Previously the base path for the API was hardcoded to `/api` and the
specified version.
This was not obvious that the generated code was setting that base path
and it was not flexible for serving the API under a different path than
`/api`.
We will likely need to set a different base path if we pretend to serve
the new back office API that we are going to implement alongside the
current admin API until the new back office is fully implemented and
verified that works properly.
This commit also fix add the base path of the endpoints to the
documentation because it was even more confusing for somebody that wants
to use the API having to find out them through looking to the generated
code.
Change-Id: I6efab6b6f3d295129d6f42f7fbba8c2dc19725f4
This change fixes an issue where the project limit could be exceeded if
multiple project creation requests were sent sufficiently close to one
another. This could also be used to bypass project name duplication
checking.
Change-Id: I61cde7abaf25dedc5601c6870275de9938d7b949
Make the link more human-friendly - to contain the text of the group and
endpoint names.
Also link back to list of endpoints from each endpoint.
Change-Id: Ia3e2ebe20b58b5f60ecefe9d35fb8fd90dd4b4d7
This change adds tests to ensure critical endpoints are not able to be
called by users for other users. It asserts that if cases like that
do happen, a 401 response will be sent.
Issue: https://github.com/storj/storj-private/issues/407
Change-Id: I70097a80f691a7d0fcb0bc5dbce8291144177720
This change makes it easier for someone reading the documentation to see
a full list of supported endpoints, and have direct links to the
details.
Change-Id: I46e2f809cfa2760845898eaa3d99db9066d435ef
Remove outdated information from the generated API readme, and add a
link to the generated documentation.
Change-Id: Icc098c81f235464344895d2195444044831aac63
This change removes unused GraphQL code. It also updates storj sim code
to use the GraphQL replacement HTTP endpoints and removes the GraphQL
dependency.
Issue: https://github.com/storj/storj/issues/6142
Change-Id: Ie502553706c4b1282cd883a9275ea7332b8fc92d
This change fixes an issue where multiple unverified users with the
same email address could be created if registration requests were
sent sufficiently close to one another.
Resolves#6156
Change-Id: If8b1a145bcab842ace718119183de59947430463
This change adds an HTTP endpoint for creating projects, to be used in
place of the GraphQL version.
Issue: https://github.com/storj/storj/issues/6195
Change-Id: I0377353418df7c152db6a935e99a3ea7ab4ce625
This change allows you to host the vuetify app on <x>.example.com where
the main app is hosted on example.com. A configuration is added to
specify an exact subdomain for cookies. For example, if my production
app is hosted on us1.storj.io and my vuetify app is hosted on
vuetify.us1.storj.io, the cookie domain should be set to ".us1.storj.io"
so that any authentication cookie is accessible to lower-level
subdomains.
Since the vuetify app does not currently support login/signup on its
own, it is still required to first login to the main satellite UI, then
navigate to the Vuetify app after the session cookie is set.
If the "vuetifypoc" prefix is not desirable when using subdomain hosting
for vuetify, the VITE_VUETIFY_PREFIX variable can be modified in
web/satellite/.env before running `npm run build-vuetify`. For now, we
should keep this prefix because it makes developing on the vuetify app
significantly easier if subdomains are not being used.
Issue: https://github.com/storj/storj/issues/6144
Change-Id: Iba1a5737892c8ee8f38148a17b94e3222f8798e6
This commit adds a new endpoint on the console api to delete project
members and invitations.
issue: https://github.com/storj/storj/issues/6136
Change-Id: I980bb97afd1ed2ed8f0f27cc2e8dc1d80d7eef05
This change adds an endpoint update projects, to be used in place of
the graphql alternative.
Issue: https://github.com/storj/storj/issues/6134
Change-Id: I26c04f4400f71721cbddb7f64405e6c9b78edb4d
This change introduces an HTTP endpoint for retrieving bucket usage
totals. In the future, this will replace its GraphQL counterpart.
References #6141
Change-Id: Ic6a0069a7e58b90dc2b6c55f164393f036c6acf4
This commit adds a new endpoint on the satellite console api to get
project members and invitations.
issue: https://github.com/storj/storj/issues/6137
Change-Id: I66cb064eeaffb1c34878462b3e6b3be8f3629f4e
This change adds an endpoint to get a user's projects, similar to
the OwnedProjects GraphQL query.
The console.ProjectInfo struct has been renamed to UpsertProjectInfo
to more accurately reflect its use.
Issue: https://github.com/storj/storj/issues/6135
Change-Id: I802fe4694a5cc75a9df2b565476f6e6f473431d4
This change adds an endpoint to delete API keys, similar to GraphQL mutation.
Issue:
https://github.com/storj/storj/issues/6140
Change-Id: Ia4a808222a057a199d803d8ea6b944c411a4dc8d
This change adds an endpoint to create new API key, similar to GraphQL mutation.
Issue:
https://github.com/storj/storj/issues/6139
Change-Id: I2b35d680fa8e019666c811ad3bdf16201e3b8946
This change adds an endpoint to get paged project API keys, similar to GraphQL query.
Issue:
https://github.com/storj/storj/issues/6138
Change-Id: I5dea9e4ac61e798cc8a2e56a2755d722c1b66bfa
This change adds an endpoint to get a user's projects, similar to
the MyProjects GraphQL query.
Issue: https://github.com/storj/storj/issues/6132
Change-Id: I91feb5a1ee8c1231a8a5e6de9b8dc5b256f857c5
This change extends the autofreeze chore to go through users who have
been warned/frozen to check if they have no failed invoices. If they do
not, this extension unwarns/unfreezes them.
Issue: https://github.com/storj/storj/issues/6077
Change-Id: I570b1d4b2e29574bd8b9ae37eb2d4fb41d178336
Another try to fix calculation of used bandwidth which is displayed on Project Dashboard.
This change sums up allocated-dead traffic for the last 3 days and settled traffic for the period which is earlier than 3 days ago.
Issue:
https://github.com/storj/storj-private/issues/293
Change-Id: I91e652eba69f81bd21e0d053ac170e2b926b3cb4
Fixed config value which indicates how many base units of US micro dollars are needed to auto upgrade user to paid tier.
Change-Id: I22821ac22fc3eaeeea21c6dec4e6912025df63aa
Added new functionality to query storjscan for all wallet transactions (including pending).
Added new endpoint to query all wallet transactions.
Issue:
https://github.com/storj/storj/issues/5978
Change-Id: Id15fddfc9c95efcaa32aa21403cb177f9297e1ab
Added new observer for billing chore to check user's balance and upgrade their account if balance is more than or equal to needed amount for upgrade.
Added new config value which stands for needed amount of base units of US micro dollars needed to upgrade user.
Issue:
https://github.com/storj/storj/issues/5978
Change-Id: Ic3992cd3114397bfdd9e231ca090ff21ca66648b
This change adds an extra step to the auto freeze chore to attempt
payment before freezing/warning a user.
It also attempts payment after modifying user's cards whether the user
is frozen/warned or not.
Issue: https://github.com/storj/storj-private/issues/341
Change-Id: Ia9c0c5a2d37837bca5153fe720fef61f1385cb15
This change adds request IDs to requests, logs them as part of audit
logs and sends to the client on error. This is to improve debugging
of customer issues.
Issue: https://github.com/storj/storj/issues/5898
Change-Id: I801514b547d28d810552d91aa7c8502051e552bf
This change creates the ability to run a server separate from the
console web server to serve the front end app. You can run it with
`satellite run ui`. Since there are now potentially two servers instead
of one, the UI server has the option to act as a reverse proxy to the
api server for local development by setting `--console.address` to the
console backend address and `--console.backend-reverse-proxy` to the
console backend's http url. Also, a feature flag has been implemented
on the api server to retain the ability to serve the front end app. It
is toggled with `--console.frontend-enable`.
github issue: https://github.com/storj/storj/issues/5843
Change-Id: I0d30451a20636e3184110dbe28c8a2a8a9505804
* Fixes backend to use only a user's owned projects to determine if the
user has hit the project limit
* Makes frontend logic consistent (and simpler) for checking whether to
send user to the "Create Project" modal or the "upgrade account or
request limit increase" modal
Before this change, projects that a user is a member of would be
included in determining whether the user could create a project. Also,
the "create project" button in the projects menu in the navbar of the UI
did not enable a free tier user to create a new project, even if they
had not hit their limits.
Change-Id: Ia776eb627ca37b83f5bc63bed83ee83c9f7cc789
This change fixes an issue where a new project member invitation would
silently replace an older one that has the same project ID and email if
the email did not belong to a registered user. Additionally, the
satellite frontend has been updated to display more descriptive error
messages for project member invitations.
Change-Id: I32b582c40c0028b8eedf2aed4b5bfb43501594b4
Updated upgrade account modal to show user account free tier limits instead of hardcoded values.
Issue:
https://github.com/storj/storj/issues/5939
Change-Id: I26ffbe2571c5ca4b37f02bec5211bac986bedc6a
This change properly encodes email addresses that are used as query
parameters in project invitation-related URLs.
Change-Id: Iaaf7b62b5ac3db3f0b0e000cc06fef8e315400a8
Added functionality to return only settled traffic from project_bandwidth_daily_rollups table for given month.
Updated {projectID}/usage-limits endpoint to return only settled bandwidth used.
This is a possible fix for this issue
https://github.com/storj/storj-private/issues/293
Change-Id: I12516dc898f449c2122e7442b8fbb88309a48ebe
The console DB cleanup chore has been extended to remove expired webapp
session records.
Resolves#5893
Change-Id: I455b4933552cfde86817a2ef8f9879dd7b0a121d
This change allows members without an account to be invited to a
project. The link in the invitation email will redirect these users to
the registration page containing custom text describing the invitation.
Resolves#5353
Change-Id: I6cba91e57c551ca13c7a9ae49150fc1d374cd6b5
The upgrade notification has been updated to adapt to mobile screens
accordance with our designs.
Additionally, an issue where the notification would display "0B free
included" when displayed in the All Projects Dashboard has been fixed.
Change-Id: Ic13b9426ab5d6529c9d7b2ad8446a17da74905b1
This change further restricts projects members from modifying project
details by restricting the project edit graphql mutation; making it
check if the user performing the operation is the owner of the project.
Change-Id: Iaf10d16269ddc29437d3d5629db06e20cea3004e
This change prevents project member invitation responses from deleting
expired project invitations. Previously, accepting or declining an
expired invitation cause it to be destroyed.
References #5752
Change-Id: Id3917fb825bffc3e8a262d5b541b907678db1809
This reverts 9c75316 which allowed the satellite console DB cleanup
chore to delete expired project member invitations. We now want such
invitations to be accessible indefinitely.
References #5752
Change-Id: I489a7e19df825dd14376d3d260b70b3eef643e03
The SQL transaction that inserted project invitations relied on the
error result of one of its statements in order to determine whether an
invitation should be updated. This was inappropriate since any errors
returned from a transaction statement should end the transaction
immediately. This change resolves that issue.
Change-Id: I354e430df293054d8583fb4faa5dc1bcf9053836
This change sends new passphrase created event for when passphrase is
created with the method by which it was; entered/generated
Issue: #5918
Change-Id: Ib485b6ff7a968d4c84bf124e14c14c91478f0dfb
Add some basic handling to set cross-origin resource sharing headers for
the satellite UI app handler as well as API endpoints used by the
satellite UI.
This change also removes some no-longer-necessary CORS functionality on
the account registration endpoint. Previously, these CORS headers were
used to enable account registration cross-origin from www.storj.io.
However, we have since removed the ability to sign up via www.storj.io.
With these changes, browsers will prevent any requests to the affected
endpoints, unless the browser is making the request from the same host
as the satellite.
see https://github.com/storj/storj-private/issues/242
Change-Id: Ifd98be4a142a2e61e26392d97242d911e051fe8a
Each project member invitation returned from our GraphQL API now
contains a field indicating whether the invitation has expired. This is
required for us to enable functionality in the satellite frontend that
is dependent on this information.
References #5752
Change-Id: I4b71738e7a7373c690de188614f8c95009bc3989
This change removes instances of project invitation deletion due to
expiration because we now want such invitations to be accessible beyond
their expiration date. In the future, project members will be able to
view and resend expired invitations within the Team page in the
satellite frontend.
References #5752
Change-Id: If24a9637945874d719b894a66c06f6e0e9805dfa
Added backend (for now) implementation for updating user's and projects's user_agent using admin API.
Updating both user and project also updates bucket_metainfo and value_attribution tables.
Issue:
https://github.com/storj/storj-private/issues/297
Change-Id: I40244bbaa08b46834c1b1d0720e7d84d0c2a0330
This change adds a new endpoint to verify the validity of an invite
link. It conditionally redirects to the login page with or without
whether the invite is valid.
Related: https://github.com/storj/storj/issues/5741
Change-Id: I587ef8ded67a9ea753e4edec1beeecd39c949922
Now that the table view has been implemented, the all projects dashboard
is ready to be turned on everywhere.
https://github.com/storj/storj/issues/5872
Change-Id: Iead684bf7d326d36d4d323eb63a3ed520602b4dc
This change slightly modifies the logic for serving the vuetify
frontend. After this change, if the config `console.use-vuetify-project`
is set to `true`, the Vuetify UI will be served at the `/vuetifypoc`
prefix. The POC is only project dashboard right now; the existing
login/registration pages must be used, but once the cookie is set, the
POC will work correctly.
Change-Id: I7725f23a0d2b04f274bab36d8be3370116687d1b
This change removes the obsolete project member paging code.
Previously, we implemented functionality for including project
invitations in pages of project members. However, the satellite
frontend still expected API responses to use the old paging style, so
the related code could not be removed right away. Now that the frontend
has been updated, this code is no longer necessary.
References #5855
Change-Id: I12fdaaeb869977c4d87a0d50b9a7b11c68552c82
This change adds a new endpoint that uses the new project invite flow's
functionality instead of directly adding users to a project's members.
Issue: https://github.com/storj/storj/issues/5741
Change-Id: I6734f7e95be07086387fb133d6bdfd95e47cf4d9
Added new endpoint, service method and DB query to get all API key names by provided project ID.
Issue:
https://github.com/storj/storj/issues/5693
Change-Id: I62e4e8ae660bd81234b75aa159a472a5aa9d5a48
This change causes users to be served only project member invitations
that have not expired. If expired invitations are encountered during
processing of an invitation listing request, they will be removed.
References #5855
Change-Id: I6f621305f4f0a993953eb40a4dbd2375493f02e3
Add some code to generate a basic markdown file documenting a generated
API. Generate this document for the API in
satellite/console/consoleweb/consoleapi/gen.
The documentation is not completely correct, as it may include some
values in the request body that are not actually usable by the
requester. This can be fixed by making sure all types used within the
generated API are properly annotated with `json` tags.
Issue: https://github.com/storj/storj-private/issues/244
Change-Id: I57b259967fb0db8f548b6598a10c825da15ba723
Project member invitations may now be requested through GraphQL
queries. This is necessary for the satellite frontend to display
invitations in the Team page.
References #5855
Change-Id: Ibc8526ba768fd82c1b1890201004ef0f066df2fc
The console service method responsible for removing members from a
project has been extended to remove project member invitations as well.
This will allow invitations to be deleted through the satellite
frontend.
References #5855
Change-Id: I90ca042cc6fb9a75fcd9b391e317caabb1c828f2
A method has been implemented that allows for paged searching through
project members and project member invitations. In the future, this
will be used to display invitations in the Team page of the satellite
frontend.
References #5855
Change-Id: I0937c425f60f1318e55202bf30b44a33ff695414
Built side Vuetify subproject inside web/satellite with limited functinality.
For now it has navigation side bar, simple project dashboard and team page (where you can list/add team members).
Issue:
https://github.com/storj/storj/issues/5854
Change-Id: I9ff3e80b8ace1dc31de6a788174c5ffc19f050f8
This change adds new email templates for project invites, one for
existing users, one for new users. It changes the project invite code
to use the new template for existing users.
Issue: https://github.com/storj/storj/issues/5860
Change-Id: Ic7b14a677277ea6c25ee527d03f709474fc05f83
We no longer use registration information in ways that could be
exploited by malicious agents, so filtering special characters is not
necessary and has been removed.
Resolves storj-private#133
Change-Id: I3eb4803c71ccb307b38f0288fe2af5eec70f8309
API endpoints and associated methods have been implemented to allow
users to accept or decline their pending project member invitations
through the satellite frontend.
References #5855
Change-Id: Ic23721c64a65e741dc1015838e617fd1af5c8ca4
This change limits the length of user input fields like search, email,
username. It also limits the receivable size of request payloads.
This is to prevent potential DDoS attacks resulting from receiving
large payloads.
Improvements are also made to the accounts page and register success
pages to display long names/emails better.
Issue: https://github.com/storj/storj-private/issues/201
Change-Id: I5d36eb83609b3605335a8d150b275c89deaf3b43
Added new gallery view for object browser.
It is behind new feature flag.
TODO: add options dropdown and modals
Issue:
https://github.com/storj/storj/issues/5824
Change-Id: I21829c599cd904b833eaf429690c66c3da306a0f
This change prevents the redirect to all projects dashboard when no
project is selected (if all projects dash is enabled).
Since a previously selected project id is saved in local storage, it is
used to store it's associated project in memory.
This change also makes a small change to a test that ignores potential
failures.
Issue: https://github.com/storj/storj/issues/5920
Change-Id: Ie758893dfb655893520c642fb47b934cd59f177e
Add a config flag (default false) to hide the new limit cards (e.g.
segment, storage, bandwidth limits) from the UI. We need to investigate
some queries the egress card is using before enabling these everywhere.
Change-Id: I762e7d9e6a0a4315f1520e688b2bad32b100e5a0
This change includes STORJ bonuses to the list of transactions returned
by the /wallet/payments endpoint.
Issue: https://github.com/storj/storj/issues/5755
Change-Id: Icc95c2cb9dd9fc5ee7a373e68c1cf8a991e1aa58
During billing, before invoice creation, check if users are part of a
package plan. If so, and if the package plan is expired, remove unused
credit from the user's balance. If the user has credit in addition to
the package credit, send an analytics event to notify someone to handle
the credit removal manually.
Change-Id: Iad71d791f67c9733f9d9e42f962c64b2780264cc
* Update defaults for gateway credentials URL and linksharing URL to use
storjsatelliteshare.io instead of storjshare.io
* Add new config for "public linksharing URL" and set it to
link.storjshare.io
* Use "private" linksharing URL for actions within the object browser
* Use "public" linksharing URL for sharing files externally
Resolves https://github.com/storj/storj/issues/5805
Change-Id: I2c8fbd04141755b4751dcf4d054253a7ff8d6cf3
The project member invitations table has been modified to contain a
column for the ID of the user who sent the invitation. This ID is
required for us to return information about the inviter to the
satellite frontend.
References #5855
Change-Id: I928d987a8db2340f731ca65ce30173d4f90a9837
The string check previously used to check for constraint errors is now
replaced with dbx.IsConstraintError check.
Change-Id: I553ccd69e3c02b6b54441bd9f929b85a155eaf00
Fix an error that can occur when processing multiple invoices for the same user in a single invoice cycle when the user is paying with Storj tokens.
Change-Id: I54af8c7dde1965d994f687fdfc4e4b5ef4deeb2d
w.Header().Set needs to be called before WriteHeader,
because WriteHeader sends all the headers and calls to
Set won't have any effect afterwards.
Change-Id: Ia6b1c5e2cd54201a6c3980d63de04a0095b2db9a
The console DB cleanup chore has been extended to remove old project
member invitation records.
Resolves#5816
Change-Id: Id0a748e40f5acf03b9b903265c653b072846ba19
A chore responsible for purging data from the console DB has been
implemented. Currently, it removes old records for unverified user
accounts. We plan to extend this functionality to include expired
project member invitations in the future.
Resolves#5790
References #5816
Change-Id: I1f3ef62fc96c10a42a383804b3b1d2846d7813f7
This change makes the error thrown when adding an existing member to a
project readable.
Issue: https://github.com/storj/storj/issues/5840
Change-Id: I4269495f9b7b09c77fbf1af1fc605e5c95bd7cbf
This change adds the user's passphrase prompt setting to the
/account/settings endpoints.
Issue: https://github.com/storj/storj/issues/5616
Change-Id: I48d470d49e82096fd090b74da323b279e342546e
Ensure that the value of "pricing packages enabled" flag on frontend is
the same as what is configured on the backend.
Change-Id: Id78771800a4973ebd3ad4e22f1953f6f71c75dd4
This change immplements methods for interacting with the project member
invitations table.
Resolves#5766
Change-Id: I0090c50f9fde5bcdae4ebdaa72cdcaa84d341b54
This change adds more tests to the autofreeze chore and the freeze
service according to the testplan linked in the issue below.
Issue: https://github.com/storj/storj/issues/5738
Change-Id: Ib2afaa283961b2e7ef6fb6e5613ee083ac7d79eb
This field is deprecated in favor of UserAgent; Removing these
references is the final step necessary before dropping the columns from
the database.
https: //github.com/storj/storj/issues/5432
Change-Id: I3a6619170dcf382f82dc8eddb73b6547eaf636f0
Currently when error.html is not available, we should still start the
server and fallback to some simpler implementation. This template does
not require any external assets.
Change-Id: I76b660db988987e1e9ebadd966f60e149f26ff24
This change separates hubspot form submission for personal and business
accounts, with new company name and storage needs fields.
Issue: https://github.com/storj/storj-private/issues/220
Change-Id: Ieb0fb64f87614c7327dc5f894140fb8a54ededa0
This change reverses behavior added by 45d5a93 that made the server
return a 500 status code when the index.html file for the satellite
frontend couldn't be loaded. The presence of this file was previously
intentionally optional.
Change-Id: I875a171a37b735c3523eb5b13d83f084f1781053
