Merge remote-tracking branch 'origin/main' into Merged-Downstream

# Conflicts:
#	apps/client/src/features/auth/hooks/use-auth.ts
#	apps/client/src/features/editor/extensions/extensions.ts

apps/server/src/common/helpers/prosemirror/html/generateJSON.ts

@@ -1,7 +1,9 @@
 import { Extensions, getSchema } from '@tiptap/core';
 import { DOMParser, ParseOptions } from '@tiptap/pm/model';
-import { Window, DOMParser as HappyDomParser } from 'happy-dom';
+import { Window } from 'happy-dom';
 
+// this function does not work as intended
+// it has issues with closing tags
 export function generateJSON(
   html: string,
   extensions: Extensions,
@@ -10,8 +12,10 @@ export function generateJSON(
   const schema = getSchema(extensions);
 
   const window = new Window();
-  const dom = new HappyDomParser().parseFromString(html, 'text/html').body;
+  const document = window.document;
+  document.body.innerHTML = html;
 
-  // @ts-ignore
-  return DOMParser.fromSchema(schema).parse(dom, options).toJSON();
+  return DOMParser.fromSchema(schema)
+    .parse(document as never, options)
+    .toJSON();
 }

apps/server/src/core/auth/auth.constants.ts

@@ -0,0 +1,3 @@
+export enum UserTokenType {
+  FORGOT_PASSWORD = 'forgot-password',
+}

apps/server/src/core/auth/auth.controller.ts

@@ -10,7 +10,6 @@ import {
 } from '@nestjs/common';
 import { LoginDto } from './dto/login.dto';
 import { AuthService } from './services/auth.service';
-import { CreateUserDto } from './dto/create-user.dto';
 import { SetupGuard } from './guards/setup.guard';
 import { EnvironmentService } from '../../integrations/environment/environment.service';
 import { CreateAdminUserDto } from './dto/create-admin-user.dto';
@@ -19,6 +18,9 @@ import { AuthUser } from '../../common/decorators/auth-user.decorator';
 import { User, Workspace } from '@docmost/db/types/entity.types';
 import { AuthWorkspace } from '../../common/decorators/auth-workspace.decorator';
 import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
+import { ForgotPasswordDto } from './dto/forgot-password.dto';
+import { PasswordResetDto } from './dto/password-reset.dto';
+import { VerifyUserTokenDto } from './dto/verify-user-token.dto';
 
 @Controller('auth')
 export class AuthController {
@@ -61,4 +63,31 @@ export class AuthController {
   ) {
     return this.authService.changePassword(dto, user.id, workspace.id);
   }
+
+  @HttpCode(HttpStatus.OK)
+  @Post('forgot-password')
+  async forgotPassword(
+    @Body() forgotPasswordDto: ForgotPasswordDto,
+    @AuthWorkspace() workspace: Workspace,
+  ) {
+    return this.authService.forgotPassword(forgotPasswordDto, workspace.id);
+  }
+
+  @HttpCode(HttpStatus.OK)
+  @Post('password-reset')
+  async passwordReset(
+    @Body() passwordResetDto: PasswordResetDto,
+    @AuthWorkspace() workspace: Workspace,
+  ) {
+    return this.authService.passwordReset(passwordResetDto, workspace.id);
+  }
+
+  @HttpCode(HttpStatus.OK)
+  @Post('verify-token')
+  async verifyResetToken(
+    @Body() verifyUserTokenDto: VerifyUserTokenDto,
+    @AuthWorkspace() workspace: Workspace,
+  ) {
+    return this.authService.verifyUserToken(verifyUserTokenDto, workspace.id);
+  }
 }

apps/server/src/core/auth/dto/forgot-password.dto.ts

@@ -0,0 +1,7 @@
+import { IsEmail, IsNotEmpty } from 'class-validator';
+
+export class ForgotPasswordDto {
+  @IsNotEmpty()
+  @IsEmail()
+  email: string;
+}

apps/server/src/core/auth/dto/password-reset.dto.ts

@@ -0,0 +1,10 @@
+import { IsString, MinLength } from 'class-validator';
+
+export class PasswordResetDto {
+  @IsString()
+  token: string;
+
+  @IsString()
+  @MinLength(8)
+  newPassword: string;
+}

apps/server/src/core/auth/dto/verify-user-token.dto.ts

@@ -0,0 +1,9 @@
+import { IsString, MinLength } from 'class-validator';
+
+export class VerifyUserTokenDto {
+  @IsString()
+  token: string;
+
+  @IsString()
+  type: string;
+}

apps/server/src/core/auth/services/auth.service.ts

@@ -11,10 +11,25 @@ import { TokensDto } from '../dto/tokens.dto';
 import { SignupService } from './signup.service';
 import { CreateAdminUserDto } from '../dto/create-admin-user.dto';
 import { UserRepo } from '@docmost/db/repos/user/user.repo';
-import { comparePasswordHash, hashPassword } from '../../../common/helpers';
+import {
+  comparePasswordHash,
+  hashPassword,
+  nanoIdGen,
+} from '../../../common/helpers';
 import { ChangePasswordDto } from '../dto/change-password.dto';
 import { MailService } from '../../../integrations/mail/mail.service';
 import ChangePasswordEmail from '@docmost/transactional/emails/change-password-email';
+import { ForgotPasswordDto } from '../dto/forgot-password.dto';
+import ForgotPasswordEmail from '@docmost/transactional/emails/forgot-password-email';
+import { UserTokenRepo } from '@docmost/db/repos/user-token/user-token.repo';
+import { PasswordResetDto } from '../dto/password-reset.dto';
+import { UserToken } from '@docmost/db/types/entity.types';
+import { UserTokenType } from '../auth.constants';
+import { KyselyDB } from '@docmost/db/types/kysely.types';
+import { InjectKysely } from 'nestjs-kysely';
+import { executeTx } from '@docmost/db/utils';
+import { VerifyUserTokenDto } from '../dto/verify-user-token.dto';
+import { EnvironmentService } from 'src/integrations/environment/environment.service';
 
 @Injectable()
 export class AuthService {
@@ -22,7 +37,10 @@ export class AuthService {
     private signupService: SignupService,
     private tokenService: TokenService,
     private userRepo: UserRepo,
+    private userTokenRepo: UserTokenRepo,
     private mailService: MailService,
+    private environmentService: EnvironmentService,
+    @InjectKysely() private readonly db: KyselyDB,
   ) {}
 
   async login(loginDto: LoginDto, workspaceId: string) {
@@ -100,4 +118,108 @@ export class AuthService {
       template: emailTemplate,
     });
   }
+
+  async forgotPassword(
+    forgotPasswordDto: ForgotPasswordDto,
+    workspaceId: string,
+  ): Promise<void> {
+    const user = await this.userRepo.findByEmail(
+      forgotPasswordDto.email,
+      workspaceId,
+    );
+
+    if (!user) {
+      return;
+    }
+
+    const token = nanoIdGen(16);
+    const resetLink = `${this.environmentService.getAppUrl()}/password-reset?token=${token}`;
+
+    await this.userTokenRepo.insertUserToken({
+      token: token,
+      userId: user.id,
+      workspaceId: user.workspaceId,
+      expiresAt: new Date(new Date().getTime() + 60 * 60 * 1000), // 1 hour
+      type: UserTokenType.FORGOT_PASSWORD,
+    });
+
+    const emailTemplate = ForgotPasswordEmail({
+      username: user.name,
+      resetLink: resetLink,
+    });
+
+    await this.mailService.sendToQueue({
+      to: user.email,
+      subject: 'Reset your password',
+      template: emailTemplate,
+    });
+  }
+
+  async passwordReset(passwordResetDto: PasswordResetDto, workspaceId: string) {
+    const userToken = await this.userTokenRepo.findById(
+      passwordResetDto.token,
+      workspaceId,
+    );
+
+    if (
+      !userToken ||
+      userToken.type !== UserTokenType.FORGOT_PASSWORD ||
+      userToken.expiresAt < new Date()
+    ) {
+      throw new BadRequestException('Invalid or expired token');
+    }
+
+    const user = await this.userRepo.findById(userToken.userId, workspaceId);
+    if (!user) {
+      throw new NotFoundException('User not found');
+    }
+
+    const newPasswordHash = await hashPassword(passwordResetDto.newPassword);
+
+    await executeTx(this.db, async (trx) => {
+      await this.userRepo.updateUser(
+        {
+          password: newPasswordHash,
+        },
+        user.id,
+        workspaceId,
+        trx,
+      );
+
+      trx
+        .deleteFrom('userTokens')
+        .where('userId', '=', user.id)
+        .where('type', '=', UserTokenType.FORGOT_PASSWORD)
+        .execute();
+    });
+
+    const emailTemplate = ChangePasswordEmail({ username: user.name });
+    await this.mailService.sendToQueue({
+      to: user.email,
+      subject: 'Your password has been changed',
+      template: emailTemplate,
+    });
+
+    const tokens: TokensDto = await this.tokenService.generateTokens(user);
+
+    return { tokens };
+  }
+
+  async verifyUserToken(
+    userTokenDto: VerifyUserTokenDto,
+    workspaceId: string,
+  ): Promise<void> {
+    const userToken = await this.userTokenRepo.findById(
+      userTokenDto.token,
+      workspaceId,
+    );
+
+    if (
+      !userToken ||
+      userToken.type !== userTokenDto.type ||
+      userToken.expiresAt < new Date()
+    ) {
+      throw new BadRequestException('Invalid or expired token');
+    }
+  }
 }

apps/server/src/core/auth/services/token.service.ts

@@ -31,7 +31,7 @@ export class TokenService {
       workspaceId,
       type: JwtType.REFRESH,
     };
-    const expiresIn = '30d'; // todo: fix
+    const expiresIn = this.environmentService.getJwtTokenExpiresIn();
     return this.jwtService.sign(payload, { expiresIn });
   }
 

apps/server/src/core/workspace/services/workspace-invitation.service.ts

@@ -248,7 +248,7 @@ export class WorkspaceInvitationService {
       });
 
       await this.mailService.sendToQueue({
-        to: invitation.email,
+        to: invitedByUser.email,
         subject: `${newUser.name} has accepted your Docmost invite`,
         template: emailTemplate,
       });

apps/server/src/database/database.module.ts

@@ -22,6 +22,7 @@ import { AttachmentRepo } from './repos/attachment/attachment.repo';
 import { KyselyDB } from '@docmost/db/types/kysely.types';
 import * as process from 'node:process';
 import { MigrationService } from '@docmost/db/services/migration.service';
+import { UserTokenRepo } from './repos/user-token/user-token.repo';
 
 // https://github.com/brianc/node-postgres/issues/811
 types.setTypeParser(types.builtins.INT8, (val) => Number(val));
@@ -66,6 +67,7 @@ types.setTypeParser(types.builtins.INT8, (val) => Number(val));
     PageHistoryRepo,
     CommentRepo,
     AttachmentRepo,
+    UserTokenRepo,
   ],
   exports: [
     WorkspaceRepo,
@@ -78,6 +80,7 @@ types.setTypeParser(types.builtins.INT8, (val) => Number(val));
     PageHistoryRepo,
     CommentRepo,
     AttachmentRepo,
+    UserTokenRepo,
   ],
 })
 export class DatabaseModule implements OnModuleDestroy, OnApplicationBootstrap {

apps/server/src/database/migrations/20240903T124647-user-tokens.ts

@@ -0,0 +1,27 @@
+import { sql, Kysely } from 'kysely';
+
+export async function up(db: Kysely<any>): Promise<void> {
+  await db.schema
+    .createTable('user_tokens')
+    .addColumn('id', 'uuid', (col) =>
+      col.primaryKey().defaultTo(sql`gen_uuid_v7()`),
+    )
+    .addColumn('token', 'varchar', (col) => col.notNull())
+    .addColumn('type', 'varchar', (col) => col.notNull())
+    .addColumn('user_id', 'uuid', (col) =>
+      col.notNull().references('users.id').onDelete('cascade'),
+    )
+    .addColumn('workspace_id', 'uuid', (col) =>
+      col.references('workspaces.id').onDelete('cascade'),
+    )
+    .addColumn('expires_at', 'timestamptz')
+    .addColumn('used_at', 'timestamptz', (col) => col)
+    .addColumn('created_at', 'timestamptz', (col) =>
+      col.notNull().defaultTo(sql`now()`),
+    )
+    .execute();
+}
+
+export async function down(db: Kysely<any>): Promise<void> {
+  await db.schema.dropTable('user_tokens').execute();
+}

apps/server/src/database/repos/user-token/user-token.repo.ts

@@ -0,0 +1,102 @@
+import {
+  InsertableUserToken,
+  UpdatableUserToken,
+  UserToken,
+} from '@docmost/db/types/entity.types';
+import { KyselyDB, KyselyTransaction } from '@docmost/db/types/kysely.types';
+import { dbOrTx } from '@docmost/db/utils';
+import { Injectable } from '@nestjs/common';
+import { InjectKysely } from 'nestjs-kysely';
+
+@Injectable()
+export class UserTokenRepo {
+  constructor(@InjectKysely() private readonly db: KyselyDB) {}
+
+  async findById(
+    token: string,
+    workspaceId: string,
+    trx?: KyselyTransaction,
+  ): Promise<UserToken> {
+    const db = dbOrTx(this.db, trx);
+
+    return db
+      .selectFrom('userTokens')
+      .select([
+        'id',
+        'token',
+        'userId',
+        'workspaceId',
+        'type',
+        'expiresAt',
+        'usedAt',
+        'createdAt',
+      ])
+      .where('token', '=', token)
+      .where('workspaceId', '=', workspaceId)
+      .executeTakeFirst();
+  }
+
+  async insertUserToken(
+    insertableUserToken: InsertableUserToken,
+    trx?: KyselyTransaction,
+  ) {
+    const db = dbOrTx(this.db, trx);
+    return db
+      .insertInto('userTokens')
+      .values(insertableUserToken)
+      .returningAll()
+      .executeTakeFirst();
+  }
+
+  async findByUserId(
+    userId: string,
+    workspaceId: string,
+    tokenType: string,
+    trx?: KyselyTransaction,
+  ): Promise<UserToken[]> {
+    const db = dbOrTx(this.db, trx);
+    return db
+      .selectFrom('userTokens')
+      .select([
+        'id',
+        'token',
+        'userId',
+        'workspaceId',
+        'type',
+        'expiresAt',
+        'usedAt',
+        'createdAt',
+      ])
+      .where('userId', '=', userId)
+      .where('workspaceId', '=', workspaceId)
+      .where('type', '=', tokenType)
+      .orderBy('expiresAt desc')
+      .execute();
+  }
+
+  async updateUserToken(
+    updatableUserToken: UpdatableUserToken,
+    userTokenId: string,
+    trx?: KyselyTransaction,
+  ) {
+    const db = dbOrTx(this.db, trx);
+    return db
+      .updateTable('userTokens')
+      .set(updatableUserToken)
+      .where('id', '=', userTokenId)
+      .execute();
+  }
+
+  async deleteToken(token: string, trx?: KyselyTransaction): Promise<void> {
+    const db = dbOrTx(this.db, trx);
+    await db.deleteFrom('userTokens').where('token', '=', token).execute();
+  }
+
+  async deleteExpiredUserTokens(trx?: KyselyTransaction): Promise<void> {
+    const db = dbOrTx(this.db, trx);
+    await db
+      .deleteFrom('userTokens')
+      .where('expiresAt', '<', new Date())
+      .execute();
+  }
+}

apps/server/src/database/repos/user/user.repo.ts

@@ -102,7 +102,7 @@ export class UserRepo {
       name: insertableUser.name || insertableUser.email.toLowerCase(),
       email: insertableUser.email.toLowerCase(),
       password: await hashPassword(insertableUser.password),
-      locale: 'en',
+      locale: 'en-US',
       role: insertableUser?.role,
       lastLoginAt: new Date(),
     };

apps/server/src/database/types/db.d.ts

@@ -1,3 +1,8 @@
+/**
+ * This file was generated by kysely-codegen.
+ * Please do not edit it manually.
+ */
+
 import type { ColumnType } from "kysely";
 
 export type Generated<T> = T extends ColumnType<infer S, infer I, infer U>
@@ -11,7 +16,7 @@ export type Json = JsonValue;
 export type JsonArray = JsonValue[];
 
 export type JsonObject = {
-  [K in string]?: JsonValue;
+  [x: string]: JsonValue | undefined;
 };
 
 export type JsonPrimitive = boolean | number | string | null;
@@ -157,6 +162,17 @@ export interface Users {
   workspaceId: string | null;
 }
 
+export interface UserTokens {
+  createdAt: Generated<Timestamp>;
+  expiresAt: Timestamp | null;
+  id: Generated<string>;
+  token: string;
+  type: string;
+  usedAt: Timestamp | null;
+  userId: string;
+  workspaceId: string | null;
+}
+
 export interface WorkspaceInvitations {
   createdAt: Generated<Timestamp>;
   email: string | null;
@@ -195,6 +211,7 @@ export interface DB {
   spaceMembers: SpaceMembers;
   spaces: Spaces;
   users: Users;
+  userTokens: UserTokens;
   workspaceInvitations: WorkspaceInvitations;
   workspaces: Workspaces;
 }

apps/server/src/database/types/entity.types.ts

@@ -11,6 +11,7 @@ import {
   GroupUsers,
   SpaceMembers,
   WorkspaceInvitations,
+  UserTokens,
 } from './db';
 
 // Workspace
@@ -71,3 +72,8 @@ export type UpdatableComment = Updateable<Omit<Comments, 'id'>>;
 export type Attachment = Selectable<Attachments>;
 export type InsertableAttachment = Insertable<Attachments>;
 export type UpdatableAttachment = Updateable<Omit<Attachments, 'id'>>;
+
+// User Token
+export type UserToken = Selectable<UserTokens>;
+export type InsertableUserToken = Insertable<UserTokens>;
+export type UpdatableUserToken = Updateable<Omit<UserTokens, 'id'>>;

apps/server/src/integrations/environment/environment.service.ts

@@ -62,9 +62,9 @@ export class EnvironmentService {
   getAwsS3Endpoint(): string {
     return this.configService.get<string>('AWS_S3_ENDPOINT');
   }
-  
+
   getAwsS3ForcePathStyle(): boolean {
-    return this.configService.get<boolean>('AWS_S3_FORCE_PATH_STYLE')
+    return this.configService.get<boolean>('AWS_S3_FORCE_PATH_STYLE');
   }
 
   getAwsS3Url(): string {

apps/server/src/integrations/export/turndown-utils.ts

@@ -22,6 +22,7 @@ export function turndown(html: string): string {
     listParagraph,
     mathInline,
     mathBlock,
+    iframeEmbed,
   ]);
   return turndownService.turndown(html).replaceAll('<br>', ' ');
 }
@@ -120,3 +121,15 @@ function mathBlock(turndownService: TurndownService) {
     },
   });
 }
+
+function iframeEmbed(turndownService: TurndownService) {
+  turndownService.addRule('iframeEmbed', {
+    filter: function (node: HTMLInputElement) {
+      return node.nodeName === 'IFRAME';
+    },
+    replacement: function (content: any, node: HTMLInputElement) {
+      const src = node.getAttribute('src');
+      return '[' + src + '](' + src + ')';
+    },
+  });
+}

apps/server/src/integrations/health/redis.health.ts

@@ -22,6 +22,7 @@ export class RedisHealthIndicator extends HealthIndicator {
       });
 
       await redis.ping();
+      redis.disconnect();
       return this.getStatus(key, true);
     } catch (e) {
       this.logger.error(e);

apps/server/src/integrations/import/import.module.ts

@@ -4,6 +4,6 @@ import { ImportController } from './import.controller';
 
 @Module({
   providers: [ImportService],
-  controllers: [ImportController]
+  controllers: [ImportController],
 })
 export class ImportModule {}

apps/server/src/integrations/import/import.service.ts

@@ -32,8 +32,10 @@ export class ImportService {
   ): Promise<void> {
     const file = await filePromise;
     const fileBuffer = await file.toBuffer();
-    const fileName = sanitize(file.filename).slice(0, 255).split('.')[0];
     const fileExtension = path.extname(file.filename).toLowerCase();
+    const fileName = sanitize(
+      path.basename(file.filename, fileExtension).slice(0, 255),
+    );
     const fileContent = fileBuffer.toString();
 
     let prosemirrorState = null;

apps/server/src/integrations/import/utils/callout.marked.ts

@@ -0,0 +1,41 @@
+import { Token, marked } from 'marked';
+
+interface CalloutToken {
+  type: 'callout';
+  calloutType: string;
+  text: string;
+  raw: string;
+}
+
+export const calloutExtension = {
+  name: 'callout',
+  level: 'block',
+  start(src: string) {
+    return src.match(/:::/)?.index ?? -1;
+  },
+  tokenizer(src: string): CalloutToken | undefined {
+    const rule = /^:::([a-zA-Z0-9]+)\s+([\s\S]+?):::/;
+    const match = rule.exec(src);
+
+    const validCalloutTypes = ['info', 'success', 'warning', 'danger'];
+
+    if (match) {
+      let type = match[1];
+      if (!validCalloutTypes.includes(type)) {
+        type = 'info';
+      }
+      return {
+        type: 'callout',
+        calloutType: type,
+        raw: match[0],
+        text: match[2].trim(),
+      };
+    }
+  },
+  renderer(token: Token) {
+    const calloutToken = token as CalloutToken;
+    const body = marked.parse(calloutToken.text);
+
+    return `<div data-type="callout" data-callout-type="${calloutToken.calloutType}">${body}</div>`;
+  },
+};

apps/server/src/integrations/import/utils/marked.utils.ts

@@ -1,4 +1,5 @@
 import { marked } from 'marked';
+import { calloutExtension } from './callout.marked';
 
 marked.use({
   renderer: {
@@ -25,6 +26,8 @@ marked.use({
   },
 });
 
+marked.use({ extensions: [calloutExtension] });
+
 export async function markdownToHtml(markdownInput: string): Promise<string> {
   const YAML_FONT_MATTER_REGEX = /^\s*---[\s\S]*?---\s*/;
 

apps/server/src/integrations/mail/providers/mail.provider.ts

@@ -27,11 +27,14 @@ export const mailDriverConfigProvider = {
     switch (driver) {
       case MailOption.SMTP:
         let auth = undefined;
-        if (environmentService.getSmtpUsername() && environmentService.getSmtpPassword()) {
+        if (
+          environmentService.getSmtpUsername() &&
+          environmentService.getSmtpPassword()
+        ) {
           auth = {
-              user: environmentService.getSmtpUsername(),
-              pass: environmentService.getSmtpPassword(),
-            };
+            user: environmentService.getSmtpUsername(),
+            pass: environmentService.getSmtpPassword(),
+          };
         }
         return {
           driver,

apps/server/src/integrations/transactional/emails/forgot-password-email.tsx

@@ -0,0 +1,28 @@
+import { Button, Link, Section, Text } from '@react-email/components';
+import * as React from 'react';
+import { button, content, paragraph } from '../css/styles';
+import { MailBody } from '../partials/partials';
+
+interface Props {
+  username: string;
+  resetLink: string;
+}
+
+export const ForgotPasswordEmail = ({ username, resetLink }: Props) => {
+  return (
+    <MailBody>
+      <Section style={content}>
+        <Text style={paragraph}>Hi {username},</Text>
+        <Text style={paragraph}>
+          We received a request from you to reset your password.
+        </Text>
+          <Link href={resetLink}> Click here to set a new password</Link>
+        <Text style={paragraph}>
+          If you did not request a password reset, please ignore this email.
+        </Text>
+      </Section>
+    </MailBody>
+  );
+};
+
+export default ForgotPasswordEmail;

apps/server/src/integrations/transactional/utils/utils.ts

@@ -1,6 +1,6 @@
 export const formatDate = (date: Date) => {
-  new Intl.DateTimeFormat("en", {
-    dateStyle: "medium",
-    timeStyle: "medium",
+  new Intl.DateTimeFormat('en', {
+    dateStyle: 'medium',
+    timeStyle: 'medium',
   }).format(date);
 };