Add deny api/get envs api

.env.example

@@ -64,7 +64,7 @@ POSTHOG_PROJECT_API_KEY=
 STRIPE_SECRET_KEY=
 STRIPE_PUBLISHABLE_KEY=
 STRIPE_WEBHOOK_SECRET=
-STRIPE_PRODUCT_STARTER=
-STRIPE_PRODUCT_TEAM=
+STRIPE_PRODUCT_CARD_AUTH=
 STRIPE_PRODUCT_PRO=
+STRIPE_PRODUCT_STARTER=
 NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=

.github/values.yaml

@@ -1,93 +1,36 @@
-#####
-# INFISICAL K8 DEFAULT VALUES FILE
-# PLEASE REPLACE VALUES/EDIT AS REQUIRED 
-#####
-
-nameOverride: ""
-
 frontend:
-  name: frontend
-  podAnnotations: {}
-  deploymentAnnotations:
-    secrets.infisical.com/auto-reload: "true"
-  replicaCount: 2
+  replicaCount: 1
   image:
-    repository: infisical/frontend
-    pullPolicy: Always 
+    repository: 
+    pullPolicy: Always
     tag: "latest"
   kubeSecretRef: managed-secret-frontend
-  service:
-    # type of the frontend service
-    type: ClusterIP
-    # define the nodePort if service type is NodePort
-    # nodePort: 
-    annotations: {}
 
 backend:
-  name: backend
-  podAnnotations: {}
-  deploymentAnnotations:
-    secrets.infisical.com/auto-reload: "true"
-  replicaCount: 2
+  replicaCount: 1
   image:
-    repository: infisical/backend
+    repository: 
     pullPolicy: Always
     tag: "latest"
   kubeSecretRef: managed-backend-secret
-  service:
-    annotations: {}
-
-mongodb:
-  name: mongodb
-  podAnnotations: {}
-  image:
-    repository: mongo
-    pullPolicy: IfNotPresent
-    tag: "latest"
-  service:
-    annotations: {}
-
-# By default the backend will be connected to a Mongo instance in the cluster.
-# However, it is recommended to add a managed document DB connection string because the DB instance in the cluster does not have persistence yet ( data will be deleted on next deploy).
-# Learn about connection string type here https://www.mongodb.com/docs/manual/reference/connection-string/
-mongodbConnection: {}
-  # externalMongoDBConnectionString: <>
 
 ingress:
   enabled: true
   annotations:
     kubernetes.io/ingress.class: "nginx"
-  hostName: gamma.infisical.com # replace with your domain 
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+  hostName: gamma.infisical.com
   frontend: 
     path: /
     pathType: Prefix
   backend:
     path: /api
     pathType: Prefix
-  tls: []
+  tls:
+    - secretName: echo-tls
+      hosts:
+        - gamma.infisical.com
 
+backendEnvironmentVariables:
 
-## Complete Ingress example 
-# ingress:
-#   enabled: true
-#   annotations:
-#     kubernetes.io/ingress.class: "nginx"
-#     cert-manager.io/issuer: letsencrypt-nginx
-#   hostName: k8.infisical.com
-#   frontend: 
-#     path: /
-#     pathType: Prefix
-#   backend:
-#     path: /api
-#     pathType: Prefix
-#   tls:
-#     - secretName: letsencrypt-nginx
-#       hosts:
-#         - k8.infisical.com
-
-###
-### YOU MUST FILL IN ALL SECRETS BELOW
-### 
-backendEnvironmentVariables: {}
-
-frontendEnvironmentVariables: {}
+frontendEnvironmentVariables:

.github/workflows/release_build.yml

@@ -19,7 +19,6 @@ jobs:
         with:
           fetch-depth: 0
       - run: git fetch --force --tags
-      - run: echo "Ref name ${{github.ref_name}}"
       - uses: actions/setup-go@v3
         with:
           go-version: '>=1.19.3'
@@ -34,11 +33,11 @@ jobs:
         run: |
           mkdir ../../osxcross
           git clone https://github.com/plentico/osxcross-target.git ../../osxcross/target
-      - uses: goreleaser/goreleaser-action@v4
+      - uses: goreleaser/goreleaser-action@v2
         with:
           distribution: goreleaser
           version: latest
-          args: release --clean
+          args: release --rm-dist
         env:
           GITHUB_TOKEN: ${{ secrets.GO_RELEASER_GITHUB_TOKEN }}
           FURY_TOKEN: ${{ secrets.FURYPUSHTOKEN }}

.goreleaser.yaml

@@ -14,9 +14,6 @@ before:
 builds:
   - id: darwin-build
     binary: infisical
-    ldflags: -X github.com/Infisical/infisical-merge/packages/util.CLI_VERSION={{ .Version }}
-    flags:
-      - -trimpath
     env:
       - CGO_ENABLED=1
       - CC=/home/runner/work/osxcross/target/bin/o64-clang
@@ -27,14 +24,10 @@ builds:
       - goos: darwin
         goarch: "386"
     dir: ./cli
-
   - id: all-other-builds
     env:
       - CGO_ENABLED=0
     binary: infisical
-    ldflags: -X github.com/Infisical/infisical-merge/packages/util.CLI_VERSION={{ .Version }}
-    flags:
-      - -trimpath
     goos:
       - freebsd
       - linux
@@ -72,10 +65,8 @@ release:
 
 checksum:
   name_template: 'checksums.txt'
-
 snapshot:
-  name_template: "{{ incpatch .Version }}-devel"
-
+  name_template: "{{ incpatch .Version }}"
 changelog:
   sort: asc
   filters:
@@ -89,7 +80,6 @@ changelog:
 #       - infisical
 #     dir: "{{ dir .ArtifactPath }}"
 #     cmd: curl -F package=@{{ .ArtifactName }} https://{{ .Env.FURY_TOKEN }}@push.fury.io/infisical/
-
 brews:
   - name: infisical
     tap:
@@ -101,13 +91,6 @@ brews:
     folder: Formula
     homepage: "https://infisical.com"
     description: "The official Infisical CLI"
-    install: |-
-      bin.install "infisical"
-      bash_completion.install "completions/infisical.bash" => "infisical"
-      zsh_completion.install "completions/infisical.zsh" => "_infisical"
-      fish_completion.install "completions/infisical.fish"
-      man1.install "manpages/infisical.1.gz"
-
 nfpms:
 - id: infisical
   package_name: infisical
@@ -133,7 +116,6 @@ nfpms:
       dst: /usr/share/zsh/site-functions/_infisical
     - src: ./manpages/infisical.1.gz
       dst: /usr/share/man/man1/infisical.1.gz
-
 scoop:
   bucket:
     owner: Infisical
@@ -144,7 +126,6 @@ scoop:
   homepage: "https://infisical.com"
   description: "The official Infisical CLI"
   license: MIT
-
 aurs:
   -
     name: infisical-bin

backend/environment.d.ts

@@ -3,10 +3,8 @@ export {};
 declare global {
   namespace NodeJS {
     interface ProcessEnv {
-      PORT: string;
       EMAIL_TOKEN_LIFETIME: string;
       ENCRYPTION_KEY: string;
-      SALT_ROUNDS: string;
       JWT_AUTH_LIFETIME: string;
       JWT_AUTH_SECRET: string;
       JWT_REFRESH_LIFETIME: string;
@@ -21,31 +19,23 @@ declare global {
       CLIENT_ID_HEROKU: string;
       CLIENT_ID_VERCEL: string;
       CLIENT_ID_NETLIFY: string;
-      CLIENT_ID_GITHUB: string;
       CLIENT_SECRET_HEROKU: string;
       CLIENT_SECRET_VERCEL: string;
       CLIENT_SECRET_NETLIFY: string;
-      CLIENT_SECRET_GITHUB: string;
-      CLIENT_SLUG_VERCEL: string;
 			POSTHOG_HOST: string;
 			POSTHOG_PROJECT_API_KEY: string;
       SENTRY_DSN: string;
       SITE_URL: string;
       SMTP_HOST: string;
-      SMTP_SECURE: string;
-      SMTP_PORT: string;
-      SMTP_USERNAME: string;
+      SMTP_NAME: string;
       SMTP_PASSWORD: string;
-      SMTP_FROM_ADDRESS: string;
-      SMTP_FROM_NAME: string;
-      STRIPE_PRODUCT_STARTER: string;
-      STRIPE_PRODUCT_TEAM: string;
+      SMTP_USERNAME: string;
+      STRIPE_PRODUCT_CARD_AUTH: string;
       STRIPE_PRODUCT_PRO: string;
+      STRIPE_PRODUCT_STARTER: string;
       STRIPE_PUBLISHABLE_KEY: string;
       STRIPE_SECRET_KEY: string;
       STRIPE_WEBHOOK_SECRET: string;
-      TELEMETRY_ENABLED: string;
-      LICENSE_KEY: string;
     }
   }
 }

backend/package-lock.json

@@ -10,13 +10,13 @@
       "license": "ISC",
       "dependencies": {
         "@godaddy/terminus": "^4.11.2",
-        "@sentry/node": "^7.21.1",
         "@octokit/rest": "^19.0.5",
-        "@sentry/tracing": "^7.21.1",
+        "@sentry/node": "^7.14.0",
+        "@sentry/tracing": "^7.19.0",
         "@types/crypto-js": "^4.1.1",
-        "axios": "^1.2.0",
         "@types/libsodium-wrappers": "^0.7.10",
         "await-to-js": "^3.0.0",
+        "axios": "^1.1.3",
         "bcrypt": "^5.1.0",
         "bigint-conversion": "^2.2.2",
         "builder-pattern": "^2.2.0",
@@ -32,9 +32,9 @@
         "js-yaml": "^4.1.0",
         "jsonwebtoken": "^9.0.0",
         "jsrp": "^0.2.4",
-        "mongoose": "^6.7.3",
         "libsodium-wrappers": "^0.7.10",
         "lodash": "^4.17.21",
+        "mongoose": "^6.7.2",
         "nodemailer": "^6.8.0",
         "posthog-node": "^2.2.2",
         "query-string": "^7.1.3",
@@ -2838,19 +2838,6 @@
         "@maxmind/geoip2-node": "^3.4.0"
       }
     },
-    "node_modules/@sentry/core": {
-      "version": "7.21.1",
-      "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.21.1.tgz",
-      "integrity": "sha512-Og5wEEsy24fNvT/T7IKjcV4EvVK5ryY2kxbJzKY6GU2eX+i+aBl+n/vp7U0Es351C/AlTkS+0NOUsp2TQQFxZA==",
-      "dependencies": {
-        "@sentry/types": "7.21.1",
-        "@sentry/utils": "7.21.1",
-        "tslib": "^1.9.3"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/@protobufjs/aspromise": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/@protobufjs/aspromise/-/aspromise-1.1.2.tgz",
@@ -2927,25 +2914,28 @@
       "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.19.0.tgz",
       "integrity": "sha512-YF9cTBcAnO4R44092BJi5Wa2/EO02xn2ziCtmNgAVTN2LD31a/YVGxGBt/FDr4Y6yeuVehaqijVVvtpSmXrGJw==",
       "dependencies": {
-        "@sentry/types": "7.21.1",
-        "@sentry/utils": "7.21.1",
+        "@sentry/types": "7.19.0",
+        "@sentry/utils": "7.19.0",
         "tslib": "^1.9.3"
       },
       "engines": {
         "node": ">=8"
       }
     },
-    "node_modules/@sentry/node": {
-      "version": "7.21.1",
-      "resolved": "https://registry.npmjs.org/@sentry/node/-/node-7.21.1.tgz",
-      "integrity": "sha512-B+p1nQHaFWdCCRVmvqlr/+vdQCI3mGLObucNfK2YC22IQZg7+3u6tEbxJ7umITIjeSSKgf7ZoZwCxL9VfkrNXg==",
+    "node_modules/@sentry/node/node_modules/@sentry/types": {
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.19.0.tgz",
+      "integrity": "sha512-oGRAT6lfzoKrxO1mvxiSj0XHxWPd6Gd1wpPGuu6iJo03xgWDS+MIlD1h2unqL4N5fAzLjzmbC2D2lUw50Kn2pA==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@sentry/node/node_modules/@sentry/utils": {
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.19.0.tgz",
+      "integrity": "sha512-2L6lq+c9Ol2uiRxQDdcgoapmHJp24MhMN0gIkn2alSfMJ+ls6bGXzQHx6JAIdoOiwFQXRZHKL9ecfAc8O+vItA==",
       "dependencies": {
-        "@sentry/core": "7.21.1",
-        "@sentry/types": "7.21.1",
-        "@sentry/utils": "7.21.1",
-        "cookie": "^0.4.1",
-        "https-proxy-agent": "^5.0.0",
-        "lru_map": "^0.3.3",
+        "@sentry/types": "7.19.0",
         "tslib": "^1.9.3"
       },
       "engines": {
@@ -2953,53 +2943,46 @@
       }
     },
     "node_modules/@sentry/tracing": {
-      "version": "7.21.1",
-      "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.21.1.tgz",
-      "integrity": "sha512-b1BTPsRaNQpohzegoz59KGuBl+To651vEq0vMS4tCzSyIdxkYso3JCrjDdEqW/2MliQYANNVrUai2bmwmU9h1g==",
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.19.0.tgz",
+      "integrity": "sha512-SWY17M3TsgBePaGowUcSqBwaT0TJQzuNexVnLojuU0k6F57L9hubvP9zaoosoCfARXQ/3NypAFWnlJyf570rFQ==",
       "dependencies": {
-        "@sentry/core": "7.21.1",
-        "@sentry/types": "7.21.1",
-        "@sentry/utils": "7.21.1",
+        "@sentry/core": "7.19.0",
+        "@sentry/types": "7.19.0",
+        "@sentry/utils": "7.19.0",
         "tslib": "^1.9.3"
       },
       "engines": {
         "node": ">=8"
       }
     },
-    "node_modules/@sentry/types": {
-      "version": "7.21.1",
-      "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.21.1.tgz",
-      "integrity": "sha512-3/IKnd52Ol21amQvI+kz+WB76s8/LR5YvFJzMgIoI2S8d82smIr253zGijRXxHPEif8kMLX4Yt+36VzrLxg6+A==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/@sentry/utils": {
-      "version": "7.21.1",
-      "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.21.1.tgz",
-      "integrity": "sha512-F0W0AAi8tgtTx6ApZRI2S9HbXEA9ENX1phTZgdNNWcMFm1BNbc21XEwLqwXBNjub5nlA6CE8xnjXRgdZKx4kzQ==",
+    "node_modules/@sentry/tracing/node_modules/@sentry/core": {
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.19.0.tgz",
+      "integrity": "sha512-YF9cTBcAnO4R44092BJi5Wa2/EO02xn2ziCtmNgAVTN2LD31a/YVGxGBt/FDr4Y6yeuVehaqijVVvtpSmXrGJw==",
       "dependencies": {
-        "@sentry/types": "7.21.1",
+        "@sentry/types": "7.19.0",
+        "@sentry/utils": "7.19.0",
         "tslib": "^1.9.3"
       },
       "engines": {
         "node": ">=8"
       }
     },
-    "node_modules/@sentry/types": {
-      "version": "7.21.1",
-      "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.21.1.tgz",
-      "integrity": "sha512-3/IKnd52Ol21amQvI+kz+WB76s8/LR5YvFJzMgIoI2S8d82smIr253zGijRXxHPEif8kMLX4Yt+36VzrLxg6+A==",
+    "node_modules/@sentry/tracing/node_modules/@sentry/types": {
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.19.0.tgz",
+      "integrity": "sha512-oGRAT6lfzoKrxO1mvxiSj0XHxWPd6Gd1wpPGuu6iJo03xgWDS+MIlD1h2unqL4N5fAzLjzmbC2D2lUw50Kn2pA==",
       "engines": {
         "node": ">=8"
       }
     },
-    "node_modules/@sentry/utils": {
-      "version": "7.21.1",
-      "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.21.1.tgz",
-      "integrity": "sha512-F0W0AAi8tgtTx6ApZRI2S9HbXEA9ENX1phTZgdNNWcMFm1BNbc21XEwLqwXBNjub5nlA6CE8xnjXRgdZKx4kzQ==",
+    "node_modules/@sentry/tracing/node_modules/@sentry/utils": {
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.19.0.tgz",
+      "integrity": "sha512-2L6lq+c9Ol2uiRxQDdcgoapmHJp24MhMN0gIkn2alSfMJ+ls6bGXzQHx6JAIdoOiwFQXRZHKL9ecfAc8O+vItA==",
       "dependencies": {
-        "@sentry/types": "7.21.1",
+        "@sentry/types": "7.19.0",
         "tslib": "^1.9.3"
       },
       "engines": {
@@ -3784,9 +3767,9 @@
       }
     },
     "node_modules/axios": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.2.0.tgz",
-      "integrity": "sha512-zT7wZyNYu3N5Bu0wuZ6QccIf93Qk1eV8LOewxgjOZFd2DenOs98cJ7+Y6703d0wkaXGY6/nZd4EweJaHz9uzQw==",
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.1.3.tgz",
+      "integrity": "sha512-00tXVRwKx/FZr/IDVFt4C+f9FYairX517WoGCL6dpOntqLkZofjhu43F/Xl44UOpqa+9sLFDrG/XAnFsUYgkDA==",
       "dependencies": {
         "follow-redirects": "^1.15.0",
         "form-data": "^4.0.0",
@@ -4465,9 +4448,9 @@
       "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ=="
     },
     "node_modules/cookiejar": {
-      "version": "2.1.4",
-      "resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.1.4.tgz",
-      "integrity": "sha512-LDx6oHrK+PhzLKJU9j5S7/Y3jM/mUHvD/DeI1WQmJn652iPC5Y4TBzC9l+5OMOXlyTTA+SmVUPm0HQUwpD5Jqw==",
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.1.3.tgz",
+      "integrity": "sha512-JxbCBUdrfr6AQjOXrxoTvAMJO4HBTUIlBzslcJPAz+/KT8yk53fXun51u+RenNYvad/+Vc2DIz5o9UxlCDymFQ==",
       "dev": true
     },
     "node_modules/core-util-is": {
@@ -7182,9 +7165,9 @@
       }
     },
     "node_modules/mongoose": {
-      "version": "6.7.3",
-      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-6.7.3.tgz",
-      "integrity": "sha512-bLC2Pt6Vpoov+1kBYvQgJXG/2DWXbfIvfK4Gh68kCdYGh6CVO31YxYuIGz70hyGwX2g4DmSzbs5IA8Px2neMCQ==",
+      "version": "6.7.2",
+      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-6.7.2.tgz",
+      "integrity": "sha512-lrP2V5U1qhaf+z33fiIn7aYAZZ1fVDly+TkFRjTujNBF/FIHESATj2RbgAOSlWqv32fsZXkXejXzeVfjbv35Ow==",
       "dependencies": {
         "bson": "^4.7.0",
         "kareem": "2.4.1",
@@ -14306,16 +14289,6 @@
         "@maxmind/geoip2-node": "^3.4.0"
       }
     },
-    "@sentry/core": {
-      "version": "7.21.1",
-      "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.21.1.tgz",
-      "integrity": "sha512-Og5wEEsy24fNvT/T7IKjcV4EvVK5ryY2kxbJzKY6GU2eX+i+aBl+n/vp7U0Es351C/AlTkS+0NOUsp2TQQFxZA==",
-      "requires": {
-        "@sentry/types": "7.21.1",
-        "@sentry/utils": "7.21.1",
-        "tslib": "^1.9.3"
-      }
-    },
     "@protobufjs/aspromise": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/@protobufjs/aspromise/-/aspromise-1.1.2.tgz",
@@ -14371,56 +14344,80 @@
       "integrity": "sha512-Vvn3zZrhQZkkBE8LSuW3em98c0FwgO4nxzv6OdSxPKJIEKY2bGbHn+mhGIPerzI4twdxaP8/0+06HBpwf345Lw=="
     },
     "@sentry/node": {
-      "version": "7.21.1",
-      "resolved": "https://registry.npmjs.org/@sentry/node/-/node-7.21.1.tgz",
-      "integrity": "sha512-B+p1nQHaFWdCCRVmvqlr/+vdQCI3mGLObucNfK2YC22IQZg7+3u6tEbxJ7umITIjeSSKgf7ZoZwCxL9VfkrNXg==",
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/node/-/node-7.19.0.tgz",
+      "integrity": "sha512-yG7Tx32WqOkEHVotFLrumCcT9qlaSDTkFNZ+yLSvZXx74ifsE781DzBA9W7K7bBdYO3op+p2YdsOKzf3nPpAyQ==",
       "requires": {
-        "@sentry/core": "7.21.1",
-        "@sentry/types": "7.21.1",
-        "@sentry/utils": "7.21.1",
+        "@sentry/core": "7.19.0",
+        "@sentry/types": "7.19.0",
+        "@sentry/utils": "7.19.0",
         "cookie": "^0.4.1",
         "https-proxy-agent": "^5.0.0",
         "lru_map": "^0.3.3",
         "tslib": "^1.9.3"
+      },
+      "dependencies": {
+        "@sentry/core": {
+          "version": "7.19.0",
+          "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.19.0.tgz",
+          "integrity": "sha512-YF9cTBcAnO4R44092BJi5Wa2/EO02xn2ziCtmNgAVTN2LD31a/YVGxGBt/FDr4Y6yeuVehaqijVVvtpSmXrGJw==",
+          "requires": {
+            "@sentry/types": "7.19.0",
+            "@sentry/utils": "7.19.0",
+            "tslib": "^1.9.3"
+          }
+        },
+        "@sentry/types": {
+          "version": "7.19.0",
+          "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.19.0.tgz",
+          "integrity": "sha512-oGRAT6lfzoKrxO1mvxiSj0XHxWPd6Gd1wpPGuu6iJo03xgWDS+MIlD1h2unqL4N5fAzLjzmbC2D2lUw50Kn2pA=="
+        },
+        "@sentry/utils": {
+          "version": "7.19.0",
+          "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.19.0.tgz",
+          "integrity": "sha512-2L6lq+c9Ol2uiRxQDdcgoapmHJp24MhMN0gIkn2alSfMJ+ls6bGXzQHx6JAIdoOiwFQXRZHKL9ecfAc8O+vItA==",
+          "requires": {
+            "@sentry/types": "7.19.0",
+            "tslib": "^1.9.3"
+          }
+        }
       }
     },
     "@sentry/tracing": {
-      "version": "7.21.1",
-      "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.21.1.tgz",
-      "integrity": "sha512-b1BTPsRaNQpohzegoz59KGuBl+To651vEq0vMS4tCzSyIdxkYso3JCrjDdEqW/2MliQYANNVrUai2bmwmU9h1g==",
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.19.0.tgz",
+      "integrity": "sha512-SWY17M3TsgBePaGowUcSqBwaT0TJQzuNexVnLojuU0k6F57L9hubvP9zaoosoCfARXQ/3NypAFWnlJyf570rFQ==",
       "requires": {
-        "@sentry/core": "7.21.1",
-        "@sentry/types": "7.21.1",
-        "@sentry/utils": "7.21.1",
-        "tslib": "^1.9.3"
-      }
-    },
-    "@sentry/types": {
-      "version": "7.21.1",
-      "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.21.1.tgz",
-      "integrity": "sha512-3/IKnd52Ol21amQvI+kz+WB76s8/LR5YvFJzMgIoI2S8d82smIr253zGijRXxHPEif8kMLX4Yt+36VzrLxg6+A=="
-    },
-    "@sentry/utils": {
-      "version": "7.21.1",
-      "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.21.1.tgz",
-      "integrity": "sha512-F0W0AAi8tgtTx6ApZRI2S9HbXEA9ENX1phTZgdNNWcMFm1BNbc21XEwLqwXBNjub5nlA6CE8xnjXRgdZKx4kzQ==",
-      "requires": {
-        "@sentry/types": "7.21.1",
-        "tslib": "^1.9.3"
-      }
-    },
-    "@sentry/types": {
-      "version": "7.21.1",
-      "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.21.1.tgz",
-      "integrity": "sha512-3/IKnd52Ol21amQvI+kz+WB76s8/LR5YvFJzMgIoI2S8d82smIr253zGijRXxHPEif8kMLX4Yt+36VzrLxg6+A=="
-    },
-    "@sentry/utils": {
-      "version": "7.21.1",
-      "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.21.1.tgz",
-      "integrity": "sha512-F0W0AAi8tgtTx6ApZRI2S9HbXEA9ENX1phTZgdNNWcMFm1BNbc21XEwLqwXBNjub5nlA6CE8xnjXRgdZKx4kzQ==",
-      "requires": {
-        "@sentry/types": "7.21.1",
+        "@sentry/core": "7.19.0",
+        "@sentry/types": "7.19.0",
+        "@sentry/utils": "7.19.0",
         "tslib": "^1.9.3"
+      },
+      "dependencies": {
+        "@sentry/core": {
+          "version": "7.19.0",
+          "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.19.0.tgz",
+          "integrity": "sha512-YF9cTBcAnO4R44092BJi5Wa2/EO02xn2ziCtmNgAVTN2LD31a/YVGxGBt/FDr4Y6yeuVehaqijVVvtpSmXrGJw==",
+          "requires": {
+            "@sentry/types": "7.19.0",
+            "@sentry/utils": "7.19.0",
+            "tslib": "^1.9.3"
+          }
+        },
+        "@sentry/types": {
+          "version": "7.19.0",
+          "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.19.0.tgz",
+          "integrity": "sha512-oGRAT6lfzoKrxO1mvxiSj0XHxWPd6Gd1wpPGuu6iJo03xgWDS+MIlD1h2unqL4N5fAzLjzmbC2D2lUw50Kn2pA=="
+        },
+        "@sentry/utils": {
+          "version": "7.19.0",
+          "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.19.0.tgz",
+          "integrity": "sha512-2L6lq+c9Ol2uiRxQDdcgoapmHJp24MhMN0gIkn2alSfMJ+ls6bGXzQHx6JAIdoOiwFQXRZHKL9ecfAc8O+vItA==",
+          "requires": {
+            "@sentry/types": "7.19.0",
+            "tslib": "^1.9.3"
+          }
+        }
       }
     },
     "@sinclair/typebox": {
@@ -15054,9 +15051,9 @@
       "integrity": "sha512-zJAaP9zxTcvTHRlejau3ZOY4V7SRpiByf3/dxx2uyKxxor19tpmpV2QRsTKikckwhaPmr2dVpxxMr7jOCYVp5g=="
     },
     "axios": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.2.0.tgz",
-      "integrity": "sha512-zT7wZyNYu3N5Bu0wuZ6QccIf93Qk1eV8LOewxgjOZFd2DenOs98cJ7+Y6703d0wkaXGY6/nZd4EweJaHz9uzQw==",
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.1.3.tgz",
+      "integrity": "sha512-00tXVRwKx/FZr/IDVFt4C+f9FYairX517WoGCL6dpOntqLkZofjhu43F/Xl44UOpqa+9sLFDrG/XAnFsUYgkDA==",
       "requires": {
         "follow-redirects": "^1.15.0",
         "form-data": "^4.0.0",
@@ -15564,9 +15561,9 @@
       "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ=="
     },
     "cookiejar": {
-      "version": "2.1.4",
-      "resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.1.4.tgz",
-      "integrity": "sha512-LDx6oHrK+PhzLKJU9j5S7/Y3jM/mUHvD/DeI1WQmJn652iPC5Y4TBzC9l+5OMOXlyTTA+SmVUPm0HQUwpD5Jqw==",
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.1.3.tgz",
+      "integrity": "sha512-JxbCBUdrfr6AQjOXrxoTvAMJO4HBTUIlBzslcJPAz+/KT8yk53fXun51u+RenNYvad/+Vc2DIz5o9UxlCDymFQ==",
       "dev": true
     },
     "core-util-is": {
@@ -17629,9 +17626,9 @@
       }
     },
     "mongoose": {
-      "version": "6.7.3",
-      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-6.7.3.tgz",
-      "integrity": "sha512-bLC2Pt6Vpoov+1kBYvQgJXG/2DWXbfIvfK4Gh68kCdYGh6CVO31YxYuIGz70hyGwX2g4DmSzbs5IA8Px2neMCQ==",
+      "version": "6.7.2",
+      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-6.7.2.tgz",
+      "integrity": "sha512-lrP2V5U1qhaf+z33fiIn7aYAZZ1fVDly+TkFRjTujNBF/FIHESATj2RbgAOSlWqv32fsZXkXejXzeVfjbv35Ow==",
       "requires": {
         "bson": "^4.7.0",
         "kareem": "2.4.1",

backend/package.json

@@ -1,32 +1,4 @@
 {
-  "dependencies": {
-    "@godaddy/terminus": "^4.11.2",
-    "@sentry/node": "^7.21.1",
-    "@sentry/tracing": "^7.21.1",
-    "@types/crypto-js": "^4.1.1",
-    "axios": "^1.2.0",
-    "bigint-conversion": "^2.2.2",
-    "cookie-parser": "^1.4.6",
-    "cors": "^2.8.5",
-    "crypto-js": "^4.1.1",
-    "dotenv": "^16.0.1",
-    "express": "^4.18.1",
-    "express-rate-limit": "^6.7.0",
-    "express-validator": "^6.14.2",
-    "handlebars": "^4.7.7",
-    "helmet": "^5.1.1",
-    "jsonwebtoken": "^8.5.1",
-    "jsrp": "^0.2.4",
-    "mongoose": "^6.7.3",
-    "nodemailer": "^6.8.0",
-    "posthog-node": "^2.1.0",
-    "query-string": "^7.1.3",
-    "rimraf": "^3.0.2",
-    "stripe": "^10.7.0",
-    "tweetnacl": "^1.0.3",
-    "tweetnacl-util": "^0.15.1",
-    "typescript": "^4.9.3"
-  },
   "name": "infisical-api",
   "version": "1.0.0",
   "main": "src/index.js",

backend/src/config/index.ts

@@ -13,11 +13,11 @@ const MONGO_URL = process.env.MONGO_URL!;
 const NODE_ENV = process.env.NODE_ENV! || 'production';
 const VERBOSE_ERROR_OUTPUT = process.env.VERBOSE_ERROR_OUTPUT! === 'true' && true;
 const LOKI_HOST = process.env.LOKI_HOST || undefined;
+const CLIENT_SECRET_HEROKU = process.env.CLIENT_SECRET_HEROKU!;
 const CLIENT_ID_HEROKU = process.env.CLIENT_ID_HEROKU!;
 const CLIENT_ID_VERCEL = process.env.CLIENT_ID_VERCEL!;
 const CLIENT_ID_NETLIFY = process.env.CLIENT_ID_NETLIFY!;
 const CLIENT_ID_GITHUB = process.env.CLIENT_ID_GITHUB!;
-const CLIENT_SECRET_HEROKU = process.env.CLIENT_SECRET_HEROKU!;
 const CLIENT_SECRET_VERCEL = process.env.CLIENT_SECRET_VERCEL!;
 const CLIENT_SECRET_NETLIFY = process.env.CLIENT_SECRET_NETLIFY!;
 const CLIENT_SECRET_GITHUB = process.env.CLIENT_SECRET_GITHUB!;
@@ -35,9 +35,9 @@ const SMTP_USERNAME = process.env.SMTP_USERNAME!;
 const SMTP_PASSWORD = process.env.SMTP_PASSWORD!;
 const SMTP_FROM_ADDRESS = process.env.SMTP_FROM_ADDRESS!;
 const SMTP_FROM_NAME = process.env.SMTP_FROM_NAME! || 'Infisical';
-const STRIPE_PRODUCT_STARTER = process.env.STRIPE_PRODUCT_STARTER!;
+const STRIPE_PRODUCT_CARD_AUTH = process.env.STRIPE_PRODUCT_CARD_AUTH!;
 const STRIPE_PRODUCT_PRO = process.env.STRIPE_PRODUCT_PRO!;
-const STRIPE_PRODUCT_TEAM = process.env.STRIPE_PRODUCT_TEAM!;
+const STRIPE_PRODUCT_STARTER = process.env.STRIPE_PRODUCT_STARTER!;
 const STRIPE_PUBLISHABLE_KEY = process.env.STRIPE_PUBLISHABLE_KEY!;
 const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY!;
 const STRIPE_WEBHOOK_SECRET = process.env.STRIPE_WEBHOOK_SECRET!;
@@ -80,9 +80,9 @@ export {
   SMTP_PASSWORD,
   SMTP_FROM_ADDRESS,
   SMTP_FROM_NAME,
-  STRIPE_PRODUCT_STARTER,
-  STRIPE_PRODUCT_TEAM,
+  STRIPE_PRODUCT_CARD_AUTH,
   STRIPE_PRODUCT_PRO,
+  STRIPE_PRODUCT_STARTER,
   STRIPE_PUBLISHABLE_KEY,
   STRIPE_SECRET_KEY,
   STRIPE_WEBHOOK_SECRET,

backend/src/controllers/v1/authController.ts

@@ -4,21 +4,14 @@ import jwt from 'jsonwebtoken';
 import * as Sentry from '@sentry/node';
 import * as bigintConversion from 'bigint-conversion';
 const jsrp = require('jsrp');
-import { User, LoginSRPDetail } from '../../models';
+import { User } from '../../models';
 import { createToken, issueTokens, clearTokens } from '../../helpers/auth';
-import {
-  ACTION_LOGIN,
-  ACTION_LOGOUT
-} from '../../variables';
 import {
   NODE_ENV,
   JWT_AUTH_LIFETIME,
   JWT_AUTH_SECRET,
   JWT_REFRESH_SECRET
 } from '../../config';
-import { BadRequestError } from '../../utils/errors';
-import { EELogService } from '../../ee/services';
-import { getChannelFromUserAgent } from '../../utils/posthog'; // TODO: move this
 
 declare module 'jsonwebtoken' {
   export interface UserIDJwtPayload extends jwt.JwtPayload {
@@ -26,6 +19,8 @@ declare module 'jsonwebtoken' {
   }
 }
 
+const clientPublicKeys: any = {};
+
 /**
  * Log in user step 1: Return [salt] and [serverPublicKey] as part of step 1 of SRP protocol
  * @param req
@@ -51,15 +46,13 @@ export const login1 = async (req: Request, res: Response) => {
         salt: user.salt,
         verifier: user.verifier
       },
-      async () => {
+      () => {
         // generate server-side public key
         const serverPublicKey = server.getPublicKey();
-
-        await LoginSRPDetail.findOneAndReplace({ email: email }, {
-          email: email,
-          clientPublicKey: clientPublicKey,
-          serverBInt: bigintConversion.bigintToBuf(server.bInt),
-        }, { upsert: true, returnNewDocument: false })
+        clientPublicKeys[email] = {
+          clientPublicKey,
+          serverBInt: bigintConversion.bigintToBuf(server.bInt)
+        };
 
         return res.status(200).send({
           serverPublicKey,
@@ -92,21 +85,15 @@ export const login2 = async (req: Request, res: Response) => {
 
     if (!user) throw new Error('Failed to find user');
 
-    const loginSRPDetailFromDB = await LoginSRPDetail.findOneAndDelete({ email: email })
-
-    if (!loginSRPDetailFromDB) {
-      return BadRequestError(Error("It looks like some details from the first login are not found. Please try login one again"))
-    }
-
     const server = new jsrp.server();
     server.init(
       {
         salt: user.salt,
         verifier: user.verifier,
-        b: loginSRPDetailFromDB.serverBInt
+        b: clientPublicKeys[email].serverBInt
       },
       async () => {
-        server.setClientPublicKey(loginSRPDetailFromDB.clientPublicKey);
+        server.setClientPublicKey(clientPublicKeys[email].clientPublicKey);
 
         // compare server and client shared keys
         if (server.checkClientProof(clientProof)) {
@@ -121,18 +108,6 @@ export const login2 = async (req: Request, res: Response) => {
             secure: NODE_ENV === 'production' ? true : false
           });
 
-          const loginAction = await EELogService.createAction({
-            name: ACTION_LOGIN,
-            userId: user._id
-          });
-          
-          loginAction && await EELogService.createLog({
-            userId: user._id,
-            actions: [loginAction],
-            channel: getChannelFromUserAgent(req.headers['user-agent']),
-            ipAddress: req.ip
-          });
-          
           // return (access) token in response
           return res.status(200).send({
             token: tokens.token,
@@ -176,19 +151,6 @@ export const logout = async (req: Request, res: Response) => {
       sameSite: 'strict',
       secure: NODE_ENV === 'production' ? true : false
     });
-
-    const logoutAction = await EELogService.createAction({
-      name: ACTION_LOGOUT,
-      userId: req.user._id
-    });
-    
-    logoutAction && await EELogService.createLog({
-      userId: req.user._id,
-      actions: [logoutAction],
-      channel: getChannelFromUserAgent(req.headers['user-agent']),
-      ipAddress: req.ip
-    });
-
   } catch (err) {
     Sentry.setUser({ email: req.user.email });
     Sentry.captureException(err);

backend/src/controllers/v1/membershipOrgController.ts

@@ -77,6 +77,8 @@ export const changeMembershipOrgRole = async (req: Request, res: Response) => {
 	// change role for (target) organization membership with id
 	// [membershipOrgId]
 
+	// TODO
+
 	let membershipToChangeRole;
 	// try {
 	// } catch (err) {

backend/src/controllers/v1/organizationController.ts

@@ -2,7 +2,10 @@ import { Request, Response } from 'express';
 import * as Sentry from '@sentry/node';
 import {
 	SITE_URL,
-	STRIPE_SECRET_KEY
+	STRIPE_SECRET_KEY,
+	STRIPE_PRODUCT_STARTER,
+	STRIPE_PRODUCT_PRO,
+	STRIPE_PRODUCT_CARD_AUTH
 } from '../../config';
 import Stripe from 'stripe';
 
@@ -20,6 +23,12 @@ import { createOrganization as create } from '../../helpers/organization';
 import { addMembershipsOrg } from '../../helpers/membershipOrg';
 import { OWNER, ACCEPTED } from '../../variables';
 
+const productToPriceMap = {
+	starter: STRIPE_PRODUCT_STARTER,
+	pro: STRIPE_PRODUCT_PRO,
+	cardAuth: STRIPE_PRODUCT_CARD_AUTH
+};
+
 export const getOrganizations = async (req: Request, res: Response) => {
 	let organizations;
 	try {
@@ -331,6 +340,7 @@ export const createOrganizationPortalSession = async (
 
 		if (paymentMethods.data.length < 1) {
 			// case: no payment method on file
+			productToPriceMap['cardAuth'];
 			session = await stripe.checkout.sessions.create({
 				customer: req.membershipOrg.organization.customerId,
 				mode: 'setup',

backend/src/controllers/v1/passwordController.ts

@@ -4,12 +4,13 @@ import crypto from 'crypto';
 // eslint-disable-next-line @typescript-eslint/no-var-requires
 const jsrp = require('jsrp');
 import * as bigintConversion from 'bigint-conversion';
-import { User, Token, BackupPrivateKey, LoginSRPDetail } from '../../models';
+import { User, Token, BackupPrivateKey } from '../../models';
 import { checkEmailVerification } from '../../helpers/signup';
 import { createToken } from '../../helpers/auth';
 import { sendMail } from '../../helpers/nodemailer';
 import { JWT_SIGNUP_LIFETIME, JWT_SIGNUP_SECRET, SITE_URL } from '../../config';
-import { BadRequestError } from '../../utils/errors';
+
+const clientPublicKeys: any = {};
 
 /**
  * Password reset step 1: Send email verification link to email [email] 
@@ -31,7 +32,7 @@ export const emailPasswordReset = async (req: Request, res: Response) => {
 				error: 'Failed to send email verification for password reset'
 			});
 		}
-
+		
 		const token = crypto.randomBytes(16).toString('hex');
 
 		await Token.findOneAndUpdate(
@@ -43,7 +44,7 @@ export const emailPasswordReset = async (req: Request, res: Response) => {
 			},
 			{ upsert: true, new: true }
 		);
-
+		
 		await sendMail({
 			template: 'passwordReset.handlebars',
 			subjectLine: 'Infisical password reset',
@@ -54,15 +55,15 @@ export const emailPasswordReset = async (req: Request, res: Response) => {
 				callback_url: SITE_URL + '/password-reset'
 			}
 		});
-
+		
 	} catch (err) {
 		Sentry.setUser(null);
 		Sentry.captureException(err);
 		return res.status(400).send({
 			message: 'Failed to send email for account recovery'
-		});
+		});	
 	}
-
+	
 	return res.status(200).send({
 		message: `Sent an email for account recovery to ${email}`
 	});
@@ -78,7 +79,7 @@ export const emailPasswordResetVerify = async (req: Request, res: Response) => {
 	let user, token;
 	try {
 		const { email, code } = req.body;
-
+		
 		user = await User.findOne({ email }).select('+publicKey');
 		if (!user || !user?.publicKey) {
 			// case: user doesn't exist with email [email] or 
@@ -92,7 +93,7 @@ export const emailPasswordResetVerify = async (req: Request, res: Response) => {
 			email,
 			code
 		});
-
+		
 		// generate temporary password-reset token
 		token = createToken({
 			payload: {
@@ -106,7 +107,7 @@ export const emailPasswordResetVerify = async (req: Request, res: Response) => {
 		Sentry.captureException(err);
 		return res.status(400).send({
 			message: 'Failed email verification for password reset'
-		});
+		});	
 	}
 
 	return res.status(200).send({
@@ -129,7 +130,7 @@ export const srp1 = async (req: Request, res: Response) => {
 		const user = await User.findOne({
 			email: req.user.email
 		}).select('+salt +verifier');
-
+		
 		if (!user) throw new Error('Failed to find user');
 
 		const server = new jsrp.server();
@@ -138,15 +139,13 @@ export const srp1 = async (req: Request, res: Response) => {
 				salt: user.salt,
 				verifier: user.verifier
 			},
-			async () => {
+			() => {
 				// generate server-side public key
 				const serverPublicKey = server.getPublicKey();
-
-				await LoginSRPDetail.findOneAndReplace({ email: req.user.email }, {
-					email: req.user.email,
-					clientPublicKey: clientPublicKey,
-					serverBInt: bigintConversion.bigintToBuf(server.bInt),
-				}, { upsert: true, returnNewDocument: false })
+				clientPublicKeys[req.user.email] = {
+					clientPublicKey,
+					serverBInt: bigintConversion.bigintToBuf(server.bInt)
+				};
 
 				return res.status(200).send({
 					serverPublicKey,
@@ -181,21 +180,17 @@ export const changePassword = async (req: Request, res: Response) => {
 
 		if (!user) throw new Error('Failed to find user');
 
-		const loginSRPDetailFromDB = await LoginSRPDetail.findOneAndDelete({ email: req.user.email })
-
-		if (!loginSRPDetailFromDB) {
-			return BadRequestError(Error("It looks like some details from the first login are not found. Please try login one again"))
-		}
-
 		const server = new jsrp.server();
 		server.init(
 			{
 				salt: user.salt,
 				verifier: user.verifier,
-				b: loginSRPDetailFromDB.serverBInt
+				b: clientPublicKeys[req.user.email].serverBInt
 			},
 			async () => {
-				server.setClientPublicKey(loginSRPDetailFromDB.clientPublicKey);
+				server.setClientPublicKey(
+					clientPublicKeys[req.user.email].clientPublicKey
+				);
 
 				// compare server and client shared keys
 				if (server.checkClientProof(clientProof)) {
@@ -254,22 +249,16 @@ export const createBackupPrivateKey = async (req: Request, res: Response) => {
 
 		if (!user) throw new Error('Failed to find user');
 
-		const loginSRPDetailFromDB = await LoginSRPDetail.findOneAndDelete({ email: req.user.email })
-
-		if (!loginSRPDetailFromDB) {
-			return BadRequestError(Error("It looks like some details from the first login are not found. Please try login one again"))
-		}
-
 		const server = new jsrp.server();
 		server.init(
 			{
 				salt: user.salt,
 				verifier: user.verifier,
-				b: loginSRPDetailFromDB.serverBInt
+				b: clientPublicKeys[req.user.email].serverBInt
 			},
 			async () => {
 				server.setClientPublicKey(
-					loginSRPDetailFromDB.clientPublicKey
+					clientPublicKeys[req.user.email].clientPublicKey
 				);
 
 				// compare server and client shared keys
@@ -322,16 +311,16 @@ export const getBackupPrivateKey = async (req: Request, res: Response) => {
 		backupPrivateKey = await BackupPrivateKey.findOne({
 			user: req.user._id
 		}).select('+encryptedPrivateKey +iv +tag');
-
+		
 		if (!backupPrivateKey) throw new Error('Failed to find backup private key');
 	} catch (err) {
-		Sentry.setUser({ email: req.user.email });
+		Sentry.setUser({ email: req.user.email});
 		Sentry.captureException(err);
 		return res.status(400).send({
 			message: 'Failed to get backup private key'
 		});
 	}
-
+	
 	return res.status(200).send({
 		backupPrivateKey
 	});
@@ -359,15 +348,15 @@ export const resetPassword = async (req: Request, res: Response) => {
 			{
 				new: true
 			}
-		);
+		);	
 	} catch (err) {
-		Sentry.setUser({ email: req.user.email });
+		Sentry.setUser({ email: req.user.email});
 		Sentry.captureException(err);
 		return res.status(400).send({
 			message: 'Failed to get backup private key'
-		});
+		});	
 	}
-
+	
 	return res.status(200).send({
 		message: 'Successfully reset password'
 	});

backend/src/controllers/v2/environmentController.ts

@@ -11,7 +11,7 @@ import {
 import { SecretVersion } from '../../ee/models';
 import { BadRequestError } from '../../utils/errors';
 import _ from 'lodash';
-import { ABILITY_READ, ABILITY_WRITE } from '../../variables/organization';
+import { ABILITY_READ } from '../../variables/organization';
 
 /**
  * Create new workspace environment named [environmentName] under workspace with id
@@ -236,7 +236,7 @@ export const getAllAccessibleEnvironmentsOfWorkspace = async (
     throw BadRequestError()
   }
 
-  const accessibleEnvironments: any = []
+  const accessibleEnvironments: { name: string; slug: string; }[] = []
   const deniedPermission = workspacesUserIsMemberOf.deniedPermissions
 
   const relatedWorkspace = await Workspace.findById(workspaceId)
@@ -245,15 +245,11 @@ export const getAllAccessibleEnvironmentsOfWorkspace = async (
   }
   relatedWorkspace.environments.forEach(environment => {
     const isReadBlocked = _.some(deniedPermission, { environmentSlug: environment.slug, ability: ABILITY_READ })
-    const isWriteBlocked = _.some(deniedPermission, { environmentSlug: environment.slug, ability: ABILITY_WRITE })
+    // const isWriteBlocked = _.some(deniedPermission, { environmentSlug: environment.slug, ability: ABILITY_WRITE })
     if (isReadBlocked) {
       return
     } else {
-      accessibleEnvironments.push({
-        name: environment.name,
-        slug: environment.slug,
-        isWriteDenied: isWriteBlocked
-      })
+      accessibleEnvironments.push(environment)
     }
   })
 

backend/src/controllers/v2/secretsController.ts

@@ -79,7 +79,7 @@ export const createSecrets = async (req: Request, res: Response) => {
     */
 
     const channel = getChannelFromUserAgent(req.headers['user-agent'])
-    const { workspaceId, environment }: { workspaceId: string, environment: string } = req.body;
+    const { workspaceId, environment } = req.body;
 
     const hasAccess = await userHasWorkspaceAccess(req.user, workspaceId, environment, ABILITY_WRITE)
     if (!hasAccess) {
@@ -112,21 +112,19 @@ export const createSecrets = async (req: Request, res: Response) => {
             secretValueCiphertext: string;
             secretValueIV: string;
             secretValueTag: string;
-        }) => {
-            return ({
-                version: 1,
-                workspace: new Types.ObjectId(workspaceId),
-                type,
-                user: type === SECRET_PERSONAL ? req.user : undefined,
-                environment,
-                secretKeyCiphertext,
-                secretKeyIV,
-                secretKeyTag,
-                secretValueCiphertext,
-                secretValueIV,
-                secretValueTag
-            });
-        })
+        }) => ({
+            version: 1,
+            workspace: new Types.ObjectId(workspaceId),
+            type,
+            user: type === SECRET_PERSONAL ? req.user : undefined,
+            environment,
+            secretKeyCiphertext,
+            secretKeyIV,
+            secretKeyTag,
+            secretValueCiphertext,
+            secretValueIV,
+            secretValueTag
+        }))
     );
 
     setTimeout(async () => {
@@ -175,17 +173,17 @@ export const createSecrets = async (req: Request, res: Response) => {
         }))
     });
 
-    const addAction = await EELogService.createAction({
+    const addAction = await EELogService.createActionSecret({
         name: ACTION_ADD_SECRETS,
-        userId: req.user._id,
-        workspaceId: new Types.ObjectId(workspaceId),
+        userId: req.user._id.toString(),
+        workspaceId,
         secretIds: newSecrets.map((n) => n._id)
     });
 
     // (EE) create (audit) log
     addAction && await EELogService.createLog({
         userId: req.user._id.toString(),
-        workspaceId: new Types.ObjectId(workspaceId),
+        workspaceId,
         actions: [addAction],
         channel,
         ipAddress: req.ip
@@ -300,16 +298,16 @@ export const getSecrets = async (req: Request, res: Response) => {
 
     const channel = getChannelFromUserAgent(req.headers['user-agent'])
 
-    const readAction = await EELogService.createAction({
+    const readAction = await EELogService.createActionSecret({
         name: ACTION_READ_SECRETS,
-        userId: new Types.ObjectId(userId),
-        workspaceId: new Types.ObjectId(workspaceId as string),
+        userId: userId,
+        workspaceId: workspaceId as string,
         secretIds: secrets.map((n: any) => n._id)
     });
 
     readAction && await EELogService.createLog({
-        userId: new Types.ObjectId(userId),
-        workspaceId: new Types.ObjectId(workspaceId as string),
+        userId: userId,
+        workspaceId: workspaceId as string,
         actions: [readAction],
         channel,
         ipAddress: req.ip
@@ -505,17 +503,17 @@ export const updateSecrets = async (req: Request, res: Response) => {
             });
         }, 10000);
 
-        const updateAction = await EELogService.createAction({
+        const updateAction = await EELogService.createActionSecret({
             name: ACTION_UPDATE_SECRETS,
-            userId: req.user._id,
-            workspaceId: new Types.ObjectId(key),
+            userId: req.user._id.toString(),
+            workspaceId: key,
             secretIds: workspaceSecretObj[key].map((secret: ISecret) => secret._id)
         });
 
         // (EE) create (audit) log
         updateAction && await EELogService.createLog({
             userId: req.user._id.toString(),
-            workspaceId: new Types.ObjectId(key),
+            workspaceId: key,
             actions: [updateAction],
             channel,
             ipAddress: req.ip
@@ -631,17 +629,17 @@ export const deleteSecrets = async (req: Request, res: Response) => {
                 workspaceId: key
             })
         });
-        const deleteAction = await EELogService.createAction({
+        const deleteAction = await EELogService.createActionSecret({
             name: ACTION_DELETE_SECRETS,
-            userId: req.user._id,
-            workspaceId: new Types.ObjectId(key),
+            userId: req.user._id.toString(),
+            workspaceId: key,
             secretIds: workspaceSecretObj[key].map((secret: ISecret) => secret._id)
         });
 
         // (EE) create (audit) log
         deleteAction && await EELogService.createLog({
             userId: req.user._id.toString(),
-            workspaceId: new Types.ObjectId(key),
+            workspaceId: key,
             actions: [deleteAction],
             channel,
             ipAddress: req.ip

backend/src/controllers/v2/serviceTokenDataController.ts

@@ -8,8 +8,6 @@ import {
 import {
     SALT_ROUNDS
 } from '../../config';
-import { userHasWorkspaceAccess } from '../../ee/helpers/checkMembershipPermissions';
-import { ABILITY_READ } from '../../variables/organization';
 
 /**
  * Return service token data associated with service token on request
@@ -39,11 +37,6 @@ export const createServiceTokenData = async (req: Request, res: Response) => {
             expiresIn
         } = req.body;
 
-        const hasAccess = await userHasWorkspaceAccess(req.user, workspaceId, environment, ABILITY_READ)
-        if (!hasAccess) {
-            throw UnauthorizedRequestError({ message: "You do not have the necessary permission(s) perform this action" })
-        }
-
         const secret = crypto.randomBytes(16).toString('hex');
         const secretHash = await bcrypt.hash(secret, SALT_ROUNDS);
 
@@ -107,8 +100,4 @@ export const deleteServiceTokenData = async (req: Request, res: Response) => {
     return res.status(200).send({
         serviceTokenData
     });
-}
-
-function UnauthorizedRequestError(arg0: { message: string; }) {
-    throw new Error('Function not implemented.');
-}
+}

backend/src/ee/helpers/action.ts

@@ -1,40 +1,39 @@
 import * as Sentry from '@sentry/node';
 import { Types } from 'mongoose';
-import { Action } from '../models';
+import { SecretVersion, Action } from '../models';
 import { 
     getLatestSecretVersionIds,
     getLatestNSecretSecretVersionIds
 } from '../helpers/secretVersion';
-import { 
-    ACTION_LOGIN,
-    ACTION_LOGOUT,
-    ACTION_ADD_SECRETS,
-    ACTION_READ_SECRETS,
-    ACTION_DELETE_SECRETS,
-    ACTION_UPDATE_SECRETS,
-} from '../../variables';
+import { ACTION_UPDATE_SECRETS } from '../../variables';
 
 /**
- * Create an (audit) action for updating secrets
+ * Create an (audit) action for secrets including
+ * add, delete, update, and read actions.
  * @param {Object} obj
  * @param {String} obj.name - name of action
- * @param {Types.ObjectId} obj.secretIds - ids of relevant secrets
+ * @param {ObjectId[]} obj.secretIds - ids of relevant secrets
  * @returns {Action} action - new action
  */
-const createActionUpdateSecret = async ({
+const createActionSecretHelper = async ({
     name,
     userId,
     workspaceId,
     secretIds
 }: {
     name: string;
-    userId: Types.ObjectId;
-    workspaceId: Types.ObjectId;
+    userId: string;
+    workspaceId: string;
     secretIds: Types.ObjectId[];
 }) => {
+
     let action;
+    let latestSecretVersions;
     try {
-        const latestSecretVersions = (await getLatestNSecretSecretVersionIds({
+        if (name === ACTION_UPDATE_SECRETS) {
+            // case: action is updating secrets
+            // -> add old and new secret versions
+            latestSecretVersions = (await getLatestNSecretSecretVersionIds({
                 secretIds,
                 n: 2
             }))
@@ -42,7 +41,17 @@ const createActionUpdateSecret = async ({
                 oldSecretVersion: s.versions[0]._id,
                 newSecretVersion: s.versions[1]._id
             }));
-        
+        } else {
+            // case: action is adding, deleting, or reading secrets
+            // -> add new secret versions
+            latestSecretVersions = (await getLatestSecretVersionIds({
+                secretIds
+            }))
+            .map((s) => ({
+                newSecretVersion: s.versionId
+            }));
+        }
+
         action = await new Action({
             name,
             user: userId,
@@ -55,148 +64,10 @@ const createActionUpdateSecret = async ({
     } catch (err) {
 		Sentry.setUser(null);
 		Sentry.captureException(err);
-        throw new Error('Failed to create update secret action');
-    }
-    
-    return action;
-}
-
-/**
- * Create an (audit) action for creating, reading, and deleting
- * secrets
- * @param {Object} obj
- * @param {String} obj.name - name of action
- * @param {Types.ObjectId} obj.secretIds - ids of relevant secrets
- * @returns {Action} action - new action
- */
-const createActionSecret = async ({
-    name,
-    userId,
-    workspaceId,
-    secretIds
-}: {
-    name: string;
-    userId: Types.ObjectId;
-    workspaceId: Types.ObjectId;
-    secretIds: Types.ObjectId[];
-}) => {
-    let action;
-    try {
-        // case: action is adding, deleting, or reading secrets
-        // -> add new secret versions
-        const latestSecretVersions = (await getLatestSecretVersionIds({
-            secretIds
-        }))
-        .map((s) => ({
-            newSecretVersion: s.versionId
-        }));
-        
-       action = await new Action({
-            name,
-            user: userId,
-            workspace: workspaceId,
-            payload: {
-                secretVersions: latestSecretVersions
-            }
-        }).save(); 
-
-    } catch (err) {
-		Sentry.setUser(null);
-		Sentry.captureException(err);
-        throw new Error('Failed to create action create/read/delete secret action');
-    }
-    
-    return action;
-}
-
-/**
- * Create an (audit) action for user with id [userId]
- * @param {Object} obj 
- * @param {String} obj.name - name of action
- * @param {String} obj.userId - id of user associated with action
- * @returns 
- */
-const createActionUser = ({
-    name,
-    userId
-}: {
-    name: string;
-    userId: Types.ObjectId;
-}) => {
-    let action;
-    try {
-        action = new Action({
-            name,
-            user: userId
-        }).save();
-    } catch (err) {
-        Sentry.setUser(null);
-        Sentry.captureException(err);
-        throw new Error('Failed to create user action');
-    }
-
-    return action; 
-}
-
-/**
- * Create an (audit) action. 
- * @param {Object} obj
- * @param {Object} obj.name - name of action
- * @param {Types.ObjectId} obj.userId - id of user associated with action
- * @param {Types.ObjectId} obj.workspaceId - id of workspace associated with action
- * @param {Types.ObjectId[]} obj.secretIds - ids of secrets associated with action
-*/
-const createActionHelper = async ({
-    name,
-    userId,
-    workspaceId,
-    secretIds,
-}: {
-    name: string;
-    userId: Types.ObjectId;
-    workspaceId?: Types.ObjectId;
-    secretIds?: Types.ObjectId[];
-}) => {
-    let action;
-    try {
-        switch (name) {
-            case ACTION_LOGIN:
-            case ACTION_LOGOUT:
-                action = await createActionUser({
-                    name,
-                    userId
-                });
-                break;
-            case ACTION_ADD_SECRETS:
-            case ACTION_READ_SECRETS:
-            case ACTION_DELETE_SECRETS:
-                if (!workspaceId || !secretIds) throw new Error('Missing required params workspace id or secret ids to create action secret');
-                action = await createActionSecret({
-                    name,
-                    userId,
-                    workspaceId,
-                    secretIds
-                });
-                break;
-            case ACTION_UPDATE_SECRETS:
-                if (!workspaceId || !secretIds) throw new Error('Missing required params workspace id or secret ids to create action secret');
-                action = await createActionUpdateSecret({
-                    name,
-                    userId,
-                    workspaceId,
-                    secretIds
-                });
-                break;
-        }
-    } catch (err) {
-        Sentry.setUser(null);
-		Sentry.captureException(err);
         throw new Error('Failed to create action');
     }
     
     return action;
 }
 
-export { 
-    createActionHelper
-};
+export { createActionSecretHelper };

backend/src/ee/helpers/log.ts

@@ -1,19 +1,9 @@
 import * as Sentry from '@sentry/node';
-import { Types } from 'mongoose';
 import { 
     Log,
     IAction
 } from '../models';
-/**
- * Create an (audit) log
- * @param {Object} obj
- * @param {Types.ObjectId} obj.userId - id of user associated with the log
- * @param {Types.ObjectId} obj.workspaceId - id of workspace associated with the log
- * @param {IAction[]} obj.actions - actions to include in log
- * @param {String} obj.channel - channel (web/cli/auto) associated with the log
- * @param {String} obj.ipAddress - ip address associated with the log
- * @returns {Log} log - new audit log
- */
+
 const createLogHelper = async ({
     userId,
     workspaceId,
@@ -21,8 +11,8 @@ const createLogHelper = async ({
     channel,
     ipAddress
 }: {
-    userId: Types.ObjectId;
-    workspaceId?: Types.ObjectId;
+    userId: string;
+    workspaceId: string;
     actions: IAction[];
     channel: string;
     ipAddress: string;
@@ -31,7 +21,7 @@ const createLogHelper = async ({
     try {
         log = await new Log({
             user: userId,
-            workspace: workspaceId ?? undefined,
+            workspace: workspaceId,
             actionNames: actions.map((a) => a.name),
             actions,
             channel,

backend/src/ee/models/action.ts

@@ -1,18 +1,10 @@
 import { Schema, model, Types } from 'mongoose';
-import {
-    ACTION_LOGIN,
-    ACTION_LOGOUT,
-    ACTION_ADD_SECRETS,
-    ACTION_UPDATE_SECRETS,
-    ACTION_READ_SECRETS,
-    ACTION_DELETE_SECRETS
-} from '../../variables';
 
 export interface IAction {
     name: string;
     user?: Types.ObjectId,
     workspace?: Types.ObjectId,
-    payload?: {
+    payload: {
         secretVersions?: Types.ObjectId[]
     }
 }
@@ -21,15 +13,7 @@ const actionSchema = new Schema<IAction>(
     {
         name: {
             type: String,
-            required: true,
-            enum: [
-                ACTION_LOGIN,
-                ACTION_LOGOUT,
-                ACTION_ADD_SECRETS,
-                ACTION_UPDATE_SECRETS,
-                ACTION_READ_SECRETS,
-                ACTION_DELETE_SECRETS
-            ]
+            required: true
         },
         user: {
             type: Schema.Types.ObjectId,

backend/src/ee/models/log.ts

@@ -1,7 +1,5 @@
 import { Schema, model, Types } from 'mongoose';
 import {
-    ACTION_LOGIN,
-    ACTION_LOGOUT,
     ACTION_ADD_SECRETS,
     ACTION_UPDATE_SECRETS,
     ACTION_READ_SECRETS,
@@ -31,8 +29,6 @@ const logSchema = new Schema<ILog>(
         actionNames: {
             type: [String],
             enum: [
-                ACTION_LOGIN,
-                ACTION_LOGOUT,
                 ACTION_ADD_SECRETS,
                 ACTION_UPDATE_SECRETS,
                 ACTION_READ_SECRETS,

backend/src/ee/services/EELogService.ts

@@ -1,12 +1,14 @@
 import { Types } from 'mongoose';
 import { 
+    Log,
+    Action,
     IAction
 } from '../models';
 import {
     createLogHelper
 } from '../helpers/log';
 import {
-    createActionHelper
+    createActionSecretHelper
 } from '../helpers/action';
 import EELicenseService from './EELicenseService';
 
@@ -31,8 +33,8 @@ class EELogService {
         channel,
         ipAddress
     }: {
-        userId: Types.ObjectId;
-        workspaceId?: Types.ObjectId;
+        userId: string;
+        workspaceId: string;
         actions: IAction[];
         channel: string;
         ipAddress: string;
@@ -48,26 +50,26 @@ class EELogService {
     }
     
     /**
-     * Create an (audit) action
+     * Create an (audit) action for secrets including
+     * add, delete, update, and read actions.
      * @param {Object} obj
      * @param {String} obj.name - name of action
-     * @param {Types.ObjectId} obj.userId - id of user associated with the action
-     * @param {Types.ObjectId} obj.workspaceId - id of workspace associated with the action
-     * @param {ObjectId[]} obj.secretIds - ids of secrets associated with the action
+     * @param {ObjectId[]} obj.secretIds - secret ids
      * @returns {Action} action - new action
      */
-    static async createAction({
+    static async createActionSecret({
         name,
         userId,
         workspaceId,
         secretIds
     }: {
         name: string;
-        userId: Types.ObjectId;
-        workspaceId?: Types.ObjectId;
-        secretIds?: Types.ObjectId[];
+        userId: string;
+        workspaceId: string;
+        secretIds: Types.ObjectId[];
     }) {
-        return await createActionHelper({
+        if (!EELicenseService.isLicenseValid) return null; 
+        return await createActionSecretHelper({
             name,
             userId,
             workspaceId,

backend/src/helpers/database.ts

@@ -1,4 +1,5 @@
 import mongoose from 'mongoose';
+import { ISecret, Secret } from '../models';
 import { EESecretService } from '../ee/services';
 import { getLogger } from '../utils/logger';
 
@@ -15,10 +16,6 @@ const initDatabaseHelper = async ({
 }) => {
     try {
         await mongoose.connect(mongoURL);
-    
-        // allow empty strings to pass the required validator
-        mongoose.Schema.Types.String.checkRequired(v => typeof v === 'string');
-
         getLogger("database").info("Database connection established");
         
         await EESecretService.initSecretVersioning();

backend/src/helpers/organization.ts

@@ -3,7 +3,6 @@ import Stripe from 'stripe';
 import {
 	STRIPE_SECRET_KEY,
 	STRIPE_PRODUCT_STARTER,
-	STRIPE_PRODUCT_TEAM,
 	STRIPE_PRODUCT_PRO
 } from '../config';
 const stripe = new Stripe(STRIPE_SECRET_KEY, {
@@ -15,7 +14,6 @@ import { Organization, MembershipOrg } from '../models';
 
 const productToPriceMap = {
 	starter: STRIPE_PRODUCT_STARTER,
-	team: STRIPE_PRODUCT_TEAM,
 	pro: STRIPE_PRODUCT_PRO
 };
 
@@ -57,7 +55,7 @@ const createOrganization = async ({
 	} catch (err) {
 		Sentry.setUser({ email });
 		Sentry.captureException(err);
-		throw new Error(`Failed to create organization [err=${err}]`);
+		throw new Error('Failed to create organization');
 	}
 
 	return organization;

backend/src/helpers/secret.ts

@@ -406,10 +406,10 @@ const v2PushSecrets = async ({
 				secretIds: toDelete
 			});
 
-			const deleteAction = await EELogService.createAction({
+			const deleteAction = await EELogService.createActionSecret({
 				name: ACTION_DELETE_SECRETS,
-				userId: new Types.ObjectId(userId),
-				workspaceId: new Types.ObjectId(userId),
+				userId,
+				workspaceId,
 				secretIds: toDelete
 			});
 
@@ -499,10 +499,10 @@ const v2PushSecrets = async ({
 				})
 			});
 
-			const updateAction = await EELogService.createAction({
+			const updateAction = await EELogService.createActionSecret({
 				name: ACTION_UPDATE_SECRETS,
-				userId: new Types.ObjectId(userId),
-				workspaceId: new Types.ObjectId(workspaceId),
+				userId,
+				workspaceId,
 				secretIds: toUpdate.map((u) => u._id)
 			});
 
@@ -536,10 +536,10 @@ const v2PushSecrets = async ({
 				})
 			});
 
-			const addAction = await EELogService.createAction({
+			const addAction = await EELogService.createActionSecret({
 				name: ACTION_ADD_SECRETS,
-				userId: new Types.ObjectId(userId),
-				workspaceId: new Types.ObjectId(workspaceId),
+				userId,
+				workspaceId,
 				secretIds: newSecrets.map((n) => n._id)
 			});
 			addAction && actions.push(addAction);
@@ -553,8 +553,8 @@ const v2PushSecrets = async ({
 		// (EE) create (audit) log
 		if (actions.length > 0) {
 			await EELogService.createLog({
-				userId: new Types.ObjectId(userId),
-				workspaceId: new Types.ObjectId(workspaceId),
+				userId,
+				workspaceId,
 				actions,
 				channel,
 				ipAddress
@@ -645,16 +645,16 @@ const pullSecrets = async ({
 			environment
 		})
 
-		const readAction = await EELogService.createAction({
+		const readAction = await EELogService.createActionSecret({
 			name: ACTION_READ_SECRETS,
-			userId: new Types.ObjectId(userId),
-			workspaceId: new Types.ObjectId(workspaceId),
+			userId,
+			workspaceId,
 			secretIds: secrets.map((n: any) => n._id)
 		});
 
 		readAction && await EELogService.createLog({
-			userId: new Types.ObjectId(userId),
-			workspaceId: new Types.ObjectId(workspaceId),
+			userId,
+			workspaceId,
 			actions: [readAction],
 			channel,
 			ipAddress

backend/src/helpers/signup.ts

@@ -66,7 +66,7 @@ const checkEmailVerification = async ({
 			email,
 			token: code
 		});
-
+	
 		if (!token) throw new Error('Failed to find email verification token');
 	} catch (err) {
 		Sentry.setUser(null);
@@ -116,7 +116,7 @@ const initializeDefaultOrg = async ({
 			roles: [ADMIN]
 		});
 	} catch (err) {
-		throw new Error(`Failed to initialize default organization and workspace [err=${err}]`);
+		throw new Error('Failed to initialize default organization and workspace');
 	}
 };
 

backend/src/models/index.ts

@@ -16,7 +16,6 @@ import UserAction, { IUserAction } from './userAction';
 import Workspace, { IWorkspace } from './workspace';
 import ServiceTokenData, { IServiceTokenData } from './serviceTokenData';
 import APIKeyData, { IAPIKeyData } from './apiKeyData';
-import LoginSRPDetail, { ILoginSRPDetail } from './loginSRPDetail';
 
 export {
 	BackupPrivateKey,
@@ -54,7 +53,5 @@ export {
 	ServiceTokenData,
 	IServiceTokenData,
 	APIKeyData,
-	IAPIKeyData,
-	LoginSRPDetail,
-	ILoginSRPDetail
+	IAPIKeyData
 };

backend/src/models/loginSRPDetail.ts

@@ -1,29 +0,0 @@
-import mongoose, { Schema, model, Types } from 'mongoose';
-
-export interface ILoginSRPDetail {
-	_id: Types.ObjectId;
-	clientPublicKey: string;
-	email: string;
-	serverBInt: mongoose.Schema.Types.Buffer;
-	expireAt: Date;
-}
-
-const loginSRPDetailSchema = new Schema<ILoginSRPDetail>(
-	{
-		clientPublicKey: {
-			type: String,
-			required: true
-		},
-		email: {
-			type: String,
-			required: true,
-			unique: true
-		},
-		serverBInt: { type: mongoose.Schema.Types.Buffer },
-		expireAt: { type: Date }
-	}
-);
-
-const LoginSRPDetail = model('LoginSRPDetail', loginSRPDetailSchema);
-
-export default LoginSRPDetail;

backend/src/models/user.ts

@@ -12,7 +12,6 @@ export interface IUser {
 	salt?: string;
 	verifier?: string;
 	refreshVersion?: number;
-	seenIps: [string];
 }
 
 const userSchema = new Schema<IUser>(
@@ -55,8 +54,7 @@ const userSchema = new Schema<IUser>(
 			type: Number,
 			default: 0,
 			select: false
-		},
-		seenIps: [String]
+		}
 	},
 	{
 		timestamps: true

backend/src/routes/v2/organizations.ts

@@ -30,7 +30,7 @@ router.patch(
     '/:organizationId/memberships/:membershipId',
     param('organizationId').exists().trim(),
     param('membershipId').exists().trim(),
-    body('role').exists().isString().trim().isIn([OWNER, ADMIN, MEMBER]),
+    body('role').exists().isString().trim().isIn([ADMIN, MEMBER]),
     validateRequest,
     requireAuth({
         acceptedAuthModes: ['jwt', 'apiKey']

backend/src/routes/v2/secrets.ts

@@ -32,7 +32,7 @@ router.post(
                         !secret.secretKeyCiphertext ||
                         !secret.secretKeyIV ||
                         !secret.secretKeyTag ||
-                        (typeof secret.secretValueCiphertext !== 'string') ||
+                        !secret.secretValueCiphertext ||
                         !secret.secretValueIV ||
                         !secret.secretValueTag
                     ) {

backend/src/variables/action.ts

@@ -1,13 +1,9 @@
-const ACTION_LOGIN = 'login';
-const ACTION_LOGOUT = 'logout';
 const ACTION_ADD_SECRETS = 'addSecrets';
 const ACTION_DELETE_SECRETS = 'deleteSecrets';
 const ACTION_UPDATE_SECRETS = 'updateSecrets';
 const ACTION_READ_SECRETS = 'readSecrets';
 
 export {
-    ACTION_LOGIN,
-    ACTION_LOGOUT,
     ACTION_ADD_SECRETS,
     ACTION_DELETE_SECRETS,
     ACTION_UPDATE_SECRETS,

backend/src/variables/index.ts

@@ -35,8 +35,6 @@ import {
 import { SECRET_SHARED, SECRET_PERSONAL } from './secret';
 import { EVENT_PUSH_SECRETS, EVENT_PULL_SECRETS } from './event';
 import {
-  ACTION_LOGIN,
-  ACTION_LOGOUT,
   ACTION_ADD_SECRETS,
   ACTION_UPDATE_SECRETS,
   ACTION_DELETE_SECRETS,
@@ -77,8 +75,6 @@ export {
   INTEGRATION_FLYIO_API_URL,
   EVENT_PUSH_SECRETS,
   EVENT_PULL_SECRETS,
-  ACTION_LOGIN,
-  ACTION_LOGOUT,
   ACTION_ADD_SECRETS,
   ACTION_UPDATE_SECRETS,
   ACTION_DELETE_SECRETS,

backend/src/variables/integration.ts

@@ -90,7 +90,7 @@ const INTEGRATION_OPTIONS = [
         name: 'Fly.io',
         slug: 'flyio',
         image: 'Flyio.svg',
-        isAvailable: true,
+        isAvailable: false,
         type: 'pat',
         clientId: '',
         docsLink: ''

cli/main.go

@@ -1,5 +1,5 @@
 /*
-Copyright (c) 2023 Infisical Inc.
+Copyright © 2022 NAME HERE <EMAIL ADDRESS>
 */
 package main
 

cli/packages/api/api.go

@@ -5,7 +5,6 @@ import (
 
 	"github.com/Infisical/infisical-merge/packages/config"
 	"github.com/go-resty/resty/v2"
-	log "github.com/sirupsen/logrus"
 )
 
 const USER_AGENT = "cli"
@@ -145,24 +144,3 @@ func CallGetAllWorkSpacesUserBelongsTo(httpClient *resty.Client) (GetWorkSpacesR
 
 	return workSpacesResponse, nil
 }
-
-func CallIsAuthenticated(httpClient *resty.Client) bool {
-	var workSpacesResponse GetWorkSpacesResponse
-	response, err := httpClient.
-		R().
-		SetResult(&workSpacesResponse).
-		SetHeader("User-Agent", USER_AGENT).
-		Post(fmt.Sprintf("%v/v1/auth/checkAuth", config.INFISICAL_URL))
-
-	log.Debugln(fmt.Errorf("CallIsAuthenticated: Unsuccessful response:  [response=%v]", response))
-
-	if err != nil {
-		return false
-	}
-
-	if response.IsError() {
-		return false
-	}
-
-	return true
-}

cli/packages/cmd/export.go

@@ -1,5 +1,5 @@
 /*
-Copyright (c) 2023 Infisical Inc.
+Copyright © 2022 NAME HERE <EMAIL ADDRESS>
 */
 package cmd
 
@@ -56,12 +56,7 @@ var exportCmd = &cobra.Command{
 			util.HandleError(err, "Unable to parse flag")
 		}
 
-		infisicalToken, err := cmd.Flags().GetString("token")
-		if err != nil {
-			util.HandleError(err, "Unable to parse flag")
-		}
-
-		secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: envName, InfisicalToken: infisicalToken})
+		secrets, err := util.GetAllEnvironmentVariables(envName)
 		if err != nil {
 			util.HandleError(err, "Unable to fetch secrets")
 		}
@@ -96,7 +91,6 @@ func init() {
 	exportCmd.Flags().Bool("expand", true, "Parse shell parameter expansions in your secrets")
 	exportCmd.Flags().StringP("format", "f", "dotenv", "Set the format of the output file (dotenv, json, csv)")
 	exportCmd.Flags().Bool("secret-overriding", true, "Prioritizes personal secrets, if any, with the same name over shared secrets")
-	exportCmd.Flags().String("token", "", "Fetch secrets using the Infisical Token")
 }
 
 // Format according to the format flag

cli/packages/cmd/init.go

@@ -1,5 +1,5 @@
 /*
-Copyright (c) 2023 Infisical Inc.
+Copyright © 2022 NAME HERE <EMAIL ADDRESS>
 */
 package cmd
 

cli/packages/cmd/login.go

@@ -1,5 +1,5 @@
 /*
-Copyright (c) 2023 Infisical Inc.
+Copyright © 2022 NAME HERE <EMAIL ADDRESS>
 */
 package cmd
 
@@ -33,13 +33,13 @@ var loginCmd = &cobra.Command{
 	PreRun:                toggleDebug,
 	Run: func(cmd *cobra.Command, args []string) {
 		currentLoggedInUserDetails, err := util.GetCurrentLoggedInUserDetails()
-		if err != nil && (strings.Contains(err.Error(), "The specified item could not be found in the keyring") || strings.Contains(err.Error(), "unable to get key from Keyring")) { // if the key can't be found allow them to override
+		if err != nil && strings.Contains(err.Error(), "The specified item could not be found in the keyring") { // if the key can't be found allow them to override
 			log.Debug(err)
 		} else if err != nil {
 			util.HandleError(err)
 		}
 
-		if currentLoggedInUserDetails.IsUserLoggedIn && !currentLoggedInUserDetails.LoginExpired { // if you are logged in but not expired
+		if currentLoggedInUserDetails.IsUserLoggedIn {
 			shouldOverride, err := shouldOverrideLoginPrompt(currentLoggedInUserDetails.UserCredentials.Email)
 			if err != nil {
 				util.HandleError(err)
@@ -101,9 +101,6 @@ var loginCmd = &cobra.Command{
 			util.HandleError(err, "Unable to write write to Infisical Config file. Please try again")
 		}
 
-		// clear backed up secrets from prev account
-		util.DeleteBackupSecrets()
-
 		color.Green("Nice! You are logged in as: %v", email)
 
 	},

cli/packages/cmd/man.go

@@ -1,5 +1,5 @@
 /*
-Copyright (c) 2023 Infisical Inc.
+Copyright © 2022 NAME HERE <EMAIL ADDRESS>
 */
 package cmd
 

cli/packages/cmd/root.go

@@ -1,5 +1,5 @@
 /*
-Copyright (c) 2023 Infisical Inc.
+Copyright © 2022 NAME HERE <EMAIL ADDRESS>
 */
 package cmd
 

cli/packages/cmd/run.go

@@ -1,5 +1,5 @@
 /*
-Copyright (c) 2023 Infisical Inc.
+Copyright © 2022 NAME HERE <EMAIL ADDRESS>
 */
 package cmd
 
@@ -12,7 +12,6 @@ import (
 	"strings"
 	"syscall"
 
-	"github.com/Infisical/infisical-merge/packages/models"
 	"github.com/Infisical/infisical-merge/packages/util"
 	"github.com/fatih/color"
 	log "github.com/sirupsen/logrus"
@@ -59,15 +58,10 @@ var runCmd = &cobra.Command{
 			util.HandleError(err, "Unable to parse flag")
 		}
 
-		infisicalToken, err := cmd.Flags().GetString("token")
-		if err != nil {
-			util.HandleError(err, "Unable to parse flag")
+		if !util.IsSecretEnvironmentValid(envName) {
+			util.PrintMessageAndExit("Invalid environment name passed. Environment names can only be prod, dev, test or staging")
 		}
 
-		// if !util.IsSecretEnvironmentValid(envName) {
-		// 	util.PrintMessageAndExit("Invalid environment name passed. Environment names can only be prod, dev, test or staging")
-		// }
-
 		secretOverriding, err := cmd.Flags().GetBool("secret-overriding")
 		if err != nil {
 			util.HandleError(err, "Unable to parse flag")
@@ -78,8 +72,7 @@ var runCmd = &cobra.Command{
 			util.HandleError(err, "Unable to parse flag")
 		}
 
-		secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: envName, InfisicalToken: infisicalToken})
-
+		secrets, err := util.GetAllEnvironmentVariables(envName)
 		if err != nil {
 			util.HandleError(err, "Could not fetch secrets", "If you are using a service token to fetch secrets, please ensure it is valid")
 		}
@@ -147,7 +140,6 @@ var runCmd = &cobra.Command{
 
 func init() {
 	rootCmd.AddCommand(runCmd)
-	runCmd.Flags().String("token", "", "Fetch secrets using the Infisical Token")
 	runCmd.Flags().StringP("env", "e", "dev", "Set the environment (dev, prod, etc.) from which your secrets should be pulled from")
 	runCmd.Flags().Bool("expand", true, "Parse shell parameter expansions in your secrets")
 	runCmd.Flags().Bool("secret-overriding", true, "Prioritizes personal secrets, if any, with the same name over shared secrets")

cli/packages/cmd/secrets.go

@@ -1,5 +1,5 @@
 /*
-Copyright (c) 2023 Infisical Inc.
+Copyright © 2022 NAME HERE <EMAIL ADDRESS>
 */
 package cmd
 
@@ -34,17 +34,12 @@ var secretsCmd = &cobra.Command{
 			util.HandleError(err)
 		}
 
-		infisicalToken, err := cmd.Flags().GetString("token")
-		if err != nil {
-			util.HandleError(err, "Unable to parse flag")
-		}
-
 		shouldExpandSecrets, err := cmd.Flags().GetBool("expand")
 		if err != nil {
 			util.HandleError(err)
 		}
 
-		secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: environmentName, InfisicalToken: infisicalToken})
+		secrets, err := util.GetAllEnvironmentVariables(environmentName)
 		if err != nil {
 			util.HandleError(err)
 		}
@@ -116,7 +111,7 @@ var secretsSetCmd = &cobra.Command{
 		plainTextEncryptionKey := crypto.DecryptAsymmetric(encryptedWorkspaceKey, encryptedWorkspaceKeyNonce, encryptedWorkspaceKeySenderPublicKey, currentUsersPrivateKey)
 
 		// pull current secrets
-		secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: environmentName})
+		secrets, err := util.GetAllEnvironmentVariables(environmentName)
 		if err != nil {
 			util.HandleError(err, "unable to retrieve secrets")
 		}
@@ -272,7 +267,7 @@ var secretsDeleteCmd = &cobra.Command{
 			util.HandleError(err, "Unable to get local project details")
 		}
 
-		secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: environmentName})
+		secrets, err := util.GetAllEnvironmentVariables(environmentName)
 		if err != nil {
 			util.HandleError(err, "Unable to fetch secrets")
 		}
@@ -314,6 +309,30 @@ var secretsDeleteCmd = &cobra.Command{
 	},
 }
 
+func init() {
+	secretsCmd.AddCommand(secretsGetCmd)
+	secretsGetCmd.PersistentPreRun = func(cmd *cobra.Command, args []string) {
+		util.RequireLogin()
+		util.RequireLocalWorkspaceFile()
+	}
+
+	secretsCmd.AddCommand(secretsSetCmd)
+	secretsSetCmd.PersistentPreRun = func(cmd *cobra.Command, args []string) {
+		util.RequireLogin()
+		util.RequireLocalWorkspaceFile()
+	}
+
+	secretsCmd.AddCommand(secretsDeleteCmd)
+	secretsDeleteCmd.PersistentPreRun = func(cmd *cobra.Command, args []string) {
+		util.RequireLogin()
+		util.RequireLocalWorkspaceFile()
+	}
+
+	secretsCmd.PersistentFlags().String("env", "dev", "Used to select the environment name on which actions should be taken on")
+	secretsCmd.Flags().Bool("expand", true, "Parse shell parameter expansions in your secrets")
+	rootCmd.AddCommand(secretsCmd)
+}
+
 func getSecretsByNames(cmd *cobra.Command, args []string) {
 	environmentName, err := cmd.Flags().GetString("env")
 	if err != nil {
@@ -325,12 +344,7 @@ func getSecretsByNames(cmd *cobra.Command, args []string) {
 		util.HandleError(err, "Unable to parse flag")
 	}
 
-	infisicalToken, err := cmd.Flags().GetString("token")
-	if err != nil {
-		util.HandleError(err, "Unable to parse flag")
-	}
-
-	secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: environmentName, InfisicalToken: infisicalToken})
+	secrets, err := util.GetAllEnvironmentVariables(environmentName)
 	if err != nil {
 		util.HandleError(err, "To fetch all secrets")
 	}
@@ -366,25 +380,3 @@ func getSecretsByKeys(secrets []models.SingleEnvironmentVariable) map[string]mod
 
 	return secretMapByName
 }
-
-func init() {
-	secretsGetCmd.Flags().String("token", "", "Fetch secrets using the Infisical Token")
-	secretsCmd.AddCommand(secretsGetCmd)
-
-	secretsCmd.AddCommand(secretsSetCmd)
-	secretsSetCmd.PersistentPreRun = func(cmd *cobra.Command, args []string) {
-		util.RequireLogin()
-		util.RequireLocalWorkspaceFile()
-	}
-
-	secretsCmd.AddCommand(secretsDeleteCmd)
-	secretsDeleteCmd.PersistentPreRun = func(cmd *cobra.Command, args []string) {
-		util.RequireLogin()
-		util.RequireLocalWorkspaceFile()
-	}
-
-	secretsCmd.Flags().String("token", "", "Fetch secrets using the Infisical Token")
-	secretsCmd.PersistentFlags().String("env", "dev", "Used to select the environment name on which actions should be taken on")
-	secretsCmd.Flags().Bool("expand", true, "Parse shell parameter expansions in your secrets")
-	rootCmd.AddCommand(secretsCmd)
-}

cli/packages/cmd/vault.go

@@ -1,5 +1,5 @@
 /*
-Copyright (c) 2023 Infisical Inc.
+Copyright © 2022 NAME HERE <EMAIL ADDRESS>
 */
 package cmd
 

cli/packages/models/cli.go

@@ -34,12 +34,7 @@ type WorkspaceConfigFile struct {
 }
 
 type SymmetricEncryptionResult struct {
-	CipherText []byte `json:"CipherText"`
-	Nonce      []byte `json:"Nonce"`
-	AuthTag    []byte `json:"AuthTag"`
-}
-
-type GetAllSecretsParameters struct {
-	Environment    string
-	InfisicalToken string
+	CipherText []byte
+	Nonce      []byte
+	AuthTag    []byte
 }

cli/packages/util/check-for-update.go

@@ -2,14 +2,13 @@ package util
 
 import (
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 )
 
 func CheckForUpdate() {
-	latestVersion, err := getLatestTag("Infisical", "infisical")
+	latestVersion, err := getLatestTag("infisical", "infisical")
 	if err != nil {
 		// do nothing and continue
 		return
@@ -25,9 +24,6 @@ func getLatestTag(repoOwner string, repoName string) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	if resp.StatusCode != 200 {
-		return "", errors.New(fmt.Sprintf("GitHub API returned status code %d", resp.StatusCode))
-	}
 
 	defer resp.Body.Close()
 
@@ -42,5 +38,5 @@ func getLatestTag(repoOwner string, repoName string) (string, error) {
 
 	json.Unmarshal(body, &tags)
 
-	return tags[0].Name[1:], nil
+	return tags[0].Name, nil
 }

cli/packages/util/common.go

@@ -2,7 +2,6 @@ package util
 
 import (
 	"fmt"
-	"net/http"
 	"os"
 )
 
@@ -20,11 +19,3 @@ func WriteToFile(fileName string, dataToWrite []byte, filePerm os.FileMode) erro
 
 	return nil
 }
-
-func CheckIsConnectedToInternet() (ok bool) {
-	_, err := http.Get("http://clients3.google.com/generate_204")
-	if err != nil {
-		return false
-	}
-	return true
-}

cli/packages/util/constants.go

@@ -11,8 +11,5 @@ const (
 	KEYRING_SERVICE_NAME                 = "infisical"
 	PERSONAL_SECRET_TYPE_NAME            = "personal"
 	SHARED_SECRET_TYPE_NAME              = "shared"
-)
-
-var (
-	CLI_VERSION = "devel"
+	CLI_VERSION                          = "v0.2.7"
 )

cli/packages/util/credentials.go

@@ -5,7 +5,7 @@ import (
 	"fmt"
 
 	"github.com/99designs/keyring"
-	"github.com/Infisical/infisical-merge/packages/api"
+	"github.com/Infisical/infisical-merge/packages/config"
 	"github.com/Infisical/infisical-merge/packages/models"
 	"github.com/go-resty/resty/v2"
 )
@@ -87,10 +87,17 @@ func GetCurrentLoggedInUserDetails() (LoggedInUserDetails, error) {
 			SetAuthToken(userCreds.JTWToken).
 			SetHeader("Accept", "application/json")
 
-		isAuthenticated := api.CallIsAuthenticated(httpClient)
-		if !isAuthenticated {
+		response, err := httpClient.
+			R().
+			Post(fmt.Sprintf("%v/v1/auth/checkAuth", config.INFISICAL_URL))
+
+		if err != nil {
+			return LoggedInUserDetails{}, err
+		}
+
+		if response.StatusCode() > 299 {
 			return LoggedInUserDetails{
-				IsUserLoggedIn:  true, // was logged in
+				IsUserLoggedIn:  true,
 				LoginExpired:    true,
 				UserCredentials: userCreds,
 			}, nil

cli/packages/util/secrets.go

@@ -2,8 +2,6 @@ package util
 
 import (
 	"encoding/base64"
-	"encoding/json"
-	"errors"
 	"fmt"
 	"os"
 	"regexp"
@@ -99,26 +97,13 @@ func GetPlainTextSecretsViaJTW(JTWToken string, receiversPrivateKey string, work
 	return plainTextSecrets, nil
 }
 
-func GetAllEnvironmentVariables(params models.GetAllSecretsParameters) ([]models.SingleEnvironmentVariable, error) {
-	var infisicalToken string
-	if params.InfisicalToken == "" {
-		infisicalToken = os.Getenv(INFISICAL_TOKEN_NAME)
-	} else {
-		infisicalToken = params.InfisicalToken
-	}
-
-	isConnected := CheckIsConnectedToInternet()
-	var secretsToReturn []models.SingleEnvironmentVariable
-	var errorToReturn error
+func GetAllEnvironmentVariables(envName string) ([]models.SingleEnvironmentVariable, error) {
+	infisicalToken := os.Getenv(INFISICAL_TOKEN_NAME)
 
 	if infisicalToken == "" {
-		if isConnected {
-			log.Debug("GetAllEnvironmentVariables: Connected to internet, checking logged in creds")
-			RequireLocalWorkspaceFile()
-			RequireLogin()
-		}
-
-		log.Debug("GetAllEnvironmentVariables: Trying to fetch secrets using logged in details")
+		RequireLocalWorkspaceFile()
+		RequireLogin()
+		log.Debug("Trying to fetch secrets using logged in details")
 
 		loggedInUserDetails, err := GetCurrentLoggedInUserDetails()
 		if err != nil {
@@ -130,30 +115,13 @@ func GetAllEnvironmentVariables(params models.GetAllSecretsParameters) ([]models
 			return nil, err
 		}
 
-		secretsToReturn, errorToReturn = GetPlainTextSecretsViaJTW(loggedInUserDetails.UserCredentials.JTWToken, loggedInUserDetails.UserCredentials.PrivateKey, workspaceFile.WorkspaceId, params.Environment)
-		log.Debugf("GetAllEnvironmentVariables: Trying to fetch secrets JTW token [err=%s]", errorToReturn)
-
-		backupSecretsEncryptionKey := []byte(loggedInUserDetails.UserCredentials.PrivateKey)[0:32]
-		if errorToReturn == nil {
-			WriteBackupSecrets(workspaceFile.WorkspaceId, params.Environment, backupSecretsEncryptionKey, secretsToReturn)
-		}
-
-		// only attempt to serve cached secrets if no internet connection and if at least one secret cached
-		if !isConnected {
-			backedSecrets, err := ReadBackupSecrets(workspaceFile.WorkspaceId, params.Environment, backupSecretsEncryptionKey)
-			if len(backedSecrets) > 0 {
-				PrintWarning("Unable to fetch latest secret(s) due to connection error, serving secrets from last successful fetch. For more info, run with --debug")
-				secretsToReturn = backedSecrets
-				errorToReturn = err
-			}
-		}
+		secrets, err := GetPlainTextSecretsViaJTW(loggedInUserDetails.UserCredentials.JTWToken, loggedInUserDetails.UserCredentials.PrivateKey, workspaceFile.WorkspaceId, envName)
+		return secrets, err
 
 	} else {
 		log.Debug("Trying to fetch secrets using service token")
-		secretsToReturn, errorToReturn = GetPlainTextSecretsViaServiceToken(infisicalToken)
+		return GetPlainTextSecretsViaServiceToken(infisicalToken)
 	}
-
-	return secretsToReturn, errorToReturn
 }
 
 func getExpandedEnvVariable(secrets []models.SingleEnvironmentVariable, variableWeAreLookingFor string, hashMapOfCompleteVariables map[string]string, hashMapOfSelfRefs map[string]string) string {
@@ -327,100 +295,3 @@ func GetPlainTextSecrets(key []byte, encryptedSecrets api.GetEncryptedSecretsV2R
 
 	return plainTextSecrets, nil
 }
-
-func WriteBackupSecrets(workspace string, environment string, encryptionKey []byte, secrets []models.SingleEnvironmentVariable) error {
-	fileName := fmt.Sprintf("secrets_%s_%s", workspace, environment)
-	secrets_backup_folder_name := "secrets-backup"
-
-	_, fullConfigFileDirPath, err := GetFullConfigFilePath()
-	if err != nil {
-		return fmt.Errorf("WriteBackupSecrets: unable to get full config folder path [err=%s]", err)
-	}
-
-	// create secrets backup directory
-	fullPathToSecretsBackupFolder := fmt.Sprintf("%s/%s", fullConfigFileDirPath, secrets_backup_folder_name)
-	if _, err := os.Stat(fullPathToSecretsBackupFolder); errors.Is(err, os.ErrNotExist) {
-		err := os.Mkdir(fullPathToSecretsBackupFolder, os.ModePerm)
-		if err != nil {
-			return err
-		}
-	}
-
-	var encryptedSecrets []models.SymmetricEncryptionResult
-	for _, secret := range secrets {
-		marshaledSecrets, _ := json.Marshal(secret)
-		result, err := crypto.EncryptSymmetric(marshaledSecrets, encryptionKey)
-		if err != nil {
-			return err
-		}
-
-		encryptedSecrets = append(encryptedSecrets, result)
-	}
-
-	listOfSecretsMarshalled, _ := json.Marshal(encryptedSecrets)
-	err = os.WriteFile(fmt.Sprintf("%s/%s", fullPathToSecretsBackupFolder, fileName), listOfSecretsMarshalled, os.ModePerm)
-	if err != nil {
-		return fmt.Errorf("WriteBackupSecrets: Unable to write backup secrets to file [err=%s]", err)
-	}
-
-	return nil
-}
-
-func ReadBackupSecrets(workspace string, environment string, encryptionKey []byte) ([]models.SingleEnvironmentVariable, error) {
-	fileName := fmt.Sprintf("secrets_%s_%s", workspace, environment)
-	secrets_backup_folder_name := "secrets-backup"
-
-	_, fullConfigFileDirPath, err := GetFullConfigFilePath()
-	if err != nil {
-		return nil, fmt.Errorf("ReadBackupSecrets: unable to write config file because an error occurred when getting config file path [err=%s]", err)
-	}
-
-	fullPathToSecretsBackupFolder := fmt.Sprintf("%s/%s", fullConfigFileDirPath, secrets_backup_folder_name)
-	if _, err := os.Stat(fullPathToSecretsBackupFolder); errors.Is(err, os.ErrNotExist) {
-		return nil, nil
-	}
-
-	encryptedBackupSecretsFilePath := fmt.Sprintf("%s/%s", fullPathToSecretsBackupFolder, fileName)
-
-	encryptedBackupSecretsAsBytes, err := os.ReadFile(encryptedBackupSecretsFilePath)
-	if err != nil {
-		return nil, err
-	}
-
-	var listOfEncryptedBackupSecrets []models.SymmetricEncryptionResult
-
-	_ = json.Unmarshal(encryptedBackupSecretsAsBytes, &listOfEncryptedBackupSecrets)
-
-	var plainTextSecrets []models.SingleEnvironmentVariable
-	for _, encryptedSecret := range listOfEncryptedBackupSecrets {
-		result, err := crypto.DecryptSymmetric(encryptionKey, encryptedSecret.CipherText, encryptedSecret.AuthTag, encryptedSecret.Nonce)
-		if err != nil {
-			return nil, err
-		}
-
-		var plainTextSecret models.SingleEnvironmentVariable
-
-		err = json.Unmarshal(result, &plainTextSecret)
-		if err != nil {
-			return nil, err
-		}
-
-		plainTextSecrets = append(plainTextSecrets, plainTextSecret)
-	}
-
-	return plainTextSecrets, nil
-
-}
-
-func DeleteBackupSecrets() error {
-	secrets_backup_folder_name := "secrets-backup"
-
-	_, fullConfigFileDirPath, err := GetFullConfigFilePath()
-	if err != nil {
-		return fmt.Errorf("ReadBackupSecrets: unable to write config file because an error occurred when getting config file path [err=%s]", err)
-	}
-
-	fullPathToSecretsBackupFolder := fmt.Sprintf("%s/%s", fullConfigFileDirPath, secrets_backup_folder_name)
-
-	return os.RemoveAll(fullPathToSecretsBackupFolder)
-}

cli/packages/util/vault.go

@@ -57,7 +57,7 @@ func fileKeyringPassphrasePrompt(prompt string) (string, error) {
 	if password, ok := os.LookupEnv("INFISICAL_VAULT_FILE_PASSPHRASE"); ok {
 		return password, nil
 	} else {
-		fmt.Println("You may set the environment variable `INFISICAL_VAULT_FILE_PASSPHRASE` with your password to avoid typing it")
+		fmt.Println("You may set the `INFISICAL_VAULT_FILE_PASSPHRASE` environment variable to avoid typing password")
 	}
 
 	fmt.Fprintf(os.Stderr, "%s:", prompt)
@@ -65,7 +65,6 @@ func fileKeyringPassphrasePrompt(prompt string) (string, error) {
 	if err != nil {
 		return "", err
 	}
-
 	fmt.Println("")
 	return string(b), nil
 }

docker-compose.dev.yml

@@ -46,7 +46,11 @@ services:
       context: ./frontend
       dockerfile: Dockerfile.dev
     volumes:
-      - ./frontend/src:/app/src/ # mounted whole src to avoid missing reload on new files
+      - ./frontend/src/pages:/app/src/pages
+      - ./frontend/src/components:/app/src/components
+      - ./frontend/src/ee:/app/src/ee
+      - ./frontend/src/locales:/app/src/locales
+      - ./frontend/src/styles:/app/src/styles
       - ./frontend/public:/app/public
       - ./frontend/next-i18next.config.js:/app/next-i18next.config.js
     env_file: .env
@@ -54,7 +58,6 @@ services:
       - NEXT_PUBLIC_ENV=development
       - INFISICAL_TELEMETRY_ENABLED=${TELEMETRY_ENABLED}
       - NEXT_PUBLIC_STRIPE_PRODUCT_PRO=${STRIPE_PRODUCT_PRO}
-      - NEXT_PUBLIC_STRIPE_PRODUCT_TEAM=${STRIPE_PRODUCT_TEAM}
       - NEXT_PUBLIC_STRIPE_PRODUCT_STARTER=${STRIPE_PRODUCT_STARTER}
     networks:
       - infisical-dev

docker-compose.yml

@@ -40,7 +40,6 @@ services:
       # - NEXT_PUBLIC_POSTHOG_API_KEY=${POSTHOG_PROJECT_API_KEY}
       - INFISICAL_TELEMETRY_ENABLED=${TELEMETRY_ENABLED}
       - NEXT_PUBLIC_STRIPE_PRODUCT_PRO=${STRIPE_PRODUCT_PRO}
-      - NEXT_PUBLIC_STRIPE_PRODUCT_TEAM=${STRIPE_PRODUCT_TEAM}
       - NEXT_PUBLIC_STRIPE_PRODUCT_STARTER=${STRIPE_PRODUCT_STARTER}
     networks:
       - infisical

docs/cli/commands/commands.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Commands"
-description: "Infisical CLI command overview"
 ---
 
 ## Commands

docs/cli/commands/export.mdx

@@ -1,6 +1,5 @@
 ---
 title: "infisical export"
-description: "Export Infisical secrets from CLI into different file formats"
 ---
 
 ```bash

docs/cli/commands/init.mdx

@@ -1,6 +1,5 @@
 ---
 title: "infisical init"
-description: "Switch between Infisical projects within CLI"
 ---
 
 ```bash

docs/cli/commands/login.mdx

@@ -1,6 +1,5 @@
 ---
 title: "infisical login"
-description: "Login into Infisical from the CLI"
 ---
 
 ```bash

docs/cli/commands/run.mdx

@@ -1,6 +1,5 @@
 ---
 title: "infisical run"
-description: "The command that injects your secrets into local environment"
 ---
 
 <Tabs>

docs/cli/commands/secrets.mdx

@@ -1,6 +1,5 @@
 ---
 title: "infisical secrets"
-description: "Perform CRUD operations with Infisical secrets"
 ---
 
 ```

docs/cli/commands/vault.mdx

@@ -1,6 +1,5 @@
 ---
 title: "infisical vault"
-description: "Change the vault type in Infisical"
 ---
 
 <Tabs>

docs/cli/faq.mdx

@@ -1,6 +1,5 @@
 ---
 title: "FAQ"
-description: "Frequently Asked Questions about Infisical"
 ---
 
 Frequently asked questions about the CLI can be found on this page. 

docs/cli/overview.mdx

@@ -1,6 +1,5 @@
 ---
 title: 'Install'
-description: "Infisical's CLI is one of the best way to manage environments and secrets. Install it here"
 ---
 
 Prerequisite: Set up an account with [Infisical Cloud](https://app.infisical.com) or via a [self-hosted installation](/self-hosting/overview).

docs/cli/token.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Infisical Token"
-description: "How to use Infical service token within the CLI."
 ---
 
 Prerequisite: [Infisical Token and How to Generate One](../../getting-started/dashboard/token).

docs/cli/usage.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Usage"
-description: "How to manage you secrets with Infisical's CLI?"
 ---
 
 Prerequisite: [Install the CLI](/cli/overview)

docs/contributing/code-of-conduct.mdx

@@ -1,6 +1,6 @@
 ---
 title: "Code of Conduct"
-description: "What you should know before contributing to Infisical?"
+description: ""
 ---
 
 ## Our Pledge

docs/getting-started/dashboard/audit-logs.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Activity Logs"
-description: "See which events are triggered within your Infisical project."
 ---
 
 Activity logs record all actions going through Infisical including who performed which CRUD operations on environment variables and from what IP address. They help answer questions like:

docs/getting-started/dashboard/create-account.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Sign up"
-description: "How to create an account in Infisical?"
 ---
 
 ## Self-hosted

docs/getting-started/dashboard/integrations.mdx

@@ -1,11 +1,10 @@
 ---
 title: "Integrations"
-description: "How to sync your secrets among various 3rd-party services with Infisical."
 ---
 
 Integrations allow environment variables to be synced across your entire infrastructure from local development to CI/CD and production.
 
-We're still relatively early with integrations. 6+ integrations are already avaiable but expect more coming very soon.
+We're still early with integrations, but expect more soon.
 
 <Card title="View integrations" icon="link" href="/integrations/overview">
   View all available integrations and their guides

docs/getting-started/dashboard/organization.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Organization"
-description: "How Infisical structures its organizations."
 ---
 
 An organization houses projects and members.

docs/getting-started/dashboard/pit-recovery.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Point-in-Time Recovery"
-description: "How to rollback secrets and configs to any commit with Infisical."
 ---
 
 Point-in-time recovery allows environment variables to be rolled back to any point in time. It's powered by snapshots that get captured after mutations to environment variables.

docs/getting-started/dashboard/project.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Project"
-description: "How Infisical organizes secrets into projects."
 ---
 
 A project houses environment variables for an application.

docs/getting-started/dashboard/secret-versioning.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Secret Versioning"
-description: "Version secrets and configurations with Infisical"
 ---
 
 Secret versioning records changes made to every secret.

docs/getting-started/dashboard/token.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Infisical Token"
-description: "Use Infisical service token as one of the authentication methods."
 ---
 
 An Infisical Token is needed to authenticate the CLI when there isn't an easy way to input your login credentials.

docs/getting-started/features.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Features"
-description: "A list of features that Infisical has to offer."
 ---
 
 This is a non-exhaustive list of features that Infisical offers:
@@ -31,9 +30,9 @@ We're building the future of secret management, one that's comprehensive and acc
 | More hosting options                  | Ongoing     |
 | 1-Click Deploys                       | Ongoing     |
 | Account recovery: Backup key          | Ongoing     |
-| Access logs                           | Ongoing     |
 | Account recovery: Member-assisted     | Coming soon |
 | Slack & MS teams integrations         | Coming soon |
+| Access logs                           | Coming soon |
 | Version control for secrets           | Coming soon |
 | 2FA                                   | Coming soon |
 | Restricted IPs                        | Coming soon |

docs/getting-started/introduction.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Introduction"
-description: "What is Infisical?"
 ---
 
 Infisical is an [open-source](https://opensource.com/resources/what-open-source), [end-to-end encrypted](https://en.wikipedia.org/wiki/End-to-end_encryption) secret manager that enables teams to easily manage and sync their environment variables.
@@ -38,6 +37,6 @@ Start syncing environment variables with [Infisical Cloud](https://app.infisical
 </CardGroup>
 
 
-<Card title="Set up a 1x1 with an Infisical Engineer" iconType="duotone" color="#ca8b04" href="https://calendly.com/maidull/30min">
+<Card title="Set up a 1x1 with an Infisical Engineer" iconType="duotone" color="#ca8b04" href="https://cal.com/maidul/15min">
   Our team is happy to help you get started with Infisical. If you have any questions or want to learn how you can leverage Infisical within your infrastructure, **[set up a 1-on-1 with an Infisical engineer](https://cal.com/maidul/15min)**.
 </Card>

docs/getting-started/quickstart.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Quickstart"
-description: "Start managing your developer secrets and configs with Infisical in 10 minutes."
 ---
 
 This example demonstrates how to store and inject environment variables from [Infisical Cloud](https://app.infisical.com) into your application.

docs/integrations/cicd/githubactions.mdx

@@ -1,6 +1,5 @@
 ---
 title: "GitHub Actions"
-description: "How to automatically sync secrets from Infisical into your GitHub Actions."
 ---
 
 <Warning>

docs/integrations/cloud/flyio.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Fly.io"
-description: "How to automatically sync secrets from Infisical into your Fly.io project."
 ---
 
 Prerequisites:

docs/integrations/cloud/heroku.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Heroku"
-description: "How to automatically sync secrets from Infisical into your Heroku project."
 ---
 
 Prerequisites:

docs/integrations/cloud/netlify.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Netlify"
-description: "How to automatically sync secrets from Infisical into your Netlify project."
 ---
 
 <Warning>

docs/integrations/cloud/render.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Render"
-description: "How to automatically sync secrets from Infisical into your Render project."
 ---
 
 Prerequisites:

docs/integrations/cloud/vercel.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Vercel"
-description: "How to automatically sync secrets from Infisical into your Vercel project."
 ---
 
 Prerequisites:

docs/integrations/frameworks/django.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Django"
-description: "How to use Infisical to inject environment variables and secrets into a Django app."
 ---
 
 Prerequisites:

docs/integrations/frameworks/dotnet.mdx

@@ -1,6 +1,5 @@
 ---
 title: ".NET"
-description: "How to use Infisical to inject environment variables and secrets into a .NET app."
 ---
 
 Prerequisites:

docs/integrations/frameworks/express.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Express, Fastify, Koa"
-description: "How to use Infisical to inject environment variables and secrets into an Express app."
 ---
 
 Prerequisites:

docs/integrations/frameworks/fiber.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Fiber"
-description: "How to use Infisical to inject environment variables and secrets into a Fiber app."
 ---
 
 Prerequisites:

docs/integrations/frameworks/flask.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Flask"
-description: "How to use Infisical to inject environment variables and secrets into a Flask app."
 ---
 
 Prerequisites:

docs/integrations/frameworks/gatsby.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Gatsby"
-description: "How to use Infisical to inject environment variables and secrets into a Gatsby app."
 ---
 
 Prerequisites:

docs/integrations/frameworks/laravel.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Laravel"
-description: "How to use Infisical to inject environment variables and secrets into a Laravel app."
 ---
 
 Prerequisites:

docs/integrations/frameworks/nestjs.mdx

@@ -1,6 +1,5 @@
 ---
 title: "NestJS"
-description: "How to use Infisical to inject environment variables and secrets into a NestJS app."
 ---
 
 Prerequisites:

docs/integrations/frameworks/nextjs.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Next.js"
-description: "How to use Infisical to inject environment variables and secrets into a Next.js app."
 ---
 
 Prerequisites:

docs/integrations/frameworks/nuxt.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Nuxt"
-description: "How to use Infisical to inject environment variables and secrets into a Nuxt app."
 ---
 
 Prerequisites:

docs/integrations/frameworks/rails.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Ruby on Rails"
-description: "How to use Infisical to inject environment variables and secrets into a Ruby on Rails app."
 ---
 
 Prerequisites:

docs/integrations/frameworks/react.mdx

@@ -1,6 +1,5 @@
 ---
 title: "React"
-description: "How to use Infisical to inject environment variables and secrets into a React app."
 ---
 
 Prerequisites:

docs/integrations/frameworks/remix.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Remix"
-description: "How to use Infisical to inject environment variables and secrets into a Remix app."
 ---
 
 Prerequisites:

docs/integrations/frameworks/vite.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Vite"
-description: "How to use Infisical to inject environment variables and secrets into a Vite app."
 ---
 
 Prerequisites:

docs/integrations/frameworks/vue.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Vue"
-description: "How to use Infisical to inject environment variables and secrets into a Vue.js app."
 ---
 
 Prerequisites:

docs/integrations/overview.mdx

@@ -1,6 +1,5 @@
 ---
 title: "Overview"
-description: "How to use Infisical to inject secrets and configs into various 3-rd party services and frameworks."
 ---
 
 Integrations allow environment variables to be synced from Infisical into your local development workflow, CI/CD pipelines, and production infrastructure.
@@ -12,7 +11,6 @@ Missing an integration? Throw in a [request](https://github.com/Infisical/infisi
 | [Docker](/integrations/platforms/docker)                 | Platform  | Available   |
 | [Docker-Compose](/integrations/platforms/docker-compose) | Platform  | Available   |
 | [Kubernetes](/integrations/platforms/kubernetes)         | Platform  | Available   |
-| [PM2](/integrations/platforms/pm2)                       | Platform  | Available   |
 | [Heroku](/integrations/cloud/heroku)                     | Cloud     | Available   |
 | [Vercel](/integrations/cloud/vercel)                     | Cloud     | Available   |
 | [Netlify](/integrations/cloud/netlify)                   | Cloud     | Available   |

docs/integrations/platforms/docker-compose.mdx

@@ -1,38 +1,44 @@
 ---
 title: "Docker Compose"
-description: "How to use Infisical to inject environment variables into services defined in your Docker Compose file."
 ---
 
-Prerequisites:
+The Docker Compose integration enables you to inject environment variables from Infisical into the containers defined in your compose file.
 
-- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+## Add the CLI to your Dockerfile(s) start command
 
-## Configure the Infisical CLI for each service
+Follow the [guide to configure Infisical CLI](./docker) in your your Dockerfile first.
 
-Follow this [guide](./docker) to configure the Infisical CLI for each service that you wish to inject environment variables into; you'll have to update the Dockerfile of each service.
+## Generate Infisical Token
 
-## Generate Infisical Tokens
+In order for Infisical CLI to authenticate and retrieve your project's secrets without exposing your login credentials, you must generate a Infisical Token.
+To learn how, visit [Infisical Token](../../getting-started/dashboard/token). Once you have generated the token, keep it handy.
 
-Generate a unique [Infisical Token](https://infisical.com/docs/getting-started/dashboard/token) for each service.
+<Info>
+  If you have multiple services and they do not use the same secrets, you will
+  have to generate a Infisical Token for each service.
+</Info>
 
-## Add Infisical Tokens to your Docker Compose file
+## Tell Docker Compose your Infisical Token
 
-For each service you want to inject secrets into, set an environment variable called `INFISICAL_TOKEN` equal to a unique identifier variable.
+For each service you want to inject secrets into, set an environment variable called `INFISICAL_TOKEN` equal to a helpful identifier variable.
+This will ensure that you can set Infisical Tokens for multiple services.
 
-In the example below, we set `INFISICAL_TOKEN_FOR_WEB` and `INFISICAL_TOKEN_FOR_API` as the `INFISICAL_TOKEN` for the services.
+For the example below, we have set `INFISICAL_TOKEN_FOR_WEB` and `INFISICAL_TOKEN_FOR_API` as the `INFISICAL_TOKEN` for the corresponding service.
 
 ```yaml
 # Example Docker Compose file
 services:
   web:
     build: .
-    image: example-service-1
+    image: auledge-frontend
+    container_name: auledge-frontend
     environment:
       - INFISICAL_TOKEN=${INFISICAL_TOKEN_FOR_WEB}
 
   api:
     build: .
-    image: example-service-2
+    image: auledge-backend
+    container_name: auledge-backend
     environment:
       - INFISICAL_TOKEN=${INFISICAL_TOKEN_FOR_API}
 ```

docs/integrations/platforms/docker.mdx

@@ -1,13 +1,10 @@
 ---
 title: "Docker"
-description: "How to use Infisical to inject environment variables into a Docker container."
 ---
 
-Prerequisites:
+Infisical can be used in a Dockerfile to inject environment variables into a Docker container.
 
-- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
-
-## Add the Infisical CLI to your Dockerfile
+## Add the CLI to your Dockerfile
 
 <Tabs>
 	 <Tab title="Alpine">
@@ -34,32 +31,32 @@ Prerequisites:
    </Tab>
 </Tabs>
 
-## Modify the start command in your Dockerfile
+  ## Modify your Dockerfile start command 
 
-Starting your service with the Infisical CLI pulls your secrets from Infisical and injects them into your service.
+  To make your Docker container consume Infisical secrets, you can start your application with Infisical.
+  This will automatically pull the necessary secrets and make them available to your application as if they were natively exposed within the container.
 
-```dockerfile
-CMD ["infisical", "run", "---", "[your service start command]"]
+  ```dockerfile
+  CMD ["infisical", "run", "---", "[your application start command]"]
 
-# example with single single command
-CMD ["infisical", "run", "---", "npm run start"]
+  # example with single single command 
+  CMD ["infisical", "run", "---", "npm run start"]
 
-# example with multiple commands
-CMD ["infisical", "run", "--command", "npm run start && ..."]
-```
+  # example with multiple commands 
+  CMD ["infisical", "run", "--command" "npm run start && ..."]
+  ```
 
-## Generate an Infisical Token
-
-Head to your project settings in Infisical Cloud to generate an [Infisical Token](https://infisical.com/docs/getting-started/dashboard/token).
+  View more options for the `run` command [here](../../cli/commands/run)
 
 ## Feed Docker your Infisical Token
 
+The CLI looks out for an environment variable called `INFISICAL_TOKEN`. If the token is detected, the CLI will authenticate, retrieve, and inject the environment variables which the token is authorized for.
+
 ```bash
  docker run --env INFISICAL_TOKEN=[token]...
 ```
 
-<Info>
+## Generate an Infisical Token
 
-The Infisical CLI uses the detected `INFISICAL_TOKEN` environment variable to authenticate, retrieve, and inject the environment variables which the token is authorized for.
+[Generate an Infisical Token](../../getting-started/dashboard/token) and keep it handy.
 
-</Info>

docs/integrations/platforms/kubernetes.mdx

@@ -1,6 +1,5 @@
 ---
 title: 'Kubernetes'
-description: "This page explains how to use Infisical to inject secrets into Kubernetes clusters."
 ---
 
 The Infisical Secrets Operator is a custom Kubernetes controller that helps keep secrets in a cluster up to date by synchronizing them.