chore(root): Release 2025-05-20 10:13 (#8346)

Author: github-actions[bot]

.cspell.json

@@ -733,14 +733,17 @@
     "oklch",
     "Duplicable",
     "Radek",
-    "automators", 
+    "automators",
     "VITE",
     "snooze",
     "unsnooze",
     "snoozed",
     "unsnoozed",
     "automators",
-    "calcom"
+    "Svix",
+    "totp",
+    "calcom",
+    "partnerintegration"
   ],
   "flagWords": [],
   "patterns": [

.source

@@ -43,7 +43,7 @@ See the docs for [Running on Local Machine - API Tests](https://docs.novu.co/com
 
 - Use the `@Get`, `@Post`, `@Put`, `@Delete` decorators to define the HTTP method.
 - Use the `@Param`, `@Query`, `@Body` decorators to define the parameters.
-- Use the `@UserAuthentication()` decorator to define the guards as well as make it accessible to novu web app.
+- Use the `@RequireAuthentication()` decorator to define the guards as well as make it accessible to novu web app.
 - Use the @ExternalApiAccessible decorator to define the endpoint as accessible by external API (Users with Api-Key) & The official Novu SDK.
 
 #### Naming conventions

apps/api/README.md

@@ -1,7 +1,6 @@
 /* eslint-disable no-console */
 import '../src/config';
 import { NestFactory } from '@nestjs/core';
-import { AppModule } from '../src/app.module';
 import {
   NotificationTemplateRepository,
   MessageTemplateRepository,
@@ -12,11 +11,12 @@ import {
   OrganizationRepository,
 } from '@novu/dal';
 import { ChangeEntityTypeEnum, MemberRoleEnum } from '@novu/shared';
+import { CreateChange, CreateChangeCommand } from '@novu/application-generic';
+import { AppModule } from '../src/app.module';
 import { CreateEnvironment } from '../src/app/environments-v1/usecases/create-environment/create-environment.usecase';
 import { CreateEnvironmentCommand } from '../src/app/environments-v1/usecases/create-environment/create-environment.command';
 import { ApplyChange } from '../src/app/change/usecases/apply-change/apply-change.usecase';
 import { ApplyChangeCommand } from '../src/app/change/usecases/apply-change/apply-change.command';
-import { CreateChange, CreateChangeCommand } from '@novu/application-generic';
 
 export async function run(): Promise<void> {
   console.log('Script started');
@@ -43,7 +43,7 @@ export async function run(): Promise<void> {
   for (const org of orgs) {
     console.log(`Migrating org ${org._id}`);
     const member = await memberRepository.findOne({
-      roles: MemberRoleEnum.ADMIN,
+      roles: MemberRoleEnum.OSS_ADMIN,
       _organizationId: org._id,
     });
 

apps/api/migrations/changes-migration.ts

@@ -1,6 +1,6 @@
 {
   "name": "@novu/api-service",
-  "version": "2.1.13",
+  "version": "2.2.0",
   "description": "description",
   "author": "",
   "private": "true",
@@ -102,6 +102,7 @@
     "rxjs": "7.8.1",
     "sanitize-html": "^2.4.0",
     "shortid": "^2.2.16",
+    "svix": "^1.24.0",
     "swagger-ui-express": "^4.4.0",
     "uuid": "^8.3.2",
     "zod": "^3.23.8",

apps/api/package.json

@@ -43,6 +43,7 @@ import { StorageModule } from './app/storage/storage.module';
 import { SubscribersModule } from './app/subscribers-v2/subscribers.module';
 import { SubscribersV1Module } from './app/subscribers/subscribersV1.module';
 import { SupportModule } from './app/support/support.module';
+import { WebhooksModule } from './app/webhooks/webhooks.module';
 import { TenantModule } from './app/tenant/tenant.module';
 import { TestingModule } from './app/testing/testing.module';
 import { TopicsV1Module } from './app/topics-v1/topics-v1.module';
@@ -63,6 +64,7 @@ const enterpriseImports = (): Array<Type | DynamicModule | Promise<DynamicModule
       modules.push(require('@novu/ee-billing')?.BillingModule.forRoot());
     }
     modules.push(SupportModule);
+    modules.push(WebhooksModule);
   }
 
   return modules;

apps/api/src/app.module.ts

@@ -1,16 +1,17 @@
 import { Body, Controller, HttpCode, HttpStatus, Post } from '@nestjs/common';
 import { ApiExcludeController } from '@nestjs/swagger';
 import { SkipThrottle } from '@nestjs/throttler';
-import { AnalyticsService, ExternalApiAccessible, UserSession } from '@novu/application-generic';
+import { AnalyticsService, ExternalApiAccessible, UserSession, SkipPermissionsCheck } from '@novu/application-generic';
 import { UserSessionData } from '@novu/shared';
-import { UserAuthentication } from '../shared/framework/swagger/api.key.security';
 import { HubspotIdentifyFormCommand } from './usecases/hubspot-identify-form/hubspot-identify-form.command';
 import { HubspotIdentifyFormUsecase } from './usecases/hubspot-identify-form/hubspot-identify-form.usecase';
+import { RequireAuthentication } from '../auth/framework/auth.decorator';
 
 @Controller({
   path: 'telemetry',
 })
 @SkipThrottle()
+@RequireAuthentication()
 @ApiExcludeController()
 export class AnalyticsController {
   constructor(
@@ -20,7 +21,7 @@ export class AnalyticsController {
 
   @Post('/measure')
   @ExternalApiAccessible()
-  @UserAuthentication()
+  @SkipPermissionsCheck()
   async trackEvent(@Body('event') event, @Body('data') data = {}, @UserSession() user: UserSessionData): Promise<any> {
     this.analyticsService.track(event, user._id, {
       ...(data || {}),
@@ -34,8 +35,8 @@ export class AnalyticsController {
 
   @Post('/identify')
   @ExternalApiAccessible()
-  @UserAuthentication()
   @HttpCode(HttpStatus.NO_CONTENT)
+  @SkipPermissionsCheck()
   async identifyUser(@Body() body: any, @UserSession() user: UserSessionData) {
     if (body.anonymousId) {
       this.analyticsService.alias(body.anonymousId, user._id);

apps/api/src/app/analytics/analytics.controller.ts

@@ -37,10 +37,10 @@ import { ApiCommonResponses } from '../shared/framework/response.decorator';
 import { UpdatePasswordBodyDto } from './dtos/update-password.dto';
 import { UpdatePassword } from './usecases/update-password/update-password.usecase';
 import { UpdatePasswordCommand } from './usecases/update-password/update-password.command';
-import { UserAuthentication } from '../shared/framework/swagger/api.key.security';
 import { SwitchOrganizationCommand } from './usecases/switch-organization/switch-organization.command';
 import { SwitchOrganization } from './usecases/switch-organization/switch-organization.usecase';
 import { AuthService } from './services/auth.service';
+import { RequireAuthentication } from './framework/auth.decorator';
 
 @ApiCommonResponses()
 @Controller('/auth')
@@ -89,7 +89,7 @@ export class AuthController {
   }
 
   @Get('/refresh')
-  @UserAuthentication()
+  @RequireAuthentication()
   @Header('Cache-Control', 'no-store')
   refreshToken(@UserSession() user: UserSessionData) {
     if (!user || !user._id) throw new BadRequestException();
@@ -148,7 +148,7 @@ export class AuthController {
   }
 
   @Post('/organizations/:organizationId/switch')
-  @UserAuthentication()
+  @RequireAuthentication()
   @HttpCode(200)
   @Header('Cache-Control', 'no-store')
   async organizationSwitch(@UserSession() user: UserSessionData, @Param('organizationId') organizationId: string) {
@@ -162,7 +162,7 @@ export class AuthController {
 
   @Post('/update-password')
   @Header('Cache-Control', 'no-store')
-  @UserAuthentication()
+  @RequireAuthentication()
   @HttpCode(HttpStatus.NO_CONTENT)
   async updatePassword(@UserSession() user: UserSessionData, @Body() body: UpdatePasswordBodyDto) {
     return await this.updatePasswordUsecase.execute(

apps/api/src/app/auth/auth.controller.ts

@@ -1,5 +1,5 @@
 import { MiddlewareConsumer, ModuleMetadata, Provider, RequestMethod } from '@nestjs/common';
-import { JwtModule, JwtService } from '@nestjs/jwt';
+import { JwtModule } from '@nestjs/jwt';
 import { PassportModule } from '@nestjs/passport';
 import passport from 'passport';
 import { AuthProviderEnum, PassportStrategyEnum } from '@novu/shared';
@@ -10,15 +10,12 @@ import { UserModule } from '../user/user.module';
 import { USE_CASES } from './usecases';
 import { SharedModule } from '../shared/shared.module';
 import { GitHubStrategy } from './services/passport/github.strategy';
-import { OrganizationModule } from '../organization/organization.module';
 import { EnvironmentsModuleV1 } from '../environments-v1/environments-v1.module';
 import { JwtSubscriberStrategy } from './services/passport/subscriber-jwt.strategy';
 import { RootEnvironmentGuard } from './framework/root-environment-guard.service';
 import { ApiKeyStrategy } from './services/passport/apikey.strategy';
 import { AuthService } from './services/auth.service';
-import { RolesGuard } from './framework/roles.guard';
 import { CommunityAuthService } from './services/community.auth.service';
-import { CommunityUserAuthGuard } from './framework/community.user.auth.guard';
 
 const AUTH_STRATEGIES: Provider[] = [JwtStrategy, ApiKeyStrategy, JwtSubscriberStrategy];
 
@@ -39,7 +36,7 @@ export function getCommunityAuthModuleConfig(): ModuleMetadata {
     }),
   ];
 
-  const baseProviders = [...AUTH_STRATEGIES, AuthService, RolesGuard, RootEnvironmentGuard];
+  const baseProviders = [...AUTH_STRATEGIES, AuthService, RootEnvironmentGuard];
 
   // Wherever is the string token used, override it with the provider
   const injectableProviders = [
@@ -59,22 +56,16 @@ export function getCommunityAuthModuleConfig(): ModuleMetadata {
       provide: 'AUTH_SERVICE',
       useClass: CommunityAuthService,
     },
-    {
-      provide: 'USER_AUTH_GUARD',
-      useClass: CommunityUserAuthGuard,
-    },
   ];
 
   return {
-    imports: [...baseImports, EnvironmentsModuleV1, SharedModule, UserModule, OrganizationModule],
+    imports: [...baseImports, EnvironmentsModuleV1, SharedModule, UserModule],
     controllers: [AuthController],
     providers: [...baseProviders, ...injectableProviders, ...USE_CASES],
     exports: [
-      RolesGuard,
       RootEnvironmentGuard,
       AuthService,
       'AUTH_SERVICE',
-      'USER_AUTH_GUARD',
       'USER_REPOSITORY',
       'MEMBER_REPOSITORY',
       'ORGANIZATION_REPOSITORY',

apps/api/src/app/auth/community.auth.module.config.ts

@@ -3,7 +3,7 @@ import { Test } from '@nestjs/testing';
 import { expect } from 'chai';
 import { EnvironmentRepository } from '@novu/dal';
 import sinon from 'sinon';
-import { ApiAuthSchemeEnum, UserSessionData } from '@novu/shared';
+import { ApiAuthSchemeEnum, MemberRoleEnum, UserSessionData, ALL_PERMISSIONS } from '@novu/shared';
 import { HttpRequestHeaderKeysEnum } from '@novu/application-generic';
 import { UnauthorizedException } from '@nestjs/common';
 
@@ -35,7 +35,8 @@ describe('ClerkStrategy', () => {
     lastName: 'Doe',
     profilePicture: 'https://example.com/profile.png',
     email: '[email protected]',
-    org_role: 'org:admin',
+    org_role: MemberRoleEnum.OWNER,
+    org_permissions: ALL_PERMISSIONS,
     externalId: undefined,
     externalOrgId: undefined,
   };
@@ -73,7 +74,8 @@ describe('ClerkStrategy', () => {
         lastName: 'Doe',
         email: '[email protected]',
         organizationId: 'internal-org-123',
-        roles: ['admin'],
+        roles: [MemberRoleEnum.OWNER],
+        permissions: ALL_PERMISSIONS,
         environmentId: 'env-123',
         scheme: ApiAuthSchemeEnum.BEARER,
       });