feat(dropbox): add new files in folder trigger

feat: Implement async handler for routes

.devcontainer/devcontainer.json

@@ -8,7 +8,7 @@
       "version": "latest"
     },
     "ghcr.io/devcontainers/features/node:1": {
-      "version": 16
+      "version": 18
     },
     "ghcr.io/devcontainers/features/common-utils:1": {
       "username": "vscode",

.github/workflows/ci.yml

@@ -83,20 +83,3 @@ jobs:
         env:
           CI: false
       - run: echo "🍏 This job's status is ${{ job.status }}."
-  build-cli:
-    runs-on: ubuntu-latest
-    steps:
-      - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
-      - run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!"
-      - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
-        with:
-          node-version: '18'
-          cache: 'yarn'
-          cache-dependency-path: yarn.lock
-      - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
-      - run: echo "🖥️ The workflow is now ready to test your code on the runner."
-      - run: yarn --frozen-lockfile && yarn lerna bootstrap
-      - run: cd packages/cli && yarn build
-      - run: echo "🍏 This job's status is ${{ job.status }}."

package.json

@@ -6,8 +6,7 @@
     "start": "lerna run --stream --parallel --scope=@*/{web,backend} dev",
     "start:web": "lerna run --stream --scope=@*/web dev",
     "start:backend": "lerna run --stream --scope=@*/backend dev",
-    "lint": "lerna run --no-bail --stream --parallel --scope=@*/{web,backend,cli} lint",
+    "lint": "lerna run --no-bail --stream --parallel --scope=@*/{web,backend} lint",
-    "build:watch": "lerna run --no-bail --stream --parallel --scope=@*/{web,backend,cli} build:watch",
     "build:docs": "cd ./packages/docs && yarn install && yarn build"
   },
   "workspaces": {
@@ -18,7 +17,6 @@
       "**/babel-loader",
       "**/webpack",
       "**/@automatisch/web",
-      "**/@automatisch/types",
       "**/ajv"
     ]
   },

packages/backend/bin/database/seed-user.js

@@ -1,3 +1,3 @@
 import { createUser } from './utils.js';
 
-await createUser();
+createUser();

packages/backend/package.json

@@ -33,19 +33,18 @@
     "axios": "1.6.0",
     "bcrypt": "^5.0.1",
     "bullmq": "^3.0.0",
-    "copyfiles": "^2.4.1",
     "cors": "^2.8.5",
     "crypto-js": "^4.1.1",
     "debug": "~2.6.9",
     "dotenv": "^10.0.0",
     "express": "~4.18.2",
+    "express-async-handler": "^1.2.0",
     "express-basic-auth": "^1.2.1",
     "express-graphql": "^0.12.0",
     "fast-xml-parser": "^4.0.11",
     "graphql-middleware": "^6.1.15",
     "graphql-shield": "^7.5.0",
     "graphql-tools": "^8.2.0",
-    "graphql-type-json": "^0.3.2",
     "handlebars": "^4.7.7",
     "http-errors": "~1.6.3",
     "http-proxy-agent": "^7.0.0",
@@ -68,7 +67,6 @@
     "pluralize": "^8.0.0",
     "raw-body": "^2.5.2",
     "showdown": "^2.1.0",
-    "stripe": "^11.13.0",
     "winston": "^3.7.1",
     "xmlrpc": "^1.3.2"
   },
@@ -97,6 +95,7 @@
     "url": "https://github.com/automatisch/automatisch/issues"
   },
   "devDependencies": {
+    "@typescript-eslint/utils": "^7.0.2",
     "nodemon": "^2.0.13",
     "supertest": "^6.3.3",
     "vitest": "^1.1.3"

packages/backend/src/apps/dropbox/actions/create-text-file/index.js

@@ -0,0 +1,82 @@
+import path from 'node:path';
+import defineAction from '../../../../helpers/define-action.js';
+
+export default defineAction({
+  name: 'Create a text file',
+  key: 'createTextFile',
+  description: 'Create a new text file from plain text content you specify.',
+  arguments: [
+    {
+      label: 'Folder',
+      key: 'parentFolder',
+      type: 'string',
+      required: true,
+      description:
+        'Enter the folder path that file will be saved, like /TextFiles/ or /Documents/Taxes/',
+      variables: true,
+    },
+    {
+      label: 'Folder Name',
+      key: 'folderName',
+      type: 'string',
+      required: true,
+      description:
+        "Enter the name for the new file. The file extension will be '.txt'.",
+      variables: true,
+    },
+    {
+      label: 'File Content',
+      key: 'fileContent',
+      type: 'string',
+      required: true,
+      description: 'Plain text content to insert into the new text file.',
+      variables: true,
+    },
+    {
+      label: 'Overwrite',
+      key: 'overwrite',
+      type: 'dropdown',
+      required: true,
+      description:
+        'Overwrite this file (if one of the same name exists) or not.',
+      variables: true,
+      options: [
+        { label: 'False', value: false },
+        { label: 'True', value: true },
+      ],
+    },
+  ],
+
+  async run($) {
+    const fileContent = $.step.parameters.fileContent;
+    const overwrite = $.step.parameters.overwrite;
+    const parentFolder = $.step.parameters.parentFolder;
+    const folderName = $.step.parameters.folderName;
+    const folderPath = path.join(parentFolder, folderName);
+
+    const headers = {
+      Authorization: `Bearer ${$.auth.data.accessToken}`,
+      'Content-Type': 'application/octet-stream',
+      'Dropbox-API-Arg': JSON.stringify({
+        autorename: false,
+        mode: overwrite ? 'overwrite' : 'add',
+        mute: false,
+        path: `${folderPath}.txt`,
+        strict_conflict: false,
+      }),
+    };
+
+    const response = await $.http.post(
+      'https://content.dropboxapi.com/2/files/upload',
+      fileContent,
+      {
+        headers,
+        additionalProperties: {
+          skipAddingAuthHeader: true,
+        },
+      }
+    );
+
+    $.setActionItem({ raw: response.data });
+  },
+});

packages/backend/src/apps/dropbox/actions/index.js

@@ -1,4 +1,5 @@
 import createFolder from './create-folder/index.js';
+import createTextFile from './create-text-file/index.js';
 import renameFile from './rename-file/index.js';
 
-export default [createFolder, renameFile];
+export default [createFolder, createTextFile, renameFile];

packages/backend/src/apps/dropbox/common/add-auth-header.js

@@ -1,10 +1,10 @@
 const addAuthHeader = ($, requestConfig) => {
-  requestConfig.headers['Content-Type'] = 'application/json';
-
   if (
     !requestConfig.additionalProperties?.skipAddingAuthHeader &&
     $.auth.data?.accessToken
   ) {
+    requestConfig.headers['Content-Type'] = 'application/json';
+
     requestConfig.headers.Authorization = `Bearer ${$.auth.data.accessToken}`;
   }
 

packages/backend/src/apps/dropbox/index.js

@@ -2,6 +2,7 @@ import defineApp from '../../helpers/define-app.js';
 import addAuthHeader from './common/add-auth-header.js';
 import auth from './auth/index.js';
 import actions from './actions/index.js';
+import triggers from './triggers/index.js';
 
 export default defineApp({
   name: 'Dropbox',
@@ -15,4 +16,5 @@ export default defineApp({
   beforeRequest: [addAuthHeader],
   auth,
   actions,
+  triggers,
 });

packages/backend/src/apps/dropbox/triggers/index.js

@@ -0,0 +1,4 @@
+import newFilesInFolder from './new-files-in-folder/index.js';
+import newFolders from './new-folders/index.js';
+
+export default [newFilesInFolder, newFolders];

packages/backend/src/apps/dropbox/triggers/new-files-in-folder/index.js

@@ -0,0 +1,74 @@
+import defineTrigger from '../../../../helpers/define-trigger.js';
+
+export default defineTrigger({
+  name: 'New files in folder',
+  key: 'newFilesInFolder',
+  pollInterval: 15,
+  description:
+    'Triggers when a new file is added to a folder. Ensure that the number of files/folders within the monitored directory remains below 4000.',
+  arguments: [
+    {
+      label: 'Folder',
+      key: 'folderPath',
+      type: 'string',
+      required: true,
+      description:
+        'Enter the folder path that you want to follow, like /TextFiles or /Documents/Taxes.',
+      variables: true,
+    },
+    {
+      label: 'Include File Contents?',
+      key: 'includeFileContents',
+      type: 'dropdown',
+      required: true,
+      description:
+        'Please be advised that files exceeding 100MB in size may result in an error. To prevent errors and exclude file contents, set this option to NO.',
+      variables: true,
+      options: [
+        { label: 'No', value: false },
+        { label: 'Yes', value: true },
+      ],
+    },
+  ],
+
+  async run($) {
+    const folderPath = $.step.parameters.folderPath;
+    let endpoint = '/2/files/list_folder';
+    let next = false;
+
+    const params = {
+      path: folderPath,
+      recursive: false,
+      include_deleted: false,
+      include_has_explicit_shared_members: false,
+      include_mounted_folders: false,
+      limit: 2000,
+      include_non_downloadable_files: true,
+    };
+
+    do {
+      const { data } = await $.http.post(endpoint, params);
+
+      if (data.has_more) {
+        endpoint += '/continue';
+        params.cursor = data.cursor;
+        next = data.has_more;
+      } else {
+        next = false;
+      }
+
+      if (data.entries?.length) {
+        for (const entry of data.entries.reverse()) {
+          if (entry['.tag'] === 'file') {
+            $.pushTriggerItem({
+              raw: entry,
+              meta: {
+                internalId: entry.id,
+              },
+            });
+          }
+        }
+      }
+    } while (next);
+  },
+});

packages/backend/src/apps/dropbox/triggers/new-folders/index.js

@@ -0,0 +1,61 @@
+import defineTrigger from '../../../../helpers/define-trigger.js';
+
+export default defineTrigger({
+  name: 'New folders',
+  key: 'newFolders',
+  pollInterval: 15,
+  description:
+    'Triggers when any new folder is added. Ensure that the number of files/folders within the monitored directory remains below 4000.',
+  arguments: [
+    {
+      label: 'Folder',
+      key: 'folderPath',
+      type: 'string',
+      required: true,
+      description:
+        'Enter the folder path that you want to follow, like /TextFiles or /Documents/Taxes.',
+      variables: true,
+    },
+  ],
+
+  async run($) {
+    const folderPath = $.step.parameters.folderPath;
+    let endpoint = '/2/files/list_folder';
+    let next = false;
+
+    const params = {
+      path: folderPath,
+      recursive: false,
+      include_deleted: false,
+      include_has_explicit_shared_members: false,
+      include_mounted_folders: true,
+      limit: 2000,
+      include_non_downloadable_files: true,
+    };
+
+    do {
+      const { data } = await $.http.post(endpoint, params);
+
+      if (data.has_more) {
+        endpoint += '/continue';
+        params.cursor = data.cursor;
+        next = data.has_more;
+      } else {
+        next = false;
+      }
+
+      if (data.entries?.length) {
+        for (const entry of data.entries.reverse()) {
+          if (entry['.tag'] === 'folder') {
+            $.pushTriggerItem({
+              raw: entry,
+              meta: {
+                internalId: entry.id,
+              },
+            });
+          }
+        }
+      }
+    } while (next);
+  },
+});

packages/backend/src/apps/formatter/actions/text/index.js

@@ -1,5 +1,6 @@
 import defineAction from '../../../../helpers/define-action.js';
 
+import base64ToString from './transformers/base64-to-string.js';
 import capitalize from './transformers/capitalize.js';
 import extractEmailAddress from './transformers/extract-email-address.js';
 import extractNumber from './transformers/extract-number.js';
@@ -8,10 +9,12 @@ import lowercase from './transformers/lowercase.js';
 import markdownToHtml from './transformers/markdown-to-html.js';
 import pluralize from './transformers/pluralize.js';
 import replace from './transformers/replace.js';
+import stringToBase64 from './transformers/string-to-base64.js';
 import trimWhitespace from './transformers/trim-whitespace.js';
 import useDefaultValue from './transformers/use-default-value.js';
 
 const transformers = {
+  base64ToString,
   capitalize,
   extractEmailAddress,
   extractNumber,
@@ -20,6 +23,7 @@ const transformers = {
   markdownToHtml,
   pluralize,
   replace,
+  stringToBase64,
   trimWhitespace,
   useDefaultValue,
 };
@@ -37,6 +41,7 @@ export default defineAction({
       required: true,
       variables: true,
       options: [
+        { label: 'Base64 to String', value: 'base64ToString' },
         { label: 'Capitalize', value: 'capitalize' },
         { label: 'Convert HTML to Markdown', value: 'htmlToMarkdown' },
         { label: 'Convert Markdown to HTML', value: 'markdownToHtml' },
@@ -45,6 +50,7 @@ export default defineAction({
         { label: 'Lowercase', value: 'lowercase' },
         { label: 'Pluralize', value: 'pluralize' },
         { label: 'Replace', value: 'replace' },
+        { label: 'String to Base64', value: 'stringToBase64' },
         { label: 'Trim Whitespace', value: 'trimWhitespace' },
         { label: 'Use Default Value', value: 'useDefaultValue' },
       ],

packages/backend/src/apps/formatter/actions/text/transformers/base64-to-string.js

@@ -0,0 +1,8 @@
+const base64ToString = ($) => {
+  const input = $.step.parameters.input;
+  const decodedString = Buffer.from(input, 'base64').toString('utf8');
+
+  return decodedString;
+};
+
+export default base64ToString;

packages/backend/src/apps/formatter/actions/text/transformers/string-to-base64.js

@@ -0,0 +1,8 @@
+const stringtoBase64 = ($) => {
+  const input = $.step.parameters.input;
+  const base64String = Buffer.from(input).toString('base64');
+
+  return base64String;
+};
+
+export default stringtoBase64;

packages/backend/src/apps/formatter/dynamic-fields/list-transform-options/index.js

@@ -1,3 +1,4 @@
+import base64ToString from './text/base64-to-string.js';
 import capitalize from './text/capitalize.js';
 import extractEmailAddress from './text/extract-email-address.js';
 import extractNumber from './text/extract-number.js';
@@ -6,6 +7,7 @@ import lowercase from './text/lowercase.js';
 import markdownToHtml from './text/markdown-to-html.js';
 import pluralize from './text/pluralize.js';
 import replace from './text/replace.js';
+import stringToBase64 from './text/string-to-base64.js';
 import trimWhitespace from './text/trim-whitespace.js';
 import useDefaultValue from './text/use-default-value.js';
 import performMathOperation from './numbers/perform-math-operation.js';
@@ -15,6 +17,7 @@ import formatPhoneNumber from './numbers/format-phone-number.js';
 import formatDateTime from './date-time/format-date-time.js';
 
 const options = {
+  base64ToString,
   capitalize,
   extractEmailAddress,
   extractNumber,
@@ -23,6 +26,7 @@ const options = {
   markdownToHtml,
   pluralize,
   replace,
+  stringToBase64,
   trimWhitespace,
   useDefaultValue,
   performMathOperation,

packages/backend/src/apps/formatter/dynamic-fields/list-transform-options/text/base64-to-string.js

@@ -0,0 +1,12 @@
+const base64ToString = [
+  {
+    label: 'Input',
+    key: 'input',
+    type: 'string',
+    required: true,
+    description: 'Text that will be converted from Base64 to string.',
+    variables: true,
+  },
+];
+
+export default base64ToString;

packages/backend/src/apps/formatter/dynamic-fields/list-transform-options/text/string-to-base64.js

@@ -0,0 +1,12 @@
+const stringToBase64 = [
+  {
+    label: 'Input',
+    key: 'input',
+    type: 'string',
+    required: true,
+    description: 'Text that will be converted to Base64.',
+    variables: true,
+  },
+];
+
+export default stringToBase64;

packages/backend/src/config/app.js

@@ -18,7 +18,9 @@ const port = process.env.PORT || '3000';
 const serveWebAppSeparately =
   process.env.SERVE_WEB_APP_SEPARATELY === 'true' ? true : false;
 
-let apiUrl = new URL(`${protocol}://${host}:${port}`).toString();
+let apiUrl = new URL(
+  process.env.API_URL || `${protocol}://${host}:${port}`
+).toString();
 apiUrl = apiUrl.substring(0, apiUrl.length - 1);
 
 // use apiUrl by default, which has less priority over the following cases
@@ -88,6 +90,10 @@ const appConfig = {
   licenseKey: process.env.LICENSE_KEY,
   sentryDsn: process.env.SENTRY_DSN,
   CI: process.env.CI === 'true',
+  disableNotificationsPage: process.env.DISABLE_NOTIFICATIONS_PAGE === 'true',
+  disableFavicon: process.env.DISABLE_FAVICON === 'true',
+  additionalDrawerLink: process.env.ADDITIONAL_DRAWER_LINK,
+  additionalDrawerLinkText: process.env.ADDITIONAL_DRAWER_LINK_TEXT,
 };
 
 if (!appConfig.encryptionKey) {

packages/backend/src/controllers/api/v1/admin/app-auth-clients/get-app-auth-client.js

@@ -0,0 +1,10 @@
+import { renderObject } from '../../../../../helpers/renderer.js';
+import AppAuthClient from '../../../../../models/app-auth-client.js';
+
+export default async (request, response) => {
+  const appAuthClient = await AppAuthClient.query()
+    .findById(request.params.appAuthClientId)
+    .throwIfNotFound();
+
+  renderObject(response, appAuthClient);
+};

packages/backend/src/controllers/api/v1/admin/app-auth-clients/get-app-auth-client.test.js

@@ -0,0 +1,35 @@
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../../app.js';
+import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id.js';
+import { createUser } from '../../../../../../test/factories/user.js';
+import getAdminAppAuthClientMock from '../../../../../../test/mocks/rest/api/v1/admin/get-app-auth-client.js';
+import { createAppAuthClient } from '../../../../../../test/factories/app-auth-client.js';
+import { createRole } from '../../../../../../test/factories/role.js';
+import * as license from '../../../../../helpers/license.ee.js';
+
+describe('GET /api/v1/admin/app-auth-clients/:appAuthClientId', () => {
+  let currentUser, currentUserRole, currentAppAuthClient, token;
+
+  describe('with valid license key', () => {
+    beforeEach(async () => {
+      vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+      currentUserRole = await createRole({ key: 'admin' });
+      currentUser = await createUser({ roleId: currentUserRole.id });
+      currentAppAuthClient = await createAppAuthClient();
+
+      token = createAuthTokenByUserId(currentUser.id);
+    });
+
+    it('should return specified app auth client info', async () => {
+      const response = await request(app)
+        .get(`/api/v1/admin/app-auth-clients/${currentAppAuthClient.id}`)
+        .set('Authorization', token)
+        .expect(200);
+
+      const expectedPayload = getAdminAppAuthClientMock(currentAppAuthClient);
+      expect(response.body).toEqual(expectedPayload);
+    });
+  });
+});

packages/backend/src/controllers/api/v1/admin/permissions/get-permissions-catalog.ee.js

@@ -0,0 +1,6 @@
+import { renderObject } from '../../../../../helpers/renderer.js';
+import permissionCatalog from '../../../../../helpers/permission-catalog.ee.js';
+
+export default async (request, response) => {
+  renderObject(response, permissionCatalog);
+};

packages/backend/src/controllers/api/v1/admin/permissions/get-permissions-catalog.ee.test.js

@@ -0,0 +1,32 @@
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../../app.js';
+import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id.js';
+import { createRole } from '../../../../../../test/factories/role.js';
+import { createUser } from '../../../../../../test/factories/user.js';
+import getPermissionsCatalogMock from '../../../../../../test/mocks/rest/api/v1/admin/permissions/get-permissions-catalog.ee.js';
+import * as license from '../../../../../helpers/license.ee.js';
+
+describe('GET /api/v1/admin/permissions/catalog', () => {
+  let role, currentUser, token;
+
+  beforeEach(async () => {
+    role = await createRole({ key: 'admin' });
+    currentUser = await createUser({ roleId: role.id });
+
+    token = createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return roles', async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    const response = await request(app)
+      .get('/api/v1/admin/permissions/catalog')
+      .set('Authorization', token)
+      .expect(200);
+
+    const expectedPayload = await getPermissionsCatalogMock();
+
+    expect(response.body).toEqual(expectedPayload);
+  });
+});

packages/backend/src/controllers/api/v1/admin/roles/get-role.ee.js

@@ -0,0 +1,16 @@
+import { renderObject } from '../../../../../helpers/renderer.js';
+import Role from '../../../../../models/role.js';
+
+export default async (request, response) => {
+  const role = await Role.query()
+    .leftJoinRelated({
+      permissions: true,
+    })
+    .withGraphFetched({
+      permissions: true,
+    })
+    .findById(request.params.roleId)
+    .throwIfNotFound();
+
+  renderObject(response, role);
+};

packages/backend/src/controllers/api/v1/admin/roles/get-role.ee.test.js

@@ -0,0 +1,38 @@
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../../app.js';
+import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id.js';
+import { createRole } from '../../../../../../test/factories/role.js';
+import { createUser } from '../../../../../../test/factories/user.js';
+import { createPermission } from '../../../../../../test/factories/permission.js';
+import getRoleMock from '../../../../../../test/mocks/rest/api/v1/admin/roles/get-role.ee.js';
+import * as license from '../../../../../helpers/license.ee.js';
+
+describe('GET /api/v1/admin/roles/:roleId', () => {
+  let role, currentUser, token, permissionOne, permissionTwo;
+
+  beforeEach(async () => {
+    role = await createRole({ key: 'admin' });
+    permissionOne = await createPermission({ roleId: role.id });
+    permissionTwo = await createPermission({ roleId: role.id });
+    currentUser = await createUser({ roleId: role.id });
+
+    token = createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return roles', async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    const response = await request(app)
+      .get(`/api/v1/admin/roles/${role.id}`)
+      .set('Authorization', token)
+      .expect(200);
+
+    const expectedPayload = await getRoleMock(role, [
+      permissionOne,
+      permissionTwo,
+    ]);
+
+    expect(response.body).toEqual(expectedPayload);
+  });
+});

packages/backend/src/controllers/api/v1/admin/roles/get-roles.ee.js

@@ -0,0 +1,8 @@
+import { renderObject } from '../../../../../helpers/renderer.js';
+import Role from '../../../../../models/role.js';
+
+export default async (request, response) => {
+  const roles = await Role.query().orderBy('name');
+
+  renderObject(response, roles);
+};

packages/backend/src/controllers/api/v1/admin/roles/get-roles.ee.test.js

@@ -0,0 +1,33 @@
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../../app.js';
+import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id.js';
+import { createRole } from '../../../../../../test/factories/role.js';
+import { createUser } from '../../../../../../test/factories/user.js';
+import getRolesMock from '../../../../../../test/mocks/rest/api/v1/admin/roles/get-roles.ee.js';
+import * as license from '../../../../../helpers/license.ee.js';
+
+describe('GET /api/v1/admin/roles', () => {
+  let roleOne, roleTwo, currentUser, token;
+
+  beforeEach(async () => {
+    roleOne = await createRole({ key: 'admin' });
+    roleTwo = await createRole({ key: 'user' });
+    currentUser = await createUser({ roleId: roleOne.id });
+
+    token = createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return roles', async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    const response = await request(app)
+      .get('/api/v1/admin/roles')
+      .set('Authorization', token)
+      .expect(200);
+
+    const expectedPayload = await getRolesMock([roleOne, roleTwo]);
+
+    expect(response.body).toEqual(expectedPayload);
+  });
+});

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-saml-auth-provider.ee.js

@@ -0,0 +1,10 @@
+import { renderObject } from '../../../../../helpers/renderer.js';
+import SamlAuthProvider from '../../../../../models/saml-auth-provider.ee.js';
+
+export default async (request, response) => {
+  const samlAuthProvider = await SamlAuthProvider.query()
+    .findById(request.params.samlAuthProviderId)
+    .throwIfNotFound();
+
+  renderObject(response, samlAuthProvider);
+};

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-saml-auth-provider.ee.test.js

@@ -0,0 +1,34 @@
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../../app.js';
+import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id.js';
+import { createRole } from '../../../../../../test/factories/role.js';
+import { createUser } from '../../../../../../test/factories/user.js';
+import { createSamlAuthProvider } from '../../../../../../test/factories/saml-auth-provider.ee.js';
+import getSamlAuthProviderMock from '../../../../../../test/mocks/rest/api/v1/admin/saml-auth-providers/get-saml-auth-provider.ee.js';
+import * as license from '../../../../../helpers/license.ee.js';
+
+describe('GET /api/v1/admin/saml-auth-provider/:samlAuthProviderId', () => {
+  let samlAuthProvider, currentUser, token;
+
+  beforeEach(async () => {
+    const role = await createRole({ key: 'admin' });
+    currentUser = await createUser({ roleId: role.id });
+    samlAuthProvider = await createSamlAuthProvider();
+
+    token = createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return saml auth provider with specified id', async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    const response = await request(app)
+      .get(`/api/v1/admin/saml-auth-providers/${samlAuthProvider.id}`)
+      .set('Authorization', token)
+      .expect(200);
+
+    const expectedPayload = await getSamlAuthProviderMock(samlAuthProvider);
+
+    expect(response.body).toEqual(expectedPayload);
+  });
+});

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-saml-auth-providers.ee.js

@@ -0,0 +1,11 @@
+import { renderObject } from '../../../../../helpers/renderer.js';
+import SamlAuthProvider from '../../../../../models/saml-auth-provider.ee.js';
+
+export default async (request, response) => {
+  const samlAuthProviders = await SamlAuthProvider.query().orderBy(
+    'created_at',
+    'desc'
+  );
+
+  renderObject(response, samlAuthProviders);
+};

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-saml-auth-providers.ee.test.js

@@ -0,0 +1,39 @@
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../../app.js';
+import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id.js';
+import { createRole } from '../../../../../../test/factories/role.js';
+import { createUser } from '../../../../../../test/factories/user.js';
+import { createSamlAuthProvider } from '../../../../../../test/factories/saml-auth-provider.ee.js';
+import getSamlAuthProvidersMock from '../../../../../../test/mocks/rest/api/v1/admin/saml-auth-providers/get-saml-auth-providers.ee.js';
+import * as license from '../../../../../helpers/license.ee.js';
+
+describe('GET /api/v1/admin/saml-auth-providers', () => {
+  let samlAuthProviderOne, samlAuthProviderTwo, currentUser, token;
+
+  beforeEach(async () => {
+    const role = await createRole({ key: 'admin' });
+    currentUser = await createUser({ roleId: role.id });
+
+    samlAuthProviderOne = await createSamlAuthProvider();
+    samlAuthProviderTwo = await createSamlAuthProvider();
+
+    token = createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return saml auth providers', async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    const response = await request(app)
+      .get('/api/v1/admin/saml-auth-providers')
+      .set('Authorization', token)
+      .expect(200);
+
+    const expectedPayload = await getSamlAuthProvidersMock([
+      samlAuthProviderTwo,
+      samlAuthProviderOne,
+    ]);
+
+    expect(response.body).toEqual(expectedPayload);
+  });
+});

packages/backend/src/controllers/api/v1/admin/users/get-user.ee.js

@@ -0,0 +1,13 @@
+import { renderObject } from '../../../../../helpers/renderer.js';
+import User from '../../../../../models/user.js';
+
+export default async (request, response) => {
+  const user = await User.query()
+    .withGraphFetched({
+      role: true,
+    })
+    .findById(request.params.userId)
+    .throwIfNotFound();
+
+  renderObject(response, user);
+};

packages/backend/src/controllers/api/v1/admin/users/get-user.ee.test.js

@@ -0,0 +1,34 @@
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../../app.js';
+import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id';
+import { createUser } from '../../../../../../test/factories/user';
+import { createRole } from '../../../../../../test/factories/role';
+import getUserMock from '../../../../../../test/mocks/rest/api/v1/admin/users/get-user.js';
+import * as license from '../../../../../helpers/license.ee.js';
+
+describe('GET /api/v1/admin/users/:userId', () => {
+  let currentUser, currentUserRole, anotherUser, anotherUserRole, token;
+
+  beforeEach(async () => {
+    currentUserRole = await createRole({ key: 'admin' });
+    currentUser = await createUser({ roleId: currentUserRole.id });
+
+    anotherUser = await createUser();
+    anotherUserRole = await anotherUser.$relatedQuery('role');
+
+    token = createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return specified user info', async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    const response = await request(app)
+      .get(`/api/v1/admin/users/${anotherUser.id}`)
+      .set('Authorization', token)
+      .expect(200);
+
+    const expectedPayload = getUserMock(anotherUser, anotherUserRole);
+    expect(response.body).toEqual(expectedPayload);
+  });
+});

packages/backend/src/controllers/api/v1/admin/users/get-users.ee.js

@@ -0,0 +1,15 @@
+import { renderObject } from '../../../../../helpers/renderer.js';
+import User from '../../../../../models/user.js';
+import paginateRest from '../../../../../helpers/pagination-rest.js';
+
+export default async (request, response) => {
+  const usersQuery = User.query()
+    .withGraphFetched({
+      role: true,
+    })
+    .orderBy('full_name', 'asc');
+
+  const users = await paginateRest(usersQuery, request.query.page);
+
+  renderObject(response, users);
+};

packages/backend/src/controllers/api/v1/admin/users/get-users.ee.test.js

@@ -0,0 +1,49 @@
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../../app';
+import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id';
+import { createRole } from '../../../../../../test/factories/role';
+import { createUser } from '../../../../../../test/factories/user';
+import getUsersMock from '../../../../../../test/mocks/rest/api/v1/admin/users/get-users.js';
+import * as license from '../../../../../helpers/license.ee.js';
+
+describe('GET /api/v1/admin/users', () => {
+  let currentUser, currentUserRole, anotherUser, anotherUserRole, token;
+
+  beforeEach(async () => {
+    currentUserRole = await createRole({ key: 'admin' });
+
+    currentUser = await createUser({
+      roleId: currentUserRole.id,
+      fullName: 'Current User',
+    });
+
+    anotherUserRole = await createRole({
+      key: 'anotherUser',
+      name: 'Another user role',
+    });
+
+    anotherUser = await createUser({
+      roleId: anotherUserRole.id,
+      fullName: 'Another User',
+    });
+
+    token = createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return users data', async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    const response = await request(app)
+      .get('/api/v1/admin/users')
+      .set('Authorization', token)
+      .expect(200);
+
+    const expectedResponsePayload = await getUsersMock(
+      [anotherUser, currentUser],
+      [anotherUserRole, currentUserRole]
+    );
+
+    expect(response.body).toEqual(expectedResponsePayload);
+  });
+});

packages/backend/src/controllers/api/v1/app-auth-clients/get-app-auth-client.js

@@ -0,0 +1,11 @@
+import { renderObject } from '../../../../helpers/renderer.js';
+import AppAuthClient from '../../../../models/app-auth-client.js';
+
+export default async (request, response) => {
+  const appAuthClient = await AppAuthClient.query()
+    .findById(request.params.appAuthClientId)
+    .where({ active: true })
+    .throwIfNotFound();
+
+  renderObject(response, appAuthClient);
+};

packages/backend/src/controllers/api/v1/app-auth-clients/get-app-auth-client.test.js

@@ -0,0 +1,31 @@
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../app.js';
+import createAuthTokenByUserId from '../../../../helpers/create-auth-token-by-user-id.js';
+import { createUser } from '../../../../../test/factories/user.js';
+import getAppAuthClientMock from '../../../../../test/mocks/rest/api/v1/admin/get-app-auth-client.js';
+import { createAppAuthClient } from '../../../../../test/factories/app-auth-client.js';
+import * as license from '../../../../helpers/license.ee.js';
+
+describe('GET /api/v1/app-auth-clients/:id', () => {
+  let currentUser, currentAppAuthClient, token;
+
+  beforeEach(async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    currentUser = await createUser();
+    currentAppAuthClient = await createAppAuthClient();
+
+    token = createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return specified app auth client info', async () => {
+    const response = await request(app)
+      .get(`/api/v1/app-auth-clients/${currentAppAuthClient.id}`)
+      .set('Authorization', token)
+      .expect(200);
+
+    const expectedPayload = getAppAuthClientMock(currentAppAuthClient);
+    expect(response.body).toEqual(expectedPayload);
+  });
+});

packages/backend/src/controllers/api/v1/automatisch/info.js

@@ -0,0 +1,13 @@
+import appConfig from '../../../../config/app.js';
+import { hasValidLicense } from '../../../../helpers/license.ee.js';
+import { renderObject } from '../../../../helpers/renderer.js';
+
+export default async (request, response) => {
+  const info = {
+    isCloud: appConfig.isCloud,
+    isMation: appConfig.isMation,
+    isEnterprise: await hasValidLicense(),
+  };
+
+  renderObject(response, info);
+};

packages/backend/src/controllers/api/v1/automatisch/info.test.js

@@ -0,0 +1,22 @@
+import { vi, expect, describe, it } from 'vitest';
+import request from 'supertest';
+import appConfig from '../../../../config/app.js';
+import app from '../../../../app.js';
+import infoMock from '../../../../../test/mocks/rest/api/v1/automatisch/info.js';
+import * as license from '../../../../helpers/license.ee.js';
+
+describe('GET /api/v1/automatisch/info', () => {
+  it('should return Automatisch info', async () => {
+    vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(false);
+    vi.spyOn(appConfig, 'isMation', 'get').mockReturnValue(false);
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    const response = await request(app)
+      .get('/api/v1/automatisch/info')
+      .expect(200);
+
+    const expectedPayload = infoMock();
+
+    expect(response.body).toEqual(expectedPayload);
+  });
+});

packages/backend/src/controllers/api/v1/automatisch/license.js

@@ -0,0 +1,15 @@
+import { getLicense } from '../../../../helpers/license.ee.js';
+import { renderObject } from '../../../../helpers/renderer.js';
+
+export default async (request, response) => {
+  const license = await getLicense();
+
+  const computedLicense = {
+    id: license ? license.id : null,
+    name: license ? license.name : null,
+    expireAt: license ? license.expireAt : null,
+    verified: license ? true : false,
+  };
+
+  renderObject(response, computedLicense);
+};

packages/backend/src/controllers/api/v1/automatisch/license.test.js

@@ -0,0 +1,23 @@
+import { vi, expect, describe, it } from 'vitest';
+import request from 'supertest';
+import app from '../../../../app.js';
+import licenseMock from '../../../../../test/mocks/rest/api/v1/automatisch/license.js';
+import * as license from '../../../../helpers/license.ee.js';
+
+describe('GET /api/v1/automatisch/license', () => {
+  it('should return Automatisch license info', async () => {
+    vi.spyOn(license, 'getLicense').mockResolvedValue({
+      id: '123',
+      name: 'license-name',
+      expireAt: '2025-12-31T23:59:59Z',
+    });
+
+    const response = await request(app)
+      .get('/api/v1/automatisch/license')
+      .expect(200);
+
+    const expectedPayload = licenseMock();
+
+    expect(response.body).toEqual(expectedPayload);
+  });
+});

packages/backend/src/controllers/api/v1/automatisch/notifications.js

@@ -0,0 +1,19 @@
+import { renderObject } from '../../../../helpers/renderer.js';
+import axios from '../../../../helpers/axios-with-proxy.js';
+import logger from '../../../../helpers/logger.js';
+
+const NOTIFICATIONS_URL =
+  'https://notifications.automatisch.io/notifications.json';
+
+export default async (request, response) => {
+  let notifications = [];
+
+  try {
+    const response = await axios.get(NOTIFICATIONS_URL);
+    notifications = response.data;
+  } catch (error) {
+    logger.error('Error fetching notifications API endpoint!', error);
+  }
+
+  renderObject(response, notifications);
+};

packages/backend/src/controllers/api/v1/automatisch/notifications.test.js

@@ -0,0 +1,9 @@
+import { describe, it } from 'vitest';
+import request from 'supertest';
+import app from '../../../../app.js';
+
+describe('GET /api/v1/automatisch/notifications', () => {
+  it('should return Automatisch notifications', async () => {
+    await request(app).get('/api/v1/automatisch/notifications').expect(200);
+  });
+});

packages/backend/src/controllers/api/v1/automatisch/version.js

@@ -0,0 +1,6 @@
+import appConfig from '../../../../config/app.js';
+import { renderObject } from '../../../../helpers/renderer.js';
+
+export default async (request, response) => {
+  renderObject(response, { version: appConfig.version });
+};

packages/backend/src/controllers/api/v1/automatisch/version.test.js

@@ -0,0 +1,26 @@
+import { describe, it, expect } from 'vitest';
+import request from 'supertest';
+import app from '../../../../app.js';
+
+describe('GET /api/v1/automatisch/version', () => {
+  it('should return Automatisch version', async () => {
+    const response = await request(app)
+      .get('/api/v1/automatisch/version')
+      .expect(200);
+
+    const expectedPayload = {
+      data: {
+        version: '0.10.0',
+      },
+      meta: {
+        count: 1,
+        currentPage: null,
+        isArray: false,
+        totalPages: null,
+        type: 'Object',
+      },
+    };
+
+    expect(response.body).toEqual(expectedPayload);
+  });
+});

packages/backend/src/controllers/api/v1/flows/get-flow.js

@@ -0,0 +1,11 @@
+import { renderObject } from '../../../../helpers/renderer.js';
+
+export default async (request, response) => {
+  const flow = await request.currentUser.authorizedFlows
+    .withGraphJoined({ steps: true })
+    .orderBy('steps.position', 'asc')
+    .findOne({ 'flows.id': request.params.flowId })
+    .throwIfNotFound();
+
+  renderObject(response, flow);
+};

packages/backend/src/controllers/api/v1/flows/get-flow.test.js

@@ -0,0 +1,71 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../app.js';
+import createAuthTokenByUserId from '../../../../helpers/create-auth-token-by-user-id';
+import { createUser } from '../../../../../test/factories/user';
+import { createFlow } from '../../../../../test/factories/flow';
+import { createStep } from '../../../../../test/factories/step';
+import { createPermission } from '../../../../../test/factories/permission';
+import getFlowMock from '../../../../../test/mocks/rest/api/v1/flows/get-flow';
+
+describe('GET /api/v1/flows/:flowId', () => {
+  let currentUser, currentUserRole, token;
+
+  beforeEach(async () => {
+    currentUser = await createUser();
+    currentUserRole = await currentUser.$relatedQuery('role');
+
+    token = createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return the flow data of current user', async () => {
+    const currentUserflow = await createFlow({ userId: currentUser.id });
+    const triggerStep = await createStep({ flowId: currentUserflow.id });
+    const actionStep = await createStep({ flowId: currentUserflow.id });
+
+    await createPermission({
+      action: 'read',
+      subject: 'Flow',
+      roleId: currentUserRole.id,
+      conditions: ['isCreator'],
+    });
+
+    const response = await request(app)
+      .get(`/api/v1/flows/${currentUserflow.id}`)
+      .set('Authorization', token)
+      .expect(200);
+
+    const expectedPayload = await getFlowMock(currentUserflow, [
+      triggerStep,
+      actionStep,
+    ]);
+
+    expect(response.body).toEqual(expectedPayload);
+  });
+
+  it('should return the flow data of another user', async () => {
+    const anotherUser = await createUser();
+    const anotherUserFlow = await createFlow({ userId: anotherUser.id });
+    const triggerStep = await createStep({ flowId: anotherUserFlow.id });
+    const actionStep = await createStep({ flowId: anotherUserFlow.id });
+
+    await createPermission({
+      action: 'read',
+      subject: 'Flow',
+      roleId: currentUserRole.id,
+      conditions: [],
+    });
+
+    const response = await request(app)
+      .get(`/api/v1/flows/${anotherUserFlow.id}`)
+      .set('Authorization', token)
+      .expect(200);
+
+    const expectedPayload = await getFlowMock(anotherUserFlow, [
+      triggerStep,
+      actionStep,
+    ]);
+
+    expect(response.body).toEqual(expectedPayload);
+  });
+});

packages/backend/src/controllers/api/v1/payment/get-paddle-info.ee.js

@@ -0,0 +1,8 @@
+import { renderObject } from '../../../../helpers/renderer.js';
+import Billing from '../../../../helpers/billing/index.ee.js';
+
+export default async (request, response) => {
+  const paddleInfo = Billing.paddleInfo;
+
+  renderObject(response, paddleInfo);
+};

packages/backend/src/controllers/api/v1/payment/get-paddle-info.ee.test.js

@@ -0,0 +1,33 @@
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../app.js';
+import createAuthTokenByUserId from '../../../../helpers/create-auth-token-by-user-id.js';
+import { createUser } from '../../../../../test/factories/user.js';
+import getPaddleInfoMock from '../../../../../test/mocks/rest/api/v1/payment/get-paddle-info.js';
+import appConfig from '../../../../config/app.js';
+import billing from '../../../../helpers/billing/index.ee.js';
+
+describe('GET /api/v1/payment/paddle-info', () => {
+  let user, token;
+
+  beforeEach(async () => {
+    user = await createUser();
+    token = createAuthTokenByUserId(user.id);
+
+    vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(true);
+    vi.spyOn(billing.paddleInfo, 'vendorId', 'get').mockReturnValue(
+      'sampleVendorId'
+    );
+  });
+
+  it('should return payment plans', async () => {
+    const response = await request(app)
+      .get('/api/v1/payment/paddle-info')
+      .set('Authorization', token)
+      .expect(200);
+
+    const expectedResponsePayload = await getPaddleInfoMock();
+
+    expect(response.body).toEqual(expectedResponsePayload);
+  });
+});

packages/backend/src/controllers/api/v1/payment/get-plans.ee.js

@@ -0,0 +1,8 @@
+import { renderObject } from '../../../../helpers/renderer.js';
+import Billing from '../../../../helpers/billing/index.ee.js';
+
+export default async (request, response) => {
+  const paymentPlans = Billing.paddlePlans;
+
+  renderObject(response, paymentPlans);
+};

packages/backend/src/controllers/api/v1/payment/get-plans.ee.test.js

@@ -0,0 +1,29 @@
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../app.js';
+import createAuthTokenByUserId from '../../../../helpers/create-auth-token-by-user-id.js';
+import { createUser } from '../../../../../test/factories/user.js';
+import getPaymentPlansMock from '../../../../../test/mocks/rest/api/v1/payment/get-plans.js';
+import appConfig from '../../../../config/app.js';
+
+describe('GET /api/v1/payment/plans', () => {
+  let user, token;
+
+  beforeEach(async () => {
+    user = await createUser();
+    token = createAuthTokenByUserId(user.id);
+
+    vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(true);
+  });
+
+  it('should return payment plans', async () => {
+    const response = await request(app)
+      .get('/api/v1/payment/plans')
+      .set('Authorization', token)
+      .expect(200);
+
+    const expectedResponsePayload = await getPaymentPlansMock();
+
+    expect(response.body).toEqual(expectedResponsePayload);
+  });
+});

packages/backend/src/controllers/api/v1/users/get-current-user.js

@@ -0,0 +1,5 @@
+import { renderObject } from '../../../../helpers/renderer.js';
+
+export default async (request, response) => {
+  renderObject(response, request.currentUser);
+};

packages/backend/src/controllers/api/v1/users/get-current-user.test.js

@@ -0,0 +1,26 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../app.js';
+import createAuthTokenByUserId from '../../../../helpers/create-auth-token-by-user-id';
+import { createUser } from '../../../../../test/factories/user';
+import getCurrentUserMock from '../../../../../test/mocks/rest/api/v1/users/get-current-user';
+
+describe('GET /api/v1/users/me', () => {
+  let role, currentUser, token;
+
+  beforeEach(async () => {
+    currentUser = await createUser();
+    role = await currentUser.$relatedQuery('role');
+    token = createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return current user info', async () => {
+    const response = await request(app)
+      .get('/api/v1/users/me')
+      .set('Authorization', token)
+      .expect(200);
+
+    const expectedPayload = getCurrentUserMock(currentUser, role);
+    expect(response.body).toEqual(expectedPayload);
+  });
+});

packages/backend/src/controllers/api/v1/users/get-invoices.ee.js

@@ -0,0 +1,7 @@
+import { renderObject } from '../../../../helpers/renderer.js';
+
+export default async (request, response) => {
+  const invoices = await request.currentUser.getInvoices();
+
+  renderObject(response, invoices);
+};

packages/backend/src/controllers/api/v1/users/get-invoices.ee.test.js

@@ -0,0 +1,34 @@
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+import request from 'supertest';
+import app from '../../../../app.js';
+import createAuthTokenByUserId from '../../../../helpers/create-auth-token-by-user-id';
+import { createUser } from '../../../../../test/factories/user';
+import User from '../../../../models/user';
+import getInvoicesMock from '../../../../../test/mocks/rest/api/v1/users/get-invoices.ee';
+
+describe('GET /api/v1/user/invoices', () => {
+  let currentUser, token;
+
+  beforeEach(async () => {
+    currentUser = await createUser();
+    token = createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return current user invoices', async () => {
+    const invoices = [
+      { id: 1, amount: 100, description: 'Invoice 1' },
+      { id: 2, amount: 200, description: 'Invoice 2' },
+    ];
+
+    vi.spyOn(User.prototype, 'getInvoices').mockResolvedValue(invoices);
+
+    const response = await request(app)
+      .get('/api/v1/users/invoices')
+      .set('Authorization', token)
+      .expect(200);
+
+    const expectedPayload = await getInvoicesMock(invoices);
+
+    expect(response.body).toEqual(expectedPayload);
+  });
+});

packages/backend/src/controllers/api/v1/users/get-user-trial.ee.js

@@ -0,0 +1,12 @@
+import { renderObject } from '../../../../helpers/renderer.js';
+
+export default async (request, response) => {
+  const inTrial = await request.currentUser.inTrial();
+
+  const trialInfo = {
+    inTrial,
+    expireAt: request.currentUser.trialExpiryDate,
+  };
+
+  renderObject(response, trialInfo);
+};

packages/backend/src/controllers/api/v1/users/get-user-trial.ee.test.js

@@ -0,0 +1,38 @@
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../app.js';
+import createAuthTokenByUserId from '../../../../helpers/create-auth-token-by-user-id.js';
+import { createUser } from '../../../../../test/factories/user.js';
+import getUserTrialMock from '../../../../../test/mocks/rest/api/v1/users/get-user-trial.js';
+import appConfig from '../../../../config/app.js';
+import { DateTime } from 'luxon';
+import User from '../../../../models/user.js';
+
+describe('GET /api/v1/users/:userId/trial', () => {
+  let user, token;
+
+  beforeEach(async () => {
+    const trialExpiryDate = DateTime.now().plus({ days: 30 }).toISODate();
+    user = await createUser({ trialExpiryDate });
+    token = createAuthTokenByUserId(user.id);
+
+    vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(true);
+  });
+
+  describe('should return in trial, active subscription and expire at info', () => {
+    beforeEach(async () => {
+      vi.spyOn(User.prototype, 'inTrial').mockResolvedValue(false);
+      vi.spyOn(User.prototype, 'hasActiveSubscription').mockResolvedValue(true);
+    });
+
+    it('should return null', async () => {
+      const response = await request(app)
+        .get(`/api/v1/users/${user.id}/trial`)
+        .set('Authorization', token)
+        .expect(200);
+
+      const expectedResponsePayload = await getUserTrialMock(user);
+      expect(response.body).toEqual(expectedResponsePayload);
+    });
+  });
+});

packages/backend/src/controllers/healthcheck/index.js

@@ -0,0 +1,3 @@
+export default async (request, response) => {
+  response.status(200).end();
+};

packages/backend/src/controllers/healthcheck/index.test.js

@@ -0,0 +1,9 @@
+import { describe, it } from 'vitest';
+import request from 'supertest';
+import app from '../../app.js';
+
+describe('GET /healthcheck', () => {
+  it('should return 200 response with version data', async () => {
+    await request(app).get('/healthcheck').expect(200);
+  });
+});

packages/backend/src/graphql/mutations/delete-step.js

@@ -1,8 +1,13 @@
-const deleteStep = async (_parent, params, context) => {
+import Step from '../../models/flow.js';
-  context.currentUser.can('update', 'Flow');
 
-  const step = await context.currentUser
+const deleteStep = async (_parent, params, context) => {
-    .$relatedQuery('steps')
+  const conditions = context.currentUser.can('update', 'Flow');
+  const isCreator = conditions.isCreator;
+  const allSteps = Step.query();
+  const userSteps = context.currentUser.$relatedQuery('steps');
+  const baseQuery = isCreator ? userSteps : allSteps;
+
+  const step = await baseQuery
     .withGraphFetched('flow')
     .findOne({
       'steps.id': params.input.id,

packages/backend/src/graphql/mutations/register-user.ee.js

@@ -1,7 +1,10 @@
+import appConfig from '../../config/app.js';
 import User from '../../models/user.js';
 import Role from '../../models/role.js';
 
 const registerUser = async (_parent, params) => {
+  if (!appConfig.isCloud) return;
+
   const { fullName, email, password } = params.input;
 
   const existingUser = await User.query().findOne({

packages/backend/src/graphql/queries/get-config.ee.js

@@ -1,9 +1,17 @@
+import appConfig from '../../config/app.js';
 import { hasValidLicense } from '../../helpers/license.ee.js';
 import Config from '../../models/config.js';
 
 const getConfig = async (_parent, params) => {
   if (!(await hasValidLicense())) return {};
 
+  const defaultConfig = {
+    disableNotificationsPage: appConfig.disableNotificationsPage,
+    disableFavicon: appConfig.disableFavicon,
+    additionalDrawerLink: appConfig.additionalDrawerLink,
+    additionalDrawerLinkText: appConfig.additionalDrawerLinkText,
+  };
+
   const configQuery = Config.query();
 
   if (Array.isArray(params.keys)) {
@@ -18,7 +26,7 @@ const getConfig = async (_parent, params) => {
     computedConfig[key] = value?.data;
 
     return computedConfig;
-  }, {});
+  }, defaultConfig);
 };
 
 export default getConfig;

packages/backend/src/graphql/queries/get-config.ee.test.js

@@ -2,6 +2,7 @@ import { vi, describe, it, expect, beforeEach } from 'vitest';
 import request from 'supertest';
 import app from '../../app';
 import { createConfig } from '../../../test/factories/config';
+import appConfig from '../../config/app';
 import * as license from '../../helpers/license.ee';
 
 describe('graphQL getConfig query', () => {
@@ -56,6 +57,10 @@ describe('graphQL getConfig query', () => {
               [configOne.key]: configOne.value.data,
               [configTwo.key]: configTwo.value.data,
               [configThree.key]: configThree.value.data,
+              disableNotificationsPage: false,
+              disableFavicon: false,
+              additionalDrawerLink: undefined,
+              additionalDrawerLinkText: undefined,
             },
           },
         };
@@ -82,6 +87,48 @@ describe('graphQL getConfig query', () => {
             getConfig: {
               [configOne.key]: configOne.value.data,
               [configTwo.key]: configTwo.value.data,
+              disableNotificationsPage: false,
+              disableFavicon: false,
+              additionalDrawerLink: undefined,
+              additionalDrawerLinkText: undefined,
+            },
+          },
+        };
+
+        expect(response.body).toEqual(expectedResponsePayload);
+      });
+    });
+
+    describe('and with different defaults', () => {
+      beforeEach(async () => {
+        vi.spyOn(appConfig, 'disableNotificationsPage', 'get').mockReturnValue(
+          true
+        );
+        vi.spyOn(appConfig, 'disableFavicon', 'get').mockReturnValue(true);
+        vi.spyOn(appConfig, 'additionalDrawerLink', 'get').mockReturnValue(
+          'https://automatisch.io'
+        );
+        vi.spyOn(appConfig, 'additionalDrawerLinkText', 'get').mockReturnValue(
+          'Automatisch'
+        );
+      });
+
+      it('should return custom config', async () => {
+        const response = await request(app)
+          .post('/graphql')
+          .send({ query })
+          .expect(200);
+
+        const expectedResponsePayload = {
+          data: {
+            getConfig: {
+              [configOne.key]: configOne.value.data,
+              [configTwo.key]: configTwo.value.data,
+              [configThree.key]: configThree.value.data,
+              disableNotificationsPage: true,
+              disableFavicon: true,
+              additionalDrawerLink: 'https://automatisch.io',
+              additionalDrawerLinkText: 'Automatisch',
             },
           },
         };

packages/backend/src/graphql/queries/get-current-user.test.js

@@ -6,100 +6,74 @@ import { createRole } from '../../../test/factories/role';
 import { createUser } from '../../../test/factories/user';
 
 describe('graphQL getCurrentUser query', () => {
-  describe('with unauthenticated user', () => {
+  let role, currentUser, token, requestObject;
-    it('should throw not authorized error', async () => {
-      const invalidUserToken = 'invalid-token';
 
-      const query = `
+  beforeEach(async () => {
-        query {
+    role = await createRole({
-          getCurrentUser {
+      key: 'sample',
-            id
+      name: 'sample',
-            email
-          }
-        }
-      `;
-
-      const response = await request(app)
-        .post('/graphql')
-        .set('Authorization', invalidUserToken)
-        .send({ query })
-        .expect(200);
-
-      expect(response.body.errors).toBeDefined();
-      expect(response.body.errors[0].message).toEqual('Not Authorised!');
     });
+
+    currentUser = await createUser({
+      roleId: role.id,
+    });
+
+    token = createAuthTokenByUserId(currentUser.id);
+    requestObject = request(app).post('/graphql').set('Authorization', token);
   });
 
-  describe('with authenticated user', () => {
+  it('should return user data', async () => {
-    let role, currentUser, token, requestObject;
+    const query = `
-
+      query {
-    beforeEach(async () => {
+        getCurrentUser {
-      role = await createRole({
+          id
-        key: 'sample',
+          email
-        name: 'sample',
+          fullName
-      });
+          email
-
+          createdAt
-      currentUser = await createUser({
+          updatedAt
-        roleId: role.id,
+          role {
-      });
-
-      token = createAuthTokenByUserId(currentUser.id);
-      requestObject = request(app).post('/graphql').set('Authorization', token);
-    });
-
-    it('should return user data', async () => {
-      const query = `
-        query {
-          getCurrentUser {
             id
-            email
+            name
-            fullName
-            email
-            createdAt
-            updatedAt
-            role {
-              id
-              name
-            }
           }
         }
-      `;
+      }
+    `;
 
-      const response = await requestObject.send({ query }).expect(200);
+    const response = await requestObject.send({ query }).expect(200);
 
-      const expectedResponsePayload = {
+    const expectedResponsePayload = {
-        data: {
+      data: {
-          getCurrentUser: {
+        getCurrentUser: {
-            createdAt: currentUser.createdAt.getTime().toString(),
+          createdAt: currentUser.createdAt.getTime().toString(),
-            email: currentUser.email,
+          email: currentUser.email,
-            fullName: currentUser.fullName,
+          fullName: currentUser.fullName,
-            id: currentUser.id,
+          id: currentUser.id,
-            role: { id: role.id, name: role.name },
+          role: { id: role.id, name: role.name },
-            updatedAt: currentUser.updatedAt.getTime().toString(),
+          updatedAt: currentUser.updatedAt.getTime().toString(),
-          },
         },
-      };
+      },
+    };
 
-      expect(response.body).toEqual(expectedResponsePayload);
+    expect(response.body).toEqual(expectedResponsePayload);
-    });
+  });
 
-    it('should not return user password', async () => {
+  it('should not return user password', async () => {
-      const query = `
+    const query = `
-        query {
+      query {
-          getCurrentUser {
+        getCurrentUser {
-            id
+          id
-            email
+          email
-            password
+          password
-          }
         }
-      `;
+      }
+    `;
 
-      const response = await requestObject.send({ query }).expect(400);
+    const response = await requestObject.send({ query }).expect(400);
 
-      expect(response.body.errors).toBeDefined();
+    expect(response.body.errors).toBeDefined();
-      expect(response.body.errors[0].message).toEqual(
+    expect(response.body.errors[0].message).toEqual(
-        'Cannot query field "password" on type "User".'
+      'Cannot query field "password" on type "User".'
-      );
+    );
-    });
   });
 });

packages/backend/src/graphql/queries/get-executions.test.js

@@ -40,307 +40,291 @@ describe('graphQL getExecutions query', () => {
     }
   `;
 
-  const invalidToken = 'invalid-token';
+  describe('and without correct permissions', () => {
-
-  describe('with unauthenticated user', () => {
     it('should throw not authorized error', async () => {
+      const userWithoutPermissions = await createUser();
+      const token = createAuthTokenByUserId(userWithoutPermissions.id);
+
       const response = await request(app)
         .post('/graphql')
-        .set('Authorization', invalidToken)
+        .set('Authorization', token)
         .send({ query })
         .expect(200);
 
       expect(response.body.errors).toBeDefined();
-      expect(response.body.errors[0].message).toEqual('Not Authorised!');
+      expect(response.body.errors[0].message).toEqual('Not authorized!');
     });
   });
 
-  describe('with authenticated user', () => {
+  describe('and with correct permission', () => {
-    describe('and without permissions', () => {
+    let role,
-      it('should throw not authorized error', async () => {
+      currentUser,
-        const userWithoutPermissions = await createUser();
+      anotherUser,
-        const token = createAuthTokenByUserId(userWithoutPermissions.id);
+      token,
+      flowOne,
+      stepOneForFlowOne,
+      stepTwoForFlowOne,
+      executionOne,
+      flowTwo,
+      stepOneForFlowTwo,
+      stepTwoForFlowTwo,
+      executionTwo,
+      flowThree,
+      stepOneForFlowThree,
+      stepTwoForFlowThree,
+      executionThree,
+      expectedResponseForExecutionOne,
+      expectedResponseForExecutionTwo,
+      expectedResponseForExecutionThree;
 
+    beforeEach(async () => {
+      role = await createRole({
+        key: 'sample',
+        name: 'sample',
+      });
+
+      currentUser = await createUser({
+        roleId: role.id,
+        fullName: 'Current User',
+      });
+
+      anotherUser = await createUser();
+
+      token = createAuthTokenByUserId(currentUser.id);
+
+      flowOne = await createFlow({
+        userId: currentUser.id,
+      });
+
+      stepOneForFlowOne = await createStep({
+        flowId: flowOne.id,
+      });
+
+      stepTwoForFlowOne = await createStep({
+        flowId: flowOne.id,
+      });
+
+      executionOne = await createExecution({
+        flowId: flowOne.id,
+      });
+
+      await createExecutionStep({
+        executionId: executionOne.id,
+        stepId: stepOneForFlowOne.id,
+        status: 'success',
+      });
+
+      await createExecutionStep({
+        executionId: executionOne.id,
+        stepId: stepTwoForFlowOne.id,
+        status: 'success',
+      });
+
+      flowTwo = await createFlow({
+        userId: currentUser.id,
+      });
+
+      stepOneForFlowTwo = await createStep({
+        flowId: flowTwo.id,
+      });
+
+      stepTwoForFlowTwo = await createStep({
+        flowId: flowTwo.id,
+      });
+
+      executionTwo = await createExecution({
+        flowId: flowTwo.id,
+      });
+
+      await createExecutionStep({
+        executionId: executionTwo.id,
+        stepId: stepOneForFlowTwo.id,
+        status: 'success',
+      });
+
+      await createExecutionStep({
+        executionId: executionTwo.id,
+        stepId: stepTwoForFlowTwo.id,
+        status: 'failure',
+      });
+
+      flowThree = await createFlow({
+        userId: anotherUser.id,
+      });
+
+      stepOneForFlowThree = await createStep({
+        flowId: flowThree.id,
+      });
+
+      stepTwoForFlowThree = await createStep({
+        flowId: flowThree.id,
+      });
+
+      executionThree = await createExecution({
+        flowId: flowThree.id,
+      });
+
+      await createExecutionStep({
+        executionId: executionThree.id,
+        stepId: stepOneForFlowThree.id,
+        status: 'success',
+      });
+
+      await createExecutionStep({
+        executionId: executionThree.id,
+        stepId: stepTwoForFlowThree.id,
+        status: 'failure',
+      });
+
+      expectedResponseForExecutionOne = {
+        node: {
+          createdAt: executionOne.createdAt.getTime().toString(),
+          flow: {
+            active: flowOne.active,
+            id: flowOne.id,
+            name: flowOne.name,
+            steps: [
+              {
+                iconUrl: `${appConfig.baseUrl}/apps/${stepOneForFlowOne.appKey}/assets/favicon.svg`,
+              },
+              {
+                iconUrl: `${appConfig.baseUrl}/apps/${stepTwoForFlowOne.appKey}/assets/favicon.svg`,
+              },
+            ],
+          },
+          id: executionOne.id,
+          status: 'success',
+          testRun: executionOne.testRun,
+          updatedAt: executionOne.updatedAt.getTime().toString(),
+        },
+      };
+
+      expectedResponseForExecutionTwo = {
+        node: {
+          createdAt: executionTwo.createdAt.getTime().toString(),
+          flow: {
+            active: flowTwo.active,
+            id: flowTwo.id,
+            name: flowTwo.name,
+            steps: [
+              {
+                iconUrl: `${appConfig.baseUrl}/apps/${stepTwoForFlowTwo.appKey}/assets/favicon.svg`,
+              },
+              {
+                iconUrl: `${appConfig.baseUrl}/apps/${stepTwoForFlowTwo.appKey}/assets/favicon.svg`,
+              },
+            ],
+          },
+          id: executionTwo.id,
+          status: 'failure',
+          testRun: executionTwo.testRun,
+          updatedAt: executionTwo.updatedAt.getTime().toString(),
+        },
+      };
+
+      expectedResponseForExecutionThree = {
+        node: {
+          createdAt: executionThree.createdAt.getTime().toString(),
+          flow: {
+            active: flowThree.active,
+            id: flowThree.id,
+            name: flowThree.name,
+            steps: [
+              {
+                iconUrl: `${appConfig.baseUrl}/apps/${stepOneForFlowThree.appKey}/assets/favicon.svg`,
+              },
+              {
+                iconUrl: `${appConfig.baseUrl}/apps/${stepTwoForFlowThree.appKey}/assets/favicon.svg`,
+              },
+            ],
+          },
+          id: executionThree.id,
+          status: 'failure',
+          testRun: executionThree.testRun,
+          updatedAt: executionThree.updatedAt.getTime().toString(),
+        },
+      };
+    });
+
+    describe('and with isCreator condition', () => {
+      beforeEach(async () => {
+        await createPermission({
+          action: 'read',
+          subject: 'Execution',
+          roleId: role.id,
+          conditions: ['isCreator'],
+        });
+      });
+
+      it('should return executions data of the current user', async () => {
         const response = await request(app)
           .post('/graphql')
           .set('Authorization', token)
           .send({ query })
           .expect(200);
 
-        expect(response.body.errors).toBeDefined();
+        const expectedResponsePayload = {
-        expect(response.body.errors[0].message).toEqual('Not authorized!');
+          data: {
+            getExecutions: {
+              edges: [
+                expectedResponseForExecutionTwo,
+                expectedResponseForExecutionOne,
+              ],
+              pageInfo: { currentPage: 1, totalPages: 1 },
+            },
+          },
+        };
+
+        expect(response.body).toEqual(expectedResponsePayload);
       });
     });
 
-    describe('and with correct permission', () => {
+    describe('and without isCreator condition', () => {
-      let role,
-        currentUser,
-        anotherUser,
-        token,
-        flowOne,
-        stepOneForFlowOne,
-        stepTwoForFlowOne,
-        executionOne,
-        flowTwo,
-        stepOneForFlowTwo,
-        stepTwoForFlowTwo,
-        executionTwo,
-        flowThree,
-        stepOneForFlowThree,
-        stepTwoForFlowThree,
-        executionThree,
-        expectedResponseForExecutionOne,
-        expectedResponseForExecutionTwo,
-        expectedResponseForExecutionThree;
-
       beforeEach(async () => {
-        role = await createRole({
+        await createPermission({
-          key: 'sample',
+          action: 'read',
-          name: 'sample',
+          subject: 'Execution',
-        });
-
-        currentUser = await createUser({
           roleId: role.id,
-          fullName: 'Current User',
+          conditions: [],
-        });
-
-        anotherUser = await createUser();
-
-        token = createAuthTokenByUserId(currentUser.id);
-
-        flowOne = await createFlow({
-          userId: currentUser.id,
-        });
-
-        stepOneForFlowOne = await createStep({
-          flowId: flowOne.id,
-        });
-
-        stepTwoForFlowOne = await createStep({
-          flowId: flowOne.id,
-        });
-
-        executionOne = await createExecution({
-          flowId: flowOne.id,
-        });
-
-        await createExecutionStep({
-          executionId: executionOne.id,
-          stepId: stepOneForFlowOne.id,
-          status: 'success',
-        });
-
-        await createExecutionStep({
-          executionId: executionOne.id,
-          stepId: stepTwoForFlowOne.id,
-          status: 'success',
-        });
-
-        flowTwo = await createFlow({
-          userId: currentUser.id,
-        });
-
-        stepOneForFlowTwo = await createStep({
-          flowId: flowTwo.id,
-        });
-
-        stepTwoForFlowTwo = await createStep({
-          flowId: flowTwo.id,
-        });
-
-        executionTwo = await createExecution({
-          flowId: flowTwo.id,
-        });
-
-        await createExecutionStep({
-          executionId: executionTwo.id,
-          stepId: stepOneForFlowTwo.id,
-          status: 'success',
-        });
-
-        await createExecutionStep({
-          executionId: executionTwo.id,
-          stepId: stepTwoForFlowTwo.id,
-          status: 'failure',
-        });
-
-        flowThree = await createFlow({
-          userId: anotherUser.id,
-        });
-
-        stepOneForFlowThree = await createStep({
-          flowId: flowThree.id,
-        });
-
-        stepTwoForFlowThree = await createStep({
-          flowId: flowThree.id,
-        });
-
-        executionThree = await createExecution({
-          flowId: flowThree.id,
-        });
-
-        await createExecutionStep({
-          executionId: executionThree.id,
-          stepId: stepOneForFlowThree.id,
-          status: 'success',
-        });
-
-        await createExecutionStep({
-          executionId: executionThree.id,
-          stepId: stepTwoForFlowThree.id,
-          status: 'failure',
-        });
-
-        expectedResponseForExecutionOne = {
-          node: {
-            createdAt: executionOne.createdAt.getTime().toString(),
-            flow: {
-              active: flowOne.active,
-              id: flowOne.id,
-              name: flowOne.name,
-              steps: [
-                {
-                  iconUrl: `${appConfig.baseUrl}/apps/${stepOneForFlowOne.appKey}/assets/favicon.svg`,
-                },
-                {
-                  iconUrl: `${appConfig.baseUrl}/apps/${stepTwoForFlowOne.appKey}/assets/favicon.svg`,
-                },
-              ],
-            },
-            id: executionOne.id,
-            status: 'success',
-            testRun: executionOne.testRun,
-            updatedAt: executionOne.updatedAt.getTime().toString(),
-          },
-        };
-
-        expectedResponseForExecutionTwo = {
-          node: {
-            createdAt: executionTwo.createdAt.getTime().toString(),
-            flow: {
-              active: flowTwo.active,
-              id: flowTwo.id,
-              name: flowTwo.name,
-              steps: [
-                {
-                  iconUrl: `${appConfig.baseUrl}/apps/${stepTwoForFlowTwo.appKey}/assets/favicon.svg`,
-                },
-                {
-                  iconUrl: `${appConfig.baseUrl}/apps/${stepTwoForFlowTwo.appKey}/assets/favicon.svg`,
-                },
-              ],
-            },
-            id: executionTwo.id,
-            status: 'failure',
-            testRun: executionTwo.testRun,
-            updatedAt: executionTwo.updatedAt.getTime().toString(),
-          },
-        };
-
-        expectedResponseForExecutionThree = {
-          node: {
-            createdAt: executionThree.createdAt.getTime().toString(),
-            flow: {
-              active: flowThree.active,
-              id: flowThree.id,
-              name: flowThree.name,
-              steps: [
-                {
-                  iconUrl: `${appConfig.baseUrl}/apps/${stepOneForFlowThree.appKey}/assets/favicon.svg`,
-                },
-                {
-                  iconUrl: `${appConfig.baseUrl}/apps/${stepTwoForFlowThree.appKey}/assets/favicon.svg`,
-                },
-              ],
-            },
-            id: executionThree.id,
-            status: 'failure',
-            testRun: executionThree.testRun,
-            updatedAt: executionThree.updatedAt.getTime().toString(),
-          },
-        };
-      });
-
-      describe('and with isCreator condition', () => {
-        beforeEach(async () => {
-          await createPermission({
-            action: 'read',
-            subject: 'Execution',
-            roleId: role.id,
-            conditions: ['isCreator'],
-          });
-        });
-
-        it('should return executions data of the current user', async () => {
-          const response = await request(app)
-            .post('/graphql')
-            .set('Authorization', token)
-            .send({ query })
-            .expect(200);
-
-          const expectedResponsePayload = {
-            data: {
-              getExecutions: {
-                edges: [
-                  expectedResponseForExecutionTwo,
-                  expectedResponseForExecutionOne,
-                ],
-                pageInfo: { currentPage: 1, totalPages: 1 },
-              },
-            },
-          };
-
-          expect(response.body).toEqual(expectedResponsePayload);
         });
       });
 
-      describe('and without isCreator condition', () => {
+      it('should return executions data of all users', async () => {
-        beforeEach(async () => {
+        const response = await request(app)
-          await createPermission({
+          .post('/graphql')
-            action: 'read',
+          .set('Authorization', token)
-            subject: 'Execution',
+          .send({ query })
-            roleId: role.id,
+          .expect(200);
-            conditions: [],
-          });
-        });
 
-        it('should return executions data of all users', async () => {
+        const expectedResponsePayload = {
-          const response = await request(app)
+          data: {
-            .post('/graphql')
+            getExecutions: {
-            .set('Authorization', token)
+              edges: [
-            .send({ query })
+                expectedResponseForExecutionThree,
-            .expect(200);
+                expectedResponseForExecutionTwo,
-
+                expectedResponseForExecutionOne,
-          const expectedResponsePayload = {
+              ],
-            data: {
+              pageInfo: { currentPage: 1, totalPages: 1 },
-              getExecutions: {
-                edges: [
-                  expectedResponseForExecutionThree,
-                  expectedResponseForExecutionTwo,
-                  expectedResponseForExecutionOne,
-                ],
-                pageInfo: { currentPage: 1, totalPages: 1 },
-              },
             },
-          };
+          },
+        };
 
-          expect(response.body).toEqual(expectedResponsePayload);
+        expect(response.body).toEqual(expectedResponsePayload);
+      });
+    });
+
+    describe('and with filters', () => {
+      beforeEach(async () => {
+        await createPermission({
+          action: 'read',
+          subject: 'Execution',
+          roleId: role.id,
+          conditions: [],
         });
       });
 
-      describe('and with filters', () => {
+      it('should return executions data for the specified flow', async () => {
-        beforeEach(async () => {
+        const query = `
-          await createPermission({
-            action: 'read',
-            subject: 'Execution',
-            roleId: role.id,
-            conditions: [],
-          });
-        });
-
-        it('should return executions data for the specified flow', async () => {
-          const query = `
             query {
               getExecutions(limit: 10, offset: 0, filters: { flowId: "${flowOne.id}" }) {
                 pageInfo {
@@ -368,26 +352,26 @@ describe('graphQL getExecutions query', () => {
             }
           `;
 
-          const response = await request(app)
+        const response = await request(app)
-            .post('/graphql')
+          .post('/graphql')
-            .set('Authorization', token)
+          .set('Authorization', token)
-            .send({ query })
+          .send({ query })
-            .expect(200);
+          .expect(200);
 
-          const expectedResponsePayload = {
+        const expectedResponsePayload = {
-            data: {
+          data: {
-              getExecutions: {
+            getExecutions: {
-                edges: [expectedResponseForExecutionOne],
+              edges: [expectedResponseForExecutionOne],
-                pageInfo: { currentPage: 1, totalPages: 1 },
+              pageInfo: { currentPage: 1, totalPages: 1 },
-              },
             },
-          };
+          },
+        };
 
-          expect(response.body).toEqual(expectedResponsePayload);
+        expect(response.body).toEqual(expectedResponsePayload);
-        });
+      });
 
-        it('should return only executions data with success status', async () => {
+      it('should return only executions data with success status', async () => {
-          const query = `
+        const query = `
             query {
               getExecutions(limit: 10, offset: 0, filters: { status: "success" }) {
                 pageInfo {
@@ -415,30 +399,30 @@ describe('graphQL getExecutions query', () => {
             }
           `;
 
-          const response = await request(app)
+        const response = await request(app)
-            .post('/graphql')
+          .post('/graphql')
-            .set('Authorization', token)
+          .set('Authorization', token)
-            .send({ query })
+          .send({ query })
-            .expect(200);
+          .expect(200);
 
-          const expectedResponsePayload = {
+        const expectedResponsePayload = {
-            data: {
+          data: {
-              getExecutions: {
+            getExecutions: {
-                edges: [expectedResponseForExecutionOne],
+              edges: [expectedResponseForExecutionOne],
-                pageInfo: { currentPage: 1, totalPages: 1 },
+              pageInfo: { currentPage: 1, totalPages: 1 },
-              },
             },
-          };
+          },
+        };
 
-          expect(response.body).toEqual(expectedResponsePayload);
+        expect(response.body).toEqual(expectedResponsePayload);
-        });
+      });
 
-        it('should return only executions data within date range', async () => {
+      it('should return only executions data within date range', async () => {
-          const createdAtFrom = executionOne.createdAt.getTime().toString();
+        const createdAtFrom = executionOne.createdAt.getTime().toString();
 
-          const createdAtTo = executionOne.createdAt.getTime().toString();
+        const createdAtTo = executionOne.createdAt.getTime().toString();
 
-          const query = `
+        const query = `
             query {
               getExecutions(limit: 10, offset: 0, filters: { createdAt: { from: "${createdAtFrom}", to: "${createdAtTo}" }}) {
                 pageInfo {
@@ -466,23 +450,22 @@ describe('graphQL getExecutions query', () => {
             }
           `;
 
-          const response = await request(app)
+        const response = await request(app)
-            .post('/graphql')
+          .post('/graphql')
-            .set('Authorization', token)
+          .set('Authorization', token)
-            .send({ query })
+          .send({ query })
-            .expect(200);
+          .expect(200);
 
-          const expectedResponsePayload = {
+        const expectedResponsePayload = {
-            data: {
+          data: {
-              getExecutions: {
+            getExecutions: {
-                edges: [expectedResponseForExecutionOne],
+              edges: [expectedResponseForExecutionOne],
-                pageInfo: { currentPage: 1, totalPages: 1 },
+              pageInfo: { currentPage: 1, totalPages: 1 },
-              },
             },
-          };
+          },
+        };
 
-          expect(response.body).toEqual(expectedResponsePayload);
+        expect(response.body).toEqual(expectedResponsePayload);
-        });
       });
     });
   });

packages/backend/src/graphql/queries/get-flow.test.js

@@ -40,222 +40,200 @@ describe('graphQL getFlow query', () => {
     `;
   };
 
-  describe('with unauthenticated user', () => {
+  describe('and without permissions', () => {
     it('should throw not authorized error', async () => {
-      const invalidToken = 'invalid-token';
+      const userWithoutPermissions = await createUser();
+      const token = createAuthTokenByUserId(userWithoutPermissions.id);
       const flow = await createFlow();
 
       const response = await request(app)
         .post('/graphql')
-        .set('Authorization', invalidToken)
+        .set('Authorization', token)
         .send({ query: query(flow.id) })
         .expect(200);
 
       expect(response.body.errors).toBeDefined();
-      expect(response.body.errors[0].message).toEqual('Not Authorised!');
+      expect(response.body.errors[0].message).toEqual('Not authorized!');
     });
   });
 
-  describe('with authenticated user', () => {
+  describe('and with correct permission', () => {
-    describe('and without permissions', () => {
+    let currentUser, currentUserRole, currentUserFlow;
-      it('should throw not authorized error', async () => {
+
-        const userWithoutPermissions = await createUser();
+    beforeEach(async () => {
-        const token = createAuthTokenByUserId(userWithoutPermissions.id);
+      currentUserRole = await createRole();
-        const flow = await createFlow();
+      currentUser = await createUser({ roleId: currentUserRole.id });
+      currentUserFlow = await createFlow({ userId: currentUser.id });
+    });
+
+    describe('and with isCreator condition', () => {
+      it('should return executions data of the current user', async () => {
+        await createPermission({
+          action: 'read',
+          subject: 'Flow',
+          roleId: currentUserRole.id,
+          conditions: ['isCreator'],
+        });
+
+        const triggerStep = await createStep({
+          flowId: currentUserFlow.id,
+          type: 'trigger',
+          key: 'catchRawWebhook',
+          webhookPath: `/webhooks/flows/${currentUserFlow.id}`,
+        });
+
+        const actionConnection = await createConnection({
+          userId: currentUser.id,
+          formattedData: {
+            screenName: 'Test',
+            authenticationKey: 'test key',
+          },
+        });
+
+        const actionStep = await createStep({
+          flowId: currentUserFlow.id,
+          type: 'action',
+          connectionId: actionConnection.id,
+          key: 'translateText',
+        });
+
+        const token = createAuthTokenByUserId(currentUser.id);
 
         const response = await request(app)
           .post('/graphql')
           .set('Authorization', token)
-          .send({ query: query(flow.id) })
+          .send({ query: query(currentUserFlow.id) })
           .expect(200);
 
-        expect(response.body.errors).toBeDefined();
+        const expectedResponsePayload = {
-        expect(response.body.errors[0].message).toEqual('Not authorized!');
+          data: {
+            getFlow: {
+              active: currentUserFlow.active,
+              id: currentUserFlow.id,
+              name: currentUserFlow.name,
+              status: 'draft',
+              steps: [
+                {
+                  appKey: triggerStep.appKey,
+                  connection: null,
+                  iconUrl: `${appConfig.baseUrl}/apps/${triggerStep.appKey}/assets/favicon.svg`,
+                  id: triggerStep.id,
+                  key: 'catchRawWebhook',
+                  parameters: {},
+                  position: 1,
+                  status: triggerStep.status,
+                  type: 'trigger',
+                  webhookUrl: `${appConfig.baseUrl}/webhooks/flows/${currentUserFlow.id}`,
+                },
+                {
+                  appKey: actionStep.appKey,
+                  connection: {
+                    createdAt: actionConnection.createdAt.getTime().toString(),
+                    id: actionConnection.id,
+                    verified: actionConnection.verified,
+                  },
+                  iconUrl: `${appConfig.baseUrl}/apps/${actionStep.appKey}/assets/favicon.svg`,
+                  id: actionStep.id,
+                  key: 'translateText',
+                  parameters: {},
+                  position: 1,
+                  status: actionStep.status,
+                  type: 'action',
+                  webhookUrl: 'http://localhost:3000/null',
+                },
+              ],
+            },
+          },
+        };
+
+        expect(response.body).toEqual(expectedResponsePayload);
       });
     });
 
-    describe('and with correct permission', () => {
+    describe('and without isCreator condition', () => {
-      let currentUser, currentUserRole, currentUserFlow;
+      it('should return executions data of all users', async () => {
-
+        await createPermission({
-      beforeEach(async () => {
+          action: 'read',
-        currentUserRole = await createRole();
+          subject: 'Flow',
-        currentUser = await createUser({ roleId: currentUserRole.id });
+          roleId: currentUserRole.id,
-        currentUserFlow = await createFlow({ userId: currentUser.id });
+          conditions: [],
-      });
-
-      describe('and with isCreator condition', () => {
-        it('should return executions data of the current user', async () => {
-          await createPermission({
-            action: 'read',
-            subject: 'Flow',
-            roleId: currentUserRole.id,
-            conditions: ['isCreator'],
-          });
-
-          const triggerStep = await createStep({
-            flowId: currentUserFlow.id,
-            type: 'trigger',
-            key: 'catchRawWebhook',
-            webhookPath: `/webhooks/flows/${currentUserFlow.id}`,
-          });
-
-          const actionConnection = await createConnection({
-            userId: currentUser.id,
-            formattedData: {
-              screenName: 'Test',
-              authenticationKey: 'test key',
-            },
-          });
-
-          const actionStep = await createStep({
-            flowId: currentUserFlow.id,
-            type: 'action',
-            connectionId: actionConnection.id,
-            key: 'translateText',
-          });
-
-          const token = createAuthTokenByUserId(currentUser.id);
-
-          const response = await request(app)
-            .post('/graphql')
-            .set('Authorization', token)
-            .send({ query: query(currentUserFlow.id) })
-            .expect(200);
-
-          const expectedResponsePayload = {
-            data: {
-              getFlow: {
-                active: currentUserFlow.active,
-                id: currentUserFlow.id,
-                name: currentUserFlow.name,
-                status: 'draft',
-                steps: [
-                  {
-                    appKey: triggerStep.appKey,
-                    connection: null,
-                    iconUrl: `${appConfig.baseUrl}/apps/${triggerStep.appKey}/assets/favicon.svg`,
-                    id: triggerStep.id,
-                    key: 'catchRawWebhook',
-                    parameters: {},
-                    position: 1,
-                    status: triggerStep.status,
-                    type: 'trigger',
-                    webhookUrl: `${appConfig.baseUrl}/webhooks/flows/${currentUserFlow.id}`,
-                  },
-                  {
-                    appKey: actionStep.appKey,
-                    connection: {
-                      createdAt: actionConnection.createdAt
-                        .getTime()
-                        .toString(),
-                      id: actionConnection.id,
-                      verified: actionConnection.verified,
-                    },
-                    iconUrl: `${appConfig.baseUrl}/apps/${actionStep.appKey}/assets/favicon.svg`,
-                    id: actionStep.id,
-                    key: 'translateText',
-                    parameters: {},
-                    position: 1,
-                    status: actionStep.status,
-                    type: 'action',
-                    webhookUrl: 'http://localhost:3000/null',
-                  },
-                ],
-              },
-            },
-          };
-
-          expect(response.body).toEqual(expectedResponsePayload);
         });
-      });
 
-      describe('and without isCreator condition', () => {
+        const anotherUser = await createUser();
-        it('should return executions data of all users', async () => {
+        const anotherUserFlow = await createFlow({ userId: anotherUser.id });
-          await createPermission({
-            action: 'read',
-            subject: 'Flow',
-            roleId: currentUserRole.id,
-            conditions: [],
-          });
 
-          const anotherUser = await createUser();
+        const triggerStep = await createStep({
-          const anotherUserFlow = await createFlow({ userId: anotherUser.id });
+          flowId: anotherUserFlow.id,
-
+          type: 'trigger',
-          const triggerStep = await createStep({
+          key: 'catchRawWebhook',
-            flowId: anotherUserFlow.id,
+          webhookPath: `/webhooks/flows/${anotherUserFlow.id}`,
-            type: 'trigger',
-            key: 'catchRawWebhook',
-            webhookPath: `/webhooks/flows/${anotherUserFlow.id}`,
-          });
-
-          const actionConnection = await createConnection({
-            userId: anotherUser.id,
-            formattedData: {
-              screenName: 'Test',
-              authenticationKey: 'test key',
-            },
-          });
-
-          const actionStep = await createStep({
-            flowId: anotherUserFlow.id,
-            type: 'action',
-            connectionId: actionConnection.id,
-            key: 'translateText',
-          });
-
-          const token = createAuthTokenByUserId(currentUser.id);
-
-          const response = await request(app)
-            .post('/graphql')
-            .set('Authorization', token)
-            .send({ query: query(anotherUserFlow.id) })
-            .expect(200);
-
-          const expectedResponsePayload = {
-            data: {
-              getFlow: {
-                active: anotherUserFlow.active,
-                id: anotherUserFlow.id,
-                name: anotherUserFlow.name,
-                status: 'draft',
-                steps: [
-                  {
-                    appKey: triggerStep.appKey,
-                    connection: null,
-                    iconUrl: `${appConfig.baseUrl}/apps/${triggerStep.appKey}/assets/favicon.svg`,
-                    id: triggerStep.id,
-                    key: 'catchRawWebhook',
-                    parameters: {},
-                    position: 1,
-                    status: triggerStep.status,
-                    type: 'trigger',
-                    webhookUrl: `${appConfig.baseUrl}/webhooks/flows/${anotherUserFlow.id}`,
-                  },
-                  {
-                    appKey: actionStep.appKey,
-                    connection: {
-                      createdAt: actionConnection.createdAt
-                        .getTime()
-                        .toString(),
-                      id: actionConnection.id,
-                      verified: actionConnection.verified,
-                    },
-                    iconUrl: `${appConfig.baseUrl}/apps/${actionStep.appKey}/assets/favicon.svg`,
-                    id: actionStep.id,
-                    key: 'translateText',
-                    parameters: {},
-                    position: 1,
-                    status: actionStep.status,
-                    type: 'action',
-                    webhookUrl: 'http://localhost:3000/null',
-                  },
-                ],
-              },
-            },
-          };
-
-          expect(response.body).toEqual(expectedResponsePayload);
         });
+
+        const actionConnection = await createConnection({
+          userId: anotherUser.id,
+          formattedData: {
+            screenName: 'Test',
+            authenticationKey: 'test key',
+          },
+        });
+
+        const actionStep = await createStep({
+          flowId: anotherUserFlow.id,
+          type: 'action',
+          connectionId: actionConnection.id,
+          key: 'translateText',
+        });
+
+        const token = createAuthTokenByUserId(currentUser.id);
+
+        const response = await request(app)
+          .post('/graphql')
+          .set('Authorization', token)
+          .send({ query: query(anotherUserFlow.id) })
+          .expect(200);
+
+        const expectedResponsePayload = {
+          data: {
+            getFlow: {
+              active: anotherUserFlow.active,
+              id: anotherUserFlow.id,
+              name: anotherUserFlow.name,
+              status: 'draft',
+              steps: [
+                {
+                  appKey: triggerStep.appKey,
+                  connection: null,
+                  iconUrl: `${appConfig.baseUrl}/apps/${triggerStep.appKey}/assets/favicon.svg`,
+                  id: triggerStep.id,
+                  key: 'catchRawWebhook',
+                  parameters: {},
+                  position: 1,
+                  status: triggerStep.status,
+                  type: 'trigger',
+                  webhookUrl: `${appConfig.baseUrl}/webhooks/flows/${anotherUserFlow.id}`,
+                },
+                {
+                  appKey: actionStep.appKey,
+                  connection: {
+                    createdAt: actionConnection.createdAt.getTime().toString(),
+                    id: actionConnection.id,
+                    verified: actionConnection.verified,
+                  },
+                  iconUrl: `${appConfig.baseUrl}/apps/${actionStep.appKey}/assets/favicon.svg`,
+                  id: actionStep.id,
+                  key: 'translateText',
+                  parameters: {},
+                  position: 1,
+                  status: actionStep.status,
+                  type: 'action',
+                  webhookUrl: 'http://localhost:3000/null',
+                },
+              ],
+            },
+          },
+        };
+
+        expect(response.body).toEqual(expectedResponsePayload);
       });
     });
   });

packages/backend/src/graphql/queries/get-role.ee.test.js

@@ -17,7 +17,6 @@ describe('graphQL getRole query', () => {
     userWithoutPermissions,
     tokenWithPermissions,
     tokenWithoutPermissions,
-    invalidToken,
     permissionOne,
     permissionTwo;
 
@@ -74,108 +73,91 @@ describe('graphQL getRole query', () => {
     tokenWithoutPermissions = createAuthTokenByUserId(
       userWithoutPermissions.id
     );
-
-    invalidToken = 'invalid-token';
   });
 
-  describe('with unauthenticated user', () => {
+  describe('and with valid license', () => {
-    it('should throw not authorized error', async () => {
+    beforeEach(async () => {
-      const response = await request(app)
+      vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
-        .post('/graphql')
-        .set('Authorization', invalidToken)
-        .send({ query: queryWithValidRole })
-        .expect(200);
-
-      expect(response.body.errors).toBeDefined();
-      expect(response.body.errors[0].message).toEqual('Not Authorised!');
     });
-  });
 
-  describe('with authenticated user', () => {
+    describe('and without permissions', () => {
-    describe('and with valid license', () => {
+      it('should throw not authorized error', async () => {
-      beforeEach(async () => {
+        const response = await request(app)
-        vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+          .post('/graphql')
+          .set('Authorization', tokenWithoutPermissions)
+          .send({ query: queryWithValidRole })
+          .expect(200);
+
+        expect(response.body.errors).toBeDefined();
+        expect(response.body.errors[0].message).toEqual('Not authorized!');
       });
+    });
 
-      describe('and without permissions', () => {
+    describe('and correct permissions', () => {
-        it('should throw not authorized error', async () => {
+      it('should return role data for a valid role id', async () => {
-          const response = await request(app)
+        const response = await request(app)
-            .post('/graphql')
+          .post('/graphql')
-            .set('Authorization', tokenWithoutPermissions)
+          .set('Authorization', tokenWithPermissions)
-            .send({ query: queryWithValidRole })
+          .send({ query: queryWithValidRole })
-            .expect(200);
+          .expect(200);
 
-          expect(response.body.errors).toBeDefined();
+        const expectedResponsePayload = {
-          expect(response.body.errors[0].message).toEqual('Not authorized!');
+          data: {
-        });
+            getRole: {
-      });
+              description: validRole.description,
-
+              id: validRole.id,
-      describe('and correct permissions', () => {
+              isAdmin: validRole.key === 'admin',
-        it('should return role data for a valid role id', async () => {
+              key: validRole.key,
-          const response = await request(app)
+              name: validRole.name,
-            .post('/graphql')
+              permissions: [
-            .set('Authorization', tokenWithPermissions)
+                {
-            .send({ query: queryWithValidRole })
+                  action: permissionOne.action,
-            .expect(200);
+                  conditions: permissionOne.conditions,
-
+                  id: permissionOne.id,
-          const expectedResponsePayload = {
+                  subject: permissionOne.subject,
-            data: {
+                },
-              getRole: {
+                {
-                description: validRole.description,
+                  action: permissionTwo.action,
-                id: validRole.id,
+                  conditions: permissionTwo.conditions,
-                isAdmin: validRole.key === 'admin',
+                  id: permissionTwo.id,
-                key: validRole.key,
+                  subject: permissionTwo.subject,
-                name: validRole.name,
+                },
-                permissions: [
+              ],
-                  {
-                    action: permissionOne.action,
-                    conditions: permissionOne.conditions,
-                    id: permissionOne.id,
-                    subject: permissionOne.subject,
-                  },
-                  {
-                    action: permissionTwo.action,
-                    conditions: permissionTwo.conditions,
-                    id: permissionTwo.id,
-                    subject: permissionTwo.subject,
-                  },
-                ],
-              },
             },
-          };
+          },
+        };
 
-          expect(response.body).toEqual(expectedResponsePayload);
+        expect(response.body).toEqual(expectedResponsePayload);
-        });
+      });
 
-        it('should return not found for invalid role id', async () => {
+      it('should return not found for invalid role id', async () => {
-          const response = await request(app)
+        const response = await request(app)
-            .post('/graphql')
+          .post('/graphql')
-            .set('Authorization', tokenWithPermissions)
+          .set('Authorization', tokenWithPermissions)
-            .send({ query: queryWithInvalidRole })
+          .send({ query: queryWithInvalidRole })
-            .expect(200);
+          .expect(200);
 
-          expect(response.body.errors).toBeDefined();
+        expect(response.body.errors).toBeDefined();
-          expect(response.body.errors[0].message).toEqual('NotFoundError');
+        expect(response.body.errors[0].message).toEqual('NotFoundError');
-        });
       });
     });
+  });
 
-    describe('and without valid license', () => {
+  describe('and without valid license', () => {
-      beforeEach(async () => {
+    beforeEach(async () => {
-        vi.spyOn(license, 'hasValidLicense').mockResolvedValue(false);
+      vi.spyOn(license, 'hasValidLicense').mockResolvedValue(false);
-      });
+    });
 
-      describe('and correct permissions', () => {
+    describe('and correct permissions', () => {
-        it('should throw not authorized error', async () => {
+      it('should throw not authorized error', async () => {
-          const response = await request(app)
+        const response = await request(app)
-            .post('/graphql')
+          .post('/graphql')
-            .set('Authorization', tokenWithPermissions)
+          .set('Authorization', tokenWithPermissions)
-            .send({ query: queryWithInvalidRole })
+          .send({ query: queryWithInvalidRole })
-            .expect(200);
+          .expect(200);
 
-          expect(response.body.errors).toBeDefined();
+        expect(response.body.errors).toBeDefined();
-          expect(response.body.errors[0].message).toEqual('Not authorized!');
+        expect(response.body.errors[0].message).toEqual('Not authorized!');
-        });
       });
     });
   });

packages/backend/src/graphql/queries/get-roles.ee.test.js

@@ -15,8 +15,7 @@ describe('graphQL getRoles query', () => {
     userWithPermissions,
     userWithoutPermissions,
     tokenWithPermissions,
-    tokenWithoutPermissions,
+    tokenWithoutPermissions;
-    invalidToken;
 
   beforeEach(async () => {
     currentUserRole = await createRole({ name: 'Current user role' });
@@ -53,99 +52,82 @@ describe('graphQL getRoles query', () => {
     tokenWithoutPermissions = createAuthTokenByUserId(
       userWithoutPermissions.id
     );
-
-    invalidToken = 'invalid-token';
   });
 
-  describe('with unauthenticated user', () => {
+  describe('and with valid license', () => {
-    it('should throw not authorized error', async () => {
+    beforeEach(async () => {
-      const response = await request(app)
+      vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
-        .post('/graphql')
-        .set('Authorization', invalidToken)
-        .send({ query })
-        .expect(200);
-
-      expect(response.body.errors).toBeDefined();
-      expect(response.body.errors[0].message).toEqual('Not Authorised!');
     });
-  });
 
-  describe('with authenticated user', () => {
+    describe('and without permissions', () => {
-    describe('and with valid license', () => {
+      it('should throw not authorized error', async () => {
-      beforeEach(async () => {
+        const response = await request(app)
-        vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+          .post('/graphql')
-      });
+          .set('Authorization', tokenWithoutPermissions)
+          .send({ query })
+          .expect(200);
 
-      describe('and without permissions', () => {
+        expect(response.body.errors).toBeDefined();
-        it('should throw not authorized error', async () => {
+        expect(response.body.errors[0].message).toEqual('Not authorized!');
-          const response = await request(app)
-            .post('/graphql')
-            .set('Authorization', tokenWithoutPermissions)
-            .send({ query })
-            .expect(200);
-
-          expect(response.body.errors).toBeDefined();
-          expect(response.body.errors[0].message).toEqual('Not authorized!');
-        });
-      });
-
-      describe('and correct permissions', () => {
-        it('should return roles data', async () => {
-          const response = await request(app)
-            .post('/graphql')
-            .set('Authorization', tokenWithPermissions)
-            .send({ query })
-            .expect(200);
-
-          const expectedResponsePayload = {
-            data: {
-              getRoles: [
-                {
-                  description: currentUserRole.description,
-                  id: currentUserRole.id,
-                  isAdmin: currentUserRole.key === 'admin',
-                  key: currentUserRole.key,
-                  name: currentUserRole.name,
-                },
-                {
-                  description: roleOne.description,
-                  id: roleOne.id,
-                  isAdmin: roleOne.key === 'admin',
-                  key: roleOne.key,
-                  name: roleOne.name,
-                },
-                {
-                  description: roleSecond.description,
-                  id: roleSecond.id,
-                  isAdmin: roleSecond.key === 'admin',
-                  key: roleSecond.key,
-                  name: roleSecond.name,
-                },
-              ],
-            },
-          };
-
-          expect(response.body).toEqual(expectedResponsePayload);
-        });
       });
     });
 
-    describe('and without valid license', () => {
+    describe('and correct permissions', () => {
-      beforeEach(async () => {
+      it('should return roles data', async () => {
-        vi.spyOn(license, 'hasValidLicense').mockResolvedValue(false);
+        const response = await request(app)
+          .post('/graphql')
+          .set('Authorization', tokenWithPermissions)
+          .send({ query })
+          .expect(200);
+
+        const expectedResponsePayload = {
+          data: {
+            getRoles: [
+              {
+                description: currentUserRole.description,
+                id: currentUserRole.id,
+                isAdmin: currentUserRole.key === 'admin',
+                key: currentUserRole.key,
+                name: currentUserRole.name,
+              },
+              {
+                description: roleOne.description,
+                id: roleOne.id,
+                isAdmin: roleOne.key === 'admin',
+                key: roleOne.key,
+                name: roleOne.name,
+              },
+              {
+                description: roleSecond.description,
+                id: roleSecond.id,
+                isAdmin: roleSecond.key === 'admin',
+                key: roleSecond.key,
+                name: roleSecond.name,
+              },
+            ],
+          },
+        };
+
+        expect(response.body).toEqual(expectedResponsePayload);
       });
+    });
+  });
 
-      describe('and correct permissions', () => {
+  describe('and without valid license', () => {
-        it('should throw not authorized error', async () => {
+    beforeEach(async () => {
-          const response = await request(app)
+      vi.spyOn(license, 'hasValidLicense').mockResolvedValue(false);
-            .post('/graphql')
+    });
-            .set('Authorization', tokenWithPermissions)
-            .send({ query })
-            .expect(200);
 
-          expect(response.body.errors).toBeDefined();
+    describe('and correct permissions', () => {
-          expect(response.body.errors[0].message).toEqual('Not authorized!');
+      it('should throw not authorized error', async () => {
-        });
+        const response = await request(app)
+          .post('/graphql')
+          .set('Authorization', tokenWithPermissions)
+          .send({ query })
+          .expect(200);
+
+        expect(response.body.errors).toBeDefined();
+        expect(response.body.errors[0].message).toEqual('Not authorized!');
       });
     });
   });

packages/backend/src/graphql/queries/get-trial-status.ee.test.js

@@ -16,34 +16,46 @@ describe('graphQL getTrialStatus query', () => {
     }
   `;
 
-  const invalidToken = 'invalid-token';
+  let user, userToken;
 
-  describe('with unauthenticated user', () => {
+  beforeEach(async () => {
-    it('should throw not authorized error', async () => {
+    const trialExpiryDate = DateTime.now().plus({ days: 30 }).toISODate();
+
+    user = await createUser({ trialExpiryDate });
+    userToken = createAuthTokenByUserId(user.id);
+  });
+
+  describe('and with cloud flag disabled', () => {
+    beforeEach(async () => {
+      vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(false);
+    });
+
+    it('should return null', async () => {
       const response = await request(app)
         .post('/graphql')
-        .set('Authorization', invalidToken)
+        .set('Authorization', userToken)
         .send({ query })
         .expect(200);
 
-      expect(response.body.errors).toBeDefined();
+      const expectedResponsePayload = {
-      expect(response.body.errors[0].message).toEqual('Not Authorised!');
+        data: { getTrialStatus: null },
+      };
+
+      expect(response.body).toEqual(expectedResponsePayload);
     });
   });
 
-  describe('with authenticated user', () => {
+  describe('and with cloud flag enabled', () => {
-    let user, userToken;
-
     beforeEach(async () => {
-      const trialExpiryDate = DateTime.now().plus({ days: 30 }).toISODate();
+      vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(true);
-
-      user = await createUser({ trialExpiryDate });
-      userToken = createAuthTokenByUserId(user.id);
     });
 
-    describe('and with cloud flag disabled', () => {
+    describe('and not in trial and has active subscription', () => {
       beforeEach(async () => {
-        vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(false);
+        vi.spyOn(User.prototype, 'inTrial').mockResolvedValue(false);
+        vi.spyOn(User.prototype, 'hasActiveSubscription').mockResolvedValue(
+          true
+        );
       });
 
       it('should return null', async () => {
@@ -61,56 +73,27 @@ describe('graphQL getTrialStatus query', () => {
       });
     });
 
-    describe('and with cloud flag enabled', () => {
+    describe('and in trial period', () => {
       beforeEach(async () => {
-        vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(true);
+        vi.spyOn(User.prototype, 'inTrial').mockResolvedValue(true);
       });
 
-      describe('and not in trial and has active subscription', () => {
+      it('should return null', async () => {
-        beforeEach(async () => {
+        const response = await request(app)
-          vi.spyOn(User.prototype, 'inTrial').mockResolvedValue(false);
+          .post('/graphql')
-          vi.spyOn(User.prototype, 'hasActiveSubscription').mockResolvedValue(
+          .set('Authorization', userToken)
-            true
+          .send({ query })
-          );
+          .expect(200);
-        });
 
-        it('should return null', async () => {
+        const expectedResponsePayload = {
-          const response = await request(app)
+          data: {
-            .post('/graphql')
+            getTrialStatus: {
-            .set('Authorization', userToken)
+              expireAt: new Date(user.trialExpiryDate).getTime().toString(),
-            .send({ query })
-            .expect(200);
-
-          const expectedResponsePayload = {
-            data: { getTrialStatus: null },
-          };
-
-          expect(response.body).toEqual(expectedResponsePayload);
-        });
-      });
-
-      describe('and in trial period', () => {
-        beforeEach(async () => {
-          vi.spyOn(User.prototype, 'inTrial').mockResolvedValue(true);
-        });
-
-        it('should return null', async () => {
-          const response = await request(app)
-            .post('/graphql')
-            .set('Authorization', userToken)
-            .send({ query })
-            .expect(200);
-
-          const expectedResponsePayload = {
-            data: {
-              getTrialStatus: {
-                expireAt: new Date(user.trialExpiryDate).getTime().toString(),
-              },
             },
-          };
+          },
+        };
 
-          expect(response.body).toEqual(expectedResponsePayload);
+        expect(response.body).toEqual(expectedResponsePayload);
-        });
       });
     });
   });

packages/backend/src/graphql/queries/get-user.test.js

@@ -8,37 +8,12 @@ import { createPermission } from '../../../test/factories/permission';
 import { createUser } from '../../../test/factories/user';
 
 describe('graphQL getUser query', () => {
-  describe('with unauthenticated user', () => {
+  describe('and without permissions', () => {
     it('should throw not authorized error', async () => {
-      const invalidUserId = '123123123';
+      const userWithoutPermissions = await createUser();
+      const anotherUser = await createUser();
 
       const query = `
-        query {
-          getUser(id: "${invalidUserId}") {
-            id
-            email
-          }
-        }
-      `;
-
-      const response = await request(app)
-        .post('/graphql')
-        .set('Authorization', 'invalid-token')
-        .send({ query })
-        .expect(200);
-
-      expect(response.body.errors).toBeDefined();
-      expect(response.body.errors[0].message).toEqual('Not Authorised!');
-    });
-  });
-
-  describe('with authenticated user', () => {
-    describe('and without permissions', () => {
-      it('should throw not authorized error', async () => {
-        const userWithoutPermissions = await createUser();
-        const anotherUser = await createUser();
-
-        const query = `
           query {
             getUser(id: "${anotherUser.id}") {
               id
@@ -47,50 +22,48 @@ describe('graphQL getUser query', () => {
           }
         `;
 
-        const token = createAuthTokenByUserId(userWithoutPermissions.id);
+      const token = createAuthTokenByUserId(userWithoutPermissions.id);
 
-        const response = await request(app)
+      const response = await request(app)
-          .post('/graphql')
+        .post('/graphql')
-          .set('Authorization', token)
+        .set('Authorization', token)
-          .send({ query })
+        .send({ query })
-          .expect(200);
+        .expect(200);
 
-        expect(response.body.errors).toBeDefined();
+      expect(response.body.errors).toBeDefined();
-        expect(response.body.errors[0].message).toEqual('Not authorized!');
+      expect(response.body.errors[0].message).toEqual('Not authorized!');
+    });
+  });
+
+  describe('and correct permissions', () => {
+    let role, currentUser, anotherUser, token, requestObject;
+
+    beforeEach(async () => {
+      role = await createRole({
+        key: 'sample',
+        name: 'sample',
       });
+
+      await createPermission({
+        action: 'read',
+        subject: 'User',
+        roleId: role.id,
+      });
+
+      currentUser = await createUser({
+        roleId: role.id,
+      });
+
+      anotherUser = await createUser({
+        roleId: role.id,
+      });
+
+      token = createAuthTokenByUserId(currentUser.id);
+      requestObject = request(app).post('/graphql').set('Authorization', token);
     });
 
-    describe('and correct permissions', () => {
+    it('should return user data for a valid user id', async () => {
-      let role, currentUser, anotherUser, token, requestObject;
+      const query = `
-
-      beforeEach(async () => {
-        role = await createRole({
-          key: 'sample',
-          name: 'sample',
-        });
-
-        await createPermission({
-          action: 'read',
-          subject: 'User',
-          roleId: role.id,
-        });
-
-        currentUser = await createUser({
-          roleId: role.id,
-        });
-
-        anotherUser = await createUser({
-          roleId: role.id,
-        });
-
-        token = createAuthTokenByUserId(currentUser.id);
-        requestObject = request(app)
-          .post('/graphql')
-          .set('Authorization', token);
-      });
-
-      it('should return user data for a valid user id', async () => {
-        const query = `
           query {
             getUser(id: "${anotherUser.id}") {
               id
@@ -107,26 +80,26 @@ describe('graphQL getUser query', () => {
           }
         `;
 
-        const response = await requestObject.send({ query }).expect(200);
+      const response = await requestObject.send({ query }).expect(200);
 
-        const expectedResponsePayload = {
+      const expectedResponsePayload = {
-          data: {
+        data: {
-            getUser: {
+          getUser: {
-              createdAt: anotherUser.createdAt.getTime().toString(),
+            createdAt: anotherUser.createdAt.getTime().toString(),
-              email: anotherUser.email,
+            email: anotherUser.email,
-              fullName: anotherUser.fullName,
+            fullName: anotherUser.fullName,
-              id: anotherUser.id,
+            id: anotherUser.id,
-              role: { id: role.id, name: role.name },
+            role: { id: role.id, name: role.name },
-              updatedAt: anotherUser.updatedAt.getTime().toString(),
+            updatedAt: anotherUser.updatedAt.getTime().toString(),
-            },
           },
-        };
+        },
+      };
 
-        expect(response.body).toEqual(expectedResponsePayload);
+      expect(response.body).toEqual(expectedResponsePayload);
-      });
+    });
 
-      it('should not return user password for a valid user id', async () => {
+    it('should not return user password for a valid user id', async () => {
-        const query = `
+      const query = `
           query {
             getUser(id: "${anotherUser.id}") {
               id
@@ -136,18 +109,18 @@ describe('graphQL getUser query', () => {
           }
         `;
 
-        const response = await requestObject.send({ query }).expect(400);
+      const response = await requestObject.send({ query }).expect(400);
 
-        expect(response.body.errors).toBeDefined();
+      expect(response.body.errors).toBeDefined();
-        expect(response.body.errors[0].message).toEqual(
+      expect(response.body.errors[0].message).toEqual(
-          'Cannot query field "password" on type "User".'
+        'Cannot query field "password" on type "User".'
-        );
+      );
-      });
+    });
 
-      it('should return not found for invalid user id', async () => {
+    it('should return not found for invalid user id', async () => {
-        const invalidUserId = Crypto.randomUUID();
+      const invalidUserId = Crypto.randomUUID();
 
-        const query = `
+      const query = `
           query {
             getUser(id: "${invalidUserId}") {
               id
@@ -164,11 +137,10 @@ describe('graphQL getUser query', () => {
           }
         `;
 
-        const response = await requestObject.send({ query }).expect(200);
+      const response = await requestObject.send({ query }).expect(200);
 
-        expect(response.body.errors).toBeDefined();
+      expect(response.body.errors).toBeDefined();
-        expect(response.body.errors[0].message).toEqual('NotFoundError');
+      expect(response.body.errors[0].message).toEqual('NotFoundError');
-      });
     });
   });
 });

packages/backend/src/graphql/queries/get-users.test.js

@@ -30,111 +30,95 @@ describe('graphQL getUsers query', () => {
     }
   `;
 
-  describe('with unauthenticated user', () => {
+  describe('and without permissions', () => {
     it('should throw not authorized error', async () => {
+      const userWithoutPermissions = await createUser();
+      const token = createAuthTokenByUserId(userWithoutPermissions.id);
+
       const response = await request(app)
         .post('/graphql')
-        .set('Authorization', 'invalid-token')
+        .set('Authorization', token)
         .send({ query })
         .expect(200);
 
       expect(response.body.errors).toBeDefined();
-      expect(response.body.errors[0].message).toEqual('Not Authorised!');
+      expect(response.body.errors[0].message).toEqual('Not authorized!');
     });
   });
 
-  describe('with authenticated user', () => {
+  describe('and with correct permissions', () => {
-    describe('and without permissions', () => {
+    let role, currentUser, anotherUser, token, requestObject;
-      it('should throw not authorized error', async () => {
-        const userWithoutPermissions = await createUser();
-        const token = createAuthTokenByUserId(userWithoutPermissions.id);
 
-        const response = await request(app)
+    beforeEach(async () => {
-          .post('/graphql')
+      role = await createRole({
-          .set('Authorization', token)
+        key: 'sample',
-          .send({ query })
+        name: 'sample',
-          .expect(200);
-
-        expect(response.body.errors).toBeDefined();
-        expect(response.body.errors[0].message).toEqual('Not authorized!');
       });
+
+      await createPermission({
+        action: 'read',
+        subject: 'User',
+        roleId: role.id,
+      });
+
+      currentUser = await createUser({
+        roleId: role.id,
+        fullName: 'Current User',
+      });
+
+      anotherUser = await createUser({
+        roleId: role.id,
+        fullName: 'Another User',
+      });
+
+      token = createAuthTokenByUserId(currentUser.id);
+      requestObject = request(app).post('/graphql').set('Authorization', token);
     });
 
-    describe('and with correct permissions', () => {
+    it('should return users data', async () => {
-      let role, currentUser, anotherUser, token, requestObject;
+      const response = await requestObject.send({ query }).expect(200);
 
-      beforeEach(async () => {
+      const expectedResponsePayload = {
-        role = await createRole({
+        data: {
-          key: 'sample',
+          getUsers: {
-          name: 'sample',
+            edges: [
-        });
+              {
-
+                node: {
-        await createPermission({
+                  email: anotherUser.email,
-          action: 'read',
+                  fullName: anotherUser.fullName,
-          subject: 'User',
+                  id: anotherUser.id,
-          roleId: role.id,
+                  role: {
-        });
+                    id: role.id,
-
+                    name: role.name,
-        currentUser = await createUser({
-          roleId: role.id,
-          fullName: 'Current User',
-        });
-
-        anotherUser = await createUser({
-          roleId: role.id,
-          fullName: 'Another User',
-        });
-
-        token = createAuthTokenByUserId(currentUser.id);
-        requestObject = request(app)
-          .post('/graphql')
-          .set('Authorization', token);
-      });
-
-      it('should return users data', async () => {
-        const response = await requestObject.send({ query }).expect(200);
-
-        const expectedResponsePayload = {
-          data: {
-            getUsers: {
-              edges: [
-                {
-                  node: {
-                    email: anotherUser.email,
-                    fullName: anotherUser.fullName,
-                    id: anotherUser.id,
-                    role: {
-                      id: role.id,
-                      name: role.name,
-                    },
                   },
                 },
-                {
-                  node: {
-                    email: currentUser.email,
-                    fullName: currentUser.fullName,
-                    id: currentUser.id,
-                    role: {
-                      id: role.id,
-                      name: role.name,
-                    },
-                  },
-                },
-              ],
-              pageInfo: {
-                currentPage: 1,
-                totalPages: 1,
               },
-              totalCount: 2,
+              {
+                node: {
+                  email: currentUser.email,
+                  fullName: currentUser.fullName,
+                  id: currentUser.id,
+                  role: {
+                    id: role.id,
+                    name: role.name,
+                  },
+                },
+              },
+            ],
+            pageInfo: {
+              currentPage: 1,
+              totalPages: 1,
             },
+            totalCount: 2,
           },
-        };
+        },
+      };
 
-        expect(response.body).toEqual(expectedResponsePayload);
+      expect(response.body).toEqual(expectedResponsePayload);
-      });
+    });
 
-      it('should not return users data with password', async () => {
+    it('should not return users data with password', async () => {
-        const query = `
+      const query = `
           query {
             getUsers(limit: 10, offset: 0) {
               pageInfo {
@@ -153,13 +137,12 @@ describe('graphQL getUsers query', () => {
           }
         `;
 
-        const response = await requestObject.send({ query }).expect(400);
+      const response = await requestObject.send({ query }).expect(400);
 
-        expect(response.body.errors).toBeDefined();
+      expect(response.body.errors).toBeDefined();
-        expect(response.body.errors[0].message).toEqual(
+      expect(response.body.errors[0].message).toEqual(
-          'Cannot query field "password" on type "User".'
+        'Cannot query field "password" on type "User".'
-        );
+      );
-      });
     });
   });
 });

packages/backend/src/helpers/authentication.js

@@ -3,7 +3,7 @@ import jwt from 'jsonwebtoken';
 import appConfig from '../config/app.js';
 import User from '../models/user.js';
 
-const isAuthenticated = rule()(async (_parent, _args, req) => {
+export const isAuthenticated = async (_parent, _args, req) => {
   const token = req.headers['authorization'];
 
   if (token == null) return false;
@@ -20,35 +20,47 @@ const isAuthenticated = rule()(async (_parent, _args, req) => {
       .withGraphFetched({
         role: true,
         permissions: true,
-      });
+      })
+      .throwIfNotFound();
 
     return true;
   } catch (error) {
     return false;
   }
-});
+};
 
-const authentication = shield(
+export const authenticateUser = async (request, response, next) => {
-  {
+  if (await isAuthenticated(null, null, request)) {
-    Query: {
+    next();
-      '*': isAuthenticated,
+  } else {
-      getAutomatischInfo: allow,
+    return response.status(401).end();
-      getConfig: allow,
-      getNotifications: allow,
-      healthcheck: allow,
-      listSamlAuthProviders: allow,
-    },
-    Mutation: {
-      '*': isAuthenticated,
-      forgotPassword: allow,
-      login: allow,
-      registerUser: allow,
-      resetPassword: allow,
-    },
-  },
-  {
-    allowExternalErrors: true,
   }
-);
+};
+
+const isAuthenticatedRule = rule()(isAuthenticated);
+
+export const authenticationRules = {
+  Query: {
+    '*': isAuthenticatedRule,
+    getAutomatischInfo: allow,
+    getConfig: allow,
+    getNotifications: allow,
+    healthcheck: allow,
+    listSamlAuthProviders: allow,
+  },
+  Mutation: {
+    '*': isAuthenticatedRule,
+    forgotPassword: allow,
+    login: allow,
+    registerUser: allow,
+    resetPassword: allow,
+  },
+};
+
+const authenticationOptions = {
+  allowExternalErrors: true,
+};
+
+const authentication = shield(authenticationRules, authenticationOptions);
 
 export default authentication;

packages/backend/src/helpers/authentication.test.js

@@ -0,0 +1,72 @@
+import { describe, it, expect } from 'vitest';
+import { allow } from 'graphql-shield';
+import { isAuthenticated, authenticationRules } from './authentication.js';
+import { createUser } from '../../test/factories/user.js';
+import createAuthTokenByUserId from '../helpers/create-auth-token-by-user-id.js';
+
+describe('isAuthenticated', () => {
+  it('should return false if no token is provided', async () => {
+    const req = { headers: {} };
+    expect(await isAuthenticated(null, null, req)).toBe(false);
+  });
+
+  it('should return false if token is invalid', async () => {
+    const req = { headers: { authorization: 'invalidToken' } };
+    expect(await isAuthenticated(null, null, req)).toBe(false);
+  });
+
+  it('should return true if token is valid and there is a user', async () => {
+    const user = await createUser();
+    const token = createAuthTokenByUserId(user.id);
+
+    const req = { headers: { authorization: token } };
+    expect(await isAuthenticated(null, null, req)).toBe(true);
+  });
+
+  it('should return false if token is valid and but there is no user', async () => {
+    const user = await createUser();
+    const token = createAuthTokenByUserId(user.id);
+    await user.$query().delete();
+
+    const req = { headers: { authorization: token } };
+    expect(await isAuthenticated(null, null, req)).toBe(false);
+  });
+});
+
+describe('authentication rules', () => {
+  const getQueryAndMutationNames = (rules) => {
+    const queries = Object.keys(rules.Query || {});
+    const mutations = Object.keys(rules.Mutation || {});
+    return { queries, mutations };
+  };
+
+  const { queries, mutations } = getQueryAndMutationNames(authenticationRules);
+
+  describe('for queries', () => {
+    queries.forEach((query) => {
+      it(`should apply correct rule for query: ${query}`, () => {
+        const ruleApplied = authenticationRules.Query[query];
+
+        if (query === '*') {
+          expect(ruleApplied.func).toBe(isAuthenticated);
+        } else {
+          expect(ruleApplied).toEqual(allow);
+        }
+      });
+    });
+  });
+
+  describe('for mutations', () => {
+    mutations.forEach((mutation) => {
+      it(`should apply correct rule for mutation: ${mutation}`, () => {
+        const ruleApplied = authenticationRules.Mutation[mutation];
+
+        if (mutation === '*') {
+          expect(ruleApplied.func).toBe(isAuthenticated);
+        } else {
+          expect(ruleApplied).toBe(allow);
+        }
+      });
+    });
+  });
+});

packages/backend/src/helpers/authorization.js

@@ -0,0 +1,37 @@
+const authorizationList = {
+  'GET /api/v1/users/:userId': {
+    action: 'read',
+    subject: 'User',
+  },
+  'GET /api/v1/users/': {
+    action: 'read',
+    subject: 'User',
+  },
+  'GET /api/v1/flows/:flowId': {
+    action: 'read',
+    subject: 'Flow',
+  },
+};
+
+export const authorizeUser = async (request, response, next) => {
+  const currentRoute =
+    request.method + ' ' + request.baseUrl + request.route.path;
+  const currentRouteRule = authorizationList[currentRoute];
+
+  try {
+    request.currentUser.can(currentRouteRule.action, currentRouteRule.subject);
+    next();
+  } catch (error) {
+    return response.status(403).end();
+  }
+};
+
+export const authorizeAdmin = async (request, response, next) => {
+  const role = await request.currentUser.$relatedQuery('role');
+
+  if (role?.isAdmin) {
+    next();
+  } else {
+    return response.status(403).end();
+  }
+};

packages/backend/src/helpers/check-is-cloud.js

@@ -0,0 +1,11 @@
+import appConfig from '../config/app.js';
+
+export const checkIsCloud = async (request, response, next) => {
+  if (appConfig.isCloud) {
+    next();
+  } else {
+    return response.status(404).end();
+  }
+};
+
+export default checkIsCloud;

packages/backend/src/helpers/check-is-enterprise.js

@@ -0,0 +1,9 @@
+import { hasValidLicense } from './license.ee.js';
+
+export const checkIsEnterprise = async (request, response, next) => {
+  if (await hasValidLicense()) {
+    next();
+  } else {
+    return response.status(404).end();
+  }
+};

packages/backend/src/helpers/compile-email.ee.js

@@ -1,6 +1,9 @@
-import * as path from 'path';
+import path from 'path';
-import * as fs from 'fs';
+import fs from 'fs';
-import * as handlebars from 'handlebars';
+import handlebars from 'handlebars';
+import { fileURLToPath } from 'url';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
 
 const compileEmail = (emailPath, replacements = {}) => {
   const filePath = path.join(__dirname, `../views/emails/${emailPath}.ee.hbs`);

packages/backend/src/helpers/logger.js

@@ -4,8 +4,8 @@ import appConfig from '../config/app.js';
 const levels = {
   error: 0,
   warn: 1,
-  info: 2,
+  http: 2,
-  http: 3,
+  info: 3,
   debug: 4,
 };
 

packages/backend/src/helpers/pagination-rest.js

@@ -0,0 +1,25 @@
+const paginateRest = async (query, page) => {
+  const pageSize = 10;
+
+  page = parseInt(page, 10);
+
+  if (isNaN(page) || page < 1) {
+    page = 1;
+  }
+
+  const [records, count] = await Promise.all([
+    query.limit(pageSize).offset((page - 1) * pageSize),
+    query.resultSize(),
+  ]);
+
+  return {
+    pageInfo: {
+      currentPage: page,
+      totalPages: Math.ceil(count / pageSize),
+    },
+    totalCount: count,
+    records,
+  };
+};
+
+export default paginateRest;

packages/backend/src/helpers/renderer.js

@@ -0,0 +1,45 @@
+import serializers from '../serializers/index.js';
+
+const isPaginated = (object) =>
+  object?.pageInfo &&
+  object?.totalCount !== undefined &&
+  Array.isArray(object?.records);
+
+const isArray = (object) =>
+  Array.isArray(object) || Array.isArray(object?.records);
+
+const totalCount = (object) =>
+  isPaginated(object) ? object.totalCount : isArray(object) ? object.length : 1;
+
+const renderObject = (response, object) => {
+  let data = isPaginated(object) ? object.records : object;
+
+  const type = isPaginated(object)
+    ? object.records[0].constructor.name
+    : Array.isArray(object)
+    ? object?.[0]?.constructor?.name || 'Object'
+    : object.constructor.name;
+
+  const serializer = serializers[type];
+
+  if (serializer) {
+    data = Array.isArray(data)
+      ? data.map((item) => serializer(item))
+      : serializer(data);
+  }
+
+  const computedPayload = {
+    data,
+    meta: {
+      type,
+      count: totalCount(object),
+      isArray: isArray(object),
+      currentPage: isPaginated(object) ? object.pageInfo.currentPage : null,
+      totalPages: isPaginated(object) ? object.pageInfo.totalPages : null,
+    },
+  };
+
+  return response.json(computedPayload);
+};
+
+export { renderObject };

packages/backend/src/helpers/web-ui-handler.js

@@ -15,7 +15,7 @@ const webUIHandler = async (app) => {
   app.use(express.static(webBuildPath));
 
   app.get('*', (_req, res) => {
-    res.set('Content-Security-Policy', 'frame-ancestors: none;');
+    res.set('Content-Security-Policy', 'frame-ancestors \'none\';');
     res.set('X-Frame-Options', 'DENY');
 
     res.sendFile(indexHtml);

packages/backend/src/models/user.js

@@ -15,6 +15,7 @@ import Role from './role.js';
 import Step from './step.js';
 import Subscription from './subscription.ee.js';
 import UsageData from './usage-data.ee.js';
+import Billing from '../helpers/billing/index.ee.js';
 
 class User extends Base {
   static tableName = 'users';
@@ -143,6 +144,11 @@ class User extends Base {
     },
   });
 
+  get authorizedFlows() {
+    const conditions = this.can('read', 'Flow');
+    return conditions.isCreator ? this.$relatedQuery('flows') : Flow.query();
+  }
+
   login(password) {
     return bcrypt.compare(password, this.password);
   }
@@ -237,6 +243,20 @@ class User extends Base {
     return currentUsageData.consumedTaskCount < plan.quota;
   }
 
+  async getInvoices() {
+    const subscription = await this.$relatedQuery('currentSubscription');
+
+    if (!subscription) {
+      return [];
+    }
+
+    const invoices = await Billing.paddleClient.getInvoices(
+      Number(subscription.paddleSubscriptionId)
+    );
+
+    return invoices;
+  }
+
   async $beforeInsert(queryContext) {
     await super.$beforeInsert(queryContext);
 

packages/backend/src/queues/action.js

@@ -15,11 +15,17 @@ process.on('SIGTERM', async () => {
   await actionQueue.close();
 });
 
-actionQueue.on('error', (err) => {
+actionQueue.on('error', (error) => {
-  if (err.code === CONNECTION_REFUSED) {
+  if (error.code === CONNECTION_REFUSED) {
-    logger.error('Make sure you have installed Redis and it is running.', err);
+    logger.error(
+      'Make sure you have installed Redis and it is running.',
+      error
+    );
+
     process.exit();
   }
+
+  logger.error('Error happened in action queue!', error);
 });
 
 export default actionQueue;

packages/backend/src/queues/delete-user.ee.js

@@ -15,11 +15,17 @@ process.on('SIGTERM', async () => {
   await deleteUserQueue.close();
 });
 
-deleteUserQueue.on('error', (err) => {
+deleteUserQueue.on('error', (error) => {
-  if (err.code === CONNECTION_REFUSED) {
+  if (error.code === CONNECTION_REFUSED) {
-    logger.error('Make sure you have installed Redis and it is running.', err);
+    logger.error(
+      'Make sure you have installed Redis and it is running.',
+      error
+    );
+
     process.exit();
   }
+
+  logger.error('Error happened in delete user queue!', error);
 });
 
 export default deleteUserQueue;

packages/backend/src/queues/email.js

@@ -15,11 +15,17 @@ process.on('SIGTERM', async () => {
   await emailQueue.close();
 });
 
-emailQueue.on('error', (err) => {
+emailQueue.on('error', (error) => {
-  if (err.code === CONNECTION_REFUSED) {
+  if (error.code === CONNECTION_REFUSED) {
-    logger.error('Make sure you have installed Redis and it is running.', err);
+    logger.error(
+      'Make sure you have installed Redis and it is running.',
+      error
+    );
+
     process.exit();
   }
+
+  logger.error('Error happened in email queue!', error);
 });
 
 export default emailQueue;

packages/backend/src/queues/flow.js

@@ -15,11 +15,17 @@ process.on('SIGTERM', async () => {
   await flowQueue.close();
 });
 
-flowQueue.on('error', (err) => {
+flowQueue.on('error', (error) => {
-  if (err.code === CONNECTION_REFUSED) {
+  if (error.code === CONNECTION_REFUSED) {
-    logger.error('Make sure you have installed Redis and it is running.', err);
+    logger.error(
+      'Make sure you have installed Redis and it is running.',
+      error
+    );
+
     process.exit();
   }
+
+  logger.error('Error happened in flow queue!', error);
 });
 
 export default flowQueue;

packages/backend/src/queues/remove-cancelled-subscriptions.ee.js

@@ -18,11 +18,20 @@ process.on('SIGTERM', async () => {
   await removeCancelledSubscriptionsQueue.close();
 });
 
-removeCancelledSubscriptionsQueue.on('error', (err) => {
+removeCancelledSubscriptionsQueue.on('error', (error) => {
-  if (err.code === CONNECTION_REFUSED) {
+  if (error.code === CONNECTION_REFUSED) {
-    logger.error('Make sure you have installed Redis and it is running.', err);
+    logger.error(
+      'Make sure you have installed Redis and it is running.',
+      error
+    );
+
     process.exit();
   }
+
+  logger.error(
+    'Error happened in remove cancelled subscriptions queue!',
+    error
+  );
 });
 
 removeCancelledSubscriptionsQueue.add('remove-cancelled-subscriptions', null, {

packages/backend/src/queues/trigger.js

@@ -15,11 +15,17 @@ process.on('SIGTERM', async () => {
   await triggerQueue.close();
 });
 
-triggerQueue.on('error', (err) => {
+triggerQueue.on('error', (error) => {
-  if (err.code === CONNECTION_REFUSED) {
+  if (error.code === CONNECTION_REFUSED) {
-    logger.error('Make sure you have installed Redis and it is running.', err);
+    logger.error(
+      'Make sure you have installed Redis and it is running.',
+      error
+    );
+
     process.exit();
   }
+
+  logger.error('Error happened in trigger queue!', error);
 });
 
 export default triggerQueue;

packages/backend/src/routes/api/v1/admin/app-auth-clients.js

@@ -0,0 +1,18 @@
+import { Router } from 'express';
+import asyncHandler from 'express-async-handler';
+import { authenticateUser } from '../../../../helpers/authentication.js';
+import { authorizeAdmin } from '../../../../helpers/authorization.js';
+import { checkIsEnterprise } from '../../../../helpers/check-is-enterprise.js';
+import getAdminAppAuthClientsAction from '../../../../controllers/api/v1/admin/app-auth-clients/get-app-auth-client.js';
+
+const router = Router();
+
+router.get(
+  '/:appAuthClientId',
+  authenticateUser,
+  authorizeAdmin,
+  checkIsEnterprise,
+  asyncHandler(getAdminAppAuthClientsAction)
+);
+
+export default router;

packages/backend/src/routes/api/v1/admin/permissions.ee.js

@@ -0,0 +1,18 @@
+import { Router } from 'express';
+import asyncHandler from 'express-async-handler';
+import { authenticateUser } from '../../../../helpers/authentication.js';
+import { authorizeAdmin } from '../../../../helpers/authorization.js';
+import { checkIsEnterprise } from '../../../../helpers/check-is-enterprise.js';
+import getPermissionsCatalogAction from '../../../../controllers/api/v1/admin/permissions/get-permissions-catalog.ee.js';
+
+const router = Router();
+
+router.get(
+  '/catalog',
+  authenticateUser,
+  authorizeAdmin,
+  checkIsEnterprise,
+  asyncHandler(getPermissionsCatalogAction)
+);
+
+export default router;

packages/backend/src/routes/api/v1/admin/roles.ee.js

@@ -0,0 +1,27 @@
+import { Router } from 'express';
+import asyncHandler from 'express-async-handler';
+import { authenticateUser } from '../../../../helpers/authentication.js';
+import { authorizeAdmin } from '../../../../helpers/authorization.js';
+import { checkIsEnterprise } from '../../../../helpers/check-is-enterprise.js';
+import getRolesAction from '../../../../controllers/api/v1/admin/roles/get-roles.ee.js';
+import getRoleAction from '../../../../controllers/api/v1/admin/roles/get-role.ee.js';
+
+const router = Router();
+
+router.get(
+  '/',
+  authenticateUser,
+  authorizeAdmin,
+  checkIsEnterprise,
+  asyncHandler(getRolesAction)
+);
+
+router.get(
+  '/:roleId',
+  authenticateUser,
+  authorizeAdmin,
+  checkIsEnterprise,
+  asyncHandler(getRoleAction)
+);
+
+export default router;

packages/backend/src/routes/api/v1/admin/saml-auth-providers.ee.js

@@ -0,0 +1,27 @@
+import { Router } from 'express';
+import asyncHandler from 'express-async-handler';
+import { authenticateUser } from '../../../../helpers/authentication.js';
+import { authorizeAdmin } from '../../../../helpers/authorization.js';
+import { checkIsEnterprise } from '../../../../helpers/check-is-enterprise.js';
+import getSamlAuthProvidersAction from '../../../../controllers/api/v1/admin/saml-auth-providers/get-saml-auth-providers.ee.js';
+import getSamlAuthProviderAction from '../../../../controllers/api/v1/admin/saml-auth-providers/get-saml-auth-provider.ee.js';
+
+const router = Router();
+
+router.get(
+  '/',
+  authenticateUser,
+  authorizeAdmin,
+  checkIsEnterprise,
+  asyncHandler(getSamlAuthProvidersAction)
+);
+
+router.get(
+  '/:samlAuthProviderId',
+  authenticateUser,
+  authorizeAdmin,
+  checkIsEnterprise,
+  asyncHandler(getSamlAuthProviderAction)
+);
+
+export default router;

packages/backend/src/routes/api/v1/admin/users.ee.js

@@ -0,0 +1,27 @@
+import { Router } from 'express';
+import asyncHandler from 'express-async-handler';
+import { authenticateUser } from '../../../../helpers/authentication.js';
+import { authorizeAdmin } from '../../../../helpers/authorization.js';
+import { checkIsEnterprise } from '../../../../helpers/check-is-enterprise.js';
+import getUsersAction from '../../../../controllers/api/v1/admin/users/get-users.ee.js';
+import getUserAction from '../../../../controllers/api/v1/admin/users/get-user.ee.js';
+
+const router = Router();
+
+router.get(
+  '/',
+  authenticateUser,
+  authorizeAdmin,
+  checkIsEnterprise,
+  asyncHandler(getUsersAction)
+);
+
+router.get(
+  '/:userId',
+  authenticateUser,
+  authorizeAdmin,
+  checkIsEnterprise,
+  asyncHandler(getUserAction)
+);
+
+export default router;

packages/backend/src/routes/api/v1/app-auth-clients.js

@@ -0,0 +1,16 @@
+import { Router } from 'express';
+import asyncHandler from 'express-async-handler';
+import { authenticateUser } from '../../../helpers/authentication.js';
+import { checkIsEnterprise } from '../../../helpers/check-is-enterprise.js';
+import getAppAuthClientAction from '../../../controllers/api/v1/app-auth-clients/get-app-auth-client.js';
+
+const router = Router();
+
+router.get(
+  '/:appAuthClientId',
+  authenticateUser,
+  checkIsEnterprise,
+  asyncHandler(getAppAuthClientAction)
+);
+
+export default router;

packages/backend/src/routes/api/v1/automatisch.js

@@ -0,0 +1,15 @@
+import { Router } from 'express';
+import asyncHandler from 'express-async-handler';
+import versionAction from '../../../controllers/api/v1/automatisch/version.js';
+import notificationsAction from '../../../controllers/api/v1/automatisch/notifications.js';
+import infoAction from '../../../controllers/api/v1/automatisch/info.js';
+import licenseAction from '../../../controllers/api/v1/automatisch/license.js';
+
+const router = Router();
+
+router.get('/version', asyncHandler(versionAction));
+router.get('/notifications', asyncHandler(notificationsAction));
+router.get('/info', asyncHandler(infoAction));
+router.get('/license', asyncHandler(licenseAction));
+
+export default router;

packages/backend/src/routes/api/v1/flows.js

@@ -0,0 +1,16 @@
+import { Router } from 'express';
+import asyncHandler from 'express-async-handler';
+import { authenticateUser } from '../../../helpers/authentication.js';
+import { authorizeUser } from '../../../helpers/authorization.js';
+import getFlowAction from '../../../controllers/api/v1/flows/get-flow.js';
+
+const router = Router();
+
+router.get(
+  '/:flowId',
+  authenticateUser,
+  authorizeUser,
+  asyncHandler(getFlowAction)
+);
+
+export default router;

packages/backend/src/routes/api/v1/payment.ee.js

@@ -0,0 +1,24 @@
+import { Router } from 'express';
+import asyncHandler from 'express-async-handler';
+import { authenticateUser } from '../../../helpers/authentication.js';
+import checkIsCloud from '../../../helpers/check-is-cloud.js';
+import getPlansAction from '../../../controllers/api/v1/payment/get-plans.ee.js';
+import getPaddleInfoAction from '../../../controllers/api/v1/payment/get-paddle-info.ee.js';
+
+const router = Router();
+
+router.get(
+  '/plans',
+  authenticateUser,
+  checkIsCloud,
+  asyncHandler(getPlansAction)
+);
+
+router.get(
+  '/paddle-info',
+  authenticateUser,
+  checkIsCloud,
+  asyncHandler(getPaddleInfoAction)
+);
+
+export default router;

packages/backend/src/routes/api/v1/users.js

@@ -0,0 +1,26 @@
+import { Router } from 'express';
+import asyncHandler from 'express-async-handler';
+import { authenticateUser } from '../../../helpers/authentication.js';
+import checkIsCloud from '../../../helpers/check-is-cloud.js';
+import getCurrentUserAction from '../../../controllers/api/v1/users/get-current-user.js';
+import getUserTrialAction from '../../../controllers/api/v1/users/get-user-trial.ee.js';
+import getInvoicesAction from '../../../controllers/api/v1/users/get-invoices.ee.js';
+
+const router = Router();
+
+router.get('/me', authenticateUser, asyncHandler(getCurrentUserAction));
+router.get(
+  '/invoices',
+  authenticateUser,
+  checkIsCloud,
+  asyncHandler(getInvoicesAction)
+);
+
+router.get(
+  '/:userId/trial',
+  authenticateUser,
+  checkIsCloud,
+  asyncHandler(getUserTrialAction)
+);
+
+export default router;

packages/backend/src/routes/healthcheck.js

@@ -0,0 +1,9 @@
+import { Router } from 'express';
+import asyncHandler from 'express-async-handler';
+import indexAction from '../controllers/healthcheck/index.js';
+
+const router = Router();
+
+router.get('/', asyncHandler(indexAction));
+
+export default router;

packages/backend/src/routes/index.js

@@ -2,11 +2,33 @@ import { Router } from 'express';
 import graphQLInstance from '../helpers/graphql-instance.js';
 import webhooksRouter from './webhooks.js';
 import paddleRouter from './paddle.ee.js';
+import healthcheckRouter from './healthcheck.js';
+import automatischRouter from './api/v1/automatisch.js';
+import usersRouter from './api/v1/users.js';
+import paymentRouter from './api/v1/payment.ee.js';
+import appAuthClientsRouter from './api/v1/app-auth-clients.js';
+import flowsRouter from './api/v1/flows.js';
+import samlAuthProvidersRouter from './api/v1/admin/saml-auth-providers.ee.js';
+import rolesRouter from './api/v1/admin/roles.ee.js';
+import permissionsRouter from './api/v1/admin/permissions.ee.js';
+import adminUsersRouter from './api/v1/admin/users.ee.js';
+import adminAppAuthClientsRouter from './api/v1/admin/app-auth-clients.js';
 
 const router = Router();
 
 router.use('/graphql', graphQLInstance);
 router.use('/webhooks', webhooksRouter);
 router.use('/paddle', paddleRouter);
+router.use('/healthcheck', healthcheckRouter);
+router.use('/api/v1/automatisch', automatischRouter);
+router.use('/api/v1/users', usersRouter);
+router.use('/api/v1/payment', paymentRouter);
+router.use('/api/v1/app-auth-clients', appAuthClientsRouter);
+router.use('/api/v1/flows', flowsRouter);
+router.use('/api/v1/admin/saml-auth-providers', samlAuthProvidersRouter);
+router.use('/api/v1/admin/roles', rolesRouter);
+router.use('/api/v1/admin/permissions', permissionsRouter);
+router.use('/api/v1/admin/users', adminUsersRouter);
+router.use('/api/v1/admin/app-auth-clients', adminAppAuthClientsRouter);
 
 export default router;