feat: cloud and ee (#805)

* stripe init
git submodules for enterprise modules

* * Cloud billing UI - WIP
* Proxy websockets in dev mode
* Separate workspace login and creation for cloud
* Other fixes

* feat: billing (cloud)

* * add domain service
* prepare links from workspace hostname

* WIP

* Add exchange token generation
* Validate JWT token type during verification

* domain service

* add SkipTransform decorator

* * updates (server)
* add new packages
* new sso migration file

* WIP

* Fix hostname generation

* WIP

* WIP

* Reduce input error font-size
* set max password length

* jwt package

* license page - WIP

* * License management UI
* Move license key store to db

* add reflector

* SSO enforcement

* * Add default plan
* Add usePlan hook

* * Fix auth container margin in mobile
* Redirect login and home to select page in cloud

* update .gitignore

* Default to yearly

* * Trial messaging
* Handle ended trials

* Don't set to readonly on collab disconnect (Cloud)

* Refine trial (UI)
* Fix bug caused by using jotai optics atom in AppHeader component

* configurable database maximum pool

* Close SSO form on save

* wip

* sync

* Only show sign-in in cloud

* exclude base api part from workspaceId check

* close db connection beforeApplicationShutdown

* Add health/live endpoint

* clear cookie on hostname change

* reset currentUser atom

* Change text

* return 401 if workspace does not match

* feat: show user workspace list in cloud login page

* sync

* Add home path

* Prefetch to speed up queries

* * Add robots.txt
* Disallow login and forgot password routes

* wildcard user-agent

* Fix space query cache

* fix

* fix

* use space uuid for recent pages

* prefetch billing plans

* enhance license page

* sync

apps/server/src/common/guards/jwt-auth.guard.ts

@@ -6,10 +6,15 @@ import {
 import { AuthGuard } from '@nestjs/passport';
 import { IS_PUBLIC_KEY } from '../decorators/public.decorator';
 import { Reflector } from '@nestjs/core';
+import { EnvironmentService } from '../../integrations/environment/environment.service';
+import { addDays } from 'date-fns';
 
 @Injectable()
 export class JwtAuthGuard extends AuthGuard('jwt') {
-  constructor(private reflector: Reflector) {
+  constructor(
+    private reflector: Reflector,
+    private environmentService: EnvironmentService,
+  ) {
     super();
   }
 
@@ -26,10 +31,40 @@ export class JwtAuthGuard extends AuthGuard('jwt') {
     return super.canActivate(context);
   }
 
-  handleRequest(err: any, user: any, info: any) {
+  handleRequest(err: any, user: any, info: any, ctx: ExecutionContext) {
     if (err || !user) {
       throw err || new UnauthorizedException();
     }
+
+    this.setJoinedWorkspacesCookie(user, ctx);
     return user;
   }
+
+  setJoinedWorkspacesCookie(user: any, ctx: ExecutionContext) {
+    if (this.environmentService.isCloud()) {
+      const req = ctx.switchToHttp().getRequest();
+      const res = ctx.switchToHttp().getResponse();
+
+      const workspaceId = user?.workspace?.id;
+      let hosts = [];
+      try {
+        hosts = req.cookies.workspaces ? JSON.parse(req.cookies.hosts) : [];
+      } catch (err) {
+        /* empty */
+      }
+
+      if (!hosts.includes(workspaceId)) {
+        hosts.push(workspaceId);
+      }
+
+      // todo: revisit
+      res.setCookie('joinedWorkspaces', JSON.stringify(hosts), {
+        httpOnly: false,
+        domain: '.' + this.environmentService.getSubdomainHost(),
+        path: '/',
+        expires: addDays(new Date(), 365),
+        secure: this.environmentService.isHttps(),
+      });
+    }
+  }
 }