@oneuptime/common 10.0.11 → 10.0.15

package/Models/AnalyticsModels/ExceptionInstance.ts

@@ -311,6 +311,77 @@ export default class ExceptionInstance extends AnalyticsBaseModel {
       },
     });
 
+    const releaseColumn: AnalyticsTableColumn = new AnalyticsTableColumn({
+      key: "release",
+      title: "Release",
+      description:
+        "Service version / release from service.version resource attribute",
+      required: false,
+      type: TableColumnType.Text,
+      accessControl: {
+        read: [
+          Permission.ProjectOwner,
+          Permission.ProjectAdmin,
+          Permission.ProjectMember,
+          Permission.ReadTelemetryException,
+        ],
+        create: [
+          Permission.ProjectOwner,
+          Permission.ProjectAdmin,
+          Permission.ProjectMember,
+          Permission.CreateTelemetryException,
+        ],
+        update: [],
+      },
+    });
+
+    const environmentColumn: AnalyticsTableColumn = new AnalyticsTableColumn({
+      key: "environment",
+      title: "Environment",
+      description:
+        "Deployment environment from deployment.environment resource attribute",
+      required: false,
+      type: TableColumnType.Text,
+      accessControl: {
+        read: [
+          Permission.ProjectOwner,
+          Permission.ProjectAdmin,
+          Permission.ProjectMember,
+          Permission.ReadTelemetryException,
+        ],
+        create: [
+          Permission.ProjectOwner,
+          Permission.ProjectAdmin,
+          Permission.ProjectMember,
+          Permission.CreateTelemetryException,
+        ],
+        update: [],
+      },
+    });
+
+    const parsedFramesColumn: AnalyticsTableColumn = new AnalyticsTableColumn({
+      key: "parsedFrames",
+      title: "Parsed Stack Frames",
+      description: "Stack trace parsed into structured frames (JSON array)",
+      required: false,
+      type: TableColumnType.Text,
+      accessControl: {
+        read: [
+          Permission.ProjectOwner,
+          Permission.ProjectAdmin,
+          Permission.ProjectMember,
+          Permission.ReadTelemetryException,
+        ],
+        create: [
+          Permission.ProjectOwner,
+          Permission.ProjectAdmin,
+          Permission.ProjectMember,
+          Permission.CreateTelemetryException,
+        ],
+        update: [],
+      },
+    });
+
     const attributesColumn: AnalyticsTableColumn = new AnalyticsTableColumn({
       key: "attributes",
       title: "Attributes",
@@ -384,6 +455,9 @@ export default class ExceptionInstance extends AnalyticsBaseModel {
         spanIdColumn,
         fingerprintColumn,
         spanNameColumn,
+        releaseColumn,
+        environmentColumn,
+        parsedFramesColumn,
         attributesColumn,
       ],
       projections: [],
@@ -504,4 +578,28 @@ export default class ExceptionInstance extends AnalyticsBaseModel {
   public set spanName(v: string | undefined) {
     this.setColumnValue("spanName", v);
   }
+
+  public get release(): string | undefined {
+    return this.getColumnValue("release") as string | undefined;
+  }
+
+  public set release(v: string | undefined) {
+    this.setColumnValue("release", v);
+  }
+
+  public get environment(): string | undefined {
+    return this.getColumnValue("environment") as string | undefined;
+  }
+
+  public set environment(v: string | undefined) {
+    this.setColumnValue("environment", v);
+  }
+
+  public get parsedFrames(): string | undefined {
+    return this.getColumnValue("parsedFrames") as string | undefined;
+  }
+
+  public set parsedFrames(v: string | undefined) {
+    this.setColumnValue("parsedFrames", v);
+  }
 }

package/Models/DatabaseModels/TelemetryException.ts

@@ -1026,4 +1026,109 @@ export default class TelemetryException extends DatabaseBaseModel {
     default: 1,
   })
   public occuranceCount?: number = undefined;
+
+  @ColumnAccessControl({
+    create: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.CreateTelemetryException,
+    ],
+    read: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ProjectMember,
+      Permission.ReadTelemetryException,
+      Permission.ReadAllProjectResources,
+    ],
+    update: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.EditTelemetryException,
+    ],
+  })
+  @TableColumn({
+    required: false,
+    type: TableColumnType.LongText,
+    canReadOnRelationQuery: true,
+    title: "First Seen In Release",
+    description:
+      "The service version / release in which this exception was first observed",
+    example: "v1.2.3",
+  })
+  @Column({
+    nullable: true,
+    type: ColumnType.LongText,
+    length: ColumnLength.LongText,
+  })
+  public firstSeenInRelease?: string = undefined;
+
+  @ColumnAccessControl({
+    create: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.CreateTelemetryException,
+    ],
+    read: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ProjectMember,
+      Permission.ReadTelemetryException,
+      Permission.ReadAllProjectResources,
+    ],
+    update: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.EditTelemetryException,
+    ],
+  })
+  @TableColumn({
+    required: false,
+    type: TableColumnType.LongText,
+    canReadOnRelationQuery: true,
+    title: "Last Seen In Release",
+    description:
+      "The most recent service version / release in which this exception was observed",
+    example: "v1.4.0",
+  })
+  @Column({
+    nullable: true,
+    type: ColumnType.LongText,
+    length: ColumnLength.LongText,
+  })
+  public lastSeenInRelease?: string = undefined;
+
+  @ColumnAccessControl({
+    create: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.CreateTelemetryException,
+    ],
+    read: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ProjectMember,
+      Permission.ReadTelemetryException,
+      Permission.ReadAllProjectResources,
+    ],
+    update: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.EditTelemetryException,
+    ],
+  })
+  @TableColumn({
+    required: false,
+    type: TableColumnType.LongText,
+    canReadOnRelationQuery: true,
+    title: "Environment",
+    description:
+      "Deployment environment from deployment.environment resource attribute",
+    example: "production",
+  })
+  @Column({
+    nullable: true,
+    type: ColumnType.LongText,
+    length: ColumnLength.LongText,
+  })
+  public environment?: string = undefined;
 }

package/Models/DatabaseModels/User.ts

@@ -351,6 +351,33 @@ class User extends UserModel {
   })
   public resetPasswordExpires?: Date = undefined;
 
+  @ColumnAccessControl({
+    create: [],
+    read: [],
+    update: [],
+  })
+  @TableColumn({ type: TableColumnType.ShortText })
+  @Column({
+    type: ColumnType.ShortText,
+    length: ColumnLength.ShortText,
+    nullable: true,
+    unique: false,
+  })
+  public webauthnChallenge?: string = undefined;
+
+  @ColumnAccessControl({
+    create: [],
+    read: [],
+    update: [],
+  })
+  @TableColumn({ type: TableColumnType.Date })
+  @Column({
+    type: ColumnType.Date,
+    nullable: true,
+    unique: false,
+  })
+  public webauthnChallengeExpiresAt?: Date = undefined;
+
   @ColumnAccessControl({
     create: [],
     read: [Permission.CurrentUser],

package/Server/API/UserWebAuthnAPI.ts

@@ -54,12 +54,10 @@ export default class UserWebAuthnAPI extends BaseAPI<
           const databaseProps: DatabaseCommonInteractionProps =
             await CommonAPI.getDatabaseCommonInteractionProps(req);
 
-          const expectedChallenge: string = data["challenge"] as string;
           const credential: any = data["credential"];
           const name: string = data["name"] as string;
 
           await UserWebAuthnService.verifyRegistration({
-            challenge: expectedChallenge,
             credential: credential,
             name: name,
             props: databaseProps,

package/Server/Infrastructure/Postgres/SchemaMigrations/1772111896988-MigrationName.ts

@@ -0,0 +1,41 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class MigrationName1772111896988 implements MigrationInterface {
+  public name = "MigrationName1772111896988";
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "TelemetryException" ADD "firstSeenInRelease" character varying(500)`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "TelemetryException" ADD "lastSeenInRelease" character varying(500)`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "OnCallDutyPolicyScheduleLayer" ALTER COLUMN "rotation" SET DEFAULT '{"_type":"Recurring","value":{"intervalType":"Day","intervalCount":{"_type":"PositiveNumber","value":1}}}'`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "OnCallDutyPolicyScheduleLayer" ALTER COLUMN "restrictionTimes" SET DEFAULT '{"_type":"RestrictionTimes","value":{"restictionType":"None","dayRestrictionTimes":null,"weeklyRestrictionTimes":[]}}'`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "TelemetryException" ADD "environment" character varying(500)`,
+    );
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "TelemetryException" DROP COLUMN "environment"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "OnCallDutyPolicyScheduleLayer" ALTER COLUMN "restrictionTimes" SET DEFAULT '{"_type": "RestrictionTimes", "value": {"restictionType": "None", "dayRestrictionTimes": null, "weeklyRestrictionTimes": []}}'`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "OnCallDutyPolicyScheduleLayer" ALTER COLUMN "rotation" SET DEFAULT '{"_type": "Recurring", "value": {"intervalType": "Day", "intervalCount": {"_type": "PositiveNumber", "value": 1}}}'`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "TelemetryException" DROP COLUMN "lastSeenInRelease"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "TelemetryException" DROP COLUMN "firstSeenInRelease"`,
+    );
+  }
+}

package/Server/Infrastructure/Postgres/SchemaMigrations/1772280000000-MigrationName.ts

@@ -0,0 +1,23 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class MigrationName1772280000000 implements MigrationInterface {
+  public name = "MigrationName1772280000000";
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "User" ADD "webauthnChallenge" character varying(100)`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "User" ADD "webauthnChallengeExpiresAt" TIMESTAMP WITH TIME ZONE`,
+    );
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "User" DROP COLUMN "webauthnChallengeExpiresAt"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "User" DROP COLUMN "webauthnChallenge"`,
+    );
+  }
+}

package/Server/Infrastructure/Postgres/SchemaMigrations/Index.ts

@@ -259,6 +259,8 @@ import { MigrationName1770732721195 } from "./1770732721195-MigrationName";
 import { MigrationName1770833704656 } from "./1770833704656-MigrationName";
 import { MigrationName1770834237090 } from "./1770834237090-MigrationName";
 import { MigrationName1770834237091 } from "./1770834237091-MigrationName";
+import { MigrationName1772111896988 } from "./1772111896988-MigrationName";
+import { MigrationName1772280000000 } from "./1772280000000-MigrationName";
 
 export default [
   InitialMigration,
@@ -522,4 +524,6 @@ export default [
   MigrationName1770833704656,
   MigrationName1770834237090,
   MigrationName1770834237091,
+  MigrationName1772111896988,
+  MigrationName1772280000000,
 ];

package/Server/Services/MonitorTestService.ts

@@ -1,11 +1,112 @@
-import DatabaseService from "./DatabaseService";
+import DatabaseService, { EntityManager } from "./DatabaseService";
 import MonitorTest from "../../Models/DatabaseModels/MonitorTest";
+import ObjectID from "../../Types/ObjectID";
+import OneUptimeDate from "../../Types/Date";
+import { MonitorStepProbeResponse } from "../../Models/DatabaseModels/MonitorProbe";
 
 export class Service extends DatabaseService<MonitorTest> {
+  private static readonly STALE_TEST_CLAIM_TIMEOUT_IN_MINUTES: number = 10;
+
   public constructor() {
     super(MonitorTest);
     this.hardDeleteItemsOlderThanInDays("createdAt", 2); // this is temporary data. Clear it after 2 days.
   }
+
+  /**
+   * Atomically claims monitor tests for a specific probe instance using
+   * FOR UPDATE SKIP LOCKED so concurrent probe replicas do not execute the
+   * same monitor test.
+   */
+  public async claimMonitorTestsForProbing(data: {
+    probeId: ObjectID;
+    limit: number;
+  }): Promise<Array<ObjectID>> {
+    const staleClaimThreshold: Date = OneUptimeDate.addRemoveMinutes(
+      OneUptimeDate.getCurrentDate(),
+      -Service.STALE_TEST_CLAIM_TIMEOUT_IN_MINUTES,
+    );
+
+    return await this.executeTransaction(
+      async (transactionalEntityManager: EntityManager) => {
+        const selectQuery: string = `
+          SELECT mt."_id"
+          FROM "MonitorTest" mt
+          WHERE mt."probeId" = $1
+            AND (
+              mt."isInQueue" = true
+              OR (
+                mt."isInQueue" = false
+                AND mt."updatedAt" <= $3
+              )
+            )
+            AND mt."monitorStepProbeResponse" IS NULL
+            AND mt."deletedAt" IS NULL
+          ORDER BY mt."createdAt" ASC
+          LIMIT $2
+          FOR UPDATE OF mt SKIP LOCKED
+        `;
+
+        const selectedRows: Array<{ _id: string }> =
+          await transactionalEntityManager.query(selectQuery, [
+            data.probeId.toString(),
+            data.limit,
+            staleClaimThreshold,
+          ]);
+
+        if (selectedRows.length === 0) {
+          return [];
+        }
+
+        const ids: Array<string> = selectedRows.map((row: { _id: string }) => {
+          return row._id;
+        });
+
+        const updateQuery: string = `
+          UPDATE "MonitorTest"
+          SET "isInQueue" = false,
+              "updatedAt" = now()
+          WHERE "_id" = ANY($1::uuid[])
+        `;
+
+        await transactionalEntityManager.query(updateQuery, [ids]);
+
+        return ids.map((id: string) => {
+          return new ObjectID(id);
+        });
+      },
+    );
+  }
+
+  /**
+   * Merge a single step response into monitorStepProbeResponse atomically.
+   * This avoids step-response overwrite races when multiple step jobs are
+   * processed concurrently.
+   */
+  public async mergeStepProbeResponse(data: {
+    testId: ObjectID;
+    monitorStepProbeResponse: MonitorStepProbeResponse;
+  }): Promise<void> {
+    const testedAt: Date = OneUptimeDate.getCurrentDate();
+
+    await this.executeTransaction(
+      async (transactionalEntityManager: EntityManager) => {
+        const updateQuery: string = `
+          UPDATE "MonitorTest"
+          SET "monitorStepProbeResponse" = COALESCE("monitorStepProbeResponse", '{}'::jsonb) || $2::jsonb,
+              "testedAt" = $3,
+              "updatedAt" = now()
+          WHERE "_id" = $1
+            AND "deletedAt" IS NULL
+        `;
+
+        await transactionalEntityManager.query(updateQuery, [
+          data.testId.toString(),
+          JSON.stringify(data.monitorStepProbeResponse),
+          testedAt,
+        ]);
+      },
+    );
+  }
 }
 
 export default new Service();

package/Server/Services/UserWebAuthnService.ts

@@ -19,6 +19,9 @@ import ObjectID from "../../Types/ObjectID";
 import DatabaseCommonInteractionProps from "../../Types/BaseDatabase/DatabaseCommonInteractionProps";
 import UserTotpAuth from "../../Models/DatabaseModels/UserTotpAuth";
 import UserTotpAuthService from "./UserTotpAuthService";
+import OneUptimeDate from "../../Types/Date";
+
+const WEBAUTHN_CHALLENGE_TTL_MINUTES: number = 5;
 
 export class Service extends DatabaseService<Model> {
   public constructor() {
@@ -102,6 +105,21 @@ export class Service extends DatabaseService<Model> {
       );
     }
 
+    // Store the challenge server-side so verification uses a trusted value
+    await UserService.updateOneById({
+      id: data.userId,
+      data: {
+        webauthnChallenge: options.challenge,
+        webauthnChallengeExpiresAt: OneUptimeDate.addRemoveMinutes(
+          OneUptimeDate.getCurrentDate(),
+          WEBAUTHN_CHALLENGE_TTL_MINUTES,
+        ),
+      },
+      props: {
+        isRoot: true,
+      },
+    });
+
     return {
       options: options as any,
       challenge: options.challenge,
@@ -110,16 +128,24 @@ export class Service extends DatabaseService<Model> {
 
   @CaptureSpan()
   public async verifyRegistration(data: {
-    challenge: string;
     credential: any;
     name: string;
     props: DatabaseCommonInteractionProps;
   }): Promise<void> {
+    if (!data.props.userId) {
+      throw new BadDataException("User ID not found in request");
+    }
+
+    // Retrieve the challenge from the server-side store
+    const storedChallenge: string = await this.getAndClearStoredChallenge(
+      data.props.userId,
+    );
+
     const expectedOrigin: string = `${HttpProtocol}${Host.toString()}`;
 
     const verification: any = await verifyRegistrationResponse({
       response: data.credential,
-      expectedChallenge: data.challenge,
+      expectedChallenge: storedChallenge,
       expectedOrigin: expectedOrigin,
       expectedRPID: Host.toString(),
     });
@@ -134,10 +160,6 @@ export class Service extends DatabaseService<Model> {
       throw new BadDataException("Registration info not found");
     }
 
-    if (!data.props.userId) {
-      throw new BadDataException("User ID not found in request");
-    }
-
     // Save the credential
     const userWebAuthn: Model = Model.fromJSON(
       {
@@ -213,6 +235,21 @@ export class Service extends DatabaseService<Model> {
     options.challenge = Buffer.from(options.challenge).toString("base64url");
     // allowCredentials id is already base64url string
 
+    // Store the challenge server-side so verification uses a trusted value
+    await UserService.updateOneById({
+      id: user.id!,
+      data: {
+        webauthnChallenge: options.challenge,
+        webauthnChallengeExpiresAt: OneUptimeDate.addRemoveMinutes(
+          OneUptimeDate.getCurrentDate(),
+          WEBAUTHN_CHALLENGE_TTL_MINUTES,
+        ),
+      },
+      props: {
+        isRoot: true,
+      },
+    });
+
     return {
       options: options as any,
       challenge: options.challenge,
@@ -223,9 +260,13 @@ export class Service extends DatabaseService<Model> {
   @CaptureSpan()
   public async verifyAuthentication(data: {
     userId: string;
-    challenge: string;
     credential: any;
   }): Promise<User> {
+    // Retrieve the challenge from the server-side store
+    const storedChallenge: string = await this.getAndClearStoredChallenge(
+      new ObjectID(data.userId),
+    );
+
     const user: User | null = await UserService.findOneById({
       id: new ObjectID(data.userId),
       select: {
@@ -267,7 +308,7 @@ export class Service extends DatabaseService<Model> {
 
     const verification: any = await verifyAuthenticationResponse({
       response: data.credential,
-      expectedChallenge: data.challenge,
+      expectedChallenge: storedChallenge,
       expectedOrigin: expectedOrigin,
       expectedRPID: Host.toString(),
       credential: {
@@ -295,6 +336,73 @@ export class Service extends DatabaseService<Model> {
     return user;
   }
 
+  /**
+   * Retrieves the stored WebAuthn challenge for the given user,
+   * validates it has not expired, and clears it so it cannot be reused.
+   */
+  private async getAndClearStoredChallenge(userId: ObjectID): Promise<string> {
+    const user: User | null = await UserService.findOneById({
+      id: userId,
+      select: {
+        webauthnChallenge: true,
+        webauthnChallengeExpiresAt: true,
+      },
+      props: {
+        isRoot: true,
+      },
+    });
+
+    if (!user) {
+      throw new BadDataException("User not found");
+    }
+
+    if (!user.webauthnChallenge || !user.webauthnChallengeExpiresAt) {
+      throw new BadDataException(
+        "No pending WebAuthn challenge found. Please initiate the WebAuthn flow again.",
+      );
+    }
+
+    // Check expiry
+    if (
+      OneUptimeDate.isBefore(
+        user.webauthnChallengeExpiresAt,
+        OneUptimeDate.getCurrentDate(),
+      )
+    ) {
+      // Clear the expired challenge
+      await UserService.updateOneById({
+        id: userId,
+        data: {
+          webauthnChallenge: null as any,
+          webauthnChallengeExpiresAt: null as any,
+        },
+        props: {
+          isRoot: true,
+        },
+      });
+
+      throw new BadDataException(
+        "WebAuthn challenge has expired. Please initiate the WebAuthn flow again.",
+      );
+    }
+
+    const challenge: string = user.webauthnChallenge;
+
+    // Clear the challenge immediately so it cannot be reused (one-time use)
+    await UserService.updateOneById({
+      id: userId,
+      data: {
+        webauthnChallenge: null as any,
+        webauthnChallengeExpiresAt: null as any,
+      },
+      props: {
+        isRoot: true,
+      },
+    });
+
+    return challenge;
+  }
+
   @CaptureSpan()
   protected override async onBeforeCreate(
     createBy: CreateBy<Model>,

package/Server/Utils/Browser.ts

@@ -27,7 +27,6 @@ export default class BrowserUtil {
     "--disable-features=dbus", // additional D-Bus feature gate
     "--no-zygote", // skip zygote process that fails OOM score adjustments in containers
     // Memory optimization flags
-    "--single-process", // run browser in single process to reduce memory overhead
     "--disable-extensions", // no extensions needed for monitoring
     "--disable-background-networking", // disable background network requests
     "--disable-default-apps", // don't load default apps