test: trigger only flow should not be publishable

.github/workflows/playwright.yml

@@ -12,9 +12,6 @@ on:
   workflow_dispatch:
 
 env:
-  BULLMQ_DASHBOARD_USERNAME: root
-  BULLMQ_DASHBOARD_PASSWORD: sample
-  ENABLE_BULLMQ_DASHBOARD: true
   ENCRYPTION_KEY: sample_encryption_key
   WEBHOOK_SECRET_KEY: sample_webhook_secret_key
   APP_SECRET_KEY: sample_app_secret_key
@@ -25,8 +22,8 @@ env:
   POSTGRES_PASSWORD: automatisch_password
   REDIS_HOST: localhost
   APP_ENV: production
-  PORT: 3000
   LICENSE_KEY: dummy_license_key
+  BACKEND_APP_URL: http://localhost:3000
 
 jobs:
   test:

packages/backend/package.json

@@ -23,6 +23,8 @@
   "dependencies": {
     "@bull-board/express": "^3.10.1",
     "@casl/ability": "^6.5.0",
+    "@graphql-tools/graphql-file-loader": "^7.3.4",
+    "@graphql-tools/load": "^7.5.2",
     "@node-saml/passport-saml": "^4.0.4",
     "@rudderstack/rudder-sdk-node": "^1.1.2",
     "@sentry/node": "^7.42.0",
@@ -39,7 +41,11 @@
     "express": "~4.18.2",
     "express-async-errors": "^3.1.1",
     "express-basic-auth": "^1.2.1",
+    "express-graphql": "^0.12.0",
     "fast-xml-parser": "^4.0.11",
+    "graphql-middleware": "^6.1.15",
+    "graphql-shield": "^7.5.0",
+    "graphql-tools": "^8.2.0",
     "handlebars": "^4.7.7",
     "http-errors": "~1.6.3",
     "http-proxy-agent": "^7.0.0",

packages/backend/src/apps/airtable/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   apiBaseUrl: 'https://api.airtable.com',
   iconUrl: '{BASE_URL}/apps/airtable/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/airtable/connection',
-  primaryColor: '#FFBF00',
+  primaryColor: 'FFBF00',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/appwrite/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   apiBaseUrl: 'https://cloud.appwrite.io',
   iconUrl: '{BASE_URL}/apps/appwrite/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/appwrite/connection',
-  primaryColor: '#FD366E',
+  primaryColor: 'FD366E',
   supportsConnections: true,
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,

packages/backend/src/apps/azure-openai/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   apiBaseUrl: '',
   iconUrl: '{BASE_URL}/apps/azure-openai/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/azure-openai/connection',
-  primaryColor: '#000000',
+  primaryColor: '000000',
   supportsConnections: true,
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,

packages/backend/src/apps/carbone/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://carbone.io',
   apiBaseUrl: 'https://api.carbone.io',
-  primaryColor: '#6f42c1',
+  primaryColor: '6f42c1',
   beforeRequest: [addAuthHeader],
   auth,
   actions,

packages/backend/src/apps/clickup/index.js

@@ -12,8 +12,8 @@ export default defineApp({
   baseUrl: 'https://clickup.com',
   apiBaseUrl: 'https://api.clickup.com/api',
   iconUrl: '{BASE_URL}/apps/clickup/assets/favicon.svg',
-  authDocUrl: '{DOCS_URL}/apps/clickup/connection',
-  primaryColor: '#FD71AF',
+  authDocUrl: 'https://automatisch.io/docs/apps/clickup/connection',
+  primaryColor: 'FD71AF',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/code/index.js

@@ -8,7 +8,7 @@ export default defineApp({
   apiBaseUrl: '',
   iconUrl: '{BASE_URL}/apps/code/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/code/connection',
-  primaryColor: '#000000',
+  primaryColor: '000000',
   supportsConnections: false,
   actions,
 });

packages/backend/src/apps/cryptography/index.js

@@ -9,6 +9,6 @@ export default defineApp({
   supportsConnections: false,
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '#001F52',
+  primaryColor: '001F52',
   actions,
 });

packages/backend/src/apps/datastore/index.js

@@ -9,6 +9,6 @@ export default defineApp({
   supportsConnections: false,
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '#001F52',
+  primaryColor: '001F52',
   actions,
 });

packages/backend/src/apps/deepl/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://deepl.com',
   apiBaseUrl: 'https://api.deepl.com',
-  primaryColor: '#0d2d45',
+  primaryColor: '0d2d45',
   beforeRequest: [addAuthHeader],
   auth,
   actions,

packages/backend/src/apps/delay/index.js

@@ -9,6 +9,6 @@ export default defineApp({
   supportsConnections: false,
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '#001F52',
+  primaryColor: '001F52',
   actions,
 });

packages/backend/src/apps/discord/index.js

@@ -14,7 +14,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://discord.com',
   apiBaseUrl: 'https://discord.com/api',
-  primaryColor: '#5865f2',
+  primaryColor: '5865f2',
   beforeRequest: [addAuthHeader],
   auth,
   dynamicData,

packages/backend/src/apps/disqus/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   apiBaseUrl: 'https://disqus.com/api',
   iconUrl: '{BASE_URL}/apps/disqus/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/disqus/connection',
-  primaryColor: '#2E9FFF',
+  primaryColor: '2E9FFF',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/dropbox/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://dropbox.com',
   apiBaseUrl: 'https://api.dropboxapi.com',
-  primaryColor: '#0061ff',
+  primaryColor: '0061ff',
   beforeRequest: [addAuthHeader],
   auth,
   actions,

packages/backend/src/apps/filter/index.js

@@ -9,6 +9,6 @@ export default defineApp({
   supportsConnections: false,
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '#001F52',
+  primaryColor: '001F52',
   actions,
 });

packages/backend/src/apps/flickr/index.js

@@ -10,7 +10,7 @@ export default defineApp({
   iconUrl: '{BASE_URL}/apps/flickr/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/flickr/connection',
   docUrl: 'https://automatisch.io/docs/flickr',
-  primaryColor: '#000000',
+  primaryColor: '000000',
   supportsConnections: true,
   baseUrl: 'https://www.flickr.com/',
   apiBaseUrl: 'https://www.flickr.com/services',

packages/backend/src/apps/flowers-software/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://flowers-software.com',
   apiBaseUrl: 'https://webapp.flowers-software.com/api',
-  primaryColor: '#02AFC7',
+  primaryColor: '02AFC7',
   beforeRequest: [addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/formatter/index.js

@@ -10,7 +10,7 @@ export default defineApp({
   supportsConnections: false,
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '#001F52',
+  primaryColor: '001F52',
   actions,
   dynamicFields,
 });

packages/backend/src/apps/ghost/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   apiBaseUrl: '',
   iconUrl: '{BASE_URL}/apps/ghost/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/ghost/connection',
-  primaryColor: '#15171A',
+  primaryColor: '15171A',
   supportsConnections: true,
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,

packages/backend/src/apps/github/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   apiBaseUrl: 'https://api.github.com',
   iconUrl: '{BASE_URL}/apps/github/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/github/connection',
-  primaryColor: '#000000',
+  primaryColor: '000000',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/gitlab/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   apiBaseUrl: 'https://gitlab.com',
   iconUrl: '{BASE_URL}/apps/gitlab/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/gitlab/connection',
-  primaryColor: '#FC6D26',
+  primaryColor: 'FC6D26',
   supportsConnections: true,
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,

packages/backend/src/apps/google-calendar/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   apiBaseUrl: 'https://www.googleapis.com/calendar',
   iconUrl: '{BASE_URL}/apps/google-calendar/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/google-calendar/connection',
-  primaryColor: '#448AFF',
+  primaryColor: '448AFF',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/google-drive/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   apiBaseUrl: 'https://www.googleapis.com/drive',
   iconUrl: '{BASE_URL}/apps/google-drive/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/google-drive/connection',
-  primaryColor: '#1FA463',
+  primaryColor: '1FA463',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/google-forms/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   apiBaseUrl: 'https://forms.googleapis.com',
   iconUrl: '{BASE_URL}/apps/google-forms/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/google-forms/connection',
-  primaryColor: '#673AB7',
+  primaryColor: '673AB7',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/google-sheets/index.js

@@ -13,7 +13,7 @@ export default defineApp({
   apiBaseUrl: 'https://sheets.googleapis.com',
   iconUrl: '{BASE_URL}/apps/google-sheets/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/google-sheets/connection',
-  primaryColor: '#0F9D58',
+  primaryColor: '0F9D58',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/google-tasks/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   apiBaseUrl: 'https://tasks.googleapis.com',
   iconUrl: '{BASE_URL}/apps/google-tasks/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/google-tasks/connection',
-  primaryColor: '#0066DA',
+  primaryColor: '0066DA',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/helix/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   apiBaseUrl: 'https://app.tryhelix.ai',
   iconUrl: '{BASE_URL}/apps/helix/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/helix/connection',
-  primaryColor: '#000000',
+  primaryColor: '000000',
   supportsConnections: true,
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,

packages/backend/src/apps/http-request/index.js

@@ -9,6 +9,6 @@ export default defineApp({
   supportsConnections: false,
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '#000000',
+  primaryColor: '000000',
   actions,
 });

packages/backend/src/apps/hubspot/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://www.hubspot.com',
   apiBaseUrl: 'https://api.hubapi.com',
-  primaryColor: '#F95C35',
+  primaryColor: 'F95C35',
   beforeRequest: [addAuthHeader],
   auth,
   actions,

packages/backend/src/apps/invoice-ninja/index.js

@@ -13,7 +13,7 @@ export default defineApp({
   apiBaseUrl: 'https://invoicing.co/api',
   iconUrl: '{BASE_URL}/apps/invoice-ninja/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/invoice-ninja/connection',
-  primaryColor: '#000000',
+  primaryColor: '000000',
   supportsConnections: true,
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,

packages/backend/src/apps/jotform/index.js

@@ -9,11 +9,11 @@ export default defineApp({
   name: 'Jotform',
   key: 'jotform',
   iconUrl: '{BASE_URL}/apps/jotform/assets/favicon.svg',
-  authDocUrl: '{DOCS_URL}/apps/jotform/connection',
+  authDocUrl: 'https://automatisch.io/docs/apps/jotform/connection',
   supportsConnections: true,
   baseUrl: 'https://www.jotform.com',
   apiBaseUrl: 'https://api.jotform.com',
-  primaryColor: '#FF6100',
+  primaryColor: 'FF6100',
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/mailchimp/index.js

@@ -12,8 +12,8 @@ export default defineApp({
   baseUrl: 'https://mailchimp.com',
   apiBaseUrl: '',
   iconUrl: '{BASE_URL}/apps/mailchimp/assets/favicon.svg',
-  authDocUrl: '{DOCS_URL}/apps/mailchimp/connection',
-  primaryColor: '#000000',
+  authDocUrl: 'https://automatisch.io/docs/apps/mailchimp/connection',
+  primaryColor: '000000',
   supportsConnections: true,
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,

packages/backend/src/apps/mailerlite/index.js

@@ -7,11 +7,11 @@ export default defineApp({
   name: 'MailerLite',
   key: 'mailerlite',
   iconUrl: '{BASE_URL}/apps/mailerlite/assets/favicon.svg',
-  authDocUrl: '{DOCS_URL}/apps/mailerlite/connection',
+  authDocUrl: 'https://automatisch.io/docs/apps/mailerlite/connection',
   supportsConnections: true,
   baseUrl: 'https://www.mailerlite.com',
   apiBaseUrl: 'https://connect.mailerlite.com/api',
-  primaryColor: '#09C269',
+  primaryColor: '09C269',
   beforeRequest: [addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/mattermost/index.js

@@ -13,7 +13,7 @@ export default defineApp({
   authDocUrl: '{DOCS_URL}/apps/mattermost/connection',
   baseUrl: 'https://mattermost.com',
   apiBaseUrl: '', // there is no cloud version of this app, user always need to provide address of own instance when creating connection
-  primaryColor: '#4a154b',
+  primaryColor: '4a154b',
   supportsConnections: true,
   beforeRequest: [setBaseUrl, addXRequestedWithHeader, addAuthHeader],
   auth,

packages/backend/src/apps/miro/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   apiBaseUrl: 'https://api.miro.com',
   iconUrl: '{BASE_URL}/apps/miro/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/miro/connection',
-  primaryColor: '#F2CA02',
+  primaryColor: 'F2CA02',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/notion/index.js

@@ -13,7 +13,7 @@ export default defineApp({
   apiBaseUrl: 'https://api.notion.com',
   iconUrl: '{BASE_URL}/apps/notion/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/notion/connection',
-  primaryColor: '#000000',
+  primaryColor: '000000',
   supportsConnections: true,
   beforeRequest: [addAuthHeader, addNotionVersionHeader],
   auth,

packages/backend/src/apps/ntfy/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://ntfy.sh',
   apiBaseUrl: 'https://ntfy.sh',
-  primaryColor: '#56bda8',
+  primaryColor: '56bda8',
   beforeRequest: [addAuthHeader],
   auth,
   actions,

packages/backend/src/apps/odoo/index.js

@@ -10,7 +10,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://odoo.com',
   apiBaseUrl: '',
-  primaryColor: '#9c5789',
+  primaryColor: '9c5789',
   auth,
   actions,
 });

packages/backend/src/apps/openai/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   apiBaseUrl: 'https://api.openai.com',
   iconUrl: '{BASE_URL}/apps/openai/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/openai/connection',
-  primaryColor: '#000000',
+  primaryColor: '000000',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/pipedrive/index.js

@@ -13,7 +13,7 @@ export default defineApp({
   apiBaseUrl: '',
   iconUrl: '{BASE_URL}/apps/pipedrive/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/pipedrive/connection',
-  primaryColor: '#FFFFFF',
+  primaryColor: 'FFFFFF',
   supportsConnections: true,
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,

packages/backend/src/apps/placetel/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://placetel.de',
   apiBaseUrl: 'https://api.placetel.de',
-  primaryColor: '#069dd9',
+  primaryColor: '069dd9',
   beforeRequest: [addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/postgresql/index.js

@@ -10,7 +10,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '#336791',
+  primaryColor: '336791',
   auth,
   actions,
 });

packages/backend/src/apps/pushover/index.js

@@ -10,7 +10,7 @@ export default defineApp({
   apiBaseUrl: 'https://api.pushover.net',
   iconUrl: '{BASE_URL}/apps/pushover/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/pushover/connection',
-  primaryColor: '#249DF1',
+  primaryColor: '249DF1',
   supportsConnections: true,
   auth,
   actions,

packages/backend/src/apps/reddit/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   apiBaseUrl: 'https://oauth.reddit.com',
   iconUrl: '{BASE_URL}/apps/reddit/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/reddit/connection',
-  primaryColor: '#FF4500',
+  primaryColor: 'FF4500',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/removebg/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://www.remove.bg',
   apiBaseUrl: 'https://api.remove.bg/v1.0',
-  primaryColor: '#55636c',
+  primaryColor: '55636c',
   beforeRequest: [addAuthHeader],
   auth,
   actions,

packages/backend/src/apps/rss/index.js

@@ -9,6 +9,6 @@ export default defineApp({
   supportsConnections: false,
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '#ff8800',
+  primaryColor: 'ff8800',
   triggers,
 });

packages/backend/src/apps/salesforce/index.js

@@ -13,7 +13,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://salesforce.com',
   apiBaseUrl: '',
-  primaryColor: '#00A1E0',
+  primaryColor: '00A1E0',
   beforeRequest: [addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/scheduler/index.js

@@ -9,7 +9,7 @@ export default defineApp({
   authDocUrl: '{DOCS_URL}/apps/scheduler/connection',
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '#0059F7',
+  primaryColor: '0059F7',
   supportsConnections: false,
   triggers,
 });

packages/backend/src/apps/self-hosted-llm/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   apiBaseUrl: '',
   iconUrl: '{BASE_URL}/apps/self-hosted-llm/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/self-hosted-llm/connection',
-  primaryColor: '#000000',
+  primaryColor: '000000',
   supportsConnections: true,
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,

packages/backend/src/apps/signalwire/index.js

@@ -13,7 +13,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://signalwire.com',
   apiBaseUrl: '',
-  primaryColor: '#044cf6',
+  primaryColor: '044cf6',
   beforeRequest: [addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/slack/index.js

@@ -13,7 +13,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://slack.com',
   apiBaseUrl: 'https://slack.com/api',
-  primaryColor: '#4a154b',
+  primaryColor: '4a154b',
   beforeRequest: [addAuthHeader],
   auth,
   actions,

packages/backend/src/apps/smtp/index.js

@@ -10,7 +10,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '#2DAAE1',
+  primaryColor: '2DAAE1',
   auth,
   actions,
 });

packages/backend/src/apps/spotify/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://spotify.com',
   apiBaseUrl: 'https://api.spotify.com',
-  primaryColor: '#000000',
+  primaryColor: '000000',
   beforeRequest: [addAuthHeader],
   auth,
   actions,

packages/backend/src/apps/strava/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://www.strava.com',
   apiBaseUrl: 'https://www.strava.com/api',
-  primaryColor: '#fc4c01',
+  primaryColor: 'fc4c01',
   beforeRequest: [addAuthHeader],
   auth,
   actions,

packages/backend/src/apps/stripe/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://stripe.com',
   apiBaseUrl: 'https://api.stripe.com',
-  primaryColor: '#635bff',
+  primaryColor: '635bff',
   beforeRequest: [addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/telegram-bot/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://telegram.org',
   apiBaseUrl: 'https://api.telegram.org',
-  primaryColor: '#2AABEE',
+  primaryColor: '2AABEE',
   beforeRequest: [addAuthHeader],
   auth,
   actions,

packages/backend/src/apps/todoist/index.js

@@ -13,7 +13,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://todoist.com',
   apiBaseUrl: 'https://api.todoist.com/rest/v2',
-  primaryColor: '#e44332',
+  primaryColor: 'e44332',
   beforeRequest: [addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/trello/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   iconUrl: '{BASE_URL}/apps/trello/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/trello/connection',
   supportsConnections: true,
-  primaryColor: '#0079bf',
+  primaryColor: '0079bf',
   beforeRequest: [addAuthHeader],
   auth,
   actions,

packages/backend/src/apps/twilio/index.js

@@ -13,7 +13,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://twilio.com',
   apiBaseUrl: 'https://api.twilio.com',
-  primaryColor: '#e1000f',
+  primaryColor: 'e1000f',
   beforeRequest: [addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/twitter/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://twitter.com',
   apiBaseUrl: 'https://api.twitter.com',
-  primaryColor: '#1da1f2',
+  primaryColor: '1da1f2',
   beforeRequest: [addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/typeform/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://typeform.com',
   apiBaseUrl: 'https://api.typeform.com',
-  primaryColor: '#262627',
+  primaryColor: '262627',
   beforeRequest: [addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/vtiger-crm/index.js

@@ -14,7 +14,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '#39a86d',
+  primaryColor: '39a86d',
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/webhook/index.js

@@ -10,7 +10,7 @@ export default defineApp({
   supportsConnections: false,
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '#0059F7',
+  primaryColor: '0059F7',
   actions,
   triggers,
 });

packages/backend/src/apps/wordpress/index.js

@@ -13,7 +13,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://wordpress.com',
   apiBaseUrl: '',
-  primaryColor: '#464342',
+  primaryColor: '464342',
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/xero/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   apiBaseUrl: 'https://api.xero.com',
   iconUrl: '{BASE_URL}/apps/xero/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/xero/connection',
-  primaryColor: '#13B5EA',
+  primaryColor: '13B5EA',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/you-need-a-budget/index.js

@@ -10,7 +10,7 @@ export default defineApp({
   apiBaseUrl: 'https://api.ynab.com/v1',
   iconUrl: '{BASE_URL}/apps/you-need-a-budget/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/you-need-a-budget/connection',
-  primaryColor: '#19223C',
+  primaryColor: '19223C',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/youtube/index.js

@@ -10,7 +10,7 @@ export default defineApp({
   apiBaseUrl: 'https://www.googleapis.com/youtube',
   iconUrl: '{BASE_URL}/apps/youtube/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/youtube/connection',
-  primaryColor: '#FF0000',
+  primaryColor: 'FF0000',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/zendesk/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   apiBaseUrl: '',
   iconUrl: '{BASE_URL}/apps/zendesk/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/zendesk/connection',
-  primaryColor: '#17494d',
+  primaryColor: '17494d',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/controllers/api/v1/admin/config/update.ee.js

@@ -1,28 +1,23 @@
+import pick from 'lodash/pick.js';
 import { renderObject } from '../../../../../helpers/renderer.js';
 import Config from '../../../../../models/config.js';
 
 export default async (request, response) => {
-  const config = await Config.query().updateFirstOrInsert(
-    configParams(request)
-  );
+  const config = configParams(request);
+
+  await Config.batchUpdate(config);
 
   renderObject(response, config);
 };
 
 const configParams = (request) => {
-  const {
-    logoSvgData,
-    palettePrimaryDark,
-    palettePrimaryLight,
-    palettePrimaryMain,
-    title,
-  } = request.body;
+  const updatableConfigurationKeys = [
+    'logo.svgData',
+    'palette.primary.dark',
+    'palette.primary.light',
+    'palette.primary.main',
+    'title',
+  ];
 
-  return {
-    logoSvgData,
-    palettePrimaryDark,
-    palettePrimaryLight,
-    palettePrimaryMain,
-    title,
-  };
+  return pick(request.body, updatableConfigurationKeys);
 };

packages/backend/src/controllers/api/v1/admin/config/update.ee.test.js

@@ -5,7 +5,7 @@ import app from '../../../../../app.js';
 import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id.js';
 import { createUser } from '../../../../../../test/factories/user.js';
 import { createRole } from '../../../../../../test/factories/role.js';
-import { updateConfig } from '../../../../../../test/factories/config.js';
+import { createBulkConfig } from '../../../../../../test/factories/config.js';
 import * as license from '../../../../../helpers/license.ee.js';
 
 describe('PATCH /api/v1/admin/config', () => {
@@ -30,13 +30,13 @@ describe('PATCH /api/v1/admin/config', () => {
 
     const appConfig = {
       title,
-      palettePrimaryMain: palettePrimaryMain,
-      palettePrimaryDark: palettePrimaryDark,
-      palettePrimaryLight: palettePrimaryLight,
-      logoSvgData: logoSvgData,
+      'palette.primary.main': palettePrimaryMain,
+      'palette.primary.dark': palettePrimaryDark,
+      'palette.primary.light': palettePrimaryLight,
+      'logo.svgData': logoSvgData,
     };
 
-    await updateConfig(appConfig);
+    await createBulkConfig(appConfig);
 
     const newTitle = 'Updated title';
 
@@ -51,7 +51,7 @@ describe('PATCH /api/v1/admin/config', () => {
       .expect(200);
 
     expect(response.body.data.title).toEqual(newTitle);
-    expect(response.body.meta.type).toEqual('Config');
+    expect(response.body.meta.type).toEqual('Object');
   });
 
   it('should return created config for unexisting config', async () => {
@@ -68,7 +68,7 @@ describe('PATCH /api/v1/admin/config', () => {
       .expect(200);
 
     expect(response.body.data.title).toEqual(newTitle);
-    expect(response.body.meta.type).toEqual('Config');
+    expect(response.body.meta.type).toEqual('Object');
   });
 
   it('should return null for deleted config entry', async () => {
@@ -83,6 +83,6 @@ describe('PATCH /api/v1/admin/config', () => {
       .expect(200);
 
     expect(response.body.data.title).toBeNull();
-    expect(response.body.meta.type).toEqual('Config');
+    expect(response.body.meta.type).toEqual('Object');
   });
 });

packages/backend/src/controllers/api/v1/automatisch/config.ee.js

@@ -1,8 +1,25 @@
+import appConfig from '../../../../config/app.js';
 import Config from '../../../../models/config.js';
 import { renderObject } from '../../../../helpers/renderer.js';
 
 export default async (request, response) => {
-  const config = await Config.get();
+  const defaultConfig = {
+    disableNotificationsPage: appConfig.disableNotificationsPage,
+    disableFavicon: appConfig.disableFavicon,
+    additionalDrawerLink: appConfig.additionalDrawerLink,
+    additionalDrawerLinkIcon: appConfig.additionalDrawerLinkIcon,
+    additionalDrawerLinkText: appConfig.additionalDrawerLinkText,
+  };
+
+  let config = await Config.query().orderBy('key', 'asc');
+
+  config = config.reduce((computedConfig, configEntry) => {
+    const { key, value } = configEntry;
+
+    computedConfig[key] = value?.data;
+
+    return computedConfig;
+  }, defaultConfig);
 
   renderObject(response, config);
 };

packages/backend/src/controllers/api/v1/automatisch/config.ee.test.js

@@ -1,47 +1,66 @@
 import { vi, expect, describe, it } from 'vitest';
 import request from 'supertest';
-import { updateConfig } from '../../../../../test/factories/config.js';
+import { createConfig } from '../../../../../test/factories/config.js';
 import app from '../../../../app.js';
 import configMock from '../../../../../test/mocks/rest/api/v1/automatisch/config.js';
 import * as license from '../../../../helpers/license.ee.js';
 import appConfig from '../../../../config/app.js';
 
 describe('GET /api/v1/automatisch/config', () => {
-  it('should return Automatisch config along with static config', async () => {
+  it('should return Automatisch config', async () => {
     vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
-    vi.spyOn(appConfig, 'disableNotificationsPage', 'get').mockReturnValue(
-      true
-    );
-    vi.spyOn(appConfig, 'disableFavicon', 'get').mockReturnValue(true);
-    vi.spyOn(appConfig, 'additionalDrawerLink', 'get').mockReturnValue('link');
-    vi.spyOn(appConfig, 'additionalDrawerLinkIcon', 'get').mockReturnValue(
-      'icon'
-    );
-    vi.spyOn(appConfig, 'additionalDrawerLinkText', 'get').mockReturnValue(
-      'text'
-    );
 
-    const config = await updateConfig({
-      logoSvgData: '<svg>Sample</svg>',
-      palettePrimaryDark: '#001f52',
-      palettePrimaryLight: '#4286FF',
-      palettePrimaryMain: '#0059F7',
-      title: 'Sample Title',
+    const logoConfig = await createConfig({
+      key: 'logo.svgData',
+      value: { data: '<svg>Sample</svg>' },
+    });
+
+    const primaryDarkConfig = await createConfig({
+      key: 'palette.primary.dark',
+      value: { data: '#001F52' },
+    });
+
+    const primaryLightConfig = await createConfig({
+      key: 'palette.primary.light',
+      value: { data: '#4286FF' },
+    });
+
+    const primaryMainConfig = await createConfig({
+      key: 'palette.primary.main',
+      value: { data: '#0059F7' },
+    });
+
+    const titleConfig = await createConfig({
+      key: 'title',
+      value: { data: 'Sample Title' },
     });
 
     const response = await request(app)
       .get('/api/v1/automatisch/config')
       .expect(200);
 
-    const expectedPayload = configMock({
-      ...config,
-      disableNotificationsPage: true,
-      disableFavicon: true,
-      additionalDrawerLink: 'link',
-      additionalDrawerLinkIcon: 'icon',
-      additionalDrawerLinkText: 'text',
-    });
+    const expectedPayload = configMock(
+      logoConfig,
+      primaryDarkConfig,
+      primaryLightConfig,
+      primaryMainConfig,
+      titleConfig
+    );
 
-    expect(response.body).toStrictEqual(expectedPayload);
+    expect(response.body).toEqual(expectedPayload);
+  });
+
+  it('should return additional environment variables', async () => {
+    vi.spyOn(appConfig, 'disableNotificationsPage', 'get').mockReturnValue(true);
+    vi.spyOn(appConfig, 'disableFavicon', 'get').mockReturnValue(true);
+    vi.spyOn(appConfig, 'additionalDrawerLink', 'get').mockReturnValue('link');
+    vi.spyOn(appConfig, 'additionalDrawerLinkIcon', 'get').mockReturnValue('icon');
+    vi.spyOn(appConfig, 'additionalDrawerLinkText', 'get').mockReturnValue('text');
+
+    expect(appConfig.disableNotificationsPage).toEqual(true);
+    expect(appConfig.disableFavicon).toEqual(true);
+    expect(appConfig.additionalDrawerLink).toEqual('link');
+    expect(appConfig.additionalDrawerLinkIcon).toEqual('icon');
+    expect(appConfig.additionalDrawerLinkText).toEqual('text');
   });
 });

packages/backend/src/controllers/api/v1/installation/users/create-user.test.js

@@ -5,7 +5,7 @@ import Config from '../../../../../models/config.js';
 import User from '../../../../../models/user.js';
 import { createRole } from '../../../../../../test/factories/role';
 import { createUser } from '../../../../../../test/factories/user';
-import { markInstallationCompleted } from '../../../../../../test/factories/config';
+import { createInstallationCompletedConfig } from '../../../../../../test/factories/config';
 
 describe('POST /api/v1/installation/users', () => {
   let adminRole;
@@ -59,7 +59,7 @@ describe('POST /api/v1/installation/users', () => {
 
   describe('for completed installations', () => {
     beforeEach(async () => {
-      await markInstallationCompleted();
+      await createInstallationCompletedConfig();
     });
 
     it('should respond with HTTP 403 when installation completed', async () => {

packages/backend/src/controllers/api/v1/steps/create-dynamic-data.test.js

@@ -169,7 +169,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-data', () => {
           dynamicDataKey: 'listRepos',
           parameters: {},
         })
-        .expect(422);
+        .expect(200);
 
       expect(response.body.errors).toEqual(errors);
     });

packages/backend/src/db/migrations/20240919100138_make_config_single_record.js

@@ -1,105 +0,0 @@
-export async function up(knex) {
-  await knex.schema.alterTable('config', (table) => {
-    table.dropUnique('key');
-
-    table.string('key').nullable().alter();
-    table.boolean('installation_completed').defaultTo(false);
-    table.text('logo_svg_data');
-    table.text('palette_primary_dark');
-    table.text('palette_primary_light');
-    table.text('palette_primary_main');
-    table.string('title');
-  });
-
-  const config = await knex('config').select('key', 'value');
-
-  const newConfigData = {
-    logo_svg_data: getValueForKey(config, 'logo.svgData'),
-    palette_primary_dark: getValueForKey(config, 'palette.primary.dark'),
-    palette_primary_light: getValueForKey(config, 'palette.primary.light'),
-    palette_primary_main: getValueForKey(config, 'palette.primary.main'),
-    title: getValueForKey(config, 'title'),
-    installation_completed: getValueForKey(config, 'installation.completed'),
-  };
-
-  const [configEntry] = await knex('config')
-    .insert(newConfigData)
-    .select('id')
-    .returning('id');
-
-  await knex('config').where('id', '!=', configEntry.id).delete();
-
-  await knex.schema.alterTable('config', (table) => {
-    table.dropColumn('key');
-    table.dropColumn('value');
-  });
-}
-
-export async function down(knex) {
-  await knex.schema.alterTable('config', (table) => {
-    table.string('key');
-    table.jsonb('value').notNullable().defaultTo({});
-  });
-
-  const configRow = await knex('config').first();
-
-  const config = [
-    {
-      key: 'logo.svgData',
-      value: {
-        data: configRow.logo_svg_data,
-      },
-    },
-    {
-      key: 'palette.primary.dark',
-      value: {
-        data: configRow.palette_primary_dark,
-      },
-    },
-    {
-      key: 'palette.primary.light',
-      value: {
-        data: configRow.palette_primary_light,
-      },
-    },
-    {
-      key: 'palette.primary.main',
-      value: {
-        data: configRow.palette_primary_main,
-      },
-    },
-    {
-      key: 'title',
-      value: {
-        data: configRow.title,
-      },
-    },
-    {
-      key: 'installation.completed',
-      value: {
-        data: configRow.installation_completed,
-      },
-    },
-  ];
-
-  await knex('config').insert(config).returning('id');
-
-  await knex('config').where('id', '=', configRow.id).delete();
-
-  await knex.schema.alterTable('config', (table) => {
-    table.dropColumn('installation_completed');
-    table.dropColumn('logo_svg_data');
-    table.dropColumn('palette_primary_dark');
-    table.dropColumn('palette_primary_light');
-    table.dropColumn('palette_primary_main');
-    table.dropColumn('title');
-
-    table.string('key').unique().notNullable().alter();
-  });
-}
-
-function getValueForKey(rows, key) {
-  const row = rows.find((row) => row.key === key);
-
-  return row?.value?.data || null;
-}

packages/backend/src/graphql/mutation-resolvers.js

@@ -0,0 +1,20 @@
+// Converted mutations
+import executeFlow from './mutations/execute-flow.js';
+import verifyConnection from './mutations/verify-connection.js';
+import updateCurrentUser from './mutations/update-current-user.js';
+import generateAuthUrl from './mutations/generate-auth-url.js';
+import createConnection from './mutations/create-connection.js';
+import resetConnection from './mutations/reset-connection.js';
+import updateConnection from './mutations/update-connection.js';
+
+const mutationResolvers = {
+  createConnection,
+  executeFlow,
+  generateAuthUrl,
+  resetConnection,
+  updateConnection,
+  updateCurrentUser,
+  verifyConnection,
+};
+
+export default mutationResolvers;

packages/backend/src/graphql/mutations/create-connection.js

@@ -0,0 +1,48 @@
+import App from '../../models/app.js';
+import AppConfig from '../../models/app-config.js';
+
+const createConnection = async (_parent, params, context) => {
+  context.currentUser.can('create', 'Connection');
+
+  const { key, appAuthClientId } = params.input;
+
+  const app = await App.findOneByKey(key);
+
+  const appConfig = await AppConfig.query().findOne({ key });
+
+  let formattedData = params.input.formattedData;
+  if (appConfig) {
+    if (appConfig.disabled)
+      throw new Error(
+        'This application has been disabled for new connections!'
+      );
+
+    if (!appConfig.allowCustomConnection && formattedData)
+      throw new Error(`Custom connections cannot be created for ${app.name}!`);
+
+    if (appConfig.shared && !formattedData) {
+      const authClient = await appConfig
+        .$relatedQuery('appAuthClients')
+        .findById(appAuthClientId)
+        .where({
+          active: true,
+        })
+        .throwIfNotFound();
+
+      formattedData = authClient.formattedAuthDefaults;
+    }
+  }
+
+  const createdConnection = await context.currentUser
+    .$relatedQuery('connections')
+    .insert({
+      key,
+      appAuthClientId,
+      formattedData,
+      verified: false,
+    });
+
+  return createdConnection;
+};
+
+export default createConnection;

packages/backend/src/graphql/mutations/delete-app-auth-client.ee.js

@@ -0,0 +1,16 @@
+import AppAuthClient from '../../models/app-auth-client';
+
+const deleteAppAuthClient = async (_parent, params, context) => {
+  context.currentUser.can('delete', 'App');
+
+  await AppAuthClient.query()
+    .delete()
+    .findOne({
+      id: params.input.id,
+    })
+    .throwIfNotFound();
+
+  return;
+};
+
+export default deleteAppAuthClient;

packages/backend/src/graphql/mutations/execute-flow.js

@@ -0,0 +1,28 @@
+import testRun from '../../services/test-run.js';
+import Step from '../../models/step.js';
+
+const executeFlow = async (_parent, params, context) => {
+  const conditions = context.currentUser.can('update', 'Flow');
+  const isCreator = conditions.isCreator;
+  const allSteps = Step.query();
+  const userSteps = context.currentUser.$relatedQuery('steps');
+  const baseQuery = isCreator ? userSteps : allSteps;
+
+  const { stepId } = params.input;
+
+  const untilStep = await baseQuery.clone().findById(stepId).throwIfNotFound();
+
+  const { executionStep } = await testRun({ stepId });
+
+  if (executionStep.isFailed) {
+    throw new Error(JSON.stringify(executionStep.errorDetails));
+  }
+
+  await untilStep.$query().patch({
+    status: 'completed',
+  });
+
+  return { data: executionStep.dataOut, step: untilStep };
+};
+
+export default executeFlow;

packages/backend/src/graphql/mutations/generate-auth-url.js

@@ -0,0 +1,30 @@
+import globalVariable from '../../helpers/global-variable.js';
+import App from '../../models/app.js';
+
+const generateAuthUrl = async (_parent, params, context) => {
+  context.currentUser.can('create', 'Connection');
+
+  const connection = await context.currentUser
+    .$relatedQuery('connections')
+    .findOne({
+      id: params.input.id,
+    })
+    .throwIfNotFound();
+
+  if (!connection.formattedData) {
+    return null;
+  }
+
+  const authInstance = (
+    await import(`../../apps/${connection.key}/auth/index.js`)
+  ).default;
+
+  const app = await App.findOneByKey(connection.key);
+
+  const $ = await globalVariable({ connection, app });
+  await authInstance.generateAuthUrl($);
+
+  return connection.formattedData;
+};
+
+export default generateAuthUrl;

packages/backend/src/graphql/mutations/reset-connection.js

@@ -0,0 +1,22 @@
+const resetConnection = async (_parent, params, context) => {
+  context.currentUser.can('create', 'Connection');
+
+  let connection = await context.currentUser
+    .$relatedQuery('connections')
+    .findOne({
+      id: params.input.id,
+    })
+    .throwIfNotFound();
+
+  if (!connection.formattedData) {
+    return null;
+  }
+
+  connection = await connection.$query().patchAndFetch({
+    formattedData: { screenName: connection.formattedData.screenName },
+  });
+
+  return connection;
+};
+
+export default resetConnection;

packages/backend/src/graphql/mutations/update-connection.js

@@ -0,0 +1,33 @@
+import AppAuthClient from '../../models/app-auth-client.js';
+
+const updateConnection = async (_parent, params, context) => {
+  context.currentUser.can('create', 'Connection');
+
+  let connection = await context.currentUser
+    .$relatedQuery('connections')
+    .findOne({
+      id: params.input.id,
+    })
+    .throwIfNotFound();
+
+  let formattedData = params.input.formattedData;
+
+  if (params.input.appAuthClientId) {
+    const appAuthClient = await AppAuthClient.query()
+      .findById(params.input.appAuthClientId)
+      .throwIfNotFound();
+
+    formattedData = appAuthClient.formattedAuthDefaults;
+  }
+
+  connection = await connection.$query().patchAndFetch({
+    formattedData: {
+      ...connection.formattedData,
+      ...formattedData,
+    },
+  });
+
+  return connection;
+};
+
+export default updateConnection;

packages/backend/src/graphql/mutations/update-current-user.js

@@ -0,0 +1,11 @@
+const updateCurrentUser = async (_parent, params, context) => {
+  const user = await context.currentUser.$query().patchAndFetch({
+    email: params.input.email,
+    password: params.input.password,
+    fullName: params.input.fullName,
+  });
+
+  return user;
+};
+
+export default updateCurrentUser;

packages/backend/src/graphql/mutations/update-flow.js

@@ -0,0 +1,18 @@
+const updateFlow = async (_parent, params, context) => {
+  context.currentUser.can('update', 'Flow');
+
+  let flow = await context.currentUser
+    .$relatedQuery('flows')
+    .findOne({
+      id: params.input.id,
+    })
+    .throwIfNotFound();
+
+  flow = await flow.$query().patchAndFetch({
+    name: params.input.name,
+  });
+
+  return flow;
+};
+
+export default updateFlow;

packages/backend/src/graphql/mutations/update-role.ee.js

@@ -0,0 +1,62 @@
+import Role from '../../models/role.js';
+import Permission from '../../models/permission.js';
+import permissionCatalog from '../../helpers/permission-catalog.ee.js';
+
+const updateRole = async (_parent, params, context) => {
+  context.currentUser.can('update', 'Role');
+
+  const { id, name, description, permissions } = params.input;
+
+  const role = await Role.query().findById(id).throwIfNotFound();
+
+  try {
+    const updatedRole = await Role.transaction(async (trx) => {
+      await role.$relatedQuery('permissions', trx).delete();
+
+      if (permissions?.length) {
+        const sanitizedPermissions = permissions
+          .filter((permission) => {
+            const { action, subject, conditions } = permission;
+
+            const relevantAction = permissionCatalog.actions.find(
+              (actionCatalogItem) => actionCatalogItem.key === action
+            );
+            const validSubject = relevantAction.subjects.includes(subject);
+            const validConditions = conditions.every((condition) => {
+              return !!permissionCatalog.conditions.find(
+                (conditionCatalogItem) => conditionCatalogItem.key === condition
+              );
+            });
+
+            return validSubject && validConditions;
+          })
+          .map((permission) => ({
+            ...permission,
+            roleId: role.id,
+          }));
+
+        await Permission.query().insert(sanitizedPermissions);
+      }
+
+      await role.$query(trx).patch({
+        name,
+        description,
+      });
+
+      return await Role.query(trx)
+        .leftJoinRelated({
+          permissions: true,
+        })
+        .withGraphFetched({
+          permissions: true,
+        })
+        .findById(id);
+    });
+
+    return updatedRole;
+  } catch (err) {
+    throw new Error('The role could not be updated!');
+  }
+};
+
+export default updateRole;

packages/backend/src/graphql/mutations/verify-connection.js

@@ -0,0 +1,29 @@
+import App from '../../models/app.js';
+import globalVariable from '../../helpers/global-variable.js';
+
+const verifyConnection = async (_parent, params, context) => {
+  context.currentUser.can('create', 'Connection');
+
+  let connection = await context.currentUser
+    .$relatedQuery('connections')
+    .findOne({
+      id: params.input.id,
+    })
+    .throwIfNotFound();
+
+  const app = await App.findOneByKey(connection.key);
+  const $ = await globalVariable({ connection, app });
+  await app.auth.verifyCredentials($);
+
+  connection = await connection.$query().patchAndFetch({
+    verified: true,
+    draft: false,
+  });
+
+  return {
+    ...connection,
+    app,
+  };
+};
+
+export default verifyConnection;

packages/backend/src/graphql/resolvers.js

@@ -0,0 +1,7 @@
+import mutationResolvers from './mutation-resolvers.js';
+
+const resolvers = {
+  Mutation: mutationResolvers,
+};
+
+export default resolvers;

packages/backend/src/graphql/schema.graphql

@@ -0,0 +1,382 @@
+type Query {
+  placeholderQuery(name: String): Boolean
+}
+type Mutation {
+  createConnection(input: CreateConnectionInput): Connection
+  executeFlow(input: ExecuteFlowInput): executeFlowType
+  generateAuthUrl(input: GenerateAuthUrlInput): AuthLink
+  resetConnection(input: ResetConnectionInput): Connection
+  updateConnection(input: UpdateConnectionInput): Connection
+  updateCurrentUser(input: UpdateCurrentUserInput): User
+  verifyConnection(input: VerifyConnectionInput): Connection
+}
+
+"""
+Exposes a URL that specifies the behaviour of this scalar.
+"""
+directive @specifiedBy(
+  """
+  The URL that specifies the behaviour of this scalar.
+  """
+  url: String!
+) on SCALAR
+
+type Trigger {
+  name: String
+  key: String
+  description: String
+  showWebhookUrl: Boolean
+  pollInterval: Int
+  type: String
+  substeps: [Substep]
+}
+
+type Action {
+  name: String
+  key: String
+  description: String
+  substeps: [Substep]
+}
+
+type Substep {
+  key: String
+  name: String
+  arguments: [SubstepArgument]
+}
+
+type SubstepArgument {
+  label: String
+  key: String
+  type: String
+  description: String
+  required: Boolean
+  variables: Boolean
+  options: [SubstepArgumentOption]
+  source: SubstepArgumentSource
+  additionalFields: SubstepArgumentAdditionalFields
+  dependsOn: [String]
+  fields: [SubstepArgument]
+  value: JSONObject
+}
+
+type SubstepArgumentOption {
+  label: String
+  value: JSONObject
+}
+
+type SubstepArgumentSource {
+  type: String
+  name: String
+  arguments: [SubstepArgumentSourceArgument]
+}
+
+type SubstepArgumentSourceArgument {
+  name: String
+  value: String
+}
+
+type SubstepArgumentAdditionalFields {
+  type: String
+  name: String
+  arguments: [SubstepArgumentAdditionalFieldsArgument]
+}
+
+type SubstepArgumentAdditionalFieldsArgument {
+  name: String
+  value: String
+}
+
+type App {
+  name: String
+  key: String
+  connectionCount: Int
+  flowCount: Int
+  iconUrl: String
+  docUrl: String
+  authDocUrl: String
+  primaryColor: String
+  supportsConnections: Boolean
+  auth: AppAuth
+  triggers: [Trigger]
+  actions: [Action]
+  connections: [Connection]
+}
+
+type AppAuth {
+  fields: [Field]
+  authenticationSteps: [AuthenticationStep]
+  sharedAuthenticationSteps: [AuthenticationStep]
+  reconnectionSteps: [ReconnectionStep]
+  sharedReconnectionSteps: [ReconnectionStep]
+}
+
+enum ArgumentEnumType {
+  integer
+  string
+}
+
+type AuthenticationStep {
+  type: String
+  name: String
+  arguments: [AuthenticationStepArgument]
+}
+
+type AuthenticationStepArgument {
+  name: String
+  value: String
+  type: ArgumentEnumType
+  properties: [AuthenticationStepProperty]
+}
+
+type AuthenticationStepProperty {
+  name: String
+  value: String
+}
+
+type AuthLink {
+  url: String
+}
+
+type Connection {
+  id: String
+  key: String
+  reconnectable: Boolean
+  appAuthClientId: String
+  formattedData: ConnectionData
+  verified: Boolean
+  app: App
+  createdAt: String
+  flowCount: Int
+}
+
+type ConnectionData {
+  screenName: String
+}
+
+type executeFlowType {
+  data: JSONObject
+  step: Step
+}
+
+type ExecutionStep {
+  id: String
+  executionId: String
+  stepId: String
+  step: Step
+  status: String
+  dataIn: JSONObject
+  dataOut: JSONObject
+  errorDetails: JSONObject
+  createdAt: String
+  updatedAt: String
+}
+
+type Field {
+  key: String
+  label: String
+  type: String
+  required: Boolean
+  readOnly: Boolean
+  value: String
+  placeholder: String
+  description: String
+  docUrl: String
+  clickToCopy: Boolean
+  options: [SubstepArgumentOption]
+}
+
+enum FlowStatus {
+  paused
+  published
+  draft
+}
+
+type Flow {
+  id: String
+  name: String
+  active: Boolean
+  steps: [Step]
+  createdAt: String
+  updatedAt: String
+  status: FlowStatus
+}
+
+type SamlAuthProvidersRoleMapping {
+  id: String
+  samlAuthProviderId: String
+  roleId: String
+  remoteRoleName: String
+}
+
+input CreateConnectionInput {
+  key: String!
+  appAuthClientId: String
+  formattedData: JSONObject
+}
+
+input GenerateAuthUrlInput {
+  id: String!
+}
+
+input UpdateConnectionInput {
+  id: String!
+  formattedData: JSONObject
+  appAuthClientId: String
+}
+
+input ResetConnectionInput {
+  id: String!
+}
+
+input VerifyConnectionInput {
+  id: String!
+}
+
+input ExecuteFlowInput {
+  stepId: String!
+}
+
+input UserRoleInput {
+  id: String
+}
+
+input UpdateCurrentUserInput {
+  email: String
+  password: String
+  fullName: String
+}
+
+"""
+The `JSONObject` scalar type represents JSON objects as specified by [ECMA-404](http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-404.pdf).
+"""
+scalar JSONObject
+
+input PreviousStepInput {
+  id: String
+}
+
+type ReconnectionStep {
+  type: String
+  name: String
+  arguments: [ReconnectionStepArgument]
+}
+
+type ReconnectionStepArgument {
+  name: String
+  value: String
+  type: ArgumentEnumType
+  properties: [ReconnectionStepProperty]
+}
+
+type ReconnectionStepProperty {
+  name: String
+  value: String
+}
+
+type Step {
+  id: String
+  previousStepId: String
+  key: String
+  appKey: String
+  iconUrl: String
+  webhookUrl: String
+  type: StepEnumType
+  parameters: JSONObject
+  connection: Connection
+  flow: Flow
+  position: Int
+  status: String
+  executionSteps: [ExecutionStep]
+}
+
+input StepConnectionInput {
+  id: String
+}
+
+enum StepEnumType {
+  trigger
+  action
+}
+
+input StepFlowInput {
+  id: String
+}
+
+input StepInput {
+  id: String
+  previousStepId: String
+  key: String
+  appKey: String
+  connection: StepConnectionInput
+  flow: StepFlowInput
+  parameters: JSONObject
+  previousStep: PreviousStepInput
+}
+
+type User {
+  id: String
+  fullName: String
+  email: String
+  role: Role
+  permissions: [Permission]
+  createdAt: String
+  updatedAt: String
+}
+
+type Role {
+  id: String
+  name: String
+  key: String
+  description: String
+  isAdmin: Boolean
+  permissions: [Permission]
+}
+
+type PageInfo {
+  currentPage: Int!
+  totalPages: Int!
+}
+
+type ExecutionStepEdge {
+  node: ExecutionStep
+}
+
+type ExecutionStepConnection {
+  edges: [ExecutionStepEdge]
+  pageInfo: PageInfo
+}
+
+type License {
+  id: String
+  name: String
+  expireAt: String
+  verified: Boolean
+}
+
+type Permission {
+  id: String
+  action: String
+  subject: String
+  conditions: [String]
+}
+
+type Action {
+  label: String
+  key: String
+  subjects: [String]
+}
+
+type Condition {
+  key: String
+  label: String
+}
+
+type Subject {
+  label: String
+  key: String
+}
+
+schema {
+  query: Query
+  mutation: Mutation
+}

packages/backend/src/helpers/add-authentication-steps.js

@@ -27,7 +27,12 @@ const authenticationStepsWithoutAuthUrl = [
   {
     type: 'mutation',
     name: 'verifyConnection',
-    arguments: [],
+    arguments: [
+      {
+        name: 'id',
+        value: '{createConnection.id}',
+      },
+    ],
   },
 ];
 
@@ -49,7 +54,12 @@ const authenticationStepsWithAuthUrl = [
   {
     type: 'mutation',
     name: 'generateAuthUrl',
-    arguments: [],
+    arguments: [
+      {
+        name: 'id',
+        value: '{createConnection.id}',
+      },
+    ],
   },
   {
     type: 'openWithPopup',
@@ -65,6 +75,10 @@ const authenticationStepsWithAuthUrl = [
     type: 'mutation',
     name: 'updateConnection',
     arguments: [
+      {
+        name: 'id',
+        value: '{createConnection.id}',
+      },
       {
         name: 'formattedData',
         value: '{openAuthPopup.all}',
@@ -74,7 +88,12 @@ const authenticationStepsWithAuthUrl = [
   {
     type: 'mutation',
     name: 'verifyConnection',
-    arguments: [],
+    arguments: [
+      {
+        name: 'id',
+        value: '{createConnection.id}',
+      },
+    ],
   },
 ];
 
@@ -96,7 +115,12 @@ const sharedAuthenticationStepsWithAuthUrl = [
   {
     type: 'mutation',
     name: 'generateAuthUrl',
-    arguments: [],
+    arguments: [
+      {
+        name: 'id',
+        value: '{createConnection.id}',
+      },
+    ],
   },
   {
     type: 'openWithPopup',
@@ -112,6 +136,10 @@ const sharedAuthenticationStepsWithAuthUrl = [
     type: 'mutation',
     name: 'updateConnection',
     arguments: [
+      {
+        name: 'id',
+        value: '{createConnection.id}',
+      },
       {
         name: 'formattedData',
         value: '{openAuthPopup.all}',
@@ -121,7 +149,12 @@ const sharedAuthenticationStepsWithAuthUrl = [
   {
     type: 'mutation',
     name: 'verifyConnection',
-    arguments: [],
+    arguments: [
+      {
+        name: 'id',
+        value: '{createConnection.id}',
+      },
+    ],
   },
 ];
 

packages/backend/src/helpers/add-reconnection-steps.js

@@ -1,23 +1,54 @@
 import cloneDeep from 'lodash/cloneDeep.js';
 
+const connectionIdArgument = {
+  name: 'id',
+  value: '{connection.id}',
+};
+
 const resetConnectionStep = {
   type: 'mutation',
   name: 'resetConnection',
-  arguments: [],
+  arguments: [connectionIdArgument],
 };
 
+function replaceCreateConnection(string) {
+  return string.replace('{createConnection.id}', '{connection.id}');
+}
+
 function removeAppKeyArgument(args) {
   return args.filter((argument) => argument.name !== 'key');
 }
 
+function addConnectionId(step) {
+  step.arguments = step.arguments.map((argument) => {
+    if (typeof argument.value === 'string') {
+      argument.value = replaceCreateConnection(argument.value);
+    }
+
+    if (argument.properties) {
+      argument.properties = argument.properties.map((property) => {
+        return {
+          name: property.name,
+          value: replaceCreateConnection(property.value),
+        };
+      });
+    }
+
+    return argument;
+  });
+
+  return step;
+}
+
 function replaceCreateConnectionsWithUpdate(steps) {
   const updatedSteps = cloneDeep(steps);
   return updatedSteps.map((step) => {
-    const updatedStep = { ...step };
+    const updatedStep = addConnectionId(step);
 
     if (step.name === 'createConnection') {
       updatedStep.name = 'updateConnection';
       updatedStep.arguments = removeAppKeyArgument(updatedStep.arguments);
+      updatedStep.arguments.unshift(connectionIdArgument);
 
       return updatedStep;
     }

packages/backend/src/helpers/authentication.js

@@ -1,7 +1,8 @@
+import { rule, shield } from 'graphql-shield';
 import User from '../models/user.js';
 import AccessToken from '../models/access-token.js';
 
-export const isAuthenticated = async (req) => {
+export const isAuthenticated = async (_parent, _args, req) => {
   const token = req.headers['authorization'];
 
   if (token == null) return false;
@@ -40,9 +41,25 @@ export const isAuthenticated = async (req) => {
 };
 
 export const authenticateUser = async (request, response, next) => {
-  if (await isAuthenticated(request)) {
+  if (await isAuthenticated(null, null, request)) {
     next();
   } else {
     return response.status(401).end();
   }
 };
+
+const isAuthenticatedRule = rule()(isAuthenticated);
+
+export const authenticationRules = {
+  Mutation: {
+    '*': isAuthenticatedRule,
+  },
+};
+
+const authenticationOptions = {
+  allowExternalErrors: true,
+};
+
+const authentication = shield(authenticationRules, authenticationOptions);
+
+export default authentication;

packages/backend/src/helpers/authentication.test.js

@@ -1,17 +1,18 @@
 import { describe, it, expect } from 'vitest';
-import { isAuthenticated } from './authentication.js';
+import { allow } from 'graphql-shield';
+import { isAuthenticated, authenticationRules } from './authentication.js';
 import { createUser } from '../../test/factories/user.js';
 import createAuthTokenByUserId from '../helpers/create-auth-token-by-user-id.js';
 
 describe('isAuthenticated', () => {
   it('should return false if no token is provided', async () => {
     const req = { headers: {} };
-    expect(await isAuthenticated(req)).toBe(false);
+    expect(await isAuthenticated(null, null, req)).toBe(false);
   });
 
   it('should return false if token is invalid', async () => {
     const req = { headers: { authorization: 'invalidToken' } };
-    expect(await isAuthenticated(req)).toBe(false);
+    expect(await isAuthenticated(null, null, req)).toBe(false);
   });
 
   it('should return true if token is valid and there is a user', async () => {
@@ -19,7 +20,7 @@ describe('isAuthenticated', () => {
     const token = await createAuthTokenByUserId(user.id);
 
     const req = { headers: { authorization: token } };
-    expect(await isAuthenticated(req)).toBe(true);
+    expect(await isAuthenticated(null, null, req)).toBe(true);
   });
 
   it('should return false if token is valid and but there is no user', async () => {
@@ -28,6 +29,46 @@ describe('isAuthenticated', () => {
     await user.$query().delete();
 
     const req = { headers: { authorization: token } };
-    expect(await isAuthenticated(req)).toBe(false);
+    expect(await isAuthenticated(null, null, req)).toBe(false);
+  });
+});
+
+describe('authentication rules', () => {
+  const getQueryAndMutationNames = (rules) => {
+    const queries = Object.keys(rules.Query || {});
+    const mutations = Object.keys(rules.Mutation || {});
+    return { queries, mutations };
+  };
+
+  const { queries, mutations } = getQueryAndMutationNames(authenticationRules);
+
+  if (queries.length) {
+    describe('for queries', () => {
+      queries.forEach((query) => {
+        it(`should apply correct rule for query: ${query}`, () => {
+          const ruleApplied = authenticationRules.Query[query];
+
+          if (query === '*') {
+            expect(ruleApplied.func).toBe(isAuthenticated);
+          } else {
+            expect(ruleApplied).toEqual(allow);
+          }
+        });
+      });
+    });
+  }
+
+  describe('for mutations', () => {
+    mutations.forEach((mutation) => {
+      it(`should apply correct rule for mutation: ${mutation}`, () => {
+        const ruleApplied = authenticationRules.Mutation[mutation];
+
+        if (mutation === '*') {
+          expect(ruleApplied.func).toBe(isAuthenticated);
+        } else {
+          expect(ruleApplied).toBe(allow);
+        }
+      });
+    });
   });
 });

packages/backend/src/helpers/error-handler.js

@@ -50,7 +50,7 @@ const errorHandler = (error, request, response, next) => {
       },
     };
 
-    response.status(422).json(httpErrorPayload);
+    response.status(200).json(httpErrorPayload);
   }
 
   if (error instanceof NotAuthorizedError) {

packages/backend/src/helpers/graphql-instance.js

@@ -0,0 +1,53 @@
+import path, { join } from 'path';
+import { fileURLToPath } from 'url';
+import { graphqlHTTP } from 'express-graphql';
+import { loadSchemaSync } from '@graphql-tools/load';
+import { GraphQLFileLoader } from '@graphql-tools/graphql-file-loader';
+import { addResolversToSchema } from '@graphql-tools/schema';
+import { applyMiddleware } from 'graphql-middleware';
+
+import appConfig from '../config/app.js';
+import logger from './logger.js';
+import authentication from './authentication.js';
+import * as Sentry from './sentry.ee.js';
+import resolvers from '../graphql/resolvers.js';
+import HttpError from '../errors/http.js';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+
+const schema = loadSchemaSync(join(__dirname, '../graphql/schema.graphql'), {
+  loaders: [new GraphQLFileLoader()],
+});
+
+const schemaWithResolvers = addResolversToSchema({
+  schema,
+  resolvers,
+});
+
+const graphQLInstance = graphqlHTTP({
+  schema: applyMiddleware(
+    schemaWithResolvers,
+    authentication.generate(schemaWithResolvers)
+  ),
+  graphiql: appConfig.isDev,
+  customFormatErrorFn: (error) => {
+    logger.error(error.path + ' : ' + error.message + '\n' + error.stack);
+
+    if (error.originalError instanceof HttpError) {
+      delete error.originalError.response;
+    }
+
+    Sentry.captureException(error, {
+      tags: { graphql: true },
+      extra: {
+        source: error.source?.body,
+        positions: error.positions,
+        path: error.path,
+      },
+    });
+
+    return error;
+  },
+});
+
+export default graphQLInstance;

packages/backend/src/helpers/morgan.js

@@ -6,8 +6,18 @@ const stream = {
     logger.http(message.substring(0, message.lastIndexOf('\n'))),
 };
 
+const registerGraphQLToken = () => {
+  morgan.token('graphql-query', (req) => {
+    if (req.body.query) {
+      return `\n GraphQL ${req.body.query}`;
+    }
+  });
+};
+
+registerGraphQLToken();
+
 const morganMiddleware = morgan(
-  ':method :url :status :res[content-length] - :response-time ms',
+  ':method :url :status :res[content-length] - :response-time ms :graphql-query',
   { stream }
 );
 

packages/backend/src/helpers/sentry.ee.js

@@ -17,6 +17,7 @@ export function init(app) {
     integrations: [
       app && new Sentry.Integrations.Http({ tracing: true }),
       app && new Tracing.Integrations.Express({ app }),
+      app && new Tracing.Integrations.GraphQL(),
     ].filter(Boolean),
     tracesSampleRate: 1.0,
   });

packages/backend/src/models/__snapshots__/access-token.test.js.snap

@@ -1,41 +0,0 @@
-// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
-
-exports[`AccessToken model > jsonSchema should have correct validations 1`] = `
-{
-  "properties": {
-    "expiresIn": {
-      "type": "integer",
-    },
-    "id": {
-      "format": "uuid",
-      "type": "string",
-    },
-    "revokedAt": {
-      "format": "date-time",
-      "type": [
-        "string",
-        "null",
-      ],
-    },
-    "samlSessionId": {
-      "type": [
-        "string",
-        "null",
-      ],
-    },
-    "token": {
-      "minLength": 32,
-      "type": "string",
-    },
-    "userId": {
-      "format": "uuid",
-      "type": "string",
-    },
-  },
-  "required": [
-    "token",
-    "expiresIn",
-  ],
-  "type": "object",
-}
-`;

packages/backend/src/models/__snapshots__/app-auth-client.test.js.snap

@@ -1,39 +0,0 @@
-// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
-
-exports[`AppAuthClient model > jsonSchema should have correct validations 1`] = `
-{
-  "properties": {
-    "active": {
-      "type": "boolean",
-    },
-    "appKey": {
-      "type": "string",
-    },
-    "authDefaults": {
-      "type": [
-        "string",
-        "null",
-      ],
-    },
-    "createdAt": {
-      "type": "string",
-    },
-    "formattedAuthDefaults": {
-      "type": "object",
-    },
-    "id": {
-      "format": "uuid",
-      "type": "string",
-    },
-    "updatedAt": {
-      "type": "string",
-    },
-  },
-  "required": [
-    "name",
-    "appKey",
-    "formattedAuthDefaults",
-  ],
-  "type": "object",
-}
-`;

packages/backend/src/models/__snapshots__/app.test.js.snap

@@ -1,73 +0,0 @@
-// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
-
-exports[`App model > list should have list of applications keys 1`] = `
-[
-  "airtable",
-  "appwrite",
-  "azure-openai",
-  "carbone",
-  "clickup",
-  "code",
-  "cryptography",
-  "datastore",
-  "deepl",
-  "delay",
-  "discord",
-  "disqus",
-  "dropbox",
-  "filter",
-  "flickr",
-  "flowers-software",
-  "formatter",
-  "ghost",
-  "github",
-  "gitlab",
-  "google-calendar",
-  "google-drive",
-  "google-forms",
-  "google-sheets",
-  "google-tasks",
-  "helix",
-  "http-request",
-  "hubspot",
-  "invoice-ninja",
-  "jotform",
-  "mailchimp",
-  "mailerlite",
-  "mattermost",
-  "miro",
-  "notion",
-  "ntfy",
-  "odoo",
-  "openai",
-  "pipedrive",
-  "placetel",
-  "postgresql",
-  "pushover",
-  "reddit",
-  "removebg",
-  "rss",
-  "salesforce",
-  "scheduler",
-  "self-hosted-llm",
-  "signalwire",
-  "slack",
-  "smtp",
-  "spotify",
-  "strava",
-  "stripe",
-  "telegram-bot",
-  "todoist",
-  "trello",
-  "twilio",
-  "twitter",
-  "typeform",
-  "vtiger-crm",
-  "webhook",
-  "wordpress",
-  "xero",
-  "you-need-a-budget",
-  "youtube",
-  "zendesk",
-]
-`;