Merge branch 'dev' into main

Author: gustavotoyota

apps/app-server/src/trpc/api/groups/privacy/index.ts

@@ -1,7 +1,9 @@
 import { trpc } from 'src/trpc/server';
 
 import { makePublicProcedure } from './make-public';
+import { setJoinRequestsAllowedProcedure } from './set-join-requests-allowed';
 
 export const privacyRouter = trpc.router({
   makePublic: makePublicProcedure(),
+  setJoinRequestsAllowed: setJoinRequestsAllowedProcedure(),
 });

apps/app-server/src/trpc/api/groups/privacy/set-join-requests-allowed.ts

@@ -0,0 +1,51 @@
+import { isNanoID } from '@stdlib/misc';
+import { checkRedlockSignalAborted } from '@stdlib/redlock';
+import { once } from 'lodash';
+import type { InferProcedureOpts } from 'src/trpc/helpers';
+import { authProcedure } from 'src/trpc/helpers';
+import { z } from 'zod';
+
+const baseProcedure = authProcedure.input(
+  z.object({
+    groupId: z.string().refine(isNanoID),
+
+    areJoinRequestsAllowed: z.boolean(),
+  }),
+);
+
+export const setJoinRequestsAllowedProcedure = once(() =>
+  baseProcedure.mutation(setJoinRequestsAllowed),
+);
+
+export async function setJoinRequestsAllowed({
+  ctx,
+  input,
+}: InferProcedureOpts<typeof baseProcedure>) {
+  return await ctx.usingLocks(
+    [[`user-lock:${ctx.userId}`], [`group-lock:${input.groupId}`]],
+    async (signals) => {
+      return await ctx.dataAbstraction.transaction(async (dtrx) => {
+        // Assert agent is subscribed
+
+        await ctx.assertUserSubscribed({ userId: ctx.userId });
+
+        // Check if user has sufficient permissions
+
+        await ctx.assertSufficientGroupPermissions({
+          userId: ctx.userId,
+          groupId: input.groupId,
+          permission: 'editGroupSettings',
+        });
+
+        await ctx.dataAbstraction.hmset(
+          'group',
+          input.groupId,
+          { 'are-join-requests-allowed': input.areJoinRequestsAllowed },
+          { dtrx },
+        );
+
+        checkRedlockSignalAborted(signals);
+      });
+    },
+  );
+}

apps/app-server/src/websocket/groups/change-user-role.ts

@@ -39,7 +39,9 @@ export function registerGroupsChangeUserRole(
       await ctx.usingLocks(
         [
           [`user-lock:${ctx.userId}`],
-          [`user-lock:${input.patientId}`],
+          ...(input.patientId !== ctx.userId
+            ? [[`user-lock:${input.patientId}`]]
+            : []),
           [`group-lock:${input.groupId}`],
         ],
         performCommunication,

apps/app-server/src/websocket/groups/join-requests/send.ts

@@ -55,7 +55,17 @@ export async function sendStep1({
 
     await ctx.assertUserSubscribed({ userId: ctx.userId });
 
-    const [groupJoinRequestRejected, groupMemberRole] = await Promise.all([
+    const [
+      groupAreJoinRequestsAllowed,
+      groupJoinRequestRejected,
+      groupMemberRole,
+    ] = await Promise.all([
+      ctx.dataAbstraction.hget(
+        'group',
+        input.groupId,
+        'are-join-requests-allowed',
+      ),
+
       ctx.dataAbstraction.hget(
         'group-join-request',
         `${input.groupId}:${ctx.userId}`,
@@ -69,6 +79,15 @@ export async function sendStep1({
       ),
     ]);
 
+    // Check if group allows join requests
+
+    if (!groupAreJoinRequestsAllowed) {
+      throw new TRPCError({
+        code: 'FORBIDDEN',
+        message: 'This group does not allow join requests.',
+      });
+    }
+
     // Check if user has been rejected from the group
 
     if (groupJoinRequestRejected) {

apps/app-server/src/websocket/groups/remove-user.ts

@@ -36,7 +36,9 @@ export function registerGroupsRemoveUser(fastify: ReturnType<typeof Fastify>) {
       await ctx.usingLocks(
         [
           [`user-lock:${ctx.userId}`],
-          [`user-lock:${input.patientId}`],
+          ...(input.patientId !== ctx.userId
+            ? [[`user-lock:${input.patientId}`]]
+            : []),
           [`group-lock:${input.groupId}`],
         ],
         performCommunication,

apps/client/components.d.ts

@@ -9,11 +9,13 @@ declare module '@vue/runtime-core' {
   export interface GlobalComponents {
     BillingFrequencyToggle: typeof import('./src/components/BillingFrequencyToggle.vue')['default']
     Checkbox: typeof import('./src/components/Checkbox.vue')['default']
+    Checklist: typeof import('./src/components/Checklist.vue')['default']
     ColorPalette: typeof import('./src/components/ColorPalette.vue')['default']
     ColorSquare: typeof import('./src/components/ColorSquare.vue')['default']
     Combobox: typeof import('./src/components/Combobox.vue')['default']
     CopyBtn: typeof import('./src/components/CopyBtn.vue')['default']
     CustomDialog: typeof import('./src/components/CustomDialog.vue')['default']
+    CustomInfiniteScroll: typeof import('./src/components/CustomInfiniteScroll.vue')['default']
     DeepBtn: typeof import('./src/components/DeepBtn.vue')['default']
     DeepBtnDropdown: typeof import('./src/components/DeepBtnDropdown.vue')['default']
     DisplayBtn: typeof import('./src/components/DisplayBtn.vue')['default']
@@ -26,6 +28,7 @@ declare module '@vue/runtime-core' {
     MiniSidebarBtn: typeof import('./src/components/MiniSidebarBtn.vue')['default']
     PageItem: typeof import('./src/components/PageItem.vue')['default']
     PageItemContent: typeof import('./src/components/PageItemContent.vue')['default']
+    PassthroughComponent: typeof import('./src/components/PassthroughComponent.vue')['default']
     PasswordField: typeof import('./src/components/PasswordField.vue')['default']
     QMenuHover: typeof import('./src/components/QMenuHover.vue')['default']
     Radio: typeof import('./src/components/Radio.vue')['default']

apps/client/package.json

@@ -2,7 +2,7 @@
   "name": "@deepnotes/client",
   "description": "DeepNotes",
   "homepage": "https://deepnotes.app",
-  "version": "1.0.13",
+  "version": "1.0.14",
   "author": "Gustavo Toyota <[email protected]>",
   "dependencies": {
     "@_ueberdosis/prosemirror-tables": "~1.1.3",

apps/client/quasar.config.js

@@ -62,7 +62,10 @@ module.exports = configure(function (ctx) {
       { path: 'sodium.universal' },
       { path: 'i18n.universal' },
       { path: 'vue.universal' },
-      { path: 'disable-cache.universal' },
+
+      { path: 'http-headers/disable-cache.universal' },
+      { path: 'http-headers/x-frame-options.universal' },
+      { path: 'http-headers/referrer-policy.universal' },
 
       { path: 'array-at-polyfill.client', server: false },
       { path: 'logger.client', server: false },

apps/client/src/boot/disable-cache.universal.ts renamed to apps/client/src/boot/http-headers/disable-cache.universal.ts

@@ -0,0 +1,5 @@
+import { boot } from 'quasar/wrappers';
+
+export default boot(async ({ ssrContext }) => {
+  ssrContext?.res.setHeader('Referrer-Policy', 'no-referrer');
+});