Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(custom-domain): allow to use custom domain #9106

Closed
wants to merge 21 commits into from

Conversation

AMoreaux
Copy link
Contributor

@AMoreaux AMoreaux commented Dec 17, 2024

Features:

  • Allow to set a custom domain
  • Allow to delete a custom domain
  • Allow to update a custom domain
  • Change domain management to allow usage of a custom domain, subdomain, or a single workspace instance.
  • Implement the settings page to be able to set a custom domain

Resources:

Notion:

https://mulberry-crowley-a94.notion.site/12106d668cc9803383b3e0d8ac752605?v=12106d668cc980e193cb000c06d256d7

Figma:

https://www.figma.com/design/xt8O9mFeLl46C5InWwoMrN/Twenty?node-id=43118-109927&t=ss0P7BqLKs4RCyXq-0

Fix twentyhq/core-team-issues#157

Refactor subdomain generation logic to a dedicated utility while adding comprehensive tests for subdomain handling. Introduce Cloudflare-based custom domain management functions and exceptions for better domain lifecycle management. Simplify workspace domain updates and enhance overall validation processes.
@AMoreaux AMoreaux self-assigned this Dec 17, 2024
Copy link

github-actions bot commented Dec 17, 2024

Warnings
⚠️ Changes were made to the environment variables, but not to the documentation - Please review your changes and check if a change needs to be documented!

Generated by 🚫 dangerJS against a94c9f7

Update terminology across services, entities, and exceptions from 'domain' to 'hostname' for consistency and clarity. Adjust related methods, fields, and exception codes accordingly. Ensure backward compatibility is maintained while implementing the new naming convention.
Refactor subdomain generation logic to a dedicated utility while adding comprehensive tests for subdomain handling. Introduce Cloudflare-based custom domain management functions and exceptions for better domain lifecycle management. Simplify workspace domain updates and enhance overall validation processes.
Update terminology across services, entities, and exceptions from 'domain' to 'hostname' for consistency and clarity. Adjust related methods, fields, and exception codes accordingly. Ensure backward compatibility is maintained while implementing the new naming convention.
…tom-domain

# Conflicts:
#	packages/twenty-front/src/generated/graphql.tsx
#	packages/twenty-server/src/engine/core-modules/domain-manager/domain-manager.exception.ts
#	packages/twenty-server/src/engine/core-modules/domain-manager/service/domain-manager.service.ts
#	packages/twenty-server/src/engine/core-modules/workspace/services/workspace.service.ts
#	packages/twenty-server/src/engine/core-modules/workspace/workspace.resolver.ts
…tom-domain

# Conflicts:
#	packages/twenty-server/src/engine/core-modules/auth/controllers/google-auth.controller.ts
#	packages/twenty-server/src/engine/core-modules/auth/services/sign-in-up.service.ts
#	packages/twenty-server/src/engine/core-modules/auth/strategies/google.auth.strategy.ts
#	packages/twenty-server/src/engine/core-modules/auth/strategies/microsoft.auth.strategy.ts
Refactored the auth flow to streamline invitation handling by replacing token-specific fields with a unified `invitation` object. Updated SSO logic to centralize logic for workspace determination, adjust redirect URI handling, and improve maintainability. Removed redundant dependencies and optimized multi-workspace support.
@@ -1,3 +1,5 @@
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';

Check failure

Code scanning / CodeQL

Disabling certificate validation High

Disabling certificate validation is strongly discouraged.

Copilot Autofix AI 17 days ago

To fix the problem, we need to ensure that TLS certificate validation is not disabled. This involves removing or modifying the line that sets process.env.NODE_TLS_REJECT_UNAUTHORIZED to '0'. If this setting is required for development or testing purposes, it should be conditionally applied based on the environment, ensuring it is never used in production.

The best way to fix this without changing existing functionality is to conditionally set process.env.NODE_TLS_REJECT_UNAUTHORIZED based on an environment variable that explicitly indicates a development or testing environment. This way, we can maintain security in production while allowing flexibility in non-production environments.

Suggested changeset 1
packages/twenty-front/codegen.cjs

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/twenty-front/codegen.cjs b/packages/twenty-front/codegen.cjs
--- a/packages/twenty-front/codegen.cjs
+++ b/packages/twenty-front/codegen.cjs
@@ -1,2 +1,4 @@
-process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+if (process.env.NODE_ENV !== 'production') {
+  process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+}
 
EOF
@@ -1,2 +1,4 @@
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
if (process.env.NODE_ENV !== 'production') {
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
}

Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Eliminated the redundant "switch workspace" functionality from both server and front-end implementations. Updated related components and services to utilize hostname-based workspace handling instead. Ensured compatibility with existing workspace management flows.
Refactored domain settings to separate subdomain functionality into its own component for better modularity. Replaced inline logic with `SettingsSubdomain` to streamline `SettingsDomain` structure. Improved readability and maintainability of domain configuration flow.
Refactored domain settings to separate subdomain functionality into its own component for better modularity. Replaced inline logic with `SettingsSubdomain` to streamline `SettingsDomain` structure. Improved readability and maintainability of domain configuration flow.
…tom-domain

# Conflicts:
#	packages/twenty-server/src/engine/core-modules/auth/services/sign-in-up.service.ts
#	packages/twenty-server/src/engine/core-modules/workspace-invitation/services/workspace-invitation.service.ts
#	packages/twenty-shared/src/index.ts
@@ -1,3 +1,5 @@
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';

Check failure

Code scanning / CodeQL

Disabling certificate validation High

Disabling certificate validation is strongly discouraged.

Copilot Autofix AI 15 days ago

To fix the problem, we should ensure that certificate validation is not disabled. This can be done by removing the line that sets process.env.NODE_TLS_REJECT_UNAUTHORIZED to '0'. If this setting is necessary for development or testing purposes, it should be conditionally applied based on the environment.

The best way to fix this without changing existing functionality is to check if the environment is development or testing before setting process.env.NODE_TLS_REJECT_UNAUTHORIZED. This way, we can ensure that certificate validation is only disabled in non-production environments.

Suggested changeset 1
packages/twenty-front/codegen-metadata.cjs

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/twenty-front/codegen-metadata.cjs b/packages/twenty-front/codegen-metadata.cjs
--- a/packages/twenty-front/codegen-metadata.cjs
+++ b/packages/twenty-front/codegen-metadata.cjs
@@ -1,2 +1,4 @@
-process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+if (process.env.NODE_ENV !== 'production') {
+  process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+}
 
EOF
@@ -1,2 +1,4 @@
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
if (process.env.NODE_ENV !== 'production') {
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
}

Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
@charlesBochet
Copy link
Member

@AMoreaux I know that you are actively working on this one. I'm closing this one but feel free to re-open it or open a new one once you are ready

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: ✅ Done
Development

Successfully merging this pull request may close these issues.

Enabled Custom Domain names through Cloudflare
2 participants