script for helm upload to cloudsmith

.env.example

@@ -1,19 +1,21 @@
 # Keys
-# Required key for platform encryption/decryption ops
-ENCRYPTION_KEY=6c1fe4e407b8911c104518103505b218
+# Required keys for platform encryption/decryption ops
+PRIVATE_KEY=replace_with_nacl_sk
+PUBLIC_KEY=replace_with_nacl_pk
+ENCRYPTION_KEY=replace_with_lengthy_secure_hex
 
 # JWT
 # Required secrets to sign JWT tokens
-JWT_SIGNUP_SECRET=3679e04ca949f914c03332aaaeba805a
-JWT_REFRESH_SECRET=5f2f3c8f0159068dc2bbb3a652a716ff
-JWT_AUTH_SECRET=4be6ba5602e0fa0ac6ac05c3cd4d247f
-JWT_SERVICE_SECRET=f32f716d70a42c5703f4656015e76200
+JWT_SIGNUP_SECRET=replace_with_lengthy_secure_hex
+JWT_REFRESH_SECRET=replace_with_lengthy_secure_hex
+JWT_AUTH_SECRET=replace_with_lengthy_secure_hex
 
 # JWT lifetime
 # Optional lifetimes for JWT tokens expressed in seconds or a string 
 # describing a time span (e.g. 60, "2 days", "10h", "7d")
 JWT_AUTH_LIFETIME=
 JWT_REFRESH_LIFETIME=
+JWT_SERVICE_SECRET=
 JWT_SIGNUP_LIFETIME=
 
 # Optional lifetimes for OTP expressed in seconds
@@ -31,28 +33,21 @@ MONGO_PASSWORD=example
 
 # Website URL
 # Required
+
 SITE_URL=http://localhost:8080
 
 # Mail/SMTP
-SMTP_HOST= # required
-SMTP_USERNAME= # required
-SMTP_PASSWORD= # required
-SMTP_PORT=587
-SMTP_SECURE=false
-SMTP_FROM_ADDRESS= # required
-SMTP_FROM_NAME=Infisical
+# Required to send emails
+# By default, SMTP_HOST is set to smtp.gmail.com
+SMTP_HOST=smtp.gmail.com
+SMTP_NAME=Team
+SMTP_USERNAME=team@infisical.com
+SMTP_PASSWORD=
 
 # Integration
 # Optional only if integration is used
-CLIENT_ID_HEROKU=
-CLIENT_ID_VERCEL=
-CLIENT_ID_NETLIFY=
-CLIENT_ID_GITHUB=
-CLIENT_SECRET_HEROKU=
-CLIENT_SECRET_VERCEL=
-CLIENT_SECRET_NETLIFY=
-CLIENT_SECRET_GITHUB=
-CLIENT_SLUG_VERCEL=
+OAUTH_CLIENT_SECRET_HEROKU=
+OAUTH_TOKEN_URL_HEROKU=
 
 # Sentry (optional) for monitoring errors
 SENTRY_DSN=

.eslintignore

@@ -1,3 +0,0 @@
-node_modules
-built
-healthcheck.js

.github/resources/docker-compose.be-test.yml

@@ -1,30 +0,0 @@
-version: '3'
-
-services:
-  backend:
-    container_name: infisical-backend-test
-    restart: unless-stopped
-    depends_on:
-      - mongo
-    image: infisical/backend:test
-    command: npm run start
-    environment:
-      - NODE_ENV=production
-      - MONGO_URL=mongodb://test:example@mongo:27017/?authSource=admin
-      - MONGO_USERNAME=test
-      - MONGO_PASSWORD=example
-    networks:
-      - infisical-test
-
-  mongo:
-    container_name: infisical-mongo-test
-    image: mongo
-    restart: always
-    environment:
-      - MONGO_INITDB_ROOT_USERNAME=test
-      - MONGO_INITDB_ROOT_PASSWORD=example
-    networks:
-      - infisical-test
-
-networks:
-  infisical-test:

.github/resources/healthcheck.sh

@@ -1,26 +0,0 @@
-# Name of the target container to check
-container_name="$1"
-# Timeout in seconds. Default: 60
-timeout=$((${2:-60}));
-
-if [ -z $container_name ]; then
-  echo "No container name specified";
-  exit 1;
-fi
-
-echo "Container: $container_name";
-echo "Timeout: $timeout sec";
-
-try=0;
-is_healthy="false";
-while [ $is_healthy != "true" ];
-do
-  try=$(($try + 1));
-  printf "■";
-  is_healthy=$(docker inspect --format='{{json .State.Health}}' $container_name | jq '.Status == "healthy"');
-  sleep 1;
-  if [[ $try -eq $timeout ]]; then
-    echo " Container was not ready within timeout";
-    exit 1;
-  fi
-done

.github/workflows/be-test-report.yml

@@ -1,41 +0,0 @@
-name: "Backend Test Report"
-
-on:
-  workflow_run:
-    workflows: ["Check Backend Pull Request"]
-    types:
-      - completed
-
-jobs:
-  be-report:
-    name: Backend test report
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-      - name: 📁 Download test results
-        id: download-artifact
-        uses: dawidd6/action-download-artifact@v2
-        with:
-          name: be-test-results
-          path: backend
-          workflow: check-be-pull-request.yml
-          workflow_conclusion: success
-      - name: 📋 Publish test results
-        uses: dorny/test-reporter@v1
-        with:
-          name: Test Results
-          path: reports/jest-*.xml
-          reporter: jest-junit
-          working-directory: backend
-      - name: 📋 Publish coverage
-        uses: ArtiomTr/jest-coverage-report-action@v2
-        id: coverage
-        with:
-          output: comment, report-markdown
-          coverage-file: coverage/report.json
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          working-directory: backend
-      - uses: marocchino/sticky-pull-request-comment@v2
-        with:
-          message: ${{ steps.coverage.outputs.report }}

.github/workflows/check-be-pull-request.yml

@@ -1,42 +0,0 @@
-name: "Check Backend Pull Request"
-
-on:
-  pull_request:
-    types: [opened, synchronize]
-    paths:
-      - "backend/**"
-      - "!backend/README.md"
-      - "!backend/.*"
-      - "backend/.eslintrc.js"
-
-jobs:
-  check-be-pr:
-    name: Check
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: ☁️ Checkout source
-        uses: actions/checkout@v3
-      - name: 🔧 Setup Node 16
-        uses: actions/setup-node@v3
-        with:
-          node-version: "16"
-          cache: "npm"
-          cache-dependency-path: backend/package-lock.json
-      - name: 📦 Install dependencies
-        run: npm ci --only-production --ignore-scripts
-        working-directory: backend
-      - name: 🧪 Run tests
-        run: npm run test:ci
-        working-directory: backend
-      - name: 📁 Upload test results
-        uses: actions/upload-artifact@v3
-        if: always()
-        with:
-          name: be-test-results
-          path: |
-            ./backend/reports
-            ./backend/coverage
-      - name: 🏗️ Run build
-        run: npm run build
-        working-directory: backend

.github/workflows/check-fe-pull-request.yml

@@ -1,41 +0,0 @@
-name: Check Frontend Pull Request
-
-on:
-  pull_request:
-    types: [ opened, synchronize ]
-    paths:
-      - 'frontend/**'
-      - '!frontend/README.md'
-      - '!frontend/.*'
-      - 'frontend/.eslintrc.js'
-
-
-jobs:
-
-  check-fe-pr:
-    name: Check
-    runs-on: ubuntu-latest
-
-    steps:
-      -
-        name: ☁️ Checkout source
-        uses: actions/checkout@v3
-      -
-        name: 🔧 Setup Node 16
-        uses: actions/setup-node@v3
-        with:
-          node-version: '16'
-          cache: 'npm'
-          cache-dependency-path: frontend/package-lock.json
-      -
-        name: 📦 Install dependencies
-        run: npm ci --only-production --ignore-scripts
-        working-directory: frontend
-      # -
-      #   name: 🧪 Run tests
-      #   run: npm run test:ci
-      #   working-directory: frontend
-      -
-        name: 🏗️ Run build
-        run: npm run build
-        working-directory: frontend

.github/workflows/close_inactive_issues.yml

@@ -0,0 +1,22 @@
+name: Close inactive issues
+on:
+  schedule:
+    - cron: "30 1 * * *"
+
+jobs:
+  close-issues:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v4
+        with:
+          days-before-issue-stale: 30
+          days-before-issue-close: 14
+          stale-issue-label: "stale"
+          stale-issue-message: "This issue is stale because it has been open for 30 days with no activity."
+          close-issue-message: "This issue was closed because it has been inactive for 14 days since being marked as stale."
+          days-before-pr-stale: -1
+          days-before-pr-close: -1
+          repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/docker-image.yml

@@ -3,84 +3,35 @@ name: Push to Docker Hub
 on: [workflow_dispatch]
 
 jobs:
-  backend-image:
-    name: Build backend image
+  docker:
     runs-on: ubuntu-latest
-
     steps:
-      - name: ☁️ Checkout source
-        uses: actions/checkout@v3
-      - name: 🔧 Set up QEMU
+      - name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Set up QEMU
         uses: docker/setup-qemu-action@v2
-      - name: 🔧 Set up Docker Buildx
+      -
+        name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
-      - name: 🐋 Login to Docker Hub
+      -
+        name: Login to Docker Hub
         uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: 📦 Build backend and export to Docker
+      -
+        name: Build and push backend
         uses: docker/build-push-action@v3
         with:
-          load: true
+          push: true
           context: backend
           tags: infisical/backend:test
-      - name: ⏻ Spawn backend container and dependencies
-        run: |
-          docker compose -f .github/resources/docker-compose.be-test.yml up --wait --quiet-pull
-      - name: 🧪 Test backend image
-        run: |
-          ./.github/resources/healthcheck.sh infisical-backend-test
-      - name: ⏻ Shut down backend container and dependencies
-        run: |
-          docker compose -f .github/resources/docker-compose.be-test.yml down
-      - name: 🏗️ Build backend and push
+      -
+        name: Build and push frontend
         uses: docker/build-push-action@v3
         with:
           push: true
-          context: backend
-          tags: infisical/backend:latest
-          platforms: linux/amd64,linux/arm64
-
-  frontend-image:
-    name: Build frontend image
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: ☁️ Checkout source
-        uses: actions/checkout@v3
-      - name: 🔧 Set up QEMU
-        uses: docker/setup-qemu-action@v2
-      - name: 🔧 Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - name: 🐋 Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: 📦 Build frontend and export to Docker
-        uses: docker/build-push-action@v3
-        with:
-          load: true
+          file: frontend/Dockerfile.dev
           context: frontend
           tags: infisical/frontend:test
-          build-args: |
-            POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}
-      - name: ⏻ Spawn frontend container
-        run: |
-          docker run -d --rm --name infisical-frontend-test infisical/frontend:test
-      - name: 🧪 Test frontend image
-        run: |
-          ./.github/resources/healthcheck.sh infisical-frontend-test
-      - name: ⏻ Shut down frontend container
-        run: |
-          docker stop infisical-frontend-test
-      - name: 🏗️ Build frontend and push
-        uses: docker/build-push-action@v3
-        with:
-          push: true
-          context: frontend
-          tags: infisical/frontend:latest
-          platforms: linux/amd64,linux/arm64
-          build-args: |
-            POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}

.github/workflows/helm-chart-release.yaml

@@ -0,0 +1,33 @@
+name: Release Charts
+
+on: [workflow_dispatch]
+
+jobs:
+  release:
+    # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
+    # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.10.0
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.4.1
+        with:
+          charts_dir: helm-charts
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/helm_chart_release.yml

@@ -1,22 +0,0 @@
-name: Release Helm Charts
-
-on: [workflow_dispatch]
-
-jobs:
-  release:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-      - name: Install Helm
-        uses: azure/setup-helm@v3
-        with:
-          version: v3.10.0
-      - name: Install python
-        uses: actions/setup-python@v4
-      - name: Install Cloudsmith CLI
-        run: pip install --upgrade cloudsmith-cli
-      - name: Build and push helm package to Cloudsmith
-        run: cd helm-charts && sh upload-to-cloudsmith.sh
-        env:
-          CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}

.github/workflows/release_build.yml

@@ -1,4 +1,4 @@
-name: Go releaser
+name: goreleaser
 
 on:
   push:
@@ -13,7 +13,7 @@ permissions:
 
 jobs:
   goreleaser:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
         with:
@@ -24,15 +24,6 @@ jobs:
           go-version: '>=1.19.3'
           cache: true
           cache-dependency-path: cli/go.sum
-      - name: libssl1.1 => libssl1.0-dev for OSXCross
-        run: |
-          echo 'deb http://security.ubuntu.com/ubuntu bionic-security main' | sudo tee -a /etc/apt/sources.list
-          sudo apt update && apt-cache policy libssl1.0-dev
-          sudo apt-get install libssl1.0-dev
-      - name: OSXCross for CGO Support
-        run: |
-          mkdir ../../osxcross
-          git clone https://github.com/plentico/osxcross-target.git ../../osxcross/target
       - uses: goreleaser/goreleaser-action@v2
         with:
           distribution: goreleaser

.github/workflows/release_docker_k8_operator.yaml

@@ -1,29 +0,0 @@
-name: Release Docker image for K8 operator 
-on: [workflow_dispatch]
-
-jobs:
-  release:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: 🔧 Set up QEMU
-        uses: docker/setup-qemu-action@v1
-
-      - name: 🔧 Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-
-      - name: 🐋 Login to Docker Hub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Build and push
-        id: docker_build
-        uses: docker/build-push-action@v2
-        with:
-          context: k8-operator
-          push: true
-          platforms: linux/amd64,linux/arm64
-          tags: infisical/kubernetes-operator:latest

.gitignore

@@ -25,9 +25,7 @@ node_modules
 .env
 
 # testing
-coverage
-reports
-junit.xml
+/coverage
 
 # next.js
 /.next/

.goreleaser.yaml

@@ -7,23 +7,12 @@
 #     # you may remove this if you don't need go generate
 #     - cd cli && go generate ./...
 builds:
-  - id: darwin-build
-    binary: infisical
-    env:
-      - CGO_ENABLED=1
-      - CC=/home/runner/work/osxcross/target/bin/o64-clang
-      - CXX=/home/runner/work/osxcross/target/bin/o64-clang++
-    goos:
-      - darwin
-    ignore:
-      - goos: darwin
-        goarch: "386"
-    dir: ./cli
-  - id: all-other-builds
-    env:
+  - env:
       - CGO_ENABLED=0
     binary: infisical
+    id: infisical
     goos:
+      - darwin
       - freebsd
       - linux
       - netbsd
@@ -38,6 +27,8 @@ builds:
       - 6
       - 7
     ignore:
+      - goos: darwin
+        goarch: "386"
       - goos: windows
         goarch: "386"
       - goos: freebsd
@@ -80,7 +71,7 @@ nfpms:
 - id: infisical
   package_name: infisical
   builds:
-    - all-other-builds
+    - infisical
   vendor: Infisical, Inc
   homepage: https://infisical.com/
   maintainer: Infisical, Inc
@@ -90,7 +81,6 @@ nfpms:
   - rpm
   - deb
   - apk
-  - archlinux
   bindir: /usr/bin
 scoop:
   bucket:

.husky/pre-commit

@@ -1,5 +0,0 @@
-
-#!/usr/bin/env sh
-. "$(dirname -- "$0")/_/husky.sh"
-
-npx lint-staged

README.md

@@ -1,5 +1,5 @@
 <h1 align="center">
-  <img width="300" src="/img/logoname-black.svg#gh-light-mode-only" alt="infisical">
+  <img width="300" src="/img/logoname-black.svg#gh-light-mode-only" alt="ifnisical">
   <img width="300" src="/img/logoname-white.svg#gh-dark-mode-only" alt="infisical">
 </h1>
 <p align="center">
@@ -27,9 +27,6 @@
   <a href="https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g">
     <img src="https://img.shields.io/badge/chat-on%20Slack-blueviolet" alt="Slack community channel" />
   </a>
-  <a href="https://twitter.com/infisical">
-    <img src="https://img.shields.io/twitter/follow/infisical?label=Follow" alt="Infisical Twitter" />
-  </a>
 </h4>
 
 <img src="/img/infisical_github_repo.png" width="100%" alt="Dashboard" />
@@ -51,19 +48,13 @@
 
 And more.
 
-## 🚀 Get started
+## Get started
 
 To quickly get started, visit our [get started guide](https://infisical.com/docs/getting-started/introduction).
 
-<p>
-  <a href="https://infisical.com/docs/self-hosting/overview" target="_blank"><img src="https://user-images.githubusercontent.com/78047717/206356882-2b773eed-b0da-4725-ae2f-83e3cd7f2713.png" height=120 /> </a>
-  <a href="https://www.youtube.com/watch?v=JS3OKYU2078" target="_blank"><img src="https://user-images.githubusercontent.com/78047717/206356600-8833b128-6cae-408c-a703-07b2fc6aff4b.png" height=120 /> </a>
-  <a href="https://app.infisical.com/signup" target="_blank"><img src="https://user-images.githubusercontent.com/78047717/206355970-f4c09062-b88f-452a-94e0-9c61a0651170.png" height=120></a>
-</p>
+## What's cool about this?
 
-## 🔥 What's cool about this?
-
-Infisical makes secret management simple and end-to-end encrypted by default. We're on a mission to make it more accessible to all developers, <i>not just security teams</i>.
+Infisical makes secret management simple and end-to-end encrypted by default. We're on a mission to make it more accessible to all developers, <i>not just security teams</i>. 
 
 According to a [report](https://www.ekransystem.com/en/blog/secrets-management) in 2019, only 10% of organizations use secret management solutions despite all using digital secrets to some extent.
 
@@ -71,23 +62,20 @@ If you care about efficiency and security, then Infisical is right for you.
 
 We are currently working hard to make Infisical more extensive. Need any integrations or want a new feature? Feel free to [create an issue](https://github.com/Infisical/infisical/issues) or [contribute](https://infisical.com/docs/contributing/overview) directly to the repository.
 
-## 🌱 Contributing
+## Contributing
 
 Whether it's big or small, we love contributions ❤️ Check out our guide to see how to [get started](https://infisical.com/docs/contributing/overview).
 
-Not sure where to get started? You can:
+Not sure where to get started? [Book a free, non-pressure pairing sessions with one of our teammates](mailto:tony@infisical.com?subject=Pairing%20session&body=I'd%20like%20to%20do%20a%20pairing%20session!)!
 
-- [Book a free, non-pressure pairing sessions with one of our teammates](mailto:tony@infisical.com?subject=Pairing%20session&body=I'd%20like%20to%20do%20a%20pairing%20session!)!
-- Join our <a href="https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g">Slack</a>, and ask us any questions there.
-
-## 💚 Community & Support
+## Community & Support
 
 - [Slack](https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g) (For live discussion with the community and the Infisical team)
 - [GitHub Discussions](https://github.com/Infisical/infisical/discussions) (For help with building and deeper conversations about features)
 - [GitHub Issues](https://github.com/Infisical/infisical-cli/issues) (For any bugs and errors you encounter using Infisical)
-- [Twitter](https://twitter.com/infisical) (Get news fast)
+- [Twitter](https://twitter.com/infisical) (Get news fast) 
 
-## 🐥 Status
+## Status
 
 - [x] Public Alpha: Anyone can sign up over at [infisical.com](https://infisical.com) but go easy on us, there are kinks and we're just getting started.
 - [ ] Public Beta: Stable enough for most non-enterprise use-cases.
@@ -95,7 +83,13 @@ Not sure where to get started? You can:
 
 We're currently in Public Alpha.
 
-## 🔌 Integrations
+## Stay Up-to-Date
+
+Infisical officially launched as v.1.0 on November 21st, 2022. However, a lot of new features are coming very quickly. Watch **releases** of this repository to be notified about future updates:
+
+![infisical-star-github](https://github.com/Infisical/infisical/blob/main/.github/images/star-infisical.gif?raw=true)
+
+## Integrations
 
 We're currently setting the foundation and building [integrations](https://infisical.com/docs/integrations/overview) so secrets can be synced everywhere. Any help is welcome! :)
 
@@ -128,14 +122,10 @@ We're currently setting the foundation and building [integrations](https://infis
     </tr>
     <tr>
       <td align="left" valign="middle">
-        <a href="https://infisical.com/docs/integrations/cloud/vercel?ref=github.com">
-          ✔️ Vercel
-        </a>
+        🔜 Vercel (https://github.com/Infisical/infisical/issues/60)
       </td>
       <td align="left" valign="middle">
-        <a href="https://infisical.com/docs/integrations/platforms/kubernetes?ref=github.com">
-          ✔️ Kubernetes
-        </a>
+        🔜 GitLab CI/CD
       </td>
       <td align="left" valign="middle">
         🔜 Fly.io
@@ -146,9 +136,7 @@ We're currently setting the foundation and building [integrations](https://infis
         🔜 AWS
       </td>
       <td align="left" valign="middle">
-        <a href="https://infisical.com/docs/integrations/cicd/githubactions">
-          ✔️ GitHub Actions
-        </a>
+        🔜 GitHub Actions (https://github.com/Infisical/infisical/issues/54)
       </td>
       <td align="left" valign="middle">
          🔜 Railway
@@ -159,10 +147,10 @@ We're currently setting the foundation and building [integrations](https://infis
         🔜 GCP
       </td>
       <td align="left" valign="middle">
-        🔜 GitLab CI/CD (https://github.com/Infisical/infisical/issues/134)
+        🔜 Kubernetes
       </td>
       <td align="left" valign="middle">
-        🔜 CircleCI (https://github.com/Infisical/infisical/issues/91)
+        🔜 CircleCI
       </td>
     </tr>
     <tr>
@@ -181,23 +169,7 @@ We're currently setting the foundation and building [integrations](https://infis
          🔜 TravisCI
       </td>
       <td align="left" valign="middle">
-        <a href="https://infisical.com/docs/integrations/cloud/netlify">
-          ✔️ Netlify
-        </a>
-      </td>
-      <td align="left" valign="middle">
-         🔜 Railway
-      </td>
-    </tr>
-    <tr>
-      <td align="left" valign="middle">
-         🔜 Bitbucket
-      </td>
-      <td align="left" valign="middle">
-         🔜 Supabase
-      </td>
-      <td align="left" valign="middle">
-         🔜 Render (https://github.com/Infisical/infisical/issues/132)
+         🔜 Netlify (https://github.com/Infisical/infisical/issues/55)
       </td>
     </tr>
   </tbody>
@@ -206,6 +178,7 @@ We're currently setting the foundation and building [integrations](https://infis
   </td>
 <td>
 
+
 <table>
   <tbody>
     <tr>
@@ -280,18 +253,6 @@ We're currently setting the foundation and building [integrations](https://infis
         </a>
       </td>
     </tr>
-    <tr>
-      <td align="left" valign="middle">
-        <a href="https://infisical.com/docs/integrations/frameworks/fiber?ref=github.com">
-          ✔️ Fiber
-        </a>
-      </td>
-      <td align="left" valign="middle">
-        <a href="https://infisical.com/docs/integrations/frameworks/nuxt?ref=github.com">
-          ✔️ Nuxt
-        </a>
-      </td>
-    </tr>
   </tbody>
 </table>
 
@@ -299,21 +260,16 @@ We're currently setting the foundation and building [integrations](https://infis
 </tr> 
 </table>
 
-## 🏘 Open-source vs. paid
+
+## Open-source vs. paid
 
 This repo is entirely MIT licensed, with the exception of the `ee` directory which will contain premium enterprise features requiring a Infisical license in the future. We're currently focused on developing non-enterprise offerings first that should suit most use-cases.
 
-## 🛡 Security
+## Security
 
 Looking to report a security vulnerability? Please don't post about it in GitHub issue. Instead, refer to our [SECURITY.md](./SECURITY.md) file.
 
-## 🚨 Stay Up-to-Date
-
-Infisical officially launched as v.1.0 on November 21st, 2022. However, a lot of new features are coming very quickly. Watch **releases** of this repository to be notified about future updates:
-
-![infisical-star-github](https://github.com/Infisical/infisical/blob/main/.github/images/star-infisical.gif?raw=true)
-
-## 🦸 Contributors
+## Contributors 🦸
 
 [//]: contributor-faces
 
@@ -321,4 +277,4 @@ Infisical officially launched as v.1.0 on November 21st, 2022. However, a lot of
 <!-- prettier-ignore-start -->
 <!-- markdownlint-disable -->
 
-<a href="https://github.com/dangtony98"><img src="https://avatars.githubusercontent.com/u/25857006?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/mv-turtle"><img src="https://avatars.githubusercontent.com/u/78047717?s=96&v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/maidul98"><img src="https://avatars.githubusercontent.com/u/9300960?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/gangjun06"><img src="https://avatars.githubusercontent.com/u/50910815?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/reginaldbondoc"><img src="https://avatars.githubusercontent.com/u/7693108?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/SH5H"><img src="https://avatars.githubusercontent.com/u/25437192?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/gmgale"><img src="https://avatars.githubusercontent.com/u/62303146?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/asharonbaltazar"><img src="https://avatars.githubusercontent.com/u/58940073?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/edgarrmondragon"><img src="https://avatars.githubusercontent.com/u/16805946?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/arjunyel"><img src="https://avatars.githubusercontent.com/u/11153289?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/LemmyMwaura"><img src="https://avatars.githubusercontent.com/u/20738858?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/Zamion101"><img src="https://avatars.githubusercontent.com/u/8071263?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/akhilmhdh"><img src="https://avatars.githubusercontent.com/u/31166322?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/naorpeled"><img src="https://avatars.githubusercontent.com/u/6171622?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/jonerrr"><img src="https://avatars.githubusercontent.com/u/73760377?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/adrianmarinwork"><img src="https://avatars.githubusercontent.com/u/118568289?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/arthurzenika"><img src="https://avatars.githubusercontent.com/u/445200?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/hanywang2"><img src="https://avatars.githubusercontent.com/u/44352119?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/tobias-mintlify"><img src="https://avatars.githubusercontent.com/u/110702161?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/wjhurley"><img src="https://avatars.githubusercontent.com/u/15939055?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/0xflotus"><img src="https://avatars.githubusercontent.com/u/26602940?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/wanjohiryan"><img src="https://avatars.githubusercontent.com/u/71614375?v=4" width="50" height="50" alt=""/></a>
+<a href="https://github.com/dangtony98"><img src="https://avatars.githubusercontent.com/u/25857006?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/mv-turtle"><img src="https://avatars.githubusercontent.com/u/78047717?s=96&v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/maidul98"><img src="https://avatars.githubusercontent.com/u/9300960?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/gangjun06"><img src="https://avatars.githubusercontent.com/u/50910815?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/reginaldbondoc"><img src="https://avatars.githubusercontent.com/u/7693108?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/SH5H"><img src="https://avatars.githubusercontent.com/u/25437192?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/hanywang2"><img src="https://avatars.githubusercontent.com/u/44352119?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/tobias-mintlify"><img src="https://avatars.githubusercontent.com/u/110702161?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/0xflotus"><img src="https://avatars.githubusercontent.com/u/26602940?v=4" width="50" height="50" alt=""/></a> 

backend/.eslintrc

@@ -1,12 +1,18 @@
 {
-  "parser": "@typescript-eslint/parser",
-  "plugins": ["@typescript-eslint"],
-  "extends": [
-    "eslint:recommended",
-    "plugin:@typescript-eslint/eslint-recommended",
-    "plugin:@typescript-eslint/recommended"
-  ],
-  "rules": {
-    "no-console": 2
-  }
-}
+    "root": true,
+    "parser": "@typescript-eslint/parser",
+    "plugins": [
+      "@typescript-eslint",
+      "prettier"
+    ],
+    "extends": [
+      "eslint:recommended",
+      "plugin:@typescript-eslint/eslint-recommended",
+      "plugin:@typescript-eslint/recommended",
+      "prettier"
+    ],
+    "rules": {
+      "no-console": 2,
+      "prettier/prettier": 2
+    }
+}

backend/.prettierrc

@@ -0,0 +1,7 @@
+{
+    "semi": true,
+    "trailingComma": "none",
+    "singleQuote": true,
+    "printWidth": 80,
+		"useTabs": true
+  }

backend/Dockerfile

@@ -2,14 +2,11 @@ FROM node:16-bullseye-slim
 
 WORKDIR /app
 
-COPY package.json package-lock.json ./
+COPY package*.json .
 
-RUN npm ci --only-production --ignore-scripts
+RUN npm install
 
 COPY . .
 
-HEALTHCHECK --interval=10s --timeout=3s --start-period=10s \  
-  CMD node healthcheck.js
-
-
 CMD ["npm", "run", "start"]
+

backend/__tests__/healthcheck.test.ts

@@ -1,19 +0,0 @@
-import { server } from '../src/app';
-import { describe, expect, it, beforeAll, afterAll } from '@jest/globals';
-import supertest from 'supertest';
-import { setUpHealthEndpoint } from '../src/services/health';
-
-const requestWithSupertest = supertest(server);
-describe('Healthcheck endpoint', () => {
-  beforeAll(async () => {
-    setUpHealthEndpoint(server);
-  });
-  afterAll(async () => {
-    server.close();
-  });
-
-  it('GET /healthcheck should return OK', async () => {
-    const res = await requestWithSupertest.get('/healthcheck');
-    expect(res.status).toEqual(200);
-  });
-});

backend/environment.d.ts

@@ -14,16 +14,12 @@ declare global {
 			JWT_SIGNUP_SECRET: string;
       MONGO_URL: string;
       NODE_ENV: 'development' | 'staging' | 'testing' | 'production';
-      VERBOSE_ERROR_OUTPUT: string;
-      LOKI_HOST: string;
-      CLIENT_ID_HEROKU: string;
-      CLIENT_ID_VERCEL: string;
-      CLIENT_ID_NETLIFY: string;
-      CLIENT_SECRET_HEROKU: string;
-      CLIENT_SECRET_VERCEL: string;
-      CLIENT_SECRET_NETLIFY: string;
+      OAUTH_CLIENT_SECRET_HEROKU: string;
+      OAUTH_TOKEN_URL_HEROKU: string;
 			POSTHOG_HOST: string;
 			POSTHOG_PROJECT_API_KEY: string;
+      PRIVATE_KEY: string;
+      PUBLIC_KEY: string;
       SENTRY_DSN: string;
       SITE_URL: string;
       SMTP_HOST: string;

backend/healthcheck.js

@@ -1,24 +0,0 @@
-const http = require('http');
-const PORT = process.env.PORT || 4000;
-const options = {
-  host: 'localhost',
-  port: PORT,
-  timeout: 2000,
-  path: '/healthcheck'
-};
-
-const healthCheck = http.request(options, (res) => {
-  console.log(`HEALTHCHECK STATUS: ${res.statusCode}`);
-  if (res.statusCode == 200) {
-    process.exit(0);
-  } else {
-    process.exit(1);
-  }
-});
-
-healthCheck.on('error', function (err) {
-  console.error(`HEALTH CHECK ERROR: ${err}`);
-  process.exit(1);
-});
-
-healthCheck.end();

backend/package.json

@@ -1,11 +1,8 @@
 {
   "dependencies": {
-    "@godaddy/terminus": "^4.11.2",
-    "@octokit/rest": "^19.0.5",
     "@sentry/node": "^7.14.0",
-    "@sentry/tracing": "^7.19.0",
+    "@sentry/tracing": "^7.14.0",
     "@types/crypto-js": "^4.1.1",
-    "@types/libsodium-wrappers": "^0.7.10",
     "axios": "^1.1.3",
     "bigint-conversion": "^2.2.2",
     "cookie-parser": "^1.4.6",
@@ -13,40 +10,32 @@
     "crypto-js": "^4.1.1",
     "dotenv": "^16.0.1",
     "express": "^4.18.1",
-    "express-rate-limit": "^6.7.0",
+    "express-rate-limit": "^6.5.1",
     "express-validator": "^6.14.2",
     "handlebars": "^4.7.7",
     "helmet": "^5.1.1",
-    "jsonwebtoken": "^9.0.0",
+    "jsonwebtoken": "^8.5.1",
     "jsrp": "^0.2.4",
-    "libsodium-wrappers": "^0.7.10",
-    "mongoose": "^6.7.2",
+    "mongoose": "^6.7.1",
     "nodemailer": "^6.8.0",
-    "posthog-node": "^2.2.2",
-    "query-string": "^7.1.3",
+    "posthog-node": "^2.1.0",
+    "query-string": "^7.1.1",
     "rimraf": "^3.0.2",
     "stripe": "^10.7.0",
     "tweetnacl": "^1.0.3",
     "tweetnacl-util": "^0.15.1",
-    "typescript": "^4.9.3",
-    "winston": "^3.8.2",
-    "winston-loki": "^6.0.6"
+    "typescript": "^4.8.4"
   },
   "name": "infisical-api",
   "version": "1.0.0",
   "main": "src/index.js",
   "scripts": {
-    "prepare": "cd .. && npm install",
     "start": "npm run build && node build/index.js",
     "dev": "nodemon",
-    "build": "rimraf ./build && tsc && cp -R ./src/templates ./build",
+    "build": "rimraf ./build && tsc && cp -R ./src/templates ./src/json ./build",
     "lint": "eslint . --ext .ts",
     "lint-and-fix": "eslint . --ext .ts --fix",
-    "lint-staged": "lint-staged",
-    "pretest": "docker compose -f test-resources/docker-compose.test.yml up -d",
-    "test": "cross-env NODE_ENV=test jest --testTimeout=10000 --detectOpenHandles",
-    "test:ci": "npm test -- --watchAll=false --ci --reporters=default --reporters=jest-junit --reporters=github-actions --coverage --testLocationInResults --json --outputFile=coverage/report.json",
-    "posttest": "docker compose -f test-resources/docker-compose.test.yml down"
+    "prettier-format": "prettier --config .prettierrc 'src/**/*.ts' --write"
   },
   "repository": {
     "type": "git",
@@ -60,49 +49,26 @@
   "homepage": "https://github.com/Infisical/infisical-api#readme",
   "description": "",
   "devDependencies": {
-    "@jest/globals": "^29.3.1",
     "@posthog/plugin-scaffold": "^1.3.4",
     "@types/cookie-parser": "^1.4.3",
     "@types/cors": "^2.8.12",
     "@types/express": "^4.17.14",
-    "@types/jest": "^29.2.4",
     "@types/jsonwebtoken": "^8.5.9",
     "@types/node": "^18.11.3",
     "@types/nodemailer": "^6.4.6",
-    "@types/supertest": "^2.0.12",
     "@types/swagger-jsdoc": "^6.0.1",
     "@types/swagger-ui-express": "^4.1.3",
     "@typescript-eslint/eslint-plugin": "^5.40.1",
     "@typescript-eslint/parser": "^5.40.1",
-    "cross-env": "^7.0.3",
     "eslint": "^8.26.0",
+    "eslint-config-prettier": "^8.5.0",
+    "eslint-plugin-prettier": "^4.2.1",
+    "husky": "^8.0.1",
     "install": "^0.13.0",
     "jest": "^29.3.1",
-    "jest-junit": "^15.0.0",
     "nodemon": "^2.0.19",
     "npm": "^8.19.3",
-    "supertest": "^6.3.3",
-    "ts-jest": "^29.0.3",
+    "prettier": "^2.7.1",
     "ts-node": "^10.9.1"
-  },
-  "jest": {
-    "preset": "ts-jest",
-    "testEnvironment": "node",
-    "collectCoverageFrom": [
-      "src/*.{js,ts}",
-      "!**/node_modules/**"
-    ],
-    "setupFiles": [
-      "<rootDir>/test-resources/env-vars.js"
-    ]
-  },
-  "jest-junit": {
-    "outputDirectory": "reports",
-    "outputName": "jest-junit.xml",
-    "ancestorSeparator": " › ",
-    "uniqueOutputName": "false",
-    "suiteNameTemplate": "{filepath}",
-    "classNameTemplate": "{classname}",
-    "titleTemplate": "{title}"
   }
 }

backend/src/app.ts

@@ -1,91 +0,0 @@
-
-import { patchRouterParam } from './utils/patchAsyncRoutes';
-import express from 'express';
-import helmet from 'helmet';
-import cors from 'cors';
-import cookieParser from 'cookie-parser';
-import dotenv from 'dotenv';
-
-dotenv.config();
-import { PORT, NODE_ENV, SITE_URL } from './config';
-import { apiLimiter } from './helpers/rateLimiter';
-
-import {
-  signup as signupRouter,
-  auth as authRouter,
-  bot as botRouter,
-  organization as organizationRouter,
-  workspace as workspaceRouter,
-  membershipOrg as membershipOrgRouter,
-  membership as membershipRouter,
-  key as keyRouter,
-  inviteOrg as inviteOrgRouter,
-  user as userRouter,
-  userAction as userActionRouter,
-  secret as secretRouter,
-  serviceToken as serviceTokenRouter,
-  password as passwordRouter,
-  stripe as stripeRouter,
-  integration as integrationRouter,
-  integrationAuth as integrationAuthRouter
-} from './routes';
-import { getLogger } from './utils/logger';
-import { RouteNotFoundError } from './utils/errors';
-import { requestErrorHandler } from './middleware/requestErrorHandler';
-
-//* Patch Async route params to handle Promise Rejections
-patchRouterParam()
-
-export const app = express();
-
-app.enable('trust proxy');
-app.use(express.json());
-app.use(cookieParser());
-app.use(
-  cors({
-    credentials: true,
-    origin: SITE_URL
-  })
-);
-
-if (NODE_ENV === 'production') {
-  // enable app-wide rate-limiting + helmet security
-  // in production
-  app.disable('x-powered-by');
-  app.use(apiLimiter);
-  app.use(helmet());
-}
-
-// routers
-app.use('/api/v1/signup', signupRouter);
-app.use('/api/v1/auth', authRouter);
-app.use('/api/v1/bot', botRouter);
-app.use('/api/v1/user', userRouter);
-app.use('/api/v1/user-action', userActionRouter);
-app.use('/api/v1/organization', organizationRouter);
-app.use('/api/v1/workspace', workspaceRouter);
-app.use('/api/v1/membership-org', membershipOrgRouter);
-app.use('/api/v1/membership', membershipRouter);
-app.use('/api/v1/key', keyRouter);
-app.use('/api/v1/invite-org', inviteOrgRouter);
-app.use('/api/v1/secret', secretRouter);
-app.use('/api/v1/service-token', serviceTokenRouter);
-app.use('/api/v1/password', passwordRouter);
-app.use('/api/v1/stripe', stripeRouter);
-app.use('/api/v1/integration', integrationRouter);
-app.use('/api/v1/integration-auth', integrationAuthRouter);
-
-
-//* Handle unrouted requests and respond with proper error message as well as status code
-app.use((req, res, next)=>{
-  if(res.headersSent) return next();
-  next(RouteNotFoundError({message: `The requested source '(${req.method})${req.url}' was not found`}))
-})
-
-//* Error Handling Middleware (must be after all routing logic)
-app.use(requestErrorHandler)
-
-
-export const server = app.listen(PORT, () => {
-  getLogger("backend-main").info(`Server started listening at port ${PORT}`)
-});

backend/src/config/index.ts

@@ -10,78 +10,56 @@ const JWT_SIGNUP_LIFETIME = process.env.JWT_SIGNUP_LIFETIME! || '15m';
 const JWT_SIGNUP_SECRET = process.env.JWT_SIGNUP_SECRET!;
 const MONGO_URL = process.env.MONGO_URL!;
 const NODE_ENV = process.env.NODE_ENV! || 'production';
-const VERBOSE_ERROR_OUTPUT = process.env.VERBOSE_ERROR_OUTPUT! === 'true' && true;
-const LOKI_HOST = process.env.LOKI_HOST || undefined;
-const CLIENT_SECRET_HEROKU = process.env.CLIENT_SECRET_HEROKU!;
-const CLIENT_ID_HEROKU = process.env.CLIENT_ID_HEROKU!;
-const CLIENT_ID_VERCEL = process.env.CLIENT_ID_VERCEL!;
-const CLIENT_ID_NETLIFY = process.env.CLIENT_ID_NETLIFY!;
-const CLIENT_ID_GITHUB = process.env.CLIENT_ID_GITHUB!;
-const CLIENT_SECRET_VERCEL = process.env.CLIENT_SECRET_VERCEL!;
-const CLIENT_SECRET_NETLIFY = process.env.CLIENT_SECRET_NETLIFY!;
-const CLIENT_SECRET_GITHUB = process.env.CLIENT_SECRET_GITHUB!;
-const CLIENT_SLUG_VERCEL= process.env.CLIENT_SLUG_VERCEL!;
+const OAUTH_CLIENT_SECRET_HEROKU = process.env.OAUTH_CLIENT_SECRET_HEROKU!;
+const OAUTH_TOKEN_URL_HEROKU = process.env.OAUTH_TOKEN_URL_HEROKU!;
 const POSTHOG_HOST = process.env.POSTHOG_HOST! || 'https://app.posthog.com';
-const POSTHOG_PROJECT_API_KEY =
-  process.env.POSTHOG_PROJECT_API_KEY! ||
-  'phc_nSin8j5q2zdhpFDI1ETmFNUIuTG4DwKVyIigrY10XiE';
+const POSTHOG_PROJECT_API_KEY = process.env.POSTHOG_PROJECT_API_KEY! || 'phc_nSin8j5q2zdhpFDI1ETmFNUIuTG4DwKVyIigrY10XiE';
+const PRIVATE_KEY = process.env.PRIVATE_KEY!;
+const PUBLIC_KEY = process.env.PUBLIC_KEY!;
 const SENTRY_DSN = process.env.SENTRY_DSN!;
 const SITE_URL = process.env.SITE_URL!;
-const SMTP_HOST = process.env.SMTP_HOST!;
-const SMTP_SECURE = process.env.SMTP_SECURE! === 'true' || false;
-const SMTP_PORT = parseInt(process.env.SMTP_PORT!) || 587;
+const SMTP_HOST = process.env.SMTP_HOST! || 'smtp.gmail.com';
+const SMTP_NAME = process.env.SMTP_NAME!;
 const SMTP_USERNAME = process.env.SMTP_USERNAME!;
 const SMTP_PASSWORD = process.env.SMTP_PASSWORD!;
-const SMTP_FROM_ADDRESS = process.env.SMTP_FROM_ADDRESS!;
-const SMTP_FROM_NAME = process.env.SMTP_FROM_NAME! || 'Infisical';
 const STRIPE_PRODUCT_CARD_AUTH = process.env.STRIPE_PRODUCT_CARD_AUTH!;
 const STRIPE_PRODUCT_PRO = process.env.STRIPE_PRODUCT_PRO!;
 const STRIPE_PRODUCT_STARTER = process.env.STRIPE_PRODUCT_STARTER!;
 const STRIPE_PUBLISHABLE_KEY = process.env.STRIPE_PUBLISHABLE_KEY!;
 const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY!;
 const STRIPE_WEBHOOK_SECRET = process.env.STRIPE_WEBHOOK_SECRET!;
-const TELEMETRY_ENABLED = process.env.TELEMETRY_ENABLED! !== 'false' && true;
+const TELEMETRY_ENABLED = (process.env.TELEMETRY_ENABLED! !== 'false') && true;
 
 export {
-  PORT,
-  EMAIL_TOKEN_LIFETIME,
-  ENCRYPTION_KEY,
-  JWT_AUTH_LIFETIME,
-  JWT_AUTH_SECRET,
-  JWT_REFRESH_LIFETIME,
-  JWT_REFRESH_SECRET,
-  JWT_SERVICE_SECRET,
-  JWT_SIGNUP_LIFETIME,
-  JWT_SIGNUP_SECRET,
-  MONGO_URL,
-  NODE_ENV,
-  VERBOSE_ERROR_OUTPUT,
-  LOKI_HOST,
-  CLIENT_ID_HEROKU,
-  CLIENT_ID_VERCEL,
-  CLIENT_ID_NETLIFY,
-  CLIENT_ID_GITHUB,
-  CLIENT_SECRET_HEROKU,
-  CLIENT_SECRET_VERCEL,
-  CLIENT_SECRET_NETLIFY,
-  CLIENT_SECRET_GITHUB,
-  CLIENT_SLUG_VERCEL,
-  POSTHOG_HOST,
-  POSTHOG_PROJECT_API_KEY,
-  SENTRY_DSN,
-  SITE_URL,
-  SMTP_HOST,
-  SMTP_PORT,
-  SMTP_SECURE,
-  SMTP_USERNAME,
-  SMTP_PASSWORD,
-  SMTP_FROM_ADDRESS,
-  SMTP_FROM_NAME,
-  STRIPE_PRODUCT_CARD_AUTH,
-  STRIPE_PRODUCT_PRO,
-  STRIPE_PRODUCT_STARTER,
-  STRIPE_PUBLISHABLE_KEY,
-  STRIPE_SECRET_KEY,
-  STRIPE_WEBHOOK_SECRET,
-  TELEMETRY_ENABLED
+	PORT,
+	EMAIL_TOKEN_LIFETIME,
+	ENCRYPTION_KEY,
+	JWT_AUTH_LIFETIME,
+	JWT_AUTH_SECRET,
+	JWT_REFRESH_LIFETIME,
+	JWT_REFRESH_SECRET,
+	JWT_SERVICE_SECRET,
+	JWT_SIGNUP_LIFETIME,
+	JWT_SIGNUP_SECRET,
+	MONGO_URL,
+	NODE_ENV,
+	OAUTH_CLIENT_SECRET_HEROKU,
+	OAUTH_TOKEN_URL_HEROKU,
+	POSTHOG_HOST,
+	POSTHOG_PROJECT_API_KEY,
+	PRIVATE_KEY,
+	PUBLIC_KEY,
+	SENTRY_DSN,
+	SITE_URL,
+	SMTP_HOST,
+	SMTP_NAME,
+	SMTP_USERNAME,
+	SMTP_PASSWORD,
+	STRIPE_PRODUCT_CARD_AUTH,
+	STRIPE_PRODUCT_PRO,
+	STRIPE_PRODUCT_STARTER,
+	STRIPE_PUBLISHABLE_KEY,
+	STRIPE_SECRET_KEY,
+	STRIPE_WEBHOOK_SECRET,
+	TELEMETRY_ENABLED
 };

backend/src/controllers/authController.ts

@@ -1,4 +1,3 @@
-/* eslint-disable @typescript-eslint/no-var-requires */
 import { Request, Response } from 'express';
 import jwt from 'jsonwebtoken';
 import * as Sentry from '@sentry/node';
@@ -6,17 +5,17 @@ import * as bigintConversion from 'bigint-conversion';
 const jsrp = require('jsrp');
 import { User } from '../models';
 import { createToken, issueTokens, clearTokens } from '../helpers/auth';
-import {
-  NODE_ENV,
-  JWT_AUTH_LIFETIME,
-  JWT_AUTH_SECRET,
-  JWT_REFRESH_SECRET
+import { 
+	NODE_ENV,
+	JWT_AUTH_LIFETIME, 
+	JWT_AUTH_SECRET,
+	JWT_REFRESH_SECRET
 } from '../config';
 
 declare module 'jsonwebtoken' {
-  export interface UserIDJwtPayload extends jwt.JwtPayload {
-    userId: string;
-  }
+	export interface UserIDJwtPayload extends jwt.JwtPayload {
+		userId: string;
+	}
 }
 
 const clientPublicKeys: any = {};
@@ -28,45 +27,47 @@ const clientPublicKeys: any = {};
  * @returns
  */
 export const login1 = async (req: Request, res: Response) => {
-  try {
-    const {
-      email,
-      clientPublicKey
-    }: { email: string; clientPublicKey: string } = req.body;
+	try {
+		const {
+			email,
+			clientPublicKey
+		}: { email: string; clientPublicKey: string } = req.body;
+		
+		const user = await User.findOne({
+			email
+		}).select('+salt +verifier');
+		
 
-    const user = await User.findOne({
-      email
-    }).select('+salt +verifier');
+		if (!user) throw new Error('Failed to find user');
 
-    if (!user) throw new Error('Failed to find user');
+		const server = new jsrp.server();
+		server.init(
+			{
+				salt: user.salt,
+				verifier: user.verifier
+			},
+			() => {
+				// generate server-side public key
+				const serverPublicKey = server.getPublicKey();
+				clientPublicKeys[email] = {
+					clientPublicKey,
+					serverBInt: bigintConversion.bigintToBuf(server.bInt)
+				};
+				
 
-    const server = new jsrp.server();
-    server.init(
-      {
-        salt: user.salt,
-        verifier: user.verifier
-      },
-      () => {
-        // generate server-side public key
-        const serverPublicKey = server.getPublicKey();
-        clientPublicKeys[email] = {
-          clientPublicKey,
-          serverBInt: bigintConversion.bigintToBuf(server.bInt)
-        };
-
-        return res.status(200).send({
-          serverPublicKey,
-          salt: user.salt
-        });
-      }
-    );
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-    return res.status(400).send({
-      message: 'Failed to start authentication process'
-    });
-  }
+				return res.status(200).send({
+					serverPublicKey,
+					salt: user.salt
+				});
+			}
+		);
+	} catch (err) {
+		Sentry.setUser(null);
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to start authentication process'
+		});
+	}
 };
 
 /**
@@ -77,59 +78,59 @@ export const login1 = async (req: Request, res: Response) => {
  * @returns
  */
 export const login2 = async (req: Request, res: Response) => {
-  try {
-    const { email, clientProof } = req.body;
-    const user = await User.findOne({
-      email
-    }).select('+salt +verifier +publicKey +encryptedPrivateKey +iv +tag');
+	try {
+		const { email, clientProof } = req.body;
+		const user = await User.findOne({
+			email
+		}).select('+salt +verifier +publicKey +encryptedPrivateKey +iv +tag');
 
-    if (!user) throw new Error('Failed to find user');
+		if (!user) throw new Error('Failed to find user');
 
-    const server = new jsrp.server();
-    server.init(
-      {
-        salt: user.salt,
-        verifier: user.verifier,
-        b: clientPublicKeys[email].serverBInt
-      },
-      async () => {
-        server.setClientPublicKey(clientPublicKeys[email].clientPublicKey);
+		const server = new jsrp.server();
+		server.init(
+			{
+				salt: user.salt,
+				verifier: user.verifier,
+				b: clientPublicKeys[email].serverBInt
+			},
+			async () => {
+				server.setClientPublicKey(clientPublicKeys[email].clientPublicKey);
 
-        // compare server and client shared keys
-        if (server.checkClientProof(clientProof)) {
-          // issue tokens
-          const tokens = await issueTokens({ userId: user._id.toString() });
+				// compare server and client shared keys
+				if (server.checkClientProof(clientProof)) {
+					// issue tokens
+					const tokens = await issueTokens({ userId: user._id.toString() });
+					
+					// store (refresh) token in httpOnly cookie
+					res.cookie('jid', tokens.refreshToken, {
+						httpOnly: true,
+						path: '/token',
+						sameSite: "strict",
+						secure: NODE_ENV === 'production' ? true : false
+					});
 
-          // store (refresh) token in httpOnly cookie
-          res.cookie('jid', tokens.refreshToken, {
-            httpOnly: true,
-            path: '/',
-            sameSite: 'strict',
-            secure: NODE_ENV === 'production' ? true : false
-          });
+					// return (access) token in response
+					return res.status(200).send({
+						token: tokens.token,
+						publicKey: user.publicKey,
+						encryptedPrivateKey: user.encryptedPrivateKey,
+						iv: user.iv,
+						tag: user.tag
+					});
+				}
 
-          // return (access) token in response
-          return res.status(200).send({
-            token: tokens.token,
-            publicKey: user.publicKey,
-            encryptedPrivateKey: user.encryptedPrivateKey,
-            iv: user.iv,
-            tag: user.tag
-          });
-        }
-
-        return res.status(400).send({
-          message: 'Failed to authenticate. Try again?'
-        });
-      }
-    );
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-    return res.status(400).send({
-      message: 'Failed to authenticate. Try again?'
-    });
-  }
+				return res.status(400).send({
+					message: 'Failed to authenticate. Try again?'
+				});
+			}
+		);
+	} catch (err) {
+		Sentry.setUser(null);
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to authenticate. Try again?'
+		});
+	}
 };
 
 /**
@@ -139,29 +140,29 @@ export const login2 = async (req: Request, res: Response) => {
  * @returns
  */
 export const logout = async (req: Request, res: Response) => {
-  try {
-    await clearTokens({
-      userId: req.user._id.toString()
-    });
+	try {
+		await clearTokens({
+			userId: req.user._id.toString()
+		});
+		
+		// clear httpOnly cookie
+		res.cookie('jid', '', {
+			httpOnly: true,
+			path: '/token',
+			sameSite: "strict",
+			secure: NODE_ENV === 'production' ? true : false
+		});
+	} catch (err) {
+		Sentry.setUser({ email: req.user.email });
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to logout'
+		});
+	}
 
-    // clear httpOnly cookie
-    res.cookie('jid', '', {
-      httpOnly: true,
-      path: '/',
-      sameSite: 'strict',
-      secure: NODE_ENV === 'production' ? true : false
-    });
-  } catch (err) {
-    Sentry.setUser({ email: req.user.email });
-    Sentry.captureException(err);
-    return res.status(400).send({
-      message: 'Failed to logout'
-    });
-  }
-
-  return res.status(200).send({
-    message: 'Successfully logged out.'
-  });
+	return res.status(200).send({
+		message: 'Successfully logged out.'
+	});
 };
 
 /**
@@ -171,9 +172,9 @@ export const logout = async (req: Request, res: Response) => {
  * @returns
  */
 export const checkAuth = async (req: Request, res: Response) =>
-  res.status(200).send({
-    message: 'Authenticated'
-  });
+	res.status(200).send({
+		message: 'Authenticated'
+	});
 
 /**
  * Return new token by redeeming refresh token
@@ -182,41 +183,42 @@ export const checkAuth = async (req: Request, res: Response) =>
  * @returns
  */
 export const getNewToken = async (req: Request, res: Response) => {
-  try {
-    const refreshToken = req.cookies.jid;
+	try {
+		const refreshToken = req.cookies.jid;
+		
+		if (!refreshToken) {
+			throw new Error('Failed to find token in request cookies');
+		}
+		
+		const decodedToken = <jwt.UserIDJwtPayload>(
+			jwt.verify(refreshToken, JWT_REFRESH_SECRET)
+		);
+		
+		const user = await User.findOne({
+			_id: decodedToken.userId
+		}).select('+publicKey');
 
-    if (!refreshToken) {
-      throw new Error('Failed to find token in request cookies');
-    }
-
-    const decodedToken = <jwt.UserIDJwtPayload>(
-      jwt.verify(refreshToken, JWT_REFRESH_SECRET)
-    );
-
-    const user = await User.findOne({
-      _id: decodedToken.userId
-    }).select('+publicKey');
-
-    if (!user) throw new Error('Failed to authenticate unfound user');
-    if (!user?.publicKey)
-      throw new Error('Failed to authenticate not fully set up account');
-
-    const token = createToken({
-      payload: {
-        userId: decodedToken.userId
-      },
-      expiresIn: JWT_AUTH_LIFETIME,
-      secret: JWT_AUTH_SECRET
-    });
-
-    return res.status(200).send({
-      token
-    });
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-    return res.status(400).send({
-      message: 'Invalid request'
-    });
-  }
+		if (!user) throw new Error('Failed to authenticate unfound user');
+		if (!user?.publicKey)
+			throw new Error('Failed to authenticate not fully set up account');
+		
+		const token = createToken({
+			payload: {
+				userId: decodedToken.userId
+			},
+			expiresIn: JWT_AUTH_LIFETIME,
+			secret: JWT_AUTH_SECRET
+		});
+		
+		return res.status(200).send({
+			token
+		});
+		
+	} catch (err) {
+		Sentry.setUser(null);
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Invalid request'
+		});
+	}
 };

backend/src/controllers/botController.ts

@@ -1,107 +0,0 @@
-import { Request, Response } from 'express';
-import * as Sentry from '@sentry/node';
-import { Bot, BotKey } from '../models';
-import { createBot } from '../helpers/bot';
-
-interface BotKey {
-    encryptedKey: string;
-    nonce: string;
-}
-
-/**
- * Return bot for workspace with id [workspaceId]. If a workspace bot doesn't exist,
- * then create and return a new bot.
- * @param req
- * @param res
- * @returns
- */
-export const getBotByWorkspaceId = async (req: Request, res: Response) => {
-    let bot;
-	try {
-        const { workspaceId } = req.params;
-
-        bot = await Bot.findOne({
-            workspace: workspaceId
-        });
-        
-        if (!bot) {
-            // case: bot doesn't exist for workspace with id [workspaceId]
-            // -> create a new bot and return it
-            bot = await createBot({
-                name: 'Infisical Bot',
-                workspaceId
-            });
-        }
-	} catch (err) {
-        Sentry.setUser({ email: req.user.email });
-		Sentry.captureException(err);
-        return res.status(400).send({
-			message: 'Failed to get bot for workspace'
-		});
-	}
-    
-    return res.status(200).send({
-        bot
-    });
-};
-
-/**
- * Return bot with id [req.bot._id] with active state set to [isActive].
- * @param req
- * @param res
- * @returns
- */
-export const setBotActiveState = async (req: Request, res: Response) => {
-    let bot;
-	try {
-        const { isActive, botKey }: { isActive: boolean, botKey: BotKey } = req.body;
-        
-        if (isActive) {
-            // bot state set to active -> share workspace key with bot
-            if (!botKey?.encryptedKey || !botKey?.nonce) {
-                return res.status(400).send({
-                    message: 'Failed to set bot state to active - missing bot key'
-                });
-            }
-            
-            await BotKey.findOneAndUpdate({
-                workspace: req.bot.workspace
-            }, {
-                encryptedKey: botKey.encryptedKey,
-                nonce: botKey.nonce,
-                sender: req.user._id,
-                bot: req.bot._id,
-                workspace: req.bot.workspace
-            }, {
-                upsert: true,
-                new: true
-            });
-        } else {
-            // case: bot state set to inactive -> delete bot's workspace key
-            await BotKey.deleteOne({
-                bot: req.bot._id
-            });
-        }
-
-        bot = await Bot.findOneAndUpdate({
-            _id: req.bot._id
-        }, {
-            isActive
-        }, {
-            new: true
-        });
-        
-        if (!bot) throw new Error('Failed to update bot active state');
-        
-	} catch (err) {
-        Sentry.setUser({ email: req.user.email });
-		Sentry.captureException(err);
-        return res.status(400).send({
-			message: 'Failed to update bot active state'
-		});
-	}
-    
-    return res.status(200).send({
-        bot
-    });
-};

backend/src/controllers/index.ts

@@ -1,5 +1,4 @@
 import * as authController from './authController';
-import * as botController from './botController';
 import * as integrationAuthController from './integrationAuthController';
 import * as integrationController from './integrationController';
 import * as keyController from './keyController';
@@ -17,7 +16,6 @@ import * as workspaceController from './workspaceController';
 
 export {
 	authController,
-	botController,
 	integrationAuthController,
 	integrationController,
 	keyController,

backend/src/controllers/integrationAuthController.ts

@@ -3,45 +3,69 @@ import * as Sentry from '@sentry/node';
 import axios from 'axios';
 import { readFileSync } from 'fs';
 import { IntegrationAuth, Integration } from '../models';
-import { INTEGRATION_SET, INTEGRATION_OPTIONS, ENV_DEV } from '../variables';
-import { IntegrationService } from '../services';
-import { getApps, revokeAccess } from '../integrations';
-
-export const getIntegrationOptions = async (
-	req: Request,
-	res: Response
-) => {
-	return res.status(200).send({
-		integrationOptions: INTEGRATION_OPTIONS
-	});
-}
+import { processOAuthTokenRes } from '../helpers/integrationAuth';
+import { INTEGRATION_SET, ENV_DEV } from '../variables';
+import { OAUTH_CLIENT_SECRET_HEROKU, OAUTH_TOKEN_URL_HEROKU } from '../config';
 
 /**
  * Perform OAuth2 code-token exchange as part of integration [integration] for workspace with id [workspaceId]
+ * Note: integration [integration] must be set up compatible/designed for OAuth2
  * @param req
  * @param res
  * @returns
  */
-export const oAuthExchange = async (
+export const integrationAuthOauthExchange = async (
 	req: Request,
 	res: Response
 ) => {
 	try {
+		let clientSecret;
+
 		const { workspaceId, code, integration } = req.body;
 
 		if (!INTEGRATION_SET.has(integration))
 			throw new Error('Failed to validate integration');
-	
-		await IntegrationService.handleOAuthExchange({
+
+		// use correct client secret
+		switch (integration) {
+			case 'heroku':
+				clientSecret = OAUTH_CLIENT_SECRET_HEROKU;
+		}
+
+		// TODO: unfinished - make compatible with other integration types
+		const res = await axios.post(
+			OAUTH_TOKEN_URL_HEROKU!,
+			new URLSearchParams({
+				grant_type: 'authorization_code',
+				code: code,
+				client_secret: clientSecret
+			} as any)
+		);
+
+		const integrationAuth = await processOAuthTokenRes({
 			workspaceId,
 			integration,
-			code
+			res
 		});
+
+		// create or replace integration
+		const integrationObj = await Integration.findOneAndUpdate(
+			{ workspace: workspaceId, integration },
+			{
+				workspace: workspaceId,
+				environment: ENV_DEV,
+				isActive: false,
+				app: null,
+				integration,
+				integrationAuth: integrationAuth._id
+			},
+			{ upsert: true, new: true }
+		);
 	} catch (err) {
 		Sentry.setUser(null);
 		Sentry.captureException(err);
 		return res.status(400).send({
-			message: 'Failed to get OAuth2 code-token exchange'
+			message: 'Failed to get OAuth2 token'
 		});
 	}
 
@@ -51,25 +75,26 @@ export const oAuthExchange = async (
 };
 
 /**
- * Return list of applications allowed for integration with integration authorization id [integrationAuthId]
+ * Return list of applications allowed for integration with id [integrationAuthId]
  * @param req
  * @param res
  * @returns
  */
 export const getIntegrationAuthApps = async (req: Request, res: Response) => {
+	// TODO: unfinished - make compatible with other integration types
 	let apps;
 	try {
-		apps = await getApps({
-			integrationAuth: req.integrationAuth,
-			accessToken: req.accessToken
+		const res = await axios.get('https://api.heroku.com/apps', {
+			headers: {
+				Accept: 'application/vnd.heroku+json; version=3',
+				Authorization: 'Bearer ' + req.accessToken
+			}
 		});
-	} catch (err) {
-		Sentry.setUser(null);
-        Sentry.captureException(err);	
-		return res.status(400).send({
-			message: 'Failed to get integration authorization applications'
-		});
-	}
+
+		apps = res.data.map((a: any) => ({
+			name: a.name
+		}));
+	} catch (err) {}
 
 	return res.status(200).send({
 		apps
@@ -83,22 +108,46 @@ export const getIntegrationAuthApps = async (req: Request, res: Response) => {
  * @returns
  */
 export const deleteIntegrationAuth = async (req: Request, res: Response) => {
+	// TODO: unfinished - disable application via Heroku API and make compatible with other integration types
 	try {
 		const { integrationAuthId } = req.params;
 
-		await revokeAccess({
-			integrationAuth: req.integrationAuth,
-			accessToken: req.accessToken
+		// TODO: disable application via Heroku API; figure out what authorization id is
+
+		const integrations = JSON.parse(
+			readFileSync('./src/json/integrations.json').toString()
+		);
+
+		let authorizationId;
+		switch (req.integrationAuth.integration) {
+			case 'heroku':
+				authorizationId = integrations.heroku.clientId;
+		}
+
+		// not sure what authorizationId is?
+		// // revoke authorization
+		// const res2 = await axios.delete(
+		//   `https://api.heroku.com/oauth/authorizations/${authorizationId}`,
+		//   {
+		//     headers: {
+		//         'Accept': 'application/vnd.heroku+json; version=3',
+		//         'Authorization': 'Bearer ' + req.accessToken
+		//     }
+		//   }
+		// );
+
+		const deletedIntegrationAuth = await IntegrationAuth.findOneAndDelete({
+			_id: integrationAuthId
 		});
+
+		if (deletedIntegrationAuth) {
+			await Integration.deleteMany({
+				integrationAuth: deletedIntegrationAuth._id
+			});
+		}
 	} catch (err) {
-		Sentry.setUser(null);
-        Sentry.captureException(err);	
 		return res.status(400).send({
 			message: 'Failed to delete integration authorization'
 		});
 	}
-	
-	return res.status(200).send({
-		message: 'Successfully deleted integration authorization'
-	});
-}
+};

backend/src/controllers/integrationController.ts

@@ -1,9 +1,11 @@
 import { Request, Response } from 'express';
 import { readFileSync } from 'fs';
 import * as Sentry from '@sentry/node';
-import { Integration, Bot, BotKey } from '../models';
-import { EventService } from '../services';
-import { eventPushSecrets } from '../events';
+import axios from 'axios';
+import { Integration } from '../models';
+import { decryptAsymmetric } from '../utils/crypto';
+import { decryptSecrets } from '../helpers/secret';
+import { PRIVATE_KEY } from '../config';
 
 interface Key {
 	encryptedKey: string;
@@ -22,58 +24,104 @@ interface PushSecret {
 	type: 'shared' | 'personal';
 }
 
+/**
+ * Return list of all available integrations on Infisical
+ * @param req
+ * @param res
+ * @returns
+ */
+export const getIntegrations = async (req: Request, res: Response) => {
+	let integrations;
+	try {
+		integrations = JSON.parse(
+			readFileSync('./src/json/integrations.json').toString()
+		);
+	} catch (err) {
+		Sentry.setUser(null);
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to get integrations'
+		});
+	}
+
+	return res.status(200).send({
+		integrations
+	});
+};
+
+/**
+ * Sync secrets [secrets] to integration with id [integrationId]
+ * @param req
+ * @param res
+ * @returns
+ */
+export const syncIntegration = async (req: Request, res: Response) => {
+	// TODO: unfinished - make more versatile to accomodate for other integrations
+	try {
+		const { key, secrets }: { key: Key; secrets: PushSecret[] } = req.body;
+		const symmetricKey = decryptAsymmetric({
+			ciphertext: key.encryptedKey,
+			nonce: key.nonce,
+			publicKey: req.user.publicKey,
+			privateKey: PRIVATE_KEY
+		});
+
+		// decrypt secrets with symmetric key
+		const content = decryptSecrets({
+			secrets,
+			key: symmetricKey,
+			format: 'object'
+		});
+
+		// TODO: make integration work for other integrations as well
+		const res = await axios.patch(
+			`https://api.heroku.com/apps/${req.integration.app}/config-vars`,
+			content,
+			{
+				headers: {
+					Accept: 'application/vnd.heroku+json; version=3',
+					Authorization: 'Bearer ' + req.accessToken
+				}
+			}
+		);
+	} catch (err) {
+		Sentry.setUser(null);
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to sync secrets with integration'
+		});
+	}
+
+	return res.status(200).send({
+		message: 'Successfully synced secrets with integration'
+	});
+};
+
 /**
  * Change environment or name of integration with id [integrationId]
  * @param req
  * @param res
  * @returns
  */
-export const updateIntegration = async (req: Request, res: Response) => {
+export const modifyIntegration = async (req: Request, res: Response) => {
 	let integration;
-	
-	// TODO: add integration-specific validation to ensure that each
-	// integration has the correct fields populated in [Integration]
-	
 	try {
-		const { 
-			app, 
-			environment, 
-			isActive, 
-			target, // vercel-specific integration param
-			context, // netlify-specific integration param
-			siteId // netlify-specific integration param
-		} = req.body;
-		
+		const { update } = req.body;
+
 		integration = await Integration.findOneAndUpdate(
 			{
 				_id: req.integration._id
 			},
-			{
-				environment,
-				isActive,
-				app,
-				target,
-				context,
-				siteId
-			},
+			update,
 			{
 				new: true
 			}
 		);
-		
-		if (integration) {
-			// trigger event - push secrets
-			EventService.handleEvent({
-				event: eventPushSecrets({
-					workspaceId: integration.workspace.toString()
-				})
-			});
-		}
 	} catch (err) {
 		Sentry.setUser({ email: req.user.email });
 		Sentry.captureException(err);
 		return res.status(400).send({
-			message: 'Failed to update integration'
+			message: 'Failed to modify integration'
 		});
 	}
 
@@ -83,8 +131,7 @@ export const updateIntegration = async (req: Request, res: Response) => {
 };
 
 /**
- * Delete integration with id [integrationId] and deactivate bot if there are
- * no integrations left
+ * Delete integration with id [integrationId]
  * @param req
  * @param res
  * @returns
@@ -97,29 +144,6 @@ export const deleteIntegration = async (req: Request, res: Response) => {
 		deletedIntegration = await Integration.findOneAndDelete({
 			_id: integrationId
 		});
-		
-		if (!deletedIntegration) throw new Error('Failed to find integration');
-		
-		const integrations = await Integration.find({
-			workspace: deletedIntegration.workspace
-		});
-			
-		if (integrations.length === 0) {
-			// case: no integrations left, deactivate bot
-			const bot = await Bot.findOneAndUpdate({
-				workspace: deletedIntegration.workspace
-			}, {
-				isActive: false
-			}, {
-				new: true
-			});
-			
-			if (bot) {
-				await BotKey.deleteOne({
-					bot: bot._id
-				});
-			}
-		}
 	} catch (err) {
 		Sentry.setUser({ email: req.user.email });
 		Sentry.captureException(err);

backend/src/controllers/keyController.ts

@@ -2,6 +2,7 @@ import { Request, Response } from 'express';
 import * as Sentry from '@sentry/node';
 import { Key } from '../models';
 import { findMembership } from '../helpers/membership';
+import { PUBLIC_KEY } from '../config';
 import { GRANTED } from '../variables';
 
 /**
@@ -16,6 +17,16 @@ export const uploadKey = async (req: Request, res: Response) => {
 		const { workspaceId } = req.params;
 		const { key } = req.body;
 
+		// validate membership of sender
+		const senderMembership = await findMembership({
+			user: req.user._id,
+			workspace: workspaceId
+		});
+
+		if (!senderMembership) {
+			throw new Error('Failed sender membership validation for workspace');
+		}
+
 		// validate membership of receiver
 		const receiverMembership = await findMembership({
 			user: key.userId,
@@ -83,4 +94,16 @@ export const getLatestKey = async (req: Request, res: Response) => {
 	}
 
 	return res.status(200).send(resObj);
-};
+};
+
+/**
+ * Return public key of Infisical
+ * @param req
+ * @param res
+ * @returns
+ */
+export const getPublicKeyInfisical = async (req: Request, res: Response) => {
+	return res.status(200).send({
+		publicKey: PUBLIC_KEY
+	});
+};

backend/src/controllers/membershipOrgController.ts

@@ -217,7 +217,7 @@ export const verifyUserToOrganization = async (req: Request, res: Response) => {
 	try {
 		const { email, code } = req.body;
 
-		user = await User.findOne({ email }).select('+publicKey');
+		user = await User.findOne({ email });
 		if (user && user?.publicKey) {
 			// case: user has already completed account
 			return res.status(403).send({
@@ -257,7 +257,7 @@ export const verifyUserToOrganization = async (req: Request, res: Response) => {
 		Sentry.setUser(null);
 		Sentry.captureException(err);
 		return res.status(400).send({
-			error: 'Failed email magic link verification for organization invitation'
+			error: 'Failed email magic link confirmation'
 		});
 	}
 

backend/src/controllers/passwordController.ts

@@ -1,121 +1,11 @@
 import { Request, Response } from 'express';
 import * as Sentry from '@sentry/node';
-import crypto from 'crypto';
 const jsrp = require('jsrp');
 import * as bigintConversion from 'bigint-conversion';
-import { User, Token, BackupPrivateKey } from '../models';
-import { checkEmailVerification } from '../helpers/signup';
-import { createToken } from '../helpers/auth';
-import { sendMail } from '../helpers/nodemailer';
-import { JWT_SIGNUP_LIFETIME, JWT_SIGNUP_SECRET, SITE_URL } from '../config';
+import { User, BackupPrivateKey } from '../models';
 
 const clientPublicKeys: any = {};
 
-/**
- * Password reset step 1: Send email verification link to email [email] 
- * for account recovery.
- * @param req
- * @param res
- * @returns
- */
-export const emailPasswordReset = async (req: Request, res: Response) => {
-	let email: string;
-	try {
-		email = req.body.email;
-
-		const user = await User.findOne({ email }).select('+publicKey');
-		if (!user || !user?.publicKey) {
-			// case: user has already completed account
-
-			return res.status(403).send({
-				error: 'Failed to send email verification for password reset'
-			});
-		}
-		
-		const token = crypto.randomBytes(16).toString('hex');
-
-		await Token.findOneAndUpdate(
-			{ email },
-			{
-				email,
-				token,
-				createdAt: new Date()
-			},
-			{ upsert: true, new: true }
-		);
-		
-		await sendMail({
-			template: 'passwordReset.handlebars',
-			subjectLine: 'Infisical password reset',
-			recipients: [email],
-			substitutions: {
-				email,
-				token,
-				callback_url: SITE_URL + '/password-reset'
-			}
-		});
-		
-	} catch (err) {
-		Sentry.setUser(null);
-		Sentry.captureException(err);
-		return res.status(400).send({
-			message: 'Failed to send email for account recovery'
-		});	
-	}
-	
-	return res.status(200).send({
-		message: `Sent an email for account recovery to ${email}`
-	});
-}
-
-/**
- * Password reset step 2: Verify email verification link sent to email [email]
- * @param req 
- * @param res 
- * @returns 
- */
-export const emailPasswordResetVerify = async (req: Request, res: Response) => {
-	let user, token;
-	try {
-		const { email, code } = req.body;
-		
-		user = await User.findOne({ email }).select('+publicKey');
-		if (!user || !user?.publicKey) {
-			// case: user doesn't exist with email [email] or 
-			// hasn't even completed their account
-			return res.status(403).send({
-				error: 'Failed email verification for password reset'
-			});
-		}
-
-		await checkEmailVerification({
-			email,
-			code
-		});
-		
-		// generate temporary password-reset token
-		token = createToken({
-			payload: {
-				userId: user._id.toString()
-			},
-			expiresIn: JWT_SIGNUP_LIFETIME,
-			secret: JWT_SIGNUP_SECRET
-		});
-	} catch (err) {
-		Sentry.setUser(null);
-		Sentry.captureException(err);
-		return res.status(400).send({
-			message: 'Failed email verification for password reset'
-		});	
-	}
-
-	return res.status(200).send({
-		message: 'Successfully verified email',
-		user,
-		token
-	});
-}
-
 /**
  * Return [salt] and [serverPublicKey] as part of step 1 of SRP protocol
  * @param req
@@ -153,7 +43,7 @@ export const srp1 = async (req: Request, res: Response) => {
 			}
 		);
 	} catch (err) {
-		Sentry.setUser({ email: req.user.email });
+		Sentry.setUser(null);
 		Sentry.captureException(err);
 		return res.status(400).send({
 			error: 'Failed to start change password process'
@@ -220,7 +110,7 @@ export const changePassword = async (req: Request, res: Response) => {
 			}
 		);
 	} catch (err) {
-		Sentry.setUser({ email: req.user.email });
+		Sentry.setUser(null);
 		Sentry.captureException(err);
 		return res.status(400).send({
 			error: 'Failed to change password. Try again?'
@@ -290,73 +180,10 @@ export const createBackupPrivateKey = async (req: Request, res: Response) => {
 			}
 		);
 	} catch (err) {
-		Sentry.setUser({ email: req.user.email });
+		Sentry.setUser(null);
 		Sentry.captureException(err);
 		return res.status(400).send({
 			message: 'Failed to update backup private key'
 		});
 	}
 };
-
-/**
- * Return backup private key for user
- * @param req 
- * @param res 
- * @returns 
- */
-export const getBackupPrivateKey = async (req: Request, res: Response) => {
-	let backupPrivateKey;
-	try {
-		backupPrivateKey = await BackupPrivateKey.findOne({
-			user: req.user._id
-		}).select('+encryptedPrivateKey +iv +tag');
-		
-		if (!backupPrivateKey) throw new Error('Failed to find backup private key');
-	} catch (err) {
-		Sentry.setUser({ email: req.user.email});
-		Sentry.captureException(err);
-		return res.status(400).send({
-			message: 'Failed to get backup private key'
-		});
-	}
-	
-	return res.status(200).send({
-		backupPrivateKey
-	});
-}
-
-export const resetPassword = async (req: Request, res: Response) => {
-	try {
-		const {
-			encryptedPrivateKey,
-			iv,
-			tag,
-			salt,
-			verifier,
-		} = req.body;
-
-		await User.findByIdAndUpdate(
-			req.user._id.toString(),
-			{
-				encryptedPrivateKey,
-				iv,
-				tag,
-				salt,
-				verifier
-			},
-			{
-				new: true
-			}
-		);	
-	} catch (err) {
-		Sentry.setUser({ email: req.user.email});
-		Sentry.captureException(err);
-		return res.status(400).send({
-			message: 'Failed to get backup private key'
-		});	
-	}
-	
-	return res.status(200).send({
-		message: 'Successfully reset password'
-	});
-}

backend/src/controllers/secretController.ts

@@ -7,9 +7,8 @@ import {
 	reformatPullSecrets
 } from '../helpers/secret';
 import { pushKeys } from '../helpers/key';
-import { eventPushSecrets } from '../events';
-import { EventService } from '../services';
 import { ENV_SET } from '../variables';
+
 import { postHogClient } from '../services';
 
 interface PushSecret {
@@ -61,8 +60,7 @@ export const pushSecrets = async (req: Request, res: Response) => {
 			workspaceId,
 			keys
 		});
-		
-		
+
 		if (postHogClient) {
 			postHogClient.capture({
 				event: 'secrets pushed',
@@ -76,13 +74,6 @@ export const pushSecrets = async (req: Request, res: Response) => {
 			});
 		}
 
-		// trigger event - push secrets
-		EventService.handleEvent({
-			event: eventPushSecrets({
-				workspaceId
-			})
-		});
-
 	} catch (err) {
 		Sentry.setUser({ email: req.user.email });
 		Sentry.captureException(err);
@@ -201,7 +192,7 @@ export const pullSecretsServiceToken = async (req: Request, res: Response) => {
 		};
 
 		if (postHogClient) {
-			// capture secrets pulled event in production
+			// capture secrets pushed event in production
 			postHogClient.capture({
 				distinctId: req.serviceToken.user.email,
 				event: 'secrets pulled',

backend/src/controllers/serviceTokenController.ts

@@ -58,8 +58,7 @@ export const createServiceToken = async (req: Request, res: Response) => {
 
 		token = createToken({
 			payload: {
-				serviceTokenId: serviceToken._id.toString(),
-				workspaceId
+				serviceTokenId: serviceToken._id.toString()
 			},
 			expiresIn: expiresIn,
 			secret: JWT_SERVICE_SECRET

backend/src/controllers/signupController.ts

@@ -10,7 +10,6 @@ import {
 } from '../helpers/signup';
 import { issueTokens, createToken } from '../helpers/auth';
 import { INVITED, ACCEPTED } from '../variables';
-import axios from 'axios';
 
 /**
  * Signup step 1: Initialize account for user under email [email] and send a verification code
@@ -180,21 +179,6 @@ export const completeAccountSignup = async (req: Request, res: Response) => {
 
 		token = tokens.token;
 		refreshToken = tokens.refreshToken;
-
-		// sending a welcome email to new users
-		if (process.env.LOOPS_API_KEY) {
-			await axios.post("https://app.loops.so/api/v1/events/send", {
-				"email": email,
-				"eventName": "Sign Up",
-				"firstName": firstName,
-				"lastName": lastName
-			}, {
-				headers: {
-					"Accept": "application/json",
-					"Authorization": "Bearer " + process.env.LOOPS_API_KEY
-				},
-			});
-		}
 	} catch (err) {
 		Sentry.setUser(null);
 		Sentry.captureException(err);

backend/src/events/index.ts

@@ -1,5 +0,0 @@
-import { eventPushSecrets } from "./secret"
-
-export {
-    eventPushSecrets
-}

backend/src/events/secret.ts

@@ -1,37 +0,0 @@
-import { EVENT_PUSH_SECRETS } from '../variables';
-
-interface PushSecret {
-	ciphertextKey: string;
-	ivKey: string;
-	tagKey: string;
-	hashKey: string;
-	ciphertextValue: string;
-	ivValue: string;
-	tagValue: string;
-	hashValue: string;
-	type: 'shared' | 'personal';
-}
-
-/**
- * Return event for pushing secrets
- * @param {Object} obj
- * @param {String} obj.workspaceId - id of workspace to push secrets to
- * @returns 
- */
-const eventPushSecrets = ({
-    workspaceId,
-}: {
-    workspaceId: string;
-}) => {
-    return ({
-        name: EVENT_PUSH_SECRETS,
-        workspaceId,
-        payload: {
-
-        }
-    });
-}
-
-export {
-    eventPushSecrets
-}

backend/src/helpers/bot.ts

@@ -1,230 +0,0 @@
-import * as Sentry from '@sentry/node';
-import {
-    Bot,
-    BotKey,
-    Secret,
-    ISecret,
-    IUser
-} from '../models';
-import { 
-    generateKeyPair, 
-    encryptSymmetric,
-    decryptSymmetric,
-    decryptAsymmetric
-} from '../utils/crypto';
-import { decryptSecrets } from '../helpers/secret';
-import { ENCRYPTION_KEY } from '../config';
-import { SECRET_SHARED } from '../variables';
-
-/**
- * Create an inactive bot with name [name] for workspace with id [workspaceId]
- * @param {Object} obj 
- * @param {String} obj.name - name of bot
- * @param {String} obj.workspaceId - id of workspace that bot belongs to
- */
-const createBot = async ({
-    name,
-    workspaceId,
-}: {
-    name: string;
-    workspaceId: string;
-}) => {
-    let bot;
-    try {
-        const { publicKey, privateKey } = generateKeyPair();
-        const { ciphertext, iv, tag } = encryptSymmetric({
-            plaintext: privateKey,
-            key: ENCRYPTION_KEY
-        });
-
-        bot = await new Bot({
-            name,
-            workspace: workspaceId,
-            isActive: false,
-            publicKey,
-            encryptedPrivateKey: ciphertext,
-            iv,
-            tag
-        }).save();
-    } catch (err) {
-		Sentry.setUser(null);
-		Sentry.captureException(err);
-		throw new Error('Failed to create bot');
-    }
-    
-    return bot;
-}
-
-/**
- * Return decrypted secrets for workspace with id [workspaceId]
- * and [environment] using bot
- * @param {Object} obj
- * @param {String} obj.workspaceId - id of workspace
- * @param {String} obj.environment - environment
- */
-const getSecretsHelper = async ({
-    workspaceId,
-    environment
-}: {
-    workspaceId: string;
-    environment: string;
-}) => {
-    const content = {} as any;
-    try {
-        const key = await getKey({ workspaceId });
-        const secrets = await Secret.find({
-            workspaceId,
-            environment,
-            type: SECRET_SHARED
-        });
-        
-        secrets.forEach((secret: ISecret) => {
-            const secretKey = decryptSymmetric({
-                ciphertext: secret.secretKeyCiphertext,
-                iv: secret.secretKeyIV,
-                tag: secret.secretKeyTag,
-                key
-            });
-            
-            const secretValue = decryptSymmetric({
-                ciphertext: secret.secretValueCiphertext,
-                iv: secret.secretValueIV,
-                tag: secret.secretValueTag,
-                key
-            });
-
-            content[secretKey] = secretValue;
-        });
-    } catch (err) {
-        Sentry.setUser(null);
-        Sentry.captureException(err);
-        throw new Error('Failed to get secrets');
-    }
-
-    return content;
-}
-
-/**
- * Return bot's copy of the workspace key for workspace 
- * with id [workspaceId]
- * @param {Object} obj
- * @param {String} obj.workspaceId - id of workspace
- * @returns {String} key - decrypted workspace key
- */
-const getKey = async ({ workspaceId }: { workspaceId: string }) => {
-    let key;
-    try {
-        const botKey = await BotKey.findOne({
-            workspace: workspaceId
-        }).populate<{ sender: IUser }>('sender', 'publicKey');
-        
-        if (!botKey) throw new Error('Failed to find bot key');
-        
-        const bot = await Bot.findOne({
-            workspace: workspaceId
-        }).select('+encryptedPrivateKey +iv +tag');
-        
-        if (!bot) throw new Error('Failed to find bot');
-        if (!bot.isActive) throw new Error('Bot is not active');
-        
-        const privateKeyBot = decryptSymmetric({
-            ciphertext: bot.encryptedPrivateKey,
-            iv: bot.iv,
-            tag: bot.tag,
-            key: ENCRYPTION_KEY
-        });
-        
-        key = decryptAsymmetric({
-            ciphertext: botKey.encryptedKey,
-            nonce: botKey.nonce,
-            publicKey: botKey.sender.publicKey as string,
-            privateKey: privateKeyBot
-        });
-    } catch (err) {
-        Sentry.setUser(null);
-		Sentry.captureException(err);
-		throw new Error('Failed to get workspace key');
-    }
-    
-    return key;
-}
-
-/**
- * Return symmetrically encrypted [plaintext] using the
- * key for workspace with id [workspaceId] 
- * @param {Object} obj1
- * @param {String} obj1.workspaceId - id of workspace
- * @param {String} obj1.plaintext - plaintext to encrypt
- */
-const encryptSymmetricHelper = async ({
-    workspaceId,
-    plaintext
-}: {
-    workspaceId: string;
-    plaintext: string;
-}) => {
-    
-    try {
-        const key = await getKey({ workspaceId });
-        const { ciphertext, iv, tag } = encryptSymmetric({
-            plaintext,
-            key
-        });
-        
-        return ({
-            ciphertext,
-            iv,
-            tag
-        });
-    } catch (err) {
-        Sentry.setUser(null);
-		Sentry.captureException(err);
-		throw new Error('Failed to perform symmetric encryption with bot');
-    }
-}
-/**
- * Return symmetrically decrypted [ciphertext] using the
- * key for workspace with id [workspaceId]
- * @param {Object} obj
- * @param {String} obj.workspaceId - id of workspace
- * @param {String} obj.ciphertext - ciphertext to decrypt
- * @param {String} obj.iv - iv
- * @param {String} obj.tag - tag
- */
-const decryptSymmetricHelper = async ({
-    workspaceId,
-    ciphertext,
-    iv,
-    tag
-}: {
-    workspaceId: string;
-    ciphertext: string;
-    iv: string;
-    tag: string;
-}) => {
-    let plaintext;
-    try {
-        const key = await getKey({ workspaceId });
-        const plaintext = decryptSymmetric({
-            ciphertext,
-            iv,
-            tag,
-            key
-        });
-        
-        return plaintext;
-    } catch (err) {
-        Sentry.setUser(null);
-		Sentry.captureException(err);
-		throw new Error('Failed to perform symmetric decryption with bot');
-    }
-    
-    return plaintext;
-}
-
-export {
-    createBot,
-    getSecretsHelper,
-    encryptSymmetricHelper,
-    decryptSymmetricHelper
-}

backend/src/helpers/event.ts

@@ -1,51 +0,0 @@
-import { Bot, IBot } from '../models';
-import * as Sentry from '@sentry/node';
-import { EVENT_PUSH_SECRETS } from '../variables';
-import { IntegrationService } from '../services';
-
-interface Event {
-    name: string;
-    workspaceId: string;
-    payload: any;
-}
-
-/**
- * Handle event [event]
- * @param {Object} obj
- * @param {Event} obj.event - an event
- * @param {String} obj.event.name - name of event
- * @param {String} obj.event.workspaceId - id of workspace that event is part of
- * @param {Object} obj.event.payload - payload of event (depends on event)
- */
-const handleEventHelper = async ({
-    event
-}: {
-    event: Event;
-}) => {
-    const { workspaceId } = event;
-    
-    // TODO: moduralize bot check into separate function
-    const bot = await Bot.findOne({
-        workspace: workspaceId,
-        isActive: true
-    });
-    
-    if (!bot) return;
-    
-    try {
-        switch (event.name) {
-            case EVENT_PUSH_SECRETS:
-                IntegrationService.syncIntegrations({
-                    workspaceId
-                });
-                break;
-        }
-    } catch (err) {
-        Sentry.setUser(null);
-        Sentry.captureException(err);
-    }
-}
-
-export {
-    handleEventHelper
-}

backend/src/helpers/integration.ts

@@ -1,358 +0,0 @@
-import * as Sentry from '@sentry/node';
-import {
-    Bot,
-    Integration,
-    IntegrationAuth,
-} from '../models';
-import { exchangeCode, exchangeRefresh, syncSecrets } from '../integrations';
-import { BotService } from '../services';
-import {
-    ENV_DEV,
-    EVENT_PUSH_SECRETS,
-    INTEGRATION_VERCEL,
-    INTEGRATION_NETLIFY
-} from '../variables';
-import { UnauthorizedRequestError } from '../utils/errors';
-import RequestError from '../utils/requestError';
-
-interface Update {
-    workspace: string;
-    integration: string;
-    teamId?: string;
-    accountId?: string;
-}
-
-/**
- * Perform OAuth2 code-token exchange for workspace with id [workspaceId] and integration
- * named [integration]
- * - Store integration access and refresh tokens returned from the OAuth2 code-token exchange
- * - Add placeholder inactive integration
- * - Create bot sequence for integration
- * @param {Object} obj
- * @param {String} obj.workspaceId - id of workspace
- * @param {String} obj.integration - name of integration 
- * @param {String} obj.code - code
-*/
-const handleOAuthExchangeHelper = async ({
-    workspaceId,
-    integration,
-    code
-}: {
-    workspaceId: string;
-    integration: string;
-    code: string;
-}) => {
-    let action;
-    let integrationAuth;
-    try {
-        const bot = await Bot.findOne({
-            workspace: workspaceId,
-            isActive: true
-        });
-        
-        if (!bot) throw new Error('Bot must be enabled for OAuth2 code-token exchange');
-        
-        // exchange code for access and refresh tokens
-        const res = await exchangeCode({
-            integration,
-            code
-        });
-        
-        const update: Update = {
-            workspace: workspaceId,
-            integration
-        }
-        
-        switch (integration) {
-            case INTEGRATION_VERCEL:
-                update.teamId = res.teamId;
-                break;
-            case INTEGRATION_NETLIFY:
-                update.accountId = res.accountId;
-                break;
-        }
-        
-        integrationAuth = await IntegrationAuth.findOneAndUpdate({
-            workspace: workspaceId,
-            integration
-        }, update, {
-            new: true,
-            upsert: true
-        });
-        
-        if (res.refreshToken) {
-            // case: refresh token returned from exchange
-            // set integration auth refresh token
-            await setIntegrationAuthRefreshHelper({
-                integrationAuthId: integrationAuth._id.toString(),
-                refreshToken: res.refreshToken
-            });
-        }
-        
-        if (res.accessToken) {
-            // case: access token returned from exchange
-            // set integration auth access token
-            await setIntegrationAuthAccessHelper({
-                integrationAuthId: integrationAuth._id.toString(),
-                accessToken: res.accessToken,
-                accessExpiresAt: res.accessExpiresAt
-            });
-        }
-
-        // initialize new integration after exchange
-        await new Integration({
-            workspace: workspaceId,
-            environment: ENV_DEV,
-            isActive: false,
-            app: null,
-            integration,
-            integrationAuth: integrationAuth._id
-        }).save();
-    } catch (err) {
-        Sentry.setUser(null);
-        Sentry.captureException(err);
-        throw new Error('Failed to handle OAuth2 code-token exchange')
-    }
-}
-/**
- * Sync/push environment variables in workspace with id [workspaceId] to
- * all active integrations for that workspace
- * @param {Object} obj
- * @param {Object} obj.workspaceId - id of workspace
- */
-const syncIntegrationsHelper = async ({
-    workspaceId
-}: {
-    workspaceId: string;
-}) => {
-    let integrations;
-    try {
-
-        integrations = await Integration.find({
-            workspace: workspaceId,
-            isActive: true,
-            app: { $ne: null }
-        });
-
-        // for each workspace integration, sync/push secrets
-        // to that integration
-        for await (const integration of integrations) {
-            // get workspace, environment (shared) secrets
-            const secrets = await BotService.getSecrets({ // issue here?
-                workspaceId: integration.workspace.toString(),
-                environment: integration.environment
-            });
-            
-            const integrationAuth = await IntegrationAuth.findById(integration.integrationAuth);
-            if (!integrationAuth) throw new Error('Failed to find integration auth');
-            
-            // get integration auth access token
-            const accessToken = await getIntegrationAuthAccessHelper({
-                integrationAuthId: integration.integrationAuth.toString()
-            });
-
-            // sync secrets to integration
-            await syncSecrets({
-                integration,
-                integrationAuth,
-                secrets,
-                accessToken
-            });
-        }
-    } catch (err) {
-        Sentry.setUser(null);
-        Sentry.captureException(err);
-        throw new Error('Failed to sync secrets to integrations');
-    }
-}
-
-/**
- * Return decrypted refresh token using the bot's copy
- * of the workspace key for workspace belonging to integration auth
- * with id [integrationAuthId]
- * @param {Object} obj
- * @param {String} obj.integrationAuthId - id of integration auth
- * @param {String} refreshToken - decrypted refresh token
- */
- const getIntegrationAuthRefreshHelper = async ({ integrationAuthId }: { integrationAuthId: string }) => {
-    let refreshToken;
-	
-    try {
-        const integrationAuth = await IntegrationAuth
-            .findById(integrationAuthId)
-            .select('+refreshCiphertext +refreshIV +refreshTag');
-
-        if (!integrationAuth) throw UnauthorizedRequestError({message: 'Failed to locate Integration Authentication credentials'});
-
-        refreshToken = await BotService.decryptSymmetric({
-            workspaceId: integrationAuth.workspace.toString(),
-            ciphertext: integrationAuth.refreshCiphertext as string,
-            iv: integrationAuth.refreshIV as string,
-            tag: integrationAuth.refreshTag as string
-        });
-
-    } catch (err) {
-        Sentry.setUser(null);
-		Sentry.captureException(err);
-        if(err instanceof RequestError)
-            throw err
-        else
-            throw new Error('Failed to get integration refresh token');
-    }
-    
-    return refreshToken;
-}
-
-/**
- * Return decrypted access token using the bot's copy
- * of the workspace key for workspace belonging to integration auth
- * with id [integrationAuthId]
- * @param {Object} obj
- * @param {String} obj.integrationAuthId - id of integration auth
- * @returns {String} accessToken - decrypted access token
- */
-const getIntegrationAuthAccessHelper = async ({ integrationAuthId }: { integrationAuthId: string }) => {
-    let accessToken;
-	
-    try {
-        const integrationAuth = await IntegrationAuth
-            .findById(integrationAuthId)
-            .select('workspace integration +accessCiphertext +accessIV +accessTag +accessExpiresAt + refreshCiphertext');
-
-        if (!integrationAuth) throw UnauthorizedRequestError({message: 'Failed to locate Integration Authentication credentials'});
-
-        accessToken = await BotService.decryptSymmetric({
-            workspaceId: integrationAuth.workspace.toString(),
-            ciphertext: integrationAuth.accessCiphertext as string,
-            iv: integrationAuth.accessIV as string,
-            tag: integrationAuth.accessTag as string
-        });
-
-        if (integrationAuth?.accessExpiresAt && integrationAuth?.refreshCiphertext) {
-            // there is a access token expiration date
-            // and refresh token to exchange with the OAuth2 server
-            
-            if (integrationAuth.accessExpiresAt < new Date()) {
-                // access token is expired
-                const refreshToken = await getIntegrationAuthRefreshHelper({ integrationAuthId });
-                accessToken = await exchangeRefresh({
-                    integration: integrationAuth.integration,
-                    refreshToken
-                });
-            }
-        }
-
-    } catch (err) {
-        Sentry.setUser(null);
-		Sentry.captureException(err);
-        if(err instanceof RequestError)
-            throw err
-        else
-            throw new Error('Failed to get integration access token');
-    }
-    
-    return accessToken;
-}
-
-/**
- * Encrypt refresh token [refreshToken] using the bot's copy
- * of the workspace key for workspace belonging to integration auth
- * with id [integrationAuthId] and store it
- * @param {Object} obj
- * @param {String} obj.integrationAuthId - id of integration auth
- * @param {String} obj.refreshToken - refresh token
- */
-const setIntegrationAuthRefreshHelper = async ({
-    integrationAuthId,
-    refreshToken
-}: {
-    integrationAuthId: string;
-    refreshToken: string;
-}) => {
-    
-    let integrationAuth;
-    try {
-        integrationAuth = await IntegrationAuth
-            .findById(integrationAuthId);
-        
-        if (!integrationAuth) throw new Error('Failed to find integration auth');
-        
-        const obj = await BotService.encryptSymmetric({
-            workspaceId: integrationAuth.workspace.toString(),
-            plaintext: refreshToken
-        });
-        
-        integrationAuth = await IntegrationAuth.findOneAndUpdate({
-            _id: integrationAuthId
-        }, {
-            refreshCiphertext: obj.ciphertext,
-            refreshIV: obj.iv,
-            refreshTag: obj.tag
-        }, {
-            new: true
-        });
-    } catch (err) {
-        Sentry.setUser(null);
-		Sentry.captureException(err);
-		throw new Error('Failed to set integration auth refresh token');
-    }
-    
-    return integrationAuth;
-}
-
-/**
- * Encrypt access token [accessToken] using the bot's copy
- * of the workspace key for workspace belonging to integration auth
- * with id [integrationAuthId] and store it along with [accessExpiresAt]
- * @param {Object} obj
- * @param {String} obj.integrationAuthId - id of integration auth
- * @param {String} obj.accessToken - access token
- * @param {Date} obj.accessExpiresAt - expiration date of access token
- */
-const setIntegrationAuthAccessHelper = async ({
-    integrationAuthId,
-    accessToken,
-    accessExpiresAt
-}: {
-    integrationAuthId: string;
-    accessToken: string;
-    accessExpiresAt: Date;
-}) => {
-    let integrationAuth;
-    try {
-        integrationAuth = await IntegrationAuth.findById(integrationAuthId);
-        
-        if (!integrationAuth) throw new Error('Failed to find integration auth');
-        
-        const obj = await BotService.encryptSymmetric({
-            workspaceId: integrationAuth.workspace.toString(),
-            plaintext: accessToken
-        });
-        
-        integrationAuth = await IntegrationAuth.findOneAndUpdate({
-            _id: integrationAuthId
-        }, {
-            accessCiphertext: obj.ciphertext,
-            accessIV: obj.iv,
-            accessTag: obj.tag,
-            accessExpiresAt
-        }, {
-            new: true
-        });
-    } catch (err) {
-        Sentry.setUser(null);
-		Sentry.captureException(err);
-		throw new Error('Failed to save integration auth access token');
-    }
-    
-    return integrationAuth;
-}
-
-export {
-    handleOAuthExchangeHelper,
-    syncIntegrationsHelper,
-    getIntegrationAuthRefreshHelper,
-    getIntegrationAuthAccessHelper,
-    setIntegrationAuthRefreshHelper,
-    setIntegrationAuthAccessHelper
-}

backend/src/helpers/integrationAuth.ts

@@ -0,0 +1,174 @@
+import * as Sentry from '@sentry/node';
+import axios from 'axios';
+import { IntegrationAuth } from '../models';
+import { encryptSymmetric, decryptSymmetric } from '../utils/crypto';
+import { IIntegrationAuth } from '../models';
+import {
+	ENCRYPTION_KEY,
+	OAUTH_CLIENT_SECRET_HEROKU,
+	OAUTH_TOKEN_URL_HEROKU
+} from '../config';
+
+/**
+ * Process token exchange and refresh responses from respective OAuth2 authorization servers by
+ * encrypting access and refresh tokens, computing new access token expiration times [accessExpiresAt],
+ * and upserting them into the DB for workspace with id [workspaceId] and integration [integration].
+ * @param {Object} obj
+ * @param {String} obj.workspaceId - id of workspace
+ * @param {String} obj.integration - name of integration (e.g. heroku)
+ * @param {Object} obj.res - response from OAuth2 authorization server
+ */
+const processOAuthTokenRes = async ({
+	workspaceId,
+	integration,
+	res
+}: {
+	workspaceId: string;
+	integration: string;
+	res: any;
+}): Promise<IIntegrationAuth> => {
+	let integrationAuth;
+	try {
+		// encrypt refresh + access tokens
+		const {
+			ciphertext: refreshCiphertext,
+			iv: refreshIV,
+			tag: refreshTag
+		} = encryptSymmetric({
+			plaintext: res.data.refresh_token,
+			key: ENCRYPTION_KEY
+		});
+
+		const {
+			ciphertext: accessCiphertext,
+			iv: accessIV,
+			tag: accessTag
+		} = encryptSymmetric({
+			plaintext: res.data.access_token,
+			key: ENCRYPTION_KEY
+		});
+
+		// compute access token expiration date
+		const accessExpiresAt = new Date();
+		accessExpiresAt.setSeconds(
+			accessExpiresAt.getSeconds() + res.data.expires_in
+		);
+
+		// create or replace integration authorization with encrypted tokens
+		// and access token expiration date
+		integrationAuth = await IntegrationAuth.findOneAndUpdate(
+			{ workspace: workspaceId, integration },
+			{
+				workspace: workspaceId,
+				integration,
+				refreshCiphertext,
+				refreshIV,
+				refreshTag,
+				accessCiphertext,
+				accessIV,
+				accessTag,
+				accessExpiresAt
+			},
+			{ upsert: true, new: true }
+		);
+	} catch (err) {
+		Sentry.setUser(null);
+		Sentry.captureException(err);
+		throw new Error(
+			'Failed to process OAuth2 authorization server token response'
+		);
+	}
+
+	return integrationAuth;
+};
+
+/**
+ * Return access token for integration either by decrypting a non-expired access token [accessCiphertext] on
+ * the integration authorization document or by requesting a new one by decrypting and exchanging the
+ * refresh token [refreshCiphertext] with the respective OAuth2 authorization server.
+ * @param {Object} obj
+ * @param {IIntegrationAuth} obj.integrationAuth - an integration authorization document
+ * @returns {String} access token - new access token
+ */
+const getOAuthAccessToken = async ({
+	integrationAuth
+}: {
+	integrationAuth: IIntegrationAuth;
+}) => {
+	let accessToken;
+	try {
+		const {
+			refreshCiphertext,
+			refreshIV,
+			refreshTag,
+			accessCiphertext,
+			accessIV,
+			accessTag,
+			accessExpiresAt
+		} = integrationAuth;
+
+		if (
+			refreshCiphertext &&
+			refreshIV &&
+			refreshTag &&
+			accessCiphertext &&
+			accessIV &&
+			accessTag &&
+			accessExpiresAt
+		) {
+			if (accessExpiresAt < new Date()) {
+				// case: access token expired
+				// TODO: fetch another access token
+
+				let clientSecret;
+				switch (integrationAuth.integration) {
+					case 'heroku':
+						clientSecret = OAUTH_CLIENT_SECRET_HEROKU;
+				}
+
+				// record new access token and refresh token
+				// encrypt refresh + access tokens
+				const refreshToken = decryptSymmetric({
+					ciphertext: refreshCiphertext,
+					iv: refreshIV,
+					tag: refreshTag,
+					key: ENCRYPTION_KEY
+				});
+
+				// TODO: make route compatible with other integration types
+				const res = await axios.post(
+					OAUTH_TOKEN_URL_HEROKU, // maybe shouldn't be a config variable?
+					new URLSearchParams({
+						grant_type: 'refresh_token',
+						refresh_token: refreshToken,
+						client_secret: clientSecret
+					} as any)
+				);
+
+				accessToken = res.data.access_token;
+
+				await processOAuthTokenRes({
+					workspaceId: integrationAuth.workspace.toString(),
+					integration: integrationAuth.integration,
+					res
+				});
+			} else {
+				// case: access token still works
+				accessToken = decryptSymmetric({
+					ciphertext: accessCiphertext,
+					iv: accessIV,
+					tag: accessTag,
+					key: ENCRYPTION_KEY
+				});
+			}
+		}
+	} catch (err) {
+		Sentry.setUser(null);
+		Sentry.captureException(err);
+		throw new Error('Failed to get OAuth2 access token');
+	}
+
+	return accessToken;
+};
+
+export { processOAuthTokenRes, getOAuthAccessToken };

backend/src/helpers/membership.ts

@@ -1,52 +1,6 @@
 import * as Sentry from '@sentry/node';
 import { Membership, Key } from '../models';
 
-/**
- * Validate that user with id [userId] is a member of workspace with id [workspaceId]
- * and has at least one of the roles in [acceptedRoles] and statuses in [acceptedStatuses]
- * @param {Object} obj
- * @param {String} obj.userId - id of user to validate
- * @param {String} obj.workspaceId - id of workspace
- */
-const validateMembership = async ({
-	userId,
-	workspaceId,
-	acceptedRoles,
-	acceptedStatuses
-}: {
-	userId: string;
-	workspaceId: string;
-	acceptedRoles: string[];
-	acceptedStatuses: string[];
-}) => {
-	
-	let membership;
-	//TODO: Refactor code to take advantage of using RequestError. It's possible to create new types of errors for more detailed errors
-	try {
-		membership = await Membership.findOne({
-			user: userId,
-			workspace: workspaceId
-		});
-		
-		if (!membership) throw new Error('Failed to find membership');
-		
-		if (!acceptedRoles.includes(membership.role)) {
-			throw new Error('Failed to validate membership role');
-		}
-
-		if (!acceptedStatuses.includes(membership.status)) {
-			throw new Error('Failed to validate membership status');
-		}
-		
-	} catch (err) {
-		Sentry.setUser(null);
-		Sentry.captureException(err);
-		throw new Error('Failed to validate membership');
-	}
-	
-	return membership;
-}
-
 /**
  * Return membership matching criteria specified in query [queryObj]
  * @param {Object} queryObj - query object
@@ -143,9 +97,4 @@ const deleteMembership = async ({ membershipId }: { membershipId: string }) => {
 	return deletedMembership;
 };
 
-export { 
-	validateMembership,
-	addMemberships, 
-	findMembership, 
-	deleteMembership 
-};
+export { addMemberships, findMembership, deleteMembership };

backend/src/helpers/nodemailer.ts

@@ -2,10 +2,21 @@ import fs from 'fs';
 import path from 'path';
 import handlebars from 'handlebars';
 import nodemailer from 'nodemailer';
-import { SMTP_FROM_NAME, SMTP_FROM_ADDRESS } from '../config';
-import * as Sentry from '@sentry/node';
+import { SMTP_HOST, SMTP_NAME, SMTP_USERNAME, SMTP_PASSWORD } from '../config';
 
-let smtpTransporter: nodemailer.Transporter;
+// create nodemailer transporter
+const transporter = nodemailer.createTransport({
+	host: SMTP_HOST,
+	port: 587,
+	auth: {
+		user: SMTP_USERNAME,
+		pass: SMTP_PASSWORD
+	}
+});
+transporter
+	.verify()
+	.then(() => console.log('SMTP - Successfully connected'))
+	.catch((err) => console.log('SMTP - Failed to connect'));
 
 /**
  * @param {Object} obj
@@ -15,38 +26,33 @@ let smtpTransporter: nodemailer.Transporter;
  * @param {Object} obj.substitutions - object containing template substitutions
  */
 const sendMail = async ({
-  template,
-  subjectLine,
-  recipients,
-  substitutions
+	template,
+	subjectLine,
+	recipients,
+	substitutions
 }: {
-  template: string;
-  subjectLine: string;
-  recipients: string[];
-  substitutions: any;
+	template: string;
+	subjectLine: string;
+	recipients: string[];
+	substitutions: any;
 }) => {
-  try {
-    const html = fs.readFileSync(
-      path.resolve(__dirname, '../templates/' + template),
-      'utf8'
-    );
-    const temp = handlebars.compile(html);
-    const htmlToSend = temp(substitutions);
+	try {
+		const html = fs.readFileSync(
+			path.resolve(__dirname, '../templates/' + template),
+			'utf8'
+		);
+		const temp = handlebars.compile(html);
+		const htmlToSend = temp(substitutions);
 
-    await smtpTransporter.sendMail({
-      from: `"${SMTP_FROM_NAME}" <${SMTP_FROM_ADDRESS}>`,
-      to: recipients.join(', '),
-      subject: subjectLine,
-      html: htmlToSend
-    });
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-  }
+		await transporter.sendMail({
+			from: `"${SMTP_NAME}" <${SMTP_USERNAME}>`,
+			to: recipients.join(', '),
+			subject: subjectLine,
+			html: htmlToSend
+		});
+	} catch (err) {
+		console.error(err);
+	}
 };
 
-const setTransporter = (transporter: nodemailer.Transporter) => {
-  smtpTransporter = transporter;
-};
-
-export { sendMail, setTransporter };
+export { sendMail };

backend/src/helpers/rateLimiter.ts

@@ -2,35 +2,34 @@ import rateLimit from 'express-rate-limit';
 
 // 300 requests per 15 minutes
 const apiLimiter = rateLimit({
-  windowMs: 15 * 60 * 1000,
-  max: 400,
-  standardHeaders: true,
-  legacyHeaders: false,
-  skip: (request) => request.path === '/healthcheck'
+	windowMs: 15 * 60 * 1000,
+	max: 400,
+	standardHeaders: true,
+	legacyHeaders: false
 });
 
 // 5 requests per hour
 const signupLimiter = rateLimit({
-  windowMs: 60 * 60 * 1000,
-  max: 10,
-  standardHeaders: true,
-  legacyHeaders: false
+	windowMs: 60 * 60 * 1000,
+	max: 10,
+	standardHeaders: true,
+	legacyHeaders: false
 });
 
 // 10 requests per hour
 const loginLimiter = rateLimit({
-  windowMs: 60 * 60 * 1000,
-  max: 20,
-  standardHeaders: true,
-  legacyHeaders: false
+	windowMs: 60 * 60 * 1000,
+	max: 20,
+	standardHeaders: true,
+	legacyHeaders: false
 });
 
 // 5 requests per hour
 const passwordLimiter = rateLimit({
-  windowMs: 60 * 60 * 1000,
-  max: 10,
-  standardHeaders: true,
-  legacyHeaders: false
+	windowMs: 60 * 60 * 1000,
+	max: 10,
+	standardHeaders: true,
+	legacyHeaders: false
 });
 
 export { apiLimiter, signupLimiter, loginLimiter, passwordLimiter };

backend/src/helpers/signup.ts

@@ -33,7 +33,7 @@ const sendEmailVerification = async ({ email }: { email: string }) => {
 		// send mail
 		await sendMail({
 			template: 'emailVerification.handlebars',
-			subjectLine: 'Infisical confirmation code',
+			subjectLine: 'Infisical workspace invitation',
 			recipients: [email],
 			substitutions: {
 				code: token
@@ -66,7 +66,7 @@ const checkEmailVerification = async ({
 			email,
 			token: code
 		});
-	
+
 		if (!token) throw new Error('Failed to find email verification token');
 	} catch (err) {
 		Sentry.setUser(null);
@@ -106,7 +106,7 @@ const initializeDefaultOrg = async ({
 
 		// initialize a default workspace inside the new organization
 		const workspace = await createWorkspace({
-			name: `Example Project`,
+			name: `${user.firstName}'s Project`,
 			organizationId: organization._id.toString()
 		});
 

backend/src/helpers/workspace.ts

@@ -1,16 +1,13 @@
 import * as Sentry from '@sentry/node';
 import {
 	Workspace,
-	Bot,
 	Membership,
 	Key,
 	Secret
 } from '../models';
-import { createBot } from '../helpers/bot';
 
 /**
  * Create a workspace with name [name] in organization with id [organizationId]
- * and a bot for it.
  * @param {String} name - name of workspace to create.
  * @param {String} organizationId - id of organization to create workspace in
  * @param {Object} workspace - new workspace
@@ -24,16 +21,10 @@ const createWorkspace = async ({
 }) => {
 	let workspace;
 	try {
-		// create workspace
 		workspace = await new Workspace({
 			name,
 			organization: organizationId
 		}).save();
-		
-		const bot = await createBot({
-			name: 'Infisical Bot',
-			workspaceId: workspace._id.toString()
-		});
 	} catch (err) {
 		Sentry.setUser(null);
 		Sentry.captureException(err);
@@ -52,9 +43,6 @@ const createWorkspace = async ({
 const deleteWorkspace = async ({ id }: { id: string }) => {
 	try {
 		await Workspace.deleteOne({ _id: id });
-		await Bot.deleteOne({
-			workspace: id
-		});
 		await Membership.deleteMany({
 			workspace: id
 		});

backend/src/index.ts

@@ -1,25 +1,91 @@
+import express from 'express';
+import helmet from 'helmet';
+import cors from 'cors';
+import cookieParser from 'cookie-parser';
+import mongoose from 'mongoose';
 import dotenv from 'dotenv';
+
 dotenv.config();
-
 import * as Sentry from '@sentry/node';
-import { SENTRY_DSN, NODE_ENV, MONGO_URL } from './config';
-import { server } from './app';
-import { initDatabase } from './services/database';
-import { setUpHealthEndpoint } from './services/health';
-import { initSmtp } from './services/smtp';
-import { setTransporter } from './helpers/nodemailer';
+import { PORT, SENTRY_DSN, NODE_ENV, MONGO_URL, SITE_URL, POSTHOG_PROJECT_API_KEY, POSTHOG_HOST, TELEMETRY_ENABLED } from './config';
+import { apiLimiter } from './helpers/rateLimiter';
 
-initDatabase(MONGO_URL);
+const app = express();
 
-setUpHealthEndpoint(server);
+Sentry.init({
+	dsn: SENTRY_DSN,
+	tracesSampleRate: 1.0,
+	debug: NODE_ENV === 'production' ? false : true,
+	environment: NODE_ENV
+});
 
-setTransporter(initSmtp());
+import {
+	signup as signupRouter,
+	auth as authRouter,
+	organization as organizationRouter,
+	workspace as workspaceRouter,
+	membershipOrg as membershipOrgRouter,
+	membership as membershipRouter,
+	key as keyRouter,
+	inviteOrg as inviteOrgRouter,
+	user as userRouter,
+	userAction as userActionRouter,
+	secret as secretRouter,
+	serviceToken as serviceTokenRouter,
+	password as passwordRouter,
+	stripe as stripeRouter,
+	integration as integrationRouter,
+	integrationAuth as integrationAuthRouter
+} from './routes';
 
-if (NODE_ENV !== 'test') {
-  Sentry.init({
-    dsn: SENTRY_DSN,
-    tracesSampleRate: 1.0,
-    debug: NODE_ENV === 'production' ? false : true,
-    environment: NODE_ENV
-  });
+const connectWithRetry = () => {
+	mongoose.connect(MONGO_URL)
+	.then(() => console.log('Successfully connected to DB'))
+	.catch((e) => {
+		console.log('Failed to connect to DB ', e);
+		setTimeout(() => {
+			console.log(e);
+		}, 5000);
+	});
 }
+
+connectWithRetry();
+
+app.enable('trust proxy');
+app.use(cookieParser());
+app.use(cors({
+	credentials: true,
+	origin: SITE_URL
+}));
+
+if (NODE_ENV === 'production') {
+	// enable app-wide rate-limiting + helmet security
+	// in production
+	app.disable('x-powered-by');
+	app.use(apiLimiter);
+	app.use(helmet());
+}
+
+app.use(express.json());
+
+// routers
+app.use('/api/v1/signup', signupRouter);
+app.use('/api/v1/auth', authRouter);
+app.use('/api/v1/user', userRouter);
+app.use('/api/v1/user-action', userActionRouter);
+app.use('/api/v1/organization', organizationRouter);
+app.use('/api/v1/workspace', workspaceRouter);
+app.use('/api/v1/membership-org', membershipOrgRouter);
+app.use('/api/v1/membership', membershipRouter);
+app.use('/api/v1/key', keyRouter);
+app.use('/api/v1/invite-org', inviteOrgRouter);
+app.use('/api/v1/secret', secretRouter);
+app.use('/api/v1/service-token', serviceTokenRouter);
+app.use('/api/v1/password', passwordRouter);
+app.use('/api/v1/stripe', stripeRouter);
+app.use('/api/v1/integration', integrationRouter);
+app.use('/api/v1/integration-auth', integrationAuthRouter);
+
+app.listen(PORT, () => {
+	console.log('Listening on PORT ' + PORT);
+});

backend/src/integrations/apps.ts

@@ -1,213 +0,0 @@
-import axios from 'axios';
-import * as Sentry from '@sentry/node';
-import { Octokit } from '@octokit/rest';
-import { IIntegrationAuth } from '../models';
-import {
-  INTEGRATION_HEROKU,
-  INTEGRATION_VERCEL,
-  INTEGRATION_NETLIFY,
-  INTEGRATION_GITHUB,
-  INTEGRATION_HEROKU_API_URL,
-  INTEGRATION_VERCEL_API_URL,
-  INTEGRATION_NETLIFY_API_URL,
-  INTEGRATION_GITHUB_API_URL
-} from '../variables';
-
-interface GitHubApp {
-  name: string;
-}
-
-/**
- * Return list of names of apps for integration named [integration]
- * @param {Object} obj
- * @param {String} obj.integration - name of integration
- * @param {String} obj.accessToken - access token for integration
- * @returns {Object[]} apps - names of integration apps
- * @returns {String} apps.name - name of integration app
- */
-const getApps = async ({
-  integrationAuth,
-  accessToken
-}: {
-  integrationAuth: IIntegrationAuth;
-  accessToken: string;
-}) => {
-  interface App {
-    name: string;
-    siteId?: string;
-  }
-
-  let apps: App[]; // TODO: add type and define payloads for apps
-  try {
-    switch (integrationAuth.integration) {
-      case INTEGRATION_HEROKU:
-        apps = await getAppsHeroku({
-          accessToken
-        });
-        break;
-      case INTEGRATION_VERCEL:
-        apps = await getAppsVercel({
-          accessToken
-        });
-        break;
-      case INTEGRATION_NETLIFY:
-        apps = await getAppsNetlify({
-          integrationAuth,
-          accessToken
-        });
-        break;
-      case INTEGRATION_GITHUB:
-        apps = await getAppsGithub({
-          integrationAuth,
-          accessToken
-        });
-        break;
-    }
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-    throw new Error('Failed to get integration apps');
-  }
-
-  return apps;
-};
-
-/**
- * Return list of names of apps for Heroku integration
- * @param {Object} obj
- * @param {String} obj.accessToken - access token for Heroku API
- * @returns {Object[]} apps - names of Heroku apps
- * @returns {String} apps.name - name of Heroku app
- */
-const getAppsHeroku = async ({ accessToken }: { accessToken: string }) => {
-  let apps;
-  try {
-    const res = (
-      await axios.get(`${INTEGRATION_HEROKU_API_URL}/apps`, {
-        headers: {
-          Accept: 'application/vnd.heroku+json; version=3',
-          Authorization: `Bearer ${accessToken}`
-        }
-      })
-    ).data;
-
-    apps = res.map((a: any) => ({
-      name: a.name
-    }));
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-    throw new Error('Failed to get Heroku integration apps');
-  }
-
-  return apps;
-};
-
-/**
- * Return list of names of apps for Vercel integration
- * @param {Object} obj
- * @param {String} obj.accessToken - access token for Vercel API
- * @returns {Object[]} apps - names of Vercel apps
- * @returns {String} apps.name - name of Vercel app
- */
-const getAppsVercel = async ({ accessToken }: { accessToken: string }) => {
-  let apps;
-  try {
-    const res = (
-      await axios.get(`${INTEGRATION_VERCEL_API_URL}/v9/projects`, {
-        headers: {
-          Authorization: `Bearer ${accessToken}`
-        }
-      })
-    ).data;
-
-    apps = res.projects.map((a: any) => ({
-      name: a.name
-    }));
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-    throw new Error('Failed to get Vercel integration apps');
-  }
-
-  return apps;
-};
-
-/**
- * Return list of names of sites for Netlify integration
- * @param {Object} obj
- * @param {String} obj.accessToken - access token for Netlify API
- * @returns {Object[]} apps - names of Netlify sites
- * @returns {String} apps.name - name of Netlify site
- */
-const getAppsNetlify = async ({
-  integrationAuth,
-  accessToken
-}: {
-  integrationAuth: IIntegrationAuth;
-  accessToken: string;
-}) => {
-  let apps;
-  try {
-    const res = (
-      await axios.get(`${INTEGRATION_NETLIFY_API_URL}/api/v1/sites`, {
-        headers: {
-          Authorization: `Bearer ${accessToken}`
-        }
-      })
-    ).data;
-
-    apps = res.map((a: any) => ({
-      name: a.name,
-      siteId: a.site_id
-    }));
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-    throw new Error('Failed to get Netlify integration apps');
-  }
-
-  return apps;
-};
-
-/**
- * Return list of names of repositories for Github integration
- * @param {Object} obj
- * @param {String} obj.accessToken - access token for Netlify API
- * @returns {Object[]} apps - names of Netlify sites
- * @returns {String} apps.name - name of Netlify site
- */
-const getAppsGithub = async ({
-  integrationAuth,
-  accessToken
-}: {
-  integrationAuth: IIntegrationAuth;
-  accessToken: string;
-}) => {
-  let apps;
-  try {
-    const octokit = new Octokit({
-      auth: accessToken
-    });
-
-    const repos = (await octokit.request(
-      'GET /user/repos{?visibility,affiliation,type,sort,direction,per_page,page,since,before}',
-      {}
-    )).data;
-
-    apps = repos
-      .filter((a:any) => a.permissions.admin === true)
-      .map((a: any) => ({
-          name: a.name
-        })
-      );
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-    throw new Error('Failed to get Github repos');
-  }
-
-  return apps;
-};
-
-export { getApps };

backend/src/integrations/exchange.ts

@@ -1,286 +0,0 @@
-import axios from 'axios';
-import * as Sentry from '@sentry/node';
-import {
-  INTEGRATION_HEROKU,
-  INTEGRATION_VERCEL,
-  INTEGRATION_NETLIFY,
-  INTEGRATION_GITHUB,
-  INTEGRATION_HEROKU_TOKEN_URL,
-  INTEGRATION_VERCEL_TOKEN_URL,
-  INTEGRATION_NETLIFY_TOKEN_URL,
-  INTEGRATION_GITHUB_TOKEN_URL,
-  INTEGRATION_GITHUB_API_URL
-} from '../variables';
-import {
-  SITE_URL,
-  CLIENT_ID_VERCEL,
-  CLIENT_ID_NETLIFY,
-  CLIENT_ID_GITHUB,
-  CLIENT_SECRET_HEROKU,
-  CLIENT_SECRET_VERCEL,
-  CLIENT_SECRET_NETLIFY,
-  CLIENT_SECRET_GITHUB
-} from '../config';
-import { user } from '../routes';
-
-interface ExchangeCodeHerokuResponse {
-  token_type: string;
-  access_token: string;
-  expires_in: number;
-  refresh_token: string;
-  user_id: string;
-  session_nonce?: string;
-}
-
-interface ExchangeCodeVercelResponse {
-  token_type: string;
-  access_token: string;
-  installation_id: string;
-  user_id: string;
-  team_id?: string;
-}
-
-interface ExchangeCodeNetlifyResponse {
-  access_token: string;
-  token_type: string;
-  refresh_token: string;
-  scope: string;
-  created_at: number;
-}
-
-interface ExchangeCodeGithubResponse {
-  access_token: string;
-  scope: string;
-  token_type: string;
-}
-
-/**
- * Return [accessToken], [accessExpiresAt], and [refreshToken] for OAuth2
- * code-token exchange for integration named [integration]
- * @param {Object} obj1
- * @param {String} obj1.integration - name of integration
- * @param {String} obj1.code - code for code-token exchange
- * @returns {Object} obj
- * @returns {String} obj.accessToken - access token for integration
- * @returns {String} obj.refreshToken - refresh token for integration
- * @returns {Date} obj.accessExpiresAt - date of expiration for access token
- * @returns {String} obj.action - integration action for bot sequence
- */
-const exchangeCode = async ({
-  integration,
-  code
-}: {
-  integration: string;
-  code: string;
-}) => {
-  let obj = {} as any;
-
-  try {
-    switch (integration) {
-      case INTEGRATION_HEROKU:
-        obj = await exchangeCodeHeroku({
-          code
-        });
-        break;
-      case INTEGRATION_VERCEL:
-        obj = await exchangeCodeVercel({
-          code
-        });
-        break;
-      case INTEGRATION_NETLIFY:
-        obj = await exchangeCodeNetlify({
-          code
-        });
-        break;
-      case INTEGRATION_GITHUB:
-        obj = await exchangeCodeGithub({
-          code
-        });
-        break;
-    }
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-    throw new Error('Failed OAuth2 code-token exchange');
-  }
-
-  return obj;
-};
-
-/**
- * Return [accessToken], [accessExpiresAt], and [refreshToken] for Heroku
- * OAuth2 code-token exchange
- * @param {Object} obj1
- * @param {Object} obj1.code - code for code-token exchange
- * @returns {Object} obj2
- * @returns {String} obj2.accessToken - access token for Heroku API
- * @returns {String} obj2.refreshToken - refresh token for Heroku API
- * @returns {Date} obj2.accessExpiresAt - date of expiration for access token
- */
-const exchangeCodeHeroku = async ({
-    code
-}: {
-    code: string;
-}) => {
-    let res: ExchangeCodeHerokuResponse;
-    const accessExpiresAt = new Date();
-    try {
-        res = (await axios.post(
-            INTEGRATION_HEROKU_TOKEN_URL,
-            new URLSearchParams({
-				grant_type: 'authorization_code',
-				code: code,
-				client_secret: CLIENT_SECRET_HEROKU
-			} as any)
-        )).data;
-        
-        accessExpiresAt.setSeconds(
-            accessExpiresAt.getSeconds() + res.expires_in
-        );
-    } catch (err) {
-        Sentry.setUser(null);
-        Sentry.captureException(err);
-        throw new Error('Failed OAuth2 code-token exchange with Heroku');
-    }
-    
-    return ({
-        accessToken: res.access_token,
-        refreshToken: res.refresh_token,
-        accessExpiresAt
-    });
-}
-
-/**
- * Return [accessToken], [accessExpiresAt], and [refreshToken] for Vercel
- * code-token exchange
- * @param {Object} obj1
- * @param {Object} obj1.code - code for code-token exchange
- * @returns {Object} obj2
- * @returns {String} obj2.accessToken - access token for Heroku API
- * @returns {String} obj2.refreshToken - refresh token for Heroku API
- * @returns {Date} obj2.accessExpiresAt - date of expiration for access token
- */
-const exchangeCodeVercel = async ({ code }: { code: string }) => {
-  let res: ExchangeCodeVercelResponse;
-  try {
-    res = (
-      await axios.post(
-        INTEGRATION_VERCEL_TOKEN_URL,
-        new URLSearchParams({
-          code: code,
-          client_id: CLIENT_ID_VERCEL,
-          client_secret: CLIENT_SECRET_VERCEL,
-          redirect_uri: `${SITE_URL}/vercel`
-        } as any)
-      )
-    ).data;
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-    throw new Error('Failed OAuth2 code-token exchange with Vercel');
-  }
-
-  return {
-    accessToken: res.access_token,
-    refreshToken: null,
-    accessExpiresAt: null,
-    teamId: res.team_id
-  };
-};
-
-/**
- * Return [accessToken], [accessExpiresAt], and [refreshToken] for Vercel
- * code-token exchange
- * @param {Object} obj1
- * @param {Object} obj1.code - code for code-token exchange
- * @returns {Object} obj2
- * @returns {String} obj2.accessToken - access token for Heroku API
- * @returns {String} obj2.refreshToken - refresh token for Heroku API
- * @returns {Date} obj2.accessExpiresAt - date of expiration for access token
- */
-const exchangeCodeNetlify = async ({ code }: { code: string }) => {
-  let res: ExchangeCodeNetlifyResponse;
-  let accountId;
-  try {
-    res = (
-      await axios.post(
-        INTEGRATION_NETLIFY_TOKEN_URL,
-        new URLSearchParams({
-          grant_type: 'authorization_code',
-          code: code,
-          client_id: CLIENT_ID_NETLIFY,
-          client_secret: CLIENT_SECRET_NETLIFY,
-          redirect_uri: `${SITE_URL}/netlify`
-        } as any)
-      )
-    ).data;
-
-    const res2 = await axios.get('https://api.netlify.com/api/v1/sites', {
-      headers: {
-        Authorization: `Bearer ${res.access_token}`
-      }
-    });
-
-    const res3 = (
-      await axios.get('https://api.netlify.com/api/v1/accounts', {
-        headers: {
-          Authorization: `Bearer ${res.access_token}`
-        }
-      })
-    ).data;
-
-    accountId = res3[0].id;
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-    throw new Error('Failed OAuth2 code-token exchange with Netlify');
-  }
-
-  return {
-    accessToken: res.access_token,
-    refreshToken: res.refresh_token,
-    accountId
-  };
-};
-
-/**
- * Return [accessToken], [accessExpiresAt], and [refreshToken] for Github
- * code-token exchange
- * @param {Object} obj1
- * @param {Object} obj1.code - code for code-token exchange
- * @returns {Object} obj2
- * @returns {String} obj2.accessToken - access token for Github API
- * @returns {String} obj2.refreshToken - refresh token for Github API
- * @returns {Date} obj2.accessExpiresAt - date of expiration for access token
- */
-const exchangeCodeGithub = async ({ code }: { code: string }) => {
-  let res: ExchangeCodeGithubResponse;
-  try {
-    res = (
-      await axios.get(INTEGRATION_GITHUB_TOKEN_URL, {
-        params: {
-          client_id: CLIENT_ID_GITHUB,
-          client_secret: CLIENT_SECRET_GITHUB,
-          code: code,
-          redirect_uri: `${SITE_URL}/github`
-        },
-        headers: {
-          Accept: 'application/json'
-        }
-      })
-    ).data;
-
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-    throw new Error('Failed OAuth2 code-token exchange with Github');
-  }
-
-  return {
-    accessToken: res.access_token,
-    refreshToken: null,
-    accessExpiresAt: null
-  };
-};
-
-export { exchangeCode };

backend/src/integrations/index.ts

@@ -1,13 +0,0 @@
-import { exchangeCode } from './exchange';
-import { exchangeRefresh } from './refresh';
-import { getApps } from './apps';
-import { syncSecrets } from './sync';
-import { revokeAccess } from './revoke';
-
-export {
-    exchangeCode,
-    exchangeRefresh,
-    getApps,
-    syncSecrets,
-    revokeAccess
-}

backend/src/integrations/refresh.ts

@@ -1,77 +0,0 @@
-import axios from 'axios';
-import * as Sentry from '@sentry/node';
-import { INTEGRATION_HEROKU } from '../variables';
-import {
-    CLIENT_SECRET_HEROKU
-} from '../config';
-import {
-    INTEGRATION_HEROKU_TOKEN_URL
-} from '../variables';
-
-/**
- * Return new access token by exchanging refresh token [refreshToken] for integration
- * named [integration]
- * @param {Object} obj
- * @param {String} obj.integration - name of integration
- * @param {String} obj.refreshToken - refresh token to use to get new access token for Heroku
- */
-const exchangeRefresh = async ({
-  integration,
-  refreshToken
-}: {
-  integration: string;
-  refreshToken: string;
-}) => {
-  let accessToken;
-  try {
-    switch (integration) {
-      case INTEGRATION_HEROKU:
-        accessToken = await exchangeRefreshHeroku({
-          refreshToken
-        });
-        break;
-    }
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-    throw new Error('Failed to get new OAuth2 access token');
-  }
-
-  return accessToken;
-};
-
-/**
- * Return new access token by exchanging refresh token [refreshToken] for the
- * Heroku integration
- * @param {Object} obj
- * @param {String} obj.refreshToken - refresh token to use to get new access token for Heroku
- * @returns
- */
-const exchangeRefreshHeroku = async ({
-  refreshToken
-}: {
-  refreshToken: string;
-}) => {
-    let accessToken;
-	//TODO: Refactor code to take advantage of using RequestError. It's possible to create new types of errors for more detailed errors
-    try {
-        const res = await axios.post(
-            INTEGRATION_HEROKU_TOKEN_URL,
-            new URLSearchParams({
-                grant_type: 'refresh_token',
-                refresh_token: refreshToken,
-                client_secret: CLIENT_SECRET_HEROKU
-            } as any)
-        );
-
-    accessToken = res.data.access_token;
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-    throw new Error('Failed to get new OAuth2 access token for Heroku');
-  }
-
-  return accessToken;
-};
-
-export { exchangeRefresh };

backend/src/integrations/revoke.ts

@@ -1,47 +0,0 @@
-import axios from 'axios';
-import * as Sentry from '@sentry/node';
-import { IIntegrationAuth, IntegrationAuth, Integration } from '../models';
-import {
-  INTEGRATION_HEROKU,
-  INTEGRATION_VERCEL,
-  INTEGRATION_NETLIFY,
-  INTEGRATION_GITHUB
-} from '../variables';
-
-const revokeAccess = async ({
-  integrationAuth,
-  accessToken
-}: {
-  integrationAuth: IIntegrationAuth;
-  accessToken: string;
-}) => {
-  try {
-    // add any integration-specific revocation logic
-    switch (integrationAuth.integration) {
-      case INTEGRATION_HEROKU:
-        break;
-      case INTEGRATION_VERCEL:
-        break;
-      case INTEGRATION_NETLIFY:
-        break;
-      case INTEGRATION_GITHUB:
-        break;
-    }
-
-    const deletedIntegrationAuth = await IntegrationAuth.findOneAndDelete({
-      _id: integrationAuth._id
-    });
-
-    if (deletedIntegrationAuth) {
-      await Integration.deleteMany({
-        integrationAuth: deletedIntegrationAuth._id
-      });
-    }
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-    throw new Error('Failed to delete integration authorization');
-  }
-};
-
-export { revokeAccess };

backend/src/integrations/sync.ts

@@ -1,605 +0,0 @@
-import axios from 'axios';
-import * as Sentry from '@sentry/node';
-import { Octokit } from '@octokit/rest';
-// import * as sodium from 'libsodium-wrappers';
-import sodium from 'libsodium-wrappers';
-// const sodium = require('libsodium-wrappers');
-import { IIntegration, IIntegrationAuth } from '../models';
-import {
-  INTEGRATION_HEROKU,
-  INTEGRATION_VERCEL,
-  INTEGRATION_NETLIFY,
-  INTEGRATION_GITHUB,
-  INTEGRATION_HEROKU_API_URL,
-  INTEGRATION_VERCEL_API_URL,
-  INTEGRATION_NETLIFY_API_URL,
-  INTEGRATION_GITHUB_API_URL
-} from '../variables';
-import { access, appendFile } from 'fs';
-
-// TODO: need a helper function in the future to handle integration
-// envar priorities (i.e. prioritize secrets within integration or those on Infisical)
-
-/**
- * Sync/push [secrets] to [app] in integration named [integration]
- * @param {Object} obj
- * @param {IIntegration} obj.integration - integration details
- * @param {IIntegrationAuth} obj.integrationAuth - integration auth details
- * @param {Object} obj.app - app in integration
- * @param {Object} obj.target - (optional) target (environment) in integration
- * @param {Object} obj.secrets - secrets to push to integration (object where keys are secret keys and values are secret values)
- * @param {String} obj.accessToken - access token for integration
- */
-const syncSecrets = async ({
-  integration,
-  integrationAuth,
-  secrets,
-  accessToken
-}: {
-  integration: IIntegration;
-  integrationAuth: IIntegrationAuth;
-  secrets: any;
-  accessToken: string;
-}) => {
-  try {
-    switch (integration.integration) {
-      case INTEGRATION_HEROKU:
-        await syncSecretsHeroku({
-          integration,
-          secrets,
-          accessToken
-        });
-        break;
-      case INTEGRATION_VERCEL:
-        await syncSecretsVercel({
-          integration,
-          secrets,
-          accessToken
-        });
-        break;
-      case INTEGRATION_NETLIFY:
-        await syncSecretsNetlify({
-          integration,
-          integrationAuth,
-          secrets,
-          accessToken
-        });
-        break;
-      case INTEGRATION_GITHUB:
-        await syncSecretsGitHub({
-          integration,
-          secrets,
-          accessToken
-        });
-        break;
-    }
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-    throw new Error('Failed to sync secrets to integration');
-  }
-};
-
-/**
- * Sync/push [secrets] to Heroku [app]
- * @param {Object} obj
- * @param {IIntegration} obj.integration - integration details
- * @param {Object} obj.secrets - secrets to push to integration (object where keys are secret keys and values are secret values)
- */
-const syncSecretsHeroku = async ({
-  integration,
-  secrets,
-  accessToken
-}: {
-  integration: IIntegration;
-  secrets: any;
-  accessToken: string;
-}) => {
-  try {
-    const herokuSecrets = (
-      await axios.get(
-        `${INTEGRATION_HEROKU_API_URL}/apps/${integration.app}/config-vars`,
-        {
-          headers: {
-            Accept: 'application/vnd.heroku+json; version=3',
-            Authorization: `Bearer ${accessToken}`
-          }
-        }
-      )
-    ).data;
-
-    Object.keys(herokuSecrets).forEach((key) => {
-      if (!(key in secrets)) {
-        secrets[key] = null;
-      }
-    });
-
-    await axios.patch(
-      `${INTEGRATION_HEROKU_API_URL}/apps/${integration.app}/config-vars`,
-      secrets,
-      {
-        headers: {
-          Accept: 'application/vnd.heroku+json; version=3',
-          Authorization: `Bearer ${accessToken}`
-        }
-      }
-    );
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-    throw new Error('Failed to sync secrets to Heroku');
-  }
-};
-
-/**
- * Sync/push [secrets] to Heroku [app]
- * @param {Object} obj
- * @param {IIntegration} obj.integration - integration details
- * @param {Object} obj.secrets - secrets to push to integration (object where keys are secret keys and values are secret values)
- */
-const syncSecretsVercel = async ({
-    integration,
-    secrets,
-    accessToken
-}: {
-    integration: IIntegration,
-    secrets: any;
-    accessToken: string;
-}) => {
-    
-    interface VercelSecret {
-        id?: string;
-        type: string;
-        key: string;
-        value: string;
-        target: string[];
-    }
-    
-    try {
-        // Get all (decrypted) secrets back from Vercel in
-        // decrypted format
-        const params = new URLSearchParams({
-            decrypt: "true"
-        });
-        
-        const res = (await Promise.all((await axios.get(
-            `${INTEGRATION_VERCEL_API_URL}/v9/projects/${integration.app}/env`, 
-            {
-                params,
-                headers: {
-                    Authorization: `Bearer ${accessToken}`
-                }
-            }
-        ))
-        .data
-        .envs
-        .filter((secret: VercelSecret) => secret.target.includes(integration.target))
-        .map(async (secret: VercelSecret) => (await axios.get(
-                `${INTEGRATION_VERCEL_API_URL}/v9/projects/${integration.app}/env/${secret.id}`,
-                {
-                    headers: {
-                        Authorization: `Bearer ${accessToken}`
-                    }
-                    
-                }
-            )).data)
-        )).reduce((obj: any, secret: any) => ({
-            ...obj,
-            [secret.key]: secret
-        }), {});
-        
-        const updateSecrets: VercelSecret[] = [];
-        const deleteSecrets: VercelSecret[] = [];
-        const newSecrets: VercelSecret[] = [];
-
-        // Identify secrets to create
-        Object.keys(secrets).map((key) => {
-            if (!(key in res)) {
-                // case: secret has been created
-                newSecrets.push({
-                    key: key,
-                    value: secrets[key],
-                    type: 'encrypted',
-                    target: [integration.target]
-                });
-            }
-        });
-        
-        // Identify secrets to update and delete
-        Object.keys(res).map((key) => {
-            if (key in secrets) {
-                if (res[key].value !== secrets[key]) {
-                    // case: secret value has changed
-                    updateSecrets.push({
-                        id: res[key].id,
-                        key: key,
-                        value: secrets[key],
-                        type: 'encrypted',
-                        target: [integration.target]
-                    });
-                }
-            } else {
-                // case: secret has been deleted
-                deleteSecrets.push({
-                    id: res[key].id,
-                    key: key,
-                    value: res[key].value,
-                    type: 'encrypted',
-                    target: [integration.target],
-                });
-            }
-        });
-
-        // Sync/push new secrets
-        if (newSecrets.length > 0) {
-            await axios.post(
-                `${INTEGRATION_VERCEL_API_URL}/v10/projects/${integration.app}/env`,
-                newSecrets,
-                {
-                    headers: {
-                        Authorization: `Bearer ${accessToken}`
-                    }
-                }
-            );
-        }
-
-        // Sync/push updated secrets
-        if (updateSecrets.length > 0) {
-            updateSecrets.forEach(async (secret: VercelSecret) => {
-                const { 
-                    id, 
-                    ...updatedSecret 
-                } = secret;
-                await axios.patch(
-                    `${INTEGRATION_VERCEL_API_URL}/v9/projects/${integration.app}/env/${secret.id}`,
-                    updatedSecret,
-                    {
-                        headers: {
-                            Authorization: `Bearer ${accessToken}` 
-                        }
-                    }
-                );
-            });
-        }
-
-        // Delete secrets
-        if (deleteSecrets.length > 0) {
-            deleteSecrets.forEach(async (secret: VercelSecret) => {
-                await axios.delete(
-                    `${INTEGRATION_VERCEL_API_URL}/v9/projects/${integration.app}/env/${secret.id}`,
-                    {
-                        headers: {
-                            Authorization: `Bearer ${accessToken}`
-                        }
-                    }
-                );
-            });
-        }
-    } catch (err) {
-        Sentry.setUser(null);
-        Sentry.captureException(err);
-        throw new Error('Failed to sync secrets to Vercel');
-    }
-}
-
-/**
- * Sync/push [secrets] to Netlify site [app]
- * @param {Object} obj
- * @param {IIntegration} obj.integration - integration details
- * @param {IIntegrationAuth} obj.integrationAuth - integration auth details
- * @param {Object} obj.secrets - secrets to push to integration (object where keys are secret keys and values are secret values)
- */
-const syncSecretsNetlify = async ({
-    integration,
-    integrationAuth,
-    secrets,
-    accessToken
-}: {
-    integration: IIntegration;
-    integrationAuth: IIntegrationAuth;
-    secrets: any;
-    accessToken: string;
-}) => {
-    try {
-
-        interface NetlifyValue {
-            id?: string;
-            context: string; // 'dev' | 'branch-deploy' | 'deploy-preview' | 'production',
-            value: string;
-        }
-        
-        interface NetlifySecret {
-            key: string;
-            values: NetlifyValue[];
-        }
-        
-        interface NetlifySecretsRes {
-            [index: string]: NetlifySecret;
-        }
-        
-        const getParams = new URLSearchParams({
-            context_name: 'all', // integration.context or all
-            site_id: integration.siteId
-        });
-        
-        const res = (await axios.get(
-            `${INTEGRATION_NETLIFY_API_URL}/api/v1/accounts/${integrationAuth.accountId}/env`,
-            {
-                params: getParams,
-                headers: {
-                    Authorization: `Bearer ${accessToken}`
-                }
-            }
-        ))
-        .data
-        .reduce((obj: any, secret: any) => ({
-            ...obj,
-            [secret.key]: secret
-        }), {});
-        
-        const newSecrets: NetlifySecret[] = []; // createEnvVars
-        const deleteSecrets: string[] = []; // deleteEnvVar
-        const deleteSecretValues: NetlifySecret[] = []; // deleteEnvVarValue
-        const updateSecrets: NetlifySecret[] = []; // setEnvVarValue
-
-        // identify secrets to create and update
-        Object.keys(secrets).map((key) => {
-            if (!(key in res)) {
-                // case: Infisical secret does not exist in Netlify -> create secret
-                newSecrets.push({
-                    key,
-                    values: [{
-                        value: secrets[key],
-                        context: integration.context
-                    }]
-                });
-            } else {
-                // case: Infisical secret exists in Netlify
-                const contexts = res[key].values
-                    .reduce((obj: any, value: NetlifyValue) => ({
-                        ...obj,
-                        [value.context]: value
-                    }), {});
-                
-                if (integration.context in contexts) {
-                    // case: Netlify secret value exists in integration context
-                    if (secrets[key] !== contexts[integration.context].value) {
-                        // case: Infisical and Netlify secret values are different
-                        // -> update Netlify secret context and value
-                        updateSecrets.push({
-                            key,
-                            values: [{
-                                context: integration.context,
-                                value: secrets[key]
-                            }]
-                        });
-                    }
-                } else {
-                    // case: Netlify secret value does not exist in integration context
-                    // -> add the new Netlify secret context and value
-                    updateSecrets.push({
-                        key,
-                        values: [{
-                            context: integration.context,
-                            value: secrets[key]
-                        }]
-                    });
-                }
-            }
-        })
-        
-        // identify secrets to delete
-        // TODO: revise (patch case where 1 context was deleted but others still there
-        Object.keys(res).map((key) => {
-            // loop through each key's context
-            if (!(key in secrets)) {
-                // case: Netlify secret does not exist in Infisical
-                
-                const numberOfValues = res[key].values.length;
-                
-                res[key].values.forEach((value: NetlifyValue) => {
-                    if (value.context === integration.context) {
-                        if (numberOfValues <= 1) {
-                            // case: Netlify secret value has less than 1 context -> delete secret
-                            deleteSecrets.push(key); 
-                        } else {
-                            // case: Netlify secret value has more than 1 context -> delete secret value context
-                            deleteSecretValues.push({
-                                key,
-                                values: [{
-                                    id: value.id,
-                                    context: integration.context,
-                                    value: value.value
-                                }]
-                            });
-                        }
-                    }
-                });
-            }
-        });
-
-        const syncParams = new URLSearchParams({
-            site_id: integration.siteId
-        });
-
-        if (newSecrets.length > 0) {
-            await axios.post(
-                `${INTEGRATION_NETLIFY_API_URL}/api/v1/accounts/${integrationAuth.accountId}/env`,
-                newSecrets,
-                {
-                    params: syncParams,
-                    headers: {
-                        Authorization: `Bearer ${accessToken}`
-                    }
-                }
-            );
-        }
-
-        if (updateSecrets.length > 0) {
-            updateSecrets.forEach(async (secret: NetlifySecret) => {
-                await axios.patch(
-                    `${INTEGRATION_NETLIFY_API_URL}/api/v1/accounts/${integrationAuth.accountId}/env/${secret.key}`,
-                    {
-                        context: secret.values[0].context,
-                        value: secret.values[0].value
-                    },
-                    {
-                        params: syncParams,
-                        headers: {
-                            Authorization: `Bearer ${accessToken}` 
-                        }
-                    }
-                );
-            });
-        }
-
-        if (deleteSecrets.length > 0) {
-            deleteSecrets.forEach(async (key: string) => {
-                await axios.delete(
-                    `${INTEGRATION_NETLIFY_API_URL}/api/v1/accounts/${integrationAuth.accountId}/env/${key}`,
-                    {
-                        params: syncParams,
-                        headers: {
-                            Authorization: `Bearer ${accessToken}`
-                        }
-                    }
-                );
-            });
-        }
-
-        if (deleteSecretValues.length > 0) {
-            deleteSecretValues.forEach(async (secret: NetlifySecret) => {
-                await axios.delete(
-                    `${INTEGRATION_NETLIFY_API_URL}/api/v1/accounts/${integrationAuth.accountId}/env/${secret.key}/value/${secret.values[0].id}`,
-                    {
-                        params: syncParams,
-                        headers: {
-                            Authorization: `Bearer ${accessToken}`
-                        }
-                    }
-                );
-            });
-        }
-    } catch (err) {
-        Sentry.setUser(null);
-        Sentry.captureException(err);
-        throw new Error('Failed to sync secrets to Heroku');
-    }
-}
-
-/**
- * Sync/push [secrets] to GitHub [repo]
- * @param {Object} obj
- * @param {IIntegration} obj.integration - integration details
- * @param {IIntegrationAuth} obj.integrationAuth - integration auth details
- * @param {Object} obj.secrets - secrets to push to integration (object where keys are secret keys and values are secret values)
- */
-const syncSecretsGitHub = async ({
-  integration,
-  secrets,
-  accessToken
-}: {
-  integration: IIntegration;
-  secrets: any;
-  accessToken: string;
-}) => {
-  try {
-    
-    interface GitHubRepoKey {
-      key_id: string;
-      key: string;
-    }
-    
-    interface GitHubSecret {
-      name: string;
-      created_at: string;
-      updated_at: string;
-    }
-
-    interface GitHubSecretRes {
-        [index: string]: GitHubSecret;
-    }
-
-    const deleteSecrets: GitHubSecret[] = [];
-
-    const octokit = new Octokit({
-      auth: accessToken
-    });
-
-    const user = (await octokit.request('GET /user', {})).data;
-    
-    const repoPublicKey: GitHubRepoKey = (await octokit.request(
-      'GET /repos/{owner}/{repo}/actions/secrets/public-key',
-      {
-        owner: user.login,
-        repo: integration.app
-      }
-    )).data;
-
-    // // Get local copy of decrypted secrets. We cannot decrypt them as we dont have access to GH private key
-    const encryptedSecrets: GitHubSecretRes = (await octokit.request(
-      'GET /repos/{owner}/{repo}/actions/secrets',
-      {
-        owner: user.login,
-        repo: integration.app
-      }
-    ))
-    .data
-    .secrets
-    .reduce((obj: any, secret: any) => ({
-      ...obj,
-      [secret.name]: secret
-    }), {});
-    
-    Object.keys(encryptedSecrets).map(async (key) => {
-      if (!(key in secrets)) {
-        await octokit.request(
-          'DELETE /repos/{owner}/{repo}/actions/secrets/{secret_name}',
-          {
-            owner: user.login,
-            repo: integration.app,
-            secret_name: key
-          }
-        );
-      }
-    });
-    
-    Object.keys(secrets).map((key) => {
-      // let encryptedSecret;
-      sodium.ready.then(async () => {
-          // convert secret & base64 key to Uint8Array.
-          const binkey = sodium.from_base64(
-            repoPublicKey.key,
-            sodium.base64_variants.ORIGINAL
-          );
-          const binsec = sodium.from_string(secrets[key]);
-
-          // encrypt secret using libsodium
-          const encBytes = sodium.crypto_box_seal(binsec, binkey);
-
-          // convert encrypted Uint8Array to base64
-          const encryptedSecret = sodium.to_base64(
-            encBytes,
-            sodium.base64_variants.ORIGINAL
-          );
-          
-          await octokit.request(
-            'PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}',
-            {
-              owner: user.login,
-              repo: integration.app,
-              secret_name: key,
-              encrypted_value: encryptedSecret,
-              key_id: repoPublicKey.key_id
-            }
-          );
-      });
-    });
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-    throw new Error('Failed to sync secrets to GitHub');
-  }
-};
-
-export { syncSecrets };

backend/src/json/integrations.json

@@ -0,0 +1,50 @@
+{
+	"heroku": {
+		"name": "Heroku",
+		"type": "oauth2",
+		"clientId": "bc132901-935a-4590-b010-f1857efc380d",
+		"docsLink": ""
+	},
+	"netlify": {
+		"name": "Netlify",
+		"type": "oauth2",
+		"clientId": "",
+		"docsLink": ""
+	},
+	"digitalocean": {
+		"name": "Digital Ocean",
+		"type": "oauth2",
+		"clientId": "",
+		"docsLink": ""
+	},
+	"gcp": {
+		"name": "Google Cloud Platform",
+		"type": "oauth2",
+		"clientId": "",
+		"docsLink": ""
+	},
+	"aws": {
+		"name": "Amazon Web Services",
+		"type": "oauth2",
+		"clientId": "",
+		"docsLink": ""
+	},
+	"azure": {
+		"name": "Microsoft Azure",
+		"type": "oauth2",
+		"clientId": "",
+		"docsLink": ""
+	},
+	"travisci": {
+		"name": "Travis CI",
+		"type": "oauth2",
+		"clientId": "",
+		"docsLink": ""
+	},
+	"circleci": {
+		"name": "Circle CI",
+		"type": "oauth2",
+		"clientId": "",
+		"docsLink": ""
+	}
+}

backend/src/middleware/index.ts

@@ -1,5 +1,4 @@
 import requireAuth from './requireAuth';
-import requireBotAuth from './requireBotAuth';
 import requireSignupAuth from './requireSignupAuth';
 import requireWorkspaceAuth from './requireWorkspaceAuth';
 import requireOrganizationAuth from './requireOrganizationAuth';
@@ -10,7 +9,6 @@ import validateRequest from './validateRequest';
 
 export {
 	requireAuth,
-	requireBotAuth,
 	requireSignupAuth,
 	requireWorkspaceAuth,
 	requireOrganizationAuth,

backend/src/middleware/requestErrorHandler.ts

@@ -1,29 +0,0 @@
-import { ErrorRequestHandler } from "express";
-
-import * as Sentry from '@sentry/node';
-import { InternalServerError } from "../utils/errors";
-import { getLogger } from "../utils/logger";
-import RequestError, { LogLevel } from "../utils/requestError";
-
-
-export const requestErrorHandler: ErrorRequestHandler = (error: RequestError|Error, req, res, next) => {
-    if(res.headersSent) return next();
-    //TODO: Find better way to type check for error. In current setting you need to cast type to get the functions and variables from RequestError
-    if(!(error instanceof RequestError)){
-        error = InternalServerError({context: {exception: error.message}, stack: error.stack})
-        getLogger('backend-main').log((<RequestError>error).levelName.toLowerCase(), (<RequestError>error).message)
-    }
-    
-    //* Set Sentry user identification if req.user is populated
-    if(req.user !== undefined && req.user !== null){
-        Sentry.setUser({ email: req.user.email })
-    }
-    //* Only sent error to Sentry if LogLevel is one of the following level 'ERROR', 'EMERGENCY' or 'CRITICAL'
-    //* with this we will eliminate false-positive errors like 'BadRequestError', 'UnauthorizedRequestError' and so on
-    if([LogLevel.ERROR, LogLevel.EMERGENCY, LogLevel.CRITICAL].includes((<RequestError>error).level)){
-        Sentry.captureException(error)
-    }
-    
-    res.status((<RequestError>error).statusCode).json((<RequestError>error).format(req))
-    next()
-}

backend/src/middleware/requireAuth.ts

@@ -1,8 +1,8 @@
 import jwt from 'jsonwebtoken';
 import { Request, Response, NextFunction } from 'express';
+import * as Sentry from '@sentry/node';
 import { User } from '../models';
 import { JWT_AUTH_SECRET } from '../config';
-import { AccountNotFoundError, BadRequestError, UnauthorizedRequestError } from '../utils/errors';
 
 declare module 'jsonwebtoken' {
 	export interface UserIDJwtPayload extends jwt.JwtPayload {
@@ -20,25 +20,32 @@ declare module 'jsonwebtoken' {
  */
 const requireAuth = async (req: Request, res: Response, next: NextFunction) => {
 	// JWT authentication middleware
-	const [ AUTH_TOKEN_TYPE, AUTH_TOKEN_VALUE ] = <[string, string]>req.headers['authorization']?.split(' ', 2) ?? [null, null]
-	if(AUTH_TOKEN_TYPE === null) return next(BadRequestError({message: `Missing Authorization Header in the request header.`}))
-	if(AUTH_TOKEN_TYPE.toLowerCase() !== 'bearer') return next(BadRequestError({message: `The provided authentication type '${AUTH_TOKEN_TYPE}' is not supported.`}))
-	if(AUTH_TOKEN_VALUE === null) return next(BadRequestError({message: 'Missing Authorization Body in the request header'}))
+	try {
+		if (!req.headers?.authorization)
+			throw new Error('Failed to locate authorization header');
 
-	const decodedToken = <jwt.UserIDJwtPayload>(
-		jwt.verify(AUTH_TOKEN_VALUE, JWT_AUTH_SECRET)
-	);
+		const token = req.headers.authorization.split(' ')[1];
+		const decodedToken = <jwt.UserIDJwtPayload>(
+			jwt.verify(token, JWT_AUTH_SECRET)
+		);
 
-	const user = await User.findOne({
-		_id: decodedToken.userId
-	}).select('+publicKey');
+		const user = await User.findOne({
+			_id: decodedToken.userId
+		}).select('+publicKey');
 
-	if (!user) return next(AccountNotFoundError({message: 'Failed to locate User account'}))
-	if (!user?.publicKey)
-		return next(UnauthorizedRequestError({message: 'Unable to authenticate due to partially set up account'}))
+		if (!user) throw new Error('Failed to authenticate unfound user');
+		if (!user?.publicKey)
+			throw new Error('Failed to authenticate not fully set up account');
 
-	req.user = user;
-	return next();
+		req.user = user;
+		return next();
+	} catch (err) {
+		Sentry.setUser(null);
+		Sentry.captureException(err);
+		return res.status(401).send({
+			error: 'Failed to authenticate user. Try logging in'
+		});
+	}
 };
 
 export default requireAuth;

backend/src/middleware/requireBotAuth.ts

@@ -1,37 +0,0 @@
-import { Request, Response, NextFunction } from 'express';
-import { Bot } from '../models';
-import { validateMembership } from '../helpers/membership';
-import { AccountNotFoundError } from '../utils/errors';
-
-type req = 'params' | 'body' | 'query';
-
-const requireBotAuth = ({
-    acceptedRoles,
-    acceptedStatuses,
-    location = 'params'
-}: {
-    acceptedRoles: string[];
-    acceptedStatuses: string[];
-    location?: req;
-}) => {
-    return async (req: Request, res: Response, next: NextFunction) => {
-        const bot = await Bot.findOne({ _id: req[location].botId });
-        
-        if (!bot) {
-            return next(AccountNotFoundError({message: 'Failed to locate Bot account'}))
-        }
-        
-        await validateMembership({
-            userId: req.user._id.toString(),
-            workspaceId: bot.workspace.toString(),
-            acceptedRoles,
-            acceptedStatuses
-        });
-        
-        req.bot = bot;
-        
-        next();
-    }
-}
-
-export default requireBotAuth;

backend/src/middleware/requireIntegrationAuth.ts

@@ -1,8 +1,7 @@
+import * as Sentry from '@sentry/node';
 import { Request, Response, NextFunction } from 'express';
-import { Integration, IntegrationAuth } from '../models';
-import { IntegrationService } from '../services';
-import { validateMembership } from '../helpers/membership';
-import { IntegrationNotFoundError, UnauthorizedRequestError } from '../utils/errors';
+import { Integration, IntegrationAuth, Membership } from '../models';
+import { getOAuthAccessToken } from '../helpers/integrationAuth';
 
 /**
  * Validate if user on request is a member of workspace with proper roles associated
@@ -21,40 +20,56 @@ const requireIntegrationAuth = ({
 	return async (req: Request, res: Response, next: NextFunction) => {
 		// integration authorization middleware
 
-		const { integrationId } = req.params;
+		try {
+			const { integrationId } = req.params;
 
-		// validate integration accessibility
-		const integration = await Integration.findOne({
-			_id: integrationId
-		});
+			// validate integration accessibility
+			const integration = await Integration.findOne({
+				_id: integrationId
+			});
 
-		if (!integration) {
-			return next(IntegrationNotFoundError({message: 'Failed to locate Integration'}))
+			if (!integration) {
+				throw new Error('Failed to find integration');
+			}
+
+			const membership = await Membership.findOne({
+				user: req.user._id,
+				workspace: integration.workspace
+			});
+
+			if (!membership) {
+				throw new Error('Failed to find integration workspace membership');
+			}
+
+			if (!acceptedRoles.includes(membership.role)) {
+				throw new Error('Failed to validate workspace membership role');
+			}
+
+			if (!acceptedStatuses.includes(membership.status)) {
+				throw new Error('Failed to validate workspace membership status');
+			}
+
+			const integrationAuth = await IntegrationAuth.findOne({
+				_id: integration.integrationAuth
+			}).select(
+				'+refreshCiphertext +refreshIV +refreshTag +accessCiphertext +accessIV +accessTag +accessExpiresAt'
+			);
+
+			if (!integrationAuth) {
+				throw new Error('Failed to find integration authorization');
+			}
+
+			req.integration = integration;
+			req.accessToken = await getOAuthAccessToken({ integrationAuth });
+
+			return next();
+		} catch (err) {
+			Sentry.setUser(null);
+			Sentry.captureException(err);
+			return res.status(401).send({
+				error: 'Failed integration authorization'
+			});
 		}
-		
-		await validateMembership({
-			userId: req.user._id.toString(),
-			workspaceId: integration.workspace.toString(),
-			acceptedRoles,
-			acceptedStatuses
-		});
-
-		const integrationAuth = await IntegrationAuth.findOne({
-			_id: integration.integrationAuth
-		}).select(
-			'+refreshCiphertext +refreshIV +refreshTag +accessCiphertext +accessIV +accessTag +accessExpiresAt'
-		);
-
-		if (!integrationAuth) {
-			return next(UnauthorizedRequestError({message: 'Failed to locate Integration Authentication credentials'}))
-		}
-
-		req.integration = integration;
-		req.accessToken = await IntegrationService.getIntegrationAuthAccess({
-			integrationAuthId: integrationAuth._id.toString()
-		});
-
-		return next();
 	};
 };
 

backend/src/middleware/requireIntegrationAuthorizationAuth.ts

@@ -1,9 +1,8 @@
 import * as Sentry from '@sentry/node';
 import { Request, Response, NextFunction } from 'express';
-import { IntegrationAuth } from '../models';
-import { IntegrationService } from '../services';
-import { validateMembership } from '../helpers/membership';
-import { UnauthorizedRequestError } from '../utils/errors';
+import { IntegrationAuth, Membership } from '../models';
+import { decryptSymmetric } from '../utils/crypto';
+import { getOAuthAccessToken } from '../helpers/integrationAuth';
 
 /**
  * Validate if user on request is a member of workspace with proper roles associated
@@ -11,45 +10,62 @@ import { UnauthorizedRequestError } from '../utils/errors';
  * @param {Object} obj
  * @param {String[]} obj.acceptedRoles - accepted workspace roles
  * @param {String[]} obj.acceptedStatuses - accepted workspace statuses
- * @param {Boolean} obj.attachAccessToken - whether or not to decrypt and attach integration authorization access token onto request
+ * @param {Boolean} obj.attachRefresh - whether or not to decrypt and attach integration authorization refresh token onto request
  */
 const requireIntegrationAuthorizationAuth = ({
 	acceptedRoles,
-	acceptedStatuses,
-	attachAccessToken = true
+	acceptedStatuses
 }: {
 	acceptedRoles: string[];
 	acceptedStatuses: string[];
-	attachAccessToken?: boolean;
 }) => {
 	return async (req: Request, res: Response, next: NextFunction) => {
-		const { integrationAuthId } = req.params;
+		// (authorization) integration authorization middleware
 
-		const integrationAuth = await IntegrationAuth.findOne({
-			_id: integrationAuthId
-		}).select(
-			'+refreshCiphertext +refreshIV +refreshTag +accessCiphertext +accessIV +accessTag +accessExpiresAt'
-		);
+		try {
+			const { integrationAuthId } = req.params;
 
-		if (!integrationAuth) {
-			return next(UnauthorizedRequestError({message: 'Failed to locate Integration Authorization credentials'}))
-		}
-		
-		await validateMembership({
-			userId: req.user._id.toString(),
-			workspaceId: integrationAuth.workspace.toString(),
-			acceptedRoles,
-			acceptedStatuses
-		});
+			const integrationAuth = await IntegrationAuth.findOne({
+				_id: integrationAuthId
+			}).select(
+				'+refreshCiphertext +refreshIV +refreshTag +accessCiphertext +accessIV +accessTag +accessExpiresAt'
+			);
 
-		req.integrationAuth = integrationAuth;
-		if (attachAccessToken) {
-			req.accessToken = await IntegrationService.getIntegrationAuthAccess({
-				integrationAuthId: integrationAuth._id.toString()
+			if (!integrationAuth) {
+				throw new Error('Failed to find integration authorization');
+			}
+
+			const membership = await Membership.findOne({
+				user: req.user._id,
+				workspace: integrationAuth.workspace
+			});
+
+			if (!membership) {
+				throw new Error(
+					'Failed to find integration authorization workspace membership'
+				);
+			}
+
+			if (!acceptedRoles.includes(membership.role)) {
+				throw new Error('Failed to validate workspace membership role');
+			}
+
+			if (!acceptedStatuses.includes(membership.status)) {
+				throw new Error('Failed to validate workspace membership status');
+			}
+
+			req.integrationAuth = integrationAuth;
+
+			// TODO: make compatible with other integration types since they won't necessarily have access tokens
+			req.accessToken = await getOAuthAccessToken({ integrationAuth });
+			return next();
+		} catch (err) {
+			Sentry.setUser(null);
+			Sentry.captureException(err);
+			return res.status(401).send({
+				error: 'Failed (authorization) integration authorizationt'
 			});
 		}
-		
-		return next();
 	};
 };
 

backend/src/middleware/requireOrganizationAuth.ts

@@ -1,6 +1,6 @@
+import * as Sentry from '@sentry/node';
 import { Request, Response, NextFunction } from 'express';
 import { IOrganization, MembershipOrg } from '../models';
-import { UnauthorizedRequestError, ValidationError } from '../utils/errors';
 
 /**
  * Validate if user on request is a member with proper roles for organization
@@ -19,28 +19,35 @@ const requireOrganizationAuth = ({
 	return async (req: Request, res: Response, next: NextFunction) => {
 		// organization authorization middleware
 
-		// validate organization membership
-		const membershipOrg = await MembershipOrg.findOne({
-			user: req.user._id,
-			organization: req.params.organizationId
-		}).populate<{ organization: IOrganization }>('organization');
+		try {
+			// validate organization membership
+			const membershipOrg = await MembershipOrg.findOne({
+				user: req.user._id,
+				organization: req.params.organizationId
+			}).populate<{ organization: IOrganization }>('organization');
 
+			if (!membershipOrg) {
+				throw new Error('Failed to find organization membership');
+			}
 
-		if (!membershipOrg) {
-			return next(UnauthorizedRequestError({message: "You're not a member of this Organization."}))
+			if (!acceptedRoles.includes(membershipOrg.role)) {
+				throw new Error('Failed to validate organization membership role');
+			}
+
+			if (!acceptedStatuses.includes(membershipOrg.status)) {
+				throw new Error('Failed to validate organization membership status');
+			}
+
+			req.membershipOrg = membershipOrg;
+
+			return next();
+		} catch (err) {
+			Sentry.setUser(null);
+			Sentry.captureException(err);
+			return res.status(401).send({
+				error: 'Failed organization authorization'
+			});
 		}
-		//TODO is this important to validate? I mean is it possible to save wrong role to database or get wrong role from databse? - Zamion101
-		if (!acceptedRoles.includes(membershipOrg.role)) {
-			return next(ValidationError({message: 'Failed to validate Organization Membership Role'}))
-		}
-
-		if (!acceptedStatuses.includes(membershipOrg.status)) {
-			return next(ValidationError({message: 'Failed to validate Organization Membership Status'}))
-		}
-
-		req.membershipOrg = membershipOrg;
-
-		return next();
 	};
 };
 

backend/src/middleware/requireServiceTokenAuth.ts

@@ -1,8 +1,8 @@
 import jwt from 'jsonwebtoken';
 import { Request, Response, NextFunction } from 'express';
+import * as Sentry from '@sentry/node';
 import { ServiceToken } from '../models';
 import { JWT_SERVICE_SECRET } from '../config';
-import { BadRequestError, UnauthorizedRequestError } from '../utils/errors';
 
 declare module 'jsonwebtoken' {
 	export interface UserIDJwtPayload extends jwt.JwtPayload {
@@ -24,27 +24,33 @@ const requireServiceTokenAuth = async (
 	next: NextFunction
 ) => {
 	// JWT service token middleware
-	
-	const [ AUTH_TOKEN_TYPE, AUTH_TOKEN_VALUE ] = <[string, string]>req.headers['authorization']?.split(' ', 2) ?? [null, null]
-	if(AUTH_TOKEN_TYPE === null) return next(BadRequestError({message: `Missing Authorization Header in the request header.`}))
-	//TODO: Determine what is the actual Token Type for Service Token Authentication (ex. Bearer)
-	//if(AUTH_TOKEN_TYPE.toLowerCase() !== 'bearer') return next(UnauthorizedRequestError({message: `The provided authentication type '${AUTH_TOKEN_TYPE}' is not supported.`}))
-	if(AUTH_TOKEN_VALUE === null) return next(BadRequestError({message: 'Missing Authorization Body in the request header'}))
+	try {
+		if (!req.headers?.authorization)
+			throw new Error('Failed to locate authorization header');
 
-	const decodedToken = <jwt.UserIDJwtPayload>(
-		jwt.verify(AUTH_TOKEN_VALUE, JWT_SERVICE_SECRET)
-	);
+		const token = req.headers.authorization.split(' ')[1];
 
-	const serviceToken = await ServiceToken.findOne({
-		_id: decodedToken.serviceTokenId
-	})
-		.populate('user', '+publicKey')
-		.select('+encryptedKey +publicKey +nonce');
+		const decodedToken = <jwt.UserIDJwtPayload>(
+			jwt.verify(token, JWT_SERVICE_SECRET)
+		);
 
-	if (!serviceToken) return next(UnauthorizedRequestError({message: 'The service token does not match the record in the database'}))
+		const serviceToken = await ServiceToken.findOne({
+			_id: decodedToken.serviceTokenId
+		})
+			.populate('user', '+publicKey')
+			.select('+encryptedKey +publicKey +nonce');
 
-	req.serviceToken = serviceToken;
-	return next();
+		if (!serviceToken) throw new Error('Failed to find service token');
+
+		req.serviceToken = serviceToken;
+		return next();
+	} catch (err) {
+		Sentry.setUser(null);
+		Sentry.captureException(err);
+		return res.status(401).send({
+			error: 'Failed to authenticate service token'
+		});
+	}
 };
 
 export default requireServiceTokenAuth;

backend/src/middleware/requireSignupAuth.ts

@@ -1,8 +1,8 @@
 import jwt from 'jsonwebtoken';
 import { Request, Response, NextFunction } from 'express';
+import * as Sentry from '@sentry/node';
 import { User } from '../models';
 import { JWT_SIGNUP_SECRET } from '../config';
-import { BadRequestError, UnauthorizedRequestError } from '../utils/errors';
 
 declare module 'jsonwebtoken' {
 	export interface UserIDJwtPayload extends jwt.JwtPayload {
@@ -21,24 +21,32 @@ const requireSignupAuth = async (
 ) => {
 	// JWT (temporary) authentication middleware for complete signup
 
-	const [ AUTH_TOKEN_TYPE, AUTH_TOKEN_VALUE ] = <[string, string]>req.headers['authorization']?.split(' ', 2) ?? [null, null]
-	if(AUTH_TOKEN_TYPE === null) return next(BadRequestError({message: `Missing Authorization Header in the request header.`}))
-	if(AUTH_TOKEN_TYPE.toLowerCase() !== 'bearer') return next(BadRequestError({message: `The provided authentication type '${AUTH_TOKEN_TYPE}' is not supported.`}))
-	if(AUTH_TOKEN_VALUE === null) return next(BadRequestError({message: 'Missing Authorization Body in the request header'}))
-	
-	const decodedToken = <jwt.UserIDJwtPayload>(
-		jwt.verify(AUTH_TOKEN_VALUE, JWT_SIGNUP_SECRET)
-	);
+	try {
+		if (!req.headers?.authorization)
+			throw new Error('Failed to locate authorization header');
 
-	const user = await User.findOne({
-		_id: decodedToken.userId
-	}).select('+publicKey');
+		const token = req.headers.authorization.split(' ')[1];
+		const decodedToken = <jwt.UserIDJwtPayload>(
+			jwt.verify(token, JWT_SIGNUP_SECRET)
+		);
 
-	if (!user)
-		return next(UnauthorizedRequestError({message: 'Unable to authenticate for User account completion. Try logging in again'}))
+		const user = await User.findOne({
+			_id: decodedToken.userId
+		}).select('+publicKey');
 
-	req.user = user;
-	return next();
+		if (!user)
+			throw new Error('Failed to temporarily authenticate unfound user');
+
+		req.user = user;
+		return next();
+	} catch (err) {
+		Sentry.setUser(null);
+		Sentry.captureException(err);
+		return res.status(401).send({
+			error:
+				'Failed to temporarily authenticate user for complete account. Try logging in'
+		});
+	}
 };
 
 export default requireSignupAuth;

backend/src/middleware/requireWorkspaceAuth.ts

@@ -1,6 +1,6 @@
+import * as Sentry from '@sentry/node';
 import { Request, Response, NextFunction } from 'express';
-import { validateMembership } from '../helpers/membership';
-import { UnauthorizedRequestError } from '../utils/errors';
+import { Membership, IWorkspace } from '../models';
 
 type req = 'params' | 'body' | 'query';
 
@@ -25,18 +25,34 @@ const requireWorkspaceAuth = ({
 		// workspace authorization middleware
 
 		try {
-			const membership = await validateMembership({
-				userId: req.user._id.toString(),
-				workspaceId: req[location].workspaceId,
-				acceptedRoles,
-				acceptedStatuses
-			});
+			// validate workspace membership
+
+			const membership = await Membership.findOne({
+				user: req.user._id,
+				workspace: req[location].workspaceId
+			}).populate<{ workspace: IWorkspace }>('workspace');
+
+			if (!membership) {
+				throw new Error('Failed to find workspace membership');
+			}
+
+			if (!acceptedRoles.includes(membership.role)) {
+				throw new Error('Failed to validate workspace membership role');
+			}
+
+			if (!acceptedStatuses.includes(membership.status)) {
+				throw new Error('Failed to validate workspace membership status');
+			}
 
 			req.membership = membership;
 
 			return next();
 		} catch (err) {
-			return next(UnauthorizedRequestError({message: 'Unable to authenticate workspace'}))
+			Sentry.setUser(null);
+			Sentry.captureException(err);
+			return res.status(401).send({
+				error: 'Failed workspace authorization'
+			});
 		}
 	};
 };

backend/src/middleware/validateRequest.ts

@@ -1,6 +1,6 @@
 import { Request, Response, NextFunction } from 'express';
+import * as Sentry from '@sentry/node';
 import { validationResult } from 'express-validator';
-import { BadRequestError, UnauthorizedRequestError } from '../utils/errors';
 
 /**
  * Validate intended inputs on [req] via express-validator
@@ -15,12 +15,16 @@ const validate = (req: Request, res: Response, next: NextFunction) => {
 	try {
 		const errors = validationResult(req);
 		if (!errors.isEmpty()) {
-			return next(BadRequestError({context: {errors: errors.array}}))
+			return res.status(400).json({ errors: errors.array() });
 		}
 
 		return next();
 	} catch (err) {
-		return next(UnauthorizedRequestError({message: 'Unauthenticated requests are not allowed. Try logging in'}))
+		Sentry.setUser(null);
+		Sentry.captureException(err);
+		return res.status(401).send({
+			error: "Looks like you're unauthenticated . Try logging in"
+		});
 	}
 };
 

backend/src/models/bot.ts

@@ -1,57 +0,0 @@
-import { Schema, model, Types } from 'mongoose';
-
-export interface IBot {
-	_id: Types.ObjectId;
-    name: string;
-    workspace: Types.ObjectId;
-    isActive: boolean;
-    publicKey: string;
-    encryptedPrivateKey: string;
-    iv: string;
-    tag: string;
-}
-
-const botSchema = new Schema<IBot>(
-	{
-        name: {
-            type: String,
-            required: true
-        },
-        workspace: {
-            type: Schema.Types.ObjectId,
-            ref: 'Workspace',
-            required: true
-        },
-        isActive: {
-            type: Boolean,
-            required: true,
-            default: false
-        },
-        publicKey: {
-            type: String,
-            required: true
-        },
-        encryptedPrivateKey: {
-            type: String,
-            required: true,
-            select: false
-        },
-        iv: {
-            type: String,
-            required: true,
-            select: false
-        },
-        tag: {
-            type: String,
-            required: true,
-            select: false
-        }
-	},
-	{
-		timestamps: true
-	}
-);
-
-const Bot = model<IBot>('Bot', botSchema);
-
-export default Bot;

backend/src/models/botKey.ts

@@ -1,45 +0,0 @@
-import { Schema, model, Types } from 'mongoose';
-
-export interface IBotKey {
-	_id: Types.ObjectId;
-	encryptedKey: string;
-	nonce: string;
-	sender: Types.ObjectId;
-	bot: Types.ObjectId;
-	workspace: Types.ObjectId;
-}
-
-const botKeySchema = new Schema<IBotKey>(
-	{
-		encryptedKey: {
-			type: String,
-			required: true
-		},
-		nonce: {
-			type: String,
-			required: true
-		},
-		sender: {
-			type: Schema.Types.ObjectId,
-			ref: 'User',
-			required: true
-		},
-		bot: {
-			type: Schema.Types.ObjectId,
-			ref: 'Bot',
-			required: true
-		},
-		workspace: {
-			type: Schema.Types.ObjectId,
-			ref: 'Workspace',
-			required: true
-		}
-	},
-	{
-		timestamps: true
-	}
-);
-
-const BotKey = model<IBotKey>('BotKey', botKeySchema);
-
-export default BotKey;

backend/src/models/index.ts

@@ -1,6 +1,4 @@
 import BackupPrivateKey, { IBackupPrivateKey } from './backupPrivateKey';
-import Bot, { IBot } from './bot';
-import BotKey, { IBotKey } from './botKey';
 import IncidentContactOrg, { IIncidentContactOrg } from './incidentContactOrg';
 import Integration, { IIntegration } from './integration';
 import IntegrationAuth, { IIntegrationAuth } from './integrationAuth';
@@ -18,10 +16,6 @@ import Workspace, { IWorkspace } from './workspace';
 export {
 	BackupPrivateKey,
 	IBackupPrivateKey,
-	Bot,
-	IBot,
-	BotKey,
-	IBotKey,
 	IncidentContactOrg,
 	IIncidentContactOrg,
 	Integration,

backend/src/models/integration.ts

@@ -1,83 +1,59 @@
 import { Schema, model, Types } from 'mongoose';
 import {
-  ENV_DEV,
-  ENV_TESTING,
-  ENV_STAGING,
-  ENV_PROD,
-  INTEGRATION_HEROKU,
-  INTEGRATION_VERCEL,
-  INTEGRATION_NETLIFY,
-  INTEGRATION_GITHUB
+	ENV_DEV,
+	ENV_TESTING,
+	ENV_STAGING,
+	ENV_PROD,
+	INTEGRATION_HEROKU,
+	INTEGRATION_NETLIFY
 } from '../variables';
 
 export interface IIntegration {
-  _id: Types.ObjectId;
-  workspace: Types.ObjectId;
-  environment: 'dev' | 'test' | 'staging' | 'prod';
-  isActive: boolean;
-  app: string;
-  target: string;
-  context: string;
-  siteId: string;
-  integration: 'heroku' | 'vercel' | 'netlify' | 'github';
-  integrationAuth: Types.ObjectId;
+	_id: Types.ObjectId;
+	workspace: Types.ObjectId;
+	environment: 'dev' | 'test' | 'staging' | 'prod';
+	isActive: boolean;
+	app: string;
+	integration: 'heroku' | 'netlify';
+	integrationAuth: Types.ObjectId;
 }
 
 const integrationSchema = new Schema<IIntegration>(
-  {
-    workspace: {
-      type: Schema.Types.ObjectId,
-      ref: 'Workspace',
-      required: true
-    },
-    environment: {
-      type: String,
-      enum: [ENV_DEV, ENV_TESTING, ENV_STAGING, ENV_PROD],
-      required: true
-    },
-    isActive: {
-      type: Boolean,
-      required: true
-    },
-    app: {
-      // name of app in provider
-      type: String,
-      default: null
-    },
-    target: {
-      // vercel-specific target (environment)
-      type: String,
-      default: null
-    },
-    context: {
-      // netlify-specific context (deploy)
-      type: String,
-      default: null
-    },
-    siteId: {
-      // netlify-specific site (app) id
-      type: String,
-      default: null
-    },
-    integration: {
-      type: String,
-      enum: [
-        INTEGRATION_HEROKU,
-        INTEGRATION_VERCEL,
-        INTEGRATION_NETLIFY,
-        INTEGRATION_GITHUB
-      ],
-      required: true
-    },
-    integrationAuth: {
-      type: Schema.Types.ObjectId,
-      ref: 'IntegrationAuth',
-      required: true
-    }
-  },
-  {
-    timestamps: true
-  }
+	{
+		workspace: {
+			type: Schema.Types.ObjectId,
+			ref: 'Workspace',
+			required: true
+		},
+		environment: {
+			type: String,
+			enum: [ENV_DEV, ENV_TESTING, ENV_STAGING, ENV_PROD],
+			required: true
+		},
+		isActive: {
+			type: Boolean,
+			required: true
+		},
+		app: {
+			// name of app in provider
+			type: String,
+			default: null,
+			required: true
+		},
+		integration: {
+			type: String,
+			enum: [INTEGRATION_HEROKU, INTEGRATION_NETLIFY],
+			required: true
+		},
+		integrationAuth: {
+			type: Schema.Types.ObjectId,
+			ref: 'IntegrationAuth',
+			required: true
+		}
+	},
+	{
+		timestamps: true
+	}
 );
 
 const Integration = model<IIntegration>('Integration', integrationSchema);

backend/src/models/integrationAuth.ts

@@ -1,87 +1,67 @@
 import { Schema, model, Types } from 'mongoose';
-import {
-  INTEGRATION_HEROKU,
-  INTEGRATION_VERCEL,
-  INTEGRATION_NETLIFY,
-  INTEGRATION_GITHUB
-} from '../variables';
+import { INTEGRATION_HEROKU, INTEGRATION_NETLIFY } from '../variables';
 
 export interface IIntegrationAuth {
-  _id: Types.ObjectId;
-  workspace: Types.ObjectId;
-  integration: 'heroku' | 'vercel' | 'netlify' | 'github';
-  teamId: string;
-  accountId: string;
-  refreshCiphertext?: string;
-  refreshIV?: string;
-  refreshTag?: string;
-  accessCiphertext?: string;
-  accessIV?: string;
-  accessTag?: string;
-  accessExpiresAt?: Date;
+	_id: Types.ObjectId;
+	workspace: Types.ObjectId;
+	integration: 'heroku' | 'netlify';
+	refreshCiphertext?: string;
+	refreshIV?: string;
+	refreshTag?: string;
+	accessCiphertext?: string;
+	accessIV?: string;
+	accessTag?: string;
+	accessExpiresAt?: Date;
 }
 
 const integrationAuthSchema = new Schema<IIntegrationAuth>(
-  {
-    workspace: {
-      type: Schema.Types.ObjectId,
-      required: true
-    },
-    integration: {
-      type: String,
-      enum: [
-        INTEGRATION_HEROKU,
-        INTEGRATION_VERCEL,
-        INTEGRATION_NETLIFY,
-        INTEGRATION_GITHUB
-      ],
-      required: true
-    },
-    teamId: {
-      // vercel-specific integration param
-      type: String
-    },
-    accountId: {
-      // netlify-specific integration param
-      type: String
-    },
-    refreshCiphertext: {
-      type: String,
-      select: false
-    },
-    refreshIV: {
-      type: String,
-      select: false
-    },
-    refreshTag: {
-      type: String,
-      select: false
-    },
-    accessCiphertext: {
-      type: String,
-      select: false
-    },
-    accessIV: {
-      type: String,
-      select: false
-    },
-    accessTag: {
-      type: String,
-      select: false
-    },
-    accessExpiresAt: {
-      type: Date,
-      select: false
-    }
-  },
-  {
-    timestamps: true
-  }
+	{
+		workspace: {
+			type: Schema.Types.ObjectId,
+			required: true
+		},
+		integration: {
+			type: String,
+			enum: [INTEGRATION_HEROKU, INTEGRATION_NETLIFY],
+			required: true
+		},
+		refreshCiphertext: {
+			type: String,
+			select: false
+		},
+		refreshIV: {
+			type: String,
+			select: false
+		},
+		refreshTag: {
+			type: String,
+			select: false
+		},
+		accessCiphertext: {
+			type: String,
+			select: false
+		},
+		accessIV: {
+			type: String,
+			select: false
+		},
+		accessTag: {
+			type: String,
+			select: false
+		},
+		accessExpiresAt: {
+			type: Date,
+			select: false
+		}
+	},
+	{
+		timestamps: true
+	}
 );
 
 const IntegrationAuth = model<IIntegrationAuth>(
-  'IntegrationAuth',
-  integrationAuthSchema
+	'IntegrationAuth',
+	integrationAuthSchema
 );
 
 export default IntegrationAuth;

backend/src/models/token.ts

@@ -2,30 +2,25 @@ import { Schema, model } from 'mongoose';
 import { EMAIL_TOKEN_LIFETIME } from '../config';
 
 export interface IToken {
-  email: string;
-  token: string;
-  createdAt: Date;
+	email: String;
+	token: String;
+	createdAt: Date;
 }
 
 const tokenSchema = new Schema<IToken>({
-  email: {
-    type: String,
-    required: true
-  },
-  token: {
-    type: String,
-    required: true
-  },
-  createdAt: {
-    type: Date,
-    default: Date.now
-  }
-});
-
-tokenSchema.index({ 
-  createdAt: 1 
-}, { 
-  expireAfterSeconds: parseInt(EMAIL_TOKEN_LIFETIME) 
+	email: {
+		type: String,
+		required: true
+	},
+	token: {
+		type: String,
+		required: true
+	},
+	createdAt: {
+		type: Date,
+		expires: EMAIL_TOKEN_LIFETIME,
+		default: Date.now
+	}
 });
 
 const Token = model<IToken>('Token', tokenSchema);

backend/src/routes/auth.ts

@@ -5,24 +5,28 @@ import { requireAuth, validateRequest } from '../middleware';
 import { authController } from '../controllers';
 import { loginLimiter } from '../helpers/rateLimiter';
 
-router.post('/token', validateRequest, authController.getNewToken);
-
 router.post(
-  '/login1',
-  loginLimiter,
-  body('email').exists().trim().notEmpty(),
-  body('clientPublicKey').exists().trim().notEmpty(),
-  validateRequest,
-  authController.login1
+	'/token',
+	validateRequest,
+	authController.getNewToken
 );
 
 router.post(
-  '/login2',
-  loginLimiter,
-  body('email').exists().trim().notEmpty(),
-  body('clientProof').exists().trim().notEmpty(),
-  validateRequest,
-  authController.login2
+	'/login1',
+	loginLimiter,
+	body('email').exists().trim().notEmpty(),
+	body('clientPublicKey').exists().trim().notEmpty(),
+	validateRequest,
+	authController.login1
+);
+
+router.post(
+	'/login2',
+	loginLimiter,
+	body('email').exists().trim().notEmpty(),
+	body('clientProof').exists().trim().notEmpty(),
+	validateRequest,
+	authController.login2
 );
 
 router.post('/logout', requireAuth, authController.logout);

backend/src/routes/bot.ts

@@ -1,38 +0,0 @@
-import express from 'express';
-const router = express.Router();
-import { body, param } from 'express-validator';
-import {
-    requireAuth,
-    requireBotAuth,
-    requireWorkspaceAuth,
-    validateRequest
-} from '../middleware';
-import { botController } from '../controllers';
-import { ADMIN, MEMBER, COMPLETED, GRANTED } from '../variables';
-
-router.get(
-    '/:workspaceId',
-	requireAuth,
-	requireWorkspaceAuth({
-		acceptedRoles: [ADMIN, MEMBER],
-		acceptedStatuses: [COMPLETED, GRANTED]
-	}),
-    param('workspaceId').exists().trim().notEmpty(),
-    validateRequest,
-    botController.getBotByWorkspaceId
-);
-
-router.patch(
-    '/:botId/active',
-    requireAuth,
-    requireBotAuth({
-		acceptedRoles: [ADMIN, MEMBER],
-		acceptedStatuses: [COMPLETED, GRANTED]
-    }),
-    body('isActive').isBoolean(),
-    body('botKey'),
-    validateRequest,
-    botController.setBotActiveState
-);
-
-export default router;

backend/src/routes/index.ts

@@ -1,5 +1,4 @@
 import signup from './signup';
-import bot from './bot';
 import auth from './auth';
 import user from './user';
 import userAction from './userAction';
@@ -19,7 +18,6 @@ import integrationAuth from './integrationAuth';
 export {
 	signup,
 	auth,
-	bot,
 	user,
 	userAction,
 	organization,

backend/src/routes/integration.ts

@@ -9,6 +9,22 @@ import { ADMIN, MEMBER, GRANTED } from '../variables';
 import { body, param } from 'express-validator';
 import { integrationController } from '../controllers';
 
+router.get('/integrations', requireAuth, integrationController.getIntegrations);
+
+router.post(
+	'/:integrationId/sync',
+	requireAuth,
+	requireIntegrationAuth({
+		acceptedRoles: [ADMIN, MEMBER],
+		acceptedStatuses: [GRANTED]
+	}),
+	param('integrationId').exists().trim(),
+	body('key').exists(),
+	body('secrets').exists(),
+	validateRequest,
+	integrationController.syncIntegration
+);
+
 router.patch(
 	'/:integrationId',
 	requireAuth,
@@ -16,15 +32,10 @@ router.patch(
 		acceptedRoles: [ADMIN, MEMBER],
 		acceptedStatuses: [GRANTED]
 	}),
-	param('integrationId').exists().trim(),
-	body('app').exists().trim(),
-	body('environment').exists().trim(),
-	body('isActive').exists().isBoolean(),
-	body('target').exists(),
-	body('context').exists(),
-	body('siteId').exists(),
+	param('integrationId'),
+	body('update'),
 	validateRequest,
-	integrationController.updateIntegration
+	integrationController.modifyIntegration
 );
 
 router.delete(
@@ -34,7 +45,7 @@ router.delete(
 		acceptedRoles: [ADMIN, MEMBER],
 		acceptedStatuses: [GRANTED]
 	}),
-	param('integrationId').exists().trim(),
+	param('integrationId'),
 	validateRequest,
 	integrationController.deleteIntegration
 );

backend/src/routes/integrationAuth.ts

@@ -10,12 +10,6 @@ import {
 import { ADMIN, MEMBER, GRANTED } from '../variables';
 import { integrationAuthController } from '../controllers';
 
-router.get(
-	'/integration-options',
-	requireAuth,
-	integrationAuthController.getIntegrationOptions
-);
-
 router.post(
 	'/oauth-token',
 	requireAuth,
@@ -28,7 +22,7 @@ router.post(
 	body('code').exists().trim().notEmpty(),
 	body('integration').exists().trim().notEmpty(),
 	validateRequest,
-	integrationAuthController.oAuthExchange
+	integrationAuthController.integrationAuthOauthExchange
 );
 
 router.get(
@@ -48,8 +42,7 @@ router.delete(
 	requireAuth,
 	requireIntegrationAuthorizationAuth({
 		acceptedRoles: [ADMIN, MEMBER],
-		acceptedStatuses: [GRANTED],
-		attachAccessToken: false
+		acceptedStatuses: [GRANTED]
 	}),
 	param('integrationAuthId'),
 	validateRequest,

backend/src/routes/key.ts

@@ -34,4 +34,6 @@ router.get(
 	keyController.getLatestKey
 );
 
+router.get('/publicKey/infisical', keyController.getPublicKeyInfisical);
+
 export default router;

backend/src/routes/password.ts

@@ -1,7 +1,7 @@
 import express from 'express';
 const router = express.Router();
 import { body } from 'express-validator';
-import { requireAuth, requireSignupAuth, validateRequest } from '../middleware';
+import { requireAuth, validateRequest } from '../middleware';
 import { passwordController } from '../controllers';
 import { passwordLimiter } from '../helpers/rateLimiter';
 
@@ -27,30 +27,6 @@ router.post(
 	passwordController.changePassword
 );
 
-router.post(
-	'/email/password-reset',
-	passwordLimiter,
-	body('email').exists().trim().notEmpty(),
-	validateRequest,
-	passwordController.emailPasswordReset
-);
-
-router.post(
-	'/email/password-reset-verify',
-	passwordLimiter,
-	body('email').exists().trim().notEmpty().isEmail(),
-	body('code').exists().trim().notEmpty(),
-	validateRequest,
-	passwordController.emailPasswordResetVerify
-);
-
-router.get(
-	'/backup-private-key',
-	passwordLimiter,
-	requireSignupAuth,
-	passwordController.getBackupPrivateKey
-);
-
 router.post(
 	'/backup-private-key',
 	passwordLimiter,
@@ -65,16 +41,4 @@ router.post(
 	passwordController.createBackupPrivateKey
 );
 
-router.post(
-	'/password-reset',
-	requireSignupAuth,
-	body('encryptedPrivateKey').exists().trim().notEmpty(), // private key encrypted under new pwd
-	body('iv').exists().trim().notEmpty(), // new iv for private key
-	body('tag').exists().trim().notEmpty(), // new tag for private key 
-	body('salt').exists().trim().notEmpty(), // part of new pwd
-	body('verifier').exists().trim().notEmpty(), // part of new pwd
-	validateRequest,
-	passwordController.resetPassword
-);
-
-export default router;
+export default router;

backend/src/services/BotService.ts

@@ -1,82 +0,0 @@
-import {
-    getSecretsHelper,
-    encryptSymmetricHelper,
-    decryptSymmetricHelper
-} from '../helpers/bot';
-
-/**
- * Class to handle bot actions
- */
-class BotService {
-    
-    /**
-     * Return decrypted secrets for workspace with id [workspaceId] and 
-     * environment [environmen] shared to bot.
-     * @param {Object} obj
-     * @param {String} obj.workspaceId - id of workspace of secrets
-     * @param {String} obj.environment - environment for secrets
-     * @returns {Object} secretObj - object where keys are secret keys and values are secret values
-     */
-    static async getSecrets({
-        workspaceId,
-        environment
-    }: {
-        workspaceId: string;
-        environment: string;
-    }) {
-        return await getSecretsHelper({
-            workspaceId,
-            environment
-        });
-    }
-    
-    /**
-     * Return symmetrically encrypted [plaintext] using the
-     * bot's copy of the workspace key for workspace with id [workspaceId] 
-     * @param {Object} obj
-     * @param {String} obj.workspaceId - id of workspace
-     * @param {String} obj.plaintext - plaintext to encrypt
-     */
-    static async encryptSymmetric({
-        workspaceId,
-        plaintext
-    }: {
-        workspaceId: string;
-        plaintext: string;
-    }) {
-        return await encryptSymmetricHelper({
-            workspaceId,
-            plaintext
-        });
-    }
-    
-    /**
-     * Return symmetrically decrypted [ciphertext] using the
-     * bot's copy of the workspace key for workspace with id [workspaceId]
-     * @param {Object} obj
-     * @param {String} obj.workspaceId - id of workspace
-     * @param {String} obj.ciphertext - ciphertext to decrypt
-     * @param {String} obj.iv - iv
-     * @param {String} obj.tag - tag
-     */
-    static async decryptSymmetric({
-        workspaceId,
-        ciphertext,
-        iv,
-        tag
-    }: {
-        workspaceId: string;
-        ciphertext: string;
-        iv: string;
-        tag: string;
-    }) {
-        return await decryptSymmetricHelper({
-            workspaceId,
-            ciphertext,
-            iv,
-            tag
-        });
-    }
-}
-
-export default BotService;

backend/src/services/EventService.ts

@@ -1,30 +0,0 @@
-import { Bot, IBot } from '../models';
-import * as Sentry from '@sentry/node';
-import { handleEventHelper } from '../helpers/event';
-
-interface Event {
-    name: string;
-    workspaceId: string;
-    payload: any;
-}
-
-/**
- * Class to handle events.
- */
-class EventService {
-    /**
-     * Handle event [event]
-     * @param {Object} obj
-     * @param {Event} obj.event - an event
-     * @param {String} obj.event.name - name of event
-     * @param {String} obj.event.workspaceId - id of workspace that event is part of
-     * @param {Object} obj.event.payload - payload of event (depends on event)
-     */
-    static async handleEvent({ event }: { event: Event }): Promise<void> {
-        await handleEventHelper({
-            event
-        });
-    }
-}
-
-export default EventService;

backend/src/services/IntegrationService.ts

@@ -1,145 +0,0 @@
-import * as Sentry from '@sentry/node';
-import {
-    Integration
-} from '../models';
-import { 
-    handleOAuthExchangeHelper,
-    syncIntegrationsHelper,
-    getIntegrationAuthRefreshHelper,
-    getIntegrationAuthAccessHelper,
-    setIntegrationAuthRefreshHelper,
-    setIntegrationAuthAccessHelper,
-} from '../helpers/integration';
-import { exchangeCode } from '../integrations';
-import { 
-    ENV_DEV, 
-    EVENT_PUSH_SECRETS
-} from '../variables';
-
-// should sync stuff be here too? Probably.
-// TODO: move bot functions to IntegrationService.
-
-/**
- * Class to handle integrations
- */
-class IntegrationService {
-    
-    /**
-     * Perform OAuth2 code-token exchange for workspace with id [workspaceId] and integration
-     * named [integration]
-     * - Store integration access and refresh tokens returned from the OAuth2 code-token exchange
-     * - Add placeholder inactive integration
-     * - Create bot sequence for integration
-     * @param {Object} obj
-     * @param {String} obj.workspaceId - id of workspace
-     * @param {String} obj.integration - name of integration 
-     * @param {String} obj.code - code
-     */
-    static async handleOAuthExchange({ 
-        workspaceId,
-        integration,
-        code
-    }: { 
-        workspaceId: string;
-        integration: string;
-        code: string;
-    }) {
-        await handleOAuthExchangeHelper({
-            workspaceId,
-            integration,
-            code
-        });
-    }
-    
-    /**
-     * Sync/push environment variables in workspace with id [workspaceId] to
-     * all associated integrations
-     * @param {Object} obj
-     * @param {Object} obj.workspaceId - id of workspace
-     */
-    static async syncIntegrations({
-        workspaceId
-    }: {
-        workspaceId: string;
-    }) {
-        return await syncIntegrationsHelper({
-            workspaceId
-        });
-    }
-    
-    /**
-     * Return decrypted refresh token for integration auth
-     * with id [integrationAuthId]
-     * @param {Object} obj
-     * @param {String} obj.integrationAuthId - id of integration auth
-     * @param {String} refreshToken - decrypted refresh token
-     */
-    static async getIntegrationAuthRefresh({ integrationAuthId }: { integrationAuthId: string}) {
-        return await getIntegrationAuthRefreshHelper({
-            integrationAuthId
-        });
-    }
-    
-    /**
-     * Return decrypted access token for integration auth
-     * with id [integrationAuthId]
-     * @param {Object} obj
-     * @param {String} obj.integrationAuthId - id of integration auth
-     * @param {String} accessToken - decrypted access token
-     */
-    static async getIntegrationAuthAccess({ integrationAuthId }: { integrationAuthId: string}) {
-        return await getIntegrationAuthAccessHelper({
-            integrationAuthId
-        });
-    }
-
-    /**
-     * Encrypt refresh token [refreshToken] using the bot's copy
-     * of the workspace key for workspace belonging to integration auth
-     * with id [integrationAuthId]
-     * @param {Object} obj
-     * @param {String} obj.integrationAuthId - id of integration auth
-     * @param {String} obj.refreshToken - refresh token
-     * @returns {IntegrationAuth} integrationAuth - updated integration auth
-     */
-    static async setIntegrationAuthRefresh({ 
-        integrationAuthId,
-        refreshToken 
-    }: { 
-        integrationAuthId: string; 
-        refreshToken: string;
-    }) {
-        return await setIntegrationAuthRefreshHelper({
-            integrationAuthId,
-            refreshToken
-        });
-    }
-
-    /**
-     * Encrypt access token [accessToken] using the bot's copy
-     * of the workspace key for workspace belonging to integration auth
-     * with id [integrationAuthId]
-     * @param {Object} obj
-     * @param {String} obj.integrationAuthId - id of integration auth
-     * @param {String} obj.accessToken - access token
-     * @param {String} obj.accessExpiresAt - expiration date of access token
-     * @returns {IntegrationAuth} - updated integration auth
-     */
-    static async setIntegrationAuthAccess({ 
-        integrationAuthId,
-        accessToken,
-        accessExpiresAt
-    }: { 
-        integrationAuthId: string;
-        accessToken: string;
-        accessExpiresAt: Date;
-    }) {
-        return await setIntegrationAuthAccessHelper({
-            integrationAuthId,
-            accessToken,
-            accessExpiresAt
-        });
-    }
-}
-
-export default IntegrationService;

backend/src/services/PostHogClient.ts

@@ -1,27 +1,15 @@
 import { PostHog } from 'posthog-node';
-import {
-  NODE_ENV,
-  POSTHOG_HOST,
-  POSTHOG_PROJECT_API_KEY,
-  TELEMETRY_ENABLED
-} from '../config';
-import { getLogger } from '../utils/logger';
-
-if(TELEMETRY_ENABLED){
-  getLogger("backend-main").info([
-    "",
-    "Infisical collects telemetry data about general usage.",
-    "The data helps us understand how the product is doing and guide our product development to create the best possible platform; it also helps us demonstrate growth for investors as we support Infisical as open-source software.",
-    "To opt out of telemetry, you can set `TELEMETRY_ENABLED=false` within the environment variables",
-  ].join('\n'))
-}
+import { NODE_ENV, POSTHOG_HOST, POSTHOG_PROJECT_API_KEY, TELEMETRY_ENABLED } from '../config';
 
 let postHogClient: any;
-if (NODE_ENV === 'production' && TELEMETRY_ENABLED) {
-  // case: enable opt-out telemetry in production
-  postHogClient = new PostHog(POSTHOG_PROJECT_API_KEY, {
-    host: POSTHOG_HOST
-  });
+if (
+    NODE_ENV === 'production'
+    && TELEMETRY_ENABLED
+) {
+    // case: enable opt-out telemetry in production
+    postHogClient = new PostHog(POSTHOG_PROJECT_API_KEY, {
+        host: POSTHOG_HOST
+    });
 }
 
-export default postHogClient;
+export default postHogClient;

backend/src/services/database.ts

@@ -1,10 +0,0 @@
-import mongoose from 'mongoose';
-import { getLogger } from '../utils/logger';
-
-export const initDatabase = (MONGO_URL: string) => {
-  mongoose
-    .connect(MONGO_URL)
-    .then(() => getLogger("database").info("Database connection established"))
-    .catch((e) => getLogger("database").error(`Unable to establish Database connection due to the error.\n${e}`));
-  return mongoose.connection;
-};

backend/src/services/health.ts

@@ -1,32 +0,0 @@
-import mongoose from 'mongoose';
-import { createTerminus } from '@godaddy/terminus';
-import { getLogger } from '../utils/logger';
-
-export const setUpHealthEndpoint = <T>(server: T) => {
-  const onSignal = () => {
-    getLogger('backend-main').info('Server is starting clean-up');
-    return Promise.all([
-      new Promise((resolve) => {
-        if (mongoose.connection && mongoose.connection.readyState == 1) {
-          mongoose.connection.close()
-            .then(() => resolve('Database connection closed'));
-        } else {
-          resolve('Database connection already closed');
-        }
-      })
-    ]);
-  };
-
-  const healthCheck = () => {
-    // `state.isShuttingDown` (boolean) shows whether the server is shutting down or not
-    // optionally include a resolve value to be included as info in the health check response
-    return Promise.resolve();
-  };
-
-  createTerminus(server, {
-    healthChecks: {
-      '/healthcheck': healthCheck,
-      onSignal
-    }
-  });
-};

backend/src/services/index.ts

@@ -1,11 +1,5 @@
 import postHogClient from './PostHogClient';
-import BotService from './BotService';
-import EventService from './EventService';
-import IntegrationService from './IntegrationService';
 
 export {
-    postHogClient,
-    BotService,
-    EventService,
-    IntegrationService
+    postHogClient
 }

backend/src/services/smtp.ts

@@ -1,52 +0,0 @@
-import nodemailer from 'nodemailer';
-import { SMTP_HOST, SMTP_PORT, SMTP_USERNAME, SMTP_PASSWORD, SMTP_SECURE } from '../config';
-import { SMTP_HOST_SENDGRID, SMTP_HOST_MAILGUN } from '../variables';
-import SMTPConnection from 'nodemailer/lib/smtp-connection';
-import * as Sentry from '@sentry/node';
-
-const mailOpts: SMTPConnection.Options = {
-  host: SMTP_HOST,
-  port: SMTP_PORT as number
-};
-
-if (SMTP_USERNAME && SMTP_PASSWORD) {
-  mailOpts.auth = {
-    user: SMTP_USERNAME,
-    pass: SMTP_PASSWORD
-  };
-}
-
-if (SMTP_SECURE) {
-  switch (SMTP_HOST) {
-    case SMTP_HOST_SENDGRID:
-      mailOpts.requireTLS = true;
-      break;
-    case SMTP_HOST_MAILGUN:
-      mailOpts.requireTLS = true; 
-      mailOpts.tls = {
-        ciphers: 'TLSv1.2'
-      }
-      break;
-    default:
-      mailOpts.secure = true;
-      break;
-  }
-}
-
-export const initSmtp = () => {
-  const transporter = nodemailer.createTransport(mailOpts);
-  transporter
-    .verify()
-    .then(() => {
-      Sentry.setUser(null);
-      Sentry.captureMessage('SMTP - Successfully connected');
-    })
-    .catch((err) => {
-      Sentry.setUser(null);
-      Sentry.captureException(
-        `SMTP - Failed to connect to ${SMTP_HOST}:${SMTP_PORT} \n\t${err}`
-      );
-    });
-
-  return transporter;
-};

backend/src/templates/organizationInvitation.handlebars

@@ -4,7 +4,7 @@
 <head>
     <meta charset="utf-8">
     <meta http-equiv="x-ua-compatible" content="ie=edge">
-    <title>Organization Invitation</title>
+    <title>Email Verification</title>
 </head>
 <body>
     <h2>Infisical</h2>

backend/src/templates/passwordReset.handlebars

@@ -1,15 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <meta charset="utf-8">
-    <meta http-equiv="x-ua-compatible" content="ie=edge">
-    <title>Account Recovery</title>
-</head>
-<body>
-    <h2>Infisical</h2>
-    <h2>Reset your password</h2>
-    <p>Someone requested a password reset.</p>
-    <a href="{{callback_url}}?token={{token}}&to={{email}}">Reset password</a>
-    <p>If you didn't initiate this request, please contact us immediately at team@infisical.com</p>
-</body>
-</html>

backend/src/templates/workspaceInvitation.handlebars

@@ -3,7 +3,7 @@
 <head>
     <meta charset="utf-8">
     <meta http-equiv="x-ua-compatible" content="ie=edge">
-    <title>Project Invitation</title>
+    <title>Email Verification</title>
 </head>
 <body>
     <h2>Infisical</h2>

backend/src/types/express/index.d.ts

@@ -1,6 +1,5 @@
 import * as express from 'express';
 
-
 // TODO: fix (any) types
 declare global {
 	namespace Express {
@@ -12,7 +11,6 @@ declare global {
 			membershipOrg: any;
 			integration: any;
 			integrationAuth: any;
-			bot: any;
 			serviceToken: any;
 			accessToken: any;
 			query?: any;

backend/src/utils/crypto.ts

@@ -1,22 +1,6 @@
 import nacl from 'tweetnacl';
 import util from 'tweetnacl-util';
 import AesGCM from './aes-gcm';
-import * as Sentry from '@sentry/node';
-
-/**
- * Return new base64, NaCl, public-private key pair.
- * @returns {Object} obj
- * @returns {String} obj.publicKey - base64, NaCl, public key
- * @returns {String} obj.privateKey - base64, NaCl, private key
- */
-const generateKeyPair = () => {
-	const pair = nacl.box.keyPair();
-	
-	return ({
-		publicKey: util.encodeBase64(pair.publicKey),
-		privateKey: util.encodeBase64(pair.secretKey)
-	});
-}
 
 /**
  * Return assymmetrically encrypted [plaintext] using [publicKey] where
@@ -48,8 +32,6 @@ const encryptAsymmetric = ({
 			util.decodeBase64(privateKey)
 		);
 	} catch (err) {
-		Sentry.setUser(null);
-		Sentry.captureException(err);
 		throw new Error('Failed to perform asymmetric encryption');
 	}
 
@@ -89,8 +71,6 @@ const decryptAsymmetric = ({
 			util.decodeBase64(privateKey)
 		);
 	} catch (err) {
-		Sentry.setUser(null);
-		Sentry.captureException(err);
 		throw new Error('Failed to perform asymmetric decryption');
 	}
 
@@ -101,7 +81,7 @@ const decryptAsymmetric = ({
  * Return symmetrically encrypted [plaintext] using [key].
  * @param {Object} obj
  * @param {String} obj.plaintext - plaintext to encrypt
- * @param {String} obj.key - hex key
+ * @param {String} obj.key - 16-byte hex key
  */
 const encryptSymmetric = ({
 	plaintext,
@@ -117,8 +97,6 @@ const encryptSymmetric = ({
 		iv = obj.iv;
 		tag = obj.tag;
 	} catch (err) {
-		Sentry.setUser(null);
-		Sentry.captureException(err);
 		throw new Error('Failed to perform symmetric encryption');
 	}
 
@@ -136,7 +114,7 @@ const encryptSymmetric = ({
  * @param {String} obj.ciphertext - ciphertext to decrypt
  * @param {String} obj.iv - iv
  * @param {String} obj.tag - tag
- * @param {String} obj.key - hex key
+ * @param {String} obj.key - 32-byte hex key
  *
  */
 const decryptSymmetric = ({
@@ -154,8 +132,6 @@ const decryptSymmetric = ({
 	try {
 		plaintext = AesGCM.decrypt(ciphertext, iv, tag, key);
 	} catch (err) {
-		Sentry.setUser(null);
-		Sentry.captureException(err);
 		throw new Error('Failed to perform symmetric decryption');
 	}
 
@@ -163,7 +139,6 @@ const decryptSymmetric = ({
 };
 
 export {
-	generateKeyPair,
 	encryptAsymmetric,
 	decryptAsymmetric,
 	encryptSymmetric,

backend/src/utils/errors.ts

@@ -1,116 +0,0 @@
-import RequestError, { LogLevel, RequestErrorContext } from "./requestError"
-
-//* ----->[GENERAL HTTP ERRORS]<-----
-export const RouteNotFoundError = (error?: Partial<RequestErrorContext>) => new RequestError({
-    logLevel: error?.logLevel ?? LogLevel.INFO,
-    statusCode: error?.statusCode ?? 404,
-    type: error?.type ?? 'route_not_found',
-    message: error?.message ?? 'The requested source was not found',
-    context: error?.context,
-    stack: error?.stack
-})
-
-export const MethodNotAllowedError = (error?: Partial<RequestErrorContext>) => new RequestError({
-    logLevel: error?.logLevel ?? LogLevel.INFO,
-    statusCode: error?.statusCode ?? 405,
-    type: error?.type ?? 'method_not_allowed',
-    message: error?.message ?? 'The requested method is not allowed for the resource',
-    context: error?.context,
-    stack: error?.stack
-})
-
-export const UnauthorizedRequestError = (error?: Partial<RequestErrorContext>) => new RequestError({
-    logLevel: error?.logLevel ?? LogLevel.INFO,
-    statusCode: error?.statusCode ?? 401,
-    type: error?.type ?? 'unauthorized',
-    message: error?.message ?? 'You are not authorized to access this resource',
-    context: error?.context,
-    stack: error?.stack
-})
-  
-export const ForbiddenRequestError = (error?: Partial<RequestErrorContext>) => new RequestError({
-    logLevel: error?.logLevel ?? LogLevel.INFO,
-    statusCode: error?.statusCode ?? 403,
-    type: error?.type ?? 'forbidden',
-    message: error?.message ?? 'You are not allowed to access this resource',
-    context: error?.context,
-    stack: error?.stack
-})
-
-export const BadRequestError = (error?: Partial<RequestErrorContext>) => new RequestError({
-    logLevel: error?.logLevel ?? LogLevel.INFO,
-    statusCode: error?.statusCode ?? 400,
-    type: error?.type ?? 'bad_request',
-    message: error?.message ?? 'The request is invalid or cannot be served',
-    context: error?.context,
-    stack: error?.stack
-})
-
-export const InternalServerError = (error?: Partial<RequestErrorContext>) => new RequestError({
-    logLevel: error?.logLevel ?? LogLevel.ERROR,
-    statusCode: error?.statusCode ?? 500,
-    type: error?.type ?? 'internal_server_error',
-    message: error?.message ?? 'The server encountered an error while processing the request',
-    context: error?.context,
-    stack: error?.stack
-})
-
-export const ServiceUnavailableError = (error?: Partial<RequestErrorContext>) => new RequestError({
-    logLevel: error?.logLevel ?? LogLevel.ERROR,
-    statusCode: error?.statusCode ?? 503,
-    type: error?.type ?? 'service_unavailable',
-    message: error?.message ?? 'The service is currently unavailable. Please try again later.',
-    context: error?.context,
-    stack: error?.stack
-})
-
-export const ValidationError = (error?: Partial<RequestErrorContext>) => new RequestError({
-    logLevel: error?.logLevel ?? LogLevel.ERROR,
-    statusCode: error?.statusCode ?? 400,
-    type: error?.type ?? 'validation_error',
-    message: error?.message ?? 'The request failed validation',
-    context: error?.context,
-    stack: error?.stack
-})
-
-//* ----->[INTEGRATION ERRORS]<-----
-export const IntegrationNotFoundError = (error?: Partial<RequestErrorContext>) => new RequestError({
-    logLevel: error?.logLevel ?? LogLevel.ERROR,
-    statusCode: error?.statusCode ?? 404,
-    type: error?.type ?? 'integration_not_found_error',
-    message: error?.message ?? 'The requested integration was not found',
-    context: error?.context,
-    stack: error?.stack
-})
-
-//* ----->[WORKSPACE ERRORS]<-----
-export const WorkspaceNotFoundError = (error?: Partial<RequestErrorContext>) => new RequestError({
-    logLevel: error?.logLevel ?? LogLevel.ERROR,
-    statusCode: error?.statusCode ?? 404,
-    type: error?.type ?? 'workspace_not_found_error',
-    message: error?.message ?? 'The requested workspace was not found',
-    context: error?.context,
-    stack: error?.stack
-})
-
-//* ----->[ORGANIZATION ERRORS]<-----
-export const OrganizationNotFoundError = (error?: Partial<RequestErrorContext>) => new RequestError({
-    logLevel: error?.logLevel ?? LogLevel.ERROR,
-    statusCode: error?.statusCode ?? 404,
-    type: error?.type ?? 'organization_not_found_error',
-    message: error?.message ?? 'The requested organization was not found',
-    context: error?.context,
-    stack: error?.stack
-})
-
-//* ----->[ACCOUNT ERRORS]<-----
-export const AccountNotFoundError = (error?: Partial<RequestErrorContext>) => new RequestError({
-    logLevel: error?.logLevel ?? LogLevel.ERROR,
-    statusCode: error?.statusCode ?? 404,
-    type: error?.type ?? 'account_not_found_error',
-    message: error?.message ?? 'The requested account was not found',
-    context: error?.context,
-    stack: error?.stack
-})
-
-//* ----->[MISC ERRORS]<-----

backend/src/utils/logger.ts

@@ -1,65 +0,0 @@
-/* eslint-disable no-console */
-import { createLogger, format, transports } from 'winston';
-import LokiTransport from 'winston-loki';
-import { LOKI_HOST, NODE_ENV } from '../config';
-
-const { combine, colorize, label, printf, splat, timestamp } = format;
-
-const logFormat = (prefix: string) => combine(
-  timestamp(),
-  splat(),
-  label({ label: prefix }),
-  printf((info) => `${info.timestamp} ${info.label} ${info.level}: ${info.message}`)
-);
-
-const createLoggerWithLabel = (level: string, label: string) => {
-  const _level = level.toLowerCase() || 'info'
-  //* Always add Console output to transports
-  const _transports: any[] = [
-    new transports.Console({
-      format: combine(
-        colorize(),
-        logFormat(label),
-        // format.json()
-      )
-    })
-  ]
-  //* Add LokiTransport if it's enabled
-  if(LOKI_HOST !== undefined){
-    _transports.push(
-      new LokiTransport({
-        host: LOKI_HOST,
-        handleExceptions: true,
-        handleRejections: true,
-        batching: true,
-        level: _level,
-        timeout: 30000,
-        format: format.combine(
-          format.json()
-        ),
-        labels: {app: process.env.npm_package_name, version: process.env.npm_package_version, environment: NODE_ENV},
-        onConnectionError: (err: Error)=> console.error('Connection error while connecting to Loki Server.\n', err)
-      })
-    )
-  }
-  
-  
-  return createLogger({
-    level: _level,
-    transports: _transports,
-    format: format.combine(
-      logFormat(label),
-      format.metadata({ fillExcept: ['message', 'level', 'timestamp', 'label'] })
-    )
-  });
-}
-
-const DEFAULT_LOGGERS = {
-  "backend-main": createLoggerWithLabel('info', '[IFSC:backend-main]'),
-  "database": createLoggerWithLabel('info', '[IFSC:database]'),
-}
-type LoggerNames = keyof typeof DEFAULT_LOGGERS
-
-export const getLogger = (loggerName: LoggerNames) => {
-  return DEFAULT_LOGGERS[loggerName]
-} 

backend/src/utils/patchAsyncRoutes.js

@@ -1,65 +0,0 @@
-/*
-Original work Copyright (c) 2016, Nikolay Nemshilov <nemshilov@gmail.com>
-Modified work Copyright (c) 2016, David Banham <david@banham.id.au>
-
-Permission to use, copy, modify, and/or distribute this software for any purpose
-with or without fee is hereby granted, provided that the above copyright notice
-and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
-OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
-TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
-THIS SOFTWARE.
-
-*/
-
-/* eslint-disable @typescript-eslint/no-var-requires */
-/* eslint-env node */
-const Layer = require('express/lib/router/layer');
-const Router = require('express/lib/router');
-
-const last = (arr = []) => arr[arr.length - 1];
-const noop = Function.prototype;
-
-function copyFnProps(oldFn, newFn) {
-  Object.keys(oldFn).forEach((key) => {
-    newFn[key] = oldFn[key];
-  });
-  return newFn;
-}
-
-function wrap(fn) {
-  const newFn = function newFn(...args) {
-    const ret = fn.apply(this, args);
-    const next = (args.length === 5 ? args[2] : last(args)) || noop;
-    if (ret && ret.catch) ret.catch(err => next(err));
-    return ret;
-  };
-  Object.defineProperty(newFn, 'length', {
-    value: fn.length,
-    writable: false,
-  });
-  return copyFnProps(fn, newFn);
-}
-
-export function patchRouterParam() {
-  const originalParam = Router.prototype.constructor.param;
-  Router.prototype.constructor.param = function param(name, fn) {
-    fn = wrap(fn);
-    return originalParam.call(this, name, fn);
-  };
-}
-
-Object.defineProperty(Layer.prototype, 'handle', {
-  enumerable: true,
-  get() {
-    return this.__handle;
-  },
-  set(fn) {
-    fn = wrap(fn);
-    this.__handle = fn;
-  },
-});

backend/src/utils/requestError.ts

@@ -1,113 +0,0 @@
-import { Request } from 'express'
-import { VERBOSE_ERROR_OUTPUT } from '../config'
-
-export enum LogLevel {
-    DEBUG = 100,
-    INFO = 200,
-    NOTICE = 250,
-    WARNING = 300,
-    ERROR = 400,
-    CRITICAL = 500,
-    ALERT = 550,
-    EMERGENCY = 600,
-}
-
-export type RequestErrorContext =  {
-	logLevel?: LogLevel,
-	statusCode: number,
-	type: string,
-	message: string,
-	context?: Record<string, unknown>,
-	stack?: string|undefined
-}
-
-export default class RequestError extends Error{
-
-    private _logLevel: LogLevel
-    private _logName: string
-    statusCode: number
-    type: string
-    context: Record<string, unknown>
-    extra: Record<string, string|number|symbol>[]
-    private stacktrace: string|undefined|string[]
-
-    constructor(
-        {logLevel, statusCode, type, message, context, stack} : RequestErrorContext
-        ){
-        super(message)
-        this._logLevel = logLevel || LogLevel.INFO
-        this._logName = LogLevel[this._logLevel]
-        this.statusCode = statusCode
-        this.type = type
-        this.context = context || {}
-        this.extra = []
-
-        if(stack) this.stack = stack
-        else Error.captureStackTrace(this, this.constructor)
-        this.stacktrace = this.stack?.split('\n')
-    }
-
-    static convertFrom(error: Error) {
-        //This error was not handled by error handler. Please report this incident to the staff.
-        return new RequestError({
-            logLevel: LogLevel.ERROR,
-            statusCode: 500,
-            type: 'internal_server_error',
-            message: 'This error was not handled by error handler. Please report this incident to the staff',
-            context: {
-                message: error.message,
-                name: error.name
-            },
-            stack: error.stack
-        })
-    }
-
-    get level(){ return this._logLevel }
-    get levelName(){ return this._logName }
-
-    withTags(...tags: string[]|number[]){
-        this.context['tags'] = Object.assign(tags, this.context['tags'])
-        return this
-    }
-
-    withExtras(...extras: Record<string, string|boolean|number>[]){
-        this.extra = Object.assign(extras, this.extra)
-        return this
-    }
-
-    private _omit(obj: any, keys: string[]): typeof obj{
-        const exclude = new Set(keys)
-        obj = Object.fromEntries(Object.entries(obj).filter(e => !exclude.has(e[0])))
-        return obj
-    }
-
-    public format(req: Request){
-        let _context = Object.assign({
-            stacktrace: this.stacktrace
-        }, this.context)
-
-        //* Omit sensitive information from context that can leak internal workings of this program if user is not developer
-        if(!VERBOSE_ERROR_OUTPUT){
-            _context = this._omit(_context, [
-                'stacktrace',
-                'exception',
-            ])
-        }
-
-        const formatObject = {
-            type: this.type,
-            message: this.message,
-            context: _context,
-            level: this.level,
-            level_name: this.levelName,
-            status_code: this.statusCode,
-            datetime_iso: new Date().toISOString(),
-            application: process.env.npm_package_name || 'unknown',
-            request_id: req.headers["Request-Id"],
-            extra: this.extra
-        }
-
-        return formatObject
-
-    }
-}

backend/src/variables.ts

@@ -0,0 +1,60 @@
+// membership roles
+const OWNER = 'owner';
+const ADMIN = 'admin';
+const MEMBER = 'member';
+
+// membership statuses
+const INVITED = 'invited';
+
+// -- organization
+const ACCEPTED = 'accepted';
+
+// -- workspace
+const COMPLETED = 'completed';
+const GRANTED = 'granted';
+
+// subscriptions
+const PLAN_STARTER = 'starter';
+const PLAN_PRO = 'pro';
+
+// secrets
+const SECRET_SHARED = 'shared';
+const SECRET_PERSONAL = 'personal';
+
+// environments
+const ENV_DEV = 'dev';
+const ENV_TESTING = 'test';
+const ENV_STAGING = 'staging';
+const ENV_PROD = 'prod';
+const ENV_SET = new Set([ENV_DEV, ENV_TESTING, ENV_STAGING, ENV_PROD]);
+
+// integrations
+const INTEGRATION_HEROKU = 'heroku';
+const INTEGRATION_NETLIFY = 'netlify';
+const INTEGRATION_SET = new Set([INTEGRATION_HEROKU, INTEGRATION_NETLIFY]);
+
+// integration types
+const INTEGRATION_OAUTH2 = 'oauth2';
+
+export {
+	OWNER,
+	ADMIN,
+	MEMBER,
+	INVITED,
+	ACCEPTED,
+	COMPLETED,
+	GRANTED,
+	PLAN_STARTER,
+	PLAN_PRO,
+	SECRET_SHARED,
+	SECRET_PERSONAL,
+	ENV_DEV,
+	ENV_TESTING,
+	ENV_STAGING,
+	ENV_PROD,
+	ENV_SET,
+	INTEGRATION_HEROKU,
+	INTEGRATION_NETLIFY,
+	INTEGRATION_SET,
+	INTEGRATION_OAUTH2
+};