Merge branch 'main' into fix_skiped_e2e

.env.example

@@ -107,6 +107,15 @@ NEXT_PUBLIC_POSTHOG_KEY=
 
 NEXT_PUBLIC_POSTHOG_HOST=
 
+# plain.com config
+
+PLAIN_API_KEY=
+PLAIN_API_URL=https://api.plain.com/v1
+PLAIN_HMAC_SECRET_KEY=
+PLAIN_CHAT_ID=
+PLAIN_CHAT_HMAC_SECRET_KEY=
+NEXT_PUBLIC_PLAIN_CHAT_EXCLUDED_PATHS=
+
 # Zendesk Config
 NEXT_PUBLIC_ZENDESK_KEY=
 
@@ -119,7 +128,7 @@ NEXT_PUBLIC_FRESHCHAT_HOST=
 
 # Google OAuth credentials
 # To enable Login with Google you need to:
-# 1. Set `GOOGLE_API_CREDENTIALS` above
+# 1. Set `GOOGLE_API_CREDENTIALS` below
 # 2. Set `GOOGLE_LOGIN_ENABLED` to `true`
 # When self-hosting please ensure you configure the Google integration as an Internal app so no one else can login to your instance
 # @see https://support.google.com/cloud/answer/6158849#public-and-internal&zippy=%2Cpublic-and-internal-applications
@@ -239,7 +248,8 @@ CLOUDFLARE_TURNSTILE_SECRET=
 NEXT_PUBLIC_TEAM_IMPERSONATION=false
 
 # Close.com internal CRM
-CLOSECOM_API_KEY=
+CLOSECOM_CLIENT_ID=
+CLOSECOM_CLIENT_SECRET=
 
 # Sendgrid internal sync service
 SENDGRID_SYNC_API_KEY=
@@ -347,24 +357,15 @@ E2E_TEST_OIDC_USER_PASSWORD=
 AB_TEST_BUCKET_PROBABILITY=50
 # whether we redirect to the future/event-types from event-types or not
 APP_ROUTER_EVENT_TYPES_ENABLED=0
-APP_ROUTER_SETTINGS_DEVELOPER_ENABLED=0
 APP_ROUTER_APPS_INSTALLED_CATEGORY_ENABLED=0
 APP_ROUTER_APPS_SLUG_ENABLED=0
 APP_ROUTER_APPS_SLUG_SETUP_ENABLED=0
 # whether we redirect to the future/apps/categories from /apps/categories or not
 APP_ROUTER_APPS_CATEGORIES_ENABLED=0
 # whether we redirect to the future/apps/categories/[category] from /apps/categories/[category] or not
 APP_ROUTER_APPS_CATEGORIES_CATEGORY_ENABLED=0
-APP_ROUTER_BOOKING_ENABLED=0
-APP_ROUTER_BOOKINGS_STATUS_ENABLED=0
-APP_ROUTER_WORKFLOWS_ENABLED=0
-APP_ROUTER_SETTINGS_TEAMS_ENABLED=0
-APP_ROUTER_GETTING_STARTED_STEP_ENABLED=0
 APP_ROUTER_APPS_ENABLED=0
-APP_ROUTER_VIDEO_ENABLED=0
 APP_ROUTER_TEAM_ENABLED=0
-APP_ROUTER_TEAMS_ENABLED=0
-APP_ROUTER_AVAILABILITY_ENABLED=0
 APP_ROUTER_AUTH_FORGOT_PASSWORD_ENABLED=0
 APP_ROUTER_AUTH_LOGIN_ENABLED=0
 APP_ROUTER_AUTH_LOGOUT_ENABLED=0
@@ -373,10 +374,6 @@ APP_ROUTER_AUTH_SAML_ENABLED=0
 APP_ROUTER_AUTH_ERROR_ENABLED=0
 APP_ROUTER_AUTH_PLATFORM_ENABLED=0
 APP_ROUTER_AUTH_OAUTH2_ENABLED=0
-APP_ROUTER_MORE_ENABLED=0
-APP_ROUTER_MAINTENANCE_ENABLED=0
-APP_ROUTER_UPGRADE_ENABLED=0
-APP_ROUTER_CONNECT_AND_JOIN_ENABLED=0
 
 # disable setry server source maps
 SENTRY_DISABLE_SERVER_WEBPACK_PLUGIN=1
@@ -416,3 +413,6 @@ NEXT_PUBLIC_LOGGER_LEVEL=
 
 # Used to use Replexica SDK, a tool for real-time AI-powered localization
 REPLEXICA_API_KEY=
+
+# Comma-separated list of DSyncData.directoryId to log SCIM API requests for. It can be enabled temporarily for debugging the requests being sent to SCIM server.
+DIRECTORY_IDS_TO_LOG=

.github/CODEOWNERS

@@ -0,0 +1,11 @@
+/packages/app-store/applecalendar/**/* @calcom/Foundation
+/packages/app-store/caldavcalendar/**/* @calcom/Foundation
+/packages/app-store/exchange2013calendar/**/* @calcom/Foundation
+/packages/app-store/exchange2016calendar/**/* @calcom/Foundation
+/packages/app-store/exchangecalendar/**/* @calcom/Foundation
+/packages/app-store/feishucalendar/**/* @calcom/Foundation
+/packages/app-store/googlecalendar/**/* @calcom/Foundation
+/packages/app-store/ics-feedcalendar/**/* @calcom/Foundation
+/packages/app-store/larkcalendar/**/* @calcom/Foundation
+/packages/app-store/office365calendar/**/* @calcom/Foundation
+/packages/app-store/zohocalendar/**/* @calcom/Foundation

.github/workflows/e2e-api-v2.yml

@@ -17,6 +17,7 @@ env:
   NEXTAUTH_URL: ${{ secrets.CI_NEXTAUTH_URL }}
   NODE_OPTIONS: --max-old-space-size=29000
   REDIS_URL: "redis://localhost:6379"
+  REPLEXICA_API_KEY: ${{ secrets.CI_REPLEXICA_API_KEY }}
   STRIPE_PRIVATE_KEY: ${{ secrets.CI_STRIPE_PRIVATE_KEY }}
   STRIPE_API_KEY: ${{ secrets.CI_STRIPE_PRIVATE_KEY }}
   STRIPE_CLIENT_ID: ${{ secrets.CI_STRIPE_CLIENT_ID }}

.github/workflows/nextjs-bundle-analysis.yml

@@ -17,7 +17,6 @@ env:
   DAILY_API_KEY: ${{ secrets.CI_DAILY_API_KEY }}
   DATABASE_URL: ${{ secrets.CI_DATABASE_URL }}
   DATABASE_DIRECT_URL: ${{ secrets.CI_DATABASE_URL }}
-  DEPLOYSENTINEL_API_KEY: ${{ secrets.DEPLOYSENTINEL_API_KEY }}
   E2E_TEST_APPLE_CALENDAR_EMAIL: ${{ secrets.E2E_TEST_APPLE_CALENDAR_EMAIL }}
   E2E_TEST_APPLE_CALENDAR_PASSWORD: ${{ secrets.E2E_TEST_APPLE_CALENDAR_PASSWORD }}
   E2E_TEST_MAILHOG_ENABLED: ${{ vars.E2E_TEST_MAILHOG_ENABLED }}
@@ -51,7 +50,8 @@ env:
 jobs:
   analyze:
     if: always()
-    runs-on: buildjet-2vcpu-ubuntu-2204
+    runs-on: buildjet-4vcpu-ubuntu-2204
+    timeout-minutes: 30
     steps:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/dangerous-git-checkout
@@ -60,6 +60,7 @@ jobs:
       - name: Analyze bundle
         run: |
           cd apps/web
+          export NODE_OPTIONS="--max_old_space_size=8192"
           npx -p [email protected] report
 
       - name: Upload bundle

.github/workflows/on-changes-requested.yml

@@ -15,7 +15,7 @@ jobs:
             printf '{
               "pr_number": ${{ github.event.pull_request.number }}
             }' >> context.json
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: context.json
           path: ./

.github/workflows/unit-tests.yml

@@ -1,6 +1,8 @@
 name: Unit
 on:
   workflow_call:
+env:
+  REPLEXICA_API_KEY: ${{ secrets.CI_REPLEXICA_API_KEY }}
 permissions:
   contents: read
 jobs:

.yarn/versions/0f63a127.yml

@@ -0,0 +1,8 @@
+undecided:
+  - calcom-monorepo
+  - "@calcom/app-store-cli"
+  - "@calcom/platform-constants"
+  - "@calcom/platform-enums"
+  - "@calcom/platform-types"
+  - "@calcom/platform-utils"
+  - "@calcom/prisma"

.yarn/versions/2e3d771e.yml

@@ -0,0 +1,8 @@
+undecided:
+  - calcom-monorepo
+  - "@calcom/app-store-cli"
+  - "@calcom/platform-constants"
+  - "@calcom/platform-enums"
+  - "@calcom/platform-types"
+  - "@calcom/platform-utils"
+  - "@calcom/prisma"

.yarn/versions/306bf815.yml

@@ -0,0 +1,8 @@
+undecided:
+  - calcom-monorepo
+  - "@calcom/app-store-cli"
+  - "@calcom/platform-constants"
+  - "@calcom/platform-enums"
+  - "@calcom/platform-types"
+  - "@calcom/platform-utils"
+  - "@calcom/prisma"

.yarn/versions/4a56dcaa.yml

@@ -0,0 +1,8 @@
+undecided:
+  - calcom-monorepo
+  - "@calcom/app-store-cli"
+  - "@calcom/platform-constants"
+  - "@calcom/platform-enums"
+  - "@calcom/platform-types"
+  - "@calcom/platform-utils"
+  - "@calcom/prisma"

.yarn/versions/52e3b28d.yml

@@ -0,0 +1,8 @@
+undecided:
+  - calcom-monorepo
+  - "@calcom/app-store-cli"
+  - "@calcom/platform-constants"
+  - "@calcom/platform-enums"
+  - "@calcom/platform-types"
+  - "@calcom/platform-utils"
+  - "@calcom/prisma"

.yarn/versions/74098419.yml

@@ -0,0 +1,2 @@
+undecided:
+  - "@calcom/prisma"

.yarn/versions/94d54193.yml

@@ -0,0 +1,7 @@
+undecided:
+  - "@calcom/app-store-cli"
+  - "@calcom/platform-constants"
+  - "@calcom/platform-enums"
+  - "@calcom/platform-types"
+  - "@calcom/platform-utils"
+  - "@calcom/prisma"

.yarn/versions/a33020ce.yml

@@ -0,0 +1,2 @@
+undecided:
+  - "@calcom/prisma"

.yarn/versions/aa332bc0.yml

@@ -0,0 +1,2 @@
+undecided:
+  - calcom-monorepo

.yarn/versions/aecb4352.yml

@@ -0,0 +1,2 @@
+undecided:
+  - "@calcom/prisma"

.yarn/versions/c92a78d0.yml

@@ -0,0 +1,2 @@
+undecided:
+  - calcom-monorepo

.yarn/versions/cceb2606.yml

@@ -0,0 +1,8 @@
+undecided:
+  - calcom-monorepo
+  - "@calcom/app-store-cli"
+  - "@calcom/platform-constants"
+  - "@calcom/platform-enums"
+  - "@calcom/platform-types"
+  - "@calcom/platform-utils"
+  - "@calcom/prisma"

.yarn/versions/e376493f.yml

@@ -0,0 +1,8 @@
+undecided:
+  - calcom-monorepo
+  - "@calcom/app-store-cli"
+  - "@calcom/platform-constants"
+  - "@calcom/platform-enums"
+  - "@calcom/platform-types"
+  - "@calcom/platform-utils"
+  - "@calcom/prisma"

.yarn/versions/ef07ed23.yml

@@ -0,0 +1,8 @@
+undecided:
+  - calcom-monorepo
+  - "@calcom/app-store-cli"
+  - "@calcom/platform-constants"
+  - "@calcom/platform-enums"
+  - "@calcom/platform-types"
+  - "@calcom/platform-utils"
+  - "@calcom/prisma"

apps/api/v1/lib/helpers/rateLimitApiKey.test.ts

@@ -61,6 +61,8 @@ describe("rateLimitApiKey middleware", () => {
       reset: Date.now(),
     };
 
+    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+    // @ts-ignore
     (checkRateLimitAndThrowError as any).mockImplementationOnce(({ onRateLimiterResponse }) => {
       onRateLimiterResponse(rateLimiterResponse);
     });

apps/api/v1/lib/helpers/verifyApiKey.ts

@@ -6,6 +6,7 @@ import { IS_PRODUCTION } from "@calcom/lib/constants";
 import prisma from "@calcom/prisma";
 
 import { isAdminGuard } from "../utils/isAdmin";
+import { isLockedOrBlocked } from "../utils/isLockedOrBlocked";
 import { ScopeOfAdmin } from "../utils/scopeOfAdmin";
 
 // Used to check if the apiKey is not expired, could be extracted if reused. but not for now.
@@ -24,23 +25,35 @@ export const verifyApiKey: NextMiddleware = async (req, res, next) => {
   if (!hasValidLicense && IS_PRODUCTION) {
     return res.status(401).json({ error: "Invalid or missing CALCOM_LICENSE_KEY environment variable" });
   }
-  // Check if the apiKey query param is provided.
+
   if (!req.query.apiKey) return res.status(401).json({ message: "No apiKey provided" });
-  // remove the prefix from the user provided api_key. If no env set default to "cal_"
+
   const strippedApiKey = `${req.query.apiKey}`.replace(process.env.API_KEY_PREFIX || "cal_", "");
-  // Hash the key again before matching against the database records.
   const hashedKey = hashAPIKey(strippedApiKey);
-  // Check if the hashed api key exists in database.
-  const apiKey = await prisma.apiKey.findUnique({ where: { hashedKey } });
-  // If cannot find any api key. Throw a 401 Unauthorized.
-  if (!apiKey) return res.status(401).json({ error: "Your apiKey is not valid" });
+  const apiKey = await prisma.apiKey.findUnique({
+    where: { hashedKey },
+    include: {
+      user: {
+        select: { role: true, locked: true, email: true },
+      },
+    },
+  });
+  if (!apiKey) return res.status(401).json({ error: "Your API key is not valid." });
   if (apiKey.expiresAt && dateNotInPast(apiKey.expiresAt)) {
-    return res.status(401).json({ error: "This apiKey is expired" });
+    return res.status(401).json({ error: "This API key is expired." });
   }
-  if (!apiKey.userId) return res.status(404).json({ error: "No user found for this apiKey" });
+  if (!apiKey.userId || !apiKey.user)
+    return res.status(404).json({ error: "No user found for this API key." });
+
   // save the user id in the request for later use
   req.userId = apiKey.userId;
+  req.user = apiKey.user;
+
   const { isAdmin, scope } = await isAdminGuard(req);
+  const userIsLockedOrBlocked = await isLockedOrBlocked(req);
+
+  if (userIsLockedOrBlocked)
+    return res.status(403).json({ error: "You are not authorized to perform this request." });
 
   req.isSystemWideAdmin = isAdmin && scope === ScopeOfAdmin.SystemWide;
   req.isOrganizationOwnerOrAdmin = isAdmin && scope === ScopeOfAdmin.OrgOwnerOrAdmin;

apps/api/v1/lib/utils/isAdmin.ts

@@ -6,8 +6,7 @@ import { UserPermissionRole, MembershipRole } from "@calcom/prisma/enums";
 import { ScopeOfAdmin } from "./scopeOfAdmin";
 
 export const isAdminGuard = async (req: NextApiRequest) => {
-  const { userId } = req;
-  const user = await prisma.user.findUnique({ where: { id: userId }, select: { role: true } });
+  const { user, userId } = req;
   if (!user) return { isAdmin: false, scope: null };
 
   const { role: userRole } = user;
@@ -34,7 +33,7 @@ export const isAdminGuard = async (req: NextApiRequest) => {
       },
     },
   });
-  if (!orgOwnerOrAdminMemberships.length) return { isAdmin: false, scope: null };
+  if (orgOwnerOrAdminMemberships.length > 0) return { isAdmin: true, scope: ScopeOfAdmin.OrgOwnerOrAdmin };
 
-  return { isAdmin: true, scope: ScopeOfAdmin.OrgOwnerOrAdmin };
+  return { isAdmin: false, scope: null };
 };

apps/api/v1/lib/utils/isLockedOrBlocked.ts

@@ -0,0 +1,9 @@
+import type { NextApiRequest } from "next";
+
+import { checkIfEmailIsBlockedInWatchlistController } from "@calcom/features/watchlist/operations/check-if-email-in-watchlist.controller";
+
+export async function isLockedOrBlocked(req: NextApiRequest) {
+  const user = req.user;
+  if (!user?.email) return false;
+  return user.locked || (await checkIfEmailIsBlockedInWatchlistController(user.email));
+}

apps/api/v1/lib/validations/booking.ts

@@ -23,6 +23,7 @@ const schemaBookingBaseBodyParams = Booking.pick({
   status: true,
   rescheduledBy: true,
   cancelledBy: true,
+  createdAt: true,
 }).partial();
 
 export const schemaBookingCreateBodyParams = extendedBookingCreateBody.merge(schemaQueryUserId.partial());
@@ -119,4 +120,5 @@ export const schemaBookingReadPublic = Booking.extend({
   fromReschedule: true,
   cancelledBy: true,
   rescheduledBy: true,
+  createdAt: true,
 });

apps/api/v1/lib/validations/selected-calendar.ts

@@ -9,11 +9,25 @@ export const schemaSelectedCalendarBaseBodyParams = SelectedCalendar;
 
 export const schemaSelectedCalendarPublic = SelectedCalendar.omit({});
 
-export const schemaSelectedCalendarBodyParams = schemaSelectedCalendarBaseBodyParams.partial({
-  userId: true,
-});
+export const schemaSelectedCalendarBodyParams = schemaSelectedCalendarBaseBodyParams
+  .partial({
+    userId: true,
+  })
+  .omit({
+    // id will be set by the database
+    id: true,
+    // No eventTypeId support in API v1
+    eventTypeId: true,
+  });
 
-export const schemaSelectedCalendarUpdateBodyParams = schemaSelectedCalendarBaseBodyParams.partial();
+export const schemaSelectedCalendarUpdateBodyParams = schemaSelectedCalendarBaseBodyParams
+  .omit({
+    // id is decided by DB
+    id: true,
+    // No eventTypeId support in API v1
+    eventTypeId: true,
+  })
+  .partial();
 
 export const selectedCalendarIdSchema = schemaQueryIdAsString.transform((v, ctx) => {
   /** We can assume the first part is the userId since it's an integer */

apps/api/v1/next.d.ts

@@ -8,6 +8,7 @@ export declare module "next" {
     session?: Session | null;
 
     userId: number;
+    user?: { role: string; locked: boolean; email: string } | null;
     method: string;
     // session: { user: { id: number } };
     // query: Partial<{ [key: string]: string | string[] }>;

apps/api/v1/package.json

@@ -14,7 +14,8 @@
     "lint:fix": "eslint . --ext .ts,.js,.tsx,.jsx --fix",
     "start": "PORT=3003 next start",
     "docker-start-api": "PORT=80 next start",
-    "type-check": "tsc --pretty --noEmit"
+    "type-check": "tsc --pretty --noEmit",
+    "type-check:ci": "tsc-absolute --pretty --noEmit"
   },
   "devDependencies": {
     "@calcom/tsconfig": "*",