chore(deps): Bump nodemailer from 6.7.0 to 6.9.9

Bumps [nodemailer](https://github.com/nodemailer/nodemailer) from 6.7.0 to 6.9.9.
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodemailer/nodemailer/compare/v6.7.0...v6.9.9)

---
updated-dependencies:
- dependency-name: nodemailer
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

.devcontainer/devcontainer.json

@@ -8,7 +8,7 @@
       "version": "latest"
     },
     "ghcr.io/devcontainers/features/node:1": {
-      "version": 16
+      "version": 20
     },
     "ghcr.io/devcontainers/features/common-utils:1": {
       "username": "vscode",

packages/backend/package.json

@@ -33,7 +33,6 @@
     "axios": "1.6.0",
     "bcrypt": "^5.0.1",
     "bullmq": "^3.0.0",
-    "copyfiles": "^2.4.1",
     "cors": "^2.8.5",
     "crypto-js": "^4.1.1",
     "debug": "~2.6.9",
@@ -45,7 +44,6 @@
     "graphql-middleware": "^6.1.15",
     "graphql-shield": "^7.5.0",
     "graphql-tools": "^8.2.0",
-    "graphql-type-json": "^0.3.2",
     "handlebars": "^4.7.7",
     "http-errors": "~1.6.3",
     "http-proxy-agent": "^7.0.0",
@@ -59,7 +57,7 @@
     "morgan": "^1.10.0",
     "multer": "1.4.5-lts.1",
     "node-html-markdown": "^1.3.0",
-    "nodemailer": "6.7.0",
+    "nodemailer": "6.9.9",
     "oauth-1.0a": "^2.2.6",
     "objection": "^3.0.0",
     "passport": "^0.6.0",
@@ -68,7 +66,6 @@
     "pluralize": "^8.0.0",
     "raw-body": "^2.5.2",
     "showdown": "^2.1.0",
-    "stripe": "^11.13.0",
     "winston": "^3.7.1",
     "xmlrpc": "^1.3.2"
   },

packages/backend/src/apps/formatter/actions/text/index.js

@@ -1,5 +1,6 @@
 import defineAction from '../../../../helpers/define-action.js';
 
+import base64ToString from './transformers/base64-to-string.js';
 import capitalize from './transformers/capitalize.js';
 import extractEmailAddress from './transformers/extract-email-address.js';
 import extractNumber from './transformers/extract-number.js';
@@ -8,10 +9,12 @@ import lowercase from './transformers/lowercase.js';
 import markdownToHtml from './transformers/markdown-to-html.js';
 import pluralize from './transformers/pluralize.js';
 import replace from './transformers/replace.js';
+import stringToBase64 from './transformers/string-to-base64.js';
 import trimWhitespace from './transformers/trim-whitespace.js';
 import useDefaultValue from './transformers/use-default-value.js';
 
 const transformers = {
+  base64ToString,
   capitalize,
   extractEmailAddress,
   extractNumber,
@@ -20,6 +23,7 @@ const transformers = {
   markdownToHtml,
   pluralize,
   replace,
+  stringToBase64,
   trimWhitespace,
   useDefaultValue,
 };
@@ -37,6 +41,7 @@ export default defineAction({
       required: true,
       variables: true,
       options: [
+        { label: 'Base64 to String', value: 'base64ToString' },
         { label: 'Capitalize', value: 'capitalize' },
         { label: 'Convert HTML to Markdown', value: 'htmlToMarkdown' },
         { label: 'Convert Markdown to HTML', value: 'markdownToHtml' },
@@ -45,6 +50,7 @@ export default defineAction({
         { label: 'Lowercase', value: 'lowercase' },
         { label: 'Pluralize', value: 'pluralize' },
         { label: 'Replace', value: 'replace' },
+        { label: 'String to Base64', value: 'stringToBase64' },
         { label: 'Trim Whitespace', value: 'trimWhitespace' },
         { label: 'Use Default Value', value: 'useDefaultValue' },
       ],

packages/backend/src/apps/formatter/actions/text/transformers/base64-to-string.js

@@ -0,0 +1,8 @@
+const base64ToString = ($) => {
+  const input = $.step.parameters.input;
+  const decodedString = Buffer.from(input, 'base64').toString('utf8');
+
+  return decodedString;
+};
+
+export default base64ToString;

packages/backend/src/apps/formatter/actions/text/transformers/string-to-base64.js

@@ -0,0 +1,8 @@
+const stringtoBase64 = ($) => {
+  const input = $.step.parameters.input;
+  const base64String = Buffer.from(input).toString('base64');
+
+  return base64String;
+};
+
+export default stringtoBase64;

packages/backend/src/apps/formatter/dynamic-fields/list-transform-options/index.js

@@ -1,3 +1,4 @@
+import base64ToString from './text/base64-to-string.js';
 import capitalize from './text/capitalize.js';
 import extractEmailAddress from './text/extract-email-address.js';
 import extractNumber from './text/extract-number.js';
@@ -6,6 +7,7 @@ import lowercase from './text/lowercase.js';
 import markdownToHtml from './text/markdown-to-html.js';
 import pluralize from './text/pluralize.js';
 import replace from './text/replace.js';
+import stringToBase64 from './text/string-to-base64.js';
 import trimWhitespace from './text/trim-whitespace.js';
 import useDefaultValue from './text/use-default-value.js';
 import performMathOperation from './numbers/perform-math-operation.js';
@@ -15,6 +17,7 @@ import formatPhoneNumber from './numbers/format-phone-number.js';
 import formatDateTime from './date-time/format-date-time.js';
 
 const options = {
+  base64ToString,
   capitalize,
   extractEmailAddress,
   extractNumber,
@@ -23,6 +26,7 @@ const options = {
   markdownToHtml,
   pluralize,
   replace,
+  stringToBase64,
   trimWhitespace,
   useDefaultValue,
   performMathOperation,

packages/backend/src/apps/formatter/dynamic-fields/list-transform-options/text/base64-to-string.js

@@ -0,0 +1,12 @@
+const base64ToString = [
+  {
+    label: 'Input',
+    key: 'input',
+    type: 'string',
+    required: true,
+    description: 'Text that will be converted from Base64 to string.',
+    variables: true,
+  },
+];
+
+export default base64ToString;

packages/backend/src/apps/formatter/dynamic-fields/list-transform-options/text/string-to-base64.js

@@ -0,0 +1,12 @@
+const stringToBase64 = [
+  {
+    label: 'Input',
+    key: 'input',
+    type: 'string',
+    required: true,
+    description: 'Text that will be converted to Base64.',
+    variables: true,
+  },
+];
+
+export default stringToBase64;

packages/backend/src/config/app.js

@@ -18,7 +18,9 @@ const port = process.env.PORT || '3000';
 const serveWebAppSeparately =
   process.env.SERVE_WEB_APP_SEPARATELY === 'true' ? true : false;
 
-let apiUrl = new URL(`${protocol}://${host}:${port}`).toString();
+let apiUrl = new URL(
+  process.env.API_URL || `${protocol}://${host}:${port}`
+).toString();
 apiUrl = apiUrl.substring(0, apiUrl.length - 1);
 
 // use apiUrl by default, which has less priority over the following cases
@@ -88,6 +90,10 @@ const appConfig = {
   licenseKey: process.env.LICENSE_KEY,
   sentryDsn: process.env.SENTRY_DSN,
   CI: process.env.CI === 'true',
+  disableNotificationsPage: process.env.DISABLE_NOTIFICATIONS_PAGE === 'true',
+  disableFavicon: process.env.DISABLE_FAVICON === 'true',
+  additionalDrawerLink: process.env.ADDITIONAL_DRAWER_LINK,
+  additionalDrawerLinkText: process.env.ADDITIONAL_DRAWER_LINK_TEXT,
 };
 
 if (!appConfig.encryptionKey) {

packages/backend/src/controllers/api/v1/automatisch/version.js

@@ -0,0 +1,6 @@
+import appConfig from '../../../../config/app.js';
+import { renderObject } from '../../../../helpers/renderer.js';
+
+export default async (request, response) => {
+  renderObject(response, { version: appConfig.version });
+};

packages/backend/src/controllers/api/v1/automatisch/version.test.js

@@ -0,0 +1,26 @@
+import { describe, it, expect } from 'vitest';
+import request from 'supertest';
+import app from '../../../../app.js';
+
+describe('GET /api/v1/automatisch/version', () => {
+  it('should return Automatisch version', async () => {
+    const response = await request(app)
+      .get('/api/v1/automatisch/version')
+      .expect(200);
+
+    const expectedPayload = {
+      data: {
+        version: '0.10.0',
+      },
+      meta: {
+        count: 1,
+        currentPage: null,
+        isArray: false,
+        totalPages: null,
+        type: 'Object',
+      },
+    };
+
+    expect(response.body).toEqual(expectedPayload);
+  });
+});

packages/backend/src/controllers/api/v1/users/get-current-user.js

@@ -0,0 +1,5 @@
+import { renderObject } from '../../../../helpers/renderer.js';
+
+export default async (request, response) => {
+  renderObject(response, request.currentUser);
+};

packages/backend/src/controllers/api/v1/users/get-current-user.test.js

@@ -0,0 +1,26 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../app.js';
+import createAuthTokenByUserId from '../../../../helpers/create-auth-token-by-user-id';
+import { createUser } from '../../../../../test/factories/user';
+import getCurrentUserMock from '../../../../../test/mocks/rest/api/v1/users/get-current-user';
+
+describe('GET /api/v1/users/me', () => {
+  let role, currentUser, token;
+
+  beforeEach(async () => {
+    currentUser = await createUser();
+    role = await currentUser.$relatedQuery('role');
+    token = createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return current user info', async () => {
+    const response = await request(app)
+      .get('/api/v1/users/me')
+      .set('Authorization', token)
+      .expect(200);
+
+    const expectedPayload = getCurrentUserMock(currentUser, role);
+    expect(response.body).toEqual(expectedPayload);
+  });
+});

packages/backend/src/controllers/api/v1/users/get-user-trial.ee.js

@@ -0,0 +1,12 @@
+import { renderObject } from '../../../../helpers/renderer.js';
+
+export default async (request, response) => {
+  const inTrial = await request.currentUser.inTrial();
+
+  const trialInfo = {
+    inTrial,
+    expireAt: request.currentUser.trialExpiryDate,
+  };
+
+  renderObject(response, trialInfo);
+};

packages/backend/src/controllers/api/v1/users/get-user-trial.ee.test.js

@@ -0,0 +1,38 @@
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../app.js';
+import createAuthTokenByUserId from '../../../../helpers/create-auth-token-by-user-id.js';
+import { createUser } from '../../../../../test/factories/user.js';
+import getUserTrialMock from '../../../../../test/mocks/rest/api/v1/users/get-user-trial.js';
+import appConfig from '../../../../config/app.js';
+import { DateTime } from 'luxon';
+import User from '../../../../models/user.js';
+
+describe('GET /api/v1/users/:userId/trial', () => {
+  let user, token;
+
+  beforeEach(async () => {
+    const trialExpiryDate = DateTime.now().plus({ days: 30 }).toISODate();
+    user = await createUser({ trialExpiryDate });
+    token = createAuthTokenByUserId(user.id);
+
+    vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(true);
+  });
+
+  describe('should return in trial, active subscription and expire at info', () => {
+    beforeEach(async () => {
+      vi.spyOn(User.prototype, 'inTrial').mockResolvedValue(false);
+      vi.spyOn(User.prototype, 'hasActiveSubscription').mockResolvedValue(true);
+    });
+
+    it('should return null', async () => {
+      const response = await request(app)
+        .get(`/api/v1/users/${user.id}/trial`)
+        .set('Authorization', token)
+        .expect(200);
+
+      const expectedResponsePayload = await getUserTrialMock(user);
+      expect(response.body).toEqual(expectedResponsePayload);
+    });
+  });
+});

packages/backend/src/controllers/api/v1/users/get-user.js

@@ -0,0 +1,16 @@
+import { renderObject } from '../../../../helpers/renderer.js';
+import User from '../../../../models/user.js';
+
+export default async (request, response) => {
+  const user = await User.query()
+    .leftJoinRelated({
+      role: true,
+    })
+    .withGraphFetched({
+      role: true,
+    })
+    .findById(request.params.userId)
+    .throwIfNotFound();
+
+  renderObject(response, user);
+};

packages/backend/src/controllers/api/v1/users/get-user.test.js

@@ -0,0 +1,36 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../app.js';
+import createAuthTokenByUserId from '../../../../helpers/create-auth-token-by-user-id';
+import { createUser } from '../../../../../test/factories/user';
+import { createPermission } from '../../../../../test/factories/permission';
+import getUserMock from '../../../../../test/mocks/rest/api/v1/users/get-user';
+
+describe('GET /api/v1/users/:userId', () => {
+  let currentUser, currentUserRole, anotherUser, anotherUserRole, token;
+
+  beforeEach(async () => {
+    currentUser = await createUser();
+    anotherUser = await createUser();
+    currentUserRole = await currentUser.$relatedQuery('role');
+    anotherUserRole = await anotherUser.$relatedQuery('role');
+
+    await createPermission({
+      roleId: currentUserRole.id,
+      action: 'read',
+      subject: 'User',
+    });
+
+    token = createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return specified user info', async () => {
+    const response = await request(app)
+      .get(`/api/v1/users/${anotherUser.id}`)
+      .set('Authorization', token)
+      .expect(200);
+
+    const expectedPayload = getUserMock(anotherUser, anotherUserRole);
+    expect(response.body).toEqual(expectedPayload);
+  });
+});

packages/backend/src/controllers/api/v1/users/get-users.js

@@ -0,0 +1,18 @@
+import { renderObject } from '../../../../helpers/renderer.js';
+import User from '../../../../models/user.js';
+import paginateRest from '../../../../helpers/pagination-rest.js';
+
+export default async (request, response) => {
+  const usersQuery = User.query()
+    .leftJoinRelated({
+      role: true,
+    })
+    .withGraphFetched({
+      role: true,
+    })
+    .orderBy('full_name', 'asc');
+
+  const users = await paginateRest(usersQuery, request.query.page);
+
+  renderObject(response, users);
+};

packages/backend/src/controllers/api/v1/users/get-users.test.js

@@ -0,0 +1,56 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../app';
+import createAuthTokenByUserId from '../../../../helpers/create-auth-token-by-user-id';
+import { createRole } from '../../../../../test/factories/role';
+import { createPermission } from '../../../../../test/factories/permission';
+import { createUser } from '../../../../../test/factories/user';
+import getUsersMock from '../../../../../test/mocks/rest/api/v1/users/get-users';
+
+describe('GET /api/v1/users', () => {
+  let currentUser, currentUserRole, anotherUser, anotherUserRole, token;
+
+  beforeEach(async () => {
+    currentUserRole = await createRole({
+      key: 'currentUser',
+      name: 'Current user role',
+    });
+
+    await createPermission({
+      action: 'read',
+      subject: 'User',
+      roleId: currentUserRole.id,
+    });
+
+    currentUser = await createUser({
+      roleId: currentUserRole.id,
+      fullName: 'Current User',
+    });
+
+    anotherUserRole = await createRole({
+      key: 'anotherUser',
+      name: 'Another user role',
+    });
+
+    anotherUser = await createUser({
+      roleId: anotherUserRole.id,
+      fullName: 'Another User',
+    });
+
+    token = createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return users data', async () => {
+    const response = await request(app)
+      .get('/api/v1/users')
+      .set('Authorization', token)
+      .expect(200);
+
+    const expectedResponsePayload = await getUsersMock(
+      [anotherUser, currentUser],
+      [anotherUserRole, currentUserRole]
+    );
+
+    expect(response.body).toEqual(expectedResponsePayload);
+  });
+});

packages/backend/src/controllers/healthcheck/index.js

@@ -0,0 +1,3 @@
+export default async (request, response) => {
+  response.status(200).end();
+};

packages/backend/src/controllers/healthcheck/index.test.js

@@ -0,0 +1,9 @@
+import { describe, it } from 'vitest';
+import request from 'supertest';
+import app from '../../app.js';
+
+describe('GET /healthcheck', () => {
+  it('should return 200 response with version data', async () => {
+    await request(app).get('/healthcheck').expect(200);
+  });
+});

packages/backend/src/graphql/mutations/register-user.ee.js

@@ -1,7 +1,10 @@
+import appConfig from '../../config/app.js';
 import User from '../../models/user.js';
 import Role from '../../models/role.js';
 
 const registerUser = async (_parent, params) => {
+  if (!appConfig.isCloud) return;
+
   const { fullName, email, password } = params.input;
 
   const existingUser = await User.query().findOne({

packages/backend/src/graphql/queries/get-config.ee.js

@@ -1,9 +1,17 @@
+import appConfig from '../../config/app.js';
 import { hasValidLicense } from '../../helpers/license.ee.js';
 import Config from '../../models/config.js';
 
 const getConfig = async (_parent, params) => {
   if (!(await hasValidLicense())) return {};
 
+  const defaultConfig = {
+    disableNotificationsPage: appConfig.disableNotificationsPage,
+    disableFavicon: appConfig.disableFavicon,
+    additionalDrawerLink: appConfig.additionalDrawerLink,
+    additionalDrawerLinkText: appConfig.additionalDrawerLinkText,
+  };
+
   const configQuery = Config.query();
 
   if (Array.isArray(params.keys)) {
@@ -18,7 +26,7 @@ const getConfig = async (_parent, params) => {
     computedConfig[key] = value?.data;
 
     return computedConfig;
-  }, {});
+  }, defaultConfig);
 };
 
 export default getConfig;

packages/backend/src/graphql/queries/get-config.ee.test.js

@@ -2,6 +2,7 @@ import { vi, describe, it, expect, beforeEach } from 'vitest';
 import request from 'supertest';
 import app from '../../app';
 import { createConfig } from '../../../test/factories/config';
+import appConfig from '../../config/app';
 import * as license from '../../helpers/license.ee';
 
 describe('graphQL getConfig query', () => {
@@ -56,6 +57,10 @@ describe('graphQL getConfig query', () => {
               [configOne.key]: configOne.value.data,
               [configTwo.key]: configTwo.value.data,
               [configThree.key]: configThree.value.data,
+              disableNotificationsPage: false,
+              disableFavicon: false,
+              additionalDrawerLink: undefined,
+              additionalDrawerLinkText: undefined,
             },
           },
         };
@@ -82,6 +87,48 @@ describe('graphQL getConfig query', () => {
             getConfig: {
               [configOne.key]: configOne.value.data,
               [configTwo.key]: configTwo.value.data,
+              disableNotificationsPage: false,
+              disableFavicon: false,
+              additionalDrawerLink: undefined,
+              additionalDrawerLinkText: undefined,
+            },
+          },
+        };
+
+        expect(response.body).toEqual(expectedResponsePayload);
+      });
+    });
+
+    describe('and with different defaults', () => {
+      beforeEach(async () => {
+        vi.spyOn(appConfig, 'disableNotificationsPage', 'get').mockReturnValue(
+          true
+        );
+        vi.spyOn(appConfig, 'disableFavicon', 'get').mockReturnValue(true);
+        vi.spyOn(appConfig, 'additionalDrawerLink', 'get').mockReturnValue(
+          'https://automatisch.io'
+        );
+        vi.spyOn(appConfig, 'additionalDrawerLinkText', 'get').mockReturnValue(
+          'Automatisch'
+        );
+      });
+
+      it('should return custom config', async () => {
+        const response = await request(app)
+          .post('/graphql')
+          .send({ query })
+          .expect(200);
+
+        const expectedResponsePayload = {
+          data: {
+            getConfig: {
+              [configOne.key]: configOne.value.data,
+              [configTwo.key]: configTwo.value.data,
+              [configThree.key]: configThree.value.data,
+              disableNotificationsPage: true,
+              disableFavicon: true,
+              additionalDrawerLink: 'https://automatisch.io',
+              additionalDrawerLinkText: 'Automatisch',
             },
           },
         };

packages/backend/src/helpers/authentication.js

@@ -20,7 +20,8 @@ export const isAuthenticated = async (_parent, _args, req) => {
       .withGraphFetched({
         role: true,
         permissions: true,
-      });
+      })
+      .throwIfNotFound();
 
     return true;
   } catch (error) {
@@ -28,6 +29,14 @@ export const isAuthenticated = async (_parent, _args, req) => {
   }
 };
 
+export const authenticateUser = async (request, response, next) => {
+  if (await isAuthenticated(null, null, request)) {
+    next();
+  } else {
+    return response.status(401).end();
+  }
+};
+
 const isAuthenticatedRule = rule()(isAuthenticated);
 
 export const authenticationRules = {

packages/backend/src/helpers/authentication.test.js

@@ -1,11 +1,8 @@
-import { describe, it, expect, vi } from 'vitest';
+import { describe, it, expect } from 'vitest';
 import { allow } from 'graphql-shield';
-import jwt from 'jsonwebtoken';
-import User from '../models/user.js';
 import { isAuthenticated, authenticationRules } from './authentication.js';
-
-vi.mock('jsonwebtoken');
-vi.mock('../models/user.js');
+import { createUser } from '../../test/factories/user.js';
+import createAuthTokenByUserId from '../helpers/create-auth-token-by-user-id.js';
 
 describe('isAuthenticated', () => {
   it('should return false if no token is provided', async () => {
@@ -14,29 +11,26 @@ describe('isAuthenticated', () => {
   });
 
   it('should return false if token is invalid', async () => {
-    jwt.verify.mockImplementation(() => {
-      throw new Error('invalid token');
-    });
-
     const req = { headers: { authorization: 'invalidToken' } };
     expect(await isAuthenticated(null, null, req)).toBe(false);
   });
 
-  it('should return true if token is valid', async () => {
-    jwt.verify.mockReturnValue({ userId: '123' });
+  it('should return true if token is valid and there is a user', async () => {
+    const user = await createUser();
+    const token = createAuthTokenByUserId(user.id);
 
-    User.query.mockReturnValue({
-      findById: vi.fn().mockReturnValue({
-        leftJoinRelated: vi.fn().mockReturnThis(),
-        withGraphFetched: vi
-          .fn()
-          .mockResolvedValue({ id: '123', role: {}, permissions: {} }),
-      }),
-    });
-
-    const req = { headers: { authorization: 'validToken' } };
+    const req = { headers: { authorization: token } };
     expect(await isAuthenticated(null, null, req)).toBe(true);
   });
+
+  it('should return false if token is valid and but there is no user', async () => {
+    const user = await createUser();
+    const token = createAuthTokenByUserId(user.id);
+    await user.$query().delete();
+
+    const req = { headers: { authorization: token } };
+    expect(await isAuthenticated(null, null, req)).toBe(false);
+  });
 });
 
 describe('authentication rules', () => {

packages/backend/src/helpers/authorization.js

@@ -0,0 +1,22 @@
+const authorizationList = {
+  '/api/v1/users/:userId': {
+    action: 'read',
+    subject: 'User',
+  },
+  '/api/v1/users/': {
+    action: 'read',
+    subject: 'User',
+  },
+};
+
+export const authorizeUser = async (request, response, next) => {
+  const currentRoute = request.baseUrl + request.route.path;
+  const currentRouteRule = authorizationList[currentRoute];
+
+  try {
+    request.currentUser.can(currentRouteRule.action, currentRouteRule.subject);
+    next();
+  } catch (error) {
+    return response.status(403).end();
+  }
+};

packages/backend/src/helpers/check-is-cloud.js

@@ -0,0 +1,11 @@
+import appConfig from '../config/app.js';
+
+export const checkIsCloud = async (request, response, next) => {
+  if (appConfig.isCloud) {
+    next();
+  } else {
+    return response.status(404).end();
+  }
+};
+
+export default checkIsCloud;

packages/backend/src/helpers/compile-email.ee.js

@@ -1,6 +1,9 @@
-import * as path from 'path';
-import * as fs from 'fs';
-import * as handlebars from 'handlebars';
+import path from 'path';
+import fs from 'fs';
+import handlebars from 'handlebars';
+import { fileURLToPath } from 'url';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
 
 const compileEmail = (emailPath, replacements = {}) => {
   const filePath = path.join(__dirname, `../views/emails/${emailPath}.ee.hbs`);

packages/backend/src/helpers/pagination-rest.js

@@ -0,0 +1,25 @@
+const paginateRest = async (query, page) => {
+  const pageSize = 10;
+
+  page = parseInt(page, 10);
+
+  if (isNaN(page) || page < 1) {
+    page = 1;
+  }
+
+  const [records, count] = await Promise.all([
+    query.limit(pageSize).offset((page - 1) * pageSize),
+    query.resultSize(),
+  ]);
+
+  return {
+    pageInfo: {
+      currentPage: page,
+      totalPages: Math.ceil(count / pageSize),
+    },
+    totalCount: count,
+    records,
+  };
+};
+
+export default paginateRest;

packages/backend/src/helpers/renderer.js

@@ -0,0 +1,42 @@
+import serializers from '../serializers/index.js';
+
+const isPaginated = (object) =>
+  object?.pageInfo &&
+  object?.totalCount !== undefined &&
+  Array.isArray(object?.records);
+
+const isArray = (object) =>
+  Array.isArray(object) || Array.isArray(object?.records);
+
+const totalCount = (object) =>
+  isPaginated(object) ? object.totalCount : isArray(object) ? object.length : 1;
+
+const renderObject = (response, object) => {
+  let data = isPaginated(object) ? object.records : object;
+  const type = isPaginated(object)
+    ? object.records[0].constructor.name
+    : object.constructor.name;
+
+  const serializer = serializers[type];
+
+  if (serializer) {
+    data = Array.isArray(data)
+      ? data.map((item) => serializer(item))
+      : serializer(data);
+  }
+
+  const computedPayload = {
+    data,
+    meta: {
+      type,
+      count: totalCount(object),
+      isArray: isArray(object),
+      currentPage: isPaginated(object) ? object.pageInfo.currentPage : null,
+      totalPages: isPaginated(object) ? object.pageInfo.totalPages : null,
+    },
+  };
+
+  return response.json(computedPayload);
+};
+
+export { renderObject };

packages/backend/src/helpers/web-ui-handler.js

@@ -15,7 +15,7 @@ const webUIHandler = async (app) => {
   app.use(express.static(webBuildPath));
 
   app.get('*', (_req, res) => {
-    res.set('Content-Security-Policy', 'frame-ancestors: none;');
+    res.set('Content-Security-Policy', 'frame-ancestors \'none\';');
     res.set('X-Frame-Options', 'DENY');
 
     res.sendFile(indexHtml);

packages/backend/src/routes/api/v1/automatisch.js

@@ -0,0 +1,8 @@
+import { Router } from 'express';
+import versionAction from '../../../controllers/api/v1/automatisch/version.js';
+
+const router = Router();
+
+router.get('/version', versionAction);
+
+export default router;

packages/backend/src/routes/api/v1/users.js

@@ -0,0 +1,22 @@
+import { Router } from 'express';
+import { authenticateUser } from '../../../helpers/authentication.js';
+import { authorizeUser } from '../../../helpers/authorization.js';
+import checkIsCloud from '../../../helpers/check-is-cloud.js';
+import getCurrentUserAction from '../../../controllers/api/v1/users/get-current-user.js';
+import getUserAction from '../../../controllers/api/v1/users/get-user.js';
+import getUsersAction from '../../../controllers/api/v1/users/get-users.js';
+import getUserTrialAction from '../../../controllers/api/v1/users/get-user-trial.ee.js';
+
+const router = Router();
+
+router.get('/', authenticateUser, authorizeUser, getUsersAction);
+router.get('/me', authenticateUser, getCurrentUserAction);
+router.get('/:userId', authenticateUser, authorizeUser, getUserAction);
+router.get(
+  '/:userId/trial',
+  authenticateUser,
+  checkIsCloud,
+  getUserTrialAction
+);
+
+export default router;

packages/backend/src/routes/healthcheck.js

@@ -0,0 +1,8 @@
+import { Router } from 'express';
+import indexAction from '../controllers/healthcheck/index.js';
+
+const router = Router();
+
+router.get('/', indexAction);
+
+export default router;

packages/backend/src/routes/index.js

@@ -2,11 +2,17 @@ import { Router } from 'express';
 import graphQLInstance from '../helpers/graphql-instance.js';
 import webhooksRouter from './webhooks.js';
 import paddleRouter from './paddle.ee.js';
+import healthcheckRouter from './healthcheck.js';
+import automatischRouter from './api/v1/automatisch.js';
+import usersRouter from './api/v1/users.js';
 
 const router = Router();
 
 router.use('/graphql', graphQLInstance);
 router.use('/webhooks', webhooksRouter);
 router.use('/paddle', paddleRouter);
+router.use('/healthcheck', healthcheckRouter);
+router.use('/api/v1/automatisch', automatischRouter);
+router.use('/api/v1/users', usersRouter);
 
 export default router;

packages/backend/src/serializers/index.js

@@ -0,0 +1,11 @@
+import userSerializer from './user.js';
+import roleSerializer from './role.js';
+import permissionSerializer from './permission.js';
+
+const serializers = {
+  User: userSerializer,
+  Role: roleSerializer,
+  Permission: permissionSerializer,
+};
+
+export default serializers;

packages/backend/src/serializers/permission.js

@@ -0,0 +1,13 @@
+const permissionSerializer = (permission) => {
+  return {
+    id: permission.id,
+    roleId: permission.roleId,
+    action: permission.action,
+    subject: permission.subject,
+    conditions: permission.conditions,
+    createdAt: permission.createdAt,
+    updatedAt: permission.updatedAt,
+  };
+};
+
+export default permissionSerializer;

packages/backend/src/serializers/role.js

@@ -0,0 +1,13 @@
+const roleSerializer = (role) => {
+  return {
+    id: role.id,
+    name: role.name,
+    key: role.key,
+    description: role.description,
+    createdAt: role.createdAt,
+    updatedAt: role.updatedAt,
+    isAdmin: role.isAdmin,
+  };
+};
+
+export default roleSerializer;

packages/backend/src/serializers/user.js

@@ -0,0 +1,32 @@
+import roleSerializer from './role.js';
+import permissionSerializer from './permission.js';
+import appConfig from '../config/app.js';
+
+const userSerializer = (user) => {
+  let userData = {
+    id: user.id,
+    email: user.email,
+    createdAt: user.createdAt,
+    updatedAt: user.updatedAt,
+    fullName: user.fullName,
+    roleId: user.roleId,
+  };
+
+  if (user.role) {
+    userData.role = roleSerializer(user.role);
+  }
+
+  if (user.permissions) {
+    userData.permissions = user.permissions.map((permission) =>
+      permissionSerializer(permission)
+    );
+  }
+
+  if (appConfig.isCloud && user.trialExpiryDate) {
+    userData.trialExpiryDate = user.trialExpiryDate;
+  }
+
+  return userData;
+};
+
+export default userSerializer;

packages/backend/test/factories/config.js

@@ -1,4 +1,5 @@
 import { faker } from '@faker-js/faker';
+import Config from '../../src/models/config';
 
 export const createConfig = async (params = {}) => {
   const configData = {
@@ -6,10 +7,7 @@ export const createConfig = async (params = {}) => {
     value: params?.value || { data: 'sampleConfig' },
   };
 
-  const [config] = await global.knex
-    .table('config')
-    .insert(configData)
-    .returning('*');
+  const config = await Config.query().insert(configData).returning('*');
 
   return config;
 };

packages/backend/test/factories/connection.js

@@ -1,5 +1,6 @@
 import appConfig from '../../src/config/app';
 import { AES } from 'crypto-js';
+import Connection from '../../src/models/connection';
 
 export const createConnection = async (params = {}) => {
   params.key = params?.key || 'deepl';
@@ -16,10 +17,7 @@ export const createConnection = async (params = {}) => {
     appConfig.encryptionKey
   ).toString();
 
-  const [connection] = await global.knex
-    .table('connections')
-    .insert(params)
-    .returning('*');
+  const connection = await Connection.query().insert(params).returning('*');
 
   return connection;
 };

packages/backend/test/factories/execution-step.js

@@ -1,3 +1,4 @@
+import ExecutionStep from '../../src/models/execution-step';
 import { createExecution } from './execution';
 import { createStep } from './step';
 
@@ -8,8 +9,7 @@ export const createExecutionStep = async (params = {}) => {
   params.dataIn = params?.dataIn || { dataIn: 'dataIn' };
   params.dataOut = params?.dataOut || { dataOut: 'dataOut' };
 
-  const [executionStep] = await global.knex
-    .table('executionSteps')
+  const executionStep = await ExecutionStep.query()
     .insert(params)
     .returning('*');
 

packages/backend/test/factories/execution.js

@@ -1,3 +1,4 @@
+import Execution from '../../src/models/execution';
 import { createFlow } from './flow';
 
 export const createExecution = async (params = {}) => {
@@ -6,10 +7,7 @@ export const createExecution = async (params = {}) => {
   params.createdAt = params?.createdAt || new Date().toISOString();
   params.updatedAt = params?.updatedAt || new Date().toISOString();
 
-  const [execution] = await global.knex
-    .table('executions')
-    .insert(params)
-    .returning('*');
+  const execution = await Execution.query().insert(params).returning('*');
 
   return execution;
 };

packages/backend/test/factories/flow.js

@@ -1,3 +1,4 @@
+import Flow from '../../src/models/flow';
 import { createUser } from './user';
 
 export const createFlow = async (params = {}) => {
@@ -6,7 +7,7 @@ export const createFlow = async (params = {}) => {
   params.createdAt = params?.createdAt || new Date().toISOString();
   params.updatedAt = params?.updatedAt || new Date().toISOString();
 
-  const [flow] = await global.knex.table('flows').insert(params).returning('*');
+  const flow = await Flow.query().insert(params).returning('*');
 
   return flow;
 };

packages/backend/test/factories/permission.js

@@ -1,3 +1,4 @@
+import Permission from '../../src/models/permission';
 import { createRole } from './role';
 
 export const createPermission = async (params = {}) => {
@@ -6,10 +7,7 @@ export const createPermission = async (params = {}) => {
   params.subject = params?.subject || 'User';
   params.conditions = params?.conditions || ['isCreator'];
 
-  const [permission] = await global.knex
-    .table('permissions')
-    .insert(params)
-    .returning('*');
+  const permission = await Permission.query().insert(params).returning('*');
 
   return permission;
 };

packages/backend/test/factories/role.js

@@ -1,8 +1,10 @@
+import Role from '../../src/models/role';
+
 export const createRole = async (params = {}) => {
   params.name = params?.name || 'Viewer';
   params.key = params?.key || 'viewer';
 
-  const [role] = await global.knex.table('roles').insert(params).returning('*');
+  const role = await Role.query().insert(params).returning('*');
 
   return role;
 };

packages/backend/test/factories/step.js

@@ -1,3 +1,4 @@
+import Step from '../../src/models/step';
 import { createFlow } from './flow';
 
 export const createStep = async (params = {}) => {
@@ -16,7 +17,7 @@ export const createStep = async (params = {}) => {
   params.appKey =
     params?.appKey || (params.type === 'action' ? 'deepl' : 'webhook');
 
-  const [step] = await global.knex.table('steps').insert(params).returning('*');
+  const step = await Step.query().insert(params).returning('*');
 
   return step;
 };

packages/backend/test/factories/user.js

@@ -1,5 +1,6 @@
 import { createRole } from './role';
 import { faker } from '@faker-js/faker';
+import User from '../../src/models/user';
 
 export const createUser = async (params = {}) => {
   params.roleId = params?.roleId || (await createRole()).id;
@@ -7,7 +8,7 @@ export const createUser = async (params = {}) => {
   params.email = params?.email || faker.internet.email();
   params.password = params?.password || faker.internet.password();
 
-  const [user] = await global.knex.table('users').insert(params).returning('*');
+  const user = await User.query().insert(params).returning('*');
 
   return user;
 };

packages/backend/test/mocks/rest/api/v1/users/get-current-user.js

@@ -0,0 +1,32 @@
+const getCurrentUserMock = (currentUser, role) => {
+  return {
+    data: {
+      createdAt: currentUser.createdAt.toISOString(),
+      email: currentUser.email,
+      fullName: currentUser.fullName,
+      id: currentUser.id,
+      permissions: [],
+      role: {
+        createdAt: role.createdAt.toISOString(),
+        description: null,
+        id: role.id,
+        isAdmin: role.isAdmin,
+        key: role.key,
+        name: role.name,
+        updatedAt: role.updatedAt.toISOString(),
+      },
+      roleId: role.id,
+      trialExpiryDate: currentUser.trialExpiryDate.toISOString(),
+      updatedAt: currentUser.updatedAt.toISOString(),
+    },
+    meta: {
+      count: 1,
+      currentPage: null,
+      isArray: false,
+      totalPages: null,
+      type: 'User',
+    },
+  };
+};
+
+export default getCurrentUserMock;

packages/backend/test/mocks/rest/api/v1/users/get-user-trial.js

@@ -0,0 +1,17 @@
+const getUserTrialMock = async (currentUser) => {
+  return {
+    data: {
+      inTrial: await currentUser.inTrial(),
+      expireAt: currentUser.trialExpiryDate.toISOString(),
+    },
+    meta: {
+      count: 1,
+      currentPage: null,
+      isArray: false,
+      totalPages: null,
+      type: 'Object',
+    },
+  };
+};
+
+export default getUserTrialMock;

packages/backend/test/mocks/rest/api/v1/users/get-user.js

@@ -0,0 +1,31 @@
+const getUserMock = (currentUser, role) => {
+  return {
+    data: {
+      createdAt: currentUser.createdAt.toISOString(),
+      email: currentUser.email,
+      fullName: currentUser.fullName,
+      id: currentUser.id,
+      role: {
+        createdAt: role.createdAt.toISOString(),
+        description: null,
+        id: role.id,
+        isAdmin: role.isAdmin,
+        key: role.key,
+        name: role.name,
+        updatedAt: role.updatedAt.toISOString(),
+      },
+      roleId: role.id,
+      trialExpiryDate: currentUser.trialExpiryDate.toISOString(),
+      updatedAt: currentUser.updatedAt.toISOString(),
+    },
+    meta: {
+      count: 1,
+      currentPage: null,
+      isArray: false,
+      totalPages: null,
+      type: 'User',
+    },
+  };
+};
+
+export default getUserMock;

packages/backend/test/mocks/rest/api/v1/users/get-users.js

@@ -0,0 +1,38 @@
+const getUsersMock = async (users, roles) => {
+  const data = users.map((user) => {
+    const role = roles.find((r) => r.id === user.roleId);
+    return {
+      createdAt: user.createdAt.toISOString(),
+      email: user.email,
+      fullName: user.fullName,
+      id: user.id,
+      role: role
+        ? {
+            createdAt: role.createdAt.toISOString(),
+            description: role.description,
+            id: role.id,
+            isAdmin: role.isAdmin,
+            key: role.key,
+            name: role.name,
+            updatedAt: role.updatedAt.toISOString(),
+          }
+        : null, // Fallback to null if role not found
+      roleId: user.roleId,
+      trialExpiryDate: user.trialExpiryDate.toISOString(),
+      updatedAt: user.updatedAt.toISOString(),
+    };
+  });
+
+  return {
+    data: data,
+    meta: {
+      count: data.length,
+      currentPage: 1,
+      isArray: true,
+      totalPages: 1,
+      type: 'User',
+    },
+  };
+};
+
+export default getUsersMock;

packages/docs/pages/advanced/configuration.md

@@ -14,31 +14,33 @@ The default values for some environment variables might be different in our deve
 Please be careful with the `ENCRYPTION_KEY` and `WEBHOOK_SECRET_KEY` environment variables. They are used to encrypt your credentials from third-party services and verify webhook requests. If you change them, your existing connections and flows will not continue to work.
 :::
 
-| Variable Name               | Type    | Default Value      | Description                                                                                          |
-| --------------------------- | ------- | ------------------ | ---------------------------------------------------------------------------------------------------- |
-| `HOST`                      | string  | `localhost`        | HTTP Host                                                                                            |
-| `PROTOCOL`                  | string  | `http`             | HTTP Protocol                                                                                        |
-| `PORT`                      | string  | `3000`             | HTTP Port                                                                                            |
-| `APP_ENV`                   | string  | `production`       | Automatisch Environment                                                                              |
-| `WEB_APP_URL`               | string  |                    | Can be used to override connection URLs and CORS URL                                                 |
-| `WEBHOOK_URL`               | string  |                    | Can be used to override webhook URL                                                                  |
-| `LOG_LEVEL`                 | string  | `info`             | Can be used to configure log level such as `error`, `warn`, `info`, `http`, `debug`                  |
-| `POSTGRES_DATABASE`         | string  | `automatisch`      | Database Name                                                                                        |
-| `POSTGRES_SCHEMA`           | string  | `public`           | Database Schema                                                                                      |
-| `POSTGRES_PORT`             | number  | `5432`             | Database Port                                                                                        |
-| `POSTGRES_ENABLE_SSL`       | boolean | `false`            | Enable/Disable SSL for the database                                                                  |
-| `POSTGRES_HOST`             | string  | `postgres`         | Database Host                                                                                        |
-| `POSTGRES_USERNAME`         | string  | `automatisch_user` | Database User                                                                                        |
-| `POSTGRES_PASSWORD`         | string  |                    | Password of Database User                                                                            |
-| `ENCRYPTION_KEY`            | string  |                    | Encryption Key to store credentials                                                                  |
-| `WEBHOOK_SECRET_KEY`        | string  |                    | Webhook Secret Key to verify webhook requests                                                        |
-| `APP_SECRET_KEY`            | string  |                    | Secret Key to authenticate the user                                                                  |
-| `REDIS_HOST`                | string  | `redis`            | Redis Host                                                                                           |
-| `REDIS_PORT`                | number  | `6379`             | Redis Port                                                                                           |
-| `REDIS_USERNAME`            | string  |                    | Redis Username                                                                                       |
-| `REDIS_PASSWORD`            | string  |                    | Redis Password                                                                                       |
-| `REDIS_TLS`                 | boolean | `false`            | Redis TLS                                                                                            |
-| `TELEMETRY_ENABLED`         | boolean | `true`             | Enable/Disable Telemetry                                                                             |
-| `ENABLE_BULLMQ_DASHBOARD`   | boolean | `false`            | Enable BullMQ Dashboard                                                                              |
-| `BULLMQ_DASHBOARD_USERNAME` | string  |                    | Username to login BullMQ Dashboard                                                                   |
-| `BULLMQ_DASHBOARD_PASSWORD` | string  |                    | Password to login BullMQ Dashboard                                                                   |
+| Variable Name                | Type    | Default Value      | Description                                                                         |
+| ---------------------------- | ------- | ------------------ | ----------------------------------------------------------------------------------- |
+| `HOST`                       | string  | `localhost`        | HTTP Host                                                                           |
+| `PROTOCOL`                   | string  | `http`             | HTTP Protocol                                                                       |
+| `PORT`                       | string  | `3000`             | HTTP Port                                                                           |
+| `APP_ENV`                    | string  | `production`       | Automatisch Environment                                                             |
+| `WEB_APP_URL`                | string  |                    | Can be used to override connection URLs and CORS URL                                |
+| `WEBHOOK_URL`                | string  |                    | Can be used to override webhook URL                                                 |
+| `LOG_LEVEL`                  | string  | `info`             | Can be used to configure log level such as `error`, `warn`, `info`, `http`, `debug` |
+| `POSTGRES_DATABASE`          | string  | `automatisch`      | Database Name                                                                       |
+| `POSTGRES_SCHEMA`            | string  | `public`           | Database Schema                                                                     |
+| `POSTGRES_PORT`              | number  | `5432`             | Database Port                                                                       |
+| `POSTGRES_ENABLE_SSL`        | boolean | `false`            | Enable/Disable SSL for the database                                                 |
+| `POSTGRES_HOST`              | string  | `postgres`         | Database Host                                                                       |
+| `POSTGRES_USERNAME`          | string  | `automatisch_user` | Database User                                                                       |
+| `POSTGRES_PASSWORD`          | string  |                    | Password of Database User                                                           |
+| `ENCRYPTION_KEY`             | string  |                    | Encryption Key to store credentials                                                 |
+| `WEBHOOK_SECRET_KEY`         | string  |                    | Webhook Secret Key to verify webhook requests                                       |
+| `APP_SECRET_KEY`             | string  |                    | Secret Key to authenticate the user                                                 |
+| `REDIS_HOST`                 | string  | `redis`            | Redis Host                                                                          |
+| `REDIS_PORT`                 | number  | `6379`             | Redis Port                                                                          |
+| `REDIS_USERNAME`             | string  |                    | Redis Username                                                                      |
+| `REDIS_PASSWORD`             | string  |                    | Redis Password                                                                      |
+| `REDIS_TLS`                  | boolean | `false`            | Redis TLS                                                                           |
+| `TELEMETRY_ENABLED`          | boolean | `true`             | Enable/Disable Telemetry                                                            |
+| `ENABLE_BULLMQ_DASHBOARD`    | boolean | `false`            | Enable BullMQ Dashboard                                                             |
+| `BULLMQ_DASHBOARD_USERNAME`  | string  |                    | Username to login BullMQ Dashboard                                                  |
+| `BULLMQ_DASHBOARD_PASSWORD`  | string  |                    | Password to login BullMQ Dashboard                                                  |
+| `DISABLE_NOTIFICATIONS_PAGE` | boolean | `false`            | Enable/Disable notifications page                                                   |
+| `DISABLE_FAVICON`            | boolean | `false`            | Enable/Disable favicon                                                              |

packages/web/public/index.html

@@ -2,7 +2,6 @@
 <html lang="en">
   <head>
     <meta charset="utf-8" />
-    <link rel="icon" href="%PUBLIC_URL%/favicon.ico" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
     <meta name="theme-color" content="#0059F7" />
     <meta

packages/web/public/manifest.json

@@ -2,13 +2,6 @@
   "short_name": "automatisch",
   "name": "automatisch",
   "description": "Build workflow automation without spending time and money. No code is required.",
-  "icons": [
-    {
-      "src": "favicon.ico",
-      "sizes": "64x64 32x32 24x24 16x16",
-      "type": "image/x-icon"
-    }
-  ],
   "start_url": ".",
   "display": "standalone",
   "theme_color": "#000000",

packages/web/src/components/AdminSettingsLayout/index.tsx

@@ -15,6 +15,7 @@ import { SvgIconComponent } from '@mui/icons-material';
 import AppBar from 'components/AppBar';
 import Drawer from 'components/Drawer';
 import * as URLS from 'config/urls';
+import useFormatMessage from 'hooks/useFormatMessage';
 import useCurrentUserAbility from 'hooks/useCurrentUserAbility';
 
 type SettingsLayoutProps = {
@@ -86,19 +87,11 @@ function createDrawerLinks({
   return items;
 }
 
-const drawerBottomLinks = [
-  {
-    Icon: ArrowBackIosNewIcon,
-    primary: 'adminSettingsDrawer.goBack',
-    to: '/',
-    dataTest: 'go-back-drawer-link',
-  },
-];
-
 export default function SettingsLayout({
   children,
 }: SettingsLayoutProps): React.ReactElement {
   const theme = useTheme();
+  const formatMessage = useFormatMessage();
   const currentUserAbility = useCurrentUserAbility();
   const matchSmallScreens = useMediaQuery(theme.breakpoints.down('lg'));
   const [isDrawerOpen, setDrawerOpen] = React.useState(!matchSmallScreens);
@@ -116,6 +109,15 @@ export default function SettingsLayout({
     canUpdateApp: currentUserAbility.can('update', 'App'),
   });
 
+  const drawerBottomLinks = [
+    {
+      Icon: ArrowBackIosNewIcon,
+      primary: formatMessage('adminSettingsDrawer.goBack'),
+      to: '/',
+      dataTest: 'go-back-drawer-link',
+    },
+  ];
+
   return (
     <>
       <AppBar

packages/web/src/components/Drawer/index.tsx

@@ -19,6 +19,7 @@ type DrawerLink = {
   Icon: React.ElementType;
   primary: string;
   to: string;
+  target?: '_blank';
   badgeContent?: React.ReactNode;
   dataTest?: string;
 };
@@ -69,7 +70,7 @@ export default function Drawer(props: DrawerProps): React.ReactElement {
 
       <List sx={{ py: 0, mt: 3 }}>
         {bottomLinks.map(
-          ({ Icon, badgeContent, primary, to, dataTest }, index) => (
+          ({ Icon, badgeContent, primary, to, dataTest, target }, index) => (
             <ListItemLink
               key={`${to}-${index}`}
               icon={
@@ -77,9 +78,10 @@ export default function Drawer(props: DrawerProps): React.ReactElement {
                   <Icon htmlColor={theme.palette.primary.main} />
                 </Badge>
               }
-              primary={formatMessage(primary)}
+              primary={primary}
               to={to}
               onClick={closeOnClick}
+              target={target}
               data-test={dataTest}
             />
           )

packages/web/src/components/Layout/index.tsx

@@ -7,12 +7,14 @@ import AppsIcon from '@mui/icons-material/Apps';
 import SwapCallsIcon from '@mui/icons-material/SwapCalls';
 import HistoryIcon from '@mui/icons-material/History';
 import NotificationsIcon from '@mui/icons-material/Notifications';
+import ArrowBackIosNew from '@mui/icons-material/ArrowBackIosNew';
 
 import * as URLS from 'config/urls';
+import useFormatMessage from 'hooks/useFormatMessage';
 import useVersion from 'hooks/useVersion';
 import AppBar from 'components/AppBar';
 import Drawer from 'components/Drawer';
-import useAutomatischInfo from 'hooks/useAutomatischInfo';
+import useConfig from 'hooks/useConfig';
 
 type PublicLayoutProps = {
   children: React.ReactNode;
@@ -40,47 +42,94 @@ const drawerLinks = [
 ];
 
 type GenerateDrawerBottomLinksOptions = {
-  isMation: boolean;
-  loading: boolean;
+  disableNotificationsPage: boolean;
   notificationBadgeContent: number;
+  additionalDrawerLink?: string;
+  additionalDrawerLinkText?: string;
+  additionalDrawerLinkIcon?: string;
+  formatMessage: ReturnType<typeof useFormatMessage>;
 };
 
-const generateDrawerBottomLinks = ({
-  isMation,
-  loading,
+const generateDrawerBottomLinks = async ({
+  disableNotificationsPage,
   notificationBadgeContent = 0,
+  additionalDrawerLink,
+  additionalDrawerLinkText,
+  formatMessage,
 }: GenerateDrawerBottomLinksOptions) => {
-  if (loading || isMation) {
-    return [];
+  const notificationsPageLinkObject = {
+    Icon: NotificationsIcon,
+    primary: formatMessage('settingsDrawer.notifications'),
+    to: URLS.UPDATES,
+    badgeContent: notificationBadgeContent,
+  };
+
+  const hasAdditionalDrawerLink =
+    additionalDrawerLink && additionalDrawerLinkText;
+
+  const additionalDrawerLinkObject = {
+    Icon: ArrowBackIosNew,
+    primary: additionalDrawerLinkText || '',
+    to: additionalDrawerLink || '',
+    target: '_blank' as const,
+  };
+
+  const links = [];
+
+  if (!disableNotificationsPage) {
+    links.push(notificationsPageLinkObject);
   }
 
-  return [
-    {
-      Icon: NotificationsIcon,
-      primary: 'settingsDrawer.notifications',
-      to: URLS.UPDATES,
-      badgeContent: notificationBadgeContent,
-    },
-  ];
+  if (hasAdditionalDrawerLink) {
+    links.push(additionalDrawerLinkObject);
+  }
+
+  return links;
+};
+
+type Link = {
+  Icon: React.ElementType;
+  primary: string;
+  target?: '_blank';
+  to: string;
+  badgeContent?: React.ReactNode;
 };
 
 export default function PublicLayout({
   children,
 }: PublicLayoutProps): React.ReactElement {
   const version = useVersion();
-  const { isMation, loading } = useAutomatischInfo();
+  const { config, loading } = useConfig([
+    'disableNotificationsPage',
+    'additionalDrawerLink',
+    'additionalDrawerLinkText',
+  ]);
   const theme = useTheme();
+  const formatMessage = useFormatMessage();
+  const [bottomLinks, setBottomLinks] = React.useState<Link[]>([]);
   const matchSmallScreens = useMediaQuery(theme.breakpoints.down('lg'));
   const [isDrawerOpen, setDrawerOpen] = React.useState(!matchSmallScreens);
 
   const openDrawer = () => setDrawerOpen(true);
   const closeDrawer = () => setDrawerOpen(false);
 
-  const drawerBottomLinks = generateDrawerBottomLinks({
-    notificationBadgeContent: version.newVersionCount,
-    loading,
-    isMation,
-  });
+  React.useEffect(() => {
+    async function perform() {
+      const newBottomLinks = await generateDrawerBottomLinks({
+        notificationBadgeContent: version.newVersionCount,
+        disableNotificationsPage: config?.disableNotificationsPage as boolean,
+        additionalDrawerLink: config?.additionalDrawerLink as string,
+        additionalDrawerLinkText: config?.additionalDrawerLinkText as string,
+        formatMessage,
+      });
+
+      setBottomLinks(newBottomLinks);
+    }
+
+    if (loading) return;
+
+    perform();
+  }, [config, loading, version.newVersionCount]);
 
   return (
     <>
@@ -93,7 +142,7 @@ export default function PublicLayout({
       <Box sx={{ display: 'flex' }}>
         <Drawer
           links={drawerLinks}
-          bottomLinks={drawerBottomLinks}
+          bottomLinks={bottomLinks}
           open={isDrawerOpen}
           onOpen={openDrawer}
           onClose={closeDrawer}

packages/web/src/components/ListItemLink/index.tsx

@@ -9,6 +9,7 @@ type ListItemLinkProps = {
   icon: React.ReactNode;
   primary: string;
   to: string;
+  target?: '_blank';
   onClick?: (event: React.SyntheticEvent) => void;
   'data-test'?: string;
 };
@@ -16,14 +17,29 @@ type ListItemLinkProps = {
 export default function ListItemLink(
   props: ListItemLinkProps
 ): React.ReactElement {
-  const { icon, primary, to, onClick, 'data-test': dataTest } = props;
+  const { icon, primary, to, onClick, 'data-test': dataTest, target } = props;
   const selected = useMatch({ path: to, end: true });
 
   const CustomLink = React.useMemo(
     () =>
       React.forwardRef<HTMLAnchorElement, Omit<LinkProps, 'to'>>(
         function InLineLink(linkProps, ref) {
-          return <Link ref={ref} to={to} {...linkProps} />;
+          try {
+            // challenge the link to check if it's absolute URL
+            new URL(to); // should throw an error if it's not an absolute URL
+
+            return (
+              <a
+                {...linkProps}
+                ref={ref}
+                href={to}
+                target={target}
+                rel="noopener noreferrer"
+              />
+            );
+          } catch {
+            return <Link ref={ref} {...linkProps} to={to} />;
+          }
         }
       ),
     [to]
@@ -37,6 +53,7 @@ export default function ListItemLink(
         selected={!!selected}
         onClick={onClick}
         data-test={dataTest}
+        target={target}
       >
         <ListItemIcon sx={{ minWidth: 52 }}>{icon}</ListItemIcon>
         <ListItemText

packages/web/src/components/MetadataProvider/index.tsx

@@ -15,6 +15,27 @@ const MetadataProvider = ({
     document.title = (config?.title as string) || 'Automatisch';
   }, [config?.title]);
 
+  React.useEffect(() => {
+    const existingFaviconElement = document.querySelector(
+      "link[rel~='icon']"
+    ) as HTMLLinkElement | null;
+
+    if (config?.disableFavicon === true) {
+      existingFaviconElement?.remove();
+    }
+
+    if (config?.disableFavicon === false) {
+      if (existingFaviconElement) {
+        existingFaviconElement.href = '/browser-tab.ico';
+      } else {
+        const newFaviconElement = document.createElement('link');
+        newFaviconElement.rel = 'icon';
+        document.head.appendChild(newFaviconElement);
+        newFaviconElement.href = '/browser-tab.ico';
+      }
+    }
+  }, [config?.disableFavicon]);
+
   return <>{children}</>;
 };
 

packages/web/src/components/SettingsLayout/index.tsx

@@ -9,6 +9,7 @@ import PaymentIcon from '@mui/icons-material/Payment';
 
 import * as URLS from 'config/urls';
 import useAutomatischInfo from 'hooks/useAutomatischInfo';
+import useFormatMessage from 'hooks/useFormatMessage';
 import AppBar from 'components/AppBar';
 import Drawer from 'components/Drawer';
 
@@ -22,8 +23,8 @@ function createDrawerLinks({ isCloud }: { isCloud: boolean }) {
       Icon: AccountCircleIcon,
       primary: 'settingsDrawer.myProfile',
       to: URLS.SETTINGS_PROFILE,
-    }
-  ]
+    },
+  ];
 
   if (isCloud) {
     items.push({
@@ -36,19 +37,12 @@ function createDrawerLinks({ isCloud }: { isCloud: boolean }) {
   return items;
 }
 
-const drawerBottomLinks = [
-  {
-    Icon: ArrowBackIosNewIcon,
-    primary: 'settingsDrawer.goBack',
-    to: '/',
-  },
-];
-
 export default function SettingsLayout({
   children,
 }: SettingsLayoutProps): React.ReactElement {
   const { isCloud } = useAutomatischInfo();
   const theme = useTheme();
+  const formatMessage = useFormatMessage();
   const matchSmallScreens = useMediaQuery(theme.breakpoints.down('lg'));
   const [isDrawerOpen, setDrawerOpen] = React.useState(!matchSmallScreens);
 
@@ -56,6 +50,14 @@ export default function SettingsLayout({
   const closeDrawer = () => setDrawerOpen(false);
   const drawerLinks = createDrawerLinks({ isCloud });
 
+  const drawerBottomLinks = [
+    {
+      Icon: ArrowBackIosNewIcon,
+      primary: formatMessage('settingsDrawer.goBack'),
+      to: '/',
+    },
+  ];
+
   return (
     <>
       <AppBar

yarn.lock

@@ -3952,11 +3952,6 @@
   resolved "https://registry.npmjs.org/@types/node/-/node-17.0.10.tgz"
   integrity sha512-S/3xB4KzyFxYGCppyDt68yzBU9ysL88lSdIah4D6cptdcltc4NCPCAMc0+PCpg/lLIyC7IPvj2Z52OJWeIUkog==
 
-"@types/node@>=8.1.0":
-  version "18.14.5"
-  resolved "https://registry.npmjs.org/@types/node/-/node-18.14.5.tgz"
-  integrity sha512-CRT4tMK/DHYhw1fcCEBwME9CSaZNclxfzVMe7GsO6ULSwsttbj70wSiX6rZdIjGblu93sTJxLdhNIT85KKI7Qw==
-
 "@types/node@^12.0.0":
   version "12.20.42"
   resolved "https://registry.npmjs.org/@types/node/-/node-12.20.42.tgz"
@@ -6372,19 +6367,6 @@ cookiejar@^2.1.4:
   resolved "https://registry.yarnpkg.com/cookiejar/-/cookiejar-2.1.4.tgz#ee669c1fea2cf42dc31585469d193fef0d65771b"
   integrity sha512-LDx6oHrK+PhzLKJU9j5S7/Y3jM/mUHvD/DeI1WQmJn652iPC5Y4TBzC9l+5OMOXlyTTA+SmVUPm0HQUwpD5Jqw==
 
-copyfiles@^2.4.1:
-  version "2.4.1"
-  resolved "https://registry.npmjs.org/copyfiles/-/copyfiles-2.4.1.tgz"
-  integrity sha512-fereAvAvxDrQDOXybk3Qu3dPbOoKoysFMWtkY3mv5BsL8//OSZVL5DCLYqgRfY5cWirgRzlC+WSrxp6Bo3eNZg==
-  dependencies:
-    glob "^7.0.5"
-    minimatch "^3.0.3"
-    mkdirp "^1.0.4"
-    noms "0.0.0"
-    through2 "^2.0.1"
-    untildify "^4.0.0"
-    yargs "^16.1.0"
-
 core-js-compat@^3.20.0, core-js-compat@^3.20.2:
   version "3.20.3"
   resolved "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.20.3.tgz"
@@ -8655,7 +8637,7 @@ glob-to-regexp@^0.4.1:
   resolved "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz"
   integrity sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw==
 
-glob@^7.0.5, glob@^7.1.1, glob@^7.1.2, glob@^7.1.3, glob@^7.1.4, glob@^7.1.6:
+glob@^7.1.1, glob@^7.1.2, glob@^7.1.3, glob@^7.1.4, glob@^7.1.6:
   version "7.2.0"
   resolved "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz"
   integrity sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==
@@ -8791,11 +8773,6 @@ graphql-tools@^8.2.0:
   optionalDependencies:
     "@apollo/client" "~3.2.5 || ~3.3.0 || ~3.4.0"
 
-graphql-type-json@^0.3.2:
-  version "0.3.2"
-  resolved "https://registry.npmjs.org/graphql-type-json/-/graphql-type-json-0.3.2.tgz"
-  integrity sha512-J+vjof74oMlCWXSvt0DOf2APEdZOCdubEvGDUAlqH//VBYcOYsGgRW7Xzorr44LvkjiuvecWc8fChxuZZbChtg==
-
 graphql@^15.6.0:
   version "15.8.0"
   resolved "https://registry.npmjs.org/graphql/-/graphql-15.8.0.tgz"
@@ -9249,7 +9226,7 @@ inflight@^1.0.4:
     once "^1.3.0"
     wrappy "1"
 
-inherits@2, inherits@2.0.4, inherits@^2.0.1, inherits@^2.0.3, inherits@^2.0.4, inherits@~2.0.1, inherits@~2.0.3:
+inherits@2, inherits@2.0.4, inherits@^2.0.1, inherits@^2.0.3, inherits@^2.0.4, inherits@~2.0.3:
   version "2.0.4"
   resolved "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz"
   integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==
@@ -9671,11 +9648,6 @@ is-yarn-global@^0.3.0:
   resolved "https://registry.npmjs.org/is-yarn-global/-/is-yarn-global-0.3.0.tgz"
   integrity sha512-VjSeb/lHmkoyd8ryPVIKvOCn4D1koMqY+vqyjjUfc3xyKtP4dYOxM44sZrnqQSzSds3xyOrUTLTC9LVCVgLngw==
 
-isarray@0.0.1:
-  version "0.0.1"
-  resolved "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz"
-  integrity sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8=
-
 isarray@~1.0.0:
   version "1.0.0"
   resolved "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz"
@@ -11060,13 +11032,6 @@ minimatch@3.0.4, minimatch@^3.0.4:
   dependencies:
     brace-expansion "^1.1.7"
 
-minimatch@^3.0.3:
-  version "3.1.2"
-  resolved "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz"
-  integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==
-  dependencies:
-    brace-expansion "^1.1.7"
-
 minimatch@^5.0.1:
   version "5.1.0"
   resolved "https://registry.npmjs.org/minimatch/-/minimatch-5.1.0.tgz"
@@ -11493,10 +11458,10 @@ node-releases@^2.0.1:
   resolved "https://registry.npmjs.org/node-releases/-/node-releases-2.0.1.tgz"
   integrity sha512-CqyzN6z7Q6aMeF/ktcMVTzhAHCEpf8SOarwpzpf8pNBY2k5/oM34UHldUwp8VKI7uxct2HxSRdJjBaZeESzcxA==
 
-nodemailer@6.7.0:
-  version "6.7.0"
-  resolved "https://registry.npmjs.org/nodemailer/-/nodemailer-6.7.0.tgz"
-  integrity sha512-AtiTVUFHLiiDnMQ43zi0YgkzHOEWUkhDgPlBXrsDzJiJvB29Alo4OKxHQ0ugF3gRqRQIneCLtZU3yiUo7pItZw==
+nodemailer@6.9.9:
+  version "6.9.9"
+  resolved "https://registry.yarnpkg.com/nodemailer/-/nodemailer-6.9.9.tgz#4549bfbf710cc6addec5064dd0f19874d24248d9"
+  integrity sha512-dexTll8zqQoVJEZPwQAKzxxtFn0qTnjdQTchoU6Re9BUUGBJiOy3YMn/0ShTW6J5M0dfQ1NeDeRTTl4oIWgQMA==
 
 nodemon@^2.0.13:
   version "2.0.15"
@@ -11514,14 +11479,6 @@ nodemon@^2.0.13:
     undefsafe "^2.0.5"
     update-notifier "^5.1.0"
 
-noms@0.0.0:
-  version "0.0.0"
-  resolved "https://registry.npmjs.org/noms/-/noms-0.0.0.tgz"
-  integrity sha1-2o69nzr51nYJGbJ9nNyAkqczKFk=
-  dependencies:
-    inherits "^2.0.1"
-    readable-stream "~1.0.31"
-
 nopt@^4.0.1:
   version "4.0.3"
   resolved "https://registry.npmjs.org/nopt/-/nopt-4.0.3.tgz"
@@ -13635,16 +13592,6 @@ readable-stream@^2.0.1, readable-stream@^2.0.6, readable-stream@^2.2.2, readable
     string_decoder "~1.1.1"
     util-deprecate "~1.0.1"
 
-readable-stream@~1.0.31:
-  version "1.0.34"
-  resolved "https://registry.npmjs.org/readable-stream/-/readable-stream-1.0.34.tgz"
-  integrity sha1-Elgg40vIQtLyqq+v5MKRbuMsFXw=
-  dependencies:
-    core-util-is "~1.0.0"
-    inherits "~2.0.1"
-    isarray "0.0.1"
-    string_decoder "~0.10.x"
-
 readdir-scoped-modules@^1.0.0:
   version "1.1.0"
   resolved "https://registry.npmjs.org/readdir-scoped-modules/-/readdir-scoped-modules-1.1.0.tgz"
@@ -14771,11 +14718,6 @@ string_decoder@^1.1.1:
   dependencies:
     safe-buffer "~5.2.0"
 
-string_decoder@~0.10.x:
-  version "0.10.31"
-  resolved "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz"
-  integrity sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ=
-
 string_decoder@~1.1.1:
   version "1.1.1"
   resolved "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz"
@@ -14862,14 +14804,6 @@ strip-literal@^1.3.0:
   dependencies:
     acorn "^8.10.0"
 
-stripe@^11.13.0:
-  version "11.13.0"
-  resolved "https://registry.npmjs.org/stripe/-/stripe-11.13.0.tgz"
-  integrity sha512-Jx0nDbdvRsTtDSX5OFQ+4rLmYIftoiOE9HAXWIgyhAz1QjRFI3UIiJ/kCyhkdJBoHu019O5Ya6EmQ5Zf635XDw==
-  dependencies:
-    "@types/node" ">=8.1.0"
-    qs "^6.11.0"
-
 strnum@^1.0.5:
   version "1.0.5"
   resolved "https://registry.npmjs.org/strnum/-/strnum-1.0.5.tgz"
@@ -15167,7 +15101,7 @@ throat@^6.0.1:
   resolved "https://registry.npmjs.org/throat/-/throat-6.0.1.tgz"
   integrity sha512-8hmiGIJMDlwjg7dlJ4yKGLK8EsYqKgPWbG3b4wjJddKNwc7N7Dpn08Df4szr/sZdMVeOstrdYSsqzX6BYbcB+w==
 
-through2@^2.0.0, through2@^2.0.1:
+through2@^2.0.0:
   version "2.0.5"
   resolved "https://registry.npmjs.org/through2/-/through2-2.0.5.tgz"
   integrity sha512-/mrRod8xqpA+IHSLyGCQ2s8SPHiCDEeQJSep1jqLYeEUClOFG2Qsh+4FU6G9VeqpZnGW/Su8LQGc4YKni5rYSQ==
@@ -15572,11 +15506,6 @@ unquote@~1.1.1:
   resolved "https://registry.npmjs.org/unquote/-/unquote-1.1.1.tgz"
   integrity sha1-j97XMk7G6IoP+LkF58CYzcCG1UQ=
 
-untildify@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.npmjs.org/untildify/-/untildify-4.0.0.tgz"
-  integrity sha512-KK8xQ1mkzZeg9inewmFVDNkg3l5LUhoq9kN6iWYB/CC9YMG8HA+c1Q8HwDe6dEX7kErrEVNVBO3fWsVq5iDgtw==
-
 upath@^1.2.0:
   version "1.2.0"
   resolved "https://registry.npmjs.org/upath/-/upath-1.2.0.tgz"
@@ -15728,9 +15657,9 @@ vite-node@1.1.3:
     vite "^5.0.0"
 
 vite@^3.1.6:
-  version "3.2.7"
-  resolved "https://registry.npmjs.org/vite/-/vite-3.2.7.tgz"
-  integrity sha512-29pdXjk49xAP0QBr0xXqu2s5jiQIXNvE/xwd0vUizYT2Hzqe4BksNNoWllFVXJf4eLZ+UlVQmXfB4lWrc+t18g==
+  version "3.2.8"
+  resolved "https://registry.yarnpkg.com/vite/-/vite-3.2.8.tgz#0697e13addf99ed44b838b8462a3a922fdd9d37b"
+  integrity sha512-EtQU16PLIJpAZol2cTLttNP1mX6L0SyI0pgQB1VOoWeQnMSvtiwovV3D6NcjN8CZQWWyESD2v5NGnpz5RvgOZA==
   dependencies:
     esbuild "^0.15.9"
     postcss "^8.4.18"
@@ -15740,9 +15669,9 @@ vite@^3.1.6:
     fsevents "~2.3.2"
 
 vite@^5.0.0:
-  version "5.0.11"
-  resolved "https://registry.yarnpkg.com/vite/-/vite-5.0.11.tgz#31562e41e004cb68e1d51f5d2c641ab313b289e4"
-  integrity sha512-XBMnDjZcNAw/G1gEiskiM1v6yzM4GE5aMGvhWTlHAYYhxb7S3/V1s3m2LDHa8Vh6yIWYYB0iJwsEaS523c4oYA==
+  version "5.0.12"
+  resolved "https://registry.yarnpkg.com/vite/-/vite-5.0.12.tgz#8a2ffd4da36c132aec4adafe05d7adde38333c47"
+  integrity sha512-4hsnEkG3q0N4Tzf1+t6NdN9dg/L3BM+q8SWgbSPnJvrgH2kgdyzfVJwbR1ic69/4uMJJ/3dqDZZE5/WwqW8U1w==
   dependencies:
     esbuild "^0.19.3"
     postcss "^8.4.32"
@@ -16496,7 +16425,7 @@ yargs-parser@^20.2.2, yargs-parser@^20.2.3:
   resolved "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.9.tgz"
   integrity sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w==
 
-yargs@^16.1.0, yargs@^16.2.0:
+yargs@^16.2.0:
   version "16.2.0"
   resolved "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz"
   integrity sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==