fizzy-saas 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 1f850d45a7504d2e96057396d2d9ca8a8a4167fda02a3a51d3c797e346ff70c3
+  data.tar.gz: c241ef1add2ed5d6081d45fe14dc082479ab47133e3e7243abcae7379218c5f7
+SHA512:
+  metadata.gz: a04af9b6d8e8e00a9af2ac4cfacc11ef7a13ffbb0319279378367494e28caa61307dcab3b58fc46dd2a8c565bf474e4501ec6ae1418d92b3857dc5660742d485
+  data.tar.gz: c7cd9f827b9c6fb9533eca3eead283de8655ba14f8e5ecd76fbd78a6cbfd07cc8ba8987b06f074f134d38fb485c6a2848bf9b11424576b164e4879c5c6c96f5e

data/LICENSE.md

@@ -0,0 +1,10 @@
+# O'Saasy License Agreement
+
+Copyright © 2025, 37signals LLC.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+1. The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+2. No licensee or downstream recipient may use the Software (including any modified or derivative versions) to directly compete with the original Licensor by offering it to third parties as a hosted, managed, or Software-as-a-Service (SaaS) product or cloud service where the primary value of the service is the functionality of the Software itself.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,57 @@
+This is a Rails engine that [37signals](https://37signals.com/) bundles with [Fizzy](https://github.com/basecamp/fizzy) to offer the hosted version at https://fizzy.do.
+
+## Development
+
+To make Fizzy run in SaaS mode, run this in the terminal:
+
+```ruby
+bin/rails saas:enable
+```
+
+To can go back to open source mode:
+
+```ruby
+bin/rails saas:disable
+```
+
+Then you can work do [Fizzy development as usual](https://github.com/basecamp/fizzy).
+
+## How to update Fizzy
+
+After making changes to this gem, you need to update Fizzy to pick up the changes:
+
+```ruby
+BUNDLE_GEMFILE=Gemfile.saas bundle update --conservative fizzy-saas
+```
+
+## Environments
+
+Fizzy is deployed with [Kamal](https://kamal-deploy.org/). You'll need to have the 1Password CLI set up in order to access the secrets that are used when deploying. Provided you have that, it should be as simple as `bin/kamal deploy` to the correct environment.
+
+## Handbook
+
+See the [Fizzy handbook](https://handbooks.37signals.works/18/fizzy) for runbooks and more.
+
+### Production
+
+- https://app.fizzy.do/
+
+This environment uses a FlashBlade bucket for blob storage.
+
+### Beta
+
+Beta is primarily intended for testing product features. It uses the same production database and Active Storage configuration.
+
+Beta tenant is:
+
+- https://fizzy-beta.37signals.com
+
+### Staging
+
+Staging is primarily intended for testing infrastructure changes. It uses production-like but separate database and Active Storage configurations.
+
+- https://fizzy.37signals-staging.com/
+
+## License
+
+fizzy-saas is released under the [O'Saasy License](LICENSE.md).

data/Rakefile

@@ -0,0 +1,8 @@
+require "bundler/setup"
+
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load "rails/tasks/engine.rake"
+
+load "rails/tasks/statistics.rake"
+
+require "bundler/gem_tasks"

data/app/assets/stylesheets/fizzy/saas/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/models/subscription.rb

@@ -0,0 +1,13 @@
+class Subscription < Queenbee::Subscription
+  SHORT_NAMES = %w[ FreeV1 ]
+
+  def self.short_name
+    name.demodulize
+  end
+
+  class FreeV1 < Subscription
+    property :proper_name,  "Free Subscription"
+    property :price,        0
+    property :frequency,    "yearly"
+  end
+end

data/app/views/layouts/fizzy/saas/application.html.erb

@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Fizzy saas</title>
+  <%= csrf_meta_tags %>
+  <%= csp_meta_tag %>
+
+  <%= yield :head %>
+
+  <%= stylesheet_link_tag    "fizzy/saas/application", media: "all" %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/app/views/signup/completions/new.html.erb

@@ -0,0 +1,30 @@
+<% @page_title = "Complete your sign-up" %>
+
+<div class="panel panel--centered flex flex-column gap-half <%= "shake" if flash[:alert] %>">
+  <h1 class="txt-x-large font-weight-black margin-block-end"><%= @page_title %></h1>
+
+  <%= form_with model: @signup, url: saas.signup_completion_path, scope: "signup", class: "flex flex-column gap", data: { controller: "form" } do |form| %>
+    <%= form.text_field :full_name, class: "input txt-large", autocomplete: "name", placeholder: "Enter your full name…", autofocus: true, required: true %>
+
+    <p>You’re one step away. Just enter your name to get your own Fizzy account.</p>
+
+    <% if @signup.errors.any? %>
+      <div class="margin-block-half">
+        <ul class="margin-block-none txt-negative txt-small">
+          <% @signup.errors.full_messages.each do |message| %>
+            <li><%= message %></li>
+          <% end %>
+        </ul>
+      </div>
+    <% end %>
+
+    <button type="submit" class="btn btn--link center" data-form-target="submit">
+      <span>Continue</span>
+      <%= icon_tag "arrow-right" %>
+    </button>
+  <% end %>
+</div>
+
+<% content_for :footer do %>
+  <%= render "sessions/footer" %>
+<% end %>

data/app/views/signup/new.html.erb

@@ -0,0 +1,28 @@
+<% @page_title = "Sign up for Fizzy" %>
+
+<div class="panel panel--centered flex flex-column gap-half <%= "shake" if flash[:alert] %>">
+  <h1 class="txt-xx-large margin-block-end-double">Sign up</h1>
+
+  <%= form_with model: @signup, url: saas.signup_path, scope: "signup", class: "flex flex-column gap", data: { turbo: false, controller: "form" } do |form| %>
+    <%= form.email_field :email_address, class: "input", autocomplete: "username", placeholder: "Email address", required: true %>
+
+    <% if @signup.errors.any? %>
+      <div class="margin-block-half">
+        <ul class="margin-block-none txt-negative txt-small">
+          <% @signup.errors.full_messages.each do |message| %>
+            <li><%= message %></li>
+          <% end %>
+        </ul>
+      </div>
+    <% end %>
+
+    <button type="submit" class="btn btn--link center" data-form-target="submit">
+      <span>Continue</span>
+      <%= icon_tag "arrow-right" %>
+    </button>
+  <% end %>
+</div>
+
+<% content_for :footer do %>
+  <%= render "sessions/footer" %>
+<% end %>

data/config/database.yml

@@ -0,0 +1,103 @@
+<%
+  if ENV["MIGRATE"].present?
+    mysql_app_user_key = "MYSQL_ALTER_USER"
+    mysql_app_password_key = "MYSQL_ALTER_PASSWORD"
+    max_execution_time_ms = 0 # No limit
+  else
+    mysql_app_user_key = "MYSQL_APP_USER"
+    mysql_app_password_key = "MYSQL_APP_PASSWORD"
+    max_execution_time_ms = 5_000
+  end
+
+  mysql_app_user = ENV[mysql_app_user_key]
+  mysql_app_password = ENV[mysql_app_password_key]
+%>
+
+default: &default
+  adapter: trilogy
+  host: <%= ENV.fetch "FIZZY_DB_HOST", "127.0.0.1" %>
+  port: <%= ENV.fetch "FIZZY_DB_PORT", 3306 %>
+  pool: 50
+  timeout: 5000
+  variables:
+    transaction_isolation: READ-COMMITTED
+    max_execution_time: <%= max_execution_time_ms %>
+
+development:
+  primary:
+    <<: *default
+    database: fizzy_development
+    port: <%= ENV.fetch "FIZZY_DB_PORT", 33380 %>
+  replica:
+    <<: *default
+    database: fizzy_development
+    port: <%= ENV.fetch "FIZZY_DB_PORT", 33380 %>
+    replica: true
+  cable:
+    <<: *default
+    database: development_cable
+    port: <%= ENV.fetch "FIZZY_DB_PORT", 33380 %>
+    migrations_paths: db/cable_migrate
+  cache:
+    <<: *default
+    database: development_cache
+    port: <%= ENV.fetch "FIZZY_DB_PORT", 33380 %>
+    migrations_paths: db/cache_migrate
+  queue:
+    <<: *default
+    database: development_queue
+    port: <%= ENV.fetch "FIZZY_DB_PORT", 33380 %>
+    migrations_paths: db/queue_migrate
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  primary:
+    <<: *default
+    database: fizzy_test
+    port: <%= ENV.fetch "FIZZY_DB_PORT", 33380 %>
+  replica:
+    <<: *default
+    database: fizzy_test
+    port: <%= ENV.fetch "FIZZY_DB_PORT", 33380 %>
+    replica: true
+
+production: &production
+  primary:
+    <<: *default
+    database: fizzy_production
+    host: <%= ENV["MYSQL_DATABASE_HOST"] %>
+    username: <%= mysql_app_user %>
+    password: <%= mysql_app_password %>
+  replica:
+    <<: *default
+    database: fizzy_production
+    host: <%= ENV["MYSQL_DATABASE_REPLICA_HOST"] %>
+    username: <%= ENV["MYSQL_READONLY_USER"] %>
+    password: <%= ENV["MYSQL_READONLY_PASSWORD"] %>
+    replica: true
+  cable:
+    <<: *default
+    database: fizzy_solidcable_production
+    host: <%= ENV["MYSQL_SOLID_CABLE_HOST"] %>
+    username: <%= mysql_app_user %>
+    password: <%= mysql_app_password %>
+    migrations_paths: db/cable_migrate
+  queue:
+    <<: *default
+    database: fizzy_solidqueue_production
+    host: <%= ENV["MYSQL_SOLID_QUEUE_HOST"] %>
+    username: <%= mysql_app_user %>
+    password: <%= mysql_app_password %>
+    migrations_paths: db/queue_migrate
+  cache:
+    <<: *default
+    database: fizzy_solidcache_production
+    host: <%= ENV["MYSQL_SOLID_CACHE_HOST"] %>
+    username: <%= mysql_app_user %>
+    password: <%= mysql_app_password %>
+    migrations_paths: db/cache_migrate
+
+beta: *production
+staging: *production

data/config/deploy.beta.yml

@@ -0,0 +1,60 @@
+servers:
+  web:
+    hosts:
+      - fizzy-beta-app-01.sc-chi-int.37signals.com: sc_chi
+      - fizzy-beta-app-101.df-iad-int.37signals.com: df_iad
+    labels:
+      otel_scrape_enabled: true
+
+# we don't run the jobs role in beta
+allow_empty_roles: true
+
+proxy:
+  ssl: false
+
+ssh:
+  user: app
+
+env:
+  clear:
+    RAILS_ENV: beta
+    MYSQL_DATABASE_HOST: fizzy-mysql-primary
+    MYSQL_DATABASE_REPLICA_HOST: fizzy-mysql-replica
+    MYSQL_SOLID_CABLE_HOST: fizzy-mysql-primary
+    MYSQL_SOLID_QUEUE_HOST: fizzy-mysql-primary
+    MYSQL_SOLID_CACHE_HOST: fizzy-beta-solidcache-db-101
+  secret:
+    - RAILS_MASTER_KEY
+    - MYSQL_ALTER_PASSWORD
+    - MYSQL_ALTER_USER
+    - MYSQL_APP_PASSWORD
+    - MYSQL_APP_USER
+    - MYSQL_READONLY_PASSWORD
+    - MYSQL_READONLY_USER
+    - SECRET_KEY_BASE
+    - VAPID_PUBLIC_KEY
+    - VAPID_PRIVATE_KEY
+    - ACTIVE_STORAGE_ACCESS_KEY_ID
+    - ACTIVE_STORAGE_SECRET_ACCESS_KEY
+    - QUEENBEE_API_TOKEN
+    - SIGNAL_ID_SECRET
+    - SENTRY_DSN
+  tags:
+    sc_chi: {}
+    df_iad:
+      PRIMARY_DATACENTER: true
+
+accessories:
+  load-balancer:
+    image: basecamp/kamal-proxy:lb
+    host: fizzy-beta-lb-01.sc-chi-int.37signals.com
+    labels:
+      otel_role: load-balancer
+      otel_service: fizzy-load-balancer
+      otel_scrape_enabled: true
+    options:
+      publish:
+        - 80:80
+        - 443:443
+    volumes:
+      - load-balancer:/home/kamal-proxy/.config/kamal-proxy

data/config/deploy.production.yml

@@ -0,0 +1,80 @@
+servers:
+  web:
+    hosts:
+      - fizzy-app-01.sc-chi-int.37signals.com: sc_chi
+      - fizzy-app-02.sc-chi-int.37signals.com: sc_chi
+      - fizzy-app-101.df-iad-int.37signals.com: df_iad
+      - fizzy-app-102.df-iad-int.37signals.com: df_iad
+      - fizzy-app-401.df-ams-int.37signals.com: df_ams
+      - fizzy-app-402.df-ams-int.37signals.com: df_ams
+    labels:
+      otel_scrape_enabled: true
+  jobs:
+    hosts:
+      - fizzy-jobs-101.df-iad-int.37signals.com: df_iad
+      - fizzy-jobs-102.df-iad-int.37signals.com: df_iad
+    labels:
+      otel_scrape_enabled: true
+
+proxy:
+  ssl: false
+
+ssh:
+  user: app
+
+env:
+  clear:
+    RAILS_ENV: production
+    MYSQL_DATABASE_HOST: fizzy-mysql-primary
+    MYSQL_DATABASE_REPLICA_HOST: fizzy-mysql-replica
+    MYSQL_SOLID_CABLE_HOST: fizzy-mysql-primary
+    MYSQL_SOLID_QUEUE_HOST: fizzy-mysql-primary
+  secret:
+    - RAILS_MASTER_KEY
+    - MYSQL_ALTER_PASSWORD
+    - MYSQL_ALTER_USER
+    - MYSQL_APP_PASSWORD
+    - MYSQL_APP_USER
+    - MYSQL_READONLY_PASSWORD
+    - MYSQL_READONLY_USER
+    - SECRET_KEY_BASE
+    - VAPID_PUBLIC_KEY
+    - VAPID_PRIVATE_KEY
+    - ACTIVE_STORAGE_ACCESS_KEY_ID
+    - ACTIVE_STORAGE_SECRET_ACCESS_KEY
+    - QUEENBEE_API_TOKEN
+    - SIGNAL_ID_SECRET
+    - SENTRY_DSN
+  tags:
+    sc_chi:
+      MYSQL_SOLID_CACHE_HOST: fizzy-solidcache-db-01.sc-chi-int.37signals.com
+    df_iad:
+      MYSQL_SOLID_CACHE_HOST: fizzy-solidcache-db-101.df-iad-int.37signals.com
+      PRIMARY_DATACENTER: true
+    df_ams:
+      MYSQL_SOLID_CACHE_HOST: fizzy-solidcache-db-401.df-ams-int.37signals.com
+
+
+accessories:
+  load-balancer:
+    image: basecamp/kamal-proxy:lb
+    hosts:
+      - fizzy-lb-101.df-iad-int.37signals.com
+      - fizzy-lb-102.df-iad-int.37signals.com
+      - fizzy-lb-01.sc-chi-int.37signals.com
+      - fizzy-lb-02.sc-chi-int.37signals.com
+      - fizzy-lb-401.df-ams-int.37signals.com
+      - fizzy-lb-402.df-ams-int.37signals.com
+    labels:
+      otel_role: load-balancer
+      otel_service: fizzy-load-balancer
+      otel_scrape_enabled: true
+    options:
+      publish:
+        - 80:80
+        - 443:443
+      # NFS mount for certificates
+      # See https://3.basecamp.com/2914079/buckets/37331921/todos/9180260061
+      mount: type=volume,src=certificates,dst=/certificates,volume-driver=local,volume-opt=type=nfs,volume-opt=device=:/fizzy-production-certificates,"volume-opt=o=addr=purestorage.sc-chi-int.37signals.com,nfsvers=3,rw,noatime,nconnect=8,soft,timeo=30,retrans=2"
+    volumes:
+      - load-balancer:/home/kamal-proxy/.config/kamal-proxy

data/config/deploy.staging.yml

@@ -0,0 +1,77 @@
+servers:
+  web:
+    hosts:
+      - fizzy-staging-app-101.df-iad-int.37signals.com: df_iad
+      - fizzy-staging-app-102.df-iad-int.37signals.com: df_iad
+      - fizzy-staging-app-01.sc-chi-int.37signals.com: sc_chi
+      - fizzy-staging-app-02.sc-chi-int.37signals.com: sc_chi
+      - fizzy-staging-app-401.df-ams-int.37signals.com: df_ams
+      - fizzy-staging-app-402.df-ams-int.37signals.com: df_ams
+    labels:
+      otel_scrape_enabled: true
+  jobs:
+    hosts:
+      - fizzy-staging-jobs-101.df-iad-int.37signals.com: df_iad
+      - fizzy-staging-jobs-102.df-iad-int.37signals.com: df_iad
+    labels:
+      otel_scrape_enabled: true
+
+proxy:
+  ssl: false
+
+ssh:
+  user: app
+
+env:
+  clear:
+    RAILS_ENV: staging
+    MYSQL_DATABASE_HOST: fizzy-staging-mysql-primary
+    MYSQL_DATABASE_REPLICA_HOST: fizzy-staging-mysql-replica
+    MYSQL_SOLID_CABLE_HOST: fizzy-staging-mysql-primary
+    MYSQL_SOLID_QUEUE_HOST: fizzy-staging-mysql-primary
+  secret:
+    - RAILS_MASTER_KEY
+    - MYSQL_ALTER_PASSWORD
+    - MYSQL_ALTER_USER
+    - MYSQL_APP_PASSWORD
+    - MYSQL_APP_USER
+    - MYSQL_READONLY_PASSWORD
+    - MYSQL_READONLY_USER
+    - SECRET_KEY_BASE
+    - VAPID_PUBLIC_KEY
+    - VAPID_PRIVATE_KEY
+    - ACTIVE_STORAGE_ACCESS_KEY_ID
+    - ACTIVE_STORAGE_SECRET_ACCESS_KEY
+    - QUEENBEE_API_TOKEN
+    - SIGNAL_ID_SECRET
+    - SENTRY_DSN
+  tags:
+    sc_chi:
+      MYSQL_SOLID_CACHE_HOST: fizzy-staging-solidcache-db-01.sc-chi-int.37signals.com
+    df_iad:
+      MYSQL_SOLID_CACHE_HOST: fizzy-staging-solidcache-db-101.df-iad-int.37signals.com
+      PRIMARY_DATACENTER: true
+    df_ams:
+      MYSQL_SOLID_CACHE_HOST: fizzy-staging-solidcache-db-401.df-ams-int.37signals.com
+
+
+accessories:
+  load-balancer:
+    image: basecamp/kamal-proxy:lb
+    hosts:
+      - fizzy-staging-lb-01.sc-chi-int.37signals.com
+      - fizzy-staging-lb-101.df-iad-int.37signals.com
+      - fizzy-staging-lb-401.df-ams-int.37signals.com
+    labels:
+      otel_role: load-balancer
+      otel_service: fizzy-load-balancer
+      otel_scrape_enabled: true
+    options:
+      publish:
+        - 80:80
+        - 443:443
+      # NFS mount for certificates
+      # See https://3.basecamp.com/2914079/buckets/37331921/todos/9180260061
+      mount: type=volume,src=certificates,dst=/certificates,volume-driver=local,volume-opt=type=nfs,volume-opt=device=:/fizzy-staging-certificates,"volume-opt=o=addr=purestorage.sc-chi-int.37signals.com,nfsvers=3,rw,noatime,nconnect=8,soft,timeo=30,retrans=2"
+    volumes:
+      - load-balancer:/home/kamal-proxy/.config/kamal-proxy

data/config/deploy.yml

@@ -0,0 +1,37 @@
+service: fizzy
+image: basecamp/fizzy
+asset_path: /rails/public/assets
+hooks_path: <%= File.join(Gem::Specification.find_by_name("fizzy-saas").gem_dir, ".kamal", "hooks") %>
+secrets_path: <%= File.join(Gem::Specification.find_by_name("fizzy-saas").gem_dir, ".kamal/secrets") %>
+
+servers:
+  jobs:
+    cmd: bin/jobs
+
+volumes:
+  - fizzy:/rails/storage
+
+proxy:
+  ssl: true
+
+registry:
+  server: registry.37signals.com
+  username: robot$harbor-bot
+  password:
+    - BASECAMP_REGISTRY_PASSWORD
+
+builder:
+  arch: amd64
+  dockerfile: <%= File.join(Gem::Specification.find_by_name("fizzy-saas").gem_dir, "Dockerfile") %>
+  secrets:
+    - GITHUB_TOKEN
+  remote: ssh://app@docker-builder-102
+  local: <%= ENV.fetch("KAMAL_BUILDER_LOCAL", "true") %>
+
+env:
+  secret:
+    - RAILS_MASTER_KEY
+
+aliases:
+  console: app exec -i --reuse "bin/rails console"
+  ssh: app exec -i --reuse /bin/bash

data/config/environments/beta.rb

@@ -0,0 +1,8 @@
+require_relative "production"
+
+Rails.application.configure do
+  config.action_mailer.smtp_settings[:domain] = "fizzy-beta.37signals.com"
+  config.action_mailer.smtp_settings[:address] = "smtp-outbound-staging"
+  config.action_mailer.default_url_options     = { host: "fizzy-beta.37signals.com", protocol: "https" }
+  config.action_controller.default_url_options = { host: "fizzy-beta.37signals.com", protocol: "https" }
+end

data/config/environments/development.rb

@@ -0,0 +1,10 @@
+Rails.application.configure do
+  if Rails.root.join("tmp/structured-logging.txt").exist?
+    config.structured_logging.logger = ActiveSupport::Logger.new("log/structured-development.log")
+  end
+
+  if Rails.root.join("tmp/solid-queue.txt").exist?
+    config.active_job.queue_adapter = :solid_queue
+    config.solid_queue.connects_to = { database: { writing: :queue, reading: :queue } }
+  end
+end

data/config/environments/production.rb

@@ -0,0 +1,8 @@
+Rails.application.configure do
+  config.active_storage.service = :purestorage
+  config.structured_logging.logger = ActiveSupport::Logger.new(STDOUT)
+
+  config.action_controller.default_url_options = { host: "app.fizzy.do", protocol: "https" }
+  config.action_mailer.default_url_options     = { host: "app.fizzy.do", protocol: "https" }
+  config.action_mailer.smtp_settings = { domain: "app.fizzy.do", address: "smtp-outbound", port: 25, enable_starttls_auto: false }
+end

data/config/environments/staging.rb

@@ -0,0 +1,8 @@
+require_relative "production"
+
+Rails.application.configure do
+  config.action_mailer.smtp_settings[:domain] = "fizzy.37signals-staging.com"
+  config.action_mailer.smtp_settings[:address] = "smtp-outbound-staging"
+  config.action_mailer.default_url_options     = { host: "fizzy.37signals-staging.com", protocol: "https" }
+  config.action_controller.default_url_options = { host: "fizzy.37signals-staging.com", protocol: "https" }
+end

data/config/routes.rb

@@ -0,0 +1,3 @@
+Fizzy::Saas::Engine.routes.draw do
+  Queenbee.routes(self)
+end

data/config/storage.yml

@@ -0,0 +1,33 @@
+test:
+  service: Disk
+  root: <%= Rails.root.join("tmp/storage/files") %>
+
+local:
+  service: Disk
+  root: <%= Rails.root.join("storage", Rails.env, "files") %>
+
+devminio:
+  service: S3
+  bucket: fizzy-dev-activestorage
+  endpoint: "http://minio.localhost:39000"
+  force_path_style: true
+  request_checksum_calculation: when_required # default is when_supported with CRC64NVME checksum which FlashBlade doesn't support
+  response_checksum_validation: when_required # default is when_supported with CRC64NVME checksum which FlashBlade doesn't support
+  region: us-east-1 # default region required for signer
+  access_key_id: minioadmin
+  secret_access_key: minioadmin
+
+# We have "development", "staging", and "production" buckets configured. Note that we don't have a
+# "beta" bucket. (As of 2025-06-01.)
+<% pure_env = Rails.env.beta? ? "production" : Rails.env %>
+purestorage:
+  service: S3
+  bucket: fizzy-<%= pure_env %>-activestorage
+  endpoint: "https://storage.basecamp.com"
+  ssl_verify_peer: false # FIXME: using self-signed cert internally
+  force_path_style: true
+  request_checksum_calculation: when_required # default is when_supported with CRC64NVME checksum which FlashBlade doesn't support
+  response_checksum_validation: when_required # default is when_supported with CRC64NVME checksum which FlashBlade doesn't support
+  region: us-east-1 # default region required for signer
+  access_key_id: <%= ENV["ACTIVE_STORAGE_ACCESS_KEY_ID"] %>
+  secret_access_key: <%= ENV["ACTIVE_STORAGE_SECRET_ACCESS_KEY"] %>

data/lib/fizzy/saas/engine.rb

@@ -0,0 +1,98 @@
+require_relative "transaction_pinning"
+require_relative "signup"
+
+module Fizzy
+  module Saas
+    class Engine < ::Rails::Engine
+      # moved from config/initializers/queenbee.rb
+      Queenbee.host_app = Fizzy
+
+      initializer "fizzy.saas.mount" do |app|
+        app.routes.append do
+          mount Fizzy::Saas::Engine => "/", as: "saas"
+        end
+      end
+
+      initializer "fizzy_saas.transaction_pinning" do |app|
+        app.config.middleware.insert_after(ActiveRecord::Middleware::DatabaseSelector, TransactionPinning::Middleware)
+      end
+
+      initializer "fizzy_saas.solid_queue" do
+        SolidQueue.on_start do
+          Process.warmup
+          Yabeda::Prometheus::Exporter.start_metrics_server!
+        end
+      end
+
+      initializer "fizzy_saas.logging.session" do |app|
+        ActiveSupport.on_load(:action_controller_base) do
+          before_action do
+            if Current.identity.present?
+              logger.struct(authentication: { identity: { id: Current.identity.id } })
+            end
+
+            if Current.account.present?
+              logger.struct(account: { queenbee_id: Current.account.external_account_id })
+            end
+          end
+        end
+      end
+
+      # Load test mocks automatically in test environment
+      initializer "fizzy_saas.test_mocks", after: :load_config_initializers do
+        if Rails.env.test?
+          require "fizzy/saas/testing"
+        end
+      end
+
+      initializer "fizzy_saas.sentry" do
+        if !Rails.env.local? && ENV["SKIP_TELEMETRY"].blank?
+          Sentry.init do |config|
+            config.dsn = ENV["SENTRY_DSN"]
+            config.breadcrumbs_logger = %i[ active_support_logger http_logger ]
+            config.send_default_pii = false
+            config.release = ENV["GIT_REVISION"]
+            config.excluded_exceptions += [ "ActiveRecord::ConcurrentMigrationError" ]
+          end
+        end
+      end
+
+      initializer "fizzy_saas.yabeda" do
+        require "prometheus/client/support/puma"
+
+        Prometheus::Client.configuration.logger = Rails.logger
+        Prometheus::Client.configuration.pid_provider = Prometheus::Client::Support::Puma.method(:worker_pid_provider)
+        Yabeda::Rails.config.controller_name_case = :camel
+        Yabeda::Rails.config.ignore_actions = %w[
+          Rails::HealthController#show
+        ]
+
+        Yabeda::ActiveJob.install!
+
+        require "yabeda/solid_queue"
+        Yabeda::SolidQueue.install!
+
+        Yabeda::ActionCable.configure do |config|
+          config.channel_class_name = "ActionCable::Channel::Base"
+        end
+
+        require_relative "metrics"
+      end
+
+      config.to_prepare do
+        ::Signup.prepend(Fizzy::Saas::Signup)
+
+        Queenbee::Subscription.short_names = Subscription::SHORT_NAMES
+
+        # Default to local dev QB token if not set
+        Queenbee::ApiToken.token = ENV.fetch("QUEENBEE_API_TOKEN") { "69a4cfb8705913e6323f7b4c0c0cff9bd8df37da532f4375b85e9655b8100bb023591b48d308205092aa0a04dd28cb6c62d6798364a6f44cc1e675814eb148a1" }
+
+        Subscription::SHORT_NAMES.each do |short_name|
+          const_name = "#{short_name}Subscription"
+          ::Object.send(:remove_const, const_name) if ::Object.const_defined?(const_name)
+          ::Object.const_set const_name, Subscription.const_get(short_name, false)
+        end
+      end
+    end
+  end
+end

data/lib/fizzy/saas/metrics.rb

@@ -0,0 +1,13 @@
+Yabeda.configure do
+  SHORT_HISTOGRAM_BUCKETS = [ 0.001, 0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5 ]
+
+  group :fizzy do
+    counter :replica_stale,
+      comment: "Number of requests served from a stale replica"
+
+    histogram :replica_wait,
+      unit: :seconds,
+      comment: "Time spent waiting for replica to catch up with transaction",
+      buckets: SHORT_HISTOGRAM_BUCKETS
+  end
+end

data/lib/fizzy/saas/signup.rb

@@ -0,0 +1,43 @@
+module Fizzy
+  module Saas
+    module Signup
+      extend ActiveSupport::Concern
+
+      included do
+        attr_reader :queenbee_account
+      end
+
+      private
+        def create_tenant
+          @queenbee_account = Queenbee::Remote::Account.create!(queenbee_account_attributes)
+          @queenbee_account.id.to_s
+        end
+
+        def handle_account_creation_error(error)
+          @queenbee_account&.cancel
+        end
+
+        def queenbee_account_attributes
+          {}.tap do |attributes|
+            attributes[:product_name]   = "fizzy"
+            attributes[:name]           = generate_account_name
+            attributes[:owner_name]     = full_name
+            attributes[:owner_email]    = email_address
+
+            attributes[:trial]          = true
+            attributes[:subscription]   = subscription_attributes
+            attributes[:remote_request] = request_attributes
+
+            # # TODO: Terms of Service
+            # attributes[:terms_of_service] = true
+
+            # We've confirmed the email
+            attributes[:auto_allow]     = true
+
+            # Tell Queenbee to skip the request to create a local account. We've created it ourselves.
+            attributes[:skip_remote]    = true
+          end
+        end
+    end
+  end
+end

data/lib/fizzy/saas/testing.rb

@@ -0,0 +1,9 @@
+require "queenbee/testing/mocks"
+
+Queenbee::Remote::Account.class_eval do
+  # because we use the account ID as the tenant name, we need it to be unique in each test to avoid
+  # parallelized tests clobbering each other.
+  def next_id
+    super + Random.rand(1000000)
+  end
+end

data/lib/fizzy/saas/transaction_pinning.rb

@@ -0,0 +1,65 @@
+module TransactionPinning
+  class Middleware
+    SESSION_KEY = :last_txn
+    DEFAULT_MAX_WAIT = 0.25
+
+    def initialize(app)
+      @app = app
+      @timeout = Rails.application.config.x.transaction_pinning&.timeout&.to_f || DEFAULT_MAX_WAIT
+    end
+
+    def call(env)
+      request = ActionDispatch::Request.new(env)
+      replica_metrics = {}
+
+      if ApplicationRecord.current_role == :reading
+        wait_for_replica_catchup(request, replica_metrics)
+      end
+
+      status, headers, body = @app.call(env)
+      headers.merge!(replica_metrics.transform_values(&:to_s))
+
+      if ApplicationRecord.current_role == :writing
+        capture_transaction_id(request)
+      end
+
+      [ status, headers, body ]
+    end
+
+    private
+      def wait_for_replica_catchup(request, replica_metrics)
+        if last_txn = request.session[SESSION_KEY].presence
+          has_transaction = tracking_replica_wait_time(replica_metrics) do
+            replica_has_transaction(last_txn)
+          end
+
+          unless has_transaction
+            Yabeda.fizzy.replica_stale.increment
+            replica_metrics["X-Replica-Stale"] = true
+          end
+        end
+      end
+
+      def capture_transaction_id(request)
+        request.session[SESSION_KEY] = ApplicationRecord.connection.show_variable("global.gtid_executed")
+      end
+
+      def replica_has_transaction(txn)
+        sql = ApplicationRecord.sanitize_sql_array([ "SELECT WAIT_FOR_EXECUTED_GTID_SET(?, ?)", txn, @timeout ])
+        ApplicationRecord.connection.select_value(sql) == 0
+      rescue => e
+        Sentry.capture_exception(e, extra: { gtid: txn })
+        true # Treat as if we're up to date, since we don't know
+      end
+
+      def tracking_replica_wait_time(replica_metrics)
+        started_at = Time.current
+
+        Yabeda.fizzy.replica_wait.measure do
+          yield
+        end.tap do
+          replica_metrics["X-Replica-Wait"] = Time.current - started_at
+        end
+      end
+  end
+end

data/lib/fizzy/saas/version.rb

@@ -0,0 +1,5 @@
+module Fizzy
+  module Saas
+    VERSION = "0.1.0"
+  end
+end

data/lib/fizzy/saas.rb

@@ -0,0 +1,12 @@
+require "fizzy/saas/version"
+require "fizzy/saas/engine"
+
+module Fizzy
+  module Saas
+    def self.append_test_paths
+      engine_test_path = Engine.root.join("test")
+      ENV["DEFAULT_TEST"] = "{#{engine_test_path},test}/**/*_test.rb"
+      ENV["DEFAULT_TEST_EXCLUDE"] = "{#{engine_test_path},test}/{system,dummy,fixtures}/**/*_test.rb"
+    end
+  end
+end

data/lib/tasks/fizzy/saas_tasks.rake

@@ -0,0 +1,18 @@
+require "rake/testtask"
+
+namespace :test do
+  # task :prepare_saas => :environment do
+  #   require "rails/test_help"
+  #
+  #   $LOAD_PATH.unshift Fizzy::Saas::Engine.root.join("test").to_s
+  #   require Fizzy::Saas::Engine.root.join("test/test_helper")
+  # end
+
+  desc "Run tests for fizzy-saas gem"
+  Rake::TestTask.new(:saas => :environment) do |t|
+    t.libs << "test"
+    t.test_files = FileList[Fizzy::Saas::Engine.root.join("test/**/*_test.rb")]
+    t.warning = false
+  end
+end
+

data/lib/yabeda/solid_queue.rb

@@ -0,0 +1,27 @@
+module Yabeda
+  module SolidQueue
+    def self.install!
+      Yabeda.configure do
+        group :solid_queue
+
+        gauge :jobs_failed_count, comment: "Number of failed jobs"
+        gauge :jobs_unreleased_count, comment: "Number of claimed jobs that don't belong to any process"
+        gauge :jobs_scheduled_and_delayed_count, comment: "Number of scheduled jobs that have over 5 minutes delay"
+        gauge :recurring_tasks_count, comment: "Number of recurring jobs scheduled"
+        gauge :recurring_tasks_delayed_count, comment: "Number of recurring jobs that haven't been enqueued within their schedule"
+
+        collect do
+          if ::SolidQueue.supervisor?
+            solid_queue.jobs_failed_count.set({}, ::SolidQueue::FailedExecution.count)
+            solid_queue.jobs_unreleased_count.set({}, ::SolidQueue::ClaimedExecution.where(process: nil).count)
+            solid_queue.jobs_scheduled_and_delayed_count.set({}, ::SolidQueue::ScheduledExecution.where(scheduled_at: ..5.minutes.ago).count)
+            solid_queue.recurring_tasks_count.set({}, ::SolidQueue::RecurringTask.count)
+            solid_queue.recurring_tasks_delayed_count.set({}, ::SolidQueue::RecurringTask.count do |task|
+              task.last_enqueued_time.present? && (task.previous_time - task.last_enqueued_time) > 5.minutes
+            end)
+          end
+        end
+      end
+    end
+  end
+end

data/test/models/signup_test.rb

@@ -0,0 +1,47 @@
+require "test_helper"
+
+class Fizzy::Saas::SignupTest < ActiveSupport::TestCase
+  test "#complete creates queenbee account and uses its id as tenant" do
+    queenbee_account = mock("queenbee_account")
+    queenbee_account.stubs(:id).returns(123456)
+
+    Queenbee::Remote::Account.expects(:create!).once.returns(queenbee_account)
+    Account.any_instance.expects(:setup_customer_template).once
+
+    Current.without_account do
+      assert_changes -> { Account.count }, +1 do
+        sequence_value_before = Account::ExternalIdSequence.value
+
+        signup = Signup.new(
+          full_name: "Kevin",
+          identity: identities(:kevin)
+        )
+
+        assert signup.complete
+
+        assert signup.account
+        assert_equal 123456, signup.account.external_account_id
+        assert_equal sequence_value_before, Account::ExternalIdSequence.value
+      end
+    end
+  end
+
+  test "#complete calls cancel on queenbee account when account creation fails" do
+    queenbee_account = mock("queenbee_account")
+    queenbee_account.stubs(:id).returns(789012)
+    queenbee_account.expects(:cancel).once
+
+    Queenbee::Remote::Account.expects(:create!).once.returns(queenbee_account)
+    Account.any_instance.stubs(:setup_customer_template).raises(StandardError.new("Account setup failed"))
+
+    Current.without_account do
+      signup = Signup.new(
+        full_name: "Kevin",
+        identity: identities(:kevin)
+      )
+
+      assert_not signup.complete
+      assert_includes signup.errors[:base], "Something went wrong, and we couldn't create your account. Please give it another try."
+    end
+  end
+end

metadata

@@ -0,0 +1,268 @@
+--- !ruby/object:Gem::Specification
+name: fizzy-saas
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Mike Dalessio
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 8.1.0.beta1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 8.1.0.beta1
+- !ruby/object:Gem::Dependency
+  name: queenbee
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails_structured_logging
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sentry-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sentry-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yabeda
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yabeda-actioncable
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yabeda-activejob
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yabeda-gc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yabeda-http_requests
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yabeda-prometheus-mmap
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yabeda-puma-plugin
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yabeda-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.10'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.10'
+- !ruby/object:Gem::Dependency
+  name: prometheus-client-mmap
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Rails engine that bundles with Fizzy to offer the hosted version at https://app.fizzy.do
+email:
+- mike@37signals.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE.md
+- README.md
+- Rakefile
+- app/assets/stylesheets/fizzy/saas/application.css
+- app/models/subscription.rb
+- app/views/layouts/fizzy/saas/application.html.erb
+- app/views/signup/completions/new.html.erb
+- app/views/signup/new.html.erb
+- config/database.yml
+- config/deploy.beta.yml
+- config/deploy.production.yml
+- config/deploy.staging.yml
+- config/deploy.yml
+- config/environments/beta.rb
+- config/environments/development.rb
+- config/environments/production.rb
+- config/environments/staging.rb
+- config/routes.rb
+- config/storage.yml
+- lib/fizzy/saas.rb
+- lib/fizzy/saas/engine.rb
+- lib/fizzy/saas/metrics.rb
+- lib/fizzy/saas/signup.rb
+- lib/fizzy/saas/testing.rb
+- lib/fizzy/saas/transaction_pinning.rb
+- lib/fizzy/saas/version.rb
+- lib/tasks/fizzy/saas_tasks.rake
+- lib/yabeda/solid_queue.rb
+- test/models/signup_test.rb
+homepage: https://github.com/basecamp/fizzy-saas
+licenses:
+- O'Saasy
+metadata:
+  allowed_push_host: https://rubygems.org
+  homepage_uri: https://github.com/basecamp/fizzy-saas
+  source_code_uri: https://github.com/basecamp/fizzy-saas
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.7.2
+specification_version: 4
+summary: 37signals SaaS companion for Fizzy
+test_files: []