@oneuptime/common 9.3.11 → 9.3.13

package/Models/DatabaseModels/ProjectSmtpConfig.ts

@@ -17,6 +17,8 @@ import TableMetadata from "../../Types/Database/TableMetadata";
 import TenantColumn from "../../Types/Database/TenantColumn";
 import UniqueColumnBy from "../../Types/Database/UniqueColumnBy";
 import Email from "../../Types/Email";
+import OAuthProviderType from "../../Types/Email/OAuthProviderType";
+import SMTPAuthenticationType from "../../Types/Email/SMTPAuthenticationType";
 import IconProp from "../../Types/Icon/IconProp";
 import ObjectID from "../../Types/ObjectID";
 import Permission from "../../Types/Permission";
@@ -561,4 +563,204 @@ export default class ProjectSmtpConfig extends BaseModel {
     default: true,
   })
   public secure?: boolean = undefined;
+
+  // OAuth 2.0 Configuration Fields
+
+  @ColumnAccessControl({
+    create: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.CreateProjectSMTPConfig,
+    ],
+    read: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ProjectMember,
+      Permission.ReadProjectSMTPConfig,
+    ],
+    update: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.EditProjectSMTPConfig,
+    ],
+  })
+  @TableColumn({
+    required: true,
+    type: TableColumnType.ShortText,
+    title: "Authentication Type",
+    description:
+      "The type of authentication to use for this SMTP server. Options: Username and Password, OAuth, or None.",
+    defaultValue: SMTPAuthenticationType.UsernamePassword,
+    example: "Username and Password",
+  })
+  @Column({
+    nullable: false,
+    type: ColumnType.ShortText,
+    length: ColumnLength.ShortText,
+    default: SMTPAuthenticationType.UsernamePassword,
+  })
+  public authType?: SMTPAuthenticationType = undefined;
+
+  @ColumnAccessControl({
+    create: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.CreateProjectSMTPConfig,
+    ],
+    read: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ProjectMember,
+      Permission.ReadProjectSMTPConfig,
+    ],
+    update: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.EditProjectSMTPConfig,
+    ],
+  })
+  @TableColumn({
+    required: false,
+    type: TableColumnType.ShortText,
+    title: "OAuth Client ID",
+    description:
+      "The Client ID from your OAuth application registration. Required for OAuth authentication.",
+    example: "12345678-1234-1234-1234-123456789012",
+  })
+  @Column({
+    nullable: true,
+    type: ColumnType.ShortText,
+    length: ColumnLength.ShortText,
+  })
+  public clientId?: string = undefined;
+
+  @ColumnAccessControl({
+    create: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.CreateProjectSMTPConfig,
+    ],
+    read: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ReadProjectSMTPConfig,
+    ],
+    update: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.EditProjectSMTPConfig,
+    ],
+  })
+  @TableColumn({
+    required: false,
+    type: TableColumnType.VeryLongText,
+    title: "OAuth Client Secret",
+    description:
+      "The Client Secret from your OAuth application registration. Required for OAuth authentication. For Google service accounts, this is the private key from the JSON key file.",
+    example: "your-client-secret",
+  })
+  @Column({
+    nullable: true,
+    type: ColumnType.VeryLongText,
+  })
+  public clientSecret?: string = undefined;
+
+  @ColumnAccessControl({
+    create: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.CreateProjectSMTPConfig,
+    ],
+    read: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ProjectMember,
+      Permission.ReadProjectSMTPConfig,
+    ],
+    update: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.EditProjectSMTPConfig,
+    ],
+  })
+  @TableColumn({
+    required: false,
+    type: TableColumnType.LongURL,
+    title: "OAuth Token URL",
+    description:
+      "The OAuth token endpoint URL. For Microsoft 365: https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token. For Google: https://oauth2.googleapis.com/token",
+    example:
+      "https://login.microsoftonline.com/your-tenant-id/oauth2/v2.0/token",
+  })
+  @Column({
+    nullable: true,
+    type: ColumnType.LongURL,
+  })
+  public tokenUrl?: string = undefined;
+
+  @ColumnAccessControl({
+    create: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.CreateProjectSMTPConfig,
+    ],
+    read: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ProjectMember,
+      Permission.ReadProjectSMTPConfig,
+    ],
+    update: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.EditProjectSMTPConfig,
+    ],
+  })
+  @TableColumn({
+    required: false,
+    type: TableColumnType.LongText,
+    title: "OAuth Scope",
+    description:
+      "The OAuth scope(s) required for SMTP access. For Microsoft 365: https://outlook.office365.com/.default. For Google: https://mail.google.com/",
+    example: "https://outlook.office365.com/.default",
+  })
+  @Column({
+    nullable: true,
+    type: ColumnType.LongText,
+    length: ColumnLength.LongText,
+  })
+  public scope?: string = undefined;
+
+  @ColumnAccessControl({
+    create: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.CreateProjectSMTPConfig,
+    ],
+    read: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ProjectMember,
+      Permission.ReadProjectSMTPConfig,
+    ],
+    update: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.EditProjectSMTPConfig,
+    ],
+  })
+  @TableColumn({
+    required: false,
+    type: TableColumnType.ShortText,
+    title: "OAuth Provider Type",
+    description:
+      "The OAuth grant type to use. 'Client Credentials' for Microsoft 365 and most providers. 'JWT Bearer' for Google Workspace service accounts.",
+    example: "Client Credentials",
+  })
+  @Column({
+    nullable: true,
+    type: ColumnType.ShortText,
+    length: ColumnLength.ShortText,
+  })
+  public oauthProviderType?: OAuthProviderType = undefined;
 }

package/Models/DatabaseModels/Service.ts

@@ -239,6 +239,7 @@ export default class Service extends BaseModel {
   @TableColumn({
     required: false,
     type: TableColumnType.LongText,
+    canReadOnRelationQuery: true,
     title: "Description",
     description: "Friendly description that will help you remember",
     example:

package/Server/Infrastructure/Postgres/SchemaMigrations/1767896933148-MigrationName.ts

@@ -0,0 +1,41 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class MigrationName1767896933148 implements MigrationInterface {
+  public name = "MigrationName1767896933148";
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "ProjectSMTPConfig" ADD "authType" character varying(100) NOT NULL DEFAULT 'Username and Password'`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "ProjectSMTPConfig" ADD "clientId" character varying(100)`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "ProjectSMTPConfig" ADD "clientSecret" character varying(500)`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "ProjectSMTPConfig" ADD "tokenUrl" text`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "ProjectSMTPConfig" ADD "scope" character varying(500)`,
+    );
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "ProjectSMTPConfig" DROP COLUMN "scope"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "ProjectSMTPConfig" DROP COLUMN "tokenUrl"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "ProjectSMTPConfig" DROP COLUMN "clientSecret"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "ProjectSMTPConfig" DROP COLUMN "clientId"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "ProjectSMTPConfig" DROP COLUMN "authType"`,
+    );
+  }
+}

package/Server/Infrastructure/Postgres/SchemaMigrations/1768216593272-IncreaseClientSecretLength.ts

@@ -0,0 +1,24 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class IncreaseClientSecretLength1768216593272
+  implements MigrationInterface
+{
+  public name = "IncreaseClientSecretLength1768216593272";
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    /*
+     * Change clientSecret from varchar(500) to text to support longer OAuth secrets
+     * (e.g., Google service account private keys which are ~1700+ characters)
+     */
+    await queryRunner.query(
+      `ALTER TABLE "ProjectSMTPConfig" ALTER COLUMN "clientSecret" TYPE text`,
+    );
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    // Revert back to varchar(500)
+    await queryRunner.query(
+      `ALTER TABLE "ProjectSMTPConfig" ALTER COLUMN "clientSecret" TYPE character varying(500)`,
+    );
+  }
+}

package/Server/Infrastructure/Postgres/SchemaMigrations/1768217403078-AddOAuthProviderType.ts

@@ -0,0 +1,21 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class AddOAuthProviderType1768217403078 implements MigrationInterface {
+  public name = "AddOAuthProviderType1768217403078";
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    /*
+     * Add oauthProviderType column to ProjectSMTPConfig table
+     * Values: 'Client Credentials' (for Microsoft 365, etc.) or 'JWT Bearer' (for Google Workspace)
+     */
+    await queryRunner.query(
+      `ALTER TABLE "ProjectSMTPConfig" ADD "oauthProviderType" character varying(100)`,
+    );
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "ProjectSMTPConfig" DROP COLUMN "oauthProviderType"`,
+    );
+  }
+}

package/Server/Infrastructure/Postgres/SchemaMigrations/Index.ts

@@ -213,9 +213,12 @@ import { AddAIAgentIsDefault1766918848434 } from "./1766918848434-AddAIAgentIsDe
 import { MigrationName1766923324521 } from "./1766923324521-MigrationName";
 import { AddGitHubAppInstallationIdToProject1766958924188 } from "./1766958924188-AddGitHubAppInstallationIdToProject";
 import { MigrationName1767009661768 } from "./1767009661768-MigrationName";
+import { MigrationName1767896933148 } from "./1767896933148-MigrationName";
 import { RenameServiceCatalogToService1767966850199 } from "./1767966850199-RenameServiceCatalogToService";
 import { MigrationName1767979055522 } from "./1767979055522-MigrationName";
 import { MigrationName1767979448478 } from "./1767979448478-MigrationName";
+import { IncreaseClientSecretLength1768216593272 } from "./1768216593272-IncreaseClientSecretLength";
+import { AddOAuthProviderType1768217403078 } from "./1768217403078-AddOAuthProviderType";
 
 export default [
   InitialMigration,
@@ -436,4 +439,7 @@ export default [
   RenameServiceCatalogToService1767966850199,
   MigrationName1767979055522,
   MigrationName1767979448478,
+  MigrationName1767896933148,
+  IncreaseClientSecretLength1768216593272,
+  AddOAuthProviderType1768217403078,
 ];

package/Server/Services/AlertService.ts

@@ -1171,7 +1171,7 @@ ${alertSeverity.name}
     metricType.name = alertCountMetric.name;
     metricType.description = "Number of alerts created";
     metricType.unit = "";
-    metricType.telemetryServices = [];
+    metricType.services = [];
     metricTypesMap[alertCountMetric.name] = metricType;
 
     // is the alert acknowledged?

package/Server/Services/IncidentService.ts

@@ -2084,7 +2084,7 @@ ${incidentSeverity.name}
     metricType.name = incidentCountMetric.name;
     metricType.description = "Number of incidents created";
     metricType.unit = "";
-    metricType.telemetryServices = [];
+    metricType.services = [];
 
     // add to map.
     metricTypesMap[incidentCountMetric.name] = metricType;

package/Server/Services/ProjectSmtpConfigService.ts

@@ -1,6 +1,8 @@
 import DatabaseService from "./DatabaseService";
 import EmailServer from "../../Types/Email/EmailServer";
+import SMTPAuthenticationType from "../../Types/Email/SMTPAuthenticationType";
 import BadDataException from "../../Types/Exception/BadDataException";
+import URL from "../../Types/API/URL";
 import Model from "../../Models/DatabaseModels/ProjectSmtpConfig";
 
 export class Service extends DatabaseService<Model> {
@@ -27,13 +29,51 @@ export class Service extends DatabaseService<Model> {
       throw new BadDataException("Project SMTP config port is not set");
     }
 
-    if (!projectSmtpConfig.username) {
-      throw new BadDataException("Project SMTP config username is not set");
-    }
+    // Get auth type, default to UsernamePassword for backward compatibility
+    const authType: SMTPAuthenticationType =
+      projectSmtpConfig.authType || SMTPAuthenticationType.UsernamePassword;
+
+    // Validate based on auth type
+    if (authType === SMTPAuthenticationType.UsernamePassword) {
+      if (!projectSmtpConfig.username) {
+        throw new BadDataException("Project SMTP config username is not set");
+      }
+
+      if (!projectSmtpConfig.password) {
+        throw new BadDataException("Project SMTP config password is not set");
+      }
+    } else if (authType === SMTPAuthenticationType.OAuth) {
+      if (!projectSmtpConfig.username) {
+        throw new BadDataException(
+          "Project SMTP config username (email address) is not set for OAuth",
+        );
+      }
+
+      if (!projectSmtpConfig.clientId) {
+        throw new BadDataException(
+          "Project SMTP config OAuth Client ID is not set",
+        );
+      }
+
+      if (!projectSmtpConfig.clientSecret) {
+        throw new BadDataException(
+          "Project SMTP config OAuth Client Secret is not set",
+        );
+      }
+
+      if (!projectSmtpConfig.tokenUrl) {
+        throw new BadDataException(
+          "Project SMTP config OAuth Token URL is not set",
+        );
+      }
 
-    if (!projectSmtpConfig.password) {
-      throw new BadDataException("Project SMTP config password is not set");
+      if (!projectSmtpConfig.scope) {
+        throw new BadDataException(
+          "Project SMTP config OAuth Scope is not set",
+        );
+      }
     }
+    // For SMTPAuthenticationType.None, no credentials are required
 
     if (!projectSmtpConfig.fromEmail) {
       throw new BadDataException("Project SMTP config from email is not set");
@@ -52,6 +92,13 @@ export class Service extends DatabaseService<Model> {
       fromEmail: projectSmtpConfig.fromEmail,
       fromName: projectSmtpConfig.fromName,
       secure: Boolean(projectSmtpConfig.secure),
+      authType: authType,
+      clientId: projectSmtpConfig.clientId,
+      clientSecret: projectSmtpConfig.clientSecret,
+      tokenUrl: projectSmtpConfig.tokenUrl
+        ? URL.fromString(projectSmtpConfig.tokenUrl)
+        : undefined,
+      scope: projectSmtpConfig.scope,
     };
   }
 }

package/Types/Email/EmailServer.ts

@@ -1,7 +1,10 @@
 import Hostname from "../API/Hostname";
+import URL from "../API/URL";
 import Email from "../Email";
 import ObjectID from "../ObjectID";
 import Port from "../Port";
+import OAuthProviderType from "./OAuthProviderType";
+import SMTPAuthenticationType from "./SMTPAuthenticationType";
 
 export default interface EmailServer {
   id?: ObjectID | undefined; // If this is custom SMTP, this is the ID of the SMTP config. Otherwise, it's undefined
@@ -12,4 +15,12 @@ export default interface EmailServer {
   secure: boolean;
   fromEmail: Email;
   fromName: string;
+
+  // OAuth 2.0 fields for any OAuth-enabled SMTP server
+  authType?: SMTPAuthenticationType | undefined;
+  clientId?: string | undefined; // OAuth Application Client ID
+  clientSecret?: string | undefined; // OAuth Application Client Secret
+  tokenUrl?: URL | undefined; // OAuth token endpoint URL (e.g., https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token)
+  scope?: string | undefined; // OAuth scope(s), space-separated (e.g., https://outlook.office365.com/.default)
+  oauthProviderType?: OAuthProviderType | undefined; // OAuth grant type: Client Credentials or JWT Bearer
 }

package/Types/Email/OAuthProviderType.ts

@@ -0,0 +1,28 @@
+/**
+ * OAuth Provider Types for SMTP authentication.
+ * Different providers use different OAuth 2.0 grant types.
+ */
+enum OAuthProviderType {
+  /**
+   * Client Credentials Grant (RFC 6749)
+   * Used by: Microsoft 365, Azure AD, and most OAuth 2.0 providers
+   *
+   * Required fields: Client ID, Client Secret, Token URL, Scope
+   */
+  ClientCredentials = "Client Credentials",
+
+  /**
+   * JWT Bearer Assertion Grant (RFC 7523)
+   * Used by: Google Workspace service accounts
+   *
+   * Required fields:
+   * - Client ID: Service account email (client_email from JSON key)
+   * - Client Secret: Private key (private_key from JSON key)
+   * - Token URL: OAuth token endpoint
+   * - Scope: Required scopes
+   * - Username: Email address to impersonate
+   */
+  JWTBearer = "JWT Bearer",
+}
+
+export default OAuthProviderType;

package/Types/Email/SMTPAuthenticationType.ts

@@ -0,0 +1,8 @@
+// Authentication types for SMTP servers
+enum SMTPAuthenticationType {
+  UsernamePassword = "Username and Password", // Traditional SMTP authentication
+  OAuth = "OAuth", // OAuth 2.0 authentication (for Microsoft 365, etc.)
+  None = "None", // No authentication (for relay servers)
+}
+
+export default SMTPAuthenticationType;

package/Types/Icon/IconProp.ts

@@ -144,6 +144,9 @@ enum IconProp {
   FlowDiagram = "FlowDiagram",
   GitHub = "GitHub",
   Bug = "Bug",
+  ChartPie = "ChartPie",
+  Heartbeat = "Heartbeat",
+  Waterfall = "Waterfall",
 }
 
 export default IconProp;

package/UI/Components/Icon/Icon.tsx

@@ -1307,9 +1307,9 @@ const Icon: FunctionComponent<ComponentProps> = ({
       />,
     );
   } else if (icon === IconProp.FlowDiagram) {
-    // Flow diagram icon matching home page workflows - two boxes at top, one at bottom, connected
+    // Flow diagram icon matching home page workflows - two boxes at top, one at bottom, connected (rotated 180°)
     return getSvgWrapper(
-      <>
+      <g style={{ transform: "rotate(180deg)", transformOrigin: "center" }}>
         <rect x="3" y="3" width="6" height="4" rx="1" strokeWidth="1.5" />
         <rect x="15" y="3" width="6" height="4" rx="1" strokeWidth="1.5" />
         <rect x="9" y="17" width="6" height="4" rx="1" strokeWidth="1.5" />
@@ -1317,7 +1317,7 @@ const Icon: FunctionComponent<ComponentProps> = ({
           strokeLinecap="round"
           d="M6 7v3a2 2 0 0 0 2 2h8a2 2 0 0 0 2-2V7M12 12v5"
         />
-      </>,
+      </g>,
     );
   } else if (icon === IconProp.Bug) {
     // Bug icon for exceptions - matching home page
@@ -1330,6 +1330,44 @@ const Icon: FunctionComponent<ComponentProps> = ({
         />
       </>,
     );
+  } else if (icon === IconProp.ChartPie) {
+    // Pie chart icon for dashboards - matching home page
+    return getSvgWrapper(
+      <>
+        <path
+          strokeLinecap="round"
+          strokeLinejoin="round"
+          d="M10.5 6a7.5 7.5 0 107.5 7.5h-7.5V6z"
+        />
+        <path
+          strokeLinecap="round"
+          strokeLinejoin="round"
+          d="M13.5 10.5H21A7.5 7.5 0 0013.5 3v7.5z"
+        />
+      </>,
+    );
+  } else if (icon === IconProp.Heartbeat) {
+    // Heartbeat/line chart icon for metrics - matching home page
+    return getSvgWrapper(
+      <>
+        <path
+          strokeLinecap="round"
+          strokeLinejoin="round"
+          d="M2 12h3l2-4 3 8 3-6 2 4h7"
+        />
+        <path strokeLinecap="round" strokeLinejoin="round" d="M2 20h20" />
+      </>,
+    );
+  } else if (icon === IconProp.Waterfall) {
+    // Waterfall/span diagram icon for traces - matching home page
+    return getSvgWrapper(
+      <>
+        <rect x="2" y="3" width="20" height="4" rx="0.5" />
+        <rect x="2" y="10" width="10" height="4" rx="0.5" />
+        <rect x="2" y="17" width="5" height="4" rx="0.5" />
+        <rect x="17" y="17" width="5" height="4" rx="0.5" />
+      </>,
+    );
   }
 
   return <></>;