Merge branch 'main' into zomars/cal-3378-allow-to-select-hungarian-language

Author: keithwillcode

.github/workflows/semantic-pull-requests.yml

@@ -37,12 +37,3 @@ jobs:
             ```
             ${{ steps.lint_pr_title.outputs.error_message }}
             ```
-
-      # Delete a previous comment when the issue has been resolved
-      - if: ${{ steps.lint_pr_title.outputs.error_message == null }}
-        uses: marocchino/sticky-pull-request-comment@v2
-        with:
-          header: pr-title-lint-error
-          message: |
-            Thank you for following the naming conventions! 🙏 Feel free to join our [discord](https://go.cal.com/discord) and post your PR link.           
-

CONTRIBUTING.md

@@ -99,7 +99,7 @@ To develop locally:
 
    - Duplicate `.env.example` to `.env`.
    - Use `openssl rand -base64 32` to generate a key and add it under `NEXTAUTH_SECRET` in the `.env` file.
-   - Use `openssl rand -base64 24` to generate a key and add it under `CALENDSO_ENCRYPTION_KEY` in the `.env` file.
+   - Use `openssl rand -base64 32` to generate a key and add it under `CALENDSO_ENCRYPTION_KEY` in the `.env` file.
 
 6. Setup Node
    If your Node version does not meet the project's requirements as instructed by the docs, "nvm" (Node Version Manager) allows using Node at the version required by the project:

apps/api/v1/instrumentation.ts

@@ -0,0 +1,17 @@
+import * as Sentry from "@sentry/nextjs";
+
+export function register() {
+  if (process.env.NEXT_RUNTIME === "nodejs") {
+    Sentry.init({
+      dsn: process.env.NEXT_PUBLIC_SENTRY_DSN,
+      // reduce sample rate to 10% on production
+      tracesSampleRate: process.env.NODE_ENV !== "production" ? 1.0 : 0.1,
+    });
+  }
+
+  if (process.env.NEXT_RUNTIME === "edge") {
+    Sentry.init({
+      dsn: process.env.NEXT_PUBLIC_SENTRY_DSN,
+    });
+  }
+}

apps/api/v1/lib/helpers/rateLimitApiKey.test.ts

@@ -0,0 +1,90 @@
+import type { Request, Response } from "express";
+import type { NextApiResponse, NextApiRequest } from "next";
+import { createMocks } from "node-mocks-http";
+import { describe, it, expect, vi } from "vitest";
+
+import { checkRateLimitAndThrowError } from "@calcom/lib/checkRateLimitAndThrowError";
+
+import { rateLimitApiKey } from "~/lib/helpers/rateLimitApiKey";
+
+type CustomNextApiRequest = NextApiRequest & Request;
+type CustomNextApiResponse = NextApiResponse & Response;
+
+vi.mock("@calcom/lib/checkRateLimitAndThrowError", () => ({
+  checkRateLimitAndThrowError: vi.fn(),
+}));
+
+describe("rateLimitApiKey middleware", () => {
+  it("should return 401 if no apiKey is provided", async () => {
+    const { req, res } = createMocks<CustomNextApiRequest, CustomNextApiResponse>({
+      method: "GET",
+      query: {},
+    });
+
+    await rateLimitApiKey(req, res, vi.fn() as any);
+
+    expect(res._getStatusCode()).toBe(401);
+    expect(res._getJSONData()).toEqual({ message: "No apiKey provided" });
+  });
+
+  it("should call checkRateLimitAndThrowError with correct parameters", async () => {
+    const { req, res } = createMocks({
+      method: "GET",
+      query: { apiKey: "test-key" },
+    });
+
+    (checkRateLimitAndThrowError as any).mockResolvedValueOnce({
+      limit: 100,
+      remaining: 99,
+      reset: Date.now(),
+    });
+
+    // @ts-expect-error weird typing between middleware and createMocks
+    await rateLimitApiKey(req, res, vi.fn() as any);
+
+    expect(checkRateLimitAndThrowError).toHaveBeenCalledWith({
+      identifier: "test-key",
+      rateLimitingType: "api",
+      onRateLimiterResponse: expect.any(Function),
+    });
+  });
+
+  it("should set rate limit headers correctly", async () => {
+    const { req, res } = createMocks({
+      method: "GET",
+      query: { apiKey: "test-key" },
+    });
+
+    const rateLimiterResponse = {
+      limit: 100,
+      remaining: 99,
+      reset: Date.now(),
+    };
+
+    (checkRateLimitAndThrowError as any).mockImplementationOnce(({ onRateLimiterResponse }) => {
+      onRateLimiterResponse(rateLimiterResponse);
+    });
+
+    // @ts-expect-error weird typing between middleware and createMocks
+    await rateLimitApiKey(req, res, vi.fn() as any);
+
+    expect(res.getHeader("X-RateLimit-Limit")).toBe(rateLimiterResponse.limit);
+    expect(res.getHeader("X-RateLimit-Remaining")).toBe(rateLimiterResponse.remaining);
+    expect(res.getHeader("X-RateLimit-Reset")).toBe(rateLimiterResponse.reset);
+  });
+
+  it("should return 429 if rate limit is exceeded", async () => {
+    const { req, res } = createMocks({
+      method: "GET",
+      query: { apiKey: "test-key" },
+    });
+
+    (checkRateLimitAndThrowError as any).mockRejectedValue(new Error("Rate limit exceeded"));
+
+    // @ts-expect-error weird typing between middleware and createMocks
+    await rateLimitApiKey(req, res, vi.fn() as any);
+
+    expect(res._getStatusCode()).toBe(429);
+    expect(res._getJSONData()).toEqual({ message: "Rate limit exceeded" });
+  });
+});

apps/api/v1/lib/helpers/rateLimitApiKey.ts

@@ -6,15 +6,19 @@ export const rateLimitApiKey: NextMiddleware = async (req, res, next) => {
   if (!req.query.apiKey) return res.status(401).json({ message: "No apiKey provided" });
 
   // TODO: Add a way to add trusted api keys
-  await checkRateLimitAndThrowError({
-    identifier: req.query.apiKey as string,
-    rateLimitingType: "api",
-    onRateLimiterResponse: (response) => {
-      res.setHeader("X-RateLimit-Limit", response.limit);
-      res.setHeader("X-RateLimit-Remaining", response.remaining);
-      res.setHeader("X-RateLimit-Reset", response.reset);
-    },
-  });
+  try {
+    await checkRateLimitAndThrowError({
+      identifier: req.query.apiKey as string,
+      rateLimitingType: "api",
+      onRateLimiterResponse: (response) => {
+        res.setHeader("X-RateLimit-Limit", response.limit);
+        res.setHeader("X-RateLimit-Remaining", response.remaining);
+        res.setHeader("X-RateLimit-Reset", response.reset);
+      },
+    });
+  } catch (error) {
+    res.status(429).json({ message: "Rate limit exceeded" });
+  }
 
   await next();
 };

apps/api/v1/lib/validations/shared/queryIdTransformParseInt.ts

@@ -14,3 +14,7 @@ export const withValidQueryIdTransformParseInt = withValidation({
   type: "Zod",
   mode: "query",
 });
+
+export const getTranscriptFromRecordingId = schemaQueryIdParseInt.extend({
+  recordingId: z.string(),
+});

apps/api/v1/next.config.js

@@ -2,7 +2,12 @@ const { withAxiom } = require("next-axiom");
 const { withSentryConfig } = require("@sentry/nextjs");
 
 const plugins = [withAxiom];
+
+/** @type {import("next").NextConfig} */
 const nextConfig = {
+  experimental: {
+    instrumentationHook: true,
+  },
   transpilePackages: [
     "@calcom/app-store",
     "@calcom/core",
@@ -87,12 +92,12 @@ const nextConfig = {
 };
 
 if (!!process.env.NEXT_PUBLIC_SENTRY_DSN) {
-  nextConfig["sentry"] = {
-    autoInstrumentServerFunctions: true,
-    hideSourceMaps: true,
-  };
-
-  plugins.push(withSentryConfig);
+  plugins.push((nextConfig) =>
+    withSentryConfig(nextConfig, {
+      autoInstrumentServerFunctions: true,
+      hideSourceMaps: true,
+    })
+  );
 }
 
 module.exports = () => plugins.reduce((acc, next) => next(acc), nextConfig);

apps/api/v1/package.json

@@ -30,7 +30,7 @@
     "@calcom/lib": "*",
     "@calcom/prisma": "*",
     "@calcom/trpc": "*",
-    "@sentry/nextjs": "^7.73.0",
+    "@sentry/nextjs": "^8.8.0",
     "bcryptjs": "^2.4.3",
     "memory-cache": "^0.2.0",
     "next": "^13.5.4",

apps/api/v1/pages/api/bookings/[id]/transcripts/[recordingId]/_get.ts

@@ -0,0 +1,94 @@
+import type { NextApiRequest } from "next";
+
+import {
+  getTranscriptsAccessLinkFromRecordingId,
+  checkIfRoomNameMatchesInRecording,
+} from "@calcom/core/videoClient";
+import { HttpError } from "@calcom/lib/http-error";
+import { defaultResponder } from "@calcom/lib/server";
+import prisma from "@calcom/prisma";
+import type { PartialReference } from "@calcom/types/EventManager";
+
+import { getTranscriptFromRecordingId } from "~/lib/validations/shared/queryIdTransformParseInt";
+
+/**
+ * @swagger
+ * /bookings/{id}/transcripts/{recordingId}:
+ *   get:
+ *     summary: Find all Cal video transcripts of that recording
+ *     operationId: getTranscriptsByRecordingId
+ *     parameters:
+ *       - in: path
+ *         name: id
+ *         schema:
+ *           type: integer
+ *         required: true
+ *         description: ID of the booking for which transcripts need to be fetched.
+ *       - in: path
+ *         name: recordingId
+ *         schema:
+ *           type: string
+ *         required: true
+ *         description: ID of the recording(daily.co recording id) for which transcripts need to be fetched.
+ *       - in: query
+ *         name: apiKey
+ *         required: true
+ *         schema:
+ *           type: string
+ *         description: Your API key
+ *     tags:
+ *     - bookings
+ *     responses:
+ *       200:
+ *         description: OK
+ *         content:
+ *           application/json:
+ *       401:
+ *         description: Authorization information is missing or invalid.
+ *       404:
+ *         description: Booking was not found
+ */
+
+export async function getHandler(req: NextApiRequest) {
+  const { query } = req;
+  const { id, recordingId } = getTranscriptFromRecordingId.parse(query);
+
+  await checkIfRecordingBelongsToBooking(id, recordingId);
+
+  const transcriptsAccessLinks = await getTranscriptsAccessLinkFromRecordingId(recordingId);
+
+  return transcriptsAccessLinks;
+}
+
+const checkIfRecordingBelongsToBooking = async (bookingId: number, recordingId: string) => {
+  const booking = await prisma.booking.findUnique({
+    where: { id: bookingId },
+    include: { references: true },
+  });
+
+  if (!booking)
+    throw new HttpError({
+      statusCode: 404,
+      message: `No Booking found with booking id ${bookingId}`,
+    });
+
+  const roomName =
+    booking?.references?.find((reference: PartialReference) => reference.type === "daily_video")?.meetingId ??
+    undefined;
+
+  if (!roomName)
+    throw new HttpError({
+      statusCode: 404,
+      message: `No Booking Reference with Daily Video found with booking id ${bookingId}`,
+    });
+
+  const canUserAccessRecordingId = await checkIfRoomNameMatchesInRecording(roomName, recordingId);
+  if (!canUserAccessRecordingId) {
+    throw new HttpError({
+      statusCode: 403,
+      message: `This Recording Id ${recordingId} does not belong to booking ${bookingId}`,
+    });
+  }
+};
+
+export default defaultResponder(getHandler);

apps/api/v1/pages/api/bookings/[id]/transcripts/[recordingId]/index.ts

@@ -0,0 +1,16 @@
+import type { NextApiRequest, NextApiResponse } from "next";
+
+import { defaultHandler, defaultResponder } from "@calcom/lib/server";
+
+import { withMiddleware } from "~/lib/helpers/withMiddleware";
+
+import authMiddleware from "../../_auth-middleware";
+
+export default withMiddleware()(
+  defaultResponder(async (req: NextApiRequest, res: NextApiResponse) => {
+    await authMiddleware(req);
+    return defaultHandler({
+      GET: import("./_get"),
+    })(req, res);
+  })
+);

apps/api/v1/pages/api/me/_get.ts

@@ -7,7 +7,12 @@ import { schemaUserReadPublic } from "~/lib/validations/user";
 
 async function handler({ userId }: NextApiRequest) {
   const data = await prisma.user.findUniqueOrThrow({ where: { id: userId } });
-  return { user: schemaUserReadPublic.parse(data) };
+  return {
+    user: schemaUserReadPublic.parse({
+      ...data,
+      avatar: data.avatarUrl,
+    }),
+  };
 }
 
 export default defaultResponder(handler);

apps/api/v1/pages/api/users/[userId]/_get.ts

@@ -45,7 +45,10 @@ export async function getHandler(req: NextApiRequest) {
   if (!isSystemWideAdmin && query.userId !== req.userId)
     throw new HttpError({ statusCode: 403, message: "Forbidden" });
   const data = await prisma.user.findUnique({ where: { id: query.userId } });
-  const user = schemaUserReadPublic.parse(data);
+  const user = schemaUserReadPublic.parse({
+    ...data,
+    avatar: data?.avatarUrl,
+  });
   return { user };
 }
 

apps/api/v1/pages/api/users/[userId]/_patch.ts

@@ -2,7 +2,9 @@ import type { NextApiRequest } from "next";
 
 import { HttpError } from "@calcom/lib/http-error";
 import { defaultResponder } from "@calcom/lib/server";
+import { uploadAvatar } from "@calcom/lib/server/avatar";
 import prisma from "@calcom/prisma";
+import type { Prisma } from "@calcom/prisma/client";
 
 import { schemaQueryUserId } from "~/lib/validations/shared/queryUserId";
 import { schemaUserEditBodyParams, schemaUserReadPublic } from "~/lib/validations/user";
@@ -101,7 +103,8 @@ export async function patchHandler(req: NextApiRequest) {
   if (!isSystemWideAdmin && query.userId !== req.userId)
     throw new HttpError({ statusCode: 403, message: "Forbidden" });
 
-  const body = await schemaUserEditBodyParams.parseAsync(req.body);
+  const { avatar, ...body }: { avatar?: string | undefined } & Prisma.UserUpdateInput =
+    await schemaUserEditBodyParams.parseAsync(req.body);
   // disable role or branding changes unless admin.
   if (!isSystemWideAdmin) {
     if (body.role) body.role = undefined;
@@ -119,6 +122,14 @@ export async function patchHandler(req: NextApiRequest) {
       message: "Bad request: Invalid default schedule id",
     });
   }
+
+  if (avatar) {
+    body.avatarUrl = await uploadAvatar({
+      userId: query.userId,
+      avatar: await (await import("@calcom/lib/server/resizeBase64Image")).resizeBase64Image(avatar),
+    });
+  }
+
   const data = await prisma.user.update({
     where: { id: query.userId },
     data: body,