[comp] Production Deploy

Dockerfile

@@ -77,20 +77,12 @@ ARG NEXT_PUBLIC_PORTAL_URL
 ARG NEXT_PUBLIC_POSTHOG_KEY
 ARG NEXT_PUBLIC_POSTHOG_HOST
 ARG NEXT_PUBLIC_IS_DUB_ENABLED
-ARG NEXT_PUBLIC_GTM_ID
-ARG NEXT_PUBLIC_LINKEDIN_PARTNER_ID
-ARG NEXT_PUBLIC_LINKEDIN_CONVERSION_ID
-ARG NEXT_PUBLIC_GOOGLE_ADS_CONVERSION_LABEL
 ARG NEXT_PUBLIC_API_URL
 ENV NEXT_PUBLIC_BETTER_AUTH_URL=$NEXT_PUBLIC_BETTER_AUTH_URL \
     NEXT_PUBLIC_PORTAL_URL=$NEXT_PUBLIC_PORTAL_URL \
     NEXT_PUBLIC_POSTHOG_KEY=$NEXT_PUBLIC_POSTHOG_KEY \
     NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST \
     NEXT_PUBLIC_IS_DUB_ENABLED=$NEXT_PUBLIC_IS_DUB_ENABLED \
-    NEXT_PUBLIC_GTM_ID=$NEXT_PUBLIC_GTM_ID \
-    NEXT_PUBLIC_LINKEDIN_PARTNER_ID=$NEXT_PUBLIC_LINKEDIN_PARTNER_ID \
-    NEXT_PUBLIC_LINKEDIN_CONVERSION_ID=$NEXT_PUBLIC_LINKEDIN_CONVERSION_ID \
-    NEXT_PUBLIC_GOOGLE_ADS_CONVERSION_LABEL=$NEXT_PUBLIC_GOOGLE_ADS_CONVERSION_LABEL \
     NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \
     NEXT_TELEMETRY_DISABLED=1 NODE_ENV=production \
     NEXT_OUTPUT_STANDALONE=true \
@@ -157,4 +149,4 @@ COPY --from=portal-builder /app/apps/portal/public ./apps/portal/public
 EXPOSE 3000
 CMD ["node", "apps/portal/server.js"]
 
-# (Trigger.dev hosted; no local runner stage)
+# (Trigger.dev hosted; no local runner stage)

apps/api/.env.example

@@ -1,5 +1,7 @@
 BASE_URL="http://localhost:3333"
 BETTER_AUTH_URL="http://localhost:3000"
+NEXT_PUBLIC_APP_URL="http://localhost:3000"
+NODE_EXTRA_CA_CERTS=/etc/ssl/cert.pem
 PORT="3333"
 
 APP_AWS_BUCKET_NAME=
@@ -43,4 +45,11 @@ RESEND_API_KEY=
 RESEND_FROM_SYSTEM= # e.g., noreply@mail.trycomp.ai
 RESEND_FROM_DEFAULT= # e.g., hello@mail.trycomp.ai
 
-SECURITY_HUB_ROLE_ASSUMER_ARN=
+# Background checks
+BACKGROUND_CHECK_API_BASE_URL=https://glad-sturgeon-729.convex.site
+BACKGROUND_CHECK_API_KEY=
+BACKGROUND_CHECK_WEBHOOK_SECRET=
+BACKGROUND_WH_ENDPOINT=
+STRIPE_BACKGROUND_CHECK_PRICE_ID=price_1TRWckCkFWhKYvHIA1GLv1sO
+
+SECURITY_HUB_ROLE_ASSUMER_ARN=

apps/api/src/app.module.ts

@@ -52,6 +52,7 @@ import { StripeModule } from './stripe/stripe.module';
 import { AdminOrganizationsModule } from './admin-organizations/admin-organizations.module';
 import { AdminFeatureFlagsModule } from './admin-feature-flags/admin-feature-flags.module';
 import { TimelinesModule } from './timelines/timelines.module';
+import { BackgroundChecksModule } from './background-checks/background-checks.module';
 
 @Module({
   imports: [
@@ -113,6 +114,7 @@ import { TimelinesModule } from './timelines/timelines.module';
     SecretsModule,
     SecurityPenetrationTestsModule,
     StripeModule,
+    BackgroundChecksModule,
     AdminOrganizationsModule,
     AdminFeatureFlagsModule,
     TimelinesModule,

apps/api/src/attachments/upload-attachment.dto.ts

@@ -35,6 +35,7 @@ export class UploadAttachmentDto {
   })
   @IsString()
   @IsNotEmpty()
+  @MaxLength(134_217_728)
   @IsBase64()
   fileData: string;
 

apps/api/src/background-checks/background-check-billing.controller.ts

@@ -0,0 +1,70 @@
+import { Body, Controller, Get, HttpCode, Post, UseGuards } from '@nestjs/common';
+import { ApiOperation, ApiSecurity, ApiTags } from '@nestjs/swagger';
+import { OrganizationId } from '../auth/auth-context.decorator';
+import { HybridAuthGuard } from '../auth/hybrid-auth.guard';
+import { PermissionGuard } from '../auth/permission.guard';
+import { RequirePermission } from '../auth/require-permission.decorator';
+import { BackgroundCheckBillingService } from './background-check-billing.service';
+import {
+  BackgroundCheckBillingPortalDto,
+  BackgroundCheckSetupSessionDto,
+  BackgroundCheckSetupSuccessDto,
+} from './dto/background-check-billing.dto';
+
+@ApiTags('Background Check Billing')
+@Controller({ path: 'background-check-billing', version: '1' })
+@UseGuards(HybridAuthGuard, PermissionGuard)
+@ApiSecurity('apikey')
+export class BackgroundCheckBillingController {
+  constructor(private readonly billingService: BackgroundCheckBillingService) {}
+
+  @Get('status')
+  @RequirePermission('organization', 'read')
+  @ApiOperation({ summary: 'Get background check billing status' })
+  async getStatus(@OrganizationId() organizationId: string) {
+    return this.billingService.getStatus(organizationId);
+  }
+
+  @Post('setup-session')
+  @RequirePermission('organization', 'update')
+  @HttpCode(200)
+  @ApiOperation({ summary: 'Create a Stripe setup session for background checks' })
+  async setupSession(
+    @OrganizationId() organizationId: string,
+    @Body() body: BackgroundCheckSetupSessionDto,
+  ) {
+    return this.billingService.createSetupSession({
+      organizationId,
+      successUrl: body.successUrl,
+      cancelUrl: body.cancelUrl,
+    });
+  }
+
+  @Post('setup-success')
+  @RequirePermission('organization', 'update')
+  @HttpCode(200)
+  @ApiOperation({ summary: 'Handle successful background check billing setup' })
+  async setupSuccess(
+    @OrganizationId() organizationId: string,
+    @Body() body: BackgroundCheckSetupSuccessDto,
+  ) {
+    return this.billingService.handleSetupSuccess({
+      organizationId,
+      sessionId: body.sessionId,
+    });
+  }
+
+  @Post('portal')
+  @RequirePermission('organization', 'update')
+  @HttpCode(200)
+  @ApiOperation({ summary: 'Create a Stripe billing portal session' })
+  async portal(
+    @OrganizationId() organizationId: string,
+    @Body() body: BackgroundCheckBillingPortalDto,
+  ) {
+    return this.billingService.createBillingPortalSession({
+      organizationId,
+      returnUrl: body.returnUrl,
+    });
+  }
+}