Merge branch 'main' into ldap-group-support

Author: hardillb

forge/auditLog/platform.js

@@ -56,6 +56,9 @@ module.exports = {
                     ['users', 'teams', 'projects', 'devices'].includes(resource) || (resource = resource || 'unknown')
                     const info = { resource, count, limit }
                     await log('platform.license.overage', actionedBy, generateBody({ error, info }))
+                },
+                async expired (actionedBy, error, license) {
+                    await log('platform.license.expired', actionedBy, generateBody({ error, license }))
                 }
             },
             team: {

forge/comms/authRoutes.js

@@ -23,6 +23,10 @@ module.exports = async function (app) {
             }
         }
     }, async (request, response) => {
+        if (app.license.active() && app.license.status().expired) {
+            response.status(401).send()
+            return
+        }
         const isValid = await app.db.controllers.BrokerClient.authenticateCredentials(
             request.body.username,
             request.body.password
@@ -51,6 +55,10 @@ module.exports = async function (app) {
             }
         }
     }, async (request, response) => {
+        if (app.license.active() && app.license.status().expired) {
+            response.status(401).send()
+            return
+        }
         const allowed = await app.comms.aclManager.verify(request.body.username, request.body.topic, request.body.acc)
         // ↓ Useful for debugging ↓
         // console.warn(`${allowed ? 'ALLOWED' : 'FORBIDDEN'}! ACL check: '${request.body.topic}' for user ${request.body.username} (${request.body.acc === 2 ? 'PUB' : 'SUB'})`)

forge/containers/wrapper.js

@@ -67,6 +67,16 @@ module.exports = {
      * @returns {Promise} Resolves when the start request has been *accepted*.
      */
     start: async (project) => {
+        if (this._app.license.active() && this._app.license.status().expired) {
+            this._app.log.error({
+                code: 'license_expired',
+                error: `Failed to start project ${project.id}: License expired`
+            })
+            project.state = 'suspended'
+            await project.save()
+            throw new Error('License Expired')
+        }
+
         if (this._isBillingEnabled()) {
             await this._subscriptionHandler.addProject(project)
         }

forge/db/models/Device.js

@@ -78,6 +78,10 @@ module.exports = {
                     if (devices.count >= devices.limit) {
                         throw new Error('license limit reached')
                     }
+                } else {
+                    if (app.license.status().expired) {
+                        throw new Error('license expired')
+                    }
                 }
             },
             afterCreate: async (device, options) => {

forge/db/models/Notification.js

@@ -53,7 +53,8 @@ module.exports = {
                         where: {
                             reference,
                             UserId: user.id
-                        }
+                        },
+                        order: [['id', 'DESC']]
                     })
                 },
                 forUser: async (user, pagination = {}) => {

forge/db/models/Team.js

@@ -274,6 +274,23 @@ module.exports = {
                     // In this case the findAll above will return an array that includes null, this needs to be guarded against
                     return owners.filter((owner) => owner !== null)
                 },
+                /**
+                 * Get all members of the team optionally filtered by `role` array
+                 * @param {Array<Number> | null} roleFilter - Array of roles to filter by
+                 * @example
+                 * // Get all members of the team
+                 * const members = await team.getTeamMembers()
+                 * @example
+                 * // Get viewers only
+                 * const viewers = await team.getTeamMembers([Roles.Viewer])
+                 */
+                getTeamMembers: async function (roleFilter = null) {
+                    const where = { TeamId: this.id }
+                    if (roleFilter && Array.isArray(roleFilter)) {
+                        where.role = roleFilter
+                    }
+                    return (await M.TeamMember.findAll({ where, include: M.User })).filter(tm => tm && tm.User).map(tm => tm.User)
+                },
                 memberCount: async function (role) {
                     const where = {
                         TeamId: this.id

forge/ee/emailTemplates/LicenseExpired.js

@@ -9,6 +9,9 @@ module.exports = {
 
 Your FlowFuse License has now expired.
 
+All running instances have been suspended and can not be restarted until 
+a new license is applied.
+
 We hope you will get in touch to renew your license and continue to enjoy the 
 FlowFuse experience.
 
@@ -24,6 +27,9 @@ Your friendly FlowFuse Team
 
 <p>Your FlowFuse License has now expired.</p>
 
+<p>All running instances have been suspended and can not be restarted until 
+a new license is applied.</p>
+
 <p>We hope you will get in touch to renew your license and continue to enjoy the 
 FlowFuse experience.</p>
 

forge/ee/emailTemplates/LicenseReminder.js

@@ -14,6 +14,9 @@ This is a friendly reminder that your FlowFuse License will expire in
 You can check the status of your license by logging into your account at
 {{{forgeURL}}}.
 
+When your license expires all running instances will be suspended and can
+not be restarted until a new license is applied. 
+
 We hope you will get in touch to renew your license and continue to enjoy the 
 FlowFuse experience.
 
@@ -30,6 +33,9 @@ Your friendly FlowFuse Team
 <p>You can check the status of your license by logging into your account at
 {{{forgeURL}}}.</p>
 
+<p>When your license expires all running instances will be suspended and can
+not be restarted until a new license is applied.</p>
+
 <p>We hope you will get in touch to renew your license and continue to enjoy the 
 FlowFuse experience.</p>
 

forge/housekeeper/tasks/licenseCheck.js

@@ -1,3 +1,4 @@
+const { Op } = require('sequelize')
 module.exports = {
     name: 'licenseCheck',
     startup: false,
@@ -26,6 +27,31 @@ module.exports = {
             if (isExpiryDate || isSunday(today)) {
                 await emailAdmins(app, 'LicenseExpired', {})
             }
+            // Log everyday the license is expired
+            app.auditLog.Platform.platform.license.expired('system', null, app.license.get())
+
+            // get list of running Instances
+            const projectList = await app.db.models.Project.findAll({
+                attributes: [
+                    'id',
+                    'state',
+                    'ProjectStackId',
+                    'TeamId'
+                ],
+                where: {
+                    state: {
+                        [Op.eq]: 'running'
+                    }
+                }
+            })
+            // Shut down all running projects
+            projectList.forEach(async (project) => {
+                try {
+                    await app.containers.stop(project)
+                } catch (err) {
+                    // do we need to log a failure?
+                }
+            })
         }
     }
 }

forge/notifications/index.js

@@ -7,9 +7,36 @@ module.exports = fp(async function (app, _opts) {
      * @param {string} type the type of the notification
      * @param {Object} data meta data for the notification - specific to the type
      * @param {string} reference a key that can be used to lookup this notification, for example: `invite:HASHID`
-     *
+     * @param {Object} [options]
+     * @param {boolean} [options.upsert] if true, updates the existing notification with the same reference & adds/increments `data.meta.counter`
+     * @param {boolean} [options.supersede] if true, marks existing notification (with the same reference) as read & adds a new one
      */
-    async function send (user, type, data, reference = null) {
+    async function send (user, type, data, reference = null, options = null) {
+        if (reference && options && typeof options === 'object') {
+            if (options.upsert) {
+                const existing = await app.db.models.Notification.byReference(reference, user)
+                if (existing && !existing.read) {
+                    const updatedData = Object.assign({}, existing.data, data)
+                    if (!updatedData.meta || typeof updatedData.meta !== 'object') {
+                        updatedData.meta = {}
+                    }
+                    if (typeof updatedData.meta.counter === 'number') {
+                        updatedData.meta.counter += 1
+                    } else {
+                        updatedData.meta.counter = 2 // if notification already exists, then this is the 2nd occurrence!
+                    }
+                    await existing.update({ data: updatedData })
+                    return existing
+                }
+            } else if (options.supersede) {
+                const existing = await app.db.models.Notification.byReference(reference, user)
+                if (existing && !existing.read) {
+                    existing.read = true
+                    await existing.save()
+                }
+            }
+        }
+
         return app.db.models.Notification.create({
             UserId: user.id,
             type,