to fix this is changing the z-index property but a better way is to change the order of your layers.
-
-
-### :heart: Community contributions (Thank you!)
-- New Hausa, Yoruba and Igbo translations and  update translation files (by All For Tech Empowerment Foundation) [Taiga #6950](https://tree.taiga.io/project/penpot/us/6950), [Taiga #6534](https://tree.taiga.io/project/penpot/us/6534)
-- Hide bounding-box when editing shape (by @VasilevsVV) [#3930](https://github.com/penpot/penpot/pull/3930)
-- CTRL + "+" to zoom into canvas instead of browser (by @audriu) [#3848](https://github.com/penpot/penpot/pull/3848)
-- Add dev deps.edn in the project root (by @PEZ) [#3794](https://github.com/penpot/penpot/pull/3794)
-- Allow passing overrides to frontend nginx config (by @m90) [#3602](https://github.com/penpot/penpot/pull/3602)
-- Update index.njk to remove typo (by @fdvmoreira) [#155](https://github.com/penpot/penpot-docs/pull/155)
-- Typo (by StephanEggermont) [#157](https://github.com/penpot/penpot-docs/pull/157)
-
-### :sparkles: New features
-- Send comments with Ctrl+Enter / Cmd + Enter [Taiga #6085](https://tree.taiga.io/project/penpot/issue/6085)
-- Select through stroke only rectangle [Taiga #5484](https://tree.taiga.io/project/penpot/issue/5484)
-- Stroke default position [Taiga #6847](https://tree.taiga.io/project/penpot/issue/6847)
-- Override browser Ctrl+ and Ctrl- zoom with Penpot Zoom [Taiga #3200](https://tree.taiga.io/project/penpot/us/3200)
-- Improve the way handlers work on flex layouts [Taiga #6598](https://tree.taiga.io/project/penpot/us/6598)
-- Add menu entry for toggle between light/dark theme [Taiga #6829](https://tree.taiga.io/project/penpot/issue/6829)
-- Switch themes shortcut [Taiga #6644](https://tree.taiga.io/project/penpot/us/6644)
-- Constraints section at design tab new position [Taiga #6830](https://tree.taiga.io/project/penpot/issue/6830)
-- [PICKER] File library colors order [Taiga #5399](https://tree.taiga.io/project/penpot/us/5399)
-- Onboarding invitations improvements [Taiga #5974](https://tree.taiga.io/project/penpot/us/5974)
-- [PERFORMANCE] Workspace thumbnails refactor [Taiga #5828](https://tree.taiga.io/project/penpot/us/5828)
-- [PERFORMANCE] Add performance optimizations to shape rendering [Taiga #5835](https://tree.taiga.io/project/penpot/us/5835)
-- [PERFORMANCE] Optimize SVG output [Taiga #4134](https://tree.taiga.io/project/penpot/us/4134)
-- [PERFORMANCE] Optimize svg on importation [Taiga #5879](https://tree.taiga.io/project/penpot/us/5879)
-- [PERFORMANCE] Optimization tasks related to design tab file [Taiga #5760](https://tree.taiga.io/project/penpot/us/5760)
-- [INSTALL] Ability to setup features by team [Taiga #6108](https://tree.taiga.io/project/penpot/us/6108)
-- [IMAGES] Keep aspect ratio option [Taiga #6933](https://tree.taiga.io/project/penpot/us/6933)
-- [INSPECT] UI review [Taiga #5687](https://tree.taiga.io/project/penpot/us/5687)
-- [GRID LAYOUT] Phase 1 [Taiga #4303](https://tree.taiga.io/project/penpot/us/4303)
-- [GRID LAYOUT] Inspect code for Grid [Taiga #5277](https://tree.taiga.io/project/penpot/us/5277)
-- [GRID LAYOUT] Phase 1 polishing [Taiga #5612](https://tree.taiga.io/project/penpot/us/5612)
-- [GRID LAYOUT] Improvements & Feedback [Taiga #6047](https://tree.taiga.io/project/penpot/us/6047)
-- [COMPONENTS] Naming of the main component [Taiga #5291](https://tree.taiga.io/project/penpot/us/5291)
-- [COMPONENTS] Rework inside of components - Library page [Taiga #2918](https://tree.taiga.io/project/penpot/us/2918)
-- [COMPONENTS] Update component when updating main instance [Taiga #3794](https://tree.taiga.io/project/penpot/us/3794)
-- [COMPONENTS] Main component new behavior [Taiga #3796](https://tree.taiga.io/project/penpot/us/3796)
-- [COMPONENTS] Main component look & feel [Taiga #5290](https://tree.taiga.io/project/penpot/us/5290)
-- [COMPONENTS] Library view [Taiga #2880](https://tree.taiga.io/project/penpot/us/2880)
-- [COMPONENTS] Positioning inside a component should relative, as in boards [Taiga #2826](https://tree.taiga.io/project/penpot/us/2826)
-- [COMPONENTS] Update message should show only if affecting at components that are being used at a file [Taiga #1397](https://tree.taiga.io/project/penpot/us/1397)
-- [COMPONENTS] Annotations [Taiga #4957](https://tree.taiga.io/project/penpot/us/4957)
-- [COMPONENTS] Synchronization order for nested components [Taiga #5439](https://tree.taiga.io/project/penpot/us/5439)
-- [COMPONENTS] Libraries modal zero case [Taiga #5294](https://tree.taiga.io/project/penpot/us/5294)
-- [COMPONENTS] Contextual menu casuistics [Taiga #5292](https://tree.taiga.io/project/penpot/us/5292)
-- [COMPONENTS] Libraries publishing flow review [Taiga #5293](https://tree.taiga.io/project/penpot/us/5293)
-- [COMPONENTS] Add loading text to Libraries modal [Taiga #6702](https://tree.taiga.io/project/penpot/us/6702)
-- [COMPONENTS] Components rename and organization in bulk [Taiga #2877](https://tree.taiga.io/project/penpot/us/2877)
-- [COMPONENTS] Info overlay about components V2 [Taiga #6276](https://tree.taiga.io/project/penpot/us/6276)
-- [REDESIGN] New styles basics [Taiga #4967](https://tree.taiga.io/project/penpot/us/4967)
-- [REDESIGN] Layers tab redesign [Taiga #4966](https://tree.taiga.io/project/penpot/us/4966)
-- [REDESIGN] Design tab phase 1 [Taiga #4982](https://tree.taiga.io/project/penpot/us/4966)
-- [REDESIGN] Assets tab redesign [Taiga #4984](https://tree.taiga.io/project/penpot/us/4984)
-- [REDESIGN] Palette panels (colors, typographies...) [Taiga #4983](https://tree.taiga.io/project/penpot/us/4983)
-- [REDESIGN] Workspace structure [Taiga #4988](https://tree.taiga.io/project/penpot/us/4988)
-- [REDESIGN] Shortcut tab [Taiga #4989](https://tree.taiga.io/project/penpot/us/4989)
-- [REDESIGN] Toolbar [Taiga #5500](https://tree.taiga.io/project/penpot/us/5500)
-- [REDESIGN] History tab [Taiga #5481](https://tree.taiga.io/project/penpot/us/5481)
-- [REDESIGN] Path options/toolbar [Taiga #5815](https://tree.taiga.io/project/penpot/us/5815)
-- [REDESIGN] Design tab phase 2 [Taiga #5814](https://tree.taiga.io/project/penpot/us/5814)
-- [REDESIGN] Design tab phase 3 and dashboard details [Taiga #5920](https://tree.taiga.io/project/penpot/us/5920)
-- [REDESIGN] Dashboard [Taiga #5164](https://tree.taiga.io/project/penpot/us/5164)
-- [REDESIGN] New Dashboard UI [Taiga #5869](https://tree.taiga.io/project/penpot/us/5869)
-- [REDESIGN] Prototype tab [Taiga #4985](https://tree.taiga.io/project/penpot/us/4985)
-- [REDESIGN] Code tab [Taiga #4986](https://tree.taiga.io/project/penpot/us/4986)
-- [REDESIGN] Modals and alert messages [Taiga #5915](https://tree.taiga.io/project/penpot/us/5915)
-- [REDESIGN] Comments page [Taiga #5917](https://tree.taiga.io/project/penpot/us/5917)
-- [REDESIGN] View Mode [Taiga #5163](https://tree.taiga.io/project/penpot/us/5163)
-- [REDESIGN] Miscellaneous tasks [Taiga #6050](https://tree.taiga.io/project/penpot/us/6050)
-- [REDESIGN] Swap components [Taiga #6739](https://tree.taiga.io/project/penpot/us/6739)
-- [REDESIGN] Font selector [Taiga #6677](https://tree.taiga.io/project/penpot/us/6677)
-- [REDESIGN] Colour system of alerts and notifications [Taiga #6746](https://tree.taiga.io/project/penpot/us/6746)
-- [REDESIGN] Review text in paragraphs for accessibility [Taiga #6703](https://tree.taiga.io/project/penpot/us/6703)
-- [REDESIGN] Interaction icons [Taiga #6880](https://tree.taiga.io/project/penpot/us/6880)
-- [REDESIGN] Panels visual separations [Taiga #6692](https://tree.taiga.io/project/penpot/us/6692)
-- [REDESIGN] Onboarding slides [Taiga #6678](https://tree.taiga.io/project/penpot/us/6678)
-
-### :bug: Bugs fixed
-- Fix pixelated thumbnails [Github #3681](https://github.com/penpot/penpot/issues/3681), [Github #3661](https://github.com/penpot/penpot/issues/3661)
-- Fix problem with not applying colors to boards [Github #3941](https://github.com/penpot/penpot/issues/3941)
-- Fix problem with path editor undoing changes [Github #3998](https://github.com/penpot/penpot/issues/3998)
-- [View mode] Open overlay places frame in the wrong position when paired with a fixed element [Taiga #6385](https://tree.taiga.io/project/penpot/issue/6385)
-- Flex Layout: Fit-content not recalculated after deleting an element [Taiga #5968](https://tree.taiga.io/project/penpot/issue/5968)
-- Selecting from Color Palette does not work for board when there is no existing fill [Taiga #6464](https://tree.taiga.io/project/penpot/issue/6464)
-- Color thumbnails are consistently rounded in the inspect code mode [Taiga #5886](https://tree.taiga.io/project/penpot/issue/5886)
-- Adding vector path points before first point of existing open path not working [Taiga #6593](https://tree.taiga.io/project/penpot/issue/6593)
-- Some image formats include the extension when importing  [Taiga #5485](https://tree.taiga.io/project/penpot/issue/5485)
-- Gradient color tool doesn't work properly with flipped items [Taiga #6485](https://tree.taiga.io/project/penpot/issue/6485)
-- [TEXT] Align options are not shown when several text are selected [Taiga #5948](https://tree.taiga.io/project/penpot/issue/5948)
-- [VIEW MODE] Comments not working properly on multiple pages [Taiga #6281](https://tree.taiga.io/project/penpot/issue/6281)
-- [PERFORMANCE] Alignments are slow [Taiga #5865](https://tree.taiga.io/project/penpot/issue/5865)
-- [EXPORT] Exporting an element with a non-visible drop shadow displays the shadow either way [Taiga #6768](https://tree.taiga.io/project/penpot/issue/6768)
-- [SAFARI] Color picker cursor is not pointing correctly [Taiga #6733](https://tree.taiga.io/project/penpot/issue/6733)
-- [Import Files] When user has imported .penpot file with new file name of previously downloaded library file the default library file name is set for it [Taiga #5596](https://tree.taiga.io/project/penpot/issue/5596)
-- Issue when resizing a duotone FA icon [Taiga #5935](https://tree.taiga.io/project/penpot/issue/5935)
-- "Hide grid" keyboard shortcut broken [Taiga #5102](https://tree.taiga.io/project/penpot/issue/5102)
-- Picking a gradient color in recent colors for a new color in the assets tab crashes Penpot [Taiga #5601](https://tree.taiga.io/project/penpot/issue/5601)
-- Thumbnails not loading [Taiga #6012](https://tree.taiga.io/project/penpot/issue/6012)
-- Don't show signup link/form when registration is disabled. [Taiga #1196](https://tree.taiga.io/project/penpot/issue/1196)
-- Registration Page UI UX issue with small resolutions [Taiga #1693](https://tree.taiga.io/project/penpot/issue/1693)
-- [LOGIN] "E-Mail-Adress" input field is set to type 'text' instead of 'eMail [Taiga #1921](https://tree.taiga.io/project/penpot/issue/1921)
-- Handling correctly slashes "/" in emails [Taiga #4906](https://tree.taiga.io/project/penpot/issue/4906)
-- Tab character in texts crashes the app [Taiga #4418](https://tree.taiga.io/project/penpot/issue/4418)
-- Text does not match export [Taiga #4129](https://tree.taiga.io/project/penpot/issue/4129)
-- Scrollbars cover the layers carets [Taiga #4431](https://tree.taiga.io/project/penpot/issue/4431)
-- Horizontal ruler disappear when overlapping a board [Taiga #4138](https://tree.taiga.io/project/penpot/issue/4138)
-- Resize shape + Alt key is not working [Taiga #3447](https://tree.taiga.io/project/penpot/issue/3447)
-- Libraries images broken on premise [Taiga #4573](https://tree.taiga.io/project/penpot/issue/4573)
-- [VIEWER] Cannot scroll down in code </> mode [Taiga #4655](https://tree.taiga.io/project/penpot/issue/4655)
-- Strange cursor behavior after clicking viewport with text tool [Taiga #4363](https://tree.taiga.io/project/penpot/issue/4363)
-- Selected color affects all of them [Taiga #5285](https://tree.taiga.io/project/penpot/issue/5285)
-- Fix problem with shadow negative spread [Github #3421](https://github.com/penpot/penpot/issues/3421)
-- Fix problem with linked colors to strokes [Github #3522](https://github.com/penpot/penpot/issues/3522)
-- Fix problem with hand tool stuck [Github #3318](https://github.com/penpot/penpot/issues/3318)
-- Fix problem with fix scrolling on nested elements [Github #3508](https://github.com/penpot/penpot/issues/3508)
-- Fix problem when changing typography assets [Github #3683](https://github.com/penpot/penpot/issues/3683)
-- Internal error when you copy and paste some main components between files [Taiga #7397](https://tree.taiga.io/project/penpot/issue/7397)
-- Fix toolbar disappearing [Taiga #7411](https://tree.taiga.io/project/penpot/issue/7411)
-- Fix long text on tab breaks UI [Taiga #7421](https://tree.taiga.io/project/penpot/issue/7421)
-
-## 1.19.5
-
-### :bug: New features
-
-- Fix problem with alignment performance
-
-## 1.19.4
-
-### :sparkles: New features
-
-- Improve selected colors [Taiga #5805]( https://tree.taiga.io/project/penpot/us/5805)
-
-### :bug: Bugs fixed
-
-- Fix problem with z-index field in non-absolute items
-
-## 1.19.3
-
-### :sparkles: New features
-
-- Remember last color mode in colorpicker [Taiga #5508](https://tree.taiga.io/project/penpot/issue/5508)
-- Improve layers multiselection behaviour [Github #5741](https://github.com/penpot/penpot/issues/5741)
-- Remember last active team across logouts / sessions [Github #3325](https://github.com/penpot/penpot/issues/3325)
-
-### :bug: Bugs fixed
-
-- List view is discarded on tab change on Workspace Assets Sidebar tab [Github #3547](https://github.com/penpot/penpot/issues/3547)
-- Fix message popup remains open when exiting workspace with browser back button [Taiga #5747](https://tree.taiga.io/project/penpot/issue/5747)
-- When editing text if font is changed, the proportions of the rendered shape are wrong [Taiga #5786](https://tree.taiga.io/project/penpot/issue/5786)
-
-## 1.19.2
-
-### :sparkles: New features
-
-- Navigate up in layer hierarchy with Shift+Enter shortcut [Taiga #5734](https://tree.taiga.io/project/penpot/us/5734)
-- Click on the flow tags open viewer with the selected frame [Taiga #5044](https://tree.taiga.io/project/penpot/us/5044)
-- Add Dutch language & update translation files with weblate
-
-### :bug: Bugs fixed
-
-- Fix unexpected output on get-page rpc method when invalid object-id is provided [Github #3546](https://github.com/penpot/penpot/issues/3546)
-- Fix Invalid files amount after moving file from Project to Drafts [Taiga #5638](https://tree.taiga.io/project/penpot/us/5638)
-- Fix deleted pages comments shown in right sidebar [Taiga #5648](https://tree.taiga.io/project/penpot/us/5648)
-- Fix tooltip on toggle visibility and toggle lock buttons [Taiga #5141](https://tree.taiga.io/project/penpot/issue/5141)
-
-
-## 1.19.1
-
-### :bug: Bugs fixed
-
-- Fix components not registered as updated [Taiga #5725](https://tree.taiga.io/project/penpot/issue/5725)
-
-## 1.19.0
+## :rocket: Next
 
 ### :boom: Breaking changes & Deprecations
 
 ### :sparkles: New features
-
-- Default naming of text layers [Taiga #2836](https://tree.taiga.io/project/penpot/us/2836)
-- Create typography style from a selected text layer [Taiga #3041](https://tree.taiga.io/project/penpot/us/3041)
-- Board as ruler origin [Taiga #4833](https://tree.taiga.io/project/penpot/us/4833)
-- Access tokens support [Taiga #4460](https://tree.taiga.io/project/penpot/us/4460)
-- Show interactions setting at the view mode [Taiga #1330](https://tree.taiga.io/project/penpot/issue/1330)
-- Improve dashboard performance related to thumbnails; now the thumbnails are
-  rendered as bitmap images.
-- Add the ability to disable google fonts provider with the `disable-google-fonts-provider` flag
-- Add the ability to disable dashboard templates section with the `disable-dashboard-templates-section` flag
-- Add the ability to use the registration whitelist with OICD [Github #3348](https://github.com/penpot/penpot/issues/3348)
-- Add support for local caching of google fonts (this avoids exposing the final user IP to
-  goolge and reduces the amount of request sent to google)
-- Set smooth/instant autoscroll depending on distance [GitHub #3377](https://github.com/penpot/penpot/issues/3377)
-- New component icon [Taiga #5290](https://tree.taiga.io/project/penpot/us/5290)
-- Show a confirmation dialog when an user tries to publish an empty library [Taiga #5294](https://tree.taiga.io/project/penpot/us/5294)
-
-### :bug: Bugs fixed
-
-- Fix files can be opened from multiple urls [Taiga #5310](https://tree.taiga.io/project/penpot/issue/5310)
-- Fix asset color item was created from the selected layer [Taiga #5180](https://tree.taiga.io/project/penpot/issue/5180)
-- Fix unpublish more than one library at the same time [Taiga #5532](https://tree.taiga.io/project/penpot/issue/5532)
-- Fix drag projects on dahsboard [Taiga #5531](https://tree.taiga.io/project/penpot/issue/5531)
-- Fix allow team name to be all blank [Taiga #5527](https://tree.taiga.io/project/penpot/issue/5527)
-- Fix search font visualitation [Taiga #5523](https://tree.taiga.io/project/penpot/issue/5523)
-- Fix create and account only with spaces [Taiga #5518](https://tree.taiga.io/project/penpot/issue/5518)
-- Fix context menu outside screen [Taiga #5524](https://tree.taiga.io/project/penpot/issue/5524)
-- Fix graphic item rename on assets pannel [Taiga #5556](https://tree.taiga.io/project/penpot/issue/5556)
-- Fix component and media name validation on assets panel [Taiga #5555](https://tree.taiga.io/project/penpot/issue/5555)
-- Fix problem with selection shortcuts [Taiga #5492](https://tree.taiga.io/project/penpot/issue/5492)
-- Fix issue with paths line to curve and concurrent editing [Taiga #5191](https://tree.taiga.io/project/penpot/issue/5191)
-- Fix problems with locked layers [Taiga #5139](https://tree.taiga.io/project/penpot/issue/5139)
-- Fix export from shared prototype [Taiga #5565](https://tree.taiga.io/project/penpot/issue/5565)
-- Fix email change: validation error displaying even after both fields are identical [Taiga #5514](https://tree.taiga.io/project/penpot/issue/5514)
-- Fix scroll on viewer comment list [Taiga #5563](https://tree.taiga.io/project/penpot/issue/5563)
-- Fix context menu z-index [Taiga #5561](https://tree.taiga.io/project/penpot/issue/5561)
-- Fix select all checkbox on shared link config [Taiga #5566](https://tree.taiga.io/project/penpot/issue/5566)
-- Fix validation on full name input on account creation [Taiga #5516](https://tree.taiga.io/project/penpot/issue/5516)
-- Fix validation on team name input [Taiga #5510](https://tree.taiga.io/project/penpot/issue/5510)
-- Fix incorrect uri generation issues on share-link modal [Taiga #5564](https://tree.taiga.io/project/penpot/issue/5564)
-- Fix cache issues with share-links [Taiga #5559](https://tree.taiga.io/project/penpot/issue/5559)
-- Makes height priority for the rows/columns grids [#2774](https://github.com/penpot/penpot/issues/2774)
-- Fix problem with comments mode not staying [#3363](https://github.com/penpot/penpot/issues/3363)
-- Fix problem with comments when user left the team [Taiga #5562](https://tree.taiga.io/project/penpot/issue/5562)
-- Fix problem with images patterns repeating [#3372](https://github.com/penpot/penpot/issues/3372)
-- Fix grid not being clipped in frames [#3365](https://github.com/penpot/penpot/issues/3365)
-- Fix cut/delete text layer when while creating text [Taiga #5602](https://tree.taiga.io/project/penpot/issue/5602)
-- Fix picking a gradient color in recent colors for a new color in the assets tab [Taiga #5601](https://tree.taiga.io/project/penpot/issue/5601)
-- Fix problem with importation process [Taiga #5597](https://tree.taiga.io/project/penpot/issue/5597)
-- Fix problem with HSV color picker [#3317](https://github.com/penpot/penpot/issues/3317)
-- Fix problem with slashes in layers names for exporter [#3276](https://github.com/penpot/penpot/issues/3276)
-- Fix incorrect modified data on moving files on dashboard [Taiga #5530](https://tree.taiga.io/project/penpot/issue/5530)
-- Fix focus handling on comments edition [Taiga #5560](https://tree.taiga.io/project/penpot/issue/5560)
-- Fix incorrect fullname use on registring user after OIDC authentication [Taiga #5517](https://tree.taiga.io/project/penpot/issue/5517)
-- Fix incorrect modified-at on project after import file [Taiga #5268](https://tree.taiga.io/project/penpot/issue/5268)
-- Fix incorrect message after sending invitation to already member [Taiga 5599](https://tree.taiga.io/project/penpot/issue/5599)
-- Fix text decoration on button [Taiga #5301](https://tree.taiga.io/project/penpot/issue/5301)
-- Fix menu order on design tab [Taiga #5195](https://tree.taiga.io/project/penpot/issue/5195)
-- Fix search bar width on layer tab [Taiga #5445](https://tree.taiga.io/project/penpot/issue/5445)
-- Fix border radius values with decimals [Taiga #5283](https://tree.taiga.io/project/penpot/issue/5283)
-- Fix shortcuts translations not homogenized [Taiga #5141](https://tree.taiga.io/project/penpot/issue/5141)
-- Fix overlay manual position in nested boards [Taiga #5135](https://tree.taiga.io/project/penpot/issue/5135)
-- Fix close overlay from a nested board [Taiga #5587](https://tree.taiga.io/project/penpot/issue/5587)
-- Fix overlay position when it has shadow or blur [Taiga #4752](https://tree.taiga.io/project/penpot/issue/4752)
-- Fix overlay position when there are elements fixed when scrolling [Taiga #4383](https://tree.taiga.io/project/penpot/issue/4383)
-- Fix problem when sliding color picker in selected-colors [#3150](https://github.com/penpot/penpot/issues/3150)
-- Fix error screen on upload image error [Taiga #5608](https://tree.taiga.io/project/penpot/issue/5608)
-- Fix bad frame-id for certain componentes [#3205](https://github.com/penpot/penpot/issues/3205)
-- Fix paste elements at bottom of frame [Taig #5253](https://tree.taiga.io/project/penpot/issue/5253)
-- Fix new-file button on project not redirecting to the new file [Taiga #5610](https://tree.taiga.io/project/penpot/issue/5610)
-- Fix retrieve user comments in dashboard [Taiga #5607](https://tree.taiga.io/project/penpot/issue/5607)
-- Locks shapes when moved inside a locked parent [Taiga #5252](https://tree.taiga.io/project/penpot/issue/5252)
-- Fix rotate several elements in bulk [Taiga #5165](https://tree.taiga.io/project/penpot/issue/5165)
-- Fix onboarding slides height [Taiga #5373](https://tree.taiga.io/project/penpot/issue/5373)
-- Fix create typography with section closed [Taiga #5574](https://tree.taiga.io/project/penpot/issue/5574)
-- Fix exports menu on viewer mode [Taiga #5568](https://tree.taiga.io/project/penpot/issue/5568)
-- Fix create empty comments [Taiga #5536](https://tree.taiga.io/project/penpot/issue/5536)
-- Fix text changes not propagated to copy [Taiga #5364](https://tree.taiga.io/project/penpot/issue/5364)
-- Fix position of text cursor is a bit too high in Invitations section [Taiga #5511](https://tree.taiga.io/project/penpot/issue/5511)
-- Fix undo when updating several texts [Taiga #5197](https://tree.taiga.io/project/penpot/issue/5197)
-- Fix assets right click button for multiple selection [Taiga #5545](https://tree.taiga.io/project/penpot/issue/5545)
-- Fix problem with precision in resizes [Taiga #5623](https://tree.taiga.io/project/penpot/issue/5623)
-- Fix absolute positioned layouts not showing flex properties [Taiga #5630](https://tree.taiga.io/project/penpot/issue/5630)
-- Fix text gradient handlers [Taiga #4047](https://tree.taiga.io/project/penpot/issue/4047)
-- Fix when user deletes one file during import it is impossible to finish importing of second file [Taiga #5656](https://tree.taiga.io/project/penpot/issue/5656)
-- Fix export multiple images when only one of them has export settings [Taiga #5649](https://tree.taiga.io/project/penpot/issue/5649)
-- Fix error when a user different than the thread creator edits a comment [Taiga #5647](https://tree.taiga.io/project/penpot/issue/5647)
-- Fix unnecessary button [Taiga #3312](https://tree.taiga.io/project/penpot/issue/3312)
-- Fix copy color information in several formats [Taiga #4723](https://tree.taiga.io/project/penpot/issue/4723)
-- Fix dropdown width [Taiga #5541](https://tree.taiga.io/project/penpot/issue/5541)
-- Fix enable comment mode and insert image keeps on comment mode [Taiga #5678](https://tree.taiga.io/project/penpot/issue/5678)
-- Fix enable undo just after using pencil [Taiga #5674](https://tree.taiga.io/project/penpot/issue/5674)
-- Fix 400 error when user changes password [Taiga #5643](https://tree.taiga.io/project/penpot/issue/5643)
-- Fix cannot undo layer styles [Taiga #5676](https://tree.taiga.io/project/penpot/issue/5676)
-- Fix unexpected exception on boolean shapes [Taiga #5685](https://tree.taiga.io/project/penpot/issue/5685)
-- Fix ctrl+z on select not working [Taiga #5677](https://tree.taiga.io/project/penpot/issue/5677)
-- Fix thubmnail rendering flashing [Taiga #5675](https://tree.taiga.io/project/penpot/issue/5675)
-
-### :arrow_up: Deps updates
-
-- Update google fonts catalog (at 2023/07/06) [Taiga #5592](https://tree.taiga.io/project/penpot/issue/5592)
-
-
-### :heart: Community contributions by (Thank you!)
-
-- Update Typography palette order (by @akshay-gupta7) [Github #3156](https://github.com/penpot/penpot/pull/3156)
-- Palettes (color, typographies) empty state (by @akshay-gupta7) [Github #3160](https://github.com/penpot/penpot/pull/3160)
-- Duplicate objects via drag + alt (by @akshay-gupta7) [Github #3147](https://github.com/penpot/penpot/pull/3147)
-- Set line-height to auto as 1.2 (by @akshay-gupta7) [Github #3185](https://github.com/penpot/penpot/pull/3185)
-- Click to select full values at the design sidebar (by @akshay-gupta7) [Github #3179](https://github.com/penpot/penpot/pull/3179)
-- Fix rect filter bounds math (by @ryanbreen) [Github #3180](https://github.com/penpot/penpot/pull/3180)
-- Removed sizing variables from radius (by @ondrejkonec) [Github #3184](https://github.com/penpot/penpot/pull/3184)
-- Dashboard search, set focus after shortcut (by @akshay-gupta7) [Github #3196](https://github.com/penpot/penpot/pull/3196)
-- Library name dropdown arrow is overlapped by library name (by @ondrejkonec) [Taiga #5200](https://tree.taiga.io/project/penpot/issue/5200)
-- Reorder shadows (by @akshay-gupta7) [Github #3236](https://github.com/penpot/penpot/pull/3236)
-- Open project in new tab from workspace (by @akshay-gupta7) [Github #3246](https://github.com/penpot/penpot/pull/3246)
-- Distribute fix enabled when two elements were selected (by @dfelinto) [Github #3266](https://github.com/penpot/penpot/pull/3266)
-- Distribute vertical spacing failing for overlapped text (by @dfelinto) [Github #3267](https://github.com/penpot/penpot/pull/3267)
-- bug Change independent corner radius input tooltips #3332 (by @astudentinearth) [Github #3332](https://github.com/penpot/penpot/pull/3332)
-
-## 1.18.6
-
-### :bug: Bugs fixed
-
-- Fix comments navigation from workspace [Taiga #5504](https://tree.taiga.io/project/penpot/issue/5504)
-
-### :sparkles: Enhancements
-
-- Add the ability to overwrite internal resolver with `PENPOT_INTERNAL_RESOLVER` environment
-  variable [GH #3310](https://github.com/penpot/penpot/issues/3310)
-
-## 1.18.5
-
-### :bug: Bugs fixed
-
-- Fix add flow option in contextual menu for frames
-- Fix issues related with invitations
-- Fix problem with undefined gaps
-- Add deleted fonts auto match mechanism
-
-## 1.18.4
-
-### :bug: Bugs fixed
-
-- Fix zooming while color picker breaks UI [GH #3214](https://github.com/penpot/penpot/issues/3214)
-- Fix problem with layout not reflowing on shape deletion [Taiga #5289](https://tree.taiga.io/project/penpot/issue/5289)
-- Fix extra long typography names on assets and palette [Taiga #5199](https://tree.taiga.io/project/penpot/issue/5199)
-- Fix background-color property on inspect code [Taiga #5300](https://tree.taiga.io/project/penpot/issue/5300)
-- Preview layer blend modes (by @akshay-gupta7) [Github #3235](https://github.com/penpot/penpot/pull/3235)
-
-## 1.18.3
-
-### :bug: Bugs fixed
-
-- Fix problem with rulers not placing correctly [Taiga #5093](https://tree.taiga.io/project/penpot/issue/5093)
-- Fix page context menu [Taiga #5145](https://tree.taiga.io/project/penpot/issue/5145)
-- Fix project file count [Taiga #5148](https://tree.taiga.io/project/penpot/issue/5148)
-- Fix OIDC roles checking mechanism [GH #3152](https://github.com/penpot/penpot/issues/3152)
-- Import updated translation strings from weblate
-
-### :arrow_up: Deps updates
-
-## 1.18.2
-
-### :bug: Bugs fixed
-
-- Fix problem with frame title rotation
-- Fix first level board "Show in view mode" is automatically unchecked [Taiga #5136](https://tree.taiga.io/project/penpot/issue/5136)
-
-## 1.18.1
-
-### :bug: Bugs fixed
-
-- Fix problems with imported SVG shadows [Taiga #4922](https://tree.taiga.io/project/penpot/issue/4922)
-- Fix problems with imported SVG embedded images and transforms [Taiga #4639](https://tree.taiga.io/project/penpot/issue/4639)
-
-## 1.18.0
-
-### :sparkles: New features
-
 - Adds more accessibility improvements in dashboard [Taiga #4577](https://tree.taiga.io/project/penpot/us/4577)
 - Adds paddings and gaps prediction on layout creation [Taiga #4838](https://tree.taiga.io/project/penpot/task/4838)
 - Add visual feedback when proportionally scaling text elements with **K** [Taiga #3415](https://tree.taiga.io/project/penpot/us/3415)
-- Add visualization and mouse control to paddings, margins and gaps in frames with layout [Taiga #4839](https://tree.taiga.io/project/penpot/task/4839)
+- Add visualization and mouse control to paddings in frames with layout [Taiga #4839](https://tree.taiga.io/project/penpot/task/4839)
 - Allow for absolute positioned elements inside layout [Taiga #4834](https://tree.taiga.io/project/penpot/us/4834)
 - Add z-index option for flex layout items [Taiga #2980](https://tree.taiga.io/project/penpot/us/2980)
 - Scale content proportionally affects strokes, shadows, blurs and corners [Taiga #1951](https://tree.taiga.io/project/penpot/us/1951)
-- Use tabulators to navigate layers [Taiga #5010](https://tree.taiga.io/project/penpot/issue/5010)
 
 ### :bug: Bugs fixed
 
-- Fix problem with rules position on changing pages [Taiga #4847](https://tree.taiga.io/project/penpot/issue/4847)
-- Fix error streen when uploading wrong SVG [#2995](https://github.com/penpot/penpot/issues/2995)
-- Fix selecting children from hidden parent layers [Taiga #4934](https://tree.taiga.io/project/penpot/issue/4934)
-- Fix problem when undoing multiple selected colors [Taiga #4920](https://tree.taiga.io/project/penpot/issue/4920)
-- Allow selection of empty board by partial rect [Taiga #4806](https://tree.taiga.io/project/penpot/issue/4806)
-- Improve behavior for undo on text edition [Taiga #4693](https://tree.taiga.io/project/penpot/issue/4693)
-- Improve deeps selection of nested arboards [Taiga #4913](https://tree.taiga.io/project/penpot/issue/4913)
-- Fix problem on selection numeric inputs on Firefox [#2991](https://github.com/penpot/penpot/issues/2991)
-- Changed the text dominant-baseline to use ideographic [Taiga #4791](https://tree.taiga.io/project/penpot/issue/4791)
-- Viewer wrong translations [Github #3035](https://github.com/penpot/penpot/issues/3035)
-- Fix problem with text editor in Safari
-- Fix unlink library color when blur color picker input [#3026](https://github.com/penpot/penpot/issues/3026)
-- Fix snap pixel when moving path points on high zoom [#2930](https://github.com/penpot/penpot/issues/2930)
-- Fix shortcuts for zoom now take into account the mouse position [#2924](https://github.com/penpot/penpot/issues/2924)
-- Fix close colorpicker on Firefox when mouse-up is outside the picker [#2911](https://github.com/penpot/penpot/issues/2911)
-- Fix problems with touch devices and Wacom tablets [#2216](https://github.com/penpot/penpot/issues/2216)
-- Fix problem with board titles misplaced [Taiga #4738](https://tree.taiga.io/project/penpot/issue/4738)
-- Fix problem with alt getting stuck when alt+tab [Taiga #5013](https://tree.taiga.io/project/penpot/issue/5013)
-- Fix problem with z positioning of elements [Taiga #5014](https://tree.taiga.io/project/penpot/issue/5014)
-- Fix problem in Firefox with scroll jumping when changin pages [#3052](https://github.com/penpot/penpot/issues/3052)
-- Fix nested frame interaction created flow in wrong frame [Taiga #5043](https://tree.taiga.io/project/penpot/issue/5043)
-- Font-Kerning does not work on Artboard Export to PNG/JPG/PDF [#3029](https://github.com/penpot/penpot/issues/3029)
-- Fix manipulate duplicated project (delete, duplicate, rename, pin/unpin...) [Taiga #5027](https://tree.taiga.io/project/penpot/issue/5027)
-- Fix deleted files appear in search results [Taiga #5002](https://tree.taiga.io/project/penpot/issue/5002)
-- Fix problem with selected colors and texts [Taiga #5051](https://tree.taiga.io/project/penpot/issue/5051)
-- Fix problem when assigning color from palette or assets [Taiga #5050](https://tree.taiga.io/project/penpot/issue/5050)
-- Fix shortcuts for alignment [Taiga #5030](https://tree.taiga.io/project/penpot/issue/5030)
-- Fix path options not showing when editing rects or ellipses [Taiga #5053](https://tree.taiga.io/project/penpot/issue/5053)
-- Fix tooltips for some alignment options are truncated on design tab [Taiga #5040](https://tree.taiga.io/project/penpot/issue/5040)
-- Fix horizontal margins drag don't always start from place [Taiga #5020](https://tree.taiga.io/project/penpot/issue/5020)
-- Fix multiplayer username sometimes is not displayed correctly [Taiga #4400](https://tree.taiga.io/project/penpot/issue/4400)
-- Show warning when trying to invite a user that is already in members [Taiga #4147](https://tree.taiga.io/project/penpot/issue/4147)
-- Fix problem with text out of borders when changing from auto-width to fixed [Taiga #4308](https://tree.taiga.io/project/penpot/issue/4308)
-- Fix header not showing when exiting fullscreen mode in viewer [Taiga #4244](https://tree.taiga.io/project/penpot/issue/4244)
-- Fix visual problem in select options [Taiga #5028](https://tree.taiga.io/project/penpot/issue/5028)
-- Forbid empty names for assets [Taiga #5056](https://tree.taiga.io/project/penpot/issue/5056)
-- Select children after ungroup action [Taiga #4917](https://tree.taiga.io/project/penpot/issue/4917)
-- Fix problem with guides not showing when moving over nested frames [Taiga #4905](https://tree.taiga.io/project/penpot/issue/4905)
-- Fix change email and password for users signed in via social login [Taiga #4273](https://tree.taiga.io/project/penpot/issue/4273)
-- Fix drag and drop files from browser or file explorer under circumstances [Taiga #5054](https://tree.taiga.io/project/penpot/issue/5054)
-- Fix problem when copy/pasting shapes [Taiga #4931](https://tree.taiga.io/project/penpot/issue/4931)
-- Fix problem with color picker not able to change hue [Taiga #5065](https://tree.taiga.io/project/penpot/issue/5065)
-- Fix problem with outer stroke in texts [Taiga #5078](https://tree.taiga.io/project/penpot/issue/5078)
-- Fix problem with text carring over next line when changing to fixed [Taiga #5067](https://tree.taiga.io/project/penpot/issue/5067)
-- Fix don't show invite user hero to users with editor role [Taiga #5086](https://tree.taiga.io/project/penpot/issue/5086)
-- Fix enter emails on onboarding new user creating team [Taiga #5089](https://tree.taiga.io/project/penpot/issue/5089)
-- Fix invalid files amount after moving on dashboard [Taiga #5080](https://tree.taiga.io/project/penpot/issue/5080)
-- Fix dashboard left sidebar, the [x] overlaps the field [Taiga #5064](https://tree.taiga.io/project/penpot/issue/5064)
-- Fix expanded typography on assets sidebar is moving [Taiga #5063](https://tree.taiga.io/project/penpot/issue/5063)
-- Fix spelling mistake in confirmation after importing only 1 file [Taiga #5095](https://tree.taiga.io/project/penpot/issue/5095)
-- Fix problem with selection colors and texts [Taiga #5079](https://tree.taiga.io/project/penpot/issue/5079)
-- Remove "show in view mode" flag when moving frame to frame [Taiga #5091](https://tree.taiga.io/project/penpot/issue/5091)
-- Fix problem creating files in project page [Taiga #5060](https://tree.taiga.io/project/penpot/issue/5060)
-- Disable empty names on rename files [Taiga #5088](https://tree.taiga.io/project/penpot/issue/5088)
-- Fix problem with SVG and flex layout [Taiga #](https://tree.taiga.io/project/penpot/issue/5099)
-- Fix unpublish and delete shared library warning messages [Taiga #5090](https://tree.taiga.io/project/penpot/issue/5090)
-- Fix last update project timer update after creating new file [Taiga #5096](https://tree.taiga.io/project/penpot/issue/5096)
-- Fix dashboard scrolling using 'Page Up' and 'Page Down' [Taiga #5081](https://tree.taiga.io/project/penpot/issue/5081)
-- Fix view mode header buttons overlapping in small resolutions [Taiga #5058](https://tree.taiga.io/project/penpot/issue/5058)
-- Fix precision for wrap in flex [Taiga #5072](https://tree.taiga.io/project/penpot/issue/5072)
-- Fix relative position overlay positioning [Taiga #5092](https://tree.taiga.io/project/penpot/issue/5092)
-- Fix hide grid keyboard shortcut [Github #3071](https://github.com/penpot/penpot/pull/3071)
-- Fix problem with opacity in imported SVG's [Taiga #4923](https://tree.taiga.io/project/penpot/issue/4923)
+### :arrow_up: Deps updates
 
 ### :heart: Community contributions by (Thank you!)
 - To @ondrejkonec: for contributing to the code with:
@@ -539,16 +26,6 @@
 ### :bug: Bugs fixed
 - Fix copy and paste very nested inside itself [Taiga #4848](https://tree.taiga.io/project/penpot/issue/4848)
 - Fix custom fonts not rendered correctly [Taiga #4874](https://tree.taiga.io/project/penpot/issue/4874)
-- Fix problem with shadows and blur on multiple selection
-- Fix problem with redo shortcut
-- Fix Component texts not displayed in assets panel [Taiga #4907](https://tree.taiga.io/project/penpot/issue/4907)
-- Fix search field has implemented shared styles for "close icon" and "search icon" [Taiga #4927](https://tree.taiga.io/project/penpot/issue/4927)
-- Fix Handling correctly slashes "/" in emails [Taiga #4906](https://tree.taiga.io/project/penpot/issue/4906)
-- Fix Change text color from selected colors [Taiga #4933](https://tree.taiga.io/project/penpot/issue/4933)
-
-### :sparkles: Enhancements
-
-- Adds environment variables for specifying the export and backend URI for the frontend docker image, thanks to @Supernova3339 for the initial PR and suggestion [Github #2984](https://github.com/penpot/penpot/issues/2984)
 
 ## 1.17.2
 

README.md

@@ -2,11 +2,10 @@
 [uri_license]: https://www.mozilla.org/en-US/MPL/2.0
 [uri_license_image]: https://img.shields.io/badge/MPL-2.0-blue.svg
 
-<picture>
-  <source media="(prefers-color-scheme: dark)" srcset="https://penpot.app/images/readme/github-dark-mode.png">
-  <source media="(prefers-color-scheme: light)" srcset="https://penpot.app/images/readme/github-light-mode.png">
-  <img alt="penpot header image" src="https://penpot.app/images/readme/github-light-mode.png">
-</picture>
+<h1 align="center">
+  <br>
+  <img src="https://penpot.app/images/readme/git-readme-header.png" alt="PENPOT">
+</h1>
 
 <p align="center"><a href="https://www.mozilla.org/en-US/MPL/2.0" rel="nofollow"><img src="https://camo.githubusercontent.com/3fcf3d6b678ea15fde3cf7d6af0e242160366282d62a7c182d83a50bfee3f45e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4d504c2d322e302d626c75652e737667" alt="License: MPL-2.0" data-canonical-src="https://img.shields.io/badge/MPL-2.0-blue.svg" style="max-width:100%;"></a>
 <a href="https://gitter.im/penpot/community" rel="nofollow"><img src="https://camo.githubusercontent.com/5b0aecb33434f82a7b158eab7247544235ada0cf7eeb9ce8e52562dd67f614b7/68747470733a2f2f6261646765732e6769747465722e696d2f736572656e6f2d78797a2f636f6d6d756e6974792e737667" alt="Gitter" data-canonical-src="https://badges.gitter.im/sereno-xyz/community.svg" style="max-width:100%;"></a>
@@ -14,36 +13,20 @@
 <a href="https://gitpod.io/#https://github.com/penpot/penpot" rel="nofollow"><img src="https://camo.githubusercontent.com/daadb4894128d1e19b72d80236f5959f1f2b47f9fe081373f3246131f0189f6c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f476974706f642d72656164792d2d746f2d2d636f64652d626c75653f6c6f676f3d676974706f64" alt="Gitpod ready-to-code" data-canonical-src="https://img.shields.io/badge/Gitpod-ready--to--code-blue?logo=gitpod" style="max-width:100%;"></a></p>
 
 <p align="center">
-    <a href="https://penpot.app/"><b>Website</b></a>  •  
-    <a href="https://help.penpot.app/technical-guide/getting-started/"><b>Getting Started</b></a>  •  
-    <a href="https://help.penpot.app/user-guide/"><b>User Guide</b></a>  •  
-    <a href="https://help.penpot.app/user-guide/introduction/info/"><b>Tutorials & Info</b></a>  •  
-    <a href="https://community.penpot.app/"><b>Community</b></a>
-</p>
-<p align="center">
-    <a href="https://www.youtube.com/@Penpot"><b>Youtube</b></a>  •  
-    <a href="https://peertube.kaleidos.net/a/penpot_app/video-channels"><b>Peertube</b></a>  •  
-    <a href="https://www.linkedin.com/company/penpot/"><b>Linkedin</b></a>  •  
-    <a href="https://instagram.com/penpot.app"><b>Instagram</b></a>  •  
-    <a href="https://fosstodon.org/@penpot/"><b>Mastodon</b></a>  •  
-    <a href="https://twitter.com/penpotapp"><b>X</b></a>
-
+    <a href="https://penpot.app/"><b>Website</b></a> •
+    <a href="https://help.penpot.app/technical-guide/getting-started/"><b>Getting Started</b></a> •
+    <a href="https://help.penpot.app/user-guide/"><b>User Guide</b></a> •
+    <a href="https://help.penpot.app/user-guide/introduction/info/"><b>Tutorials & Info</b></a> •
+    <a href="https://community.penpot.app/"><b>Community</b></a> •
+    <a href="https://twitter.com/penpotapp"><b>Twitter</b></a> •
+    <a href="https://instagram.com/penpot.app"><b>Instagram</b></a> •
+    <a href="https://fosstodon.org/@penpot/"><b>Mastodon</b></a> •
+    <a href="https://www.youtube.com/channel/UCAqS8G72uv9P5HG1IfgnQ9g"><b>Youtube</b></a>
 </p>
 
-<br />
+![feature-readme](https://user-images.githubusercontent.com/1045247/189871786-0b44f7cf-3a0a-4445-a87b-9919ec398bf7.gif)
 
-[Penpot video](https://github.com/penpot/penpot/assets/5446186/b8ad0764-585e-4ddc-b098-9b4090d337cc)
-
-<br />
-
-Penpot is the first **open-source** design tool for design and code collaboration. Designers can create stunning designs, interactive prototypes, design systems at scale, while developers enjoy ready-to-use code and make their workflow easy and fast. And all of this with no handoff drama.
-
-Penpot is available on browser and [self host](https://penpot.app/self-host). It’s web-based and works with open standards (SVG, CSS and HTML). And last but not least, it’s free! 
-
-Penpot’s latest [huge release 2.0](https://penpot.app/dev-diaries), takes the platform to a whole new level. This update introduces the ground-breaking [CSS Grid Layout feature](https://penpot.app/penpot-2.0), a complete UI redesign, a new Components system, and much more. Plus, it's faster and more accessible. 
-
-
-🎇 **Penpot Fest** is our design, code & Open Source event. Check out the highlights from [Penpot Fest 2023 edition](https://www.youtube.com/watch?v=sOpLZaK5mDc)!
+Penpot is the first **Open Source** design and prototyping platform meant for cross-domain teams. Non dependent on operating systems, Penpot is web based and works with open standards (SVG). Penpot invites designers all over the world to fall in love with open source while getting developers excited about the design process in return.
 
 ## Table of contents ##
 
@@ -55,47 +38,48 @@ Penpot’s latest [huge release 2.0](https://penpot.app/dev-diaries), takes the
 
 ## Why Penpot ##
 
-Penpot expresses designs as code. Designers can do their best work and see it will be beautifully implemented by developers in a two-way collaboration.
+Penpot makes design and prototyping accessible to every team in the world.
 
-### Designed for developers ###
-Penpot was built to serve both designers and developers and create a fluid design-code process. You have the choice to enjoy real-time collaboration or play "solo".
+### For cross-domain teams ###
+We have a clear focus on design and code teams and our capabilities reflect exactly that. The less hand-off mindset, the more fun for everyone.
 
-### Inspect mode ###
-Work with ready-to-use code and make your workflow easy and fast. The inspect tab gives instant access to SVG, CSS and HTML code.
+### Multiplatform ###
+Being web based, Penpot is not dependent on operating systems or local installations, you will only need to run a modern browser.
 
-### Self host your own instance ###
-Provide your team or organization with a completely owned collaborative design tool. Use Penpot's cloud service or deploy your own Penpot server.
-
-### Integrations ###
-Penpot offers integration into the development toolchain, thanks to its support for webhooks and an API accessible through access tokens.
-
-### What’s great for design ###
-With Penpot you can design libraries to share and reuse; turn design elements into components and tokens to allow reusability and scalability; and build realistic user flows and interactions.
-
-<br />
+### Open Standards ###
+Using SVG as no other design and prototyping tool does, Penpot files sport compatibility with most of the vectorial tools, are tech friendly and extremely easy to use on the web. We make sure you will always own your work.
 
 <p align="center">
-  <img src="https://img.plasmic.app/img-optimizer/v1/img?src=https%3A%2F%2Fimg.plasmic.app%2Fimg-optimizer%2Fv1%2Fimg%2F9dd677c36afb477e9666ccd1d3f009ad.png" alt="Open Source" style="width: 65%;">
+  <img src="https://penpot.app/images/readme/git-open.png" alt="Open Source" style="width: 65%;">
 </p>
 
-<br />
 
 ## Getting started ##
 
 ### Install with Elestio ###
-Penpot is the only design & prototype platform that is deployment agnostic. You can use it or deploy it anywhere.
+[Elestio](https://elest.io/) offers a fully managed service for on-premise instances of a selection of open-source software! This means you can deploy a dedicated instance of Penpot in just 3 minutes with no technical knowledge needed.
 
-Learn how to install it with Elestio and Docker, or other options on [our website](https://penpot.app/self-host).
-<br />
+You don’t need to worry about DNS configuration, SMTP, backups, SSL certificates, OS & Penpot upgrades, and much more.
+
+[Get started with Elestio.](https://help.penpot.app/technical-guide/getting-started/#install-with-elestio)
+
+### Install with Docker ###
+
+You can also get started with Penpot locally or self-host it with **docker** and **docker-compose**.
+
+Here’s a step-by-step guide on [getting started with Docker.](https://help.penpot.app/technical-guide/getting-started/#install-with-docker)
+
+### Penpot cloud app ###
+
+If you prefer not to install Penpot in a local environment, [login or register on our Penpot cloud app](https://design.penpot.app). Create a team to work together on projects and share design assets or jump right away into Penpot and **start designing** on your own.
 
 <p align="center">
-  <img src="https://site-assets.plasmic.app/2168cf524dd543caeff32384eb9ea0a1.svg" alt="Open Source" style="width: 65%;">
+  <img src="https://penpot.app/images/readme/git-self-host.png" alt="Getting started" style="width: 65%;">
 </p>
-<br />
 
 ## Community ##
 
-We love the Open Source software community. Contributing is our passion and if it’s yours too, participate and [improve](https://community.penpot.app/c/help-us-improve-penpot/7) Penpot. All your designs, code and ideas are welcome!
+We love the open source software community. Contributing is our passion and if it’s yours too, [participate](https://community.penpot.app/) and [improve](https://community.penpot.app/c/help-us-improve-penpot/7) Penpot. All your ideas and code are welcome!
 
 If you need help or have any questions; if you’d like to share your experience using Penpot or get inspired; if you’d rather meet our community of developers and designers, [join our Community](https://community.penpot.app/)!
 
@@ -107,41 +91,29 @@ You will find the following categories:
 - [Events and Announcements](https://community.penpot.app/c/announcements/5)
 - [Inside Penpot](https://community.penpot.app/c/inside-penpot/21)
 - [Penpot in your language](https://community.penpot.app/c/penpot-in-your-language/12)
-- [Design and Code Essentials](https://community.penpot.app/c/design-and-code-essentials/22)
-
-
-<br />
 
 <p align="center">
-  <img src="https://github.com/penpot/penpot/assets/5446186/6ac62220-a16c-46c9-ab21-d24ae357ed03" alt="Community" style="width: 65%;">
+  <img src="https://penpot.app/images/readme/git-collaborate.png" alt="Communnity" style="width: 65%;">
 </p>
-<br />
 
 ## Contributing ##
 
-Any contribution will make a difference to improve Penpot. How can you get involved? 
+Every sort of contribution will be very helpful to enhance Penpot. How you’ll participate? All your ideas, designs and code are welcome:
 
-Choose your way: 
-
-- Create and [share Libraries & Templates](https://penpot.app/libraries-templates.html) that will be helpful for the community
 - Invite your [team to join](https://design.penpot.app/#/auth/register)
-- Star this repo and follow us on Social Media: [Mastodon](https://fosstodon.org/@penpot/), [Youtube](https://www.youtube.com/c/Penpot), [Instagram](https://instagram.com/penpot.app), [Linkedin](https://www.linkedin.com/company/penpotdesign),  [Peertube](https://peertube.kaleidos.net/a/penpot_app) and [X](https://twitter.com/penpotapp).
-- Participate in the [Community](https://community.penpot.app/) space by asking and answering questions; reacting to others’ articles;  opening your own conversations and following along on decisions affecting the project.
+- Star this repo and follow us on Social Media:  [Twitter](https://twitter.com/penpotapp), [Instagram](https://instagram.com/penpot.app), [Youtube](https://www.youtube.com/c/Penpot) or [Mastodon](https://fosstodon.org/@penpot/).
+- Participate in the [Community](https://community.penpot.app/) asking and answering questions, reacting to others’ articles or opening your own conversations.
 - Report bugs with our easy [guide for bugs hunting](https://help.penpot.app/contributing-guide/reporting-bugs/) or [GitHub issues](https://github.com/penpot/penpot/issues)
+- Create and [share Libraries & templates](https://penpot.app/libraries-templates.html) that will be helpful for the community
 - Become a [translator](https://help.penpot.app/contributing-guide/translations)
-- Give feedback: [Email us](mailto:support@penpot.app)
-- **Contribute to Penpot's code:** [Watch this video](https://www.youtube.com/watch?v=TpN0osiY-8k) by Alejandro Alonso, CIO and developer at Penpot, where he gives us a hands-on demo of how to use Penpot’s repository and make changes in both front and back end
+- Give feedback: [Mail us](mailto:support@penpot.app)
 
-To find (almost) everything you need to know on how to contribute to Penpot, refer to the [contributing guide](https://help.penpot.app/contributing-guide/).
-
-<br />
+To find (almost) everything you need to know on how to contribute to Penpot, refer to the [contributing-guide](https://help.penpot.app/contributing-guide/).
 
 <p align="center">
-  <img src="https://github.com/penpot/penpot/assets/5446186/fea18923-dc06-49be-86ad-c3496a7956e6" alt="Libraries and templates" style="width: 65%;">
+  <img src="https://penpot.app/images/readme/git-community.png" alt="Contributing" style="width: 65%;">
 </p>
 
-<br />
-
 ## Resources ##
 
 You can ask and answer questions, have open-ended conversations, and follow along on decisions affecting the project.
@@ -152,7 +124,7 @@ You can ask and answer questions, have open-ended conversations, and follow alon
 
 ✏️ [Tutorials](https://www.youtube.com/playlist?list=PLgcCPfOv5v54WpXhHmNO7T-YC7AE-SRsr)
 
-🏘️ [Architecture](https://help.penpot.app/technical-guide/developer/architecture/)
+🏘️ [Architecture](https://help.penpot.app/technical-guide/architecture/)
 
 📚 [Dev Diaries](https://penpot.app/dev-diaries.html)
 
@@ -166,4 +138,4 @@ file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 Copyright (c) KALEIDOS INC
 ```
-Penpot is a Kaleidos’ [open source project](https://kaleidos.net/)
+Penpot is a Kaleidos’ [open source project](https://kaleidos.net/products)

THANKYOU.md

@@ -2,35 +2,27 @@
 
 We want to thank to the amazing people that help us! Thank you! You're the best!
 
-Feel free you make a PR updating this file if you miss you in the
-list.
-
 ## Security
-
 * Husnain Iqbal (CEO OF ALPHA INFERNO PVT LTD)
 * [Shiraz Ali Khan](https://www.linkedin.com/in/shiraz-ali-khan-1ba508180/)
-* Vaibhav Shukla
-* Hassan Ahmed (Alias Xen Lee)
-* Michal Biesiada (@mbiesiad)
 
 ## Internationalization
-
 * [00ff88](https://hosted.weblate.org/user/00ff88)
 * [AhmadHB](https://hosted.weblate.org/user/AhmadHB)
 * [Aimee](https://hosted.weblate.org/user/Aimee)
-* [alejandro.alonso](https://hosted.weblate.org/user/alejandro.alonso)
+* [alejandro.alonso](alejandro.https://hosted.weblate.org/user/alonso)
 * [alexpawlak](https://hosted.weblate.org/user/alexpawlak)
 * [allytiago](https://hosted.weblate.org/user/allytiago)
-* [alonso.torres](https://hosted.weblate.org/user/alonso.torres)
-* [andres.moya](https://hosted.weblate.org/user/andres.moya)
+* [alonso.torres](alonso.https://hosted.weblate.org/user/torres)
+* [andres.moya](andres.https://hosted.weblate.org/user/moya)
 * [antoniofsm](https://hosted.weblate.org/user/antoniofsm)
 * [ascarida](https://hosted.weblate.org/user/ascarida)
 * [Bechii](https://hosted.weblate.org/user/Bechii)
 * [Beeby](https://hosted.weblate.org/user/Beeby)
-* [bingling-sama](https://hosted.weblate.org/user/bingling-sama)
+* [bingling-sama](bingling-https://hosted.weblate.org/user/sama)
 * [devadarta](https://hosted.weblate.org/user/devadarta)
 * [diacritica](https://hosted.weblate.org/user/diacritica)
-* [dundzys.vincas](https://hosted.weblate.org/user/dundzys.vincas)
+* [dundzys.vincas](dundzys.https://hosted.weblate.org/user/vincas)
 * [Eranot](https://hosted.weblate.org/user/Eranot)
 * [erral](https://hosted.weblate.org/user/erral)
 * [ersen](https://hosted.weblate.org/user/ersen)
@@ -96,7 +88,6 @@ list.
 * [zcraber](https://hosted.weblate.org/user/zcraber)
 
 ## Libraries & templates
-
 * systxema
 * plumilla
 * victor crespo

backend/.gitignore

@@ -1,7 +0,0 @@
-.pnp.*
-.yarn/*
-!.yarn/patches
-!.yarn/plugins
-!.yarn/releases
-!.yarn/sdks
-!.yarn/versions

backend/deps.edn

@@ -1,12 +1,10 @@
-{:mvn/repos
- {"sonatype" {:url "https://oss.sonatype.org/content/repositories/snapshots/"}}
-
- :deps
+{:deps
  {penpot/common {:local/root "../common"}
-  org.clojure/clojure {:mvn/version "1.12.0-alpha12"}
-  org.clojure/tools.namespace {:mvn/version "1.5.0"}
+  org.clojure/clojure {:mvn/version "1.11.1"}
+  org.clojure/core.async {:mvn/version "1.6.673"}
 
-  com.github.luben/zstd-jni {:mvn/version "1.5.6-3"}
+  com.github.luben/zstd-jni {:mvn/version "1.5.2-5"}
+  org.clojure/data.fressian {:mvn/version "1.0.0"}
 
   io.prometheus/simpleclient {:mvn/version "0.16.0"}
   io.prometheus/simpleclient_hotspot {:mvn/version "0.16.0"}
@@ -17,33 +15,28 @@
 
   io.prometheus/simpleclient_httpserver {:mvn/version "0.16.0"}
 
-  io.lettuce/lettuce-core {:mvn/version "6.3.2.RELEASE"}
+  io.lettuce/lettuce-core {:mvn/version "6.2.2.RELEASE"}
   java-http-clj/java-http-clj {:mvn/version "0.4.3"}
 
   funcool/yetti
-  {:git/tag "v10.0"
-   :git/sha "520613f"
+  {:git/tag "v9.12"
+   :git/sha "51646d8"
    :git/url "https://github.com/funcool/yetti.git"
    :exclusions [org.slf4j/slf4j-api]}
 
-  com.github.seancorfield/next.jdbc {:mvn/version "1.3.939"}
-  metosin/reitit-core {:mvn/version "0.7.0"}
-  nrepl/nrepl {:mvn/version "1.1.2"}
-  cider/cider-nrepl {:mvn/version "0.48.0"}
-
-  org.postgresql/postgresql {:mvn/version "42.7.3"}
-  org.xerial/sqlite-jdbc {:mvn/version "3.46.0.0"}
-
-  com.zaxxer/HikariCP {:mvn/version "5.1.0"}
+  com.github.seancorfield/next.jdbc {:mvn/version "1.3.847"}
+  metosin/reitit-core {:mvn/version "0.5.18"}
+  org.postgresql/postgresql {:mvn/version "42.5.2"}
+  com.zaxxer/HikariCP {:mvn/version "5.0.1"}
 
   io.whitfin/siphash {:mvn/version "2.0.0"}
 
-  buddy/buddy-hashers {:mvn/version "2.0.167"}
-  buddy/buddy-sign {:mvn/version "3.5.351"}
+  buddy/buddy-hashers {:mvn/version "1.8.158"}
+  buddy/buddy-sign {:mvn/version "3.4.333"}
 
-  com.github.ben-manes.caffeine/caffeine {:mvn/version "3.1.8"}
+  com.github.ben-manes.caffeine/caffeine {:mvn/version "3.1.2"}
 
-  org.jsoup/jsoup {:mvn/version "1.17.2"}
+  org.jsoup/jsoup {:mvn/version "1.15.3"}
   org.im4java/im4java
   {:git/tag "1.4.0-penpot-2"
    :git/sha "e2b3e16"
@@ -52,13 +45,14 @@
   org.lz4/lz4-java {:mvn/version "1.8.0"}
 
   org.clojars.pntblnk/clj-ldap {:mvn/version "0.0.17"}
+  integrant/integrant {:mvn/version "0.8.0"}
 
   dawran6/emoji {:mvn/version "0.1.5"}
-  markdown-clj/markdown-clj {:mvn/version "1.12.1"}
+  markdown-clj/markdown-clj {:mvn/version "1.11.4"}
 
   ;; Pretty Print specs
   pretty-spec/pretty-spec {:mvn/version "0.1.4"}
-  software.amazon.awssdk/s3 {:mvn/version "2.25.63"}
+  software.amazon.awssdk/s3 {:mvn/version "2.19.29"}
   }
 
  :paths ["src" "resources" "target/classes"]
@@ -66,6 +60,7 @@
  {:dev
   {:extra-deps
    {com.bhauman/rebel-readline {:mvn/version "RELEASE"}
+    org.clojure/tools.namespace {:mvn/version "RELEASE"}
     clojure-humanize/clojure-humanize {:mvn/version "0.2.2"}
     org.clojure/data.csv {:mvn/version "RELEASE"}
     com.clojure-goes-fast/clj-async-profiler {:mvn/version "RELEASE"}
@@ -74,13 +69,16 @@
 
   :build
   {:extra-deps
-   {io.github.clojure/tools.build {:git/tag "v0.10.3" :git/sha "15ead66"}}
+   {io.github.clojure/tools.build {:git/tag "v0.9.3" :git/sha "e537cd1"}}
    :ns-default build}
 
   :test
-  {:main-opts ["-m" "kaocha.runner"]
-   :jvm-opts ["-Dlog4j2.configurationFile=log4j2-devenv-repl.xml"]
-   :extra-deps {lambdaisland/kaocha {:mvn/version "1.91.1392"}}}
+  {:extra-paths ["test"]
+   :extra-deps
+   {io.github.cognitect-labs/test-runner
+    {:git/tag "v0.5.1" :git/sha "dfb30dd"}}
+   :main-opts ["-m" "cognitect.test-runner"]
+   :exec-fn cognitect.test-runner.api/test}
 
   :outdated
   {:extra-deps {com.github.liquidz/antq {:mvn/version "RELEASE"}}
@@ -88,8 +86,8 @@
 
   :jmx-remote
   {:jvm-opts ["-Dcom.sun.management.jmxremote"
-              "-Dcom.sun.management.jmxremote.port=9091"
-              "-Dcom.sun.management.jmxremote.rmi.port=9091"
+              "-Dcom.sun.management.jmxremote.port=9090"
+              "-Dcom.sun.management.jmxremote.rmi.port=9090"
               "-Dcom.sun.management.jmxremote.local.only=false"
               "-Dcom.sun.management.jmxremote.authenticate=false"
               "-Dcom.sun.management.jmxremote.ssl=false"

backend/dev/user.clj

@@ -7,28 +7,20 @@
 (ns user
   (:require
    [app.common.data :as d]
-   [app.common.debug :as debug]
    [app.common.exceptions :as ex]
-   [app.common.files.helpers :as cfh]
-   [app.common.fressian :as fres]
    [app.common.geom.matrix :as gmt]
    [app.common.logging :as l]
    [app.common.perf :as perf]
    [app.common.pprint :as pp]
-   [app.common.schema :as sm]
-   [app.common.schema.desc-js-like :as smdj]
-   [app.common.schema.desc-native :as smdn]
-   [app.common.schema.generators :as sg]
    [app.common.spec :as us]
    [app.common.transit :as t]
-   [app.common.types.file :as ctf]
    [app.common.uuid :as uuid]
-   [app.config :as cf]
-   [app.db :as db]
+   [app.config :as cfg]
    [app.main :as main]
-   [app.srepl.helpers :as srepl.helpers]
+   [app.srepl.helpers]
    [app.srepl.main :as srepl]
    [app.util.blob :as blob]
+   [app.util.fressian :as fres]
    [app.util.json :as json]
    [app.util.time :as dt]
    [clj-async-profiler.core :as prof]
@@ -39,28 +31,18 @@
    [clojure.spec.alpha :as s]
    [clojure.stacktrace :as trace]
    [clojure.test :as test]
-   [clojure.test.check.generators :as tgen]
+   [clojure.test.check.generators :as gen]
    [clojure.tools.namespace.repl :as repl]
    [clojure.walk :refer [macroexpand-all]]
    [criterium.core  :as crit]
    [cuerdas.core :as str]
-   [datoteka.fs :as fs]
-   [integrant.core :as ig]
-   [malli.core :as m]
-   [malli.dev.pretty :as mdp]
-   [malli.error :as me]
-   [malli.generator :as mg]
-   [malli.registry :as mr]
-   [malli.transform :as mt]
-   [malli.util :as mu]
-   [promesa.exec :as px]))
+   [datoteka.core]
+   [integrant.core :as ig]))
 
 (repl/disable-reload! (find-ns 'integrant.core))
-(repl/disable-reload! (find-ns 'app.common.debug))
-
 (set! *warn-on-reflection* true)
 
-(add-tap #'debug/tap-handler)
+(defonce system nil)
 
 ;; --- Benchmarking Tools
 
@@ -99,14 +81,20 @@
 (defn- start
   []
   (try
-    (main/start)
+    (alter-var-root #'system (fn [sys]
+                               (when sys (ig/halt! sys))
+                               (-> (merge main/system-config main/worker-config)
+                                   (ig/prep)
+                                   (ig/init))))
     :started
     (catch Throwable cause
       (ex/print-throwable cause))))
 
 (defn- stop
   []
-  (main/stop)
+  (alter-var-root #'system (fn [sys]
+                             (when sys (ig/halt! sys))
+                             nil))
   :stopped)
 
 (defn restart
@@ -119,29 +107,26 @@
   (stop)
   (repl/refresh-all :after 'user/start))
 
-;; (defn compression-bench
-;;   [data]
-;;   (let [humanize (fn [v] (hum/filesize v :binary true :format " %.4f "))
-;;         v1 (time (humanize (alength (blob/encode data {:version 1}))))
-;;         v3 (time (humanize (alength (blob/encode data {:version 3}))))
-;;         v4 (time (humanize (alength (blob/encode data {:version 4}))))
-;;         v5 (time (humanize (alength (blob/encode data {:version 5}))))
-;;         v6 (time (humanize (alength (blob/encode data {:version 6}))))
-;;         ]
-;;     (print-table
-;;      [{
-;;        :v1 v1
-;;        :v3 v3
-;;        :v4 v4
-;;        :v5 v5
-;;        :v6 v6
-;;        }])))
+(defn compression-bench
+  [data]
+  (let [humanize (fn [v] (hum/filesize v :binary true :format " %.4f "))
+        v1 (time (humanize (alength (blob/encode data {:version 1}))))
+        v3 (time (humanize (alength (blob/encode data {:version 3}))))
+        v4 (time (humanize (alength (blob/encode data {:version 4}))))
+        v5 (time (humanize (alength (blob/encode data {:version 5}))))
+        v6 (time (humanize (alength (blob/encode data {:version 6}))))
+        ]
+    (print-table
+     [{
+       :v1 v1
+       :v3 v3
+       :v4 v4
+       :v5 v5
+       :v6 v6
+       }])))
 
-
-(defn calculate-frames
-  [{:keys [data]}]
-  (->> (vals (:pages-index data))
-       (mapcat (comp vals :objects))
-       (filter cfh/is-direct-child-of-root?)
-       (filter cfh/frame-shape?)
-       (count)))
+(defonce debug-tap
+  (do
+    (add-tap #(locking debug-tap
+                (prn "tap debug:" %)))
+    1))

backend/package.json

@@ -1,26 +1,18 @@
 {
-  "name": "backend",
-  "version": "1.0.0",
-  "license": "MPL-2.0",
-  "author": "Kaleidos INC",
-  "private": true,
-  "packageManager": "yarn@4.2.2",
+  "name": "uxbox-back",
+  "version": "0.1.0",
+  "description": "The Open-Source prototyping tool",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "build-emails": "./scripts/build-email-templates.sh"
+  },
   "repository": {
     "type": "git",
-    "url": "https://github.com/penpot/penpot"
-  },
-  "dependencies": {
-    "luxon": "^3.4.4",
-    "sax": "^1.4.1"
+    "url": "git+https://github.com/uxbox/uxbox.git"
   },
+  "author": "Uxbox",
+  "license": "SEE LICENSE IN <LICENSE>",
   "devDependencies": {
-    "nodemon": "^3.1.2",
-    "source-map-support": "^0.5.21",
-    "ws": "^8.17.0"
-  },
-  "scripts": {
-    "fmt:clj:check": "cljfmt check --parallel=false src/ test/",
-    "fmt:clj": "cljfmt fix --parallel=true src/ test/",
-    "lint:clj": "clj-kondo --parallel --lint src/"
+    "mjml": "^4.6.3"
   }
 }

backend/resources/app/email/change-email/en.html

@@ -168,7 +168,7 @@
                 <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="vertical-align:top;" width="100%">
                   <tr>
                     <td align="left" style="font-size:0px;padding:10px 25px;word-break:break-word;">
-                      <div style="font-family:Source Sans Pro, sans-serif;font-size:24px;font-weight:600;line-height:150%;text-align:left;color:#000000;">Hello {{name|abbreviate:25}}!</div>
+                      <div style="font-family:Source Sans Pro, sans-serif;font-size:24px;font-weight:600;line-height:150%;text-align:left;color:#000000;">Hello {{name}}!</div>
                     </td>
                   </tr>
                   <tr>
@@ -475,4 +475,4 @@
   </div>
 </body>
 
-</html>
+</html>

backend/resources/app/email/change-email/en.txt

@@ -1,4 +1,4 @@
-Hello {{name|abbreviate:25}}!
+Hello {{name}}!
 
 We received a request to change your current email to {{ pending-email }}.
 

backend/resources/app/email/feedback/en.html

@@ -11,7 +11,7 @@
       {% if profile %}
         <span>
           <span>Name: </span>
-          <span><code>{{profile.fullname|abbreviate:25}}</code></span>
+          <span><code>{{profile.fullname}}</code></span>
         </span>
         <br />
 
@@ -34,7 +34,7 @@
     </p>
     <p>
       <strong>Subject:</strong><br />
-      <span>{{subject|abbreviate:300}}</span>
+      <span>{{subject}}</span>
     </p>
 
     <p>

backend/resources/app/email/invite-to-team/en.html

@@ -173,7 +173,7 @@
                   </tr>
                   <tr>
                     <td align="left" style="font-size:0px;padding:10px 25px;word-break:break-word;">
-                      <div style="font-family:Source Sans Pro, sans-serif;font-size:16px;line-height:150%;text-align:left;color:#000000;">{{invited-by|abbreviate:25}} has invited you to join the team “{{ team|abbreviate:25 }}”.</div>
+                      <div style="font-family:Source Sans Pro, sans-serif;font-size:16px;line-height:150%;text-align:left;color:#000000;">{{invited-by}} has invited you to join the team “{{ team }}”.</div>
                     </td>
                   </tr>
                   <tr>
@@ -465,4 +465,4 @@
   </div>
 </body>
 
-</html>
+</html>

backend/resources/app/email/invite-to-team/en.txt

@@ -1,6 +1,6 @@
 Hello!
 
-{{invited-by|abbreviate:25}} has invited you to join the team “{{ team|abbreviate:25 }}”.
+{{invited-by}} has invited you to join the team “{{ team }}”.
 
 Accept invitation using this link:
 

backend/resources/app/email/password-recovery/en.html

@@ -168,7 +168,7 @@
                 <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="vertical-align:top;" width="100%">
                   <tr>
                     <td align="left" style="font-size:0px;padding:10px 25px;word-break:break-word;">
-                      <div style="font-family:Source Sans Pro, sans-serif;font-size:24px;font-weight:600;line-height:150%;text-align:left;color:#000000;">Hello {{name|abbreviate:25}}!</div>
+                      <div style="font-family:Source Sans Pro, sans-serif;font-size:24px;font-weight:600;line-height:150%;text-align:left;color:#000000;">Hello {{name}}!</div>
                     </td>
                   </tr>
                   <tr>
@@ -470,4 +470,4 @@
   </div>
 </body>
 
-</html>
+</html>

backend/resources/app/email/password-recovery/en.txt

@@ -1,4 +1,4 @@
-Hello {{name|abbreviate:25}}!
+Hello {{name}}!
 
 We received a request to reset your password. Click the link below to choose a
 new one:

backend/resources/app/email/register/en.html

@@ -168,7 +168,7 @@
                 <table border="0" cellpadding="0" cellspacing="0" role="presentation" style="vertical-align:top;" width="100%">
                   <tr>
                     <td align="left" style="font-size:0px;padding:10px 25px;word-break:break-word;">
-                      <div style="font-family:Source Sans Pro, sans-serif;font-size:24px;font-weight:600;line-height:150%;text-align:left;color:#000000;">Hello {{name|abbreviate:25}}!</div>
+                      <div style="font-family:Source Sans Pro, sans-serif;font-size:24px;font-weight:600;line-height:150%;text-align:left;color:#000000;">Hello {{name}}!</div>
                     </td>
                   </tr>
                   <tr>

backend/resources/app/email/register/en.txt

@@ -1,4 +1,4 @@
-Hello {{name|abbreviate:25}}!
+Hello {{name}}!
 
 Thanks for signing up for your Penpot account! Please verify your email using the
 link below and get started building mockups and prototypes today!

backend/resources/app/onboarding.edn

@@ -1,33 +1,36 @@
 [{:id "tutorial-for-beginners"
   :name "Tutorial for beginners"
+  :thumbnail-uri "https://penpot.app/images/libraries/tutorial-for-beginners.jpg"
   :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/tutorial-for-beginners.penpot"}
- {:id "lucide-icons"
-  :name "Lucide Icons"
-  :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/Lucide-icons.penpot"}
- {:id "font-awesome"
-  :name "Font Awesome"
-  :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/Font-Awesome.penpot"}
- {:id "plants-app"
-  :name "Plants app"
-  :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/Plants-app.penpot"}
+ {:id "penpot-design-system"
+  :name "Penpot Design System"
+  :thumbnail-uri "https://penpot.app/images/libraries/cover-ds-penpot.jpg"
+  :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/Penpot-Design-system.penpot"}
  {:id "wireframing-kit"
   :name "Wireframing Kit"
+  :thumbnail-uri "https://penpot.app/images/libraries/cover-wireframes.jpg"
   :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/wireframing-kit.penpot"}
- {:id "black-white-mobile-templates"
-  :name "Black & White Mobile Templates"
-  :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/Black-White-Mobile-Templates.penpot"}
- {:id "avataaars"
-  :name "Avataaars"
-  :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/Avataaars-by-Pablo-Stanley.penpot"}
- {:id "ux-notes"
-  :name "UX Notes"
-  :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/UX-Notes.penpot"}
+ {:id "ant-design"
+  :name "Ant Design UI Kit (lite)"
+  :thumbnail-uri "https://penpot.app/images/libraries/cover-ant-design.jpg"
+  :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/Ant-Design-UI-Kit-Lite.penpot"}
+ {:id "cocomaterial"
+  :name "Cocomaterial"
+  :thumbnail-uri "https://penpot.app/images/libraries/cover-cocomaterial.jpg"
+  :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/Cocomaterial.penpot"}
+ {:id "circum-icons"
+  :name "Circum Icons pack"
+  :thumbnail-uri "https://penpot.app/images/libraries/cover-circum.jpg"
+  :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/CircumIcons.penpot"}
+ {:id "coreui"
+  :name "CoreUI"
+  :thumbnail-uri "https://penpot.app/images/libraries/cover-coreui.jpg"
+  :file-uri "https://github.com/penpot/penpot-files/raw/main/CoreUI%20DesignSystem%20(DEMO).penpot"}
  {:id "whiteboarding-kit"
   :name "Whiteboarding Kit"
+  :thumbnail-uri "https://penpot.app/images/libraries/cover-whiteboards.jpg"
   :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/Whiteboarding-mapping-kit.penpot"}
- {:id "open-color-scheme"
-  :name "Open Color Scheme"
-  :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/Open-Color-Scheme.penpot"}
- {:id "flex-layout-playground"
-  :name "Flex Layout Playground"
-  :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/Flex-Layout-Playground.penpot"}]
+ {:id "material-design-baseline"
+  :name "Material Design (baseline)"
+  :thumbnail-uri "https://penpot.app/images/libraries/cover-material.jpg"
+  :file-uri "https://github.com/penpot/penpot-files/raw/binary-files/Material-Design-Kit.penpot"}]

backend/resources/app/templates/api-doc-entry.tmpl

@@ -1,5 +1,6 @@
 <li class="rpc-item">
   <div class="rpc-row-info">
+    {# <div class="type">{{item.type}}</div> #}
     <div class="module">{{item.module}}:</div>
     <div class="name">{{item.name}}</div>
     <div class="tags">
@@ -14,29 +15,19 @@
           <span>AUTH</span>
         </span>
       {% endif %}
-
+      
       {% if item.webhook %}
         <span class="tag">
           <span>WEBHOOK</span>
         </span>
       {% endif %}
-      {% if item.params-schema-js %}
-        <span class="tag">
-          <span>SCHEMA</span>
-        </span>
-      {% endif %}
-
-      {% if item.sse %}
-        <span class="tag">
-          <span>SSE</span>
-        </span>
-      {% endif %}
     </div>
   </div>
   <div class="rpc-row-detail hidden">
-    <h4>DOCSTRING:</h4>
+    <h3>DOCSTRING:</h3>
 
     <section class="padded-section">
+
       {% if item.added %}
         <p class="small"><strong>Added:</strong> on v{{item.added}}</p>
       {% endif %}
@@ -45,18 +36,13 @@
         <p class="small"><strong>Deprecated:</strong> since v{{item.deprecated}}</p>
       {% endif %}
 
-      {% if item.entrypoint %}
-        <p class="small"><strong>URI:</strong> <a href="{{item.entrypoint}}">{{item.entrypoint}}</a></p>
-      {% endif %}
-
       {% if item.docs %}
         <p class="docstring"> {{item.docs}}</p>
       {% endif %}
-
     </section>
 
     {% if item.changes %}
-      <h4>CHANGES:</h4>
+      <h3>CHANGES:</h3>
       <section class="padded-section">
 
         <ul class="changes">
@@ -67,55 +53,9 @@
       </section>
     {% endif %}
 
-    {% if item.spec %}
-      <h4>PARAMS (SPEC):</h4>
-      <section class="padded-section">
-        <pre class="spec-explain">{{item.spec}}</pre>
-      </section>
-    {% endif %}
-
-    {% if param-style = "js" %}
-      {% if item.params-schema-js %}
-        <h4>PARAMS:</h4>
-        <section class="padded-section">
-          <pre class="params-schema">{{item.params-schema-js}}</pre>
-        </section>
-      {% endif %}
-
-      {% if item.result-schema-js %}
-        <h4>RESPONSE:</h4>
-        <section class="padded-section">
-          <pre class="result">{{item.result-schema-js}}</pre>
-        </section>
-      {% endif %}
-
-      {% if item.webhook-schema-js %}
-        <h4>WEBHOOK PAYLOAD:</h4>
-        <section class="padded-section">
-          <pre class="webhook">{{item.webhook-schema-js}}</pre>
-        </section>
-      {% endif %}
-    {% else %}
-      {% if item.params-schema-clj %}
-        <h4>PARAMS:</h4>
-        <section class="padded-section">
-          <pre class="params-schema">{{item.params-schema-clj}}</pre>
-        </section>
-      {% endif %}
-
-      {% if item.result-schema-clj %}
-        <h4>RESPONSE:</h4>
-        <section class="padded-section">
-          <pre class="result">{{item.result-schema-clj}}</pre>
-        </section>
-      {% endif %}
-
-      {% if item.webhook-schema-clj %}
-        <h4>WEBHOOK PAYLOAD:</h4>
-        <section class="padded-section">
-          <pre class="webhook">{{item.webhook-schema-clj}}</pre>
-        </section>
-      {% endif %}
-    {% endif %}
+    <h3>SPEC EXPLAIN:</h3>
+    <section class="padded-section">
+      <pre class="spec-explain">{{item.spec}}</pre>
+    </section>
   </div>
 </li>

backend/resources/app/templates/api-doc.css

@@ -27,78 +27,12 @@ main {
 header {
   border-bottom: 1px solid #c0c0c0;
   display: flex;
-  flex-direction: column;
-  align-items: center;
   justify-content: center;
   width: 100%;
 }
 
-header .menu {
-  display: flex;
-  align-items: center;
-  margin-top: 5px;
-  margin-bottom: 10px;
-}
-
-header .menu nav {
-  list-style: none;
-  padding: 0px;
-  margin: 0px;
-  display: flex;
-  width: 45px;
-  justify-content: space-between;
-}
-
-header .menu nav > a {
-  list-style: none;
-  padding: 0px;
-  margin: 0px;
-  cursor: pointer;
-}
-
-header .menu nav > a.selected {
-  font-weight: 600;
-}
-
-b {
-  font-weight: 500;
-}
-
-h2 {
-  margin-top: 30px;
-}
-
-h3 {
-  font-weight: 400;
-  font-size: 11px;
-  margin-top: 20px;
-  text-decoration: underline;
-}
-
-h4 {
-  font-weight: 300;
-  font-size: 11px;
-}
-
-.doc-content {
-  margin-top: 20px;
-  width: 100%;
-  display: flex;
-  flex-direction: column;
-  /* border: 1px solid red; */
-  padding: 5px;
-}
-
-.doc-content p {
-  line-height: 22px;
-  margin-bottom: 0px;
-}
-
-.doc-content h3 {
-  margin-bottom: 0px;
-}
-
 .rpc-doc-content {
+  margin-top: 20px;
   width: 100%;
   display: flex;
   flex-direction: column;
@@ -131,7 +65,7 @@ h4 {
 .rpc-row-info {
   cursor: pointer;
   display: flex;
-  background-color: #e5e5e5;
+  background-color: #eeeeee;
   padding: 5px 10px;
 }
 
@@ -156,7 +90,7 @@ h4 {
 }
 
 .rpc-row-info > .module {
-  width: 150px;
+  width: 120px;
   font-weight: bold;
   border-right: 1px dotted #777;
   text-align: right;
@@ -174,8 +108,6 @@ h4 {
 .rpc-row-detail {
   padding: 5px 10px;
   padding-bottom: 20px;
-  border-left: 2px solid #e5e5e5;
-  border-right: 2px solid #e5e5e5;
 }
 
 .rpc-row-detail p {
@@ -211,7 +143,3 @@ h4 {
 p.small strong {
   font-size: 10px;
 }
-
-p.small a {
-  font-size: 10px;
-}

backend/resources/app/templates/api-doc.tmpl

@@ -20,88 +20,26 @@
     <main>
       <header>
         <h1>Penpot API Documentation (v{{version}})</h1>
-        <small class="menu">
-          [
-          <nav>
-            <a href="?type=js" {% if param-style = "js" %}class="selected"{% endif %}>JS</a>
-            <a href="?type=clj" {% if param-style = "cljs" %}class="selected"{% endif %}>CLJ</a>
-          </nav>
-          ]
-        </small>
       </header>
-      <section class="doc-content">
-        <h2>INTRODUCTION</h2>
-        <p>This documentation is intended to be a general overview of the penpot RPC API.
-          If you prefer, you can use <a href="/api/openapi.json">OpenAPI</a>
-          and/or <a href="/api/openapi">SwaggerUI</a> as alternative.</p>
-
-        <h2>GENERAL NOTES</h2>
-
-        <h3>HTTP Transport & Methods</h3>
-        <p>The HTTP is the transport method for accesing this API; all
-        functions can be called using POST HTTP method; the functions
-        that starts with <b>get-</b> in the name, can use GET HTTP
-        method which in many cases benefits from the HTTP cache.</p>
-
-
-        <h3>Authentication</h3>
-        <p>The penpot backend right now offers two way for authenticate the request:
-        <b>cookies</b> (the same mechanism that we use ourselves on accessing the API from the
-        web application) and <b>access tokens</b>.</p>
-
-        <p>The cookie can be obtained using the <b>`login-with-password`</b> rpc method,
-        on successful login it sets the <b>`auth-token`</b> cookie with the session
-        token.</p>
-
-        <p>The access token can be obtained on the appropriate section on profile settings
-        and it should be provided using <b>`Authorization`</b> header with <b>`Token
-        &lt;token-string&gt;`</b> value.</p>
-
-        <h3>Content Negotiation</h3>
-        <p>The penpot API by default operates indistinctly with: <b>`application/json`</b>
-        and <b>`application/transit+json`</b> content types. You should specify the
-        desired content-type on the <b>`Accept`</b> header, the transit encoding is used
-        by default.</p>
-
-        <h3>SSE (Server-Sent Events)</h3>
-        <p>The methods marked with <b>SSE</b> returns
-        a <a href="https://html.spec.whatwg.org/multipage/server-sent-events.html"> SSE
-        formatted</a> stream on the response body, always with status 200. The events are
-        always encoded using `application/transit+json` encoding (for now no content
-        negotiation is possible on methods that return SSE streams). </p>
-        <p>On the javascript side you can use
-        the <a href="https://github.com/rexxars/eventsource-parser">eventsoure-parser</a>
-        library for propertly parsing the response body using the
-        standard <a href="https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API">Fetch
-        API</a></p>
-
-        <h3>Limits</h3>
-        <p>The rate limit work per user basis (this means that different api keys share
-        the same rate limit). For now the limits are not documented because we are
-        studying and analyzing the data. As a general rule, it should not be abused, if an
-        abusive use is detected, we will proceed to block the user's access to the
-        API.</p>
-
-        <h3>Webhooks</h3>
-        <p>All methods that emit webhook events are marked with flag <b>WEBHOOK</b>, the
-        data structure defined on each method represents the <i>payload</i> of the
-        event.</p>
-        <p>The webhook event structure has this aspect:</p>
-        <br/>
-
-        <pre>
-{
-  "id": "db601c95-045f-808b-8002-362f08fcb621",
-  "name": "rename-file",
-  "props": &lt;payload&gt;,
-  "profileId": "db601c95-045f-808b-8002-361312e63531"
-}
-        </pre>
-      </section>
       <section class="rpc-doc-content">
-        <h2>RPC METHODS REFERENCE:</h2>
+
+        <h2>RPC COMMAND METHODS:</h2>
         <ul class="rpc-items">
-          {% for item in methods %}
+          {% for item in command-methods %}
+            {% include "app/templates/api-doc-entry.tmpl" with item=item %}
+          {% endfor %}
+        </ul>
+
+        <h2>RPC QUERY METHODS:</h2>
+        <ul class="rpc-items">
+          {% for item in query-methods %}
+            {% include "app/templates/api-doc-entry.tmpl" with item=item %}
+          {% endfor %}
+        </ul>
+
+        <h2>RPC MUTATION METHODS:</h2>
+        <ul class="rpc-items">
+          {% for item in mutation-methods %}
             {% include "app/templates/api-doc-entry.tmpl" with item=item %}
           {% endfor %}
         </ul>

backend/resources/app/templates/debug.tmpl

@@ -6,17 +6,11 @@ Debug Main Page
 
 {% block content %}
 <nav>
-  <div class="title">
-    <h1>ADMIN DEBUG INTERFACE</h1>
-  </div>
+  <h1>Debug INDEX:</h1>
+  <div>[<a href="/dbg/error">ERRORS</a>]</div>
 </nav>
-<main class="dashboard">
+<main class="index">
   <section class="widget">
-    <fieldset>
-      <legend>Error reports</legend>
-      <desc><a href="/dbg/error">CLICK HERE TO SEE THE ERROR REPORTS</a> </desc>
-    </fieldset>
-
     <fieldset>
       <legend>Download file data:</legend>
       <desc>Given an FILE-ID, downloads the file data as file. The file data is encoded using transit.</desc>
@@ -43,42 +37,9 @@ Debug Main Page
           <input type="checkbox" name="reuseid" />
         </div>
 
-        <div class="row">
-          <input type="submit" value="Upload" />
-        </div>
+        <input type="submit" value="Upload" />
       </form>
     </fieldset>
-
-    <fieldset>
-      <legend>Profile Management</legend>
-      <form method="post" action="/dbg/actions/resend-email-verification">
-        <div class="row">
-          <input type="email" name="email" placeholder="example@example.com" value="" />
-        </div>
-
-        <div class="row">
-          <label for="force-verify">Are you sure?</label>
-          <input id="force-verify" type="checkbox" name="force" />
-          <br />
-          <small>
-            This is a just a security double check for prevent non intentional submits.
-          </small>
-        </div>
-
-        <div class="row">
-          <input type="submit" name="resend" value="Resend Verification" />
-          <input type="submit" name="verify" value="Verify" />
-        </div>
-
-        <div class="row">
-          <input type="submit" class="danger" name="block" value="Block" />
-          <input type="submit" class="danger" name="unblock" value="Unblock" />
-        </div>
-      </form>
-    </fieldset>
-
-
-
   </section>
 
   <section class="widget">
@@ -146,37 +107,18 @@ Debug Main Page
         </div>
 
         <div class="row">
-          <input type="submit" name="upload" value="Upload" />
-        </div>
-      </form>
-    </fieldset>
-  </section>
-
-  <section class="widget">
-    <fieldset>
-      <legend>Reset file version</legend>
-      <desc>Allows reset file data version to a specific number/</desc>
-
-      <form method="post" action="/dbg/actions/reset-file-version">
-        <div class="row">
-          <input type="text" style="width:300px" name="file-id" placeholder="file-id" />
-        </div>
-        <div class="row">
-          <input type="number" style="width:100px" name="version" placeholder="version" value="32" />
-        </div>
-
-        <div class="row">
-          <label for="force-version">Are you sure?</label>
-          <input id="force-version" type="checkbox" name="force" />
+          <label>Ignore index errors?</label>
+          <input type="checkbox" name="ignore-index-errors" checked/>
           <br />
           <small>
-            This is a just a security double check for prevent non intentional submits.
+            Do not break on index lookup errors (remap operation).
+            Useful when importing a broken file that has broken
+            relations or missing pieces.
           </small>
         </div>
 
-
         <div class="row">
-          <input type="submit" value="Submit" />
+          <input type="submit" name="upload" value="Upload" />
         </div>
       </form>
     </fieldset>

backend/resources/app/templates/error-list.tmpl

@@ -6,19 +6,13 @@ penpot - error list
 
 {% block content %}
 <nav>
-  <div class="title">
-    <h1>Error reports (last 200)</h1>
-  </div>
+  <h1>Latest error reports:</h1>
 </nav>
 <main class="horizontal-list">
   <ul>
     {% for item in items %}
-      <li>
-        <a class="date" href="/dbg/error/{{item.id}}">{{item.created-at}}</a>
-        <a class="hint" href="/dbg/error/{{item.id}}">
-          <span class="title">{{item.hint|abbreviate:150}}</span>
-        </a>
-      </li>
+    <li><a class="date" href="/dbg/error/{{item.id}}">{{item.created-at}}</a> 
+        <span class="title">{{item.hint|abbreviate:150}}</span></li>
     {% endfor %}
   </ul>
 </main>

backend/resources/app/templates/error-report.v3.tmpl

@@ -1,101 +0,0 @@
- {% extends "app/templates/base.tmpl" %}
-
-{% block title %}
-Report: {{hint|abbreviate:150}} - {{id}} - Penpot Error Report (v3)
-{% endblock %}
-
-{% block content %}
-<nav>
-  <div>[<a href="/dbg/error">⮜</a>]</div>
-  <div>[<a href="#head">head</a>]</div>
-  <div>[<a href="#props">props</a>]</div>
-  <div>[<a href="#context">context</a>]</div>
-  {% if params %}
-  <div>[<a href="#params">params</a>]</div>
-  {% endif %}
-  {% if data %}
-  <div>[<a href="#edata">data</a>]</div>
-  {% endif %}
-  {% if explain %}
-  <div>[<a href="#explain">explain</a>]</div>
-  {% endif %}
-  {% if value %}
-  <div>[<a href="#value">value</a>]</div>
-  {% endif %}
-  {% if trace %}
-  <div>[<a href="#trace">trace</a>]</div>
-  {% endif %}
-</nav>
-<main>
-  <div class="table">
-    <div class="table-row multiline">
-      <div id="head" class="table-key">HEAD</div>
-      <div class="table-val">
-        <h1><span class="not-important">Hint:</span> <br/> {{hint}}</h1>
-        <h2><span class="not-important">Reported at:</span> <br/> {{created-at}}</h2>
-        <h2><span class="not-important">Report ID:</span> <br/> {{id}}</h2>
-      </div>
-    </div>
-
-    <div class="table-row multiline">
-      <div id="props" class="table-key">LOG PROPS: </div>
-      <div class="table-val">
-        <pre>{{props}}</pre>
-      </div>
-    </div>
-
-    <div class="table-row multiline">
-      <div id="context" class="table-key">CONTEXT: </div>
-
-      <div class="table-val">
-        <pre>{{context}}</pre>
-      </div>
-    </div>
-
-    {% if params %}
-    <div class="table-row multiline">
-      <div id="params" class="table-key">PARAMS: </div>
-      <div class="table-val">
-        <pre>{{params}}</pre>
-      </div>
-    </div>
-    {% endif %}
-
-    {% if data %}
-    <div class="table-row multiline">
-      <div id="edata" class="table-key">DATA: </div>
-      <div class="table-val">
-        <pre>{{data}}</pre>
-      </div>
-    </div>
-    {% endif %}
-
-    {% if value %}
-    <div class="table-row multiline">
-      <div id="value" class="table-key">VALUE: </div>
-      <div class="table-val">
-        <pre>{{value}}</pre>
-      </div>
-    </div>
-    {% endif %}
-
-    {% if explain %}
-    <div class="table-row multiline">
-      <div id="explain" class="table-key">EXPLAIN: </div>
-      <div class="table-val">
-        <pre>{{explain}}</pre>
-      </div>
-    </div>
-    {% endif %}
-
-    {% if trace %}
-    <div class="table-row multiline">
-      <div id="trace" class="table-key">TRACE:</div>
-      <div class="table-val">
-        <pre>{{trace}}</pre>
-      </div>
-    </div>
-    {% endif %}
-  </div>
-</main>
-{% endblock %}

backend/resources/app/templates/openapi.tmpl

@@ -1,28 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta charset="utf-8" />
-  <meta name="viewport" content="width=device-width, initial-scale=1" />
-  <meta
-    name="description"
-    content="SwaggerUI"
-  />
-  <title>PENPOT Swagger UI</title>
-  <style>{{swagger-css|safe}}</style>
-</head>
-<body>
-<div id="swagger-ui"></div>
-<script>{{swagger-js|safe}}</script>
-<script>
-  window.onload = () => {
-    window.ui = SwaggerUIBundle({
-      url: '{{public-uri}}/api/openapi.json',
-      dom_id: '#swagger-ui',      
-      presets: [
-        SwaggerUIBundle.presets.apis,
-      ],
-    });
-  };
-</script>
-</body>
-</html>

backend/resources/app/templates/styles.css

@@ -36,11 +36,6 @@ small {
   color: #888;
 }
 
-.not-important {
-  color: #888;
-  font-weight: 200;
-}
-
 small > strong {
   font-size: 9px;
 }
@@ -55,13 +50,7 @@ nav {
   background: #e3e3e3;
 }
 
-nav > .title {
-  display: flex;
-  justify-content: center;
-  width: 100%;
-}
-
-nav > .title > h1 {
+nav > h1 {
   padding: 0px;
   margin: 0px;
   font-size: 11px;
@@ -116,50 +105,29 @@ nav > div:not(:last-child) {
   width: unset;
 }
 
-.dashboard {
+.index {
   margin-top: 40px;
   display: flex;
 }
 
-.widget {
+.index > section {
+  padding: 10px;
+  background-color: #e3e3e3;
   max-width: 400px;
   margin: 5px;
   height: fit-content;
 }
 
-.widget input[type=submit] {
-  outline: none;
-  border: 1px solid gray;
-  border-radius: 2px;
-  padding: 3px 5px;
-}
-
-.widget input[type=submit].danger {
-  outline: none;
-  border: 1px solid red;
-  border-radius: 2px;
-  padding: 3px 5px;
-}
-
-
-
-.widget > fieldset {
-  padding: 10px;
-  background-color: #f9f9f9;
-}
-
-.widget > fieldset:not(:last-child) {
-  margin-bottom: 10px;
-}
-
-
-
-.dashboard fieldset:not(:first-child) {
+.index fieldset:not(:first-child) {
   margin-top: 15px;
 }
 
+/* .index > section:not(:last-child) { */
+/*   margin-bottom: 10px; */
+/* } */
 
-.widget > h2 {
+
+.index > section > h2 {
   margin-top: 0px;
 }
 
@@ -183,6 +151,7 @@ nav > div:not(:last-child) {
   line-height: 18px;
   min-width: 210px;
   margin: 0px 20px;
+  cursor: pointer;
   display: flex;
   border-radius: 3px;
 }

backend/resources/climit.edn

@@ -1,30 +1,9 @@
 ;; Example climit.edn file
-;; Required: permits
-;; Optional: queue, ommited means Integer/MAX_VALUE
-;; Optional: timeout, ommited means no timeout
-;; Note: queue and timeout are excluding
-{:update-file/global {:permits 20}
- :update-file/by-profile
- {:permits 1 :queue 5}
-
- :process-font/global {:permits 4}
- :process-font/by-profile {:permits 1}
-
- :process-image/global {:permits 8}
- :process-image/by-profile {:permits 1}
-
- :auth/global {:permits 8}
-
- :root/global
- {:permits 40}
-
- :root/by-profile
- {:permits 10}
-
- :file-thumbnail-ops/global
- {:permits 20}
- :file-thumbnail-ops/by-profile
- {:permits 2}
-
- :submit-audit-events/by-profile
- {:permits 1 :queue 3}}
+;; Required: concurrency
+;; Optional: queue-size, ommited means Integer/MAX_VALUE
+{:update-file   {:concurrency 1 :queue-size 3}
+ :auth          {:concurrency 128}
+ :process-font  {:concurrency 4 :queue-size 32}
+ :process-image {:concurrency 8 :queue-size 32}
+ :push-audit-events
+ {:concurrency 1 :queue-size 3}}

backend/resources/log4j2-devenv-repl.xml

@@ -1,52 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Configuration status="info" monitorInterval="30">
-  <Appenders>
-    <Console name="console" target="SYSTEM_OUT">
-      <PatternLayout pattern="[%d{YYYY-MM-dd HH:mm:ss.SSS}] %level{length=1} %logger{36} - %msg%n"
-                     alwaysWriteExceptions="true" />
-    </Console>
-
-    <RollingFile name="main" fileName="logs/main-latest.log" filePattern="logs/main-%i.log">
-      <PatternLayout pattern="[%d{YYYY-MM-dd HH:mm:ss.SSS}] %level{length=1} %logger{36} - %msg%n"
-                     alwaysWriteExceptions="true" />
-      <Policies>
-        <SizeBasedTriggeringPolicy size="50M"/>
-      </Policies>
-      <DefaultRolloverStrategy max="20"/>
-    </RollingFile>
-  </Appenders>
-
-  <Loggers>
-    <Logger name="io.lettuce" level="error" />
-    <Logger name="com.zaxxer.hikari" level="error"/>
-    <Logger name="org.postgresql" level="error" />
-
-    <Logger name="app.binfile" level="debug" />
-    <Logger name="app.storage.tmp" level="info" />
-    <Logger name="app.worker" level="trace" />
-    <Logger name="app.msgbus" level="info" />
-    <Logger name="app.http.websocket" level="info" />
-    <Logger name="app.http.sse" level="info" />
-    <Logger name="app.util.websocket" level="info" />
-    <Logger name="app.redis" level="info" />
-    <Logger name="app.rpc.rlimit" level="info" />
-    <Logger name="app.rpc.climit" level="debug" />
-    <Logger name="app.common.files.migrations" level="debug" />
-
-    <Logger name="app.loggers" level="debug" additivity="false">
-      <AppenderRef ref="main" level="debug" />
-    </Logger>
-
-    <Logger name="app" level="all" additivity="false">
-      <AppenderRef ref="main" level="trace" />
-    </Logger>
-
-    <Logger name="user" level="trace" additivity="false">
-      <AppenderRef ref="main" level="trace" />
-    </Logger>
-
-    <Root level="info">
-      <AppenderRef ref="main" />
-    </Root>
-  </Loggers>
-</Configuration>

backend/resources/log4j2-devenv.xml

@@ -3,16 +3,16 @@
   <Appenders>
     <Console name="console" target="SYSTEM_OUT">
       <PatternLayout pattern="[%d{YYYY-MM-dd HH:mm:ss.SSS}] %level{length=1} %logger{36} - %msg%n"
-                     alwaysWriteExceptions="true" />
+                     alwaysWriteExceptions="false" />
     </Console>
 
-    <RollingFile name="main" fileName="logs/main-latest.log" filePattern="logs/main-%i.log">
+    <RollingFile name="main" fileName="logs/main.log" filePattern="logs/main-%i.log">
       <PatternLayout pattern="[%d{YYYY-MM-dd HH:mm:ss.SSS}] %level{length=1} %logger{36} - %msg%n"
-                     alwaysWriteExceptions="true" />
+                     alwaysWriteExceptions="false" />
       <Policies>
         <SizeBasedTriggeringPolicy size="50M"/>
       </Policies>
-      <DefaultRolloverStrategy max="20"/>
+      <DefaultRolloverStrategy max="9"/>
     </RollingFile>
   </Appenders>
 
@@ -21,36 +21,31 @@
     <Logger name="com.zaxxer.hikari" level="error"/>
     <Logger name="org.postgresql" level="error" />
 
-    <Logger name="app.binfile" level="debug" />
-    <Logger name="app.storage.tmp" level="info" />
-    <Logger name="app.worker" level="trace" />
+    <Logger name="app.rpc.commands.binfile" level="debug" />
+    <Logger name="app.storage.tmp" level="debug" />
+    <Logger name="app.worker" level="info" />
     <Logger name="app.msgbus" level="info" />
     <Logger name="app.http.websocket" level="info" />
-    <Logger name="app.http.sse" level="info" />
     <Logger name="app.util.websocket" level="info" />
     <Logger name="app.redis" level="info" />
     <Logger name="app.rpc.rlimit" level="info" />
-    <Logger name="app.rpc.climit" level="debug" />
-    <Logger name="app.common.files.migrations" level="debug" />
+    <Logger name="app.rpc.climit" level="info" />
+    <Logger name="app.rpc.mutations.files" level="info" />
 
     <Logger name="app.loggers" level="debug" additivity="false">
-      <AppenderRef ref="console" level="info" />
       <AppenderRef ref="main" level="debug" />
     </Logger>
 
     <Logger name="app" level="all" additivity="false">
       <AppenderRef ref="main" level="trace" />
-      <AppenderRef ref="console" level="debug" />
     </Logger>
 
     <Logger name="user" level="trace" additivity="false">
       <AppenderRef ref="main" level="trace" />
-      <AppenderRef ref="console" level="info" />
     </Logger>
 
     <Root level="info">
       <AppenderRef ref="main" />
-      <AppenderRef ref="console" level="info" />
     </Root>
   </Loggers>
 </Configuration>

backend/resources/log4j2-experiments.xml

@@ -1,65 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Configuration status="info" monitorInterval="30">
-  <Appenders>
-    <Console name="console" target="SYSTEM_OUT">
-      <PatternLayout pattern="[%d{YYYY-MM-dd HH:mm:ss.SSS}] %level{length=1} %logger{36} - %msg%n"
-                     alwaysWriteExceptions="true" />
-    </Console>
-
-    <RollingFile name="main" fileName="logs/main-latest.log" filePattern="logs/main-%i.log">
-      <PatternLayout pattern="[%d{YYYY-MM-dd HH:mm:ss.SSS}] %level{length=1} %logger{36} - %msg%n"
-                     alwaysWriteExceptions="true" />
-      <Policies>
-        <SizeBasedTriggeringPolicy size="50M"/>
-      </Policies>
-      <DefaultRolloverStrategy max="9"/>
-    </RollingFile>
-
-    <RollingFile name="reports" fileName="logs/reports-latest.log" filePattern="logs/reports-%i.log">
-      <PatternLayout pattern="[%d{YYYY-MM-dd HH:mm:ss.SSS}] %level{length=1} %logger{36} - %msg%n"
-                     alwaysWriteExceptions="true" />
-      <Policies>
-        <SizeBasedTriggeringPolicy size="100M"/>
-      </Policies>
-      <DefaultRolloverStrategy max="9"/>
-    </RollingFile>
-  </Appenders>
-
-  <Loggers>
-    <Logger name="io.lettuce" level="error" />
-    <Logger name="com.zaxxer.hikari" level="error"/>
-    <Logger name="org.postgresql" level="error" />
-
-    <Logger name="app.rpc.commands.binfile" level="debug" />
-    <Logger name="app.storage.tmp" level="info" />
-    <Logger name="app.worker" level="trace" />
-    <Logger name="app.msgbus" level="info" />
-    <Logger name="app.http.websocket" level="info" />
-    <Logger name="app.http.sse" level="info" />
-    <Logger name="app.util.websocket" level="info" />
-    <Logger name="app.redis" level="info" />
-    <Logger name="app.rpc.rlimit" level="info" />
-    <Logger name="app.rpc.climit" level="debug" />
-    <Logger name="app.common.files.migrations" level="info" />
-
-    <Logger name="app.loggers" level="debug" additivity="false">
-      <AppenderRef ref="main" level="debug" />
-    </Logger>
-
-    <Logger name="app.features" level="all" additivity="true">
-      <AppenderRef ref="reports" level="warn" />
-    </Logger>
-
-    <Logger name="app" level="all" additivity="false">
-      <AppenderRef ref="main" level="trace" />
-    </Logger>
-
-    <Logger name="user" level="trace" additivity="false">
-      <AppenderRef ref="main" level="trace" />
-    </Logger>
-
-    <Root level="info">
-      <AppenderRef ref="main" />
-    </Root>
-  </Loggers>
-</Configuration>

backend/resources/log4j2.xml

@@ -11,9 +11,12 @@
     <Logger name="io.lettuce" level="error" />
     <Logger name="com.zaxxer.hikari" level="error" />
     <Logger name="org.postgresql" level="error" />
+
+    <Logger name="app.util" level="info" />
     <Logger name="app" level="info" additivity="false">
-      <AppenderRef ref="console" level="info" />
+      <AppenderRef ref="console" />
     </Logger>
+
     <Root level="info">
       <AppenderRef ref="console" />
     </Root>

backend/resources/rlimit.edn

@@ -3,9 +3,8 @@
 {:default
  [[:default :window "200000/h"]]
 
- ;; #{:command/get-teams}
- ;; [[:burst :bucket "5/5/5s"]]
+ #{:command/get-teams}
+ [[:burst :bucket "5/1/5s"]]
 
- ;; #{:command/get-profile}
- ;; [[:burst :bucket "60/60/1m"]]
- }
+ #{:command/get-profile}
+ [[:burst :bucket "60/60/1m"]]}

backend/scripts/build

@@ -18,8 +18,6 @@ cp scripts/manage.py target/dist/manage.py
 chmod +x target/dist/run.sh;
 chmod +x target/dist/manage.py
 
-# Prefetch templates
-rm -rf builtin-templates;
-mkdir builtin-templates;
+# Prefetch
 bb ./scripts/prefetch-templates.clj resources/app/onboarding.edn builtin-templates/
 cp -r builtin-templates target/dist/

backend/scripts/manage.py

@@ -11,7 +11,6 @@ import json
 import socket
 import sys
 
-from tabulate import tabulate
 from getpass import getpass
 from urllib.parse import urlparse
 
@@ -44,16 +43,11 @@ def send_eval(expr):
         s.send(b":repl/quit\n\n")
 
         with s.makefile() as f:
-            while True:
-                line = f.readline()
-                result = json.loads(line)
-                tag = result.get("tag", None)
-                if tag == "ret":
-                    return result.get("val", None), result.get("exception", None)
-                elif tag == "out":
-                    print(result.get("val"), end="")
-                else:
-                    raise RuntimeError("unexpected response from PREPL")
+            result = json.load(f)
+            tag = result.get("tag", None)
+            if tag != "ret":
+                raise RuntimeError("unexpected response from PREPL")
+            return result.get("val", None), result.get("exception", None)
 
 def encode(val):
     return json.dumps(json.dumps(val))
@@ -64,17 +58,13 @@ def print_error(res):
         break
 
 def run_cmd(params):
-    try:
-        expr = "(app.srepl.cli/exec {})".format(encode(params))
-        res, failed = send_eval(expr)
-        if failed:
-            print_error(res)
-            sys.exit(-1)
+    expr = "(app.srepl.ext/run-json-cmd {})".format(encode(params))
+    res, failed = send_eval(expr)
+    if failed:
+        print_error(res)
+        sys.exit(-1)
 
-        return res
-    except Exception as cause:
-        print("EXC:", str(cause))
-        sys.exit(-2)
+    return res
 
 def create_profile(fullname, email, password):
     params = {
@@ -106,34 +96,6 @@ def update_profile(email, fullname, password, is_active):
     else:
         print(f"No profile found with email {email}")
 
-def delete_profile(email, soft):
-    params = {
-        "cmd": "delete-profile",
-        "params": {
-            "email": email,
-            "soft": soft
-        }
-    }
-
-    res = run_cmd(params)
-    if res is True:
-        print(f"Deleted")
-    else:
-        print(f"No profile found with email {email}")
-
-def search_profile(email):
-    params = {
-        "cmd": "search-profile",
-        "params": {
-            "email": email,
-        }
-    }
-
-    res = run_cmd(params)
-
-    if isinstance(res, list):
-        print(tabulate(res, headers="keys"))
-
 def derive_password(password):
     params = {
         "cmd": "derive-password",
@@ -145,22 +107,11 @@ def derive_password(password):
     res = run_cmd(params)
     print(f"Derived password: \"{res}\"")
 
-
-def migrate_components_v2():
-    params = {
-        "cmd": "migrate-v2",
-        "params": {}
-    }
-
-    run_cmd(params)
-
-available_commands = (
+available_commands = [
     "create-profile",
     "update-profile",
-    "delete-profile",
-    "search-profile",
-    "derive-password",
-)
+    "derive-password"
+]
 
 parser = argparse.ArgumentParser(
     description=(
@@ -170,11 +121,10 @@ parser = argparse.ArgumentParser(
 
 parser.add_argument("-V", "--version", action="version", version="Penpot CLI %%develop%%")
 parser.add_argument("action", action="store", choices=available_commands)
-parser.add_argument("-f", "--force", help="force operation", action="store_true")
-parser.add_argument("-n", "--fullname", help="fullname", action="store")
-parser.add_argument("-e", "--email", help="email", action="store")
-parser.add_argument("-p", "--password", help="password", action="store")
-parser.add_argument("-c", "--connect", help="connect to PREPL", action="store", default="tcp://localhost:6063")
+parser.add_argument("-n", "--fullname", help="Fullname", action="store")
+parser.add_argument("-e", "--email", help="Email", action="store")
+parser.add_argument("-p", "--password", help="Password", action="store")
+parser.add_argument("-c", "--connect", help="Connect to PREPL", action="store", default="tcp://localhost:6063")
 
 args = parser.parse_args()
 
@@ -215,21 +165,3 @@ elif args.action == "derive-password":
         password = getpass("Password: ")
 
     derive_password(password)
-
-elif args.action == "delete-profile":
-    email = args.email
-    soft = not args.force
-
-    if email is None:
-        email = input("Email: ")
-
-    delete_profile(email, soft)
-
-elif args.action == "search-profile":
-    email = args.email
-    if email is None:
-        email = input("Email: ")
-
-    search_profile(email)
-
-

backend/scripts/nrepl

@@ -1,3 +0,0 @@
-#!/usr/bin/env bash
-
-clojure -J-Xms50m -J-Xmx256m -J-XX:+UseSerialGC -Sdeps '{:deps {reply/reply {:mvn/version "0.5.0"}}}' -M -m reply.main --attach localhost:6064 -e "(in-ns 'app.main)"

backend/scripts/repl

@@ -4,16 +4,7 @@ export PENPOT_HOST=devenv
 export PENPOT_TENANT=dev
 export PENPOT_FLAGS="\
        $PENPOT_FLAGS \
-       enable-login-with-ldap \
-       enable-login-with-password
-       enable-login-with-oidc \
-       enable-login-with-google \
-       enable-login-with-github \
-       enable-login-with-gitlab \
-       enable-backend-worker \
        enable-backend-asserts \
-       enable-feature-fdata-pointer-map \
-       enable-feature-fdata-objects-map \
        enable-audit-log \
        enable-transit-readable-response \
        enable-demo-users \
@@ -25,18 +16,7 @@ export PENPOT_FLAGS="\
        enable-rpc-rlimit \
        enable-soft-rpc-rlimit \
        enable-webhooks \
-       enable-access-tokens \
-       enable-file-validation \
-       enable-file-schema-validation";
-
-# Default deletion delay for devenv
-export PENPOT_DELETION_DELAY="24h"
-
-# Setup default upload media file size to 100MiB
-export PENPOT_MEDIA_MAX_FILE_SIZE=104857600
-
-# Setup default multipart upload size to 300MiB
-export PENPOT_HTTP_SERVER_MAX_MULTIPART_BODY_SIZE=314572800
+       enable-access-tokens";
 
 # export PENPOT_DATABASE_URI="postgresql://172.17.0.1:5432/penpot"
 # export PENPOT_DATABASE_USERNAME="penpot"
@@ -51,13 +31,10 @@ export PENPOT_HTTP_SERVER_MAX_MULTIPART_BODY_SIZE=314572800
 # export PENPOT_AUDIT_LOG_ARCHIVE_URI="http://localhost:6070/api/audit"
 
 # Initialize MINIO config
-mc alias set penpot-s3/ http://minio:9000 minioadmin minioadmin -q
-mc admin user add penpot-s3 penpot-devenv penpot-devenv -q
-mc admin user info penpot-s3 penpot-devenv |grep -F -q "readwrite"
-if [ "$?" = "1" ]; then
-    mc admin policy attach penpot-s3 readwrite --user=penpot-devenv -q
-fi
-mc mb penpot-s3/penpot -p -q
+mc alias set penpot-s3/ http://minio:9000 minioadmin minioadmin
+mc admin user add penpot-s3 penpot-devenv penpot-devenv
+mc admin policy set penpot-s3 readwrite user=penpot-devenv
+mc mb penpot-s3/penpot -p
 
 export AWS_ACCESS_KEY_ID=penpot-devenv
 export AWS_SECRET_ACCESS_KEY=penpot-devenv
@@ -69,37 +46,15 @@ export OPTIONS="
        -A:jmx-remote -A:dev \
        -J-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager \
        -J-Djdk.attach.allowAttachSelf \
-       -J-Dpolyglot.engine.WarnInterpreterOnly=false \
-       -J-Dlog4j2.configurationFile=log4j2-devenv-repl.xml \
-       -J-XX:+EnableDynamicAgentLoading \
+       -J-Dlog4j2.configurationFile=log4j2-devenv.xml \
+       -J-Xms50m \
+       -J-Xmx1024m \
+       -J-XX:+UseZGC \
        -J-XX:-OmitStackTraceInFastThrow \
        -J-XX:+UnlockDiagnosticVMOptions \
-       -J-XX:+DebugNonSafepoints \
-       -J-Djdk.tracePinnedThreads=full"
+       -J-XX:+DebugNonSafepoints";
 
-# Enable preview
-export OPTIONS="$OPTIONS -J--enable-preview"
-
-# Setup HEAP
-# export OPTIONS="$OPTIONS -J-Xms50m -J-Xmx1024m"
-# export OPTIONS="$OPTIONS -J-Xms1100m -J-Xmx1100m -J-XX:+AlwaysPreTouch"
-
-# Increase virtual thread pool size
-# export OPTIONS="$OPTIONS -J-Djdk.virtualThreadScheduler.parallelism=16"
-
-# Disable C2 Compiler
-# export OPTIONS="$OPTIONS -J-XX:TieredStopAtLevel=1"
-
-# Disable all compilers
-# export OPTIONS="$OPTIONS -J-Xint"
-
-# Setup GC
-# export OPTIONS="$OPTIONS -J-XX:+UseG1GC"
-
-# Setup GC
-# export OPTIONS="$OPTIONS -J-XX:+UseZGC"
-
-# Enable ImageMagick v7.x support
+# Uncomment for use the ImageMagick v7.x
 # export OPTIONS="-J-Dim4java.useV7=true $OPTIONS";
 
 export OPTIONS_EVAL="nil"

backend/scripts/repl-test

@@ -1,48 +0,0 @@
-#!/usr/bin/env bash
-
-source /home/penpot/environ
-export PENPOT_FLAGS="$PENPOT_FLAGS disable-backend-worker"
-
-export OPTIONS="
-       -A:jmx-remote -A:dev \
-       -J-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager \
-       -J-Djdk.attach.allowAttachSelf \
-       -J-Dlog4j2.configurationFile=log4j2-experiments.xml \
-       -J-XX:-OmitStackTraceInFastThrow \
-       -J-XX:+UnlockDiagnosticVMOptions \
-       -J-XX:+DebugNonSafepoints \
-       -J-Djdk.tracePinnedThreads=full \
-       -J-XX:+UseTransparentHugePages \
-       -J-XX:ReservedCodeCacheSize=1g \
-       -J-Dpolyglot.engine.WarnInterpreterOnly=false \
-       -J--enable-preview";
-
-# Setup HEAP
-export OPTIONS="$OPTIONS -J-Xms320g -J-Xmx320g -J-XX:+AlwaysPreTouch"
-
-export PENPOT_HTTP_SERVER_IO_THREADS=2
-export PENPOT_HTTP_SERVER_WORKER_THREADS=2
-
-# Increase virtual thread pool size
-# export OPTIONS="$OPTIONS -J-Djdk.virtualThreadScheduler.parallelism=16"
-
-# Disable C2 Compiler
-# export OPTIONS="$OPTIONS -J-XX:TieredStopAtLevel=1"
-
-# Disable all compilers
-# export OPTIONS="$OPTIONS -J-Xint"
-
-# Setup GC
-export OPTIONS="$OPTIONS -J-XX:+UseG1GC -J-Xlog:gc:logs/gc.log"
-
-# Setup GC
-#export OPTIONS="$OPTIONS -J-XX:+UseZGC -J-XX:+ZGenerational -J-Xlog:gc:logs/gc.log"
-
-# Enable ImageMagick v7.x support
-# export OPTIONS="-J-Dim4java.useV7=true $OPTIONS";
-
-export OPTIONS_EVAL="nil"
-# export OPTIONS_EVAL="(set! *warn-on-reflection* true)"
-
-set -ex
-exec clojure $OPTIONS -M -e "$OPTIONS_EVAL" -m rebel-readline.main

backend/scripts/run.template.sh

@@ -18,9 +18,7 @@ if [ -f ./environ ]; then
     source ./environ
 fi
 
-export JVM_OPTS="-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager -Dlog4j2.configurationFile=log4j2.xml -XX:-OmitStackTraceInFastThrow -Dpolyglot.engine.WarnInterpreterOnly=false --enable-preview $JVM_OPTS"
+export JVM_OPTS="-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager -Dlog4j2.configurationFile=log4j2.xml -XX:-OmitStackTraceInFastThrow $JVM_OPTS"
 
-ENTRYPOINT=${1:-app.main};
-
-set -ex
-exec $JAVA_CMD $JVM_OPTS -jar penpot.jar -m $ENTRYPOINT
+set -x
+exec $JAVA_CMD $JVM_OPTS "$@" -jar penpot.jar -m app.main

backend/scripts/start-dev

@@ -2,65 +2,24 @@
 
 export PENPOT_HOST=devenv
 export PENPOT_TENANT=dev
-export PENPOT_FLAGS="\
-       $PENPOT_FLAGS \
-       enable-prepl-server \
-       enable-urepl-server \
-       enable-nrepl-server \
-       enable-webhooks \
-       enable-backend-asserts \
-       enable-audit-log \
-       enable-transit-readable-response \
-       enable-demo-users \
-       enable-feature-fdata-pointer-map \
-       enable-feature-fdata-objects-map \
-       disable-secure-session-cookies \
-       enable-rpc-climit \
-       enable-smtp \
-       enable-access-tokens \
-       enable-file-validation \
-       enable-file-schema-validation";
-
-export OPTIONS="
-       -A:jmx-remote -A:dev \
-       -J-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager \
-       -J-Djdk.attach.allowAttachSelf \
-       -J-Dpolyglot.engine.WarnInterpreterOnly=false \
-       -J-Dlog4j2.configurationFile=log4j2-devenv.xml \
-       -J-XX:+EnableDynamicAgentLoading \
-       -J-XX:-OmitStackTraceInFastThrow \
-       -J-XX:+UnlockDiagnosticVMOptions \
-       -J-XX:+DebugNonSafepoints"
-
-# Default deletion delay for devenv
-export PENPOT_DELETION_DELAY="24h"
-
-# Setup default upload media file size to 100MiB
-export PENPOT_MEDIA_MAX_FILE_SIZE=104857600
-
-# Setup default multipart upload size to 300MiB
-export PENPOT_HTTP_SERVER_MAX_MULTIPART_BODY_SIZE=314572800
-
-# Enable ImageMagick v7.x support
-# export OPTIONS="-J-Dim4java.useV7=true $OPTIONS";
-
-# Initialize MINIO config
-mc alias set penpot-s3/ http://minio:9000 minioadmin minioadmin -q
-mc admin user add penpot-s3 penpot-devenv penpot-devenv -q
-mc admin user info penpot-s3 penpot-devenv |grep -F -q "readwrite"
-if [ "$?" = "1" ]; then
-    mc admin policy attach penpot-s3 readwrite --user=penpot-devenv -q
-fi
-mc mb penpot-s3/penpot -p -q
-
-export AWS_ACCESS_KEY_ID=penpot-devenv
-export AWS_SECRET_ACCESS_KEY=penpot-devenv
-export PENPOT_ASSETS_STORAGE_BACKEND=assets-s3
-export PENPOT_STORAGE_ASSETS_S3_ENDPOINT=http://minio:9000
-export PENPOT_STORAGE_ASSETS_S3_BUCKET=penpot
-
-entrypoint=${1:-app.main};
+export PENPOT_FLAGS="$PENPOT_FLAGS enable-backend-asserts enable-audit-log enable-transit-readable-response enable-demo-users disable-secure-session-cookies enable-smtp enable-webhooks"
 
 set -ex
 
-clojure $OPTIONS -A:dev -M -m $entrypoint;
+if [ "$1" = "--watch" ]; then
+    echo "Start Watch..."
+
+    clojure -A:dev -M -m app.main &
+    PID=$!
+
+    npx nodemon \
+        --watch src \
+        --watch ../common \
+        --ext "clj" \
+        --signal SIGKILL \
+        --exec 'echo "(user/restart)" | nc -N localhost 6062'
+
+    kill -9 $PID
+else
+    clojure -A:dev -M -m app.main
+fi

backend/src/app/auth.clj

@@ -8,15 +8,13 @@
   (:require
    [buddy.hashers :as hashers]))
 
-(def default-params
-  {:alg :argon2id
-   :memory 32768 ;; 32 MiB
-   :iterations 3
-   :parallelism 2})
-
 (defn derive-password
   [password]
-  (hashers/derive password default-params))
+  (hashers/derive password
+                  {:alg :argon2id
+                   :memory 16384
+                   :iterations 20
+                   :parallelism 2}))
 
 (defn verify-password
   [attempt password]
@@ -25,3 +23,4 @@
     (catch Throwable _
       {:update false
        :valid false})))
+

backend/src/app/auth/oidc.clj

@@ -16,30 +16,29 @@
    [app.common.uri :as u]
    [app.config :as cf]
    [app.db :as db]
-   [app.email.blacklist :as email.blacklist]
-   [app.email.whitelist :as email.whitelist]
    [app.http.client :as http]
+   [app.http.middleware :as hmw]
    [app.http.session :as session]
    [app.loggers.audit :as audit]
+   [app.main :as-alias main]
    [app.rpc.commands.profile :as profile]
-   [app.setup :as-alias setup]
    [app.tokens :as tokens]
    [app.util.json :as json]
    [app.util.time :as dt]
-   [buddy.sign.jwk :as jwk]
-   [buddy.sign.jwt :as jwt]
+   [app.worker :as wrk]
    [clojure.set :as set]
    [clojure.spec.alpha :as s]
    [cuerdas.core :as str]
    [integrant.core :as ig]
-   [ring.request :as rreq]
-   [ring.response :as-alias rres]))
+   [promesa.core :as p]
+   [promesa.exec :as px]
+   [yetti.response :as yrs]))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; HELPERS
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
-(defn obfuscate-string
+(defn- obfuscate-string
   [s]
   (if (< (count s) 10)
     (apply str (take (count s) (repeat "*")))
@@ -52,29 +51,36 @@
 
 (defn- discover-oidc-config
   [cfg {:keys [base-uri] :as opts}]
-  (let [uri (dm/str (u/join base-uri ".well-known/openid-configuration"))
-        rsp (http/req! cfg {:method :get :uri uri} {:sync? true})]
-    (if (= 200 (:status rsp))
-      (let [data      (-> rsp :body json/decode)
+  (let [discovery-uri (u/join base-uri ".well-known/openid-configuration")
+        response      (ex/try! (http/req! cfg
+                                          {:method :get :uri (str discovery-uri)}
+                                          {:sync? true}))]
+    (cond
+      (ex/exception? response)
+      (do
+        (l/warn :hint "unable to discover oidc configuration"
+                :discover-uri (str discovery-uri)
+                :cause response)
+        nil)
+
+      (= 200 (:status response))
+      (let [data      (json/decode (:body response))
             token-uri (get data :token_endpoint)
             auth-uri  (get data :authorization_endpoint)
-            user-uri  (get data :userinfo_endpoint)
-            jwks-uri  (get data :jwks_uri)]
-
+            user-uri  (get data :userinfo_endpoint)]
         (l/debug :hint "oidc uris discovered"
                  :token-uri token-uri
                  :auth-uri auth-uri
-                 :user-uri user-uri
-                 :jwks-uri jwks-uri)
-
+                 :user-uri user-uri)
         {:token-uri token-uri
          :auth-uri  auth-uri
-         :user-uri  user-uri
-         :jwks-uri jwks-uri})
+         :user-uri  user-uri})
+
+      :else
       (do
         (l/warn :hint "unable to discover OIDC configuration"
-                :discover-uri uri
-                :http-status (:status rsp))
+                :uri (str discovery-uri)
+                :response-status-code (:status response))
         nil))))
 
 (defn- prepare-oidc-opts
@@ -85,7 +91,6 @@
               :token-uri     (cf/get :oidc-token-uri)
               :auth-uri      (cf/get :oidc-auth-uri)
               :user-uri      (cf/get :oidc-user-uri)
-              :jwks-uri      (cf/get :oidc-jwks-uri)
               :scopes        (cf/get :oidc-scopes #{"openid" "profile" "email"})
               :roles-attr    (cf/get :oidc-roles-attr)
               :roles         (cf/get :oidc-roles)
@@ -100,42 +105,8 @@
                (string? (:user-uri opts))
                (string? (:auth-uri opts)))
         opts
-        (try
-          (-> (discover-oidc-config cfg opts)
-              (merge opts {:discover? true}))
-          (catch Throwable cause
-            (l/warn :hint "unable to discover OIDC configuration"
-                    :cause cause)))))))
-
-(defn- process-oidc-jwks
-  [keys]
-  (reduce (fn [result {:keys [kid] :as kdata}]
-            (let [pkey (ex/try! (jwk/public-key kdata))]
-              (if (ex/exception? pkey)
-                (do
-                  (l/warn :hint "unable to create public key"
-                          :kid (:kid kdata)
-                          :cause pkey)
-                  result)
-                (assoc result kid pkey))))
-          {}
-          keys))
-
-(defn- fetch-oidc-jwks
-  [cfg {:keys [jwks-uri]}]
-  (when jwks-uri
-    (try
-      (let [{:keys [status body]} (http/req! cfg {:method :get :uri jwks-uri} {:sync? true})]
-        (if (= 200 status)
-          (-> body json/decode :keys process-oidc-jwks)
-          (do
-            (l/warn :hint "unable to retrieve JWKs (unexpected response status code)"
-                    :http-status status
-                    :http-body  body)
-            nil)))
-      (catch Throwable cause
-        (l/warn :hint "unable to retrieve JWKs (unexpected exception)"
-                :cause cause)))))
+        (some-> (discover-oidc-config cfg opts)
+                (merge opts {:discover? true}))))))
 
 (defmethod ig/pre-init-spec ::providers/generic [_]
   (s/keys :req [::http/client]))
@@ -144,7 +115,7 @@
   [_ cfg]
   (when (contains? cf/flags :login-with-oidc)
     (if-let [opts (prepare-oidc-opts cfg)]
-      (let [jwks (fetch-oidc-jwks cfg opts)]
+      (do
         (l/info :hint "provider initialized"
                 :provider "oidc"
                 :method (if (:discover? opts) "discover" "manual")
@@ -155,9 +126,8 @@
                 :user-uri   (:user-uri opts)
                 :token-uri  (:token-uri opts)
                 :roles-attr (:roles-attr opts)
-                :roles      (:roles opts)
-                :keys       (str/join "," (map str (keys jwks))))
-        (assoc opts :jwks jwks))
+                :roles      (:roles opts))
+        opts)
       (do
         (l/warn :hint "unable to initialize auth provider, missing configuration" :provider "oidc")
         nil))))
@@ -195,23 +165,21 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
 (defn- retrieve-github-email
-  [cfg tdata props]
-  (or (some-> props :github/email)
-      (let [params {:uri "https://api.github.com/user/emails"
-                    :headers {"Authorization" (dm/str (:token/type tdata) " " (:token/access tdata))}
-                    :timeout 6000
-                    :method :get}
-
-            {:keys [status body]} (http/req! cfg params {:sync? true})]
-
-        (when-not (s/int-in-range? 200 300 status)
-          (ex/raise :type :internal
-                    :code :unable-to-retrieve-github-emails
-                    :hint "unable to retrieve github emails"
-                    :http-status status
-                    :http-body body))
-
-        (->> body json/decode (filter :primary) first :email))))
+  [cfg tdata info]
+  (or (some-> info :email p/resolved)
+      (->> (http/req! cfg
+                      {:uri "https://api.github.com/user/emails"
+                       :headers {"Authorization" (dm/str (:type tdata) " " (:token tdata))}
+                       :timeout 6000
+                       :method :get})
+           (p/map (fn [{:keys [status body] :as response}]
+                    (when-not (s/int-in-range? 200 300 status)
+                      (ex/raise :type :internal
+                                :code :unable-to-retrieve-github-emails
+                                :hint "unable to retrieve github emails"
+                                :http-status status
+                                :http-body body))
+                    (->> response :body json/decode (filter :primary) first :email))))))
 
 (defmethod ig/pre-init-spec ::providers/github [_]
   (s/keys :req [::http/client]))
@@ -228,7 +196,7 @@
 
               ;; Additional hooks for provider specific way of
               ;; retrieve emails.
-              :get-email-fn  (partial retrieve-github-email cfg)}]
+              :get-email-fn           (partial retrieve-github-email cfg)}]
 
     (when (contains? cf/flags :login-with-github)
       (if (and (string? (:client-id opts))
@@ -278,18 +246,13 @@
 ;; HANDLERS
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
-(defn- parse-attr-path
-  [provider path]
-  (let [[fitem & items] (str/split path "__")]
-    (into [(keyword (:name provider) fitem)] (map keyword) items)))
-
 (defn- build-redirect-uri
-  [{:keys [::provider] :as cfg}]
+  [{:keys [provider] :as cfg}]
   (let [public (u/uri (cf/get :public-uri))]
     (str (assoc public :path (str "/api/auth/oauth/" (:name provider) "/callback")))))
 
 (defn- build-auth-uri
-  [{:keys [::provider] :as cfg} state]
+  [{:keys [provider] :as cfg} state]
   (let [params {:client_id (:client-id provider)
                 :redirect_uri (build-redirect-uri cfg)
                 :response_type "code"
@@ -300,19 +263,15 @@
         (assoc :query query)
         (str))))
 
-(defn- qualify-prop-key
-  [provider k]
-  (keyword (:name provider) (name k)))
-
 (defn- qualify-props
   [provider props]
   (reduce-kv (fn [result k v]
-               (assoc result (qualify-prop-key provider k) v))
+               (assoc result (keyword (:name provider) (name k)) v))
              {}
              props))
 
-(defn- fetch-access-token
-  [{:keys [::provider] :as cfg} code]
+(defn retrieve-access-token
+  [{:keys [provider] :as cfg} code]
   (let [params {:client_id (:client-id provider)
                 :client_secret (:client-secret provider)
                 :code code
@@ -331,82 +290,80 @@
              :grant-type (:grant_type params)
              :redirect-uri (:redirect_uri params))
 
-    (let [{:keys [status body]} (http/req! cfg req {:sync? true})]
-      (l/trace :hint "access token response" :status status :body body)
-      (if (= status 200)
-        (let [data (json/decode body)]
-          {:token/access (get data :access_token)
-           :token/id     (get data :id_token)
-           :token/type   (get data :token_type)})
+    (->> (http/req! cfg req)
+         (p/map (fn [{:keys [status body] :as res}]
+                  (l/trace :hint "access token response"
+                           :status status
+                           :body body)
+                  (if (= status 200)
+                    (let [data (json/decode body)]
+                      {:token (get data :access_token)
+                       :type (get data :token_type)})
+                    (ex/raise :type :internal
+                              :code :unable-to-retrieve-token
+                              :http-status status
+                              :http-body body)))))))
 
-        (ex/raise :type :internal
-                  :code :unable-to-retrieve-token
-                  :hint "unable to retrieve token"
-                  :http-status status
-                  :http-body body)))))
+(defn- retrieve-user-info
+  [{:keys [provider] :as cfg} tdata]
+  (letfn [(retrieve []
+            (l/trace :hint "request user info"
+                     :uri (:user-uri provider)
+                     :token (obfuscate-string (:token tdata))
+                     :token-type (:type tdata))
+            (http/req! cfg
+                       {:uri (:user-uri provider)
+                        :headers {"Authorization" (str (:type tdata) " " (:token tdata))}
+                        :timeout 6000
+                        :method :get}))
+          (validate-response [response]
+            (l/trace :hint "user info response"
+                     :status (:status response)
+                     :body   (:body response))
+            (when-not (s/int-in-range? 200 300 (:status response))
+              (ex/raise :type :internal
+                        :code :unable-to-retrieve-user-info
+                        :hint "unable to retrieve user info"
+                        :http-status (:status response)
+                        :http-body (:body response)))
+            response)
 
-(defn- process-user-info
-  [provider tdata info]
-  (letfn [(get-email [props]
+          (get-email [info]
             ;; Allow providers hook into this for custom email
             ;; retrieval method.
             (if-let [get-email-fn (:get-email-fn provider)]
-              (get-email-fn tdata props)
-              (let [attr-kw (cf/get :oidc-email-attr "email")
-                    attr-ph (parse-attr-path provider attr-kw)]
-                (get-in props attr-ph))))
+              (get-email-fn tdata info)
+              (let [attr-kw (cf/get :oidc-email-attr :email)]
+                (p/resolved (get info attr-kw)))))
 
-          (get-name [props]
-            (let [attr-kw (cf/get :oidc-name-attr "name")
-                  attr-ph (parse-attr-path provider attr-kw)]
-              (get-in props attr-ph)))]
+          (get-name [info]
+            (let [attr-kw (cf/get :oidc-name-attr :name)]
+              (get info attr-kw)))
 
-    (let [props (qualify-props provider info)
-          email (get-email props)]
-      {:backend  (:name provider)
-       :fullname (or (get-name props) email)
-       :email    email
-       :props    props})))
+          (process-response [response]
+            (p/let [info  (-> response :body json/decode)
+                    email (get-email info)]
+              {:backend  (:name provider)
+               :email    email
+               :fullname (or (get-name info) email)
+               :props    (->> (dissoc info :name :email)
+                              (qualify-props provider))}))
 
-(defn- fetch-user-info
-  [{:keys [::provider] :as cfg} tdata]
-  (l/trace :hint "fetch user info"
-           :uri (:user-uri provider)
-           :token (obfuscate-string (:token/access tdata)))
+          (validate-info [info]
+            (l/trace :hint "authentication info" :info info)
+            (when-not (s/valid? ::info info)
+              (l/warn :hint "received incomplete profile info object (please set correct scopes)"
+                      :info (pr-str info))
+              (ex/raise :type :internal
+                        :code :incomplete-user-info
+                        :hint "inconmplete user info"
+                        :info info))
+            info)]
 
-  (let [params   {:uri (:user-uri provider)
-                  :headers {"Authorization" (str (:token/type tdata) " " (:token/access tdata))}
-                  :timeout 6000
-                  :method :get}
-        response (http/req! cfg params {:sync? true})]
-
-    (l/trace :hint "user info response"
-             :status (:status response)
-             :body   (:body response))
-
-    (when-not (s/int-in-range? 200 300 (:status response))
-      (ex/raise :type :internal
-                :code :unable-to-retrieve-user-info
-                :hint "unable to retrieve user info"
-                :http-status (:status response)
-                :http-body (:body response)))
-
-    (-> response :body json/decode)))
-
-(defn- get-user-info
-  [{:keys [::provider]} tdata]
-  (try
-    (when (:token/id tdata)
-      (let [{:keys [kid alg] :as theader} (jwt/decode-header (:token/id tdata))]
-        (when-let [key (if (str/starts-with? (name alg) "hs")
-                         (:client-secret provider)
-                         (get-in provider [:jwks kid]))]
-
-          (let [claims (jwt/unsign (:token/id tdata) key {:alg alg})]
-            (dissoc claims :exp :iss :iat :sid :aud :sub)))))
-    (catch Throwable cause
-      (l/warn :hint "unable to get user info from JWT token (unexpected exception)"
-              :cause cause))))
+    (->> (retrieve)
+         (p/fmap validate-response)
+         (p/mcat process-response)
+         (p/fmap validate-info))))
 
 (s/def ::backend ::us/not-empty-string)
 (s/def ::email ::us/not-empty-string)
@@ -418,217 +375,150 @@
                    ::fullname
                    ::props]))
 
-(defn- get-info
-  [{:keys [::provider ::setup/props] :as cfg} {:keys [params] :as request}]
-  (when-let [error (get params :error)]
-    (ex/raise :type :internal
-              :code :error-on-retrieving-code
-              :error-id error
-              :error-desc (get params :error_description)))
+(defn get-info
+  [{:keys [provider] :as cfg} {:keys [params] :as request}]
+  (letfn [(validate-oidc [info]
+            ;; If the provider is OIDC, we can proceed to check
+            ;; roles if they are defined.
+            (when (and (= "oidc" (:name provider))
+                       (seq (:roles provider)))
+              (let [provider-roles (into #{} (:roles provider))
+                    profile-roles  (let [attr  (cf/get :oidc-roles-attr :roles)
+                                         roles (get info attr)]
+                                     (cond
+                                       (string? roles) (into #{} (str/words roles))
+                                       (vector? roles) (into #{} roles)
+                                       :else #{}))]
 
-  (let [state  (get params :state)
-        code   (get params :code)
-        state  (tokens/verify props {:token state :iss :oauth})
-        tdata  (fetch-access-token cfg code)
-        info   (case (cf/get :oidc-user-info-source)
-                 :token (get-user-info cfg tdata)
-                 :userinfo (fetch-user-info cfg tdata)
-                 (or (get-user-info cfg tdata)
-                     (fetch-user-info cfg tdata)))
+                ;; check if profile has a configured set of roles
+                (when-not (set/subset? provider-roles profile-roles)
+                  (ex/raise :type :internal
+                            :code :unable-to-auth
+                            :hint "not enough permissions"))))
+            info)
 
-        info   (process-user-info provider tdata info)]
+          (post-process [state info]
+            (cond-> info
+              (some? (:invitation-token state))
+              (assoc :invitation-token (:invitation-token state))
 
-    (l/trace :hint "user info" :info info)
+              ;; If state token comes with props, merge them. The state token
+              ;; props can contain pm_ and utm_ prefixed query params.
+              (map? (:props state))
+              (update :props merge (:props state))))]
 
-    (when-not (s/valid? ::info info)
-      (l/warn :hint "received incomplete profile info object (please set correct scopes)" :info info)
+    (when-let [error (get params :error)]
       (ex/raise :type :internal
-                :code :incomplete-user-info
-                :hint "inconmplete user info"
-                :info info))
+                :code :error-on-retrieving-code
+                :error-id error
+                :error-desc (get params :error_description)))
 
-    ;; If the provider is OIDC, we can proceed to check
-    ;; roles if they are defined.
-    (when (and (= "oidc" (:name provider))
-               (seq (:roles provider)))
-
-      (let [expected-roles (into #{} (:roles provider))
-            current-roles  (let [roles-kw (cf/get :oidc-roles-attr "roles")
-                                 roles-ph (parse-attr-path provider roles-kw)
-                                 roles    (get-in (:props info) roles-ph)]
-                             (cond
-                               (string? roles) (into #{} (str/words roles))
-                               (vector? roles) (into #{} roles)
-                               :else #{}))]
-
-        ;; check if profile has a configured set of roles
-        (when-not (set/subset? expected-roles current-roles)
-          (ex/raise :type :internal
-                    :code :unable-to-auth
-                    :hint "not enough permissions"))))
-
-    (cond-> info
-      (some? (:invitation-token state))
-      (assoc :invitation-token (:invitation-token state))
-
-      (some? (:external-session-id state))
-      (assoc :external-session-id (:external-session-id state))
-
-      ;; If state token comes with props, merge them. The state token
-      ;; props can contain pm_ and utm_ prefixed query params.
-      (map? (:props state))
-      (update :props merge (:props state)))))
+    (let [state  (get params :state)
+          code   (get params :code)
+          state  (tokens/verify (::main/props cfg) {:token state :iss :oauth})]
+      (-> (p/resolved code)
+          (p/then #(retrieve-access-token cfg %))
+          (p/then #(retrieve-user-info cfg %))
+          (p/then' validate-oidc)
+          (p/then' (partial post-process state))))))
 
 (defn- get-profile
-  [cfg info]
-  (db/run! cfg (fn [{:keys [::db/conn]}]
-                 (some->> (:email info)
-                          (profile/clean-email)
-                          (profile/get-profile-by-email conn)))))
+  [{:keys [::db/pool ::wrk/executor] :as cfg} info]
+  (px/with-dispatch executor
+    (with-open [conn (db/open pool)]
+      (some->> (:email info)
+               (profile/get-profile-by-email conn)))))
 
 (defn- redirect-response
   [uri]
-  {::rres/status 302
-   ::rres/headers {"location" (str uri)}})
-
-(defn- redirect-with-error
-  ([error] (redirect-with-error error nil))
-  ([error hint]
-   (let [params {:error error :hint hint}
-         params (d/without-nils params)
-         uri    (-> (u/uri (cf/get :public-uri))
-                    (assoc :path "/#/auth/login")
-                    (assoc :query (u/map->query-string params)))]
-     (redirect-response uri))))
-
-(defn- redirect-to-register
-  [cfg info request]
-  (let [info   (assoc info
-                      :iss :prepared-register
-                      :exp (dt/in-future {:hours 48}))
-
-        params {:token (tokens/generate (::setup/props cfg) info)
-                :provider (:provider (:path-params request))
-                :fullname (:fullname info)}
-        params (d/without-nils params)]
-
-    (redirect-response
-     (-> (u/uri (cf/get :public-uri))
-         (assoc :path "/#/auth/register/validate")
-         (assoc :query (u/map->query-string params))))))
-
-(defn- redirect-to-verify-token
-  [token]
-  (let [params {:token token}
-        uri    (-> (u/uri (cf/get :public-uri))
-                   (assoc :path "/#/auth/verify-token")
-                   (assoc :query (u/map->query-string params)))]
+  (yrs/response :status 302 :headers {"location" (str uri)}))
 
+(defn- generate-error-redirect
+  [_ error]
+  (let [uri (-> (u/uri (cf/get :public-uri))
+                (assoc :path "/#/auth/login")
+                (assoc :query (u/map->query-string {:error "unable-to-auth" :hint (ex-message error)})))]
     (redirect-response uri)))
 
-(defn- provider-has-email-verified?
-  [{:keys [::provider] :as cfg} {:keys [props] :as info}]
-  (let [prop (qualify-prop-key provider :email_verified)]
-    (true? (get props prop))))
-
-(defn- profile-has-provider-props?
-  [{:keys [::provider] :as cfg} profile]
-  (let [prop (qualify-prop-key provider :email)]
-    (contains? (:props profile) prop)))
-
-(defn- provider-matches-profile?
-  [{:keys [::provider] :as cfg} profile info]
-  (or (= (:auth-backend profile) (:name provider))
-      (profile-has-provider-props? cfg profile)
-      (provider-has-email-verified? cfg info)))
-
-(defn- process-callback
+(defn- generate-redirect
   [cfg request info profile]
-  (cond
-    (some? profile)
-    (cond
-      (:is-blocked profile)
-      (redirect-with-error "profile-blocked")
+  (if profile
+    (let [sxf    (session/create-fn cfg (:id profile))
+          token  (or (:invitation-token info)
+                     (tokens/generate (::main/props cfg)
+                                      {:iss :auth
+                                       :exp (dt/in-future "15m")
+                                       :profile-id (:id profile)}))
+          params {:token token}
+          uri    (-> (u/uri (cf/get :public-uri))
+                     (assoc :path "/#/auth/verify-token")
+                     (assoc :query (u/map->query-string params)))]
 
-      (not (provider-matches-profile? cfg profile info))
-      (redirect-with-error "auth-provider-not-allowed")
+      (when (:is-blocked profile)
+        (ex/raise :type :restriction
+                  :code :profile-blocked))
 
-      (not (:is-active profile))
-      (let [info (assoc info :profile-id (:id profile))]
-        (redirect-to-register cfg info request))
+      (audit/submit! cfg {:type "command"
+                          :name "login-with-password"
+                          :profile-id (:id profile)
+                          :ip-addr (audit/parse-client-ip request)
+                          :props (audit/profile->props profile)})
 
-      :else
-      (let [sxf     (session/create-fn cfg (:id profile))
-            token   (or (:invitation-token info)
-                        (tokens/generate (::setup/props cfg)
-                                         {:iss :auth
-                                          :exp (dt/in-future "15m")
-                                          :props (:props info)
-                                          :profile-id (:id profile)}))
-            props   (audit/profile->props profile)
-            context (d/without-nils {:external-session-id (:external-session-id info)})]
+      (->> (redirect-response uri)
+           (sxf request)))
 
-        (audit/submit! cfg {::audit/type "command"
-                            ::audit/name "login-with-oidc"
-                            ::audit/profile-id (:id profile)
-                            ::audit/ip-addr (audit/parse-client-ip request)
-                            ::audit/props props
-                            ::audit/context context})
-
-        (->> (redirect-to-verify-token token)
-             (sxf request))))
-
-    (and (email.blacklist/enabled? cfg)
-         (email.blacklist/contains? cfg (:email info)))
-    (redirect-with-error "email-domain-not-allowed")
-
-    (and (email.whitelist/enabled? cfg)
-         (not (email.whitelist/contains? cfg (:email info))))
-    (redirect-with-error "email-domain-not-allowed")
-
-    :else
-    (let [info (assoc info :is-active (provider-has-email-verified? cfg info))]
-      (if (contains? cf/flags :registration)
-        (redirect-to-register cfg info request)
-        (redirect-with-error "registration-disabled")))))
+    (let [info   (assoc info
+                        :iss :prepared-register
+                        :is-active true
+                        :exp (dt/in-future {:hours 48}))
+          token  (tokens/generate (::main/props cfg) info)
+          params (d/without-nils
+                  {:token token
+                   :fullname (:fullname info)})
+          uri    (-> (u/uri (cf/get :public-uri))
+                     (assoc :path "/#/auth/register/validate")
+                     (assoc :query (u/map->query-string params)))]
+      (redirect-response uri))))
 
 (defn- auth-handler
   [cfg {:keys [params] :as request}]
   (let [props (audit/extract-utm-params params)
-        esid  (rreq/get-header request "x-external-session-id")
-        state (tokens/generate (::setup/props cfg)
+        state (tokens/generate (::main/props cfg)
                                {:iss :oauth
                                 :invitation-token (:invitation-token params)
-                                :external-session-id esid
                                 :props props
                                 :exp (dt/in-future "4h")})
         uri   (build-auth-uri cfg state)]
-    {::rres/status 200
-     ::rres/body {:redirect-uri uri}}))
+    (yrs/response 200 {:redirect-uri uri})))
 
 (defn- callback-handler
   [cfg request]
-  (try
-    (let [info    (get-info cfg request)
-          profile (get-profile cfg info)]
-      (process-callback cfg request info profile))
-    (catch Throwable cause
-      (l/err :hint "error on oauth process" :cause cause)
-      (redirect-with-error "unable-to-auth" (ex-message cause)))))
+  (letfn [(process-request []
+            (p/let [info    (get-info cfg request)
+                    profile (get-profile cfg info)]
+              (generate-redirect cfg request info profile)))
+
+          (handle-error [cause]
+            (l/error :hint "error on oauth process" :cause cause)
+            (generate-error-redirect cfg cause))]
+
+    (-> (process-request)
+        (p/catch handle-error))))
 
 (def provider-lookup
   {:compile
    (fn [& _]
-     (fn [handler {:keys [::providers] :as cfg}]
-       (fn [request]
+     (fn [handler]
+       (fn [{:keys [::providers] :as cfg} request]
          (let [provider (some-> request :path-params :provider keyword)]
            (if-let [provider (get providers provider)]
-             (handler (assoc cfg ::provider provider) request)
+             (handler (assoc cfg :provider provider) request)
              (ex/raise :type :restriction
                        :code :provider-not-configured
                        :provider provider
                        :hint "provider not configured"))))))})
 
+
 (s/def ::client-id ::cf/oidc-client-id)
 (s/def ::client-secret ::cf/oidc-client-secret)
 (s/def ::base-uri ::cf/oidc-base-uri)
@@ -641,6 +531,7 @@
 (s/def ::email-attr ::cf/oidc-email-attr)
 (s/def ::name-attr ::cf/oidc-name-attr)
 
+;; FIXME: migrate to qualified-keywords
 (s/def ::provider
   (s/keys :req-un [::client-id
                    ::client-secret]
@@ -662,15 +553,18 @@
   [_]
   (s/keys :req [::session/manager
                 ::http/client
-                ::setup/props
+                ::wrk/executor
+                ::main/props
                 ::db/pool
                 ::providers]))
 
 (defmethod ig/init-key ::routes
-  [_ cfg]
+  [_ {:keys [::wrk/executor] :as cfg}]
   (let [cfg (update cfg :provider d/without-nils)]
     ["" {:middleware [[session/authz cfg]
-                      [provider-lookup cfg]]}
+                      [hmw/with-dispatch executor]
+                      [hmw/with-config cfg]
+                      [provider-lookup]]}
      ["/auth/oauth"
       ["/:provider"
        {:handler auth-handler

backend/src/app/binfile/common.clj

@@ -1,492 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.binfile.common
-  "A binfile related file processing common code, used for different
-  binfile format implementations and management rpc methods."
-  (:require
-   [app.common.data :as d]
-   [app.common.data.macros :as dm]
-   [app.common.exceptions :as ex]
-   [app.common.features :as cfeat]
-   [app.common.files.migrations :as fmg]
-   [app.common.files.validate :as fval]
-   [app.common.logging :as l]
-   [app.common.uuid :as uuid]
-   [app.config :as cf]
-   [app.db :as db]
-   [app.db.sql :as sql]
-   [app.features.components-v2 :as feat.compv2]
-   [app.features.fdata :as feat.fdata]
-   [app.loggers.audit :as-alias audit]
-   [app.loggers.webhooks :as-alias webhooks]
-   [app.util.blob :as blob]
-   [app.util.pointer-map :as pmap]
-   [app.util.time :as dt]
-   [app.worker :as-alias wrk]
-   [clojure.set :as set]
-   [clojure.walk :as walk]
-   [cuerdas.core :as str]))
-
-(set! *warn-on-reflection* true)
-
-(def ^:dynamic *state* nil)
-(def ^:dynamic *options* nil)
-
-(def xf-map-id
-  (map :id))
-
-(def xf-map-media-id
-  (comp
-   (mapcat (juxt :media-id
-                 :thumbnail-id
-                 :woff1-file-id
-                 :woff2-file-id
-                 :ttf-file-id
-                 :otf-file-id))
-   (filter uuid?)))
-
-(def into-vec
-  (fnil into []))
-
-(def conj-vec
-  (fnil conj []))
-
-(defn collect-storage-objects
-  [state items]
-  (update state :storage-objects into xf-map-media-id items))
-
-(defn collect-summary
-  [state key items]
-  (update state key into xf-map-media-id items))
-
-(defn lookup-index
-  [id]
-  (when id
-    (let [val (get-in @*state* [:index id])]
-      (l/trc :fn "lookup-index" :id (str id) :result (some-> val str) ::l/sync? true)
-      (or val id))))
-
-(defn remap-id
-  [item key]
-  (cond-> item
-    (contains? item key)
-    (update key lookup-index)))
-
-(defn- index-object
-  [index obj & attrs]
-  (reduce (fn [index attr-fn]
-            (let [old-id (attr-fn obj)
-                  new-id (if (::overwrite *options*) old-id (uuid/next))]
-              (assoc index old-id new-id)))
-          index
-          attrs))
-
-(defn update-index
-  ([index coll]
-   (update-index index coll identity))
-  ([index coll attr]
-   (reduce #(index-object %1 %2 attr) index coll)))
-
-(defn decode-row
-  "A generic decode row helper"
-  [{:keys [data features] :as row}]
-  (cond-> row
-    features (assoc :features (db/decode-pgarray features #{}))
-    data     (assoc :data (blob/decode data))))
-
-(defn get-file
-  [cfg file-id]
-  (db/run! cfg (fn [{:keys [::db/conn] :as cfg}]
-                 (binding [pmap/*load-fn* (partial feat.fdata/load-pointer cfg file-id)]
-                   (when-let [file (db/get* conn :file {:id file-id}
-                                            {::db/remove-deleted false})]
-                     (-> file
-                         (decode-row)
-                         (update :data feat.fdata/process-pointers deref)
-                         (update :data feat.fdata/process-objects (partial into {}))))))))
-
-(defn get-project
-  [cfg project-id]
-  (db/get cfg :project {:id project-id}))
-
-(defn get-team
-  [cfg team-id]
-  (-> (db/get cfg :team {:id team-id})
-      (decode-row)))
-
-(defn get-fonts
-  [cfg team-id]
-  (db/query cfg :team-font-variant
-            {:team-id team-id
-             :deleted-at nil}))
-
-(defn get-files-rels
-  "Given a set of file-id's, return all matching relations with the libraries"
-  [cfg ids]
-
-  (dm/assert!
-   "expected a set of uuids"
-   (and (set? ids)
-        (every? uuid? ids)))
-
-  (db/run! cfg (fn [{:keys [::db/conn]}]
-                 (let [ids (db/create-array conn "uuid" ids)
-                       sql (str "SELECT flr.* FROM file_library_rel AS flr "
-                                "  JOIN file AS l ON (flr.library_file_id = l.id) "
-                                " WHERE flr.file_id = ANY(?) AND l.deleted_at IS NULL")]
-                   (db/exec! conn [sql ids])))))
-
-(def ^:private sql:get-libraries
-  "WITH RECURSIVE libs AS (
-     SELECT fl.id
-       FROM file AS fl
-       JOIN file_library_rel AS flr ON (flr.library_file_id = fl.id)
-      WHERE flr.file_id = ANY(?)
-    UNION
-     SELECT fl.id
-       FROM file AS fl
-       JOIN file_library_rel AS flr ON (flr.library_file_id = fl.id)
-       JOIN libs AS l ON (flr.file_id = l.id)
-   )
-   SELECT DISTINCT l.id
-     FROM libs AS l")
-
-(defn get-libraries
-  "Get all libraries ids related to provided file ids"
-  [cfg ids]
-  (db/run! cfg (fn [{:keys [::db/conn]}]
-                 (let [ids' (db/create-array conn "uuid" ids)]
-                   (->> (db/exec! conn [sql:get-libraries ids'])
-                        (into #{} xf-map-id))))))
-
-(defn get-file-object-thumbnails
-  "Return all file object thumbnails for a given file."
-  [cfg file-id]
-  (db/query cfg :file-tagged-object-thumbnail
-            {:file-id file-id
-             :deleted-at nil}))
-
-(defn get-file-thumbnail
-  "Return the thumbnail for the specified file-id"
-  [cfg {:keys [id revn]}]
-  (db/get* cfg :file-thumbnail
-           {:file-id id
-            :revn revn
-            :data nil}
-           {::sql/columns [:media-id :file-id :revn]}))
-
-
-(def ^:private
-  xform:collect-media-id
-  (comp
-   (map :objects)
-   (mapcat vals)
-   (mapcat (fn [obj]
-             ;; NOTE: because of some bug, we ended with
-             ;; many shape types having the ability to
-             ;; have fill-image attribute (which initially
-             ;; designed for :path shapes).
-             (sequence
-              (keep :id)
-              (concat [(:fill-image obj)
-                       (:metadata obj)]
-                      (map :fill-image (:fills obj))
-                      (map :stroke-image (:strokes obj))
-                      (->> (:content obj)
-                           (tree-seq map? :children)
-                           (mapcat :fills)
-                           (map :fill-image))))))))
-
-(defn collect-used-media
-  "Given a fdata (file data), returns all media references."
-  [data]
-  (-> #{}
-      (into xform:collect-media-id (vals (:pages-index data)))
-      (into xform:collect-media-id (vals (:components data)))
-      (into (keys (:media data)))))
-
-(defn get-file-media
-  [cfg {:keys [data id] :as file}]
-  (db/run! cfg (fn [{:keys [::db/conn]}]
-                 (let [ids (collect-used-media data)
-                       ids (db/create-array conn "uuid" ids)
-                       sql (str "SELECT * FROM file_media_object WHERE id = ANY(?)")]
-
-                   ;; We assoc the file-id again to the file-media-object row
-                   ;; because there are cases that used objects refer to other
-                   ;; files and we need to ensure in the exportation process that
-                   ;; all ids matches
-                   (->> (db/exec! conn [sql ids])
-                        (mapv #(assoc % :file-id id)))))))
-
-(def ^:private sql:get-team-files
-  "SELECT f.id FROM file AS f
-     JOIN project AS p ON (p.id = f.project_id)
-    WHERE p.team_id = ?")
-
-(defn get-team-files
-  "Get a set of file ids for the specified team-id"
-  [{:keys [::db/conn]} team-id]
-  (->> (db/exec! conn [sql:get-team-files team-id])
-       (into #{} xf-map-id)))
-
-(def ^:private sql:get-team-projects
-  "SELECT p.id FROM project AS p
-    WHERE p.team_id = ?
-      AND p.deleted_at IS NULL")
-
-(defn get-team-projects
-  "Get a set of project ids for the team"
-  [{:keys [::db/conn]} team-id]
-  (->> (db/exec! conn [sql:get-team-projects team-id])
-       (into #{} xf-map-id)))
-
-(def ^:private sql:get-project-files
-  "SELECT f.id FROM file AS f
-    WHERE f.project_id = ?
-      AND f.deleted_at IS NULL")
-
-(defn get-project-files
-  "Get a set of file ids for the project"
-  [{:keys [::db/conn]} project-id]
-  (->> (db/exec! conn [sql:get-project-files project-id])
-       (into #{} xf-map-id)))
-
-(defn- relink-shapes
-  "A function responsible to analyze all file data and
-  replace the old :component-file reference with the new
-  ones, using the provided file-index."
-  [data]
-  (letfn [(process-map-form [form]
-            (cond-> form
-              ;; Relink image shapes
-              (and (map? (:metadata form))
-                   (= :image (:type form)))
-              (update-in [:metadata :id] lookup-index)
-
-              ;; Relink paths with fill image
-              (map? (:fill-image form))
-              (update-in [:fill-image :id] lookup-index)
-
-              ;; This covers old shapes and the new :fills.
-              (uuid? (:fill-color-ref-file form))
-              (update :fill-color-ref-file lookup-index)
-
-              ;; This covers the old shapes and the new :strokes
-              (uuid? (:stroke-color-ref-file form))
-              (update :stroke-color-ref-file lookup-index)
-
-              ;; This covers all text shapes that have typography referenced
-              (uuid? (:typography-ref-file form))
-              (update :typography-ref-file lookup-index)
-
-              ;; This covers the component instance links
-              (uuid? (:component-file form))
-              (update :component-file lookup-index)
-
-              ;; This covers the shadows and grids (they have directly
-              ;; the :file-id prop)
-              (uuid? (:file-id form))
-              (update :file-id lookup-index)))
-
-          (process-form [form]
-            (if (map? form)
-              (try
-                (process-map-form form)
-                (catch Throwable cause
-                  (l/warn :hint "failed form" :form (pr-str form) ::l/sync? true)
-                  (throw cause)))
-              form))]
-
-    (walk/postwalk process-form data)))
-
-(defn- relink-media
-  "A function responsible of process the :media attr of file data and
-  remap the old ids with the new ones."
-  [media]
-  (reduce-kv (fn [res k v]
-               (let [id (lookup-index k)]
-                 (if (uuid? id)
-                   (-> res
-                       (assoc id (assoc v :id id))
-                       (dissoc k))
-                   res)))
-             media
-             media))
-
-(defn- relink-colors
-  "A function responsible of process the :colors attr of file data and
-  remap the old ids with the new ones."
-  [colors]
-  (reduce-kv (fn [res k v]
-               (if (:image v)
-                 (update-in res [k :image :id] lookup-index)
-                 res))
-             colors
-             colors))
-
-(defn embed-assets
-  [cfg data file-id]
-  (letfn [(walk-map-form [form state]
-            (cond
-              (uuid? (:fill-color-ref-file form))
-              (do
-                (vswap! state conj [(:fill-color-ref-file form) :colors (:fill-color-ref-id form)])
-                (assoc form :fill-color-ref-file file-id))
-
-              (uuid? (:stroke-color-ref-file form))
-              (do
-                (vswap! state conj [(:stroke-color-ref-file form) :colors (:stroke-color-ref-id form)])
-                (assoc form :stroke-color-ref-file file-id))
-
-              (uuid? (:typography-ref-file form))
-              (do
-                (vswap! state conj [(:typography-ref-file form) :typographies (:typography-ref-id form)])
-                (assoc form :typography-ref-file file-id))
-
-              (uuid? (:component-file form))
-              (do
-                (vswap! state conj [(:component-file form) :components (:component-id form)])
-                (assoc form :component-file file-id))
-
-              :else
-              form))
-
-          (process-group-of-assets [data [lib-id items]]
-            ;; NOTE: there is a possibility that shape refers to an
-            ;; non-existant file because the file was removed. In this
-            ;; case we just ignore the asset.
-            (if-let [lib (get-file cfg lib-id)]
-              (reduce (partial process-asset lib) data items)
-              data))
-
-          (process-asset [lib data [bucket asset-id]]
-            (let [asset (get-in lib [:data bucket asset-id])
-                  ;; Add a special case for colors that need to have
-                  ;; correctly set the :file-id prop (pending of the
-                  ;; refactor that will remove it).
-                  asset (cond-> asset
-                          (= bucket :colors) (assoc :file-id file-id))]
-              (update data bucket assoc asset-id asset)))]
-
-    (let [assets (volatile! [])]
-      (walk/postwalk #(cond-> % (map? %) (walk-map-form assets)) data)
-      (->> (deref assets)
-           (filter #(as-> (first %) $ (and (uuid? $) (not= $ file-id))))
-           (d/group-by first rest)
-           (reduce (partial process-group-of-assets) data)))))
-
-(defn- fix-version
-  [file]
-  (let [file (fmg/fix-version file)]
-    ;; FIXME: We're temporarily activating all migrations because a
-    ;; problem in the environments messed up with the version numbers
-    ;; When this problem is fixed delete the following line
-    (if (> (:version file) 22)
-      (assoc file :version 22)
-      file)))
-
-(defn process-file
-  [{:keys [id] :as file}]
-  (-> file
-      (fix-version)
-      (update :data (fn [fdata]
-                      (-> fdata
-                          (assoc :id id)
-                          (dissoc :recent-colors))))
-      (fmg/migrate-file)
-      (update :data (fn [fdata]
-                      (-> fdata
-                          (update :pages-index relink-shapes)
-                          (update :components relink-shapes)
-                          (update :media relink-media)
-                          (update :colors relink-colors)
-                          (d/without-nils))))))
-
-(defn- upsert-file!
-  [conn file]
-  (let [sql (str "INSERT INTO file (id, project_id, name, revn, version, is_shared, data, created_at, modified_at) "
-                 "VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?) "
-                 "ON CONFLICT (id) DO UPDATE SET data=?, version=?")]
-    (db/exec-one! conn [sql
-                        (:id file)
-                        (:project-id file)
-                        (:name file)
-                        (:revn file)
-                        (:version file)
-                        (:is-shared file)
-                        (:data file)
-                        (:created-at file)
-                        (:modified-at file)
-                        (:data file)
-                        (:version file)])))
-
-(defn persist-file!
-  "Applies all the final validations and perist the file."
-  [{:keys [::db/conn ::timestamp] :as cfg} {:keys [id] :as file}]
-
-  (dm/assert!
-   "expected valid timestamp"
-   (dt/instant? timestamp))
-
-  (let [file   (-> file
-                   (assoc :created-at timestamp)
-                   (assoc :modified-at timestamp)
-                   (assoc :ignore-sync-until (dt/plus timestamp (dt/duration {:seconds 5})))
-                   (update :features
-                           (fn [features]
-                             (let [features (cfeat/check-supported-features! features)]
-                               (-> (::features cfg #{})
-                                   (set/difference cfeat/frontend-only-features)
-                                   (set/union features))))))
-
-        _      (when (contains? cf/flags :file-schema-validation)
-                 (fval/validate-file-schema! file))
-
-        _      (when (contains? cf/flags :soft-file-schema-validation)
-                 (let [result (ex/try! (fval/validate-file-schema! file))]
-                   (when (ex/exception? result)
-                     (l/error :hint "file schema validation error" :cause result))))
-
-        file   (if (contains? (:features file) "fdata/objects-map")
-                 (feat.fdata/enable-objects-map file)
-                 file)
-
-        file   (if (contains? (:features file) "fdata/pointer-map")
-                 (binding [pmap/*tracked* (pmap/create-tracked)]
-                   (let [file (feat.fdata/enable-pointer-map file)]
-                     (feat.fdata/persist-pointers! cfg id)
-                     file))
-                 file)
-
-        params (-> file
-                   (update :features db/encode-pgarray conn "text")
-                   (update :data blob/encode))]
-
-    (if (::overwrite cfg)
-      (upsert-file! conn params)
-      (db/insert! conn :file params ::db/return-keys false))
-
-    file))
-
-(defn apply-pending-migrations!
-  "Apply alredy registered pending migrations to files"
-  [cfg]
-  (doseq [[feature file-id] (-> *state* deref :pending-to-migrate)]
-    (case feature
-      "components/v2"
-      (feat.compv2/migrate-file! cfg file-id
-                                 :validate? (::validate cfg true)
-                                 :skip-on-graphic-error? true)
-
-      "fdata/shape-data-type"
-      nil
-
-      (ex/raise :type :internal
-                :code :no-migration-defined
-                :hint (str/ffmt "no migation for feature '%' on file importation" feature)
-                :feature feature))))

backend/src/app/binfile/v1.clj

@@ -1,779 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.binfile.v1
-  "A custom, perfromance and efficiency focused binfile format impl"
-  (:refer-clojure :exclude [assert])
-  (:require
-   [app.binfile.common :as bfc]
-   [app.common.data :as d]
-   [app.common.data.macros :as dm]
-   [app.common.exceptions :as ex]
-   [app.common.features :as cfeat]
-   [app.common.fressian :as fres]
-   [app.common.logging :as l]
-   [app.common.spec :as us]
-   [app.common.types.file :as ctf]
-   [app.common.uuid :as uuid]
-   [app.config :as cf]
-   [app.db :as db]
-   [app.loggers.audit :as-alias audit]
-   [app.loggers.webhooks :as-alias webhooks]
-   [app.media :as media]
-   [app.rpc :as-alias rpc]
-   [app.rpc.commands.teams :as teams]
-   [app.rpc.doc :as-alias doc]
-   [app.storage :as sto]
-   [app.storage.tmp :as tmp]
-   [app.tasks.file-gc]
-   [app.util.events :as events]
-   [app.util.time :as dt]
-   [app.worker :as-alias wrk]
-   [clojure.java.io :as jio]
-   [clojure.set :as set]
-   [clojure.spec.alpha :as s]
-   [cuerdas.core :as str]
-   [datoteka.io :as io]
-   [promesa.util :as pu]
-   [yetti.adapter :as yt])
-  (:import
-   com.github.luben.zstd.ZstdIOException
-   com.github.luben.zstd.ZstdInputStream
-   com.github.luben.zstd.ZstdOutputStream
-   java.io.DataInputStream
-   java.io.DataOutputStream
-   java.io.InputStream
-   java.io.OutputStream))
-
-(set! *warn-on-reflection* true)
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; DEFAULTS
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-;; Threshold in MiB when we pass from using
-;; in-memory byte-array's to use temporal files.
-(def temp-file-threshold
-  (* 1024 1024 2))
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; LOW LEVEL STREAM IO API
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-(def ^:const buffer-size (:xnio/buffer-size yt/defaults))
-(def ^:const penpot-magic-number 800099563638710213)
-
-
-;; A maximum (storage) object size allowed: 100MiB
-(def ^:const max-object-size
-  (* 1024 1024 100))
-
-(def ^:dynamic *position* nil)
-
-(defn get-mark
-  [id]
-  (case id
-    :header  1
-    :stream  2
-    :uuid    3
-    :label   4
-    :obj     5
-    (ex/raise :type :validation
-              :code :invalid-mark-id
-              :hint (format "invalid mark id %s" id))))
-
-(defmacro assert
-  [expr hint]
-  `(when-not ~expr
-     (ex/raise :type :validation
-               :code :unexpected-condition
-               :hint ~hint)))
-
-(defmacro assert-mark
-  [v type]
-  `(let [expected# (get-mark ~type)
-         val#      (long ~v)]
-     (when (not= val# expected#)
-       (ex/raise :type :validation
-                 :code :unexpected-mark
-                 :hint (format "received mark %s, expected %s" val# expected#)))))
-
-(defmacro assert-label
-  [expr label]
-  `(let [v# ~expr]
-     (when (not= v# ~label)
-       (ex/raise :type :assertion
-                 :code :unexpected-label
-                 :hint (format "received label %s, expected %s" v# ~label)))))
-
-;; --- PRIMITIVE IO
-
-(defn write-byte!
-  [^DataOutputStream output data]
-  (l/trace :fn "write-byte!" :data data :position @*position* ::l/sync? true)
-  (.writeByte output (byte data))
-  (swap! *position* inc))
-
-(defn read-byte!
-  [^DataInputStream input]
-  (let [v (.readByte input)]
-    (l/trace :fn "read-byte!" :val v :position @*position* ::l/sync? true)
-    (swap! *position* inc)
-    v))
-
-(defn write-long!
-  [^DataOutputStream output data]
-  (l/trace :fn "write-long!" :data data :position @*position* ::l/sync? true)
-  (.writeLong output (long data))
-  (swap! *position* + 8))
-
-
-(defn read-long!
-  [^DataInputStream input]
-  (let [v (.readLong input)]
-    (l/trace :fn "read-long!" :val v :position @*position* ::l/sync? true)
-    (swap! *position* + 8)
-    v))
-
-(defn write-bytes!
-  [^DataOutputStream output ^bytes data]
-  (let [size (alength data)]
-    (l/trace :fn "write-bytes!" :size size :position @*position* ::l/sync? true)
-    (.write output data 0 size)
-    (swap! *position* + size)))
-
-(defn read-bytes!
-  [^InputStream input ^bytes buff]
-  (let [size   (alength buff)
-        readed (.readNBytes input buff 0 size)]
-    (l/trace :fn "read-bytes!" :expected (alength buff) :readed readed :position @*position* ::l/sync? true)
-    (swap! *position* + readed)
-    readed))
-
-;; --- COMPOSITE IO
-
-(defn write-uuid!
-  [^DataOutputStream output id]
-  (l/trace :fn "write-uuid!" :position @*position* :WRITTEN? (.size output) ::l/sync? true)
-
-  (doto output
-    (write-byte! (get-mark :uuid))
-    (write-long! (uuid/get-word-high id))
-    (write-long! (uuid/get-word-low id))))
-
-(defn read-uuid!
-  [^DataInputStream input]
-  (l/trace :fn "read-uuid!" :position @*position* ::l/sync? true)
-  (let [m (read-byte! input)]
-    (assert-mark m :uuid)
-    (let [a (read-long! input)
-          b (read-long! input)]
-      (uuid/custom a b))))
-
-(defn write-obj!
-  [^DataOutputStream output data]
-  (l/trace :fn "write-obj!" :position @*position* ::l/sync? true)
-  (let [^bytes data (fres/encode data)]
-    (doto output
-      (write-byte! (get-mark :obj))
-      (write-long! (alength data))
-      (write-bytes! data))))
-
-(defn read-obj!
-  [^DataInputStream input]
-  (l/trace :fn "read-obj!" :position @*position* ::l/sync? true)
-  (let [m (read-byte! input)]
-    (assert-mark m :obj)
-    (let [size (read-long! input)]
-      (assert (pos? size) "incorrect header size found on reading header")
-      (let [buff (byte-array size)]
-        (read-bytes! input buff)
-        (fres/decode buff)))))
-
-(defn write-label!
-  [^DataOutputStream output label]
-  (l/trace :fn "write-label!" :label label :position @*position* ::l/sync? true)
-  (doto output
-    (write-byte! (get-mark :label))
-    (write-obj! label)))
-
-(defn read-label!
-  [^DataInputStream input]
-  (l/trace :fn "read-label!" :position @*position* ::l/sync? true)
-  (let [m (read-byte! input)]
-    (assert-mark m :label)
-    (read-obj! input)))
-
-(defn write-header!
-  [^OutputStream output version]
-  (l/trace :fn "write-header!"
-           :version version
-           :position @*position*
-           ::l/sync? true)
-  (let [vers   (-> version name (subs 1) parse-long)
-        output (io/data-output-stream output)]
-    (doto output
-      (write-byte! (get-mark :header))
-      (write-long! penpot-magic-number)
-      (write-long! vers))))
-
-(defn read-header!
-  [^InputStream input]
-  (l/trace :fn "read-header!" :position @*position* ::l/sync? true)
-  (let [input (io/data-input-stream input)
-        mark  (read-byte! input)
-        mnum  (read-long! input)
-        vers  (read-long! input)]
-
-    (when (or (not= mark (get-mark :header))
-              (not= mnum penpot-magic-number))
-      (ex/raise :type :validation
-                :code :invalid-penpot-file
-                :hint "invalid penpot file"))
-
-    (keyword (str "v" vers))))
-
-(defn copy-stream!
-  [^OutputStream output ^InputStream input ^long size]
-  (let [written (io/copy! input output :size size)]
-    (l/trace :fn "copy-stream!" :position @*position* :size size :written written ::l/sync? true)
-    (swap! *position* + written)
-    written))
-
-(defn write-stream!
-  [^DataOutputStream output stream size]
-  (l/trace :fn "write-stream!" :position @*position* ::l/sync? true :size size)
-  (doto output
-    (write-byte! (get-mark :stream))
-    (write-long! size))
-
-  (copy-stream! output stream size))
-
-(defn read-stream!
-  [^DataInputStream input]
-  (l/trace :fn "read-stream!" :position @*position* ::l/sync? true)
-  (let [m (read-byte! input)
-        s (read-long! input)
-        p (tmp/tempfile :prefix "penpot.binfile.")]
-    (assert-mark m :stream)
-
-    (when (> s max-object-size)
-      (ex/raise :type :validation
-                :code :max-file-size-reached
-                :hint (str/ffmt "unable to import storage object with size % bytes" s)))
-
-    (if (> s temp-file-threshold)
-      (with-open [^OutputStream output (io/output-stream p)]
-        (let [readed (io/copy! input output :offset 0 :size s)]
-          (l/trace :fn "read-stream*!" :expected s :readed readed :position @*position* ::l/sync? true)
-          (swap! *position* + readed)
-          [s p]))
-      [s (io/read-as-bytes input :size s)])))
-
-(defmacro assert-read-label!
-  [input expected-label]
-  `(let [readed# (read-label! ~input)
-         expected# ~expected-label]
-     (when (not= readed# expected#)
-       (ex/raise :type :validation
-                 :code :unexpected-label
-                 :hint (format "unexpected label found: %s, expected: %s" readed# expected#)))))
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; API
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-;; --- HELPERS
-
-(defn zstd-input-stream
-  ^InputStream
-  [input]
-  (ZstdInputStream. ^InputStream input))
-
-(defn zstd-output-stream
-  ^OutputStream
-  [output & {:keys [level] :or {level 0}}]
-  (ZstdOutputStream. ^OutputStream output (int level)))
-
-(defn- get-files
-  [cfg ids]
-  (db/run! cfg (fn [{:keys [::db/conn]}]
-                 (let [sql (str "SELECT id FROM file "
-                                " WHERE id = ANY(?) ")
-                       ids (db/create-array conn "uuid" ids)]
-                   (->> (db/exec! conn [sql ids])
-                        (into [] (map :id))
-                        (not-empty))))))
-
-;; --- EXPORT WRITER
-
-(defmulti write-export ::version)
-(defmulti write-section ::section)
-
-(defn write-export!
-  [{:keys [::include-libraries ::embed-assets] :as cfg}]
-  (when (and include-libraries embed-assets)
-    (throw (IllegalArgumentException.
-            "the `include-libraries` and `embed-assets` are mutally excluding options")))
-
-  (write-export cfg))
-
-(defmethod write-export :default
-  [{:keys [::output] :as options}]
-  (write-header! output :v1)
-  (pu/with-open [output (zstd-output-stream output :level 12)
-                 output (io/data-output-stream output)]
-    (binding [bfc/*state* (volatile! {})]
-      (run! (fn [section]
-              (l/dbg :hint "write section" :section section ::l/sync? true)
-              (write-label! output section)
-              (let [options (-> options
-                                (assoc ::output output)
-                                (assoc ::section section))]
-                (binding [bfc/*options* options]
-                  (write-section options))))
-
-            [:v1/metadata :v1/files :v1/rels :v1/sobjects]))))
-
-(defmethod write-section :v1/metadata
-  [{:keys [::output ::ids ::include-libraries] :as cfg}]
-  (if-let [fids (get-files cfg ids)]
-    (let [lids (when include-libraries
-                 (bfc/get-libraries cfg ids))
-          ids  (into fids lids)]
-      (write-obj! output {:version cf/version :files ids})
-      (vswap! bfc/*state* assoc :files ids))
-    (ex/raise :type :not-found
-              :code :files-not-found
-              :hint "unable to retrieve files for export")))
-
-(defmethod write-section :v1/files
-  [{:keys [::output ::embed-assets ::include-libraries] :as cfg}]
-
-  ;; Initialize SIDS with empty vector
-  (vswap! bfc/*state* assoc :sids [])
-
-  (doseq [file-id (-> bfc/*state* deref :files)]
-    (let [detach?    (and (not embed-assets) (not include-libraries))
-          thumbnails (->> (bfc/get-file-object-thumbnails cfg file-id)
-                          (mapv #(dissoc % :file-id)))
-
-          file       (cond-> (bfc/get-file cfg file-id)
-                       detach?
-                       (-> (ctf/detach-external-references file-id)
-                           (dissoc :libraries))
-
-                       embed-assets
-                       (update :data #(bfc/embed-assets cfg % file-id))
-
-                       :always
-                       (assoc :thumbnails thumbnails))
-
-          media      (bfc/get-file-media cfg file)]
-
-      (l/dbg :hint "write penpot file"
-             :id (str file-id)
-             :name (:name file)
-             :thumbnails (count thumbnails)
-             :features (:features file)
-             :media (count media)
-             ::l/sync? true)
-
-      (doseq [item media]
-        (l/dbg :hint "write penpot file media object" :id (:id item) ::l/sync? true))
-
-      (doseq [item thumbnails]
-        (l/dbg :hint "write penpot file object thumbnail" :media-id (str (:media-id item)) ::l/sync? true))
-
-      (doto output
-        (write-obj! file)
-        (write-obj! media))
-
-      (vswap! bfc/*state* update :sids into bfc/xf-map-media-id media)
-      (vswap! bfc/*state* update :sids into bfc/xf-map-media-id thumbnails))))
-
-(defmethod write-section :v1/rels
-  [{:keys [::output ::include-libraries] :as cfg}]
-  (let [ids  (-> bfc/*state* deref :files set)
-        rels (when include-libraries
-               (bfc/get-files-rels cfg ids))]
-    (l/dbg :hint "found rels" :total (count rels) ::l/sync? true)
-    (write-obj! output rels)))
-
-(defmethod write-section :v1/sobjects
-  [{:keys [::sto/storage ::output]}]
-  (let [sids    (-> bfc/*state* deref :sids)
-        storage (media/configure-assets-storage storage)]
-
-    (l/dbg :hint "found sobjects"
-           :items (count sids)
-           ::l/sync? true)
-
-    ;; Write all collected storage objects
-    (write-obj! output sids)
-
-    (doseq [id sids]
-      (let [{:keys [size] :as obj} (sto/get-object storage id)]
-        (l/dbg :hint "write sobject" :id (str id) ::l/sync? true)
-
-        (doto output
-          (write-uuid! id)
-          (write-obj! (meta obj)))
-
-        (pu/with-open [stream (sto/get-object-data storage obj)]
-          (let [written (write-stream! output stream size)]
-            (when (not= written size)
-              (ex/raise :type :validation
-                        :code :mismatch-readed-size
-                        :hint (str/ffmt "found unexpected object size; size=% written=%" size written)))))))))
-
-;; --- EXPORT READER
-
-(defmulti read-import ::version)
-(defmulti read-section ::section)
-
-(s/def ::profile-id ::us/uuid)
-(s/def ::project-id ::us/uuid)
-(s/def ::input io/input-stream?)
-(s/def ::overwrite? (s/nilable ::us/boolean))
-(s/def ::ignore-index-errors? (s/nilable ::us/boolean))
-
-;; FIXME: replace with schema
-(s/def ::read-import-options
-  (s/keys :req [::db/pool ::sto/storage ::project-id ::profile-id ::input]
-          :opt [::overwrite? ::ignore-index-errors?]))
-
-(defn read-import!
-  "Do the importation of the specified resource in penpot custom binary
-  format. There are some options for customize the importation
-  behavior:
-
-  `::bfc/overwrite`: if true, instead of creating new files and remapping id references,
-  it reuses all ids and updates existing objects; defaults to `false`."
-  [{:keys [::input ::bfc/timestamp] :or {timestamp (dt/now)} :as options}]
-
-  (dm/assert!
-   "expected input stream"
-   (io/input-stream? input))
-
-  (dm/assert!
-   "expected valid instant"
-   (dt/instant? timestamp))
-
-  (let [version (read-header! input)]
-    (read-import (assoc options ::version version ::bfc/timestamp timestamp))))
-
-(defn- read-import-v1
-  [{:keys [::db/conn ::project-id ::profile-id ::input] :as cfg}]
-  (db/exec-one! conn ["SET LOCAL idle_in_transaction_session_timeout = 0"])
-  (db/exec-one! conn ["SET CONSTRAINTS ALL DEFERRED"])
-
-  (pu/with-open [input (zstd-input-stream input)
-                 input (io/data-input-stream input)]
-    (binding [bfc/*state* (volatile! {:media [] :index {}})]
-      (let [team      (teams/get-team conn
-                                      :profile-id profile-id
-                                      :project-id project-id)
-
-            features  (cfeat/get-team-enabled-features cf/flags team)]
-
-        ;; Process all sections
-        (run! (fn [section]
-                (l/dbg :hint "reading section" :section section ::l/sync? true)
-                (assert-read-label! input section)
-                (let [options (-> cfg
-                                  (assoc ::bfc/features features)
-                                  (assoc ::section section)
-                                  (assoc ::input input))]
-                  (binding [bfc/*options* options]
-                    (events/tap :progress {:op :import :section section})
-                    (read-section options))))
-              [:v1/metadata :v1/files :v1/rels :v1/sobjects])
-
-        (bfc/apply-pending-migrations! cfg)
-
-        ;; Knowing that the ids of the created files are in index,
-        ;; just lookup them and return it as a set
-        (let [files (-> bfc/*state* deref :files)]
-          (into #{} (keep #(get-in @bfc/*state* [:index %])) files))))))
-
-(defmethod read-import :v1
-  [options]
-  (db/tx-run! options read-import-v1))
-
-(defmethod read-section :v1/metadata
-  [{:keys [::input]}]
-  (let [{:keys [version files]} (read-obj! input)]
-    (l/dbg :hint "metadata readed"
-           :version (:full version)
-           :files (mapv str files)
-           ::l/sync? true)
-    (vswap! bfc/*state* update :index bfc/update-index files)
-    (vswap! bfc/*state* assoc :version version :files files)))
-
-(defn- remap-thumbnails
-  [thumbnails file-id]
-  (mapv (fn [thumbnail]
-          (-> thumbnail
-              (assoc :file-id file-id)
-              (update :object-id #(str/replace-first % #"^(.*?)/" (str file-id "/")))))
-        thumbnails))
-
-(defn- clean-features
-  [file]
-  (update file :features (fn [features]
-                           (if (set? features)
-                             (-> features
-                                 (cfeat/migrate-legacy-features)
-                                 (set/difference cfeat/backend-only-features))
-                             #{}))))
-
-(defmethod read-section :v1/files
-  [{:keys [::db/conn ::input ::project-id ::bfc/overwrite ::name] :as system}]
-
-  (doseq [[idx expected-file-id] (d/enumerate (-> bfc/*state* deref :files))]
-    (let [file       (read-obj! input)
-          media      (read-obj! input)
-
-          file-id    (:id file)
-          file-id'   (bfc/lookup-index file-id)
-
-          file       (clean-features file)
-          thumbnails (:thumbnails file)]
-
-      (when (not= file-id expected-file-id)
-        (ex/raise :type :validation
-                  :code :inconsistent-penpot-file
-                  :found-id file-id
-                  :expected-id expected-file-id
-                  :hint "the penpot file seems corrupt, found unexpected uuid (file-id)"))
-
-      (l/dbg :hint "processing file"
-             :id (str file-id)
-             :features (:features file)
-             :version (-> file :data :version)
-             :media (count media)
-             :thumbnails (count thumbnails)
-             ::l/sync? true)
-
-      (when (seq thumbnails)
-        (let [thumbnails (remap-thumbnails thumbnails file-id')]
-          (l/dbg :hint "updated index with thumbnails" :total (count thumbnails) ::l/sync? true)
-          (vswap! bfc/*state* update :thumbnails bfc/into-vec thumbnails)))
-
-      (when (seq media)
-        ;; Update index with media
-        (l/dbg :hint "update index with media" :total (count media) ::l/sync? true)
-        (vswap! bfc/*state* update :index bfc/update-index (map :id media))
-
-        ;; Store file media for later insertion
-        (l/dbg :hint "update media references" ::l/sync? true)
-        (vswap! bfc/*state* update :media into (map #(update % :id bfc/lookup-index)) media))
-
-      (let [file (-> file
-                     (assoc :id file-id')
-                     (cond-> (and (= idx 0) (some? name))
-                       (assoc :name name))
-                     (assoc :project-id project-id)
-                     (dissoc :thumbnails)
-                     (bfc/process-file))]
-
-        ;; All features that are enabled and requires explicit migration are
-        ;; added to the state for a posterior migration step.
-        (doseq [feature (-> (::bfc/features system)
-                            (set/difference cfeat/no-migration-features)
-                            (set/difference (:features file)))]
-          (vswap! bfc/*state* update :pending-to-migrate (fnil conj []) [feature file-id']))
-
-        (l/dbg :hint "create file" :id (str file-id') ::l/sync? true)
-        (bfc/persist-file! system file)
-
-        (when overwrite
-          (db/delete! conn :file-thumbnail {:file-id file-id'}))
-
-        file-id'))))
-
-(defmethod read-section :v1/rels
-  [{:keys [::db/conn ::input ::bfc/timestamp]}]
-  (let [rels (read-obj! input)
-        ids  (into #{} (-> bfc/*state* deref :files))]
-    ;; Insert all file relations
-    (doseq [{:keys [library-file-id] :as rel} rels]
-      (let [rel (-> rel
-                    (assoc :synced-at timestamp)
-                    (update :file-id bfc/lookup-index)
-                    (update :library-file-id bfc/lookup-index))]
-
-        (if (contains? ids library-file-id)
-          (do
-            (l/dbg :hint "create file library link"
-                   :file-id (:file-id rel)
-                   :lib-id (:library-file-id rel)
-                   ::l/sync? true)
-            (db/insert! conn :file-library-rel rel))
-
-          (l/warn :hint "ignoring file library link"
-                  :file-id (:file-id rel)
-                  :lib-id (:library-file-id rel)
-                  ::l/sync? true))))))
-
-(defmethod read-section :v1/sobjects
-  [{:keys [::sto/storage ::db/conn ::input ::bfc/overwrite ::bfc/timestamp]}]
-  (let [storage (media/configure-assets-storage storage)
-        ids     (read-obj! input)
-        thumb?  (into #{} (map :media-id) (:thumbnails @bfc/*state*))]
-
-    (doseq [expected-storage-id ids]
-      (let [id    (read-uuid! input)
-            mdata (read-obj! input)]
-
-        (when (not= id expected-storage-id)
-          (ex/raise :type :validation
-                    :code :inconsistent-penpot-file
-                    :hint "the penpot file seems corrupt, found unexpected uuid (storage-object-id)"))
-
-        (l/dbg :hint "readed storage object" :id (str id) ::l/sync? true)
-
-        (let [[size resource] (read-stream! input)
-              hash            (sto/calculate-hash resource)
-              content         (-> (sto/content resource size)
-                                  (sto/wrap-with-hash hash))
-
-              params          (-> mdata
-                                  (assoc ::sto/content content)
-                                  (assoc ::sto/deduplicate? true)
-                                  (assoc ::sto/touched-at timestamp))
-
-              params          (if (thumb? id)
-                                (assoc params :bucket "file-object-thumbnail")
-                                (assoc params :bucket "file-media-object"))
-
-              sobject         (sto/put-object! storage params)]
-
-          (l/dbg :hint "persisted storage object"
-                 :old-id (str id)
-                 :new-id (str (:id sobject))
-                 :is-thumbnail (boolean (thumb? id))
-                 ::l/sync? true)
-
-          (vswap! bfc/*state* update :index assoc id (:id sobject)))))
-
-    (doseq [item (:media @bfc/*state*)]
-      (l/dbg :hint "inserting file media object"
-             :id (str (:id item))
-             :file-id (str (:file-id item))
-             ::l/sync? true)
-
-      (let [file-id (bfc/lookup-index (:file-id item))]
-        (if (= file-id (:file-id item))
-          (l/warn :hint "ignoring file media object" :file-id (str file-id) ::l/sync? true)
-          (db/insert! conn :file-media-object
-                      (-> item
-                          (assoc :file-id file-id)
-                          (d/update-when :media-id bfc/lookup-index)
-                          (d/update-when :thumbnail-id bfc/lookup-index))
-                      {::db/on-conflict-do-nothing? overwrite}))))
-
-    (doseq [item (:thumbnails @bfc/*state*)]
-      (let [item (update item :media-id bfc/lookup-index)]
-        (l/dbg :hint "inserting file object thumbnail"
-               :file-id (str (:file-id item))
-               :media-id (str (:media-id item))
-               :object-id (:object-id item)
-               ::l/sync? true)
-        (db/insert! conn :file-tagged-object-thumbnail item
-                    {::db/on-conflict-do-nothing? overwrite})))))
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; HIGH LEVEL API
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-(defn export-files!
-  "Do the exportation of a specified file in custom penpot binary
-  format. There are some options available for customize the output:
-
-  `::include-libraries`: additionally to the specified file, all the
-  linked libraries also will be included (including transitive
-  dependencies).
-
-  `::embed-assets`: instead of including the libraries, embed in the
-  same file library all assets used from external libraries."
-
-  [{:keys [::ids] :as cfg} output]
-
-  (dm/assert!
-   "expected a set of uuid's for `::ids` parameter"
-   (and (set? ids)
-        (every? uuid? ids)))
-
-  (dm/assert!
-   "expected instance of jio/IOFactory for `input`"
-   (satisfies? jio/IOFactory output))
-
-  (let [id (uuid/next)
-        tp (dt/tpoint)
-        ab (volatile! false)
-        cs (volatile! nil)]
-    (try
-      (l/info :hint "start exportation" :export-id (str id))
-      (pu/with-open [output (io/output-stream output)]
-        (binding [*position* (atom 0)]
-          (write-export! (assoc cfg ::output output))))
-
-      (catch java.io.IOException _cause
-        ;; Do nothing, EOF means client closes connection abruptly
-        (vreset! ab true)
-        nil)
-
-      (catch Throwable cause
-        (vreset! cs cause)
-        (vreset! ab true)
-        (throw cause))
-
-      (finally
-        (l/info :hint "exportation finished" :export-id (str id)
-                :elapsed (str (inst-ms (tp)) "ms")
-                :aborted @ab
-                :cause @cs)))))
-
-(defn import-files!
-  [cfg input]
-
-  (dm/assert!
-   "expected valid profile-id and project-id on `cfg`"
-   (and (uuid? (::profile-id cfg))
-        (uuid? (::project-id cfg))))
-
-  (dm/assert!
-   "expected instance of jio/IOFactory for `input`"
-   (satisfies? jio/IOFactory input))
-
-  (let [id (uuid/next)
-        tp (dt/tpoint)
-        cs (volatile! nil)]
-
-    (l/info :hint "import: started" :id (str id))
-    (try
-      (binding [*position* (atom 0)]
-        (pu/with-open [input (io/input-stream input)]
-          (read-import! (assoc cfg ::input input))))
-
-      (catch ZstdIOException cause
-        (ex/raise :type :validation
-                  :code :invalid-penpot-file
-                  :hint "invalid penpot file received: probably truncated"
-                  :cause cause))
-
-      (catch Throwable cause
-        (vreset! cs cause)
-        (throw cause))
-
-      (finally
-        (l/info :hint "import: terminated"
-                :id (str id)
-                :elapsed (dt/format-duration (tp))
-                :error? (some? @cs))))))
-

backend/src/app/binfile/v2.clj

@@ -1,442 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.binfile.v2
-  "A sqlite3 based binary file exportation with support for exportation
-  of entire team (or multiple teams) at once."
-  (:refer-clojure :exclude [read])
-  (:require
-   [app.binfile.common :as bfc]
-   [app.common.data :as d]
-   [app.common.features :as cfeat]
-   [app.common.logging :as l]
-   [app.common.transit :as t]
-   [app.common.uuid :as uuid]
-   [app.config :as cf]
-   [app.db :as db]
-   [app.db.sql :as sql]
-   [app.loggers.audit :as-alias audit]
-   [app.loggers.webhooks :as-alias webhooks]
-   [app.media :as media]
-   [app.storage :as sto]
-   [app.storage.tmp :as tmp]
-   [app.util.events :as events]
-   [app.util.time :as dt]
-   [app.worker :as-alias wrk]
-   [clojure.set :as set]
-   [cuerdas.core :as str]
-   [datoteka.io :as io]
-   [promesa.util :as pu])
-  (:import
-   java.sql.DriverManager))
-
-(set! *warn-on-reflection* true)
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; LOW LEVEL API
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-(defn- create-database
-  ([cfg]
-   (let [path (tmp/tempfile :prefix "penpot.binfile." :suffix ".sqlite")]
-     (create-database cfg path)))
-  ([cfg path]
-   (let [db (DriverManager/getConnection (str "jdbc:sqlite:" path))]
-     (assoc cfg ::db db ::path path))))
-
-(def ^:private
-  sql:create-kvdata-table
-  "CREATE TABLE kvdata (
-     tag text NOT NULL,
-     key text NOT NULL,
-     val text NOT NULL,
-     dat blob NULL
-   )")
-
-(def ^:private
-  sql:create-kvdata-index
-  "CREATE INDEX kvdata__tag_key__idx
-      ON kvdata (tag, key)")
-
-(defn- setup-schema!
-  [{:keys [::db]}]
-  (db/exec-one! db [sql:create-kvdata-table])
-  (db/exec-one! db [sql:create-kvdata-index]))
-
-(defn- write!
-  [{:keys [::db]} tag k v & [data]]
-  (db/insert! db :kvdata
-              {:tag (d/name tag)
-               :key (str k)
-               :val (t/encode-str v {:type :json-verbose})
-               :dat data}
-              {::db/return-keys false}))
-
-(defn- read-blob
-  [{:keys [::db]} tag k]
-  (let [obj (db/get db :kvdata
-                    {:tag (d/name tag)
-                     :key (str k)}
-                    {::sql/columns [:dat]})]
-    (:dat obj)))
-
-(defn- read-seq
-  ([{:keys [::db]} tag]
-   (->> (db/query db :kvdata
-                  {:tag (d/name tag)}
-                  {::sql/columns [::val]})
-        (map :val)
-        (map t/decode-str)))
-  ([{:keys [::db]} tag k]
-   (->> (db/query db :kvdata
-                  {:tag (d/name tag)
-                   :key (str k)}
-                  {::sql/columns [::val]})
-        (map :val)
-        (map t/decode-str))))
-
-(defn- read-obj
-  [{:keys [::db]} tag k]
-  (let [obj (db/get db :kvdata
-                    {:tag (d/name tag)
-                     :key (str k)}
-                    {::sql/columns [:val]})]
-    (-> obj :val t/decode-str)))
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; IMPORT/EXPORT IMPL
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-(declare ^:private write-project!)
-(declare ^:private write-file!)
-
-(defn- write-team!
-  [cfg team-id]
-
-  (let [team  (bfc/get-team cfg team-id)
-        fonts (bfc/get-fonts cfg team-id)]
-
-    (events/tap :progress
-                {:op :export
-                 :section :write-team
-                 :id team-id
-                 :name (:name team)})
-
-    (l/trc :hint "write" :obj "team"
-           :id (str team-id)
-           :fonts (count fonts))
-
-    (when-let [photo-id (:photo-id team)]
-      (vswap! bfc/*state* update :storage-objects conj photo-id))
-
-    (vswap! bfc/*state* update :teams conj team-id)
-    (vswap! bfc/*state* bfc/collect-storage-objects fonts)
-
-    (write! cfg :team team-id team)
-
-    (doseq [{:keys [id] :as font} fonts]
-      (vswap! bfc/*state* update :team-font-variants conj id)
-      (write! cfg :team-font-variant id font))))
-
-(defn- write-project!
-  [cfg project-id]
-  (let [project (bfc/get-project cfg project-id)]
-    (events/tap :progress
-                {:op :export
-                 :section :write-project
-                 :id project-id
-                 :name (:name project)})
-    (l/trc :hint "write" :obj "project" :id (str project-id))
-    (write! cfg :project (str project-id) project)
-    (vswap! bfc/*state* update :projects conj project-id)))
-
-(defn- write-file!
-  [cfg file-id]
-  (let [file   (bfc/get-file cfg file-id)
-        thumbs (bfc/get-file-object-thumbnails cfg file-id)
-        media  (bfc/get-file-media cfg file)
-        rels   (bfc/get-files-rels cfg #{file-id})]
-
-    (events/tap :progress
-                {:op :export
-                 :section :write-file
-                 :id file-id
-                 :name (:name file)})
-
-    (vswap! bfc/*state* (fn [state]
-                          (-> state
-                              (update :files conj file-id)
-                              (update :file-media-objects into bfc/xf-map-id media)
-                              (bfc/collect-storage-objects thumbs)
-                              (bfc/collect-storage-objects media))))
-
-    (write! cfg :file file-id file)
-    (write! cfg :file-rels file-id rels)
-
-    (run! (partial write! cfg :file-media-object file-id) media)
-    (run! (partial write! cfg :file-object-thumbnail file-id) thumbs)
-
-    (when-let [thumb (bfc/get-file-thumbnail cfg file)]
-      (vswap! bfc/*state* bfc/collect-storage-objects [thumb])
-      (write! cfg :file-thumbnail file-id thumb))
-
-    (l/trc :hint "write" :obj "file"
-           :thumbnails (count thumbs)
-           :rels (count rels)
-           :media (count media))))
-
-(defn- write-storage-object!
-  [{:keys [::sto/storage] :as cfg} id]
-  (let [sobj (sto/get-object storage id)
-        data (with-open [input (sto/get-object-data storage sobj)]
-               (io/read-as-bytes input))]
-
-    (l/trc :hint "write" :obj "storage-object" :id (str id) :size (:size sobj))
-    (write! cfg :storage-object id (meta sobj) data)))
-
-(defn- read-storage-object!
-  [{:keys [::sto/storage ::bfc/timestamp] :as cfg} id]
-  (let [mdata   (read-obj cfg :storage-object id)
-        data    (read-blob cfg :storage-object id)
-        hash    (sto/calculate-hash data)
-
-        content (-> (sto/content data)
-                    (sto/wrap-with-hash hash))
-
-        params  (-> mdata
-                    (assoc ::sto/content content)
-                    (assoc ::sto/deduplicate? true)
-                    (assoc ::sto/touched-at timestamp))
-
-        sobject  (sto/put-object! storage params)]
-
-    (vswap! bfc/*state* update :index assoc id (:id sobject))
-
-    (l/trc :hint "read" :obj "storage-object"
-           :id (str id)
-           :new-id (str (:id sobject))
-           :size (:size sobject))))
-
-(defn read-team!
-  [{:keys [::db/conn ::bfc/timestamp] :as cfg} team-id]
-  (l/trc :hint "read" :obj "team" :id (str team-id))
-
-  (let [team (read-obj cfg :team team-id)
-        team (-> team
-                 (update :id bfc/lookup-index)
-                 (update :photo-id bfc/lookup-index)
-                 (assoc :created-at timestamp)
-                 (assoc :modified-at timestamp))]
-
-    (events/tap :progress
-                {:op :import
-                 :section :read-team
-                 :id team-id
-                 :name (:name team)})
-
-    (db/insert! conn :team
-                (update team :features db/encode-pgarray conn "text")
-                ::db/return-keys false)
-
-    (doseq [font (->> (read-seq cfg :team-font-variant)
-                      (filter #(= team-id (:team-id %))))]
-      (let [font (-> font
-                     (update :id bfc/lookup-index)
-                     (update :team-id bfc/lookup-index)
-                     (update :woff1-file-id bfc/lookup-index)
-                     (update :woff2-file-id bfc/lookup-index)
-                     (update :ttf-file-id bfc/lookup-index)
-                     (update :otf-file-id bfc/lookup-index)
-                     (assoc :created-at timestamp)
-                     (assoc :modified-at timestamp))]
-        (db/insert! conn :team-font-variant font
-                    ::db/return-keys false)))
-
-    team))
-
-(defn read-project!
-  [{:keys [::db/conn ::bfc/timestamp] :as cfg} project-id]
-  (l/trc :hint "read" :obj "project" :id (str project-id))
-
-  (let [project (read-obj cfg :project project-id)
-        project (-> project
-                    (update :id bfc/lookup-index)
-                    (update :team-id bfc/lookup-index)
-                    (assoc :created-at timestamp)
-                    (assoc :modified-at timestamp))]
-
-    (events/tap :progress
-                {:op :import
-                 :section :read-project
-                 :id project-id
-                 :name (:name project)})
-
-    (db/insert! conn :project project
-                ::db/return-keys false)))
-
-(defn read-file!
-  [{:keys [::db/conn ::bfc/timestamp] :as cfg} file-id]
-  (l/trc :hint "read" :obj "file" :id (str file-id))
-
-  (let [file (-> (read-obj cfg :file file-id)
-                 (update :id bfc/lookup-index)
-                 (update :project-id bfc/lookup-index)
-                 (bfc/process-file))]
-
-    (events/tap :progress
-                {:op :import
-                 :section :read-file
-                 :id file-id
-                 :name (:name file)})
-
-    ;; All features that are enabled and requires explicit migration are
-    ;; added to the state for a posterior migration step.
-    (doseq [feature (-> (::bfc/features cfg)
-                        (set/difference cfeat/no-migration-features)
-                        (set/difference (:features file)))]
-      (vswap! bfc/*state* update :pending-to-migrate (fnil conj []) [feature (:id file)]))
-
-    (bfc/persist-file! cfg file))
-
-  (doseq [thumbnail (read-seq cfg :file-object-thumbnail file-id)]
-    (let [thumbnail (-> thumbnail
-                        (update :file-id bfc/lookup-index)
-                        (update :media-id bfc/lookup-index))
-          file-id    (:file-id thumbnail)
-
-          thumbnail (update thumbnail :object-id
-                            #(str/replace-first % #"^(.*?)/" (str file-id "/")))]
-
-      (db/insert! conn :file-tagged-object-thumbnail thumbnail
-                  {::db/return-keys false})))
-
-  (doseq [rel (read-obj cfg :file-rels file-id)]
-    (let [rel (-> rel
-                  (update :file-id bfc/lookup-index)
-                  (update :library-file-id bfc/lookup-index)
-                  (assoc :synced-at timestamp))]
-      (db/insert! conn :file-library-rel rel
-                  ::db/return-keys false)))
-
-  (doseq [media (read-seq cfg :file-media-object file-id)]
-    (let [media (-> media
-                    (update :id bfc/lookup-index)
-                    (update :file-id bfc/lookup-index)
-                    (update :media-id bfc/lookup-index)
-                    (update :thumbnail-id bfc/lookup-index))]
-      (db/insert! conn :file-media-object media
-                  ::db/return-keys false
-                  ::sql/on-conflict-do-nothing true))))
-
-(def ^:private empty-summary
-  {:teams #{}
-   :files #{}
-   :projects #{}
-   :file-media-objects #{}
-   :team-font-variants #{}
-   :storage-objects #{}})
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; PUBLIC API
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-(defn export-team!
-  [cfg team-id]
-  (let [id  (uuid/next)
-        tp  (dt/tpoint)
-
-        cfg (-> (create-database cfg)
-                (update ::sto/storage media/configure-assets-storage))]
-
-    (l/inf :hint "start"
-           :operation "export"
-           :id (str id)
-           :path (str (::path cfg)))
-
-    (try
-      (db/tx-run! cfg (fn [cfg]
-                        (setup-schema! cfg)
-                        (binding [bfc/*state* (volatile! empty-summary)]
-                          (write-team! cfg team-id)
-
-                          (run! (partial write-project! cfg)
-                                (bfc/get-team-projects cfg team-id))
-
-                          (run! (partial write-file! cfg)
-                                (bfc/get-team-files cfg team-id))
-
-                          (run! (partial write-storage-object! cfg)
-                                (-> bfc/*state* deref :storage-objects))
-
-                          (write! cfg :manifest "team-id" team-id)
-                          (write! cfg :manifest "objects" (deref bfc/*state*))
-
-                          (::path cfg))))
-      (finally
-        (pu/close! (::db cfg))
-
-        (let [elapsed (tp)]
-          (l/inf :hint "end"
-                 :operation "export"
-                 :id (str id)
-                 :elapsed (dt/format-duration elapsed)))))))
-
-(defn import-team!
-  [cfg path]
-  (let [id  (uuid/next)
-        tp  (dt/tpoint)
-
-        cfg (-> (create-database cfg path)
-                (update ::sto/storage media/configure-assets-storage)
-                (assoc ::bfc/timestamp (dt/now)))]
-
-    (l/inf :hint "start"
-           :operation "import"
-           :id (str id)
-           :path (str (::path cfg)))
-
-    (try
-      (db/tx-run! cfg (fn [{:keys [::db/conn] :as cfg}]
-                        (db/exec-one! conn ["SET idle_in_transaction_session_timeout = 0"])
-                        (db/exec-one! conn ["SET CONSTRAINTS ALL DEFERRED"])
-
-                        (binding [bfc/*state* (volatile! {:index {}})]
-                          (let [objects (read-obj cfg :manifest "objects")]
-
-                            ;; We first process all storage objects, they have
-                            ;; deduplication so we can't rely on simple reindex. This
-                            ;; operation populates the index for all storage objects.
-                            (run! (partial read-storage-object! cfg) (:storage-objects objects))
-
-                            ;; Populate index with all the incoming objects
-                            (vswap! bfc/*state* update :index
-                                    (fn [index]
-                                      (-> index
-                                          (bfc/update-index (:teams objects))
-                                          (bfc/update-index (:projects objects))
-                                          (bfc/update-index (:files objects))
-                                          (bfc/update-index (:file-media-objects objects))
-                                          (bfc/update-index (:team-font-variants objects)))))
-
-                            (let [team-id  (read-obj cfg :manifest "team-id")
-                                  team     (read-team! cfg team-id)
-                                  features (cfeat/get-team-enabled-features cf/flags team)
-                                  cfg      (assoc cfg ::bfc/features features)]
-
-                              (run! (partial read-project! cfg) (:projects objects))
-                              (run! (partial read-file! cfg) (:files objects))
-
-                              ;; (run-pending-migrations! cfg)
-
-                              team)))))
-      (finally
-        (pu/close! (::db cfg))
-
-        (let [elapsed (tp)]
-          (l/inf :hint "end"
-                 :operation "import"
-                 :id (str id)
-                 :elapsed (dt/format-duration elapsed)))))))

backend/src/app/cli/manage.clj

@@ -0,0 +1,169 @@
+;; This Source Code Form is subject to the terms of the Mozilla Public
+;; License, v. 2.0. If a copy of the MPL was not distributed with this
+;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;;
+;; Copyright (c) KALEIDOS INC
+
+(ns app.cli.manage
+  "A manage cli api."
+  (:require
+   [app.common.logging :as l]
+   [app.db :as db]
+   [app.main :as main]
+   [app.rpc.commands.auth :as auth]
+   [app.rpc.commands.profile :as profile]
+   [clojure.string :as str]
+   [clojure.tools.cli :refer [parse-opts]]
+   [integrant.core :as ig])
+  (:import
+   java.io.Console))
+
+;; --- IMPL
+
+(defn init-system
+  []
+  (let [data (-> main/system-config
+                 (select-keys [:app.db/pool :app.metrics/metrics])
+                 (assoc :app.migrations/all {}))]
+    (-> data ig/prep ig/init)))
+
+(defn- read-from-console
+  [{:keys [label type] :or {type :text}}]
+  (let [^Console console (System/console)]
+    (when-not console
+      (l/error :hint "no console found, can proceed")
+      (System/exit 1))
+
+    (binding [*out* (.writer console)]
+      (print label " ")
+      (.flush *out*))
+
+    (case type
+      :text (.readLine console)
+      :password (String. (.readPassword console)))))
+
+(defn create-profile
+  [options]
+  (let [system   (init-system)
+        email    (or (:email options)
+                     (read-from-console {:label "Email:"}))
+        fullname (or (:fullname options)
+                     (read-from-console {:label "Full Name:"}))
+        password (or (:password options)
+                     (read-from-console {:label "Password:"
+                                         :type :password}))]
+    (try
+      (db/with-atomic [conn (:app.db/pool system)]
+        (->> (auth/create-profile! conn
+                                  {:fullname fullname
+                                   :email email
+                                   :password password
+                                   :is-active true
+                                   :is-demo false})
+             (auth/create-profile-rels! conn)))
+
+      (when (pos? (:verbosity options))
+        (println "User created successfully."))
+
+      (System/exit 0)
+
+      (catch Exception _e
+        (when (pos? (:verbosity options))
+          (println "Unable to create user, already exists."))
+        (System/exit 1)))))
+
+(defn reset-password
+  [options]
+  (let [system (init-system)]
+    (try
+      (db/with-atomic [conn (:app.db/pool system)]
+        (let [email    (or (:email options)
+                           (read-from-console {:label "Email:"}))
+              profile  (profile/get-profile-by-email conn email)]
+          (when-not profile
+            (when (pos? (:verbosity options))
+              (println "Profile does not exists."))
+            (System/exit 1))
+
+          (let [password (or (:password options)
+                             (read-from-console {:label "Password:"
+                                                 :type :password}))]
+            (profile/update-profile-password! conn (assoc profile :password password))
+            (when (pos? (:verbosity options))
+              (println "Password changed successfully.")))))
+      (System/exit 0)
+      (catch Exception e
+        (when (pos? (:verbosity options))
+          (println "Unable to change password."))
+        (when (= 2 (:verbosity options))
+          (.printStackTrace e))
+        (System/exit 1)))))
+
+;; --- CLI PARSE
+
+(def cli-options
+  ;; An option with a required argument
+  [["-u" "--email EMAIL" "Email Address"]
+   ["-p" "--password PASSWORD" "Password"]
+   ["-n" "--name FULLNAME" "Full Name"
+    :id :fullname]
+   ["-v" nil "Verbosity level"
+    :id :verbosity
+    :default 1
+    :update-fn inc]
+   ["-q" nil "Don't print to console"
+    :id :verbosity
+    :update-fn (constantly 0)]
+   ["-h" "--help"]])
+
+(defn usage
+  [options-summary]
+  (->> ["Penpot CLI management."
+        ""
+        "Usage: manage [options] action"
+        ""
+        "Options:"
+        options-summary
+        ""
+        "Actions:"
+        "  create-profile    Create new profile."
+        "  reset-password    Reset profile password."
+        ""]
+       (str/join \newline)))
+
+(defn error-msg [errors]
+  (str "The following errors occurred while parsing your command:\n\n"
+       (str/join \newline errors)))
+
+(defn validate-args
+  "Validate command line arguments. Either return a map indicating the program
+  should exit (with a error message, and optional ok status), or a map
+  indicating the action the program should take and the options provided."
+  [args]
+  (let [{:keys [options arguments errors summary] :as opts} (parse-opts args cli-options)]
+    (cond
+      (:help options) ; help => exit OK with usage summary
+      {:exit-message (usage summary) :ok? true}
+
+      errors ; errors => exit with description of errors
+      {:exit-message (error-msg errors)}
+
+      ;; custom validation on arguments
+      :else
+      (let [action (first arguments)]
+        (if (#{"create-profile" "reset-password"} action)
+          {:action (first arguments) :options options}
+          {:exit-message (usage summary)})))))
+
+(defn exit [status msg]
+  (println msg)
+  (System/exit status))
+
+(defn -main
+  [& args]
+  (let [{:keys [action options exit-message ok?]} (validate-args args)]
+    (if exit-message
+      (exit (if ok? 0 1) exit-message)
+      (case action
+        "create-profile" (create-profile options)
+        "reset-password" (reset-password options)))))

backend/src/app/config.clj

@@ -79,18 +79,13 @@
 
    :telemetry-uri "https://telemetry.penpot.app/"
 
-   :media-max-file-size (* 1024 1024 30) ; 30MiB
-
    :ldap-user-query "(|(uid=:username)(mail=:username))"
    :ldap-attrs-username "uid"
    :ldap-attrs-email "mail"
    :ldap-attrs-fullname "cn"
 
    ;; a server prop key where initial project is stored.
-   :initial-project-skey "initial-project"
-
-   ;; time to avoid email sending after profile modification
-   :email-verify-threshold "15m"})
+   :initial-project-skey "initial-project"})
 
 (s/def ::default-rpc-rlimit ::us/vector-of-strings)
 (s/def ::rpc-rlimit-config ::fs/path)
@@ -104,11 +99,6 @@
 (s/def ::audit-log-archive-uri ::us/string)
 (s/def ::audit-log-http-handler-concurrency ::us/integer)
 
-(s/def ::email-domain-blacklist ::fs/path)
-(s/def ::email-domain-whitelist ::fs/path)
-
-(s/def ::deletion-delay ::dt/duration)
-
 (s/def ::admins ::us/set-of-valid-emails)
 (s/def ::file-change-snapshot-every ::us/integer)
 (s/def ::file-change-snapshot-timeout ::dt/duration)
@@ -119,7 +109,8 @@
 (s/def ::worker-default-parallelism ::us/integer)
 (s/def ::worker-webhook-parallelism ::us/integer)
 
-(s/def ::auth-data-cookie-domain ::us/string)
+(s/def ::authenticated-cookie-domain ::us/string)
+(s/def ::authenticated-cookie-name ::us/string)
 (s/def ::auth-token-cookie-name ::us/string)
 (s/def ::auth-token-cookie-max-age ::dt/duration)
 
@@ -155,18 +146,16 @@
 (s/def ::google-client-id ::us/string)
 (s/def ::google-client-secret ::us/string)
 (s/def ::oidc-client-id ::us/string)
-(s/def ::oidc-user-info-source ::us/keyword)
 (s/def ::oidc-client-secret ::us/string)
 (s/def ::oidc-base-uri ::us/string)
 (s/def ::oidc-token-uri ::us/string)
 (s/def ::oidc-auth-uri ::us/string)
 (s/def ::oidc-user-uri ::us/string)
-(s/def ::oidc-jwks-uri ::us/string)
 (s/def ::oidc-scopes ::us/set-of-strings)
 (s/def ::oidc-roles ::us/set-of-strings)
-(s/def ::oidc-roles-attr ::us/string)
-(s/def ::oidc-email-attr ::us/string)
-(s/def ::oidc-name-attr ::us/string)
+(s/def ::oidc-roles-attr ::us/keyword)
+(s/def ::oidc-email-attr ::us/keyword)
+(s/def ::oidc-name-attr ::us/keyword)
 (s/def ::host ::us/string)
 (s/def ::http-server-port ::us/integer)
 (s/def ::http-server-host ::us/string)
@@ -212,22 +201,20 @@
 (s/def ::storage-assets-s3-bucket ::us/string)
 (s/def ::storage-assets-s3-region ::us/keyword)
 (s/def ::storage-assets-s3-endpoint ::us/string)
-(s/def ::storage-assets-s3-io-threads ::us/integer)
 (s/def ::telemetry-uri ::us/string)
 (s/def ::telemetry-with-taiga ::us/boolean)
 (s/def ::tenant ::us/string)
-(s/def ::email-verify-threshold ::dt/duration)
 
 (s/def ::config
   (s/keys :opt-un [::secret-key
                    ::flags
                    ::admins
-                   ::deletion-delay
                    ::allow-demo-users
                    ::audit-log-archive-uri
                    ::audit-log-http-handler-concurrency
                    ::auth-token-cookie-name
                    ::auth-token-cookie-max-age
+                   ::authenticated-cookie-name
                    ::authenticated-cookie-domain
                    ::database-password
                    ::database-uri
@@ -237,8 +224,6 @@
                    ::database-max-pool-size
                    ::default-blob-version
                    ::default-rpc-rlimit
-                   ::email-domain-blacklist
-                   ::email-domain-whitelist
                    ::error-report-webhook
                    ::default-executor-parallelism
                    ::scheduled-executor-parallelism
@@ -256,12 +241,10 @@
                    ::google-client-secret
                    ::oidc-client-id
                    ::oidc-client-secret
-                   ::oidc-user-info-source
                    ::oidc-base-uri
                    ::oidc-token-uri
                    ::oidc-auth-uri
                    ::oidc-user-uri
-                   ::oidc-jwks-uri
                    ::oidc-scopes
                    ::oidc-roles-attr
                    ::oidc-email-attr
@@ -307,7 +290,6 @@
                    ::redis-uri
                    ::registration-domain-whitelist
                    ::rpc-rlimit-config
-                   ::rpc-climit-config
 
                    ::semaphore-process-font
                    ::semaphore-process-image
@@ -333,21 +315,17 @@
                    ::storage-assets-s3-bucket
                    ::storage-assets-s3-region
                    ::storage-assets-s3-endpoint
-                   ::storage-assets-s3-io-threads
                    ::telemetry-enabled
                    ::telemetry-uri
                    ::telemetry-referer
                    ::telemetry-with-taiga
-                   ::tenant
-                   ::email-verify-threshold]))
+                   ::tenant]))
 
 (def default-flags
   [:enable-backend-api-doc
-   :enable-backend-openapi-doc
    :enable-backend-worker
    :enable-secure-session-cookies
-   :enable-email-verification
-   :enable-v2-migration])
+   :enable-email-verification])
 
 (defn- parse-flags
   [config]
@@ -392,8 +370,7 @@
 (defonce ^:dynamic flags (parse-flags config))
 
 (def deletion-delay
-  (or (c/get config :deletion-delay)
-      (dt/duration {:days 7})))
+  (dt/duration {:days 7}))
 
 (defn get
   "A configuration getter. Helps code be more testable."

backend/src/app/db.clj

@@ -5,7 +5,7 @@
 ;; Copyright (c) KALEIDOS INC
 
 (ns app.db
-  (:refer-clojure :exclude [get run!])
+  (:refer-clojure :exclude [get])
   (:require
    [app.common.data :as d]
    [app.common.exceptions :as ex]
@@ -19,7 +19,6 @@
    [app.util.json :as json]
    [app.util.time :as dt]
    [clojure.java.io :as io]
-   [clojure.set :as set]
    [clojure.spec.alpha :as s]
    [integrant.core :as ig]
    [next.jdbc :as jdbc]
@@ -98,7 +97,7 @@
             :with-credentials (and (contains? cfg ::username)
                                    (contains? cfg ::password))
             :min-size (::min-size cfg)
-            :max-size (::max-size cfg))
+          :max-size (::max-size cfg))
     (create-pool cfg)))
 
 (defmethod ig/halt-key! ::pool
@@ -146,10 +145,6 @@
   [v]
   (instance? javax.sql.DataSource v))
 
-(defn connection?
-  [conn]
-  (instance? Connection conn))
-
 (s/def ::conn some?)
 (s/def ::nilable-pool (s/nilable ::pool))
 (s/def ::pool pool?)
@@ -160,18 +155,8 @@
   (.isClosed ^HikariDataSource pool))
 
 (defn read-only?
-  [pool-or-conn]
-  (cond
-    (instance? HikariDataSource pool-or-conn)
-    (.isReadOnly ^HikariDataSource pool-or-conn)
-
-    (instance? Connection pool-or-conn)
-    (.isReadOnly ^Connection pool-or-conn)
-
-    :else
-    (ex/raise :type :internal
-              :code :invalid-connection
-              :hint "invalid connection provided")))
+  [pool]
+  (.isReadOnly ^HikariDataSource pool))
 
 (defn create-pool
   [cfg]
@@ -223,164 +208,52 @@
 
 (defmacro with-atomic
   [& args]
-  (if (symbol? (first args))
-    (let [cfgs (first args)
-          body (rest args)]
-      `(jdbc/with-transaction [conn# (::pool ~cfgs)]
-         (let [~cfgs (assoc ~cfgs ::conn conn#)]
-           ~@body)))
-    `(jdbc/with-transaction ~@args)))
+  `(jdbc/with-transaction ~@args))
 
 (defn open
-  [system-or-pool]
-  (if (pool? system-or-pool)
-    (jdbc/get-connection system-or-pool)
-    (if (map? system-or-pool)
-      (open (::pool system-or-pool))
-      (throw (IllegalArgumentException. "unable to resolve connection pool")))))
-
-(defn get-update-count
-  [result]
-  (:next.jdbc/update-count result))
-
-(defn get-connection
-  [cfg-or-conn]
-  (if (connection? cfg-or-conn)
-    cfg-or-conn
-    (if (map? cfg-or-conn)
-      (get-connection (::conn cfg-or-conn))
-      (throw (IllegalArgumentException. "unable to resolve connection")))))
-
-(defn connection-map?
-  "Check if the provided value is a map like data structure that
-  contains a database connection."
-  [o]
-  (and (map? o) (connection? (::conn o))))
-
-(defn get-connectable
-  "Resolve to a connection or connection pool instance; if it is not
-  possible, raises an exception"
-  [o]
-  (cond
-    (connection? o) o
-    (pool? o)       o
-    (map? o)        (get-connectable (or (::conn o) (::pool o)))
-    :else           (throw (IllegalArgumentException. "unable to resolve connectable"))))
-
-(def ^:private params-mapping
-  {::return-keys? :return-keys
-   ::return-keys :return-keys})
-
-(defn rename-opts
-  [opts]
-  (set/rename-keys opts params-mapping))
-
-(def ^:private default-insert-opts
-  {:builder-fn sql/as-kebab-maps
-   :return-keys true})
+  [pool]
+  (jdbc/get-connection pool))
 
 (def ^:private default-opts
   {:builder-fn sql/as-kebab-maps})
 
 (defn exec!
-  ([ds sv] (exec! ds sv nil))
+  ([ds sv]
+   (jdbc/execute! ds sv default-opts))
   ([ds sv opts]
-   (let [conn (get-connectable ds)
-         opts (if (empty? opts)
-                default-opts
-                (into default-opts (rename-opts opts)))]
-     (jdbc/execute! conn sv opts))))
+   (jdbc/execute! ds sv (merge default-opts opts))))
 
 (defn exec-one!
-  ([ds sv] (exec-one! ds sv nil))
+  ([ds sv]
+   (jdbc/execute-one! ds sv default-opts))
   ([ds sv opts]
-   (let [conn (get-connectable ds)
-         opts (if (empty? opts)
-                default-opts
-                (into default-opts (rename-opts opts)))]
-     (jdbc/execute-one! conn sv opts))))
+   (jdbc/execute-one! ds sv
+                      (-> (merge default-opts opts)
+                          (assoc :return-keys (::return-keys? opts false))))))
 
 (defn insert!
-  "A helper that builds an insert sql statement and executes it. By
-  default returns the inserted row with all the field; you can delimit
-  the returned columns with the `::columns` option."
   [ds table params & {:as opts}]
-  (let [conn (get-connectable ds)
-        sql  (sql/insert table params opts)
-        opts (if (empty? opts)
-               default-insert-opts
-               (into default-insert-opts (rename-opts opts)))]
-    (jdbc/execute-one! conn sql opts)))
+  (exec-one! ds
+             (sql/insert table params opts)
+             (merge {::return-keys? true} opts)))
 
-(defn insert-many!
-  "An optimized version of `insert!` that perform insertion of multiple
-  values at once.
-
-  This expands to a single SQL statement with placeholders for every
-  value being inserted. For large data sets, this may exceed the limit
-  of sql string size and/or number of parameters."
+(defn insert-multi!
   [ds table cols rows & {:as opts}]
-  (let [conn (get-connectable ds)
-        sql  (sql/insert-many table cols rows opts)
-        opts (if (empty? opts)
-               default-insert-opts
-               (into default-insert-opts (rename-opts opts)))
-        opts (update opts :return-keys boolean)]
-    (jdbc/execute! conn sql opts)))
+  (exec! ds
+         (sql/insert-multi table cols rows opts)
+         (merge {::return-keys? true} opts)))
 
 (defn update!
-  "A helper that build an UPDATE SQL statement and executes it.
-
-   Given a connectable object, a table name, a hash map of columns and
-  values to set, and either a hash map of columns and values to search
-  on or a vector of a SQL where clause and parameters, perform an
-  update on the table.
-
-  By default returns an object with the number of affected rows; a
-  complete row can be returned if you pass `::return-keys` with `true`
-  or with a vector of columns.
-
-  Also it can be combined with the `::many` option if you perform an
-  update to multiple rows and you want all the affected rows to be
-  returned."
   [ds table params where & {:as opts}]
-  (let [conn (get-connectable ds)
-        sql  (sql/update table params where opts)
-        opts (if (empty? opts)
-               default-opts
-               (into default-opts (rename-opts opts)))
-        opts (update opts :return-keys boolean)]
-    (if (::many opts)
-      (jdbc/execute! conn sql opts)
-      (jdbc/execute-one! conn sql opts))))
+  (exec-one! ds
+             (sql/update table params where opts)
+             (merge {::return-keys? true} opts)))
 
 (defn delete!
-  "A helper that builds an DELETE SQL statement and executes it.
-
-  Given a connectable object, a table name, and either a hash map of columns
-  and values to search on or a vector of a SQL where clause and parameters,
-  perform a delete on the table.
-
-  By default returns an object with the number of affected rows; a
-  complete row can be returned if you pass `::return-keys` with `true`
-  or with a vector of columns.
-
-  Also it can be combined with the `::many` option if you perform an
-  update to multiple rows and you want all the affected rows to be
-  returned."
   [ds table params & {:as opts}]
-  (let [conn (get-connectable ds)
-        sql  (sql/delete table params opts)
-        opts (if (empty? opts)
-               default-opts
-               (into default-opts (rename-opts opts)))]
-    (if (::many opts)
-      (jdbc/execute! conn sql opts)
-      (jdbc/execute-one! conn sql opts))))
-
-(defn query
-  [ds table params & {:as opts}]
-  (exec! ds (sql/select table params opts) opts))
+  (exec-one! ds
+             (sql/delete table params opts)
+             (merge {::return-keys? true} opts)))
 
 (defn is-row-deleted?
   [{:keys [deleted-at]}]
@@ -394,7 +267,7 @@
   [ds table params & {:as opts}]
   (let [rows (exec! ds (sql/select table params opts))
         rows (cond->> rows
-               (::remove-deleted opts true)
+               (::remove-deleted? opts true)
                (remove is-row-deleted?))]
     (first rows)))
 
@@ -403,41 +276,21 @@
   filters. Raises :not-found exception if no object is found."
   [ds table params & {:as opts}]
   (let [row (get* ds table params opts)]
-    (when (and (not row) (::check-deleted opts true))
+    (when (and (not row) (::check-deleted? opts true))
       (ex/raise :type :not-found
                 :code :object-not-found
                 :table table
                 :hint "database object not found"))
     row))
 
-(defn plan
-  [ds sql]
-  (-> (get-connectable ds)
-      (jdbc/plan sql sql/default-opts)))
-
-(defn cursor
-  "Return a lazy seq of rows using server side cursors"
-  [conn query & {:keys [chunk-size] :or {chunk-size 25}}]
-  (let [cname  (str (gensym "cursor_"))
-        fquery [(str "FETCH " chunk-size " FROM " cname)]]
-
-    ;; declare cursor
-    (exec-one! conn
-               (if (vector? query)
-                 (into [(str "DECLARE " cname " CURSOR FOR " (nth query 0))]
-                       (rest query))
-                 [(str "DECLARE " cname " CURSOR FOR " query)]))
-
-    ;; return a lazy seq
-    ((fn fetch-more []
-       (lazy-seq
-        (when-let [chunk (seq (exec! conn fquery))]
-          (concat chunk (fetch-more))))))))
-
 (defn get-by-id
   [ds table id & {:as opts}]
   (get ds table {:id id} opts))
 
+(defn query
+  [ds table params & {:as opts}]
+  (exec! ds (sql/select table params opts)))
+
 (defn pgobject?
   ([v]
    (instance? PGobject v))
@@ -490,10 +343,6 @@
       (.createArrayOf conn ^String type (into-array Object objects))
       (.createArrayOf conn ^String type objects))))
 
-(defn encode-pgarray
-  [data conn type]
-  (create-array conn type data))
-
 (defn decode-pgpoint
   [^PGpoint v]
   (gpt/point (.-x v) (.-y v)))
@@ -508,78 +357,11 @@
   ([^Connection conn label]
    (.setSavepoint conn (name label))))
 
-(defn release!
-  [^Connection conn ^Savepoint sp]
-  (.releaseSavepoint conn sp))
-
 (defn rollback!
-  ([conn]
-   (if (and (map? conn) (::savepoint conn))
-     (rollback! conn (::savepoint conn))
-     (let [^Connection conn (get-connection conn)]
-       (l/trc :hint "explicit rollback requested")
-       (.rollback conn))))
-  ([conn ^Savepoint sp]
-   (let [^Connection conn (get-connection conn)]
-     (l/trc :hint "explicit rollback requested (savepoint)")
-     (.rollback conn sp))))
-
-(defn tx-run!
-  [system f & params]
-  (cond
-    (connection? system)
-    (tx-run! {::conn system} f)
-
-    (pool? system)
-    (tx-run! {::pool system} f)
-
-    (::conn system)
-    (let [conn (::conn system)
-          sp   (savepoint conn)]
-      (try
-        (let [system' (-> system
-                          (assoc ::savepoint sp)
-                          (dissoc ::rollback))
-              result  (apply f system' params)]
-          (if (::rollback system)
-            (rollback! conn sp)
-            (release! conn sp))
-          result)
-        (catch Throwable cause
-          (.rollback ^Connection conn ^Savepoint sp)
-          (throw cause))))
-
-    (::pool system)
-    (with-atomic [conn (::pool system)]
-      (let [system' (-> system
-                        (assoc ::conn conn)
-                        (dissoc ::rollback))
-            result  (apply f system' params)]
-        (when (::rollback system)
-          (rollback! conn))
-        result))
-
-    :else
-    (throw (IllegalArgumentException. "invalid system/cfg provided"))))
-
-(defn run!
-  [system f & params]
-  (cond
-    (connection? system)
-    (run! {::conn system} f)
-
-    (pool? system)
-    (run! {::pool system} f)
-
-    (::conn system)
-    (apply f system params)
-
-    (::pool system)
-    (with-open [^Connection conn (open (::pool system))]
-      (apply f (assoc system ::conn conn) params))
-
-    :else
-    (throw (IllegalArgumentException. "invalid arguments"))))
+  ([^Connection conn]
+   (.rollback conn))
+  ([^Connection conn ^Savepoint sp]
+   (.rollback conn sp)))
 
 (defn interval
   [o]
@@ -650,6 +432,11 @@
       (.setType "jsonb")
       (.setValue (json/encode-str data)))))
 
+(defn get-update-count
+  [result]
+  (:next.jdbc/update-count result))
+
+
 ;; --- Locks
 
 (def ^:private siphash-state

backend/src/app/db/sql.clj

@@ -29,14 +29,11 @@
   ([table key-map opts]
    (let [opts (merge default-opts opts)
          opts (cond-> opts
-                (::db/on-conflict-do-nothing? opts)
-                (assoc :suffix "ON CONFLICT DO NOTHING")
-
-                (::on-conflict-do-nothing opts)
+                (:on-conflict-do-nothing opts)
                 (assoc :suffix "ON CONFLICT DO NOTHING"))]
      (sql/for-insert table key-map opts))))
 
-(defn insert-many
+(defn insert-multi
   [table cols rows opts]
   (let [opts (merge default-opts opts)]
     (sql/for-insert-multi table cols rows opts)))
@@ -47,30 +44,22 @@
   ([table where-params opts]
    (let [opts (merge default-opts opts)
          opts (cond-> opts
-                (::order-by opts)   (assoc :order-by (::order-by opts))
-                (::columns opts)    (assoc :columns (::columns opts))
-                (::for-update opts) (assoc :suffix "FOR UPDATE")
-                (::for-share opts)  (assoc :suffix "FOR SHARE"))]
+                (::db/for-update? opts) (assoc :suffix "FOR UPDATE")
+                (::db/for-share? opts)  (assoc :suffix "FOR KEY SHARE")
+                (:for-update opts)      (assoc :suffix "FOR UPDATE")
+                (:for-key-share opts)   (assoc :suffix "FOR KEY SHARE"))]
      (sql/for-query table where-params opts))))
 
 (defn update
   ([table key-map where-params]
    (update table key-map where-params nil))
   ([table key-map where-params opts]
-   (let [opts (into default-opts opts)
-         keys (::db/return-keys opts)
-         opts (if (vector? keys)
-                (assoc opts :suffix (str "RETURNING " (sql/as-cols keys opts)))
-                opts)]
+   (let [opts (merge default-opts opts)]
      (sql/for-update table key-map where-params opts))))
 
 (defn delete
   ([table where-params]
    (delete table where-params nil))
   ([table where-params opts]
-   (let [opts (merge default-opts opts)
-         keys (::db/return-keys opts)
-         opts (if (vector? keys)
-                (assoc opts :suffix (str "RETURNING " (sql/as-cols keys opts)))
-                opts)]
+   (let [opts (merge default-opts opts)]
      (sql/for-delete table where-params opts))))

backend/src/app/email.clj

@@ -37,7 +37,6 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
 (defn- parse-address
-  ^"[Ljakarta.mail.internet.InternetAddress;"
   [v]
   (InternetAddress/parse ^String v))
 
@@ -65,7 +64,7 @@
     (some? bcc) (assign-recipient :bcc bcc)))
 
 (defn- assign-from
-  [mmsg {:keys [::default-from] :as cfg} {:keys [from] :as params}]
+  [mmsg {:keys [default-from]} {:keys [from] :as props}]
   (let [from (or from default-from)]
     (when from
       (let [from (parse-address from)]
@@ -150,7 +149,6 @@
     "mail.smtp.connectiontimeout" timeout}))
 
 (defn- create-smtp-session
-  ^Session
   [cfg]
   (let [props (opts->props cfg)]
     (Session/getInstance props)))
@@ -262,12 +260,13 @@
   (let [email (if factory
                 (factory context)
                 (dissoc context ::conn))]
-    (wrk/submit! {::wrk/task :sendmail
-                  ::wrk/delay 0
-                  ::wrk/max-retries 4
-                  ::wrk/priority 200
-                  ::db/conn conn
-                  ::wrk/params email})))
+    (wrk/submit! (merge
+                  {::wrk/task :sendmail
+                   ::wrk/delay 0
+                   ::wrk/max-retries 4
+                   ::wrk/priority 200
+                   ::wrk/conn conn}
+                  email))))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; SENDMAIL FN / TASK HANDLER
@@ -304,18 +303,12 @@
   (fn [params]
     (when (contains? cf/flags :smtp)
       (let [session (create-smtp-session cfg)]
-        (with-open [transport (.getTransport session (if (::ssl cfg) "smtps" "smtp"))]
+        (with-open [transport (.getTransport session (if (:ssl cfg) "smtps" "smtp"))]
           (.connect ^Transport transport
                     ^String (::username cfg)
                     ^String (::password cfg))
 
           (let [^MimeMessage message (create-smtp-message cfg session params)]
-            (l/dbg :hint "sendmail"
-                   :id (:id params)
-                   :to (:to params)
-                   :subject (str/trim (:subject params))
-                   :body (str/join "," (map :type (:body params))))
-
             (.sendMessage ^Transport transport
                           ^MimeMessage message
                           (.getAllRecipients message))))))
@@ -346,7 +339,7 @@
                                (map :content)
                                first)))
                (println "******** end email" (:id email) "**********"))]
-    (l/raw! :info out)))
+    (l/info ::l/raw out)))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; EMAIL FACTORIES

backend/src/app/email/blacklist.clj

@@ -1,47 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.email.blacklist
-  "Email blacklist provider"
-  (:refer-clojure :exclude [contains?])
-  (:require
-   [app.common.logging :as l]
-   [app.config :as cf]
-   [app.email :as-alias email]
-   [clojure.core :as c]
-   [clojure.java.io :as io]
-   [cuerdas.core :as str]
-   [integrant.core :as ig]))
-
-(defmethod ig/init-key ::email/blacklist
-  [_ _]
-  (when (c/contains? cf/flags :email-blacklist)
-    (try
-      (let [path   (cf/get :email-domain-blacklist)
-            result (with-open [reader (io/reader path)]
-                     (reduce (fn [result line]
-                               (if (str/starts-with? line "#")
-                                 result
-                                 (conj result (-> line str/trim str/lower))))
-                             #{}
-                             (line-seq reader)))]
-        (l/inf :hint "initializing email blacklist" :domains (count result))
-        (not-empty result))
-
-      (catch Throwable cause
-        (l/wrn :hint "unexpected exception on initializing email blacklist"
-               :cause cause)))))
-
-(defn contains?
-  "Check if email is in the blacklist."
-  [{:keys [::email/blacklist]} email]
-  (let [[_ domain] (str/split email "@" 2)]
-    (c/contains? blacklist (str/lower domain))))
-
-(defn enabled?
-  "Check if the blacklist is enabled"
-  [{:keys [::email/blacklist]}]
-  (some? blacklist))

backend/src/app/email/whitelist.clj

@@ -1,59 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.email.whitelist
-  "Email whitelist provider"
-  (:refer-clojure :exclude [contains?])
-  (:require
-   [app.common.logging :as l]
-   [app.config :as cf]
-   [app.email :as-alias email]
-   [clojure.core :as c]
-   [clojure.java.io :as io]
-   [cuerdas.core :as str]
-   [datoteka.fs :as fs]
-   [integrant.core :as ig]))
-
-(defn- read-whitelist
-  [path]
-  (when (and path (fs/exists? path))
-    (try
-      (with-open [reader (io/reader path)]
-        (reduce (fn [result line]
-                  (if (str/starts-with? line "#")
-                    result
-                    (conj result (-> line str/trim str/lower))))
-                #{}
-                (line-seq reader)))
-
-      (catch Throwable cause
-        (l/wrn :hint "unexpected exception on reading email whitelist"
-               :cause cause)))))
-
-(defmethod ig/init-key ::email/whitelist
-  [_ _]
-  (let [whitelist (or (cf/get :registration-domain-whitelist) #{})
-        whitelist (if (c/contains? cf/flags :email-whitelist)
-                    (into whitelist (read-whitelist (cf/get :email-domain-whitelist)))
-                    whitelist)
-        whitelist (not-empty whitelist)]
-
-
-    (when whitelist
-      (l/inf :hint "initializing email whitelist" :domains (count whitelist)))
-
-    whitelist))
-
-(defn contains?
-  "Check if email is in the whitelist."
-  [{:keys [::email/whitelist]} email]
-  (let [[_ domain] (str/split email "@" 2)]
-    (c/contains? whitelist (str/lower domain))))
-
-(defn enabled?
-  "Check if the whitelist is enabled"
-  [{:keys [::email/whitelist]}]
-  (some? whitelist))

backend/src/app/features/fdata.clj

@@ -1,122 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.features.fdata
-  "A `fdata/*` related feature migration helpers"
-  (:require
-   [app.common.data :as d]
-   [app.common.exceptions :as ex]
-   [app.common.logging :as l]
-   [app.db :as db]
-   [app.db.sql :as-alias sql]
-   [app.util.blob :as blob]
-   [app.util.objects-map :as omap]
-   [app.util.pointer-map :as pmap]))
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; OBJECTS-MAP
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-(defn enable-objects-map
-  [file]
-  (let [update-page
-        (fn [page]
-          (if (and (pmap/pointer-map? page)
-                   (not (pmap/loaded? page)))
-            page
-            (update page :objects omap/wrap)))
-
-        update-data
-        (fn [fdata]
-          (update fdata :pages-index d/update-vals update-page))]
-
-    (-> file
-        (update :data update-data)
-        (update :features conj "fdata/objects-map"))))
-
-(defn process-objects
-  "Apply a function to all objects-map on the file. Usualy used for convert
-  the objects-map instances to plain maps"
-  [fdata update-fn]
-  (if (contains? fdata :pages-index)
-    (update fdata :pages-index d/update-vals
-            (fn [page]
-              (update page :objects
-                      (fn [objects]
-                        (if (omap/objects-map? objects)
-                          (update-fn objects)
-                          objects)))))
-    fdata))
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; POINTER-MAP
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-(defn load-pointer
-  "A database loader pointer helper"
-  [system file-id id]
-  (let [{:keys [content]} (db/get system :file-data-fragment
-                                  {:id id :file-id file-id}
-                                  {::sql/columns [:content]
-                                   ::db/check-deleted false})]
-
-    (l/trc :hint "load pointer"
-           :file-id (str file-id)
-           :id (str id)
-           :found (some? content))
-
-    (when-not content
-      (ex/raise :type :internal
-                :code :fragment-not-found
-                :hint "fragment not found"
-                :file-id file-id
-                :fragment-id id))
-
-    (blob/decode content)))
-
-(defn persist-pointers!
-  "Given a database connection and the final file-id, persist all
-  pointers to the underlying storage (the database)."
-  [system file-id]
-  (let [conn (db/get-connection system)]
-    (doseq [[id item] @pmap/*tracked*]
-      (when (pmap/modified? item)
-        (l/trc :hint "persist pointer" :file-id (str file-id) :id (str id))
-        (let [content (-> item deref blob/encode)]
-          (db/insert! conn :file-data-fragment
-                      {:id id
-                       :file-id file-id
-                       :content content}))))))
-
-(defn process-pointers
-  "Apply a function to all pointers on the file. Usuly used for
-  dereference the pointer to a plain value before some processing."
-  [fdata update-fn]
-  (let [update-fn' (fn [val]
-                     (if (pmap/pointer-map? val)
-                       (update-fn val)
-                       val))]
-    (-> fdata
-        (d/update-vals update-fn')
-        (update :pages-index d/update-vals update-fn'))))
-
-(defn get-used-pointer-ids
-  "Given a file, return all pointer ids used in the data."
-  [fdata]
-  (->> (concat (vals fdata)
-               (vals (:pages-index fdata)))
-       (into #{} (comp (filter pmap/pointer-map?)
-                       (map pmap/get-id)))))
-
-(defn enable-pointer-map
-  "Enable the fdata/pointer-map feature on the file."
-  [file]
-  (-> file
-      (update :data (fn [fdata]
-                      (-> fdata
-                          (update :pages-index d/update-vals pmap/wrap)
-                          (d/update-when :components pmap/wrap))))
-      (update :features conj "fdata/pointer-map")))

backend/src/app/http.clj

@@ -19,21 +19,19 @@
    [app.http.middleware :as mw]
    [app.http.session :as session]
    [app.http.websocket :as-alias ws]
-   [app.main :as-alias main]
    [app.metrics :as mtx]
    [app.rpc :as-alias rpc]
    [app.rpc.doc :as-alias rpc.doc]
-   [app.setup :as-alias setup]
+   [app.worker :as wrk]
    [clojure.spec.alpha :as s]
    [integrant.core :as ig]
-   [promesa.exec :as px]
    [reitit.core :as r]
    [reitit.middleware :as rr]
-   [ring.request :as rreq]
-   [ring.response :as-alias rres]
-   [yetti.adapter :as yt]))
+   [yetti.adapter :as yt]
+   [yetti.request :as yrq]
+   [yetti.response :as yrs]))
 
-(declare router-handler)
+(declare wrap-router)
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; HTTP SERVER
@@ -53,8 +51,8 @@
   [_ cfg]
   (merge {::port 6060
           ::host "0.0.0.0"
-          ::max-body-size (* 1024 1024 30)             ; default 30 MiB
-          ::max-multipart-body-size (* 1024 1024 120)} ; default 120 MiB
+          ::max-body-size (* 1024 1024 30)             ; 30 MiB
+          ::max-multipart-body-size (* 1024 1024 120)} ; 120 MiB
          (d/without-nils cfg)))
 
 (defmethod ig/pre-init-spec ::server [_]
@@ -63,7 +61,8 @@
                 ::max-multipart-body-size
                 ::router
                 ::handler
-                ::io-threads]))
+                ::io-threads
+                ::wrk/executor]))
 
 (defmethod ig/init-key ::server
   [_ {:keys [::handler ::router ::host ::port] :as cfg}]
@@ -72,15 +71,13 @@
                  :http/host host
                  :http/max-body-size (::max-body-size cfg)
                  :http/max-multipart-body-size (::max-multipart-body-size cfg)
-                 :xnio/io-threads (or (::io-threads cfg)
-                                      (max 3 (px/get-available-processors)))
-                 :xnio/dispatch :virtual
-                 :ring/compat :ring2
-                 :socket/backlog 4069}
+                 :xnio/io-threads (::io-threads cfg)
+                 :xnio/dispatch (::wrk/executor cfg)
+                 :ring/async true}
 
         handler (cond
                   (some? router)
-                  (router-handler router)
+                  (wrap-router router)
 
                   (some? handler)
                   handler
@@ -99,33 +96,33 @@
   (yt/stop! server))
 
 (defn- not-found-handler
-  [_]
-  {::rres/status 404})
+  [_ respond _]
+  (respond (yrs/response 404)))
 
-(defn- router-handler
+(defn- wrap-router
   [router]
-  (letfn [(resolve-handler [request]
-            (if-let [match (r/match-by-path router (rreq/path request))]
+  (letfn [(handler [request respond raise]
+            (if-let [match (r/match-by-path router (yrq/path request))]
               (let [params  (:path-params match)
                     result  (:result match)
                     handler (or (:handler result) not-found-handler)
                     request (assoc request :path-params params)]
-                (partial handler request))
-              (partial not-found-handler request)))
+                (handler request respond raise))
+              (not-found-handler request respond raise)))
 
-          (on-error [cause request]
-            (let [{:keys [::rres/body] :as response} (errors/handle cause request)]
-              (cond-> response
-                (map? body)
-                (-> (update ::rres/headers assoc "content-type" "application/transit+json")
-                    (assoc ::rres/body (t/encode-str body {:type :json-verbose}))))))]
+          (on-error [cause request respond]
+            (let [{:keys [body] :as response} (errors/handle cause request)]
+              (respond
+               (cond-> response
+                 (map? body)
+                 (-> (update :headers assoc "content-type" "application/transit+json")
+                     (assoc :body (t/encode-str body {:type :json-verbose})))))))]
 
-    (fn [request]
-      (let [handler (resolve-handler request)]
-        (try
-          (handler)
-          (catch Throwable cause
-            (on-error cause request)))))))
+    (fn [request respond _]
+      (try
+        (handler request respond #(on-error % request respond))
+        (catch Throwable cause
+          (on-error cause request respond))))))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; HTTP ROUTER
@@ -133,11 +130,11 @@
 
 (defmethod ig/pre-init-spec ::router [_]
   (s/keys :req [::session/manager
+                ::actoken/manager
                 ::ws/routes
                 ::rpc/routes
                 ::rpc.doc/routes
                 ::oidc/routes
-                ::setup/props
                 ::assets/routes
                 ::debug/routes
                 ::db/pool
@@ -148,12 +145,12 @@
   [_ cfg]
   (rr/router
    [["" {:middleware [[mw/server-timing]
-                      [mw/params]
                       [mw/format-response]
-                      [mw/errors errors/handle]
+                      [mw/params]
                       [mw/parse-request]
                       [session/soft-auth cfg]
                       [actoken/soft-auth cfg]
+                      [mw/errors errors/handle]
                       [mw/restrict-methods]]}
 
      (::mtx/routes cfg)

backend/src/app/http/access_token.clj

@@ -7,18 +7,31 @@
 (ns app.http.access-token
   (:require
    [app.common.logging :as l]
+   [app.common.spec :as us]
    [app.config :as cf]
    [app.db :as db]
    [app.main :as-alias main]
-   [app.setup :as-alias setup]
    [app.tokens :as tokens]
-   [ring.request :as rreq]))
+   [app.worker :as-alias wrk]
+   [clojure.spec.alpha :as s]
+   [integrant.core :as ig]
+   [promesa.core :as p]
+   [promesa.exec :as px]
+   [yetti.request :as yrq]))
+
+
+(s/def ::manager
+  (s/keys :req [::db/pool ::wrk/executor ::main/props]))
+
+(defmethod ig/pre-init-spec ::manager [_] ::manager)
+(defmethod ig/init-key ::manager [_ cfg] cfg)
+(defmethod ig/halt-key! ::manager [_ _])
 
 (def header-re #"^Token\s+(.*)")
 
 (defn- get-token
   [request]
-  (some->> (rreq/get-header request "authorization")
+  (some->> (yrq/get-header request "authorization")
            (re-matches header-re)
            (second)))
 
@@ -27,49 +40,48 @@
   (when token
     (tokens/verify props {:token token :iss "access-token"})))
 
-(def sql:get-token-data
-  "SELECT perms, profile_id, expires_at
-     FROM access_token
-    WHERE id = ?
-      AND (expires_at IS NULL
-           OR (expires_at > now()));")
-
-(defn- get-token-data
+(defn- get-token-perms
   [pool token-id]
   (when-not (db/read-only? pool)
-    (some-> (db/exec-one! pool [sql:get-token-data token-id])
-            (update :perms db/decode-pgarray #{}))))
+    (when-let [token (db/get* pool :access-token {:id token-id} {:columns [:perms]})]
+      (some-> (:perms token)
+              (db/decode-pgarray #{})))))
 
 (defn- wrap-soft-auth
-  "Soft Authentication, will be executed synchronously on the undertow
-  worker thread."
-  [handler {:keys [::setup/props]}]
-  (letfn [(handle-request [request]
-            (try
-              (let [token  (get-token request)
-                    claims (decode-token props token)]
-                (cond-> request
-                  (map? claims)
-                  (assoc ::id (:tid claims))))
-              (catch Throwable cause
-                (l/trace :hint "exception on decoding malformed token" :cause cause)
-                request)))]
+  [handler {:keys [::manager]}]
+  (us/assert! ::manager manager)
 
-    (fn [request]
-      (handler (handle-request request)))))
+  (let [{:keys [::wrk/executor ::main/props]} manager]
+    (fn [request respond raise]
+      (let [token (get-token request)]
+        (->> (px/submit! executor (partial decode-token props token))
+             (p/fnly (fn [claims cause]
+                       (when cause
+                         (l/trace :hint "exception on decoding malformed token" :cause cause))
+                       (let [request (cond-> request
+                                       (map? claims)
+                                       (assoc ::id (:tid claims)))]
+                         (handler request respond raise)))))))))
 
 (defn- wrap-authz
-  "Authorization middleware, will be executed synchronously on vthread."
-  [handler {:keys [::db/pool]}]
-  (fn [request]
-    (let [{:keys [perms profile-id expires-at]} (some->> (::id request) (get-token-data pool))]
-      (handler (cond-> request
-                 (some? perms)
-                 (assoc ::perms perms)
-                 (some? profile-id)
-                 (assoc ::profile-id profile-id)
-                 (some? expires-at)
-                 (assoc ::expires-at expires-at))))))
+  [handler {:keys [::manager]}]
+  (us/assert! ::manager manager)
+  (let [{:keys [::wrk/executor ::db/pool]} manager]
+    (fn [request respond raise]
+      (if-let [token-id (::id request)]
+        (->> (px/submit! executor (partial get-token-perms pool token-id))
+             (p/fnly (fn [perms cause]
+                       (cond
+                         (some? cause)
+                         (raise cause)
+
+                         (nil? perms)
+                         (handler request respond raise)
+
+                         :else
+                         (let [request (assoc request ::perms perms)]
+                           (handler request respond raise))))))
+        (handler request respond raise)))))
 
 (def soft-auth
   {:name ::soft-auth

backend/src/app/http/assets.clj

@@ -14,9 +14,11 @@
    [app.db :as db]
    [app.storage :as sto]
    [app.util.time :as dt]
+   [app.worker :as wrk]
    [clojure.spec.alpha :as s]
    [integrant.core :as ig]
-   [ring.response :as-alias rres]))
+   [promesa.core :as p]
+   [yetti.response :as yrs]))
 
 (def ^:private cache-max-age
   (dt/duration {:hours 24}))
@@ -26,9 +28,10 @@
 
 (defn get-id
   [{:keys [path-params]}]
-  (or (some-> path-params :id d/parse-uuid)
-      (ex/raise :type :not-found
-                :hunt "object not found")))
+  (if-let [id (some-> path-params :id d/parse-uuid)]
+    (p/resolved id)
+    (p/rejected (ex/error :type :not-found
+                          :hunt "object not found"))))
 
 (defn- get-file-media-object
   [pool id]
@@ -36,12 +39,16 @@
 
 (defn- serve-object-from-s3
   [{:keys [::sto/storage] :as cfg} obj]
-  (let [{:keys [host port] :as url} (sto/get-object-url storage obj {:max-age signature-max-age})]
-    {::rres/status  307
-     ::rres/headers {"location" (str url)
-                     "x-host"   (cond-> host port (str ":" port))
-                     "x-mtype"  (-> obj meta :content-type)
-                     "cache-control" (str "max-age=" (inst-ms cache-max-age))}}))
+  (let [mdata (meta obj)]
+    (->> (sto/get-object-url storage obj {:max-age signature-max-age})
+         (p/fmap (fn [{:keys [host port] :as url}]
+                   (let [headers {"location" (str url)
+                                  "x-host"   (cond-> host port (str ":" port))
+                                  "x-mtype"  (:content-type mdata)
+                                  "cache-control" (str "max-age=" (inst-ms cache-max-age))}]
+                     (yrs/response
+                      :status  307
+                      :headers headers)))))))
 
 (defn- serve-object-from-fs
   [{:keys [::path]} obj]
@@ -51,8 +58,8 @@
         headers {"x-accel-redirect" (:path purl)
                  "content-type" (:content-type mdata)
                  "cache-control" (str "max-age=" (inst-ms cache-max-age))}]
-    {::rres/status 204
-     ::rres/headers headers}))
+    (p/resolved
+     (yrs/response :status 204 :headers headers))))
 
 (defn- serve-object
   "Helper function that returns the appropriate response depending on
@@ -65,34 +72,42 @@
 
 (defn objects-handler
   "Handler that servers storage objects by id."
-  [{:keys [::sto/storage] :as cfg} request]
-  (let [id  (get-id request)
-        obj (sto/get-object storage id)]
-    (if obj
-      (serve-object cfg obj)
-      {::rres/status 404})))
+  [{:keys [::sto/storage ::wrk/executor] :as cfg} request respond raise]
+  (->> (get-id request)
+       (p/mcat executor (fn [id] (sto/get-object storage id)))
+       (p/mcat executor (fn [obj]
+                          (if (some? obj)
+                            (serve-object cfg obj)
+                            (p/resolved (yrs/response 404)))))
+       (p/fnly executor (fn [result cause]
+                          (if cause (raise cause) (respond result))))))
 
 (defn- generic-handler
   "A generic handler helper/common code for file-media based handlers."
-  [{:keys [::sto/storage] :as cfg} request kf]
-  (let [pool (::db/pool storage)
-        id   (get-id request)
-        mobj (get-file-media-object pool id)
-        sobj (sto/get-object storage (kf mobj))]
-    (if sobj
-      (serve-object cfg sobj)
-      {::rres/status 404})))
+  [{:keys [::sto/storage ::wrk/executor] :as cfg} request kf]
+  (let [pool (::db/pool storage)]
+    (->> (get-id request)
+         (p/fmap executor (fn [id] (get-file-media-object pool id)))
+         (p/mcat executor (fn [mobj] (sto/get-object storage (kf mobj))))
+         (p/mcat executor (fn [sobj]
+                            (if sobj
+                              (serve-object cfg sobj)
+                              (p/resolved (yrs/response 404))))))))
 
 (defn file-objects-handler
   "Handler that serves storage objects by file media id."
-  [cfg request]
-  (generic-handler cfg request :media-id))
+  [cfg request respond raise]
+  (->> (generic-handler cfg request :media-id)
+       (p/fnly (fn [result cause]
+                 (if cause (raise cause) (respond result))))))
 
 (defn file-thumbnails-handler
   "Handler that serves storage objects by thumbnail-id and quick
   fallback to file-media-id if no thumbnail is available."
-  [cfg request]
-  (generic-handler cfg request #(or (:thumbnail-id %) (:media-id %))))
+  [cfg request respond raise]
+  (->> (generic-handler cfg request #(or (:thumbnail-id %) (:media-id %)))
+       (p/fnly (fn [result cause]
+                 (if cause (raise cause) (respond result))))))
 
 ;; --- Initialization
 
@@ -100,7 +115,7 @@
 (s/def ::routes vector?)
 
 (defmethod ig/pre-init-spec ::routes [_]
-  (s/keys :req [::sto/storage  ::path]))
+  (s/keys :req [::sto/storage ::wrk/executor  ::path]))
 
 (defmethod ig/init-key ::routes
   [_ cfg]

backend/src/app/http/awsns.clj

@@ -13,7 +13,6 @@
    [app.db.sql :as sql]
    [app.http.client :as http]
    [app.main :as-alias main]
-   [app.setup :as-alias setup]
    [app.tokens :as tokens]
    [app.worker :as-alias wrk]
    [clojure.spec.alpha :as s]
@@ -21,8 +20,8 @@
    [integrant.core :as ig]
    [jsonista.core :as j]
    [promesa.exec :as px]
-   [ring.request :as rreq]
-   [ring.response :as-alias rres]))
+   [yetti.request :as yrq]
+   [yetti.response :as yrs]))
 
 (declare parse-json)
 (declare handle-request)
@@ -31,15 +30,16 @@
 
 (defmethod ig/pre-init-spec ::routes [_]
   (s/keys :req [::http/client
-                ::setup/props
-                ::db/pool]))
+                ::main/props
+                ::db/pool
+                ::wrk/executor]))
 
 (defmethod ig/init-key ::routes
-  [_ cfg]
-  (letfn [(handler [request]
-            (let [data (-> request rreq/body slurp)]
-              (px/run! :vthread (partial handle-request cfg data)))
-            {::rres/status 200})]
+  [_ {:keys [::wrk/executor] :as cfg}]
+  (letfn [(handler [request respond _]
+            (let [data (-> request yrq/body slurp)]
+              (px/run! executor #(handle-request cfg data)))
+            (respond (yrs/response 200)))]
     ["/sns" {:handler handler
              :allowed-methods #{:post}}]))
 
@@ -107,7 +107,7 @@
   [cfg headers]
   (let [tdata (get headers "x-penpot-data")]
     (when-not (str/empty? tdata)
-      (let [result (tokens/verify (::setup/props cfg) {:token tdata :iss :profile-identity})]
+      (let [result (tokens/verify (::main/props cfg) {:token tdata :iss :profile-identity})]
         (:profile-id result)))))
 
 (defn- parse-notification

backend/src/app/http/client.clj

@@ -8,6 +8,7 @@
   "Http client abstraction layer."
   (:require
    [app.common.spec :as us]
+   [app.worker :as wrk]
    [clojure.spec.alpha :as s]
    [integrant.core :as ig]
    [java-http-clj.core :as http]
@@ -20,11 +21,12 @@
   (s/keys :req [::client]))
 
 (defmethod ig/pre-init-spec ::client [_]
-  (s/keys :req []))
+  (s/keys :req [::wrk/executor]))
 
 (defmethod ig/init-key ::client
-  [_ _]
-  (http/build-client {:connect-timeout 30000 ;; 10s
+  [_ {:keys [::wrk/executor] :as cfg}]
+  (http/build-client {:executor executor
+                      :connect-timeout 30000 ;; 10s
                       :follow-redirects :always}))
 
 (defn send!
@@ -38,25 +40,12 @@
        (catch Throwable cause
          (p/rejected cause))))))
 
-(defn- resolve-client
-  [params]
-  (cond
-    (instance? HttpClient params)
-    params
-
-    (map? params)
-    (resolve-client (::client params))
-
-    :else
-    (throw (UnsupportedOperationException. "invalid arguments"))))
-
 (defn req!
   "A convencience toplevel function for gradual migration to a new API
   convention."
-  ([cfg-or-client request]
-   (let [client (resolve-client cfg-or-client)]
-     (send! client request {:sync? true})))
-  ([cfg-or-client request options]
-   (let [client (resolve-client cfg-or-client)]
-     (send! client request (merge {:sync? true} options)))))
-
+  ([{:keys [::client]} request]
+   (us/assert! ::client client)
+   (send! client request {}))
+  ([{:keys [::client]} request options]
+   (us/assert! ::client client)
+   (send! client request options)))

backend/src/app/http/debug.clj

@@ -7,25 +7,21 @@
 (ns app.http.debug
   (:refer-clojure :exclude [error-handler])
   (:require
-   [app.binfile.v1 :as bf.v1]
-   [app.common.data :as d]
    [app.common.exceptions :as ex]
    [app.common.logging :as l]
    [app.common.pprint :as pp]
    [app.common.uuid :as uuid]
    [app.config :as cf]
    [app.db :as db]
+   [app.http.middleware :as mw]
    [app.http.session :as session]
-   [app.rpc.commands.auth :as auth]
+   [app.rpc.commands.binfile :as binf]
    [app.rpc.commands.files-create :refer [create-file]]
    [app.rpc.commands.profile :as profile]
-   [app.setup :as-alias setup]
-   [app.srepl.helpers :as srepl]
-   [app.storage :as-alias sto]
-   [app.storage.tmp :as tmp]
    [app.util.blob :as blob]
    [app.util.template :as tmpl]
    [app.util.time :as dt]
+   [app.worker :as wrk]
    [clojure.spec.alpha :as s]
    [cuerdas.core :as str]
    [datoteka.io :as io]
@@ -33,41 +29,51 @@
    [integrant.core :as ig]
    [markdown.core :as md]
    [markdown.transformers :as mdt]
-   [ring.request :as rreq]
-   [ring.response :as rres]))
+   [yetti.request :as yrq]
+   [yetti.response :as yrs]))
 
 ;; (selmer.parser/cache-off!)
 
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; HELPERS
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(defn authorized?
+  [pool {:keys [::session/profile-id]}]
+  (or (= "devenv" (cf/get :host))
+      (let [profile (ex/ignoring (profile/get-profile pool profile-id))
+            admins  (or (cf/get :admins) #{})]
+        (contains? admins (:email profile)))))
+
+(defn prepare-response
+  [body]
+  (let [headers {"content-type" "application/transit+json"}]
+    (yrs/response :status 200 :body body :headers headers)))
+
+(defn prepare-download-response
+  [body filename]
+  (let [headers {"content-disposition" (str "attachment; filename=" filename)
+                 "content-type" "application/octet-stream"}]
+    (yrs/response :status 200 :body body :headers headers)))
+
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; INDEX
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
 (defn index-handler
-  [_cfg _request]
-  {::rres/status  200
-   ::rres/headers {"content-type" "text/html"}
-   ::rres/body    (-> (io/resource "app/templates/debug.tmpl")
-                      (tmpl/render {}))})
+  [{:keys [::db/pool]} request]
+  (when-not (authorized? pool request)
+    (ex/raise :type :authentication
+              :code :only-admins-allowed))
+  (yrs/response :status  200
+                :headers {"content-type" "text/html"}
+                :body    (-> (io/resource "app/templates/debug.tmpl")
+                             (tmpl/render {}))))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; FILE CHANGES
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
-(defn prepare-response
-  [body]
-  (let [headers {"content-type" "application/transit+json"}]
-    {::rres/status 200
-     ::rres/body body
-     ::rres/headers headers}))
-
-(defn prepare-download-response
-  [body filename]
-  (let [headers {"content-disposition" (str "attachment; filename=" filename)
-                 "content-type" "application/octet-stream"}]
-    {::rres/status 200
-     ::rres/body body
-     ::rres/headers headers}))
-
 (def sql:retrieve-range-of-changes
   "select revn, changes from file_change where file_id=? and revn >= ? and revn <= ? order by revn")
 
@@ -76,6 +82,10 @@
 
 (defn- retrieve-file-data
   [{:keys [::db/pool]} {:keys [params ::session/profile-id] :as request}]
+  (when-not (authorized? pool request)
+    (ex/raise :type :authentication
+              :code :only-admins-allowed))
+
   (let [file-id  (some-> params :file-id parse-uuid)
         revn     (some-> params :revn parse-long)
         filename (str file-id)]
@@ -98,18 +108,14 @@
 
         (contains? params :clone)
         (let [profile    (profile/get-profile pool profile-id)
-              project-id (:default-project-id profile)]
-
-          (db/run! pool (fn [{:keys [::db/conn] :as cfg}]
-                          (create-file cfg {:id file-id
-                                            :name (str "Cloned file: " filename)
-                                            :project-id project-id
-                                            :profile-id profile-id})
-                          (db/update! conn :file
-                                      {:data data}
-                                      {:id file-id})
-                          {::rres/status 201
-                           ::rres/body "OK CREATED"})))
+              project-id (:default-project-id profile)
+              data       (blob/decode data)]
+          (create-file pool {:id (uuid/next)
+                             :name (str "Cloned file: " filename)
+                             :project-id project-id
+                             :profile-id profile-id
+                             :data data})
+          (yrs/response 201 "OK CREATED"))
 
         :else
         (prepare-response (blob/decode data))))))
@@ -123,41 +129,35 @@
   [{:keys [::db/pool]} {:keys [::session/profile-id params] :as request}]
   (let [profile    (profile/get-profile pool profile-id)
         project-id (:default-project-id profile)
-        data       (some-> params :file :path io/read-as-bytes)]
+        data       (some-> params :file :path io/read-as-bytes blob/decode)]
 
     (if (and data project-id)
-      (let [fname     (str "Imported file *: " (dt/now))
-            reuse-id? (contains? params :reuseid)
-            file-id   (or (and reuse-id? (ex/ignoring (-> params :file :filename parse-uuid)))
-                          (uuid/next))]
+      (let [fname      (str "Imported file *: " (dt/now))
+            overwrite? (contains? params :overwrite?)
+            file-id    (or (and overwrite? (ex/ignoring (-> params :file :filename parse-uuid)))
+                           (uuid/next))]
 
-        (if (and reuse-id? file-id
+        (if (and overwrite? file-id
                  (is-file-exists? pool file-id))
           (do
             (db/update! pool :file
-                        {:data data
-                         :deleted-at nil}
+                        {:data (blob/encode data)}
                         {:id file-id})
-            {::rres/status 200
-             ::rres/body "OK UPDATED"})
+            (yrs/response 200 "OK UPDATED"))
 
-          (db/run! pool (fn [{:keys [::db/conn] :as cfg}]
-                          (create-file cfg {:id file-id
-                                            :name fname
-                                            :project-id project-id
-                                            :profile-id profile-id})
-                          (db/update! conn :file
-                                      {:data data}
-                                      {:id file-id})
-                          {::rres/status 201
-                           ::rres/body "OK CREATED"}))))
+          (do
+            (create-file pool {:id file-id
+                               :name fname
+                               :project-id project-id
+                               :profile-id profile-id
+                               :data data})
+            (yrs/response 201 "OK CREATED"))))
 
-      {::rres/status 500
-       ::rres/body "ERROR"})))
+      (yrs/response 500 "ERROR"))))
 
 (defn file-data-handler
   [cfg request]
-  (case (rreq/method request)
+  (case (yrq/method request)
     :get (retrieve-file-data cfg request)
     :post (upload-file-data cfg request)
     (ex/raise :type :http
@@ -165,6 +165,10 @@
 
 (defn file-changes-handler
   [{:keys [::db/pool]} {:keys [params] :as request}]
+  (when-not (authorized? pool request)
+    (ex/raise :type :authentication
+              :code :only-admins-allowed))
+
   (letfn [(retrieve-changes [file-id revn]
             (if (str/includes? revn ":")
               (let [[start end] (->> (str/split revn #":")
@@ -227,40 +231,41 @@
             (-> (io/resource "app/templates/error-report.v2.tmpl")
                 (tmpl/render report)))
 
-          (render-template-v3 [{:keys [content id created-at]}]
-            (-> (io/resource "app/templates/error-report.v3.tmpl")
-                (tmpl/render (-> content
-                                 (assoc :id id)
-                                 (assoc :created-at (dt/format-instant created-at :rfc1123))))))]
+          ]
+
+    (when-not (authorized? pool request)
+      (ex/raise :type :authentication
+                :code :only-admins-allowed))
 
     (if-let [report (get-report request)]
-      (let [result (case (:version report)
-                     1 (render-template-v1 report)
-                     2 (render-template-v2 report)
-                     3 (render-template-v3 report))]
-        {::rres/status 200
-         ::rres/body result
-         ::rres/headers {"content-type" "text/html; charset=utf-8"
-                         "x-robots-tag" "noindex"}})
-      {::rres/status 404
-       ::rres/body "not found"})))
+      (let [result (if (= 1 (:version report))
+                     (render-template-v1 report)
+                     (render-template-v2 report))]
+        (yrs/response :status 200
+                      :body result
+                      :headers {"content-type" "text/html; charset=utf-8"
+                                "x-robots-tag" "noindex"}))
+      (yrs/response 404 "not found"))))
 
 (def sql:error-reports
   "SELECT id, created_at,
           content->>'~:hint' AS hint
      FROM server_error_report
     ORDER BY created_at DESC
-    LIMIT 200")
+    LIMIT 100")
 
 (defn error-list-handler
-  [{:keys [::db/pool]} _request]
+  [{:keys [::db/pool]} request]
+  (when-not (authorized? pool request)
+    (ex/raise :type :authentication
+              :code :only-admins-allowed))
   (let [items (->> (db/exec! pool [sql:error-reports])
                    (map #(update % :created-at dt/format-instant :rfc1123)))]
-    {::rres/status 200
-     ::rres/body (-> (io/resource "app/templates/error-list.tmpl")
-                     (tmpl/render {:items items}))
-     ::rres/headers {"content-type" "text/html; charset=utf-8"
-                     "x-robots-tag" "noindex"}}))
+    (yrs/response :status 200
+                  :body (-> (io/resource "app/templates/error-list.tmpl")
+                            (tmpl/render {:items items}))
+                  :headers {"content-type" "text/html; charset=utf-8"
+                            "x-robots-tag" "noindex"})))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; EXPORT/IMPORT
@@ -269,10 +274,9 @@
 (defn export-handler
   [{:keys [::db/pool] :as cfg} {:keys [params ::session/profile-id] :as request}]
 
-  (let [file-ids (into #{}
-                       (comp (remove empty?)
-                             (map parse-uuid))
-                       (:file-ids params))
+  (let [file-ids (->> (:file-ids params)
+                      (remove empty?)
+                      (mapv parse-uuid))
         libs?    (contains? params :includelibs)
         clone?   (contains? params :clone)
         embed?   (contains? params :embedassets)]
@@ -281,30 +285,32 @@
       (ex/raise :type :validation
                 :code :missing-arguments))
 
-    (let [path (tmp/tempfile :prefix "penpot.export.")]
-      (with-open [output (io/output-stream path)]
-        (-> cfg
-            (assoc ::bf.v1/ids file-ids)
-            (assoc ::bf.v1/embed-assets embed?)
-            (assoc ::bf.v1/include-libraries libs?)
-            (bf.v1/export-files! output)))
-
+    (let [path (-> cfg
+                   (assoc ::binf/file-ids file-ids)
+                   (assoc ::binf/embed-assets? embed?)
+                   (assoc ::binf/include-libraries? libs?)
+                   (binf/export-to-tmpfile!))]
       (if clone?
         (let [profile    (profile/get-profile pool profile-id)
-              project-id (:default-project-id profile)
-              cfg        (assoc cfg
-                                ::bf.v1/overwrite false
-                                ::bf.v1/profile-id profile-id
-                                ::bf.v1/project-id project-id)]
-          (bf.v1/import-files! cfg path)
-          {::rres/status  200
-           ::rres/headers {"content-type" "text/plain"}
-           ::rres/body    "OK CLONED"})
+              project-id (:default-project-id profile)]
+          (binf/import!
+           (assoc cfg
+                  ::binf/input path
+                  ::binf/overwrite? false
+                  ::binf/ignore-index-errors? true
+                  ::binf/profile-id profile-id
+                  ::binf/project-id project-id))
 
-        {::rres/status  200
-         ::rres/body    (io/input-stream path)
-         ::rres/headers {"content-type" "application/octet-stream"
-                         "content-disposition" (str "attachmen; filename=" (first file-ids) ".penpot")}}))))
+          (yrs/response
+           :status  200
+           :headers {"content-type" "text/plain"}
+           :body    "OK CLONED"))
+
+        (yrs/response
+         :status  200
+         :headers {"content-type" "application/octet-stream"
+                   "content-disposition" (str "attachmen; filename=" (first file-ids) ".penpot")}
+         :body    (io/input-stream path))))))
 
 
 (defn import-handler
@@ -317,108 +323,27 @@
   (let [profile    (profile/get-profile pool profile-id)
         project-id (:default-project-id profile)
         overwrite? (contains? params :overwrite)
-        migrate?   (contains? params :migrate)]
+        migrate?   (contains? params :migrate)
+        ignore-index-errors? (contains? params :ignore-index-errors)]
 
     (when-not project-id
       (ex/raise :type :validation
                 :code :missing-project
                 :hint "project not found"))
 
-    (let [path (-> params :file :path)
-          cfg  (assoc cfg
-                      ::bf.v1/overwrite overwrite?
-                      ::bf.v1/migrate migrate?
-                      ::bf.v1/profile-id profile-id
-                      ::bf.v1/project-id project-id)]
-      (bf.v1/import-files! cfg path)
-      {::rres/status  200
-       ::rres/headers {"content-type" "text/plain"}
-       ::rres/body    "OK"})))
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; ACTIONS
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-(defn- resend-email-notification
-  [cfg {:keys [params] :as request}]
-  (db/tx-run! cfg (fn [{:keys [::db/conn] :as cfg}]
-                    (when-not (contains? params :force)
-                      (ex/raise :type :validation
-                                :code :missing-force
-                                :hint "missing force checkbox"))
-
-                    (let [profile (some->> params
-                                           :email
-                                           (profile/clean-email)
-                                           (profile/get-profile-by-email conn))]
-
-                      (when-not profile
-                        (ex/raise :type :validation
-                                  :code :missing-profile
-                                  :hint "unable to find profile by email"))
-
-                      (cond
-                        (contains? params :block)
-                        (do
-                          (db/update! conn :profile {:is-blocked true} {:id (:id profile)})
-                          (db/delete! conn :http-session {:profile-id (:id profile)})
-
-                          {::rres/status  200
-                           ::rres/headers {"content-type" "text/plain"}
-                           ::rres/body    (str/ffmt "PROFILE '%' BLOCKED" (:email profile))})
-
-                        (contains? params :unblock)
-                        (do
-                          (db/update! conn :profile {:is-blocked false} {:id (:id profile)})
-                          {::rres/status  200
-                           ::rres/headers {"content-type" "text/plain"}
-                           ::rres/body    (str/ffmt "PROFILE '%' UNBLOCKED" (:email profile))})
-
-                        (contains? params :resend)
-                        (if (:is-blocked profile)
-                          {::rres/status  200
-                           ::rres/headers {"content-type" "text/plain"}
-                           ::rres/body    "PROFILE ALREADY BLOCKED"}
-                          (do
-                            (#'auth/send-email-verification! cfg profile)
-                            {::rres/status  200
-                             ::rres/headers {"content-type" "text/plain"}
-                             ::rres/body    (str/ffmt "RESENDED FOR '%'" (:email profile))}))
-
-                        :else
-                        (do
-                          (db/update! conn :profile {:is-active true} {:id (:id profile)})
-                          {::rres/status  200
-                           ::rres/headers {"content-type" "text/plain"}
-                           ::rres/body    (str/ffmt "PROFILE '%' ACTIVATED" (:email profile))}))))))
-
-
-(defn- reset-file-version
-  [cfg {:keys [params] :as request}]
-  (let [file-id (some-> params :file-id d/parse-uuid)
-        version (some-> params :version d/parse-integer)]
-
-    (when-not (contains? params :force)
-      (ex/raise :type :validation
-                :code :missing-force
-                :hint "missing force checkbox"))
-
-    (when (nil? file-id)
-      (ex/raise :type :validation
-                :code :invalid-file-id
-                :hint "provided invalid file id"))
-
-    (when (nil? version)
-      (ex/raise :type :validation
-                :code :invalid-version
-                :hint "provided invalid version"))
-
-    (db/tx-run! cfg srepl/process-file! file-id #(assoc % :version version))
-
-    {::rres/status  200
-     ::rres/headers {"content-type" "text/plain"}
-     ::rres/body    "OK"}))
+    (binf/import!
+     (assoc cfg
+            ::binf/input (-> params :file :path)
+            ::binf/overwrite? overwrite?
+            ::binf/migrate? migrate?
+            ::binf/ignore-index-errors? ignore-index-errors?
+            ::binf/profile-id profile-id
+            ::binf/project-id project-id))
 
+    (yrs/response
+     :status  200
+     :headers {"content-type" "text/plain"}
+     :body    "OK")))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; OTHER SMALL VIEWS/HANDLERS
@@ -429,13 +354,11 @@
   [{:keys [::db/pool]} _]
   (try
     (db/exec-one! pool ["select count(*) as count from server_prop;"])
-    {::rres/status 200
-     ::rres/body "OK"}
+    (yrs/response 200 "OK")
     (catch Throwable cause
       (l/warn :hint "unable to execute query on health handler"
               :cause cause)
-      {::rres/status 503
-       ::rres/body "KO"})))
+      (yrs/response 503 "KO"))))
 
 (defn changelog-handler
   [_ _]
@@ -444,51 +367,46 @@
           (md->html [text]
             (md/md-to-html-string text :replacement-transformers (into [transform-emoji] mdt/transformer-vector)))]
     (if-let [clog (io/resource "changelog.md")]
-      {::rres/status 200
-       ::rres/headers {"content-type" "text/html; charset=utf-8"}
-       ::rres/body (-> clog slurp md->html)}
-      {::rres/status 404
-       ::rres/body "NOT FOUND"})))
+      (yrs/response :status 200
+                    :headers {"content-type" "text/html; charset=utf-8"}
+                    :body (-> clog slurp md->html))
+      (yrs/response :status 404 :body "NOT FOUND"))))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; INIT
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
-(defn authorized?
-  [pool {:keys [::session/profile-id]}]
-  (or (= "devenv" (cf/get :host))
-      (let [profile (ex/ignoring (profile/get-profile pool profile-id))
-            admins  (or (cf/get :admins) #{})]
-        (contains? admins (:email profile)))))
-
 (def with-authorization
   {:compile
    (fn [& _]
      (fn [handler pool]
-       (fn [request]
+       (fn [request respond raise]
          (if (authorized? pool request)
-           (handler request)
-           (ex/raise :type :authentication
-                     :code :only-admins-allowed)))))})
+           (handler request respond raise)
+           (raise (ex/error :type :authentication
+                            :code :only-admins-allowed))))))})
 
 (defmethod ig/pre-init-spec ::routes [_]
-  (s/keys :req [::db/pool ::session/manager]))
+  (s/keys :req [::db/pool
+                ::wrk/executor
+                ::session/manager]))
 
 (defmethod ig/init-key ::routes
-  [_ {:keys [::db/pool] :as cfg}]
-  [["/readyz" {:handler (partial health-handler cfg)}]
+  [_ {:keys [::db/pool ::wrk/executor] :as cfg}]
+  [["/readyz" {:middleware [[mw/with-dispatch executor]
+                            [mw/with-config cfg]]
+               :handler health-handler}]
    ["/dbg" {:middleware [[session/authz cfg]
-                         [with-authorization pool]]}
-    ["" {:handler (partial index-handler cfg)}]
-    ["/health" {:handler (partial health-handler cfg)}]
-    ["/changelog" {:handler (partial changelog-handler cfg)}]
-    ["/error/:id" {:handler (partial error-handler cfg)}]
-    ["/error" {:handler (partial error-list-handler cfg)}]
-    ["/actions/resend-email-verification"
-     {:handler (partial resend-email-notification cfg)}]
-    ["/actions/reset-file-version"
-     {:handler (partial reset-file-version cfg)}]
-    ["/file/export" {:handler (partial export-handler cfg)}]
-    ["/file/import" {:handler (partial import-handler cfg)}]
-    ["/file/data" {:handler (partial file-data-handler cfg)}]
-    ["/file/changes" {:handler (partial file-changes-handler cfg)}]]])
+                         [with-authorization pool]
+                         [mw/with-dispatch executor]
+                         [mw/with-config cfg]]}
+    ["" {:handler index-handler}]
+    ["/health" {:handler health-handler}]
+    ["/changelog" {:handler changelog-handler}]
+    ;; ["/error-by-id/:id" {:handler error-handler}]
+    ["/error/:id" {:handler error-handler}]
+    ["/error" {:handler error-list-handler}]
+    ["/file/export" {:handler export-handler}]
+    ["/file/import" {:handler import-handler}]
+    ["/file/data" {:handler file-data-handler}]
+    ["/file/changes" {:handler file-changes-handler}]]])

backend/src/app/http/errors.clj

@@ -9,21 +9,19 @@
   (:require
    [app.common.exceptions :as ex]
    [app.common.logging :as l]
-   [app.common.schema :as-alias sm]
-   [app.config :as cf]
    [app.http :as-alias http]
    [app.http.access-token :as-alias actoken]
    [app.http.session :as-alias session]
    [clojure.spec.alpha :as s]
    [cuerdas.core :as str]
-   [ring.request :as rreq]
-   [ring.response :as rres]))
+   [yetti.request :as yrq]
+   [yetti.response :as yrs]))
 
 (defn- parse-client-ip
   [request]
-  (or (some-> (rreq/get-header request "x-forwarded-for") (str/split ",") first)
-      (rreq/get-header request "x-real-ip")
-      (rreq/remote-addr request)))
+  (or (some-> (yrq/get-header request "x-forwarded-for") (str/split ",") first)
+      (yrq/get-header request "x-real-ip")
+      (yrq/remote-addr request)))
 
 (defn request->context
   "Extracts error report relevant context data from request."
@@ -31,221 +29,141 @@
   (let [claims (-> {}
                    (into (::session/token-claims request))
                    (into (::actoken/token-claims request)))]
-    {:request/path       (:path request)
-     :request/method     (:method request)
-     :request/params     (:params request)
-     :request/user-agent (rreq/get-header request "user-agent")
-     :request/ip-addr    (parse-client-ip request)
-     :request/profile-id (:uid claims)
-     :version/frontend   (or (rreq/get-header request "x-frontend-version") "unknown")
-     :version/backend    (:full cf/version)}))
-
-(defmulti handle-error
-  (fn [cause _ _]
-    (-> cause ex-data :type)))
+    {:path       (:path request)
+     :method     (:method request)
+     :params     (:params request)
+     :ip-addr    (parse-client-ip request)
+     :user-agent (yrq/get-header request "user-agent")
+     :profile-id (:uid claims)
+     :version    (or (yrq/get-header request "x-frontend-version")
+                     "unknown")}))
 
 (defmulti handle-exception
-  (fn [cause _ _]
-    (class cause)))
+  (fn [err & _rest]
+    (let [edata (ex-data err)]
+      (or (:type edata)
+          (class err)))))
 
-(defmethod handle-error :authentication
-  [err _ _]
-  {::rres/status 401
-   ::rres/body (ex-data err)})
+(defmethod handle-exception :authentication
+  [err _]
+  (yrs/response 401 (ex-data err)))
 
-(defmethod handle-error :authorization
-  [err _ _]
-  {::rres/status 403
-   ::rres/body (ex-data err)})
+(defmethod handle-exception :authorization
+  [err _]
+  (yrs/response 403 (ex-data err)))
 
-(defmethod handle-error :restriction
-  [err _ _]
-  (let [{:keys [code] :as data} (ex-data err)]
-    (if (= code :method-not-allowed)
-      {::rres/status 405
-       ::rres/body data}
-      {::rres/status 400
-       ::rres/body data})))
+(defmethod handle-exception :restriction
+  [err _]
+  (yrs/response 400 (ex-data err)))
 
-(defmethod handle-error :rate-limit
-  [err _ _]
+(defmethod handle-exception :rate-limit
+  [err _]
   (let [headers (-> err ex-data ::http/headers)]
-    {::rres/status 429
-     ::rres/headers headers}))
+    (yrs/response :status 429 :body "" :headers headers)))
 
-(defmethod handle-error :concurrency-limit
-  [err _ _]
-  (let [headers (-> err ex-data ::http/headers)]
-    {::rres/status 429
-     ::rres/headers headers}))
-
-(defmethod handle-error :validation
-  [err request parent-cause]
+(defmethod handle-exception :validation
+  [err _]
   (let [{:keys [code] :as data} (ex-data err)]
     (cond
-      (or (= code :spec-validation)
-          (= code :params-validation)
-          (= code :schema-validation)
-          (= code :data-validation))
+      (= code :spec-validation)
       (let [explain (ex/explain data)]
-        {::rres/status 400
-         ::rres/body   (-> data
-                           (dissoc ::s/problems ::s/value ::s/spec ::sm/explain)
-                           (cond-> explain (assoc :explain explain)))})
+        (yrs/response :status 400
+                      :body   (-> data
+                                  (dissoc ::s/problems ::s/value)
+                                  (cond-> explain (assoc :explain explain)))))
 
       (= code :request-body-too-large)
-      {::rres/status 413 ::rres/body data}
-
-      (= code :invalid-image)
-      (binding [l/*context* (request->context request)]
-        (let [cause (or parent-cause err)]
-          (l/warn :hint "unexpected error on processing image" :cause cause)
-          {::rres/status 400 ::rres/body data}))
+      (yrs/response :status 413 :body data)
 
       :else
-      {::rres/status 400 ::rres/body data})))
+      (yrs/response :status 400 :body data))))
 
-(defmethod handle-error :assertion
-  [error request parent-cause]
-  (binding [l/*context* (request->context request)]
-    (let [{:keys [code] :as data} (ex-data error)
-          cause (or parent-cause error)]
-      (cond
-        (= code :data-validation)
-        (let [explain (ex/explain data)]
-          (l/error :hint "data assertion error" :cause cause)
-          {::rres/status 500
-           ::rres/body   {:type :server-error
-                          :code :assertion
-                          :data (-> data
-                                    (dissoc ::sm/explain)
-                                    (cond-> explain (assoc :explain explain)))}})
+(defmethod handle-exception :assertion
+  [error request]
+  (let [edata   (ex-data error)
+        explain (ex/explain edata)]
+    (binding [l/*context* (request->context request)]
+      (l/error :hint "Assertion error" :message (ex-message error) :cause error)
+      (yrs/response :status 500
+                    :body   {:type :server-error
+                             :code :assertion
+                             :data (-> edata
+                                       (dissoc ::s/problems ::s/value ::s/spec)
+                                       (cond-> explain (assoc :explain explain)))}))))
 
-        (= code :spec-validation)
-        (let [explain (ex/explain data)]
-          (l/error :hint "spec assertion error" :cause cause)
-          {::rres/status 500
-           ::rres/body   {:type :server-error
-                          :code :assertion
-                          :data (-> data
-                                    (dissoc ::s/problems ::s/value ::s/spec)
-                                    (cond-> explain (assoc :explain explain)))}})
+(defmethod handle-exception :not-found
+  [err _]
+  (yrs/response 404 (ex-data err)))
 
-        :else
-        (do
-          (l/error :hint "assertion error" :cause cause)
-          {::rres/status 500
-           ::rres/body   {:type :server-error
-                          :code :assertion
-                          :data data}})))))
+(defmethod handle-exception :internal
+  [error request]
+  (let [{:keys [code] :as edata} (ex-data error)]
+    (cond
+      (= :concurrency-limit-reached code)
+      (yrs/response 429)
 
-(defmethod handle-error :not-found
-  [err _ _]
-  {::rres/status 404
-   ::rres/body (ex-data err)})
-
-(defmethod handle-error :internal
-  [error request parent-cause]
-  (binding [l/*context* (request->context request)]
-    (let [cause (or parent-cause error)]
-      (l/error :hint "internal error" :cause cause)
-      {::rres/status 500
-       ::rres/body {:type :server-error
-                    :code :unhandled
-                    :hint (ex-message error)
-                    :data (ex-data error)}})))
-
-(defmethod handle-error :default
-  [error request parent-cause]
-  (let [edata (ex-data error)]
-    ;; This is a special case for the idle-in-transaction error;
-    ;; when it happens, the connection is automatically closed and
-    ;; next-jdbc combines the two errors in a single ex-info. We
-    ;; only need the :handling error, because the :rollback error
-    ;; will be always "connection closed".
-    (if (and (ex/exception? (:rollback edata))
-             (ex/exception? (:handling edata)))
-      (handle-exception (:handling edata) request error)
-      (handle-exception error request parent-cause))))
+      :else
+      (binding [l/*context* (request->context request)]
+        (l/error :hint "Internal error" :message (ex-message error) :cause error)
+        (yrs/response 500 {:type :server-error
+                           :code :unhandled
+                           :hint (ex-message error)
+                           :data edata})))))
 
 (defmethod handle-exception org.postgresql.util.PSQLException
-  [error request parent-cause]
-  (let [state (.getSQLState ^java.sql.SQLException error)
-        cause (or parent-cause error)]
+  [error request]
+  (let [state (.getSQLState ^java.sql.SQLException error)]
     (binding [l/*context* (request->context request)]
-      (l/error :hint "PSQL error"
-               :cause cause)
+      (l/error :hint "PSQL error" :message (ex-message error) :cause error)
       (cond
         (= state "57014")
-        {::rres/status 504
-         ::rres/body {:type :server-error
-                      :code :statement-timeout
-                      :hint (ex-message error)}}
+        (yrs/response 504 {:type :server-error
+                           :code :statement-timeout
+                           :hint (ex-message error)})
 
         (= state "25P03")
-        {::rres/status 504
-         ::rres/body {:type :server-error
-                      :code :idle-in-transaction-timeout
-                      :hint (ex-message error)}}
+        (yrs/response 504 {:type :server-error
+                           :code :idle-in-transaction-timeout
+                           :hint (ex-message error)})
 
         :else
-        {::rres/status 500
-         ::rres/body {:type :server-error
-                      :code :unexpected
-                      :hint (ex-message error)
-                      :state state}}))))
+        (yrs/response 500 {:type :server-error
+                           :code :unexpected
+                           :hint (ex-message error)
+                           :state state})))))
 
 (defmethod handle-exception :default
-  [error request parent-cause]
-  (let [edata (ex-data error)
-        cause (or parent-cause error)]
+  [error request]
+  (let [edata (ex-data error)]
     (cond
       ;; This means that exception is not a controlled exception.
       (nil? edata)
       (binding [l/*context* (request->context request)]
-        (l/error :hint "unexpected error" :cause cause)
-        {::rres/status 500
-         ::rres/body {:type :server-error
-                      :code :unexpected
-                      :hint (ex-message error)}})
+        (l/error :hint "Unexpected error" :message (ex-message error) :cause error)
+        (yrs/response 500 {:type :server-error
+                           :code :unexpected
+                           :hint (ex-message error)}))
+
+      ;; This is a special case for the idle-in-transaction error;
+      ;; when it happens, the connection is automatically closed and
+      ;; next-jdbc combines the two errors in a single ex-info. We
+      ;; only need the :handling error, because the :rollback error
+      ;; will be always "connection closed".
+      (and (ex/exception? (:rollback edata))
+           (ex/exception? (:handling edata)))
+      (handle-exception (:handling edata) request)
 
       :else
       (binding [l/*context* (request->context request)]
-        (l/error :hint "unhandled error" :cause cause)
-        {::rres/status 500
-         ::rres/body {:type :server-error
-                      :code :unhandled
-                      :hint (ex-message error)
-                      :data edata}}))))
-
-(defmethod handle-exception java.io.IOException
-  [cause _ _]
-  (l/wrn :hint "io exception" :cause cause)
-  {::rres/status 500
-   ::rres/body {:type :server-error
-                :code :io-exception
-                :hint (ex-message cause)}})
-
-(defmethod handle-exception java.util.concurrent.CompletionException
-  [cause request _]
-  (let [cause' (ex-cause cause)]
-    (if (ex/error? cause')
-      (handle-error cause' request cause)
-      (handle-exception cause' request cause))))
-
-(defmethod handle-exception java.util.concurrent.ExecutionException
-  [cause request _]
-  (let [cause' (ex-cause cause)]
-    (if (ex/error? cause')
-      (handle-error cause' request cause)
-      (handle-exception cause' request cause))))
+        (l/error :hint "Unhandled error" :message (ex-message error) :cause error)
+        (yrs/response 500 {:type :server-error
+                           :code :unhandled
+                           :hint (ex-message error)
+                           :data edata})))))
 
 (defn handle
   [cause request]
-  (if (ex/error? cause)
-    (handle-error cause request nil)
-    (handle-exception cause request nil)))
-
-(defn handle'
-  [cause request]
-  (::rres/body (handle cause request)))
+  (if (or (instance? java.util.concurrent.CompletionException cause)
+          (instance? java.util.concurrent.ExecutionException cause))
+    (handle-exception (ex-cause cause) request)
+    (handle-exception cause request)))

backend/src/app/http/middleware.clj

@@ -10,19 +10,20 @@
    [app.common.logging :as l]
    [app.common.transit :as t]
    [app.config :as cf]
-   [clojure.data.json :as json]
+   [app.util.json :as json]
    [cuerdas.core :as str]
-   [ring.request :as rreq]
-   [ring.response :as rres]
+   [promesa.core :as p]
+   [promesa.exec :as px]
    [yetti.adapter :as yt]
-   [yetti.middleware :as ymw])
+   [yetti.middleware :as ymw]
+   [yetti.request :as yrq]
+   [yetti.response :as yrs])
   (:import
+   com.fasterxml.jackson.core.JsonParseException
+   com.fasterxml.jackson.core.io.JsonEOFException
    io.undertow.server.RequestTooBigException
-   java.io.InputStream
    java.io.OutputStream))
 
-(set! *warn-on-reflection* true)
-
 (def server-timing
   {:name ::server-timing
    :compile (constantly ymw/wrap-server-timing)})
@@ -31,38 +32,27 @@
   {:name ::params
    :compile (constantly ymw/wrap-params)})
 
-(defn- get-reader
-  ^java.io.BufferedReader
-  [request]
-  (let [^InputStream body (rreq/body request)]
-    (java.io.BufferedReader.
-     (java.io.InputStreamReader. body))))
-
-(defn- read-json-key
-  [k]
-  (-> k str/kebab keyword))
-
-(defn- write-json-key
-  [k]
-  (if (or (keyword? k) (symbol? k))
-    (str/camel k)
-    (str k)))
+(def ^:private json-mapper
+  (json/mapper
+   {:encode-key-fn str/camel
+    :decode-key-fn (comp keyword str/kebab)
+    :pretty true}))
 
 (defn wrap-parse-request
   [handler]
   (letfn [(process-request [request]
-            (let [header (rreq/get-header request "content-type")]
+            (let [header (yrq/get-header request "content-type")]
               (cond
                 (str/starts-with? header "application/transit+json")
-                (with-open [^InputStream is (rreq/body request)]
+                (with-open [is (yrq/body request)]
                   (let [params (t/read! (t/reader is))]
                     (-> request
                         (assoc :body-params params)
                         (update :params merge params))))
 
                 (str/starts-with? header "application/json")
-                (with-open [reader (get-reader request)]
-                  (let [params (json/read reader :key-fn read-json-key)]
+                (with-open [is (yrq/body request)]
+                  (let [params (json/decode is json-mapper)]
                     (-> request
                         (assoc :body-params params)
                         (update :params merge params))))
@@ -70,34 +60,30 @@
                 :else
                 request)))
 
-          (handle-error [cause]
+          (handle-error [raise cause]
             (cond
-              (instance? RuntimeException cause)
-              (if-let [cause (ex-cause cause)]
-                (handle-error cause)
-                (throw cause))
-
               (instance? RequestTooBigException cause)
-              (ex/raise :type :validation
-                        :code :request-body-too-large
-                        :hint (ex-message cause))
+              (raise (ex/error :type :validation
+                               :code :request-body-too-large
+                               :hint (ex-message cause)))
 
-              (instance? java.io.EOFException cause)
-              (ex/raise :type :validation
-                        :code :malformed-json
-                        :hint (ex-message cause)
-                        :cause cause)
 
+              (or (instance? JsonEOFException cause)
+                  (instance? JsonParseException cause))
+              (raise (ex/error :type :validation
+                               :code :malformed-json
+                               :hint (ex-message cause)
+                               :cause cause))
               :else
-              (throw cause)))]
+              (raise cause)))]
 
-    (fn [request]
-      (if (= (rreq/method request) :post)
-        (let [request (ex/try! (process-request request))]
-          (if (ex/exception? request)
-            (handle-error request)
-            (handler request)))
-        (handler request)))))
+    (fn [request respond raise]
+      (let [request (ex/try! (process-request request))]
+        (if (ex/exception? request)
+          (if (ex/runtime-exception? request)
+            (handle-error raise (or (ex-cause request) request))
+            (handle-error raise request))
+          (handler request respond raise))))))
 
 (def parse-request
   {:name ::parse-request
@@ -108,71 +94,74 @@
   needed because transit-java calls flush very aggresivelly on each
   object write."
   [^java.io.OutputStream os ^long chunk-size]
-  (yetti.util.BufferedOutputStream. os (int chunk-size)))
+  (proxy [java.io.BufferedOutputStream] [os (int chunk-size)]
+    ;; Explicitly do not forward flush
+    (flush [])
+    (close []
+      (proxy-super flush)
+      (proxy-super close))))
 
 (def ^:const buffer-size (:xnio/buffer-size yt/defaults))
 
 (defn wrap-format-response
   [handler]
   (letfn [(transit-streamable-body [data opts]
-            (reify rres/StreamableResponseBody
+            (reify yrs/StreamableResponseBody
               (-write-body-to-stream [_ _ output-stream]
                 (try
-                  (with-open [^OutputStream bos (buffered-output-stream output-stream buffer-size)]
+                  (with-open [bos (buffered-output-stream output-stream buffer-size)]
                     (let [tw (t/writer bos opts)]
                       (t/write! tw data)))
-                  (catch java.io.IOException _)
+
+                  (catch java.io.IOException _cause
+                    ;; Do nothing, EOF means client closes connection abruptly
+                    nil)
                   (catch Throwable cause
-                    (binding [l/*context* {:value data}]
-                      (l/error :hint "unexpected error on encoding response"
-                               :cause cause)))
+                    (l/warn :hint "unexpected error on encoding response"
+                            :cause cause))
                   (finally
                     (.close ^OutputStream output-stream))))))
 
           (json-streamable-body [data]
-            (reify rres/StreamableResponseBody
+            (reify yrs/StreamableResponseBody
               (-write-body-to-stream [_ _ output-stream]
                 (try
-                  (with-open [^OutputStream bos (buffered-output-stream output-stream buffer-size)]
-                    (with-open [^java.io.OutputStreamWriter writer (java.io.OutputStreamWriter. bos)]
-                      (json/write data writer :key-fn write-json-key)))
 
-                  (catch java.io.IOException _)
+                  (with-open [bos (buffered-output-stream output-stream buffer-size)]
+                    (json/write! bos data json-mapper))
+
+                  (catch java.io.IOException _cause
+                    ;; Do nothing, EOF means client closes connection abruptly
+                    nil)
                   (catch Throwable cause
-                    (binding [l/*context* {:value data}]
-                      (l/error :hint "unexpected error on encoding response"
-                               :cause cause)))
+                    (l/warn :hint "unexpected error on encoding response"
+                            :cause cause))
                   (finally
                     (.close ^OutputStream output-stream))))))
 
           (format-response-with-json [response _]
-            (let [body (::rres/body response)]
+            (let [body (yrs/body response)]
               (if (or (boolean? body) (coll? body))
                 (-> response
-                    (update ::rres/headers assoc "content-type" "application/json")
-                    (assoc ::rres/body (json-streamable-body body)))
+                    (update :headers assoc "content-type" "application/json")
+                    (assoc :body (json-streamable-body body)))
                 response)))
 
           (format-response-with-transit [response request]
-            (let [body (::rres/body response)]
+            (let [body (yrs/body response)]
               (if (or (boolean? body) (coll? body))
-                (let [qs   (rreq/query request)
+                (let [qs   (yrq/query request)
                       opts (if (or (contains? cf/flags :transit-readable-response)
                                    (str/includes? qs "transit_verbose"))
                              {:type :json-verbose}
                              {:type :json})]
                   (-> response
-                      (update ::rres/headers assoc "content-type" "application/transit+json")
-                      (assoc ::rres/body (transit-streamable-body body opts))))
+                      (update :headers assoc "content-type" "application/transit+json")
+                      (assoc :body (transit-streamable-body body opts))))
                 response)))
 
-          (format-from-params [{:keys [query-params] :as request}]
-            (and (= "json" (get query-params :_fmt))
-                 "application/json"))
-
           (format-response [response request]
-            (let [accept (or (format-from-params request)
-                             (rreq/get-header request "accept"))]
+            (let [accept (yrq/get-header request "accept")]
               (cond
                 (or (= accept "application/transit+json")
                     (str/includes? accept "application/transit+json"))
@@ -189,9 +178,12 @@
             (cond-> response
               (map? response) (format-response request)))]
 
-    (fn [request]
-      (let [response (handler request)]
-        (process-response response request)))))
+    (fn [request respond raise]
+      (handler request
+               (fn [response]
+                 (let [response (process-response response request)]
+                   (respond response)))
+               raise))))
 
 (def format-response
   {:name ::format-response
@@ -199,48 +191,74 @@
 
 (defn wrap-errors
   [handler on-error]
-  (fn [request]
-    (try
-      (handler request)
-      (catch Throwable cause
-        (on-error cause request)))))
+  (fn [request respond _]
+    (handler request respond (fn [cause]
+                               (-> cause (on-error request) respond)))))
 
 (def errors
   {:name ::errors
    :compile (constantly wrap-errors)})
 
-(defn- with-cors-headers
-  [headers origin]
-  (-> headers
-      (assoc "access-control-allow-origin" origin)
-      (assoc "access-control-allow-methods" "GET,POST,DELETE,OPTIONS,PUT,HEAD,PATCH")
-      (assoc "access-control-allow-credentials" "true")
-      (assoc "access-control-expose-headers" "x-requested-with, content-type, cookie")
-      (assoc "access-control-allow-headers" "x-frontend-version, content-type, accept, x-requested-width")))
-
 (defn wrap-cors
   [handler]
-  (fn [request]
-    (let [response (if (= (rreq/method request) :options)
-                     {::rres/status 200}
-                     (handler request))
-          origin   (rreq/get-header request "origin")]
-      (update response ::rres/headers with-cors-headers origin))))
+  (if-not (contains? cf/flags :cors)
+    handler
+    (letfn [(add-headers [headers request]
+              (let [origin (yrq/get-header request "origin")]
+                (-> headers
+                    (assoc "access-control-allow-origin" origin)
+                    (assoc "access-control-allow-methods" "GET,POST,DELETE,OPTIONS,PUT,HEAD,PATCH")
+                    (assoc "access-control-allow-credentials" "true")
+                    (assoc "access-control-expose-headers" "x-requested-with, content-type, cookie")
+                    (assoc "access-control-allow-headers" "x-frontend-version, content-type, accept, x-requested-width"))))
+
+            (update-response [response request]
+              (update response :headers add-headers request))]
+
+      (fn [request respond raise]
+        (if (= (yrq/method request) :options)
+          (-> (yrs/response 200)
+              (update-response request)
+              (respond))
+          (handler request
+                   (fn [response]
+                     (respond (update-response response request)))
+                   raise))))))
 
 (def cors
   {:name ::cors
-   :compile (fn [& _]
-              (when (contains? cf/flags :cors)
-                wrap-cors))})
+   :compile (constantly wrap-cors)})
+
+(defn compile-restrict-methods
+  [data _]
+  (when-let [allowed (:allowed-methods data)]
+    (fn [handler]
+      (fn [request respond raise]
+        (let [method (yrq/method request)]
+          (if (contains? allowed method)
+            (handler request respond raise)
+            (respond (yrs/response 405))))))))
 
 (def restrict-methods
   {:name ::restrict-methods
+   :compile compile-restrict-methods})
+
+(def with-dispatch
+  {:name ::with-dispatch
    :compile
-   (fn [data _]
-     (when-let [allowed (:allowed-methods data)]
-       (fn [handler]
-         (fn [request]
-           (let [method (rreq/method request)]
-             (if (contains? allowed method)
-               (handler request)
-               {::rres/status 405}))))))})
+   (fn [& _]
+     (fn [handler executor]
+       (fn [request respond raise]
+         (-> (px/submit! executor #(handler request))
+             (p/bind p/wrap)
+             (p/then respond)
+             (p/catch raise)))))})
+
+(def with-config
+  {:name ::with-config
+   :compile
+   (fn [& _]
+     (fn [handler config]
+       (fn
+         ([request] (handler config request))
+         ([request respond raise] (handler config request respond raise)))))})

backend/src/app/http/session.clj

@@ -8,21 +8,22 @@
   (:refer-clojure :exclude [read])
   (:require
    [app.common.data :as d]
+   [app.common.exceptions :as ex]
    [app.common.logging :as l]
    [app.common.spec :as us]
-   [app.common.uri :as u]
    [app.config :as cf]
    [app.db :as db]
    [app.db.sql :as sql]
    [app.http.session.tasks :as-alias tasks]
    [app.main :as-alias main]
-   [app.setup :as-alias setup]
    [app.tokens :as tokens]
    [app.util.time :as dt]
+   [app.worker :as wrk]
    [clojure.spec.alpha :as s]
    [cuerdas.core :as str]
    [integrant.core :as ig]
-   [ring.request :as rreq]
+   [promesa.core :as p]
+   [promesa.exec :as px]
    [yetti.request :as yrq]))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -34,7 +35,7 @@
 
 ;; A cookie that we can use to check from other sites of the same
 ;; domain if a user is authenticated.
-(def default-auth-data-cookie-name "auth-data")
+(def default-authenticated-cookie-name "authenticated")
 
 ;; Default value for cookie max-age
 (def default-cookie-max-age (dt/duration {:days 7}))
@@ -75,56 +76,69 @@
    :id key})
 
 (defn- database-manager
-  [pool]
+  [{:keys [::db/pool ::wrk/executor ::main/props]}]
+  ^{::wrk/executor executor
+    ::db/pool pool
+    ::main/props props}
   (reify ISessionManager
     (read [_ token]
-      (db/exec-one! pool (sql/select :http-session {:id token})))
+      (px/with-dispatch executor
+        (db/exec-one! pool (sql/select :http-session {:id token}))))
 
     (write! [_ key params]
-      (let [params (prepare-session-params key params)]
-        (db/insert! pool :http-session params)
-        params))
+      (px/with-dispatch executor
+        (let [params (prepare-session-params key params)]
+          (db/insert! pool :http-session params)
+          params)))
 
     (update! [_ params]
       (let [updated-at (dt/now)]
-        (db/update! pool :http-session
-                    {:updated-at updated-at}
-                    {:id (:id params)})
-        (assoc params :updated-at updated-at)))
+        (px/with-dispatch executor
+          (db/update! pool :http-session
+                      {:updated-at updated-at}
+                      {:id (:id params)})
+          (assoc params :updated-at updated-at))))
 
     (delete! [_ token]
-      (db/delete! pool :http-session {:id token})
-      nil)))
-
-(defn inmemory-manager
-  []
-  (let [cache (atom {})]
-    (reify ISessionManager
-      (read [_ token]
-        (get @cache token))
-
-      (write! [_ key params]
-        (let [params (prepare-session-params key params)]
-          (swap! cache assoc key params)
-          params))
-
-      (update! [_ params]
-        (let [updated-at (dt/now)]
-          (swap! cache update (:id params) assoc :updated-at updated-at)
-          (assoc params :updated-at updated-at)))
-
-      (delete! [_ token]
-        (swap! cache dissoc token)
+      (px/with-dispatch executor
+        (db/delete! pool :http-session {:id token})
         nil))))
 
+(defn inmemory-manager
+  [{:keys [::db/pool ::wrk/executor ::main/props]}]
+  (let [cache (atom {})]
+    ^{::main/props props
+      ::wrk/executor executor
+      ::db/pool pool}
+    (reify ISessionManager
+      (read [_ token]
+        (p/do (get @cache token)))
+
+      (write! [_ key params]
+        (p/do
+          (let [params (prepare-session-params key params)]
+            (swap! cache assoc key params)
+            params)))
+
+      (update! [_ params]
+        (p/do
+          (let [updated-at (dt/now)]
+            (swap! cache update (:id params) assoc :updated-at updated-at)
+            (assoc params :updated-at updated-at))))
+
+      (delete! [_ token]
+        (p/do
+          (swap! cache dissoc token)
+          nil)))))
+
 (defmethod ig/pre-init-spec ::manager [_]
-  (s/keys :req [::db/pool]))
+  (s/keys :req [::db/pool ::wrk/executor ::main/props]))
 
 (defmethod ig/init-key ::manager
-  [_ {:keys [::db/pool]}]
+  [_ {:keys [::db/pool] :as cfg}]
   (if (db/read-only? pool)
-    (inmemory-manager)
-    (database-manager pool)))
+    (inmemory-manager cfg)
+    (database-manager cfg)))
 
 (defmethod ig/halt-key! ::manager
   [_ _])
@@ -134,41 +148,46 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
 (declare ^:private assign-auth-token-cookie)
-(declare ^:private assign-auth-data-cookie)
+(declare ^:private assign-authenticated-cookie)
 (declare ^:private clear-auth-token-cookie)
-(declare ^:private clear-auth-data-cookie)
+(declare ^:private clear-authenticated-cookie)
 (declare ^:private gen-token)
 
 (defn create-fn
-  [{:keys [::manager ::setup/props]} profile-id]
+  [{:keys [::manager]} profile-id]
   (us/assert! ::manager manager)
   (us/assert! ::us/uuid profile-id)
 
-  (fn [request response]
-    (let [uagent  (rreq/get-header request "user-agent")
-          params  {:profile-id profile-id
-                   :user-agent uagent
-                   :created-at (dt/now)}
-          token   (gen-token props params)
-          session (write! manager token params)]
-      (l/trace :hint "create" :profile-id (str profile-id))
-      (-> response
-          (assign-auth-token-cookie session)
-          (assign-auth-data-cookie session)))))
+  (let [props (-> manager meta ::main/props)]
+    (fn [request response]
+      (let [uagent (yrq/get-header request "user-agent")
+            params {:profile-id profile-id
+                    :user-agent uagent
+                    :created-at (dt/now)}
+            token  (gen-token props params)]
 
+        (->> (write! manager token params)
+             (p/fmap (fn [session]
+                       (l/trace :hint "create" :profile-id (str profile-id))
+                       (-> response
+                           (assign-auth-token-cookie session)
+                           (assign-authenticated-cookie session)))))))))
 (defn delete-fn
   [{:keys [::manager]}]
   (us/assert! ::manager manager)
-  (fn [request response]
-    (let [cname   (cf/get :auth-token-cookie-name default-auth-token-cookie-name)
-          cookie  (yrq/get-cookie request cname)]
-      (l/trace :hint "delete" :profile-id (:profile-id request))
-      (some->> (:value cookie) (delete! manager))
-      (-> response
-          (assoc :status 204)
-          (assoc :body nil)
-          (clear-auth-token-cookie)
-          (clear-auth-data-cookie)))))
+  (letfn [(delete [{:keys [profile-id] :as request}]
+            (let [cname   (cf/get :auth-token-cookie-name default-auth-token-cookie-name)
+                  cookie  (yrq/get-cookie request cname)]
+              (l/trace :hint "delete" :profile-id profile-id)
+              (some->> (:value cookie) (delete! manager))))]
+    (fn [request response]
+      (p/do
+        (delete request)
+        (-> response
+            (assoc :status 204)
+            (assoc :body nil)
+            (clear-auth-token-cookie)
+            (clear-authenticated-cookie))))))
 
 (defn- gen-token
   [props {:keys [profile-id created-at]}]
@@ -197,41 +216,58 @@
        (let [elapsed (dt/diff updated-at (dt/now))]
          (neg? (compare default-renewal-max-age elapsed)))))
 
-(defn- wrap-soft-auth
-  [handler {:keys [::manager ::setup/props]}]
-  (us/assert! ::manager manager)
-  (letfn [(handle-request [request]
-            (try
-              (let [token  (get-token request)
-                    claims (decode-token props token)]
-                (cond-> request
-                  (map? claims)
-                  (-> (assoc ::token-claims claims)
-                      (assoc ::token token))))
-              (catch Throwable cause
-                (l/trace :hint "exception on decoding malformed token" :cause cause)
-                request)))]
+(defn- wrap-reneval
+  [respond manager session]
+  (fn [response]
+    (p/let [session (update! manager session)]
+      (-> response
+          (assign-auth-token-cookie session)
+          (assign-authenticated-cookie session)
+          (respond)))))
 
-    (fn [request]
-      (handler (handle-request request)))))
+(defn- wrap-soft-auth
+  [handler {:keys [::manager]}]
+  (us/assert! ::manager manager)
+
+  (let [{:keys [::wrk/executor ::main/props]} (meta manager)]
+    (fn [request respond raise]
+      (let [token (ex/try! (get-token request))]
+        (if (ex/exception? token)
+          (raise token)
+          (->> (px/submit! executor (partial decode-token props token))
+               (p/fnly (fn [claims cause]
+                         (when cause
+                           (l/trace :hint "exception on decoding malformed token" :cause cause))
+                         (let [request (cond-> request
+                                         (map? claims)
+                                         (-> (assoc ::token-claims claims)
+                                             (assoc ::token token)))]
+                           (handler request respond raise))))))))))
 
 (defn- wrap-authz
   [handler {:keys [::manager]}]
   (us/assert! ::manager manager)
-  (fn [request]
-    (let [session  (get-session manager (::token request))
-          request  (cond-> request
-                     (some? session)
-                     (assoc ::profile-id (:profile-id session)
-                            ::id (:id session)))
-          response (handler request)]
+  (fn [request respond raise]
+    (if-let [token (::token request)]
+      (->> (get-session manager token)
+           (p/fnly (fn [session cause]
+                     (cond
+                       (some? cause)
+                       (raise cause)
 
-      (if (renew-session? session)
-        (let [session (update! manager session)]
-          (-> response
-              (assign-auth-token-cookie session)
-              (assign-auth-data-cookie session)))
-        response))))
+                       (nil? session)
+                       (handler request respond raise)
+
+                       :else
+                       (let [request (-> request
+                                         (assoc ::profile-id (:profile-id session))
+                                         (assoc ::id (:id session)))
+                             respond (cond-> respond
+                                       (renew-session? session)
+                                       (wrap-reneval manager session))]
+                         (handler request respond raise))))))
+
+      (handler request respond raise))))
 
 (def soft-auth
   {:name ::soft-auth
@@ -250,7 +286,6 @@
         renewal    (dt/plus created-at default-renewal-max-age)
         expires    (dt/plus created-at max-age)
         secure?    (contains? cf/flags :secure-session-cookies)
-        strict?    (contains? cf/flags :strict-session-cookies)
         cors?      (contains? cf/flags :cors)
         name       (cf/get :auth-token-cookie-name default-auth-token-cookie-name)
         comment    (str "Renewal at: " (dt/format-instant renewal :rfc1123))
@@ -259,15 +294,15 @@
                     :expires expires
                     :value token
                     :comment comment
-                    :same-site (if cors? :none (if strict? :strict :lax))
+                    :same-site (if cors? :none :lax)
                     :secure secure?}]
     (update response :cookies assoc name cookie)))
 
-(defn- assign-auth-data-cookie
-  [response {profile-id :profile-id updated-at :updated-at}]
+(defn- assign-authenticated-cookie
+  [response {updated-at :updated-at}]
   (let [max-age    (cf/get :auth-token-cookie-max-age default-cookie-max-age)
-        domain     (cf/get :auth-data-cookie-domain)
-        cname      default-auth-data-cookie-name
+        domain     (cf/get :authenticated-cookie-domain)
+        cname      (cf/get :authenticated-cookie-name "authenticated")
 
         created-at (or updated-at (dt/now))
         renewal    (dt/plus created-at default-renewal-max-age)
@@ -275,17 +310,14 @@
 
         comment    (str "Renewal at: " (dt/format-instant renewal :rfc1123))
         secure?    (contains? cf/flags :secure-session-cookies)
-        strict?    (contains? cf/flags :strict-session-cookies)
-        cors?      (contains? cf/flags :cors)
 
         cookie     {:domain domain
                     :expires expires
                     :path "/"
                     :comment comment
-                    :value (u/map->query-string {:profile-id profile-id})
-                    :same-site (if cors? :none (if strict? :strict :lax))
+                    :value true
+                    :same-site :strict
                     :secure secure?}]
-
     (cond-> response
       (string? domain)
       (update :cookies assoc cname cookie))))
@@ -295,10 +327,10 @@
   (let [cname (cf/get :auth-token-cookie-name default-auth-token-cookie-name)]
     (update response :cookies assoc cname {:path "/" :value "" :max-age 0})))
 
-(defn- clear-auth-data-cookie
+(defn- clear-authenticated-cookie
   [response]
-  (let [cname  default-auth-data-cookie-name
-        domain (cf/get :auth-data-cookie-domain)]
+  (let [cname  (cf/get :authenticated-cookie-name default-authenticated-cookie-name)
+        domain (cf/get :authenticated-cookie-domain)]
     (cond-> response
       (string? domain)
       (update :cookies assoc cname {:domain domain :path "/" :value "" :max-age 0}))))

backend/src/app/http/sse.clj

@@ -1,69 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.http.sse
-  "SSE (server sent events) helpers"
-  (:refer-clojure :exclude [tap])
-  (:require
-   [app.common.data :as d]
-   [app.common.logging :as l]
-   [app.common.transit :as t]
-   [app.http.errors :as errors]
-   [app.util.events :as events]
-   [promesa.exec :as px]
-   [promesa.exec.csp :as sp]
-   [promesa.util :as pu]
-   [ring.response :as rres])
-  (:import
-   java.io.OutputStream))
-
-(defn- write!
-  [^OutputStream output ^bytes data]
-  (l/trc :hint "writting data" :data data :length (alength data))
-  (.write output data)
-  (.flush output))
-
-(defn- encode
-  [[name data]]
-  (try
-    (let [data (with-out-str
-                 (println "event:" (d/name name))
-                 (println "data:" (t/encode-str data {:type :json-verbose}))
-                 (println))]
-      (.getBytes data "UTF-8"))
-    (catch Throwable cause
-      (l/err :hint "unexpected error on encoding value on sse stream"
-             :cause cause)
-      nil)))
-
-;; ---- PUBLIC API
-
-(def default-headers
-  {"Content-Type" "text/event-stream;charset=UTF-8"
-   "Cache-Control" "no-cache, no-store, max-age=0, must-revalidate"
-   "Pragma" "no-cache"})
-
-(defn response
-  [handler & {:keys [buf] :or {buf 32} :as opts}]
-  (fn [request]
-    {::rres/headers default-headers
-     ::rres/status 200
-     ::rres/body (reify rres/StreamableResponseBody
-                   (-write-body-to-stream [_ _ output]
-                     (binding [events/*channel* (sp/chan :buf buf :xf (keep encode))]
-                       (let [listener (events/start-listener
-                                       (partial write! output)
-                                       (partial pu/close! output))]
-                         (try
-                           (let [result (handler)]
-                             (events/tap :end result))
-                           (catch Throwable cause
-                             (l/err :hint "unexpected error on processing sse response"
-                                    :cause cause)
-                             (events/tap :error (errors/handle' cause request)))
-                           (finally
-                             (sp/close! events/*channel*)
-                             (px/await! listener)))))))}))

backend/src/app/http/websocket.clj

@@ -10,18 +10,16 @@
    [app.common.exceptions :as ex]
    [app.common.logging :as l]
    [app.common.pprint :as pp]
-   [app.common.schema :as sm]
-   [app.common.uuid :as uuid]
+   [app.common.spec :as us]
    [app.db :as db]
    [app.http.session :as session]
    [app.metrics :as mtx]
    [app.msgbus :as mbus]
    [app.util.time :as dt]
    [app.util.websocket :as ws]
+   [clojure.core.async :as a]
    [clojure.spec.alpha :as s]
    [integrant.core :as ig]
-   [promesa.exec.csp :as sp]
-   [ring.websocket :as rws]
    [yetti.websocket :as yws]))
 
 (def recv-labels
@@ -36,38 +34,70 @@
 
 (def state (atom {}))
 
+(defn- on-connect
+  [{:keys [::mtx/metrics]} wsp]
+  (let [created-at (dt/now)]
+    (swap! state assoc (::ws/id @wsp) wsp)
+    (mtx/run! metrics
+              :id :websocket-active-connections
+              :inc 1)
+    (fn []
+      (swap! state dissoc (::ws/id @wsp))
+      (mtx/run! metrics :id :websocket-active-connections :dec 1)
+      (mtx/run! metrics
+                :id :websocket-session-timing
+                :val (/ (inst-ms (dt/diff created-at (dt/now))) 1000.0)))))
+
+(defn- on-rcv-message
+  [{:keys [::mtx/metrics]} _ message]
+  (mtx/run! metrics
+            :id :websocket-messages-total
+            :labels recv-labels
+            :inc 1)
+  message)
+
+(defn- on-snd-message
+  [{:keys [::mtx/metrics]} _ message]
+  (mtx/run! metrics
+            :id :websocket-messages-total
+            :labels send-labels
+            :inc 1)
+  message)
+
 ;; REPL HELPERS
 
 (defn repl-get-connections-for-file
   [file-id]
   (->> (vals @state)
        (filter #(= file-id (-> % deref ::file-subscription :file-id)))
+       (map deref)
        (map ::ws/id)))
 
 (defn repl-get-connections-for-team
   [team-id]
   (->> (vals @state)
        (filter #(= team-id (-> % deref ::team-subscription :team-id)))
+       (map deref)
        (map ::ws/id)))
 
 (defn repl-close-connection
   [id]
-  (when-let [{:keys [::ws/close-ch] :as wsp} (get @state id)]
-    (sp/put! close-ch [8899 "closed from server"])
-    (sp/close! close-ch)))
+  (when-let [wsp (get @state id)]
+    (a/>!! (::ws/close-ch @wsp) [8899 "closed from server"])
+    (a/close! (::ws/close-ch @wsp))))
 
 (defn repl-get-connection-info
   [id]
   (when-let [wsp (get @state id)]
     {:id               id
-     :created-at       (::created-at wsp)
-     :profile-id       (::profile-id wsp)
-     :session-id       (::session-id wsp)
-     :user-agent       (::ws/user-agent wsp)
-     :ip-addr          (::ws/remote-addr wsp)
-     :last-activity-at (::ws/last-activity-at wsp)
-     :subscribed-file  (-> wsp ::file-subscription :file-id)
-     :subscribed-team  (-> wsp ::team-subscription :team-id)}))
+     :created-at       (::created-at @wsp)
+     :profile-id       (::profile-id @wsp)
+     :session-id       (::session-id @wsp)
+     :user-agent       (::ws/user-agent @wsp)
+     :ip-addr          (::ws/remote-addr @wsp)
+     :last-activity-at (::ws/last-activity-at @wsp)
+     :subscribed-file  (-> wsp deref ::file-subscription :file-id)
+     :subscribed-team  (-> wsp deref ::team-subscription :team-id)}))
 
 (defn repl-print-connection-info
   [id]
@@ -87,229 +117,232 @@
   (fn [_ _ message]
     (:type message)))
 
-(defmethod handle-message :open
-  [{:keys [::mbus/msgbus]} {:keys [::ws/id ::ws/output-ch ::ws/state ::profile-id ::session-id] :as wsp} _]
-  (l/trace :fn "handle-message" :event "open" :conn-id id)
-  (let [ch (sp/chan :buf (sp/dropping-buffer 16)
-                    :xf  (remove #(= (:session-id %) session-id)))]
+(defmethod handle-message :connect
+  [cfg wsp _]
 
-    ;; Subscribe to the profile channel and forward all messages to websocket output
-    ;; channel (send them to the client).
-    (swap! state assoc ::profile-subscription {:channel ch})
+  (let [msgbus     (::mbus/msgbus cfg)
+        conn-id    (::ws/id @wsp)
+        profile-id (::profile-id @wsp)
+        session-id (::session-id @wsp)
+        output-ch  (::ws/output-ch @wsp)
 
-    ;; Forward the subscription messages directly to the websocket output channel
-    (sp/pipe ch output-ch false)
+        xform      (remove #(= (:session-id %) session-id))
+        channel    (a/chan (a/dropping-buffer 16) xform)]
 
-    ;; Subscribe to the profile topic on msgbus/redis
-    (mbus/sub! msgbus :topic profile-id :chan ch)
+    (l/trace :fn "handle-message" :event "connect" :conn-id conn-id)
 
-    ;; Subscribe to the system topic on msgbus/redis
-    (mbus/sub! msgbus :topic (str uuid/zero) :chan ch)))
+    ;; Subscribe to the profile channel and forward all messages to
+    ;; websocket output channel (send them to the client).
+    (swap! wsp assoc ::profile-subscription channel)
+    (a/pipe channel output-ch false)
+    (mbus/sub! msgbus :topic profile-id :chan channel)))
 
-(defmethod handle-message :close
-  [{:keys [::mbus/msgbus]} {:keys [::ws/id ::ws/state ::profile-id ::session-id]} _]
-  (l/trace :fn "handle-message" :event "close" :conn-id id)
-  (let [psub (::profile-subscription @state)
-        fsub (::file-subscription @state)
-        tsub (::team-subscription @state)
-        msg  {:type :disconnect
-              :subs-id profile-id
-              :profile-id profile-id
-              :session-id session-id}]
+(defmethod handle-message :disconnect
+  [cfg wsp _]
+  (let [msgbus     (::mbus/msgbus cfg)
+        conn-id    (::ws/id @wsp)
+        profile-id (::profile-id @wsp)
+        session-id (::session-id @wsp)
+        profile-ch (::profile-subscription @wsp)
+        fsub       (::file-subscription @wsp)
+        tsub       (::team-subscription @wsp)
 
-    ;; Close profile subscription if exists
-    (when-let [ch (:channel psub)]
-      (sp/close! ch)
-      (mbus/purge! msgbus [ch]))
+        message    {:type :disconnect
+                    :subs-id profile-id
+                    :profile-id profile-id
+                    :session-id session-id}]
 
-    ;; Close team subscription if exists
-    (when-let [ch (:channel tsub)]
-      (sp/close! ch)
-      (mbus/purge! msgbus [ch]))
+    (l/trace :fn "handle-message"
+             :event :disconnect
+             :conn-id conn-id)
 
-    ;; Close file subscription if exists
-    (when-let [{:keys [topic channel]} fsub]
-      (sp/close! channel)
-      (mbus/purge! msgbus [channel])
-      (mbus/pub! msgbus :topic topic :message msg))))
+    (a/go
+      ;; Close the main profile subscription
+      (a/close! profile-ch)
+      (a/<! (mbus/purge! msgbus [profile-ch]))
+
+      ;; Close tram subscription if exists
+      (when-let [channel (:channel tsub)]
+        (a/close! channel)
+        (a/<! (mbus/purge! msgbus channel)))
+
+      (when-let [{:keys [topic channel]} fsub]
+        (a/close! channel)
+        (a/<! (mbus/purge! msgbus channel))
+        (a/<! (mbus/pub! msgbus :topic topic :message message))))))
 
 (defmethod handle-message :subscribe-team
-  [{:keys [::mbus/msgbus]} {:keys [::ws/id ::ws/state ::ws/output-ch ::session-id]} {:keys [team-id] :as params}]
-  (l/trace :fn "handle-message" :event "subscribe-team" :team-id team-id :conn-id id)
-  (let [prev-subs (get @state ::team-subscription)
-        channel   (sp/chan :buf (sp/dropping-buffer 64)
-                           :xf  (comp
-                                 (remove #(= (:session-id %) session-id))
-                                 (map #(assoc % :subs-id team-id))))]
+  [cfg wsp {:keys [team-id] :as params}]
+  (let [msgbus     (::mbus/msgbus cfg)
+        conn-id    (::ws/id @wsp)
+        session-id (::session-id @wsp)
+        output-ch  (::ws/output-ch @wsp)
+        prev-subs  (get @wsp ::team-subscription)
+        xform      (comp
+                    (remove #(= (:session-id %) session-id))
+                    (map #(assoc % :subs-id team-id)))
 
-    (sp/pipe channel output-ch false)
-    (mbus/sub! msgbus :topic team-id :chan channel)
+        channel    (a/chan (a/dropping-buffer 64) xform)]
 
-    (let [subs {:team-id team-id :channel channel :topic team-id}]
-      (swap! state assoc ::team-subscription subs))
+    (l/trace :fn "handle-message"
+             :event :subscribe-team
+             :team-id team-id
+             :conn-id conn-id)
 
-    ;; Close previous subscription if exists
-    (when-let [ch (:channel prev-subs)]
-      (sp/close! ch)
-      (mbus/purge! msgbus [ch]))))
+    (a/pipe channel output-ch false)
 
+    (let [state {:team-id team-id :channel channel :topic team-id}]
+      (swap! wsp assoc ::team-subscription state))
+
+    (a/go
+      ;; Close previous subscription if exists
+      (when-let [channel (:channel prev-subs)]
+        (a/close! channel)
+        (a/<! (mbus/purge! msgbus channel))))
+
+    (a/go
+      (a/<! (mbus/sub! msgbus :topic team-id :chan channel)))))
 
 (defmethod handle-message :subscribe-file
-  [{:keys [::mbus/msgbus]} {:keys [::ws/id ::ws/state ::ws/output-ch ::session-id ::profile-id]} {:keys [file-id] :as params}]
-  (l/trace :fn "handle-message" :event "subscribe-file" :file-id file-id :conn-id id)
-  (let [psub (::file-subscription @state)
-        fch  (sp/chan :buf (sp/dropping-buffer 64)
-                      :xf  (comp (remove #(= (:session-id %) session-id))
-                                 (map #(assoc % :subs-id file-id))))]
+  [cfg wsp {:keys [file-id] :as params}]
+  (let [msgbus     (::mbus/msgbus cfg)
+        conn-id    (::ws/id @wsp)
+        profile-id (::profile-id @wsp)
+        session-id (::session-id @wsp)
+        output-ch  (::ws/output-ch @wsp)
+        prev-subs  (::file-subscription @wsp)
+        xform      (comp (remove #(= (:session-id %) session-id))
+                         (map #(assoc % :subs-id file-id)))
+        channel    (a/chan (a/dropping-buffer 64) xform)]
 
-    (let [subs {:file-id file-id :channel fch :topic file-id}]
-      (swap! state assoc ::file-subscription subs))
+    (l/trace :fn "handle-message"
+             :event :subscribe-file
+             :file-id file-id
+             :conn-id conn-id)
 
-    ;; Close previous subscription if exists
-    (when-let [ch (:channel psub)]
-      (sp/close! ch)
-      (mbus/purge! msgbus [ch]))
+    (let [state {:file-id file-id :channel channel :topic file-id}]
+      (swap! wsp assoc ::file-subscription state))
 
-    (sp/go-loop []
-      (when-let [{:keys [type] :as message} (sp/take! fch)]
-        (sp/put! output-ch message)
-        (when (or (= :join-file type)
-                  (= :leave-file type)
-                  (= :disconnect type))
-          (let [message {:type :presence
-                         :file-id file-id
-                         :session-id session-id
-                         :profile-id profile-id}]
-            (mbus/pub! msgbus
-                       :topic file-id
-                       :message message)))
-        (recur)))
+    (a/go
+      ;; Close previous subscription if exists
+      (when-let [channel (:channel prev-subs)]
+        (a/close! channel)
+        (a/<! (mbus/purge! msgbus channel))))
 
-    ;; Subscribe to file topic
-    (mbus/sub! msgbus :topic file-id :chan fch)
+    ;; Message forwarding
+    (a/go
+      (loop []
+        (when-let [{:keys [type] :as message} (a/<! channel)]
+          (when (or (= :join-file type)
+                    (= :leave-file type)
+                    (= :disconnect type))
+            (let [message {:type :presence
+                           :file-id file-id
+                           :session-id session-id
+                           :profile-id profile-id}]
+              (a/<! (mbus/pub! msgbus :topic file-id :message message))))
+          (a/>! output-ch message)
+          (recur))))
 
-    ;; Notifify the rest of participants of the new connection.
-    (let [message {:type :join-file
-                   :file-id file-id
-                   :subs-id file-id
-                   :session-id session-id
-                   :profile-id profile-id}]
-      (mbus/pub! msgbus :topic file-id :message message))))
+    (a/go
+      ;; Subscribe to file topic
+      (a/<! (mbus/sub! msgbus :topic file-id :chan channel))
+
+      ;; Notifify the rest of participants of the new connection.
+      (let [message {:type :join-file
+                     :file-id file-id
+                     :subs-id file-id
+                     :session-id session-id
+                     :profile-id profile-id}]
+        (a/<! (mbus/pub! msgbus :topic file-id :message message))))))
 
 (defmethod handle-message :unsubscribe-file
-  [{:keys [::mbus/msgbus]} {:keys [::ws/id ::ws/state ::session-id ::profile-id]} {:keys [file-id] :as params}]
-  (l/trace :fn "handle-message" :event "unsubscribe-file" :file-id file-id :conn-id id)
+  [cfg wsp {:keys [file-id] :as params}]
+  (let [msgbus     (::mbus/msgbus cfg)
+        conn-id    (::ws/id @wsp)
+        session-id (::session-id @wsp)
+        profile-id (::profile-id @wsp)
+        subs       (::file-subscription @wsp)
 
-  (let [subs    (::file-subscription @state)
-        message {:type :leave-file
-                 :file-id file-id
-                 :session-id session-id
-                 :profile-id profile-id}]
+        message    {:type :leave-file
+                    :file-id file-id
+                    :session-id session-id
+                    :profile-id profile-id}]
 
-    (when (= (:file-id subs) file-id)
-      (mbus/pub! msgbus :topic file-id :message message)
-      (let [ch (:channel subs)]
-        (sp/close! ch)
-        (mbus/purge! msgbus [ch])))))
+    (l/trace :fn "handle-message"
+             :event :unsubscribe-file
+             :file-id file-id
+             :conn-id conn-id)
+
+    (a/go
+      (when (= (:file-id subs) file-id)
+        (let [channel (:channel subs)]
+          (a/close! channel)
+          (a/<! (mbus/purge! msgbus channel))
+          (a/<! (mbus/pub! msgbus :topic file-id :message message)))))))
 
 (defmethod handle-message :keepalive
   [_ _ _]
-  (l/trace :fn "handle-message" :event :keepalive))
-
-(defmethod handle-message :broadcast
-  [{:keys [::mbus/msgbus]} {:keys [::ws/id ::session-id ::profile-id]} message]
-  (l/trace :fn "handle-message" :event "broadcast" :conn-id id)
-  (let [message (-> message
-                    (assoc :subs-id profile-id)
-                    (assoc :profile-id profile-id)
-                    (assoc :session-id session-id))]
-    (mbus/pub! msgbus :topic profile-id :message message)))
+  (l/trace :fn "handle-message" :event :keepalive)
+  (a/go :nothing))
 
 (defmethod handle-message :pointer-update
-  [{:keys [::mbus/msgbus]} {:keys [::ws/state ::session-id ::profile-id]} {:keys [file-id] :as message}]
-  (when (::file-subscription @state)
-    (let [message (-> message
-                      (assoc :subs-id file-id)
-                      (assoc :profile-id profile-id)
-                      (assoc :session-id session-id))]
-      (mbus/pub! msgbus :topic file-id :message message))))
+  [cfg wsp {:keys [file-id] :as message}]
+  (let [msgbus     (::mbus/msgbus cfg)
+        profile-id (::profile-id @wsp)
+        session-id (::session-id @wsp)
+        subs       (::file-subscription @wsp)
+        message    (-> message
+                       (assoc :subs-id file-id)
+                       (assoc :profile-id profile-id)
+                       (assoc :session-id session-id))]
+    (a/go
+      ;; Only allow receive pointer updates when active subscription
+      (when subs
+        (a/<! (mbus/pub! msgbus :topic file-id :message message))))))
 
 (defmethod handle-message :default
-  [_ {:keys [::ws/id]} message]
-  (l/warn :hint "received unexpected message"
-          :message message
-          :conn-id id))
+  [_ wsp message]
+  (let [conn-id (::ws/id @wsp)]
+    (l/warn :hint "received unexpected message"
+            :message message
+            :conn-id conn-id)
+    (a/go :none)))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; HTTP HANDLER
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
-(defn- on-connect
-  [{:keys [::mtx/metrics]} {:keys [::ws/id] :as wsp}]
-  (let [created-at (dt/now)]
-    (l/trace :fn "on-connect" :conn-id id)
-    (swap! state assoc id wsp)
-    (mtx/run! metrics
-              :id :websocket-active-connections
-              :inc 1)
-
-    (assoc wsp ::ws/on-disconnect
-           (fn []
-             (l/trace :fn "on-disconnect" :conn-id id)
-             (swap! state dissoc id)
-             (mtx/run! metrics :id :websocket-active-connections :dec 1)
-             (mtx/run! metrics
-                       :id :websocket-session-timing
-                       :val (/ (inst-ms (dt/diff created-at (dt/now))) 1000.0))))))
-
-(defn- on-rcv-message
-  [{:keys [::mtx/metrics ::profile-id ::session-id]} message]
-  (mtx/run! metrics
-            :id :websocket-messages-total
-            :labels recv-labels
-            :inc 1)
-  (assoc message :profile-id profile-id :session-id session-id))
-
-(defn- on-snd-message
-  [{:keys [::mtx/metrics]} message]
-  (mtx/run! metrics
-            :id :websocket-messages-total
-            :labels send-labels
-            :inc 1)
-  message)
-
-(def ^:private schema:params
-  (sm/define
-    [:map {:title "params"}
-     [:session-id ::sm/uuid]]))
+(s/def ::session-id ::us/uuid)
+(s/def ::handler-params
+  (s/keys :req-un [::session-id]))
 
 (defn- http-handler
-  [cfg {:keys [params ::session/profile-id] :as request}]
-  (let [{:keys [session-id]} (sm/conform! schema:params params)]
+  [cfg {:keys [params ::session/profile-id] :as request} respond raise]
+  (let [{:keys [session-id]} (us/conform ::handler-params params)]
     (cond
       (not profile-id)
-      (ex/raise :type :authentication
-                :hint "Authentication required.")
+      (raise (ex/error :type :authentication
+                       :hint "Authentication required."))
 
-      ;; WORKAROUND: we use the adapter specific predicate for
-      ;; performance reasons; for now, the ring default impl for
-      ;; `upgrade-request?` parses all requests headers before perform
-      ;; any checking.
       (not (yws/upgrade-request? request))
-      (ex/raise :type :validation
-                :code :websocket-request-expected
-                :hint "this endpoint only accepts websocket connections")
+      (raise (ex/error :type :validation
+                       :code :websocket-request-expected
+                       :hint "this endpoint only accepts websocket connections"))
 
       :else
       (do
         (l/trace :hint "websocket request" :profile-id profile-id :session-id session-id)
-        {::rws/listener (ws/listener request
-                                     ::ws/on-rcv-message (partial on-rcv-message cfg)
-                                     ::ws/on-snd-message (partial on-snd-message cfg)
-                                     ::ws/on-connect (partial on-connect cfg)
-                                     ::ws/handler (partial handle-message cfg)
-                                     ::profile-id profile-id
-                                     ::session-id session-id)}))))
+
+        (->> (ws/handler
+              ::ws/on-rcv-message (partial on-rcv-message cfg)
+              ::ws/on-snd-message (partial on-snd-message cfg)
+              ::ws/on-connect (partial on-connect cfg)
+              ::ws/handler (partial handle-message cfg)
+              ::profile-id profile-id
+              ::session-id session-id)
+             (yws/upgrade request)
+             (respond))))))
 
 (defmethod ig/pre-init-spec ::routes [_]
   (s/keys :req [::mbus/msgbus
@@ -322,4 +355,5 @@
 (defmethod ig/init-key ::routes
   [_ cfg]
   ["/ws/notifications" {:middleware [[session/authz cfg]]
-                        :handler (partial http-handler cfg)}])
+                        :handler (partial http-handler cfg)
+                        :allowed-methods #{:get}}])

backend/src/app/loggers/audit.clj

@@ -9,25 +9,28 @@
   (:require
    [app.common.data :as d]
    [app.common.data.macros :as dm]
+   [app.common.exceptions :as ex]
    [app.common.logging :as l]
    [app.common.spec :as us]
+   [app.common.transit :as t]
    [app.common.uuid :as uuid]
    [app.config :as cf]
    [app.db :as db]
-   [app.http :as-alias http]
-   [app.http.access-token :as-alias actoken]
+   [app.http.client :as http]
    [app.loggers.audit.tasks :as-alias tasks]
    [app.loggers.webhooks :as-alias webhooks]
+   [app.main :as-alias main]
    [app.rpc :as-alias rpc]
-   [app.rpc.retry :as rtry]
-   [app.setup :as-alias setup]
-   [app.util.services :as-alias sv]
+   [app.tokens :as tokens]
+   [app.util.retry :as rtry]
    [app.util.time :as dt]
    [app.worker :as wrk]
    [clojure.spec.alpha :as s]
    [cuerdas.core :as str]
    [integrant.core :as ig]
-   [ring.request :as rreq]))
+   [lambdaisland.uri :as u]
+   [promesa.exec :as px]
+   [yetti.request :as yrq]))
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; HELPERS
@@ -35,9 +38,9 @@
 
 (defn parse-client-ip
   [request]
-  (or (some-> (rreq/get-header request "x-forwarded-for") (str/split ",") first)
-      (rreq/get-header request "x-real-ip")
-      (some-> (rreq/remote-addr request) str)))
+  (or (some-> (yrq/get-header request "x-forwarded-for") (str/split ",") first)
+      (yrq/get-header request "x-real-ip")
+      (some-> (yrq/remote-addr request) str)))
 
 (defn extract-utm-params
   "Extracts additional data from params and namespace them under
@@ -53,7 +56,8 @@
                 (assoc (->> sk str/kebab (keyword "penpot")) v))))]
     (reduce-kv process-param {} params)))
 
-(def profile-props
+(def ^:private
+  profile-props
   [:id
    :is-active
    :is-muted
@@ -86,25 +90,8 @@
          (remove #(contains? reserved-props (key %))))
         props))
 
-(defn params->context
-  "Extract default context properties from RPC params object"
-  [params]
-  (d/without-nils
-   {:external-session-id (::rpc/external-session-id params)
-    :event-origin (::rpc/external-event-origin params)
-    :triggered-by (::rpc/handler-name params)}))
-
 ;; --- SPECS
 
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; COLLECTOR
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-;; Defines a service that collects the audit/activity log using
-;; internal database. Later this audit log can be transferred to
-;; an external storage and data cleared.
-
 (s/def ::profile-id ::us/uuid)
 (s/def ::name ::us/string)
 (s/def ::type ::us/string)
@@ -117,13 +104,20 @@
   (s/or :fn fn? :str string? :kw keyword?))
 
 (s/def ::event
-  (s/keys :req [::type ::name ::profile-id]
-          :opt [::ip-addr
-                ::props
-                ::webhooks/event?
+  (s/keys :req-un [::type ::name ::profile-id]
+          :opt-un [::ip-addr ::props]
+          :opt [::webhooks/event?
                 ::webhooks/batch-timeout
                 ::webhooks/batch-key]))
 
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; COLLECTOR
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+;; Defines a service that collects the audit/activity log using
+;; internal database. Later this audit log can be transferred to
+;; an external storage and data cleared.
+
 (s/def ::collector
   (s/keys :req [::wrk/executor ::db/pool]))
 
@@ -134,104 +128,36 @@
   [_ {:keys [::db/pool] :as cfg}]
   (cond
     (db/read-only? pool)
-    (l/warn :hint "audit disabled (db is read-only)")
+    (l/warn :hint "audit: disabled (db is read-only)")
 
     :else
     cfg))
 
-(defn prepare-event
-  [cfg mdata params result]
-  (let [resultm    (meta result)
-        request    (-> params meta ::http/request)
-        profile-id (or (::profile-id resultm)
-                       (:profile-id result)
-                       (::rpc/profile-id params)
-                       uuid/zero)
-
-        session-id   (get params ::rpc/external-session-id)
-        event-origin (get params ::rpc/external-event-origin)
-        props        (-> (or (::replace-props resultm)
-                             (-> params
-                                 (merge (::props resultm))
-                                 (dissoc :profile-id)
-                                 (dissoc :type)))
-
-                         (clean-props))
-
-        token-id  (::actoken/id request)
-        context   (-> (::context resultm)
-                      (assoc :external-session-id session-id)
-                      (assoc :external-event-origin event-origin)
-                      (assoc :access-token-id (some-> token-id str))
-                      (d/without-nils))]
-
-    {::type (or (::type resultm)
-                (::rpc/type cfg))
-     ::name (or (::name resultm)
-                (::sv/name mdata))
-     ::profile-id profile-id
-     ::ip-addr (some-> request parse-client-ip)
-     ::props props
-     ::context context
-
-     ;; NOTE: for batch-key lookup we need the params as-is
-     ;; because the rpc api does not need to know the
-     ;; audit/webhook specific object layout.
-     ::rpc/params params
-
-     ::webhooks/batch-key
-     (or (::webhooks/batch-key mdata)
-         (::webhooks/batch-key resultm))
-
-     ::webhooks/batch-timeout
-     (or (::webhooks/batch-timeout mdata)
-         (::webhooks/batch-timeout resultm))
-
-     ::webhooks/event?
-     (or (::webhooks/event? mdata)
-         (::webhooks/event? resultm)
-         false)}))
-
 (defn- handle-event!
-  [cfg event]
+  [conn-or-pool event]
+  (us/verify! ::event event)
   (let [params {:id (uuid/next)
-                :name (::name event)
-                :type (::type event)
-                :profile-id (::profile-id event)
-                :ip-addr (::ip-addr event)
-                :context (::context event)
-                :props (::props event)}
-        tnow   (dt/now)]
+                :name (:name event)
+                :type (:type event)
+                :profile-id (:profile-id event)
+                :ip-addr (:ip-addr event)
+                :props (:props event)}]
 
     (when (contains? cf/flags :audit-log)
       ;; NOTE: this operation may cause primary key conflicts on inserts
       ;; because of the timestamp precission (two concurrent requests), in
       ;; this case we just retry the operation.
-      (let [params (-> params
-                       (assoc :created-at tnow)
-                       (assoc :tracked-at tnow)
-                       (update :props db/tjson)
-                       (update :context db/tjson)
-                       (update :ip-addr db/inet)
-                       (assoc :source "backend"))]
-        (db/insert! cfg :audit-log params)))
-
-    (when (and (or (contains? cf/flags :telemetry)
-                   (cf/get :telemetry-enabled))
-               (not (contains? cf/flags :audit-log)))
-      ;; NOTE: this operation may cause primary key conflicts on inserts
-      ;; because of the timestamp precission (two concurrent requests), in
-      ;; this case we just retry the operation.
-      ;;
-      ;; NOTE: this is only executed when general audit log is disabled
-      (let [params (-> params
-                       (assoc :created-at tnow)
-                       (assoc :tracked-at tnow)
-                       (assoc :props (db/tjson {}))
-                       (assoc :context (db/tjson {}))
-                       (assoc :ip-addr (db/inet "0.0.0.0"))
-                       (assoc :source "backend"))]
-        (db/insert! cfg :audit-log params)))
+      (rtry/with-retry {::rtry/when rtry/conflict-exception?
+                        ::rtry/max-retries 6
+                        ::rtry/label "persist-audit-log"}
+        (let [now (dt/now)]
+          (db/insert! conn-or-pool :audit-log
+                      (-> params
+                          (update :props db/tjson)
+                          (update :ip-addr db/inet)
+                          (assoc :created-at now)
+                          (assoc :tracked-at now)
+                          (assoc :source "backend"))))))
 
     (when (and (contains? cf/flags :webhooks)
                (::webhooks/event? event))
@@ -244,28 +170,162 @@
                             :else               label)
             dedupe?       (boolean (and batch-key batch-timeout))]
 
-        (wrk/submit! (-> cfg
-                         (assoc ::wrk/task :process-webhook-event)
-                         (assoc ::wrk/queue :webhooks)
-                         (assoc ::wrk/max-retries 0)
-                         (assoc ::wrk/delay (or batch-timeout 0))
-                         (assoc ::wrk/dedupe dedupe?)
-                         (assoc ::wrk/label label)
-                         (assoc ::wrk/params (-> params
-                                                 (dissoc :ip-addr)
-                                                 (dissoc :type)))))))
+        (wrk/submit! ::wrk/conn conn-or-pool
+                     ::wrk/task :process-webhook-event
+                     ::wrk/queue :webhooks
+                     ::wrk/max-retries 0
+                     ::wrk/delay (or batch-timeout 0)
+                     ::wrk/dedupe dedupe?
+                     ::wrk/label label
+
+                     ::webhooks/event
+                     (-> params
+                         (dissoc :ip-addr)
+                         (dissoc :type)))))
     params))
 
 (defn submit!
   "Submit audit event to the collector."
-  [cfg params]
-  (try
-    (let [event (d/without-nils params)
-          cfg   (-> cfg
-                    (assoc ::rtry/when rtry/conflict-exception?)
-                    (assoc ::rtry/max-retries 6)
-                    (assoc ::rtry/label "persist-audit-log"))]
-      (us/verify! ::event event)
-      (rtry/invoke! cfg db/tx-run! handle-event! event))
-    (catch Throwable cause
-      (l/error :hint "unexpected error processing event" :cause cause))))
+  [{:keys [::wrk/executor] :as cfg} params]
+  (let [conn (or (::db/conn cfg) (::db/pool cfg))]
+    (us/assert! ::wrk/executor executor)
+    (us/assert! ::db/pool-or-conn conn)
+    (try
+      (handle-event! conn (d/without-nils params))
+      (catch Throwable cause
+        (l/error :hint "audit: unexpected error processing event" :cause cause)))))
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; TASK: ARCHIVE
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+;; This is a task responsible to send the accumulated events to
+;; external service for archival.
+
+(declare archive-events)
+
+(s/def ::tasks/uri ::us/string)
+
+(defmethod ig/pre-init-spec ::tasks/archive-task [_]
+  (s/keys :req [::db/pool ::main/props ::http/client]))
+
+(defmethod ig/init-key ::tasks/archive
+  [_ cfg]
+  (fn [params]
+    ;; NOTE: this let allows overwrite default configured values from
+    ;; the repl, when manually invoking the task.
+    (let [enabled (or (contains? cf/flags :audit-log-archive)
+                      (:enabled params false))
+          uri     (cf/get :audit-log-archive-uri)
+          uri     (or uri (:uri params))
+          cfg     (assoc cfg ::uri uri)]
+
+      (when (and enabled (not uri))
+        (ex/raise :type :internal
+                  :code :task-not-configured
+                  :hint "archive task not configured, missing uri"))
+
+      (when enabled
+        (loop [total 0]
+          (let [n (archive-events cfg)]
+            (if n
+              (do
+                (px/sleep 100)
+                (recur (+ total n)))
+              (when (pos? total)
+                (l/debug :hint "events archived" :total total)))))))))
+
+(def ^:private sql:retrieve-batch-of-audit-log
+  "select *
+     from audit_log
+    where archived_at is null
+    order by created_at asc
+    limit 128
+      for update skip locked;")
+
+(defn archive-events
+  [{:keys [::db/pool ::uri] :as cfg}]
+  (letfn [(decode-row [{:keys [props ip-addr context] :as row}]
+            (cond-> row
+              (db/pgobject? props)
+              (assoc :props (db/decode-transit-pgobject props))
+
+              (db/pgobject? context)
+              (assoc :context (db/decode-transit-pgobject context))
+
+              (db/pgobject? ip-addr "inet")
+              (assoc :ip-addr (db/decode-inet ip-addr))))
+
+          (row->event [row]
+            (select-keys row [:type
+                              :name
+                              :source
+                              :created-at
+                              :tracked-at
+                              :profile-id
+                              :ip-addr
+                              :props
+                              :context]))
+
+          (send [events]
+            (let [token   (tokens/generate (::main/props cfg)
+                                           {:iss "authentication"
+                                            :iat (dt/now)
+                                            :uid uuid/zero})
+                  body    (t/encode {:events events})
+                  headers {"content-type" "application/transit+json"
+                           "origin" (cf/get :public-uri)
+                           "cookie" (u/map->query-string {:auth-token token})}
+                  params  {:uri uri
+                           :timeout 6000
+                           :method :post
+                           :headers headers
+                           :body body}
+                  resp    (http/req! cfg params {:sync? true})]
+              (if (= (:status resp) 204)
+                true
+                (do
+                  (l/error :hint "unable to archive events"
+                           :resp-status (:status resp)
+                           :resp-body (:body resp))
+                  false))))
+
+          (mark-as-archived [conn rows]
+            (db/exec-one! conn ["update audit_log set archived_at=now() where id = ANY(?)"
+                                (->> (map :id rows)
+                                     (into-array java.util.UUID)
+                                     (db/create-array conn "uuid"))]))]
+
+    (db/with-atomic [conn pool]
+      (let [rows   (db/exec! conn [sql:retrieve-batch-of-audit-log])
+            xform  (comp (map decode-row)
+                         (map row->event))
+            events (into [] xform rows)]
+        (when-not (empty? events)
+          (l/trace :hint "archive events chunk" :uri uri :events (count events))
+          (when (send events)
+            (mark-as-archived conn rows)
+            (count events)))))))
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; GC Task
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+(def ^:private sql:clean-archived
+  "delete from audit_log
+    where archived_at is not null")
+
+(defn- clean-archived
+  [{:keys [::db/pool]}]
+  (let [result (db/exec-one! pool [sql:clean-archived])
+        result (:next.jdbc/update-count result)]
+    (l/debug :hint "delete archived audit log entries" :deleted result)
+    result))
+
+(defmethod ig/pre-init-spec ::tasks/gc [_]
+  (s/keys :req [::db/pool]))
+
+(defmethod ig/init-key ::tasks/gc
+  [_ cfg]
+  (fn [_]
+    (clean-archived cfg)))

backend/src/app/loggers/audit/archive_task.clj

@@ -1,140 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.loggers.audit.archive-task
-  (:require
-   [app.common.exceptions :as ex]
-   [app.common.logging :as l]
-   [app.common.transit :as t]
-   [app.common.uuid :as uuid]
-   [app.config :as cf]
-   [app.db :as db]
-   [app.http.client :as http]
-   [app.setup :as-alias setup]
-   [app.tokens :as tokens]
-   [app.util.time :as dt]
-   [clojure.spec.alpha :as s]
-   [integrant.core :as ig]
-   [lambdaisland.uri :as u]
-   [promesa.exec :as px]))
-
-;; This is a task responsible to send the accumulated events to
-;; external service for archival.
-
-(defn- decode-row
-  [{:keys [props ip-addr context] :as row}]
-  (cond-> row
-    (db/pgobject? props)
-    (assoc :props (db/decode-transit-pgobject props))
-
-    (db/pgobject? context)
-    (assoc :context (db/decode-transit-pgobject context))
-
-    (db/pgobject? ip-addr "inet")
-    (assoc :ip-addr (db/decode-inet ip-addr))))
-
-(def ^:private event-keys
-  [:type
-   :name
-   :source
-   :created-at
-   :tracked-at
-   :profile-id
-   :ip-addr
-   :props
-   :context])
-
-(defn- row->event
-  [row]
-  (select-keys row event-keys))
-
-(defn- send!
-  [{:keys [::uri] :as cfg} events]
-  (let [token   (tokens/generate (::setup/props cfg)
-                                 {:iss "authentication"
-                                  :iat (dt/now)
-                                  :uid uuid/zero})
-        body    (t/encode {:events events})
-        headers {"content-type" "application/transit+json"
-                 "origin" (cf/get :public-uri)
-                 "cookie" (u/map->query-string {:auth-token token})}
-        params  {:uri uri
-                 :timeout 12000
-                 :method :post
-                 :headers headers
-                 :body body}
-        resp    (http/req! cfg params)]
-    (if (= (:status resp) 204)
-      true
-      (do
-        (l/error :hint "unable to archive events"
-                 :resp-status (:status resp)
-                 :resp-body (:body resp))
-        false))))
-
-(defn- mark-archived!
-  [{:keys [::db/conn]} rows]
-  (let [ids (db/create-array conn "uuid" (map :id rows))]
-    (db/exec-one! conn ["update audit_log set archived_at=now() where id = ANY(?)" ids])))
-
-(def ^:private xf:create-event
-  (comp (map decode-row)
-        (map row->event)))
-
-(def ^:private sql:get-audit-log-chunk
-  "SELECT *
-     FROM audit_log
-    WHERE archived_at is null
-    ORDER BY created_at ASC
-    LIMIT 128
-      FOR UPDATE
-     SKIP LOCKED")
-
-(defn- get-event-rows
-  [{:keys [::db/conn] :as cfg}]
-  (->> (db/exec! conn [sql:get-audit-log-chunk])
-       (not-empty)))
-
-(defn- archive-events!
-  [{:keys [::uri] :as cfg}]
-  (db/tx-run! cfg (fn [cfg]
-                    (when-let [rows (get-event-rows cfg)]
-                      (let [events (into [] xf:create-event rows)]
-                        (l/trc :hint "archive events chunk" :uri uri :events (count events))
-                        (when (send! cfg events)
-                          (mark-archived! cfg rows)
-                          (count events)))))))
-
-(defmethod ig/pre-init-spec ::handler [_]
-  (s/keys :req [::db/pool ::setup/props ::http/client]))
-
-(defmethod ig/init-key ::handler
-  [_ cfg]
-  (fn [params]
-    ;; NOTE: this let allows overwrite default configured values from
-    ;; the repl, when manually invoking the task.
-    (let [enabled (or (contains? cf/flags :audit-log-archive)
-                      (:enabled params false))
-
-          uri     (cf/get :audit-log-archive-uri)
-          uri     (or uri (:uri params))
-          cfg     (assoc cfg ::uri uri)]
-
-      (when (and enabled (not uri))
-        (ex/raise :type :internal
-                  :code :task-not-configured
-                  :hint "archive task not configured, missing uri"))
-
-      (when enabled
-        (loop [total 0]
-          (if-let [n (archive-events! cfg)]
-            (do
-              (px/sleep 100)
-              (recur (+ total ^long n)))
-
-            (when (pos? total)
-              (l/dbg :hint "events archived" :total total))))))))
-

backend/src/app/loggers/audit/gc_task.clj

@@ -1,31 +0,0 @@
-;; This Source Code Form is subject to the terms of the Mozilla Public
-;; License, v. 2.0. If a copy of the MPL was not distributed with this
-;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
-;;
-;; Copyright (c) KALEIDOS INC
-
-(ns app.loggers.audit.gc-task
-  (:require
-   [app.common.logging :as l]
-   [app.db :as db]
-   [clojure.spec.alpha :as s]
-   [integrant.core :as ig]))
-
-(def ^:private sql:clean-archived
-  "DELETE FROM audit_log
-    WHERE archived_at IS NOT NULL")
-
-(defn- clean-archived!
-  [{:keys [::db/pool]}]
-  (let [result (db/exec-one! pool [sql:clean-archived])
-        result (db/get-update-count result)]
-    (l/debug :hint "delete archived audit log entries" :deleted result)
-    result))
-
-(defmethod ig/pre-init-spec ::handler [_]
-  (s/keys :req [::db/pool]))
-
-(defmethod ig/init-key ::handler
-  [_ cfg]
-  (fn [_]
-    (clean-archived! cfg)))

backend/src/app/loggers/database.clj

@@ -11,7 +11,6 @@
    [app.common.exceptions :as ex]
    [app.common.logging :as l]
    [app.common.pprint :as pp]
-   [app.common.schema :as sm]
    [app.common.spec :as us]
    [app.config :as cf]
    [app.db :as db]
@@ -33,51 +32,35 @@
   (when-not (db/read-only? pool)
     (db/insert! pool :server-error-report
                 {:id id
-                 :version 3
+                 :version 2
                  :content (db/tjson report)})))
 
 (defn record->report
   [{:keys [::l/context ::l/message ::l/props ::l/logger ::l/level ::l/cause] :as record}]
   (us/assert! ::l/record record)
-  (if (or (instance? java.util.concurrent.CompletionException cause)
-          (instance? java.util.concurrent.ExecutionException cause))
-    (-> record
-        (assoc ::trace (ex/format-throwable cause :data? false :explain? false :header? false :summary? false))
-        (assoc ::l/cause (ex-cause cause))
-        (record->report))
 
-    (let [data (ex-data cause)
-          ctx  (-> context
-                   (assoc :tenant (cf/get :tenant))
-                   (assoc :host (cf/get :host))
-                   (assoc :public-uri (cf/get :public-uri))
-                   (assoc :logger/name logger)
-                   (assoc :logger/level level)
-                   (dissoc :request/params :value :params :data))]
-      (merge
-       {:context (-> (into (sorted-map) ctx)
-                     (pp/pprint-str :length 50))
-        :props   (pp/pprint-str props :length 50)
-        :hint    (or (ex-message cause) @message)
-        :trace   (or (::trace record)
-                     (ex/format-throwable cause :data? false :explain? false :header? false :summary? false))}
+  (merge
+   {:context (-> context
+                 (assoc :tenant (cf/get :tenant))
+                 (assoc :host (cf/get :host))
+                 (assoc :public-uri (cf/get :public-uri))
+                 (assoc :version (:full cf/version))
+                 (assoc :logger-name logger)
+                 (assoc :logger-level level)
+                 (dissoc :params)
+                 (pp/pprint-str :width 200))
+    :params  (some-> (:params context)
+                     (pp/pprint-str :width 200))
+    :props   (pp/pprint-str props :width 200)
+    :hint    (or (ex-message cause) @message)
+    :trace   (ex/format-throwable cause :data? false :explain? false :header? false :summary? false)}
 
-       (when-let [params (or (:request/params context) (:params context))]
-         {:params (pp/pprint-str params :length 30 :level 12)})
-
-       (when-let [value (:value context)]
-         {:value (pp/pprint-str value :length 30 :level 12)})
-
-       (when-let [data (some-> data (dissoc ::s/problems ::s/value ::s/spec ::sm/explain :hint))]
-         {:data (pp/pprint-str data :length 30 :level 12)})
-
-       (when-let [explain (ex/explain data :length 30 :level 12)]
-         {:explain explain})))))
-
-(defn error-record?
-  [{:keys [::l/level ::l/cause]}]
-  (and (= :error level)
-       (ex/exception? cause)))
+   (when-let [data (ex-data cause)]
+     {:spec-value    (some-> (::s/value data) (pp/pprint-str :width 200))
+      :spec-explain  (ex/explain data)
+      :data          (-> data
+                         (dissoc ::s/problems ::s/value ::s/spec :hint)
+                         (pp/pprint-str :width 200))})))
 
 (defn- handle-event
   [{:keys [::db/pool]} {:keys [::l/id] :as record}]
@@ -91,16 +74,20 @@
     (catch Throwable cause
       (l/warn :hint "unexpected exception on database error logger" :cause cause))))
 
+(defn error-record?
+  [{:keys [::l/level ::l/cause]}]
+  (and (= :error level)
+       (ex/exception? cause)))
+
 (defmethod ig/pre-init-spec ::reporter [_]
   (s/keys :req [::db/pool]))
 
 (defmethod ig/init-key ::reporter
   [_ cfg]
-  (let [input (sp/chan :buf (sp/sliding-buffer 64)
-                       :xf  (filter error-record?))]
+  (let [input (sp/chan (sp/sliding-buffer 32) (filter error-record?))]
     (add-watch l/log-record ::reporter #(sp/put! input %4))
-
-    (px/thread {:name "penpot/database-reporter"}
+    (px/thread
+      {:name "penpot/database-reporter" :virtual true}
       (l/info :hint "initializing database error persistence")
       (try
         (loop []

backend/src/app/loggers/mattermost.clj

@@ -19,24 +19,19 @@
    [promesa.exec :as px]
    [promesa.exec.csp :as sp]))
 
-(defonce enabled (atom true))
+(defonce enabled (atom false))
 
 (defn- send-mattermost-notification!
   [cfg {:keys [id public-uri] :as report}]
-
-
   (let [text (str "Exception: " public-uri "/dbg/error/" id " "
                   (when-let [pid (:profile-id report)]
                     (str "(pid: #uuid-" pid ")"))
                   "\n"
-                  "- host: #" (:host report) "\n"
-                  "- tenant: #" (:tenant report) "\n"
-                  "- logger: #" (:logger report) "\n"
-                  "- request-path: `" (:request-path report) "`\n"
-                  "- frontend-version: `" (:frontend-version report) "`\n"
-                  "- backend-version: `" (:backend-version report) "`\n"
-                  "\n"
                   "```\n"
+                  "- host: `" (:host report) "`\n"
+                  "- tenant: `" (:tenant report) "`\n"
+                  "- version: `" (:version report) "`\n"
+                  "\n"
                   "Trace:\n"
                   (:trace report)
                   "```")
@@ -55,16 +50,13 @@
 (defn record->report
   [{:keys [::l/context ::l/id ::l/cause] :as record}]
   (us/assert! ::l/record record)
-  {:id               id
-   :tenant           (cf/get :tenant)
-   :host             (cf/get :host)
-   :public-uri       (cf/get :public-uri)
-   :backend-version  (or (:version/backend context) (:full cf/version))
-   :frontend-version (:version/frontend context)
-   :profile-id       (:request/profile-id context)
-   :request-path     (:request/path context)
-   :logger           (::l/logger record)
-   :trace            (ex/format-throwable cause :detail? false :header? false)})
+  {:id         id
+   :tenant     (cf/get :tenant)
+   :host       (cf/get :host)
+   :public-uri (cf/get :public-uri)
+   :version    (:full cf/version)
+   :profile-id (:profile-id context)
+   :trace      (ex/format-throwable cause :detail? false :header? false)})
 
 (defn handle-event
   [cfg record]
@@ -85,8 +77,7 @@
       {:name "penpot/mattermost-reporter"
        :virtual true}
       (l/info :hint "initializing error reporter" :uri uri)
-      (let [input (sp/chan :buf (sp/sliding-buffer 128)
-                           :xf (filter ldb/error-record?))]
+      (let [input (sp/chan (sp/sliding-buffer 128) (filter ldb/error-record?))]
         (add-watch l/log-record ::reporter #(sp/put! input %4))
         (try
           (loop []

backend/src/app/loggers/webhooks.clj

@@ -15,9 +15,9 @@
    [app.config :as cf]
    [app.db :as db]
    [app.http.client :as http]
+   [app.util.json :as json]
    [app.util.time :as dt]
    [app.worker :as wrk]
-   [clojure.data.json :as json]
    [clojure.spec.alpha :as s]
    [cuerdas.core :as str]
    [integrant.core :as ig]))
@@ -64,31 +64,35 @@
   (s/keys :req [::db/pool]))
 
 (defmethod ig/init-key ::process-event-handler
-  [_ cfg]
+  [_ {:keys [::db/pool] :as cfg}]
   (fn [{:keys [props] :as task}]
-    (let [event (:event props)]
-      (l/dbg :hint "process webhook event" :name (:name event))
+    (let [event (::event props)]
+
+      (l/debug :hint "process webhook event"
+               :name (:name event))
 
       (when-let [items (lookup-webhooks cfg event)]
-        (l/trc :hint "webhooks found for event" :total (count items))
+        (l/trace :hint "webhooks found for event" :total (count items))
 
-        (db/tx-run! cfg (fn [cfg]
-                          (doseq [item items]
-                            (wrk/submit! (-> cfg
-                                             (assoc ::wrk/task :run-webhook)
-                                             (assoc ::wrk/queue :webhooks)
-                                             (assoc ::wrk/max-retries 3)
-                                             (assoc ::wrk/params {:event event
-                                                                  :config item}))))))))))
+        (db/with-atomic [conn pool]
+          (doseq [item items]
+            (wrk/submit! ::wrk/conn conn
+                         ::wrk/task :run-webhook
+                         ::wrk/queue :webhooks
+                         ::wrk/max-retries 3
+                         ::event event
+                         ::config item)))))))
 
 ;; --- RUN
 
 (declare interpret-exception)
 (declare interpret-response)
 
-(def json-write-opts
-  {:key-fn str/camel
-   :indent true})
+(def ^:private json-mapper
+  (json/mapper
+   {:encode-key-fn str/camel
+    :decode-key-fn (comp keyword str/kebab)
+    :pretty true}))
 
 (defmethod ig/pre-init-spec ::run-webhook-handler [_]
   (s/keys :req [::http/client ::db/pool]))
@@ -107,11 +111,9 @@
                               " where id=?")
                          err
                          (:id whook)]
-                    res (db/exec-one! pool sql {::db/return-keys true})]
+                    res (db/exec-one! pool sql {::db/return-keys? true})]
                 (when (>= (:error-count res) max-errors)
-                  (db/update! pool :webhook
-                              {:is-active false}
-                              {:id (:id whook)})))
+                  (db/update! pool :webhook {:is-active false} {:id (:id whook)})))
 
               (db/update! pool :webhook
                           {:updated-at (dt/now)
@@ -128,19 +130,19 @@
                          :rsp-data (db/tjson rsp)}))]
 
     (fn [{:keys [props] :as task}]
-      (let [event (:event props)
-            whook (:config props)
+      (let [event (::event props)
+            whook (::config props)
 
             body  (case (:mtype whook)
-                    "application/json" (json/write-str event json-write-opts)
+                    "application/json" (json/encode-str event json-mapper)
                     "application/transit+json" (t/encode-str event)
                     "application/x-www-form-urlencoded" (uri/map->query-string event))]
 
-        (l/dbg :hint "run webhook"
-               :event-name (:name event)
-               :webhook-id (:id whook)
-               :webhook-uri (:uri whook)
-               :webhook-mtype (:mtype whook))
+        (l/debug :hint "run webhook"
+                 :event-name (:name event)
+                 :webhook-id (:id whook)
+                 :webhook-uri (:uri whook)
+                 :webhook-mtype (:mtype whook))
 
         (let [req {:uri (:uri whook)
                    :headers {"content-type" (:mtype whook)
@@ -158,8 +160,8 @@
                 (report-delivery! whook req nil err)
                 (update-webhook! whook err)
                 (when (= err "unknown")
-                  (l/err :hint "unknown error on webhook request"
-                         :cause cause))))))))))
+                  (l/error :hint "unknown error on webhook request"
+                           :cause cause))))))))))
 
 (defn interpret-response
   [{:keys [status] :as response}]
@@ -180,4 +182,5 @@
     "invalid-uri"
 
     (instance? java.net.http.HttpConnectTimeoutException cause)
-    "timeout"))
+    "timeout"
+    ))

backend/src/app/main.clj

@@ -14,6 +14,7 @@
    [app.db :as-alias db]
    [app.email :as-alias email]
    [app.http :as-alias http]
+   [app.http.access-token :as-alias actoken]
    [app.http.assets :as-alias http.assets]
    [app.http.awsns :as http.awsns]
    [app.http.client :as-alias http.client]
@@ -21,31 +22,22 @@
    [app.http.session :as-alias session]
    [app.http.session.tasks :as-alias session.tasks]
    [app.http.websocket :as http.ws]
+   [app.loggers.audit.tasks :as-alias audit.tasks]
    [app.loggers.webhooks :as-alias webhooks]
    [app.metrics :as-alias mtx]
    [app.metrics.definition :as-alias mdef]
-   [app.migrations.v2 :as migrations.v2]
    [app.msgbus :as-alias mbus]
    [app.redis :as-alias rds]
    [app.rpc :as-alias rpc]
    [app.rpc.doc :as-alias rpc.doc]
-   [app.setup :as-alias setup]
    [app.srepl :as-alias srepl]
    [app.storage :as-alias sto]
    [app.storage.fs :as-alias sto.fs]
-   [app.storage.gc-deleted :as-alias sto.gc-deleted]
-   [app.storage.gc-touched :as-alias sto.gc-touched]
    [app.storage.s3 :as-alias sto.s3]
-   [app.svgo :as-alias svgo]
    [app.util.time :as dt]
    [app.worker :as-alias wrk]
-   [cider.nrepl :refer [cider-nrepl-handler]]
-   [clojure.test :as test]
-   [clojure.tools.namespace.repl :as repl]
    [cuerdas.core :as str]
-   [integrant.core :as ig]
-   [nrepl.server :as nrepl]
-   [promesa.exec :as px])
+   [integrant.core :as ig])
   (:gen-class))
 
 (def default-metrics
@@ -102,23 +94,23 @@
    {::mdef/name "penpot_tasks_timing"
     ::mdef/help "Background tasks timing (milliseconds)."
     ::mdef/labels ["name"]
-    ::mdef/type :histogram}
+    ::mdef/type :summary}
 
    :redis-eval-timing
    {::mdef/name "penpot_redis_eval_timing"
     ::mdef/help "Redis EVAL commands execution timings (ms)"
     ::mdef/labels ["name"]
-    ::mdef/type :histogram}
+    ::mdef/type :summary}
 
-   :rpc-climit-queue
-   {::mdef/name "penpot_rpc_climit_queue"
-    ::mdef/help "Current number of queued submissions."
+   :rpc-climit-queue-size
+   {::mdef/name "penpot_rpc_climit_queue_size"
+    ::mdef/help "Current number of queued submissions on the CLIMIT."
     ::mdef/labels ["name"]
     ::mdef/type :gauge}
 
-   :rpc-climit-permits
-   {::mdef/name "penpot_rpc_climit_permits"
-    ::mdef/help "Current number of available permits"
+   :rpc-climit-concurrency
+   {::mdef/name "penpot_rpc_climit_concurrency"
+    ::mdef/help "Current number of used concurrency capacity on the CLIMIT"
     ::mdef/labels ["name"]
     ::mdef/type :gauge}
 
@@ -126,7 +118,7 @@
    {::mdef/name "penpot_rpc_climit_timing"
     ::mdef/help "Summary of the time between queuing and executing on the CLIMIT"
     ::mdef/labels ["name"]
-    ::mdef/type :histogram}
+    ::mdef/type :summary}
 
    :audit-http-handler-queue-size
    {::mdef/name "penpot_audit_http_handler_queue_size"
@@ -144,7 +136,7 @@
    {::mdef/name "penpot_audit_http_handler_timing"
     ::mdef/help "Summary of the time between queuing and executing on the audit log http handler"
     ::mdef/labels []
-    ::mdef/type :histogram}
+    ::mdef/type :summary}
 
    :executors-active-threads
    {::mdef/name "penpot_executors_active_threads"
@@ -162,6 +154,12 @@
    {::mdef/name "penpot_executors_running_threads"
     ::mdef/help "Current number of threads with state RUNNING."
     ::mdef/labels ["name"]
+    ::mdef/type :gauge}
+
+   :executors-queued-submissions
+   {::mdef/name "penpot_executors_queued_submissions"
+    ::mdef/help "Current number of queued submissions."
+    ::mdef/labels ["name"]
     ::mdef/type :gauge}})
 
 (def system-config
@@ -176,12 +174,15 @@
 
    ;; Default thread pool for IO operations
    ::wrk/executor
-   {}
+   {::wrk/parallelism (cf/get :default-executor-parallelism 100)}
+
+   ::wrk/scheduled-executor
+   {::wrk/parallelism (cf/get :scheduled-executor-parallelism 20)}
 
    ::wrk/monitor
    {::mtx/metrics  (ig/ref ::mtx/metrics)
-    ::wrk/executor (ig/ref ::wrk/executor)
-    ::wrk/name     "default"}
+    ::wrk/name     "default"
+    ::wrk/executor (ig/ref ::wrk/executor)}
 
    :app.migrations/migrations
    {::db/pool (ig/ref ::db/pool)}
@@ -193,42 +194,53 @@
    {::mtx/metrics (ig/ref ::mtx/metrics)}
 
    ::rds/redis
-   {::rds/uri      (cf/get :redis-uri)
-    ::mtx/metrics  (ig/ref ::mtx/metrics)
-    ::wrk/executor (ig/ref ::wrk/executor)}
+   {::rds/uri     (cf/get :redis-uri)
+    ::mtx/metrics (ig/ref ::mtx/metrics)}
 
    ::mbus/msgbus
-   {::wrk/executor  (ig/ref ::wrk/executor)
-    ::rds/redis     (ig/ref ::rds/redis)}
+   {:backend   (cf/get :msgbus-backend :redis)
+    :executor  (ig/ref ::wrk/executor)
+    :redis     (ig/ref ::rds/redis)}
 
    :app.storage.tmp/cleaner
-   {::wrk/executor (ig/ref ::wrk/executor)}
+   {::wrk/executor (ig/ref ::wrk/executor)
+    ::wrk/scheduled-executor (ig/ref ::wrk/scheduled-executor)}
 
-   ::sto.gc-deleted/handler
+   ::sto/gc-deleted-task
    {::db/pool      (ig/ref ::db/pool)
     ::sto/storage  (ig/ref ::sto/storage)}
 
-   ::sto.gc-touched/handler
+   ::sto/gc-touched-task
    {::db/pool (ig/ref ::db/pool)}
 
    ::http.client/client
-   {}
+   {::wrk/executor (ig/ref ::wrk/executor)}
 
    ::session/manager
-   {::db/pool (ig/ref ::db/pool)}
+   {::db/pool      (ig/ref ::db/pool)
+    ::wrk/executor (ig/ref ::wrk/executor)
+    ::props        (ig/ref :app.setup/props)}
+
+   ::actoken/manager
+   {::db/pool      (ig/ref ::db/pool)
+    ::wrk/executor (ig/ref ::wrk/executor)
+    ::props        (ig/ref :app.setup/props)}
 
    ::session.tasks/gc
    {::db/pool (ig/ref ::db/pool)}
 
    ::http.awsns/routes
-   {::setup/props        (ig/ref ::setup/props)
+   {::props              (ig/ref :app.setup/props)
     ::db/pool            (ig/ref ::db/pool)
-    ::http.client/client (ig/ref ::http.client/client)}
+    ::http.client/client (ig/ref ::http.client/client)
+    ::wrk/executor       (ig/ref ::wrk/executor)}
 
    ::http/server
    {::http/port                    (cf/get :http-server-port)
     ::http/host                    (cf/get :http-server-host)
     ::http/router                  (ig/ref ::http/router)
+    ::http/metrics                 (ig/ref ::mtx/metrics)
+    ::http/executor                (ig/ref ::wrk/executor)
     ::http/io-threads              (cf/get :http-server-io-threads)
     ::http/max-body-size           (cf/get :http-server-max-body-size)
     ::http/max-multipart-body-size (cf/get :http-server-max-multipart-body-size)}
@@ -262,21 +274,22 @@
    ::oidc/routes
    {::http.client/client (ig/ref ::http.client/client)
     ::db/pool            (ig/ref ::db/pool)
-    ::setup/props        (ig/ref ::setup/props)
+    ::props              (ig/ref :app.setup/props)
+    ::wrk/executor       (ig/ref ::wrk/executor)
     ::oidc/providers     {:google (ig/ref ::oidc.providers/google)
                           :github (ig/ref ::oidc.providers/github)
                           :gitlab (ig/ref ::oidc.providers/gitlab)
                           :oidc   (ig/ref ::oidc.providers/generic)}
-    ::session/manager    (ig/ref ::session/manager)
-    ::email/blacklist    (ig/ref ::email/blacklist)
-    ::email/whitelist    (ig/ref ::email/whitelist)}
+    ::session/manager    (ig/ref ::session/manager)}
 
    :app.http/router
    {::session/manager    (ig/ref ::session/manager)
+    ::actoken/manager    (ig/ref ::actoken/manager)
+    ::wrk/executor       (ig/ref ::wrk/executor)
     ::db/pool            (ig/ref ::db/pool)
     ::rpc/routes         (ig/ref ::rpc/routes)
     ::rpc.doc/routes     (ig/ref ::rpc.doc/routes)
-    ::setup/props        (ig/ref ::setup/props)
+    ::props              (ig/ref :app.setup/props)
     ::mtx/routes         (ig/ref ::mtx/routes)
     ::oidc/routes        (ig/ref ::oidc/routes)
     ::http.debug/routes  (ig/ref ::http.debug/routes)
@@ -284,30 +297,31 @@
     ::http.ws/routes     (ig/ref ::http.ws/routes)
     ::http.awsns/routes  (ig/ref ::http.awsns/routes)}
 
-   ::http.debug/routes
+   :app.http.debug/routes
    {::db/pool         (ig/ref ::db/pool)
-    ::session/manager (ig/ref ::session/manager)
-    ::sto/storage     (ig/ref ::sto/storage)
-    ::setup/props     (ig/ref ::setup/props)}
+    ::wrk/executor    (ig/ref ::wrk/executor)
+    ::session/manager (ig/ref ::session/manager)}
 
-   ::http.ws/routes
+   :app.http.websocket/routes
    {::db/pool         (ig/ref ::db/pool)
     ::mtx/metrics     (ig/ref ::mtx/metrics)
-    ::mbus/msgbus     (ig/ref ::mbus/msgbus)
+    ::mbus/msgbus     (ig/ref :app.msgbus/msgbus)
     ::session/manager (ig/ref ::session/manager)}
 
    :app.http.assets/routes
    {::http.assets/path  (cf/get :assets-path)
     ::http.assets/cache-max-age (dt/duration {:hours 24})
     ::http.assets/cache-max-agesignature-max-age (dt/duration {:hours 24 :minutes 5})
-    ::sto/storage  (ig/ref ::sto/storage)}
+    ::sto/storage  (ig/ref ::sto/storage)
+    ::wrk/executor (ig/ref ::wrk/executor)}
 
    :app.rpc/climit
    {::mtx/metrics  (ig/ref ::mtx/metrics)
     ::wrk/executor (ig/ref ::wrk/executor)}
 
    :app.rpc/rlimit
-   {::wrk/executor (ig/ref ::wrk/executor)}
+   {::wrk/executor           (ig/ref ::wrk/executor)
+    ::wrk/scheduled-executor (ig/ref ::wrk/scheduled-executor)}
 
    :app.rpc/methods
    {::http.client/client (ig/ref ::http.client/client)
@@ -319,15 +333,15 @@
     ::mtx/metrics        (ig/ref ::mtx/metrics)
     ::mbus/msgbus        (ig/ref ::mbus/msgbus)
     ::rds/redis          (ig/ref ::rds/redis)
-    ::svgo/optimizer     (ig/ref ::svgo/optimizer)
 
     ::rpc/climit         (ig/ref ::rpc/climit)
     ::rpc/rlimit         (ig/ref ::rpc/rlimit)
-    ::setup/templates    (ig/ref ::setup/templates)
-    ::setup/props        (ig/ref ::setup/props)
 
-    ::email/blacklist    (ig/ref ::email/blacklist)
-    ::email/whitelist    (ig/ref ::email/whitelist)}
+    ::props              (ig/ref :app.setup/props)
+
+    :pool                (ig/ref ::db/pool)
+    :templates           (ig/ref :app.setup/builtin-templates)
+    }
 
    :app.rpc.doc/routes
    {:methods (ig/ref :app.rpc/methods)}
@@ -335,8 +349,10 @@
    :app.rpc/routes
    {::rpc/methods     (ig/ref :app.rpc/methods)
     ::db/pool         (ig/ref ::db/pool)
+    ::wrk/executor    (ig/ref ::wrk/executor)
     ::session/manager (ig/ref ::session/manager)
-    ::setup/props     (ig/ref ::setup/props)}
+    ::actoken/manager (ig/ref ::actoken/manager)
+    ::props           (ig/ref :app.setup/props)}
 
    ::wrk/registry
    {::mtx/metrics (ig/ref ::mtx/metrics)
@@ -345,27 +361,19 @@
      :objects-gc         (ig/ref :app.tasks.objects-gc/handler)
      :file-gc            (ig/ref :app.tasks.file-gc/handler)
      :file-xlog-gc       (ig/ref :app.tasks.file-xlog-gc/handler)
+     :storage-gc-deleted (ig/ref ::sto/gc-deleted-task)
+     :storage-gc-touched (ig/ref ::sto/gc-touched-task)
      :tasks-gc           (ig/ref :app.tasks.tasks-gc/handler)
      :telemetry          (ig/ref :app.tasks.telemetry/handler)
-     :storage-gc-deleted (ig/ref ::sto.gc-deleted/handler)
-     :storage-gc-touched (ig/ref ::sto.gc-touched/handler)
      :session-gc         (ig/ref ::session.tasks/gc)
-     :audit-log-archive  (ig/ref :app.loggers.audit.archive-task/handler)
-     :audit-log-gc       (ig/ref :app.loggers.audit.gc-task/handler)
+     :audit-log-archive  (ig/ref ::audit.tasks/archive)
+     :audit-log-gc       (ig/ref ::audit.tasks/gc)
 
-     :delete-object
-     (ig/ref :app.tasks.delete-object/handler)
      :process-webhook-event
      (ig/ref ::webhooks/process-event-handler)
      :run-webhook
      (ig/ref ::webhooks/run-webhook-handler)}}
 
-   ::email/blacklist
-   {}
-
-   ::email/whitelist
-   {}
-
    ::email/sendmail
    {::email/host             (cf/get :smtp-host)
     ::email/port             (cf/get :smtp-port)
@@ -387,12 +395,8 @@
    {::db/pool     (ig/ref ::db/pool)
     ::sto/storage (ig/ref ::sto/storage)}
 
-   :app.tasks.delete-object/handler
-   {::db/pool (ig/ref ::db/pool)}
-
    :app.tasks.file-gc/handler
-   {::db/pool     (ig/ref ::db/pool)
-    ::sto/storage (ig/ref ::sto/storage)}
+   {::db/pool (ig/ref ::db/pool)}
 
    :app.tasks.file-xlog-gc/handler
    {::db/pool (ig/ref ::db/pool)}
@@ -400,7 +404,7 @@
    :app.tasks.telemetry/handler
    {::db/pool            (ig/ref ::db/pool)
     ::http.client/client (ig/ref ::http.client/client)
-    ::setup/props        (ig/ref ::setup/props)}
+    ::props              (ig/ref :app.setup/props)}
 
    [::srepl/urepl ::srepl/server]
    {::srepl/port (cf/get :urepl-port 6062)
@@ -410,25 +414,23 @@
    {::srepl/port (cf/get :prepl-port 6063)
     ::srepl/host (cf/get :prepl-host "localhost")}
 
-   ::setup/templates {}
+   :app.setup/builtin-templates
+   {::http.client/client (ig/ref ::http.client/client)}
 
-   ::setup/props
+   :app.setup/props
    {::db/pool    (ig/ref ::db/pool)
-    ::setup/key  (cf/get :secret-key)
+    ::key        (cf/get :secret-key)
 
     ;; NOTE: this dependency is only necessary for proper initialization ordering, props
     ;; module requires the migrations to run before initialize.
     ::migrations (ig/ref :app.migrations/migrations)}
 
-   ::svgo/optimizer
-   {}
-
-   :app.loggers.audit.archive-task/handler
-   {::setup/props        (ig/ref ::setup/props)
+   ::audit.tasks/archive
+   {::props              (ig/ref :app.setup/props)
     ::db/pool            (ig/ref ::db/pool)
     ::http.client/client (ig/ref ::http.client/client)}
 
-   :app.loggers.audit.gc-task/handler
+   ::audit.tasks/gc
    {::db/pool (ig/ref ::db/pool)}
 
    ::webhooks/process-event-handler
@@ -447,23 +449,26 @@
 
    ::sto/storage
    {::db/pool      (ig/ref ::db/pool)
+    ::wrk/executor (ig/ref ::wrk/executor)
     ::sto/backends
     {:assets-s3 (ig/ref [::assets :app.storage.s3/backend])
      :assets-fs (ig/ref [::assets :app.storage.fs/backend])}}
 
    [::assets :app.storage.s3/backend]
-   {::sto.s3/region     (cf/get :storage-assets-s3-region)
-    ::sto.s3/endpoint   (cf/get :storage-assets-s3-endpoint)
-    ::sto.s3/bucket     (cf/get :storage-assets-s3-bucket)
-    ::sto.s3/io-threads (cf/get :storage-assets-s3-io-threads)}
+   {::sto.s3/region   (cf/get :storage-assets-s3-region)
+    ::sto.s3/endpoint (cf/get :storage-assets-s3-endpoint)
+    ::sto.s3/bucket   (cf/get :storage-assets-s3-bucket)
+    ::wrk/executor    (ig/ref ::wrk/executor)}
 
    [::assets :app.storage.fs/backend]
-   {::sto.fs/directory (cf/get :storage-assets-fs-directory)}})
+   {::sto.fs/directory (cf/get :storage-assets-fs-directory)}
+   })
 
 
 (def worker-config
   {::wrk/cron
-   {::wrk/registry            (ig/ref ::wrk/registry)
+   {::wrk/scheduled-executor  (ig/ref ::wrk/scheduled-executor)
+    ::wrk/registry            (ig/ref ::wrk/registry)
     ::db/pool                 (ig/ref ::db/pool)
     ::wrk/entries
     [{:cron #app/cron "0 0 * * * ?" ;; hourly
@@ -503,7 +508,7 @@
     ::mtx/metrics (ig/ref ::mtx/metrics)
     ::db/pool     (ig/ref ::db/pool)}
 
-   [::default ::wrk/runner]
+   [::default ::wrk/worker]
    {::wrk/parallelism (cf/get ::worker-default-parallelism 1)
     ::wrk/queue       :default
     ::rds/redis       (ig/ref ::rds/redis)
@@ -511,7 +516,7 @@
     ::mtx/metrics     (ig/ref ::mtx/metrics)
     ::db/pool         (ig/ref ::db/pool)}
 
-   [::webhook ::wrk/runner]
+   [::webhook ::wrk/worker]
    {::wrk/parallelism (cf/get ::worker-webhook-parallelism 1)
     ::wrk/queue       :webhooks
     ::rds/redis       (ig/ref ::rds/redis)
@@ -532,79 +537,22 @@
                                    (merge worker-config))
                                  (ig/prep)
                                  (ig/init))))
-  (l/inf :hint "welcome to penpot"
-         :flags (str/join "," (map name cf/flags))
-         :worker? (contains? cf/flags :backend-worker)
-         :version (:full cf/version)))
-
-(defn start-custom
-  [config]
-  (ig/load-namespaces config)
-  (alter-var-root #'system (fn [sys]
-                             (when sys (ig/halt! sys))
-                             (-> config
-                                 (ig/prep)
-                                 (ig/init)))))
+  (l/info :hint "welcome to penpot"
+          :flags (str/join "," (map name cf/flags))
+          :worker? (contains? cf/flags :backend-worker)
+          :version (:full cf/version)))
 
 (defn stop
   []
   (alter-var-root #'system (fn [sys]
                              (when sys (ig/halt! sys))
                              nil)))
-(defn restart
-  []
-  (stop)
-  (repl/refresh :after 'app.main/start))
-
-(defn restart-all
-  []
-  (stop)
-  (repl/refresh-all :after 'app.main/start))
-
-(defmacro run-bench
-  [& exprs]
-  `(do
-     (require 'criterium.core)
-     (criterium.core/with-progress-reporting (crit/quick-bench (do ~@exprs) :verbose))))
-
-(defn run-tests
-  ([] (run-tests #"^backend-tests.*-test$"))
-  ([o]
-   (repl/refresh)
-   (cond
-     (instance? java.util.regex.Pattern o)
-     (test/run-all-tests o)
-
-     (symbol? o)
-     (if-let [sns (namespace o)]
-       (do (require (symbol sns))
-           (test/test-vars [(resolve o)]))
-       (test/test-ns o)))))
-
-(repl/disable-reload! (find-ns 'integrant.core))
 
 (defn -main
   [& _args]
   (try
-    (let [p (promise)]
-      (when (contains? cf/flags :nrepl-server)
-        (l/inf :hint "start nrepl server" :port 6064)
-        (nrepl/start-server :bind "0.0.0.0" :port 6064 :handler cider-nrepl-handler))
-
-      (start)
-
-      (when (contains? cf/flags :v2-migration)
-        (px/sleep 5000)
-        (migrations.v2/migrate app.main/system))
-
-      (deref p))
+    (start)
     (catch Throwable cause
-      (binding [*out* *err*]
-        (println "==== ERROR ===="))
-      (.printStackTrace cause)
-      (when-let [cause' (ex-cause cause)]
-        (binding [*out* *err*]
-          (println "==== CAUSE ===="))
-        (.printStackTrace cause'))
-      (px/sleep 500)
+      (l/error :hint (ex-message cause)
+               :cause cause)
       (System/exit -1))))

backend/src/app/media.clj

@@ -10,16 +10,12 @@
    [app.common.data :as d]
    [app.common.exceptions :as ex]
    [app.common.media :as cm]
-   [app.common.schema :as sm]
-   [app.common.schema.generators :as sg]
-   [app.common.schema.openapi :as-alias oapi]
    [app.common.spec :as us]
-   [app.common.svg :as csvg]
    [app.config :as cf]
    [app.db :as-alias db]
    [app.storage :as-alias sto]
    [app.storage.tmp :as tmp]
-   [app.util.time :as dt]
+   [app.util.svg :as svg]
    [buddy.core.bytes :as bb]
    [buddy.core.codecs :as bc]
    [clojure.java.shell :as sh]
@@ -47,27 +43,6 @@
   (s/keys :req-un [::path]
           :opt-un [::mtype]))
 
-(sm/def! ::fs/path
-  {:type ::fs/path
-   :pred fs/path?
-   :type-properties
-   {:title "path"
-    :description "filesystem path"
-    :error/message "expected a valid fs path instance"
-    :gen/gen (sg/generator :string)
-    ::oapi/type "string"
-    ::oapi/format "unix-path"
-    ::oapi/decode fs/path}})
-
-(sm/def! ::upload
-  [:map {:title "Upload"}
-   [:filename :string]
-   [:size :int]
-   [:path ::fs/path]
-   [:mtype {:optional true} :string]
-   [:headers {:optional true}
-    [:map-of :string :string]]])
-
 (defn validate-media-type!
   ([upload] (validate-media-type! upload cm/valid-image-types))
   ([upload allowed]
@@ -78,17 +53,6 @@
 
    upload))
 
-(defn validate-media-size!
-  [upload]
-  (let [max-size (cf/get :media-max-file-size)]
-    (when (> (:size upload) max-size)
-      (ex/raise :type :restriction
-                :code :media-max-file-size-reached
-                :hint (str/ffmt "the uploaded file size % is greater than the maximum %"
-                                (:size upload)
-                                max-size)))
-    upload))
-
 (defmulti process :cmd)
 (defmulti process-error class)
 
@@ -199,12 +163,12 @@
   (us/assert ::input input)
   (let [{:keys [path mtype]} input]
     (if (= mtype "image/svg+xml")
-      (let [info (some-> path slurp csvg/parse get-basic-info-from-svg)]
+      (let [info (some-> path slurp svg/pre-process svg/parse get-basic-info-from-svg)]
         (when-not info
           (ex/raise :type :validation
                     :code :invalid-svg-file
                     :hint "uploaded svg does not provides dimensions"))
-        (merge input info {:ts (dt/now)}))
+        (merge input info))
 
       (let [instance (Info. (str path))
             mtype'   (.getProperty instance "Mime type")]
@@ -219,8 +183,7 @@
         ;; any frame.
         (assoc input
                :width  (.getPageWidth instance)
-               :height (.getPageHeight instance)
-               :ts (dt/now))))))
+               :height (.getPageHeight instance))))))
 
 (defmethod process-error org.im4java.core.InfoException
   [error]

backend/src/app/metrics.clj

@@ -89,12 +89,12 @@
 
 
 (defn- handler
-  [registry _]
+  [registry _ respond _]
   (let [samples  (.metricFamilySamples ^CollectorRegistry registry)
         writer   (StringWriter.)]
     (TextFormat/write004 writer samples)
-    {:headers {"content-type" TextFormat/CONTENT_TYPE_004}
-     :body (.toString writer)}))
+    (respond {:headers {"content-type" TextFormat/CONTENT_TYPE_004}
+              :body (.toString writer)})))
 
 
 

backend/src/app/migrations.clj

@@ -315,71 +315,7 @@
    {:name "0101-mod-server-error-report-table"
     :fn (mg/resource "app/migrations/sql/0101-mod-server-error-report-table.sql")}
 
-   {:name "0102-mod-access-token-table"
-    :fn (mg/resource "app/migrations/sql/0102-mod-access-token-table.sql")}
-
-   {:name "0103-mod-file-object-thumbnail-table"
-    :fn (mg/resource "app/migrations/sql/0103-mod-file-object-thumbnail-table.sql")}
-
-   {:name "0104-mod-file-thumbnail-table"
-    :fn (mg/resource "app/migrations/sql/0104-mod-file-thumbnail-table.sql")}
-
-   {:name "0105-mod-file-change-table"
-    :fn (mg/resource "app/migrations/sql/0105-mod-file-change-table.sql")}
-
-   {:name "0105-mod-server-error-report-table"
-    :fn (mg/resource "app/migrations/sql/0105-mod-server-error-report-table.sql")}
-
-   {:name "0106-add-file-tagged-object-thumbnail-table"
-    :fn (mg/resource "app/migrations/sql/0106-add-file-tagged-object-thumbnail-table.sql")}
-
-   {:name "0106-mod-team-table"
-    :fn (mg/resource "app/migrations/sql/0106-mod-team-table.sql")}
-
-   {:name "0107-mod-file-tagged-object-thumbnail-table"
-    :fn (mg/resource "app/migrations/sql/0107-mod-file-tagged-object-thumbnail-table.sql")}
-
-   {:name "0107-add-deletion-protection-trigger-function"
-    :fn (mg/resource "app/migrations/sql/0107-add-deletion-protection-trigger-function.sql")}
-
-   {:name "0108-mod-file-thumbnail-table"
-    :fn (mg/resource "app/migrations/sql/0108-mod-file-thumbnail-table.sql")}
-
-   {:name "0109-mod-file-tagged-object-thumbnail-table"
-    :fn (mg/resource "app/migrations/sql/0109-mod-file-tagged-object-thumbnail-table.sql")}
-
-   {:name "0110-mod-file-media-object-table"
-    :fn (mg/resource "app/migrations/sql/0110-mod-file-media-object-table.sql")}
-
-   {:name "0111-mod-file-data-fragment-table"
-    :fn (mg/resource "app/migrations/sql/0111-mod-file-data-fragment-table.sql")}
-
-   {:name "0112-mod-profile-table"
-    :fn (mg/resource "app/migrations/sql/0112-mod-profile-table.sql")}
-
-   {:name "0113-mod-team-font-variant-table"
-    :fn (mg/resource "app/migrations/sql/0113-mod-team-font-variant-table.sql")}
-
-   {:name "0114-mod-team-table"
-    :fn (mg/resource "app/migrations/sql/0114-mod-team-table.sql")}
-
-   {:name "0115-mod-project-table"
-    :fn (mg/resource "app/migrations/sql/0115-mod-project-table.sql")}
-
-   {:name "0116-mod-file-table"
-    :fn (mg/resource "app/migrations/sql/0116-mod-file-table.sql")}
-
-   {:name "0117-mod-file-object-thumbnail-table"
-    :fn (mg/resource "app/migrations/sql/0117-mod-file-object-thumbnail-table.sql")}
-
-   {:name "0118-mod-task-table"
-    :fn (mg/resource "app/migrations/sql/0118-mod-task-table.sql")}
-
-   {:name "0119-mod-file-table"
-    :fn (mg/resource "app/migrations/sql/0119-mod-file-table.sql")}
-
-   {:name "0120-mod-audit-log-table"
-    :fn (mg/resource "app/migrations/sql/0120-mod-audit-log-table.sql")}])
+  ])
 
 (defn apply-migrations!
   [pool name migrations]

backend/src/app/migrations/sql/0102-mod-access-token-table.sql

@@ -1,2 +0,0 @@
-ALTER TABLE access_token
- ADD COLUMN expires_at timestamptz NULL;

backend/src/app/migrations/sql/0103-mod-file-object-thumbnail-table.sql

@@ -1,2 +0,0 @@
-ALTER TABLE file_object_thumbnail
-  ADD COLUMN media_id uuid NULL REFERENCES storage_object(id) ON DELETE CASCADE DEFERRABLE;

backend/src/app/migrations/sql/0104-mod-file-thumbnail-table.sql

@@ -1,2 +0,0 @@
-ALTER TABLE file_thumbnail
-  ADD COLUMN media_id uuid NULL REFERENCES storage_object(id) ON DELETE CASCADE DEFERRABLE;

backend/src/app/migrations/sql/0105-mod-file-change-table.sql

@@ -1,9 +0,0 @@
-ALTER TABLE file_change
-  ADD COLUMN label text NULL;
-
-ALTER TABLE file_change
-  ALTER COLUMN label SET STORAGE external;
-
-CREATE INDEX file_change__label__idx
-    ON file_change (file_id, label)
- WHERE label is not null;

backend/src/app/migrations/sql/0105-mod-server-error-report-table.sql

@@ -1,2 +0,0 @@
-CREATE INDEX server_error_report__created_at__idx
-    ON server_error_report ( created_at );

backend/src/app/migrations/sql/0106-add-file-tagged-object-thumbnail-table.sql

@@ -1,10 +0,0 @@
-CREATE TABLE file_tagged_object_thumbnail (
-  file_id uuid NOT NULL REFERENCES file(id) ON DELETE CASCADE DEFERRABLE,
-  tag text DEFAULT 'frame',
-  object_id text NOT NULL,
-
-  media_id uuid NOT NULL REFERENCES storage_object(id) ON DELETE CASCADE DEFERRABLE,
-  created_at timestamptz NOT NULL DEFAULT now(),
-
-  PRIMARY KEY(file_id, tag, object_id)
-);

backend/src/app/migrations/sql/0106-mod-team-table.sql

@@ -1 +0,0 @@
-ALTER TABLE team ADD COLUMN features text[] NULL DEFAULT null;

backend/src/app/migrations/sql/0107-add-deletion-protection-trigger-function.sql

@@ -1,8 +0,0 @@
-CREATE OR REPLACE FUNCTION raise_deletion_protection()
-  RETURNS TRIGGER AS $$
-  BEGIN
-    RAISE EXCEPTION 'unable to proceed to delete row on "%"', TG_TABLE_NAME
-          USING HINT = 'disable deletion protection with "SET rules.deletion_protection TO off"';
-    RETURN NULL;
-  END;
-$$ LANGUAGE plpgsql;

backend/src/app/migrations/sql/0107-mod-file-tagged-object-thumbnail-table.sql

@@ -1,2 +0,0 @@
-CREATE INDEX file_tagged_object_thumbnail__media_id__idx
-    ON file_tagged_object_thumbnail (media_id);

backend/src/app/migrations/sql/0108-mod-file-thumbnail-table.sql

@@ -1,25 +0,0 @@
---- Add missing index for deleted_at column, we include all related
---- columns because we expect the index to be small and expect use
---- index-only scans.
-CREATE INDEX IF NOT EXISTS file_thumbnail__deleted_at__idx
-    ON file_thumbnail (deleted_at, file_id, revn, media_id)
- WHERE deleted_at IS NOT NULL;
-
---- Add missing for media_id column, used mainly for refs checking
-CREATE INDEX IF NOT EXISTS file_thumbnail__media_id__idx ON file_thumbnail (media_id);
-
---- Remove CASCADE from media_id and file_id foreign constraint
-ALTER TABLE file_thumbnail
- DROP CONSTRAINT file_thumbnail_file_id_fkey,
-  ADD FOREIGN KEY (file_id) REFERENCES file(id) DEFERRABLE;
-
-ALTER TABLE file_thumbnail
- DROP CONSTRAINT file_thumbnail_media_id_fkey,
-  ADD FOREIGN KEY (media_id) REFERENCES storage_object(id) DEFERRABLE;
-
---- Add deletion protection
-CREATE OR REPLACE TRIGGER deletion_protection__tgr
-BEFORE DELETE ON file_thumbnail FOR EACH STATEMENT
-  WHEN ((current_setting('rules.deletion_protection', true) IN ('on', '')) OR
-        (current_setting('rules.deletion_protection', true) IS NULL))
-  EXECUTE PROCEDURE raise_deletion_protection();

backend/src/app/migrations/sql/0109-mod-file-tagged-object-thumbnail-table.sql

@@ -1,26 +0,0 @@
-ALTER TABLE file_tagged_object_thumbnail
-  ADD COLUMN updated_at timestamptz NULL,
-  ADD COLUMN deleted_at timestamptz NULL;
-
---- Add index for deleted_at column, we include all related columns
---- because we expect the index to be small and expect use index-only
---- scans.
-CREATE INDEX IF NOT EXISTS file_tagged_object_thumbnail__deleted_at__idx
-    ON file_tagged_object_thumbnail (deleted_at, file_id, object_id, media_id)
- WHERE deleted_at IS NOT NULL;
-
---- Remove CASCADE from media_id and file_id foreign constraint
-ALTER TABLE file_tagged_object_thumbnail
- DROP CONSTRAINT file_tagged_object_thumbnail_media_id_fkey,
-  ADD FOREIGN KEY (media_id) REFERENCES storage_object(id) DEFERRABLE;
-
-ALTER TABLE file_tagged_object_thumbnail
- DROP CONSTRAINT file_tagged_object_thumbnail_file_id_fkey,
-  ADD FOREIGN KEY (file_id) REFERENCES file(id) DEFERRABLE;
-
---- Add deletion protection
-CREATE OR REPLACE TRIGGER deletion_protection__tgr
-BEFORE DELETE ON file_tagged_object_thumbnail FOR EACH STATEMENT
-  WHEN ((current_setting('rules.deletion_protection', true) IN ('on', '')) OR
-        (current_setting('rules.deletion_protection', true) IS NULL))
-  EXECUTE PROCEDURE raise_deletion_protection();

backend/src/app/migrations/sql/0110-mod-file-media-object-table.sql

@@ -1,27 +0,0 @@
---- Fix legacy naming
-ALTER INDEX media_object_pkey RENAME TO file_media_object_pkey;
-ALTER INDEX media_object__file_id__idx RENAME TO file_media_object__file_id__idx;
-
---- Create index for the deleted_at column
-CREATE INDEX IF NOT EXISTS file_media_object__deleted_at__idx
-    ON file_media_object (deleted_at, id, media_id)
- WHERE deleted_at IS NOT NULL;
-
---- Drop now unnecesary trigger because this will be handled by the
---- application code
-DROP TRIGGER file_media_object__on_delete__tgr ON file_media_object;
-DROP FUNCTION on_delete_file_media_object ( ) CASCADE;
-DROP TRIGGER file_media_object__on_insert__tgr ON file_media_object;
-DROP FUNCTION on_media_object_insert () CASCADE;
-
---- Remove CASCADE from file FOREIGN KEY
-ALTER TABLE file_media_object
- DROP CONSTRAINT file_media_object_file_id_fkey,
-  ADD FOREIGN KEY (file_id) REFERENCES file(id) DEFERRABLE;
-
---- Add deletion protection
-CREATE OR REPLACE TRIGGER deletion_protection__tgr
-BEFORE DELETE ON file_media_object FOR EACH STATEMENT
-  WHEN ((current_setting('rules.deletion_protection', true) IN ('on', '')) OR
-        (current_setting('rules.deletion_protection', true) IS NULL))
-  EXECUTE PROCEDURE raise_deletion_protection();

backend/src/app/migrations/sql/0111-mod-file-data-fragment-table.sql

@@ -1,9 +0,0 @@
-ALTER TABLE file_data_fragment
-  ADD COLUMN deleted_at timestamptz NULL;
-
---- Add index for deleted_at column, we include all related columns
---- because we expect the index to be small and expect use index-only
---- scans.
-CREATE INDEX IF NOT EXISTS file_data_fragment__deleted_at__idx
-    ON file_data_fragment (deleted_at, file_id, id)
- WHERE deleted_at IS NOT NULL;

backend/src/app/migrations/sql/0112-mod-profile-table.sql

@@ -1,15 +0,0 @@
-ALTER TABLE profile
- DROP CONSTRAINT profile_photo_id_fkey,
-  ADD FOREIGN KEY (photo_id) REFERENCES storage_object(id) DEFERRABLE,
- DROP CONSTRAINT profile_default_project_id_fkey,
-  ADD FOREIGN KEY (default_project_id) REFERENCES project(id) DEFERRABLE,
- DROP CONSTRAINT profile_default_team_id_fkey,
-  ADD FOREIGN KEY (default_team_id) REFERENCES team(id) DEFERRABLE;
-
---- Add deletion protection
-CREATE OR REPLACE TRIGGER deletion_protection__tgr
-BEFORE DELETE ON profile FOR EACH STATEMENT
-  WHEN ((current_setting('rules.deletion_protection', true) IN ('on', '')) OR
-        (current_setting('rules.deletion_protection', true) IS NULL))
-  EXECUTE PROCEDURE raise_deletion_protection();
-

backend/src/app/migrations/sql/0113-mod-team-font-variant-table.sql

@@ -1,20 +0,0 @@
---- Remove ON DELETE SET NULL from foreign constraint on
---- storage_object table
-ALTER TABLE team_font_variant
- DROP CONSTRAINT team_font_variant_otf_file_id_fkey,
-  ADD FOREIGN KEY (otf_file_id) REFERENCES storage_object(id) DEFERRABLE,
- DROP CONSTRAINT team_font_variant_ttf_file_id_fkey,
-  ADD FOREIGN KEY (ttf_file_id) REFERENCES storage_object(id) DEFERRABLE,
- DROP CONSTRAINT team_font_variant_woff1_file_id_fkey,
-  ADD FOREIGN KEY (woff1_file_id) REFERENCES storage_object(id) DEFERRABLE,
- DROP CONSTRAINT team_font_variant_woff2_file_id_fkey,
-  ADD FOREIGN KEY (woff2_file_id) REFERENCES storage_object(id) DEFERRABLE,
- DROP CONSTRAINT team_font_variant_team_id_fkey,
-  ADD FOREIGN KEY (team_id) REFERENCES team(id) DEFERRABLE;
-
---- Add deletion protection
-CREATE OR REPLACE TRIGGER deletion_protection__tgr
-BEFORE DELETE ON team_font_variant FOR EACH STATEMENT
-  WHEN ((current_setting('rules.deletion_protection', true) IN ('on', '')) OR
-        (current_setting('rules.deletion_protection', true) IS NULL))
-  EXECUTE PROCEDURE raise_deletion_protection();

backend/src/app/migrations/sql/0114-mod-team-table.sql

@@ -1,10 +0,0 @@
---- Add deletion protection
-CREATE OR REPLACE TRIGGER deletion_protection__tgr
-BEFORE DELETE ON team FOR EACH STATEMENT
-  WHEN ((current_setting('rules.deletion_protection', true) IN ('on', '')) OR
-        (current_setting('rules.deletion_protection', true) IS NULL))
-  EXECUTE PROCEDURE raise_deletion_protection();
-
-ALTER TABLE team
- DROP CONSTRAINT team_photo_id_fkey,
-  ADD FOREIGN KEY (photo_id) REFERENCES storage_object(id) DEFERRABLE;

backend/src/app/migrations/sql/0115-mod-project-table.sql

@@ -1,3 +0,0 @@
-ALTER TABLE project
- DROP CONSTRAINT project_team_id_fkey,
-  ADD FOREIGN KEY (team_id) REFERENCES team(id) DEFERRABLE;