@oneuptime/common 9.1.0 → 9.1.2

package/Models/DatabaseModels/BillingPaymentMethod.ts

@@ -20,7 +20,11 @@ import { Column, Entity, Index, JoinColumn, ManyToOne } from "typeorm";
 @AllowAccessIfSubscriptionIsUnpaid()
 @TenantColumn("projectId")
 @TableAccessControl({
-  create: [Permission.ProjectOwner, Permission.CreateBillingPaymentMethod],
+  create: [
+    Permission.ProjectOwner,
+    Permission.ManageProjectBilling,
+    Permission.CreateBillingPaymentMethod,
+  ],
   read: [
     Permission.ProjectOwner,
     Permission.ProjectUser,
@@ -28,7 +32,11 @@ import { Column, Entity, Index, JoinColumn, ManyToOne } from "typeorm";
     Permission.ProjectMember,
     Permission.ReadBillingPaymentMethod,
   ],
-  delete: [Permission.ProjectOwner, Permission.DeleteBillingPaymentMethod],
+  delete: [
+    Permission.ProjectOwner,
+    Permission.ManageProjectBilling,
+    Permission.DeleteBillingPaymentMethod,
+  ],
   update: [],
 })
 @CrudApiEndpoint(new Route("/billing-payment-methods"))
@@ -45,7 +53,11 @@ import { Column, Entity, Index, JoinColumn, ManyToOne } from "typeorm";
 })
 export default class BillingPaymentMethod extends BaseModel {
   @ColumnAccessControl({
-    create: [Permission.ProjectOwner, Permission.CreateBillingPaymentMethod],
+    create: [
+      Permission.ProjectOwner,
+      Permission.ManageProjectBilling,
+      Permission.CreateBillingPaymentMethod,
+    ],
     read: [
       Permission.ProjectOwner,
       Permission.ProjectUser,
@@ -77,7 +89,11 @@ export default class BillingPaymentMethod extends BaseModel {
   public project?: Project = undefined;
 
   @ColumnAccessControl({
-    create: [Permission.ProjectOwner, Permission.CreateBillingPaymentMethod],
+    create: [
+      Permission.ProjectOwner,
+      Permission.ManageProjectBilling,
+      Permission.CreateBillingPaymentMethod,
+    ],
     read: [
       Permission.ProjectOwner,
       Permission.ProjectAdmin,
@@ -103,7 +119,11 @@ export default class BillingPaymentMethod extends BaseModel {
   public projectId?: ObjectID = undefined;
 
   @ColumnAccessControl({
-    create: [Permission.ProjectOwner, Permission.CreateBillingPaymentMethod],
+    create: [
+      Permission.ProjectOwner,
+      Permission.ManageProjectBilling,
+      Permission.CreateBillingPaymentMethod,
+    ],
     read: [
       Permission.ProjectOwner,
       Permission.ProjectAdmin,
@@ -136,7 +156,11 @@ export default class BillingPaymentMethod extends BaseModel {
   public createdByUser?: User = undefined;
 
   @ColumnAccessControl({
-    create: [Permission.ProjectOwner, Permission.CreateBillingPaymentMethod],
+    create: [
+      Permission.ProjectOwner,
+      Permission.ManageProjectBilling,
+      Permission.CreateBillingPaymentMethod,
+    ],
     read: [
       Permission.ProjectOwner,
       Permission.ProjectAdmin,
@@ -218,7 +242,11 @@ export default class BillingPaymentMethod extends BaseModel {
   public deletedByUserId?: ObjectID = undefined;
 
   @ColumnAccessControl({
-    create: [Permission.ProjectOwner, Permission.CreateBillingPaymentMethod],
+    create: [
+      Permission.ProjectOwner,
+      Permission.ManageProjectBilling,
+      Permission.CreateBillingPaymentMethod,
+    ],
     read: [
       Permission.ProjectOwner,
       Permission.ProjectAdmin,
@@ -278,7 +306,11 @@ export default class BillingPaymentMethod extends BaseModel {
   public paymentProviderCustomerId?: string = undefined;
 
   @ColumnAccessControl({
-    create: [Permission.ProjectOwner, Permission.CreateBillingPaymentMethod],
+    create: [
+      Permission.ProjectOwner,
+      Permission.ManageProjectBilling,
+      Permission.CreateBillingPaymentMethod,
+    ],
     read: [
       Permission.ProjectOwner,
       Permission.ProjectAdmin,
@@ -298,7 +330,11 @@ export default class BillingPaymentMethod extends BaseModel {
   public last4Digits?: string = undefined;
 
   @ColumnAccessControl({
-    create: [Permission.ProjectOwner, Permission.CreateBillingPaymentMethod],
+    create: [
+      Permission.ProjectOwner,
+      Permission.ManageProjectBilling,
+      Permission.CreateBillingPaymentMethod,
+    ],
     read: [
       Permission.ProjectOwner,
       Permission.ProjectAdmin,

package/Models/DatabaseModels/Incident.ts

@@ -228,6 +228,43 @@ export default class Incident extends BaseModel {
   })
   public description?: string = undefined;
 
+  @ColumnAccessControl({
+    create: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ProjectMember,
+      Permission.CreateProjectIncident,
+    ],
+    read: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ProjectMember,
+      Permission.ReadProjectIncident,
+    ],
+    update: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ProjectMember,
+      Permission.EditProjectIncident,
+    ],
+  })
+  @Index()
+  @TableColumn({
+    required: true,
+    type: TableColumnType.Date,
+    title: "Declared At",
+    description: "Date and time when this incident was declared.",
+    isDefaultValueColumn: true,
+  })
+  @Column({
+    type: ColumnType.Date,
+    nullable: false,
+    default: () => {
+      return "now()";
+    },
+  })
+  public declaredAt?: Date = undefined;
+
   @Index()
   @ColumnAccessControl({
     create: [],

package/Models/DatabaseModels/StatusPageDomain.ts

@@ -282,8 +282,9 @@ export default class StatusPageDomain extends BaseModel {
   @TableColumn({
     required: true,
     type: TableColumnType.ShortText,
-    title: "Sumdomain",
-    description: "Subdomain of your status page - like (status)",
+    title: "Subdomain",
+    description:
+      "Subdomain label for your status page such as 'status'. Leave blank or enter @ to use the root domain.",
   })
   @Column({
     nullable: false,

package/Models/DatabaseModels/User.ts

@@ -30,7 +30,7 @@ import { Column, Entity, Index, JoinColumn, ManyToOne } from "typeorm";
 })
 @AllowAccessIfSubscriptionIsUnpaid()
 @TableAccessControl({
-  create: [Permission.Public],
+  create: [],
   read: [Permission.CurrentUser],
   delete: [Permission.CurrentUser],
   update: [Permission.CurrentUser],

package/Server/API/BillingPaymentMethodAPI.ts

@@ -42,17 +42,16 @@ export default class UserAPI extends BaseAPI<
           const userPermissions: Array<UserPermission> = (
             await this.getPermissionsForTenant(req)
           ).filter((permission: UserPermission) => {
-            return (
-              permission.permission.toString() ===
-                Permission.ProjectOwner.toString() ||
-              permission.permission.toString() ===
-                Permission.CreateBillingPaymentMethod.toString()
-            );
+            return [
+              Permission.ProjectOwner,
+              Permission.ManageProjectBilling,
+              Permission.CreateBillingPaymentMethod,
+            ].includes(permission.permission);
           });
 
           if (userPermissions.length === 0) {
             throw new BadDataException(
-              "Only Project owner can add payment methods.",
+              "Only project owners or members with Manage Billing access can add payment methods.",
             );
           }
 

package/Server/API/StatusPageAPI.ts

@@ -1421,6 +1421,7 @@ export default class StatusPageAPI extends BaseAPI<
           if (monitorsOnStatusPage.length > 0) {
             let select: Select<Incident> = {
               createdAt: true,
+              declaredAt: true,
               title: true,
               description: true,
               _id: true,
@@ -1474,6 +1475,7 @@ export default class StatusPageAPI extends BaseAPI<
                 },
                 select: select,
                 sort: {
+                  declaredAt: SortOrder.Descending,
                   createdAt: SortOrder.Descending,
                 },
 
@@ -2809,7 +2811,7 @@ export default class StatusPageAPI extends BaseAPI<
               manageSubscriptionUrl: manageUrlink,
             },
             subject:
-              "Manage your Subscription for" +
+              "Manage your Subscription for " +
               (statusPage.name || "Status Page"),
           },
           {
@@ -3303,6 +3305,7 @@ export default class StatusPageAPI extends BaseAPI<
 
     let selectIncidents: Select<Incident> = {
       createdAt: true,
+      declaredAt: true,
       title: true,
       description: true,
       _id: true,
@@ -3336,6 +3339,7 @@ export default class StatusPageAPI extends BaseAPI<
         query: incidentQuery,
         select: selectIncidents,
         sort: {
+          declaredAt: SortOrder.Descending,
           createdAt: SortOrder.Descending,
         },
         skip: 0,
@@ -3373,6 +3377,7 @@ export default class StatusPageAPI extends BaseAPI<
           },
           select: selectIncidents,
           sort: {
+            declaredAt: SortOrder.Descending,
             createdAt: SortOrder.Descending,
           },
 

package/Server/EnvironmentConfig.ts

@@ -44,6 +44,8 @@ const FRONTEND_ENV_ALLOW_LIST: Array<string> = [
   "DISABLE_TELEMETRY",
   "SLACK_APP_CLIENT_ID",
   "MICROSOFT_TEAMS_APP_CLIENT_ID",
+  "CAPTCHA_ENABLED",
+  "CAPTCHA_SITE_KEY",
 ];
 
 const FRONTEND_ENV_ALLOW_PREFIXES: Array<string> = [
@@ -324,6 +326,13 @@ export const Host: string = process.env["HOST"] || "";
 
 export const ProvisionSsl: boolean = process.env["PROVISION_SSL"] === "true";
 
+export const CaptchaEnabled: boolean =
+  process.env["CAPTCHA_ENABLED"] === "true";
+
+export const CaptchaSecretKey: string = process.env["CAPTCHA_SECRET_KEY"] || "";
+
+export const CaptchaSiteKey: string = process.env["CAPTCHA_SITE_KEY"] || "";
+
 export const WorkflowScriptTimeoutInMS: number = process.env[
   "WORKFLOW_SCRIPT_TIMEOUT_IN_MS"
 ]
@@ -446,6 +455,8 @@ export const MicrosoftTeamsAppClientId: string | null =
   process.env["MICROSOFT_TEAMS_APP_CLIENT_ID"] || null;
 export const MicrosoftTeamsAppClientSecret: string | null =
   process.env["MICROSOFT_TEAMS_APP_CLIENT_SECRET"] || null;
+export const MicrosoftTeamsAppTenantId: string | null =
+  process.env["MICROSOFT_TEAMS_APP_TENANT_ID"] || null;
 
 // VAPID Configuration for Web Push Notifications
 export const VapidPublicKey: string | undefined =

package/Server/Infrastructure/Postgres/SchemaMigrations/1764324618043-MigrationName.ts

@@ -0,0 +1,30 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class MigrationName1764324618043 implements MigrationInterface {
+  public name = "MigrationName1764324618043";
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "Incident" ADD "declaredAt" TIMESTAMP WITH TIME ZONE`,
+    );
+    await queryRunner.query(
+      `UPDATE "Incident" SET "declaredAt" = "createdAt" WHERE "declaredAt" IS NULL`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "Incident" ALTER COLUMN "declaredAt" SET DEFAULT now()`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "Incident" ALTER COLUMN "declaredAt" SET NOT NULL`,
+    );
+    await queryRunner.query(
+      `CREATE INDEX "IDX_b26979b9f119310661734465a4" ON "Incident" ("declaredAt") `,
+    );
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `DROP INDEX "public"."IDX_b26979b9f119310661734465a4"`,
+    );
+    await queryRunner.query(`ALTER TABLE "Incident" DROP COLUMN "declaredAt"`);
+  }
+}

package/Server/Infrastructure/Postgres/SchemaMigrations/Index.ts

@@ -186,6 +186,7 @@ import { MigrationName1763471659817 } from "./1763471659817-MigrationName";
 import { MigrationName1763477560906 } from "./1763477560906-MigrationName";
 import { MigrationName1763480947474 } from "./1763480947474-MigrationName";
 import { MigrationName1763643080445 } from "./1763643080445-MigrationName";
+import { MigrationName1764324618043 } from "./1764324618043-MigrationName";
 
 export default [
   InitialMigration,
@@ -376,4 +377,5 @@ export default [
   MigrationName1763477560906,
   MigrationName1763480947474,
   MigrationName1763643080445,
+  MigrationName1764324618043,
 ];

package/Server/Services/IncidentService.ts

@@ -480,6 +480,14 @@ export class Service extends DatabaseService<Model> {
     const projectId: ObjectID =
       createBy.props.tenantId || createBy.data.projectId!;
 
+    if (!createBy.data.declaredAt) {
+      createBy.data.declaredAt = OneUptimeDate.getCurrentDate();
+    } else {
+      createBy.data.declaredAt = OneUptimeDate.fromString(
+        createBy.data.declaredAt as Date,
+      );
+    }
+
     // Determine the initial incident state
     let initialIncidentStateId: ObjectID | undefined = undefined;
 
@@ -975,6 +983,7 @@ ${incident.remediationNotes || "No remediation notes provided."}
         notifyOwners: false,
         rootCause: createdItem.rootCause,
         stateChangeLog: createdItem.createdStateLog,
+        timelineStartsAt: createdItem.declaredAt,
         props: {
           isRoot: true,
         },
@@ -1790,6 +1799,7 @@ ${incidentSeverity.name}
       limit: LIMIT_MAX,
       skip: 0,
       select: {
+        _id: true,
         projectId: true,
         monitors: {
           _id: true,
@@ -1821,6 +1831,18 @@ ${incidentSeverity.name}
             incident.monitors,
           );
         }
+
+        if (incident.projectId && incident.id) {
+          await MetricService.deleteBy({
+            query: {
+              projectId: incident.projectId,
+              serviceId: incident.id,
+            },
+            props: {
+              isRoot: true,
+            },
+          });
+        }
       }
     }
 
@@ -1838,6 +1860,7 @@ ${incidentSeverity.name}
     rootCause: string | undefined;
     stateChangeLog: JSONObject | undefined;
     props: DatabaseCommonInteractionProps | undefined;
+    timelineStartsAt?: Date | string | undefined;
   }): Promise<void> {
     const {
       projectId,
@@ -1849,8 +1872,13 @@ ${incidentSeverity.name}
       rootCause,
       stateChangeLog,
       props,
+      timelineStartsAt,
     } = data;
 
+    const declaredTimelineStart: Date | undefined = timelineStartsAt
+      ? OneUptimeDate.fromString(timelineStartsAt as Date)
+      : undefined;
+
     // get last monitor status timeline.
     const lastIncidentStatusTimeline: IncidentStateTimeline | null =
       await IncidentStateTimelineService.findOneBy({
@@ -1888,6 +1916,10 @@ ${incidentSeverity.name}
     statusTimeline.shouldStatusPageSubscribersBeNotified =
       shouldNotifyStatusPageSubscribers;
 
+    if (!lastIncidentStatusTimeline && declaredTimelineStart) {
+      statusTimeline.startsAt = declaredTimelineStart;
+    }
+
     // Map boolean to enum value
     statusTimeline.subscriberNotificationStatus = isSubscribersNotified
       ? StatusPageSubscriberNotificationStatus.Success
@@ -1914,6 +1946,7 @@ ${incidentSeverity.name}
       id: data.incidentId,
       select: {
         projectId: true,
+        declaredAt: true,
         monitors: {
           _id: true,
           name: true,
@@ -1970,6 +2003,7 @@ ${incidentSeverity.name}
 
     await MetricService.deleteBy({
       query: {
+        projectId: incident.projectId,
         serviceId: data.incidentId,
       },
       props: {
@@ -1983,6 +2017,7 @@ ${incidentSeverity.name}
 
     const incidentStartsAt: Date =
       firstIncidentStateTimeline?.startsAt ||
+      incident.declaredAt ||
       incident.createdAt ||
       OneUptimeDate.getCurrentDate();
 
@@ -2075,6 +2110,7 @@ ${incidentSeverity.name}
 
         timeToAcknowledgeMetric.time =
           ackIncidentStateTimeline?.startsAt ||
+          incident.declaredAt ||
           incident.createdAt ||
           OneUptimeDate.getCurrentDate();
         timeToAcknowledgeMetric.timeUnixNano = OneUptimeDate.toUnixNano(
@@ -2140,6 +2176,7 @@ ${incidentSeverity.name}
 
         timeToResolveMetric.time =
           resolvedIncidentStateTimeline?.startsAt ||
+          incident.declaredAt ||
           incident.createdAt ||
           OneUptimeDate.getCurrentDate();
         timeToResolveMetric.timeUnixNano = OneUptimeDate.toUnixNano(
@@ -2200,6 +2237,7 @@ ${incidentSeverity.name}
 
       incidentDurationMetric.time =
         lastIncidentStateTimeline?.startsAt ||
+        incident.declaredAt ||
         incident.createdAt ||
         OneUptimeDate.getCurrentDate();
       incidentDurationMetric.timeUnixNano = OneUptimeDate.toUnixNano(

package/Server/Services/MonitorService.ts

@@ -63,14 +63,13 @@ import MonitorFeedService from "./MonitorFeedService";
 import { MonitorFeedEventType } from "../../Models/DatabaseModels/MonitorFeed";
 import { Gray500, Green500 } from "../../Types/BrandColors";
 import LabelService from "./LabelService";
-import QueryOperator from "../../Types/BaseDatabase/QueryOperator";
-import { FindWhere } from "../../Types/BaseDatabase/Query";
 import logger from "../Utils/Logger";
 import PushNotificationUtil from "../Utils/PushNotificationUtil";
 import ExceptionMessages from "../../Types/Exception/ExceptionMessages";
 import Project from "../../Models/DatabaseModels/Project";
 import { createWhatsAppMessageFromTemplate } from "../Utils/WhatsAppTemplateUtil";
 import { WhatsAppMessagePayload } from "../../Types/WhatsApp/WhatsAppMessage";
+import MetricService from "./MetricService";
 
 export class Service extends DatabaseService<Model> {
   public constructor() {
@@ -136,12 +135,26 @@ export class Service extends DatabaseService<Model> {
   protected override async onBeforeDelete(
     deleteBy: DeleteBy<Model>,
   ): Promise<OnDelete<Model>> {
-    if (deleteBy.query._id) {
-      // delete all the status page resource for this monitor.
+    const monitorsPendingDeletion: Array<Model> = await this.findBy({
+      query: deleteBy.query,
+      limit: LIMIT_MAX,
+      skip: 0,
+      select: {
+        _id: true,
+        projectId: true,
+      },
+      props: deleteBy.props,
+    });
 
+    for (const monitor of monitorsPendingDeletion) {
+      if (!monitor.id) {
+        continue;
+      }
+
+      // delete all the status page resources for this monitor.
       await StatusPageResourceService.deleteBy({
         query: {
-          monitorId: new ObjectID(deleteBy.query._id as string),
+          monitorId: monitor.id,
         },
         limit: LIMIT_MAX,
         skip: 0,
@@ -150,37 +163,19 @@ export class Service extends DatabaseService<Model> {
         },
       });
 
-      let projectId: FindWhere<ObjectID> | QueryOperator<ObjectID> | undefined =
-        deleteBy.query.projectId || deleteBy.props.tenantId;
+      const projectId: ObjectID | undefined = monitor.projectId as
+        | ObjectID
+        | undefined;
 
       if (!projectId) {
-        // fetch this monitor from the database to get the projectId.
-        const monitor: Model | null = await this.findOneById({
-          id: new ObjectID(deleteBy.query._id as string) as ObjectID,
-          select: {
-            projectId: true,
-          },
-          props: {
-            isRoot: true,
-          },
-        });
-
-        if (!monitor) {
-          throw new BadDataException(ExceptionMessages.MonitorNotFound);
-        }
-
-        if (!monitor.id) {
-          throw new BadDataException(ExceptionMessages.MonitorNotFound);
-        }
-
-        projectId = monitor.projectId!;
+        continue;
       }
 
       try {
         await WorkspaceNotificationRuleService.archiveWorkspaceChannels({
-          projectId: projectId as ObjectID,
+          projectId: projectId,
           notificationFor: {
-            monitorId: new ObjectID(deleteBy.query._id as string) as ObjectID,
+            monitorId: monitor.id,
           },
           sendMessageBeforeArchiving: {
             _type: "WorkspacePayloadMarkdown",
@@ -189,12 +184,17 @@ export class Service extends DatabaseService<Model> {
         });
       } catch (error) {
         logger.error(
-          `Error while archiving workspace channels for monitor ${deleteBy.query._id}: ${error}`,
+          `Error while archiving workspace channels for monitor ${monitor.id?.toString()}: ${error}`,
         );
       }
     }
 
-    return { deleteBy, carryForward: null };
+    return {
+      deleteBy,
+      carryForward: {
+        monitors: monitorsPendingDeletion,
+      },
+    };
   }
 
   @CaptureSpan()
@@ -208,6 +208,24 @@ export class Service extends DatabaseService<Model> {
       );
     }
 
+    if (onDelete.carryForward && onDelete.carryForward.monitors) {
+      for (const monitor of onDelete.carryForward.monitors as Array<Model>) {
+        if (!monitor.projectId || !monitor.id) {
+          continue;
+        }
+
+        await MetricService.deleteBy({
+          query: {
+            projectId: monitor.projectId,
+            serviceId: monitor.id,
+          },
+          props: {
+            isRoot: true,
+          },
+        });
+      }
+    }
+
     return onDelete;
   }
 

package/Server/Services/ScheduledMaintenanceStateTimelineService.ts

@@ -510,12 +510,30 @@ export class Service extends DatabaseService<ScheduledMaintenanceStateTimeline>
           monitors: {
             _id: true,
           },
+          nextSubscriberNotificationBeforeTheEventAt: true,
         },
         props: {
           isRoot: true,
         },
       });
 
+    const hasProgressedBeyondScheduledState: boolean = Boolean(
+      scheduledMaintenanceState && !scheduledMaintenanceState.isScheduledState,
+    );
+
+    if (
+      hasProgressedBeyondScheduledState &&
+      scheduledMaintenanceEvent?.nextSubscriberNotificationBeforeTheEventAt
+    ) {
+      await ScheduledMaintenanceService.updateOneById({
+        id: createdItem.scheduledMaintenanceId!,
+        data: {
+          nextSubscriberNotificationBeforeTheEventAt: null,
+        },
+        props: onCreate.createBy.props,
+      });
+    }
+
     if (isOngoingState) {
       if (
         scheduledMaintenanceEvent &&

package/Server/Services/StatusPageDomainService.ts

@@ -48,19 +48,26 @@ export class Service extends DatabaseService<StatusPageDomain> {
       );
     }
 
-    if (createBy.data.subdomain) {
-      // trim and lowercase the subdomain.
-      createBy.data.subdomain = createBy.data.subdomain.trim().toLowerCase();
+    let normalizedSubdomain: string =
+      createBy.data.subdomain?.trim().toLowerCase() || "";
+
+    if (normalizedSubdomain === "@") {
+      normalizedSubdomain = "";
     }
 
+    createBy.data.subdomain = normalizedSubdomain;
+
     if (domain) {
-      createBy.data.fullDomain = (
-        createBy.data.subdomain +
-        "." +
-        domain.domain?.toString()
-      )
-        .toLowerCase()
-        .trim();
+      const baseDomain: string =
+        domain.domain?.toString().toLowerCase().trim() || "";
+
+      if (!baseDomain) {
+        throw new BadDataException("Please select a valid domain.");
+      }
+
+      createBy.data.fullDomain = normalizedSubdomain
+        ? `${normalizedSubdomain}.${baseDomain}`
+        : baseDomain;
     }
 
     createBy.data.cnameVerificationToken = ObjectID.generate().toString();