277 Commits

Author SHA1 Message Date
Matthew Kent 661ee9c2ae Add our standard section on setting maintenance mode. 2026-05-13 13:34:27 -07:00
Mike Dalessio e16b52bbba dep: bump ruby to 3.4.8 (from 3.4.7) (#2823) 2026-04-09 13:55:33 -04:00
Mike Dalessio 45d165749f Fix CORS issues when using minio in development (#2814)
Move MinIO from minio.localhost to minio.fizzy.localhost, which makes
it same-site with the app, so the CORS redirect succeeds.

The service worker fetches Active Storage URLs with `mode: "cors"` so
it can inspect response sizes for offline caching. Active Storage's
redirect controller returns a 302 to the MinIO presigned URL. When
that redirect crosses site boundaries (from fizzy.localhost to
minio.localhost), the browser sets the Origin header to "null" on the
redirected request per the Fetch spec, which fails the CORS check and
produces net::ERR_FAILED.
2026-04-08 16:06:38 -04:00
Donal McBreen 98d06947cb Implement Queenbee account callbacks
Add Account::QueenbeeIntegration concern (SaaS-only) that bridges
Fizzy's external_account_id to Queenbee's find_by_queenbee_id lookup,
and adapts the bang lifecycle methods to Fizzy's Cancellable module.

Remove dead billing conditional from cancellation mailer — Fizzy is
free-only, there's no charge to stop.
2026-03-31 15:14:49 +01:00
Donal McBreen 6a27853a58 Provision QUEENBEE_SECRET env var 2026-03-30 11:17:38 +01:00
Jorge Manrubia 1c4bf3e1e0 Add per-account storage exceptions for SaaS (#2733)
Allow granting specific accounts more storage via an
account_storage_exceptions table in the saas DB, without
relying on the blanket staff bypass.
2026-03-19 15:36:36 +01:00
Jorge Manrubia cf10dbd91e Add 1GB storage cap with staff bypass (#2729)
Re-applies the storage limit from #2713 (reverted in #2715) with an
exception for staff identities so our own account isn't blocked.
2026-03-19 12:38:39 +01:00
Jorge Manrubia 0be8041953 Revert "Add 1GB storage cap with self-host notice" 2026-03-17 17:51:07 +01:00
Andy Smith b5b3d1cd37 Style messages for account limits 2026-03-17 11:33:49 -05:00
Jorge Manrubia a761d809ae Add 1GB storage limit with self-host notice for SaaS
Limit free storage to 1GB on the SaaS version. When exceeded, card
publishing, comment creation, and JSON card creation are blocked,
and the card footer shows a "self-host Fizzy for unlimited storage"
notice instead of the create buttons. A nearing-limit warning
appears when usage exceeds 500MB.

Uses the same SaaS engine patterns as the removed billing system:
model concern on Account, controller concerns included via
config.to_prepare, view partials in saas/ with Fizzy.saas? guards
in the main app.
2026-03-17 12:21:32 +01:00
Jorge Manrubia 964915bc66 Remove payment/subscription system and card/storage limits
Fizzy is now free. Remove the entire Stripe billing system,
subscription management, and card/storage limit enforcement.

Removes from saas/: Plan model, Account::Billing, Account::Subscription,
Account::Limited, Account::OverriddenLimits, Account::BillingWaiver,
all subscription/billing controllers and views, Stripe webhook handler,
card creation/publishing limit enforcement, admin account override UI,
usage report rake task, and all related tests.

Removes from main app: Fizzy.saas? guards for subscription panel,
SaaS card footer override, near-limit notices, and saas.css stylesheet.

Adds migration to drop billing tables from the SaaS database.

Non-billing SaaS features (push notifications, signup, authorization,
telemetry, console1984/audits1984) are preserved.
2026-03-17 09:22:04 +01:00
Mike Dalessio ab5283441d SaaS usage reporting (#2690)
* Add saas:usage_report rake task and extract Subscription.paid scope

Add a rake task to generate a CSV usage report with per-account data:
Queenbee ID, sign up date, paid date, card count, storage used, and
last active date.

Extract the paid subscriptions query from Admin::StatsController into
an Account::Subscription.paid scope so both the controller and the
new rake task can share it.

* Add comped and account name columns to usage report

* Update saas/lib/tasks/fizzy/usage_report.rake

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Preload storage_total to avoid N+1 in usage report

* Batch last_active_at queries to avoid per-account aggregates

* Add tests for Account::Subscription.paid scope

* Update saas/app/models/account/subscription.rb

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Aggregate paid dates in SQL instead of loading all subscriptions

* Fix paid scope to derive plan keys from Plan.all instead of PLANS hash

* Move paid dates and comped lookups into per-batch queries

* Materialize batch IDs to avoid cross-database subquery

SaasRecord models live on a separate database (fizzy_saas) that doesn't
have the accounts table. Using batch.select(:id) generated a subquery
that ran on the saas database, causing a table-not-found error. Using
pluck(:id) materializes the IDs into an array instead.

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-03-11 10:11:13 -04:00
Mike Dalessio b6ea558de8 Move TrackTrueClientIp middleware into saas engine (#2677)
The True-Client-IP header is set by Cloudflare and is only trustworthy
when behind a Cloudflare proxy. In non-Cloudflare deployments, this
header is attacker-controlled and can be used to spoof IP addresses.

Moving the middleware into the saas engine ensures it only loads for our
Cloudflare-fronted production deployment, not for self-hosted OSS
instances.

GHSA-cpch-9qg2-x8fq
2026-03-09 15:14:17 -04:00
Rosa Gutierrez e217c7286e Clean up now unused /devices routes
Follow-up to #2652
2026-03-04 11:10:44 +00:00
Rosa Gutierrez 53df0e405b Move devices endpoint from /devices to /my/devices
Keep legacy /devices routes for backwards compatibility with mobile
apps not yet updated.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 16:30:41 +01:00
Adrien Maston f6b9e765b8 Merge pull request #2619 from basecamp/style-devices-page
Style devices page
2026-03-03 12:20:09 +01:00
Adrien Maston 34ab9c6231 Update saas/app/views/devices/index.html.erb
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-03-03 12:14:28 +01:00
Jorge Manrubia f2f5254efa Merge pull request #2638 from dainmiller/doc-typos-readme-kamal
Fix small documentation typos
2026-03-03 11:24:00 +01:00
Andy Smith 9cd1167f85 Change exceeding and nearing limits to account for the 1000th card (#2345)
* Change exceeding and nearing limits to account for the 1000th card (instead of 1001)

* Add boundary condition tests for card limit checks

Tests now verify behavior at exactly the limit (1000 cards) and at the
nearing threshold (remaining = 100), covering the off-by-one fix.

---------

Co-authored-by: Jorge Manrubia <jorge@37signals.com>
2026-03-03 10:28:38 +01:00
Jorge Manrubia f6952187c7 Merge pull request #2508 from henrik/patch-1
billing.rb: destroy -> destroy!
2026-03-03 10:25:48 +01:00
Adrien Maston b8f7d5be2f Merge remote-tracking branch 'origin/style-devices-page' into style-devices-page
* origin/style-devices-page:
  Update saas/app/views/devices/index.html.erb
2026-03-02 10:21:14 +01:00
Adrien Maston 0caf9b057b Update empty state test 2026-03-02 10:20:58 +01:00
Adrien Maston fd13ffb5cc Update saas/app/views/devices/index.html.erb
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-03-02 10:17:36 +01:00
Dain Miller bdf4459716 Fix small documentation typos 2026-02-28 05:41:55 -05:00
Jay Ohms d758d9913e Hide the subscription panel in the mobile apps 2026-02-27 09:40:05 -05:00
Silvia Uberti 0a83a2db73 Restore sc-chi cache after maintenance.
This reverts commit 4d2e111b01.
2026-02-27 10:30:08 +01:00
Silvia Uberti 4d2e111b01 Temporarily disable sc-chi cache for maintenance. (#2618) 2026-02-27 10:14:50 +01:00
Adrien Maston 3cb5906023 Tweak buttons and let panel grow more 2026-02-26 19:50:23 +01:00
Adrien Maston 04f7c3b66d Change empty state message 2026-02-26 18:06:11 +01:00
Adrien Maston 6c9668d870 Style device list and empty state 2026-02-26 17:15:32 +01:00
Adrien Maston 0fc2ea4af0 Use public layout 2026-02-26 17:15:02 +01:00
Rosa Gutierrez 13268ef668 Add base_url to native push notification payload
Include the server's base URL so native apps can identify which Fizzy
instance (SaaS or self-hosted) a notification originated from.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 19:31:13 +01:00
Rosa Gutierrez 6fb24118ea Use internal account ID as account_id and add account_slug
In native push payload, to be consistent about how we refer to
this in other endpoints.
2026-02-25 19:31:13 +01:00
Rosa Gutierrez 5bea9633d0 Make APNS and FCM env vars available
To beta and production deploys.
2026-02-25 19:31:13 +01:00
Rosa Gutierrez abef50c503 Fix devices_path route helper in native devices partial
The manage devices link used `devices_path` but the route is defined in
the saas engine, so it needs `saas.devices_path`.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 19:31:13 +01:00
Rosa Gutierrez 92cb749e16 Fix tests for renamed fixtures and new stacked notifications
Clear assignee's existing notifications in setup since Notifier now
uses create_or_find_by instead of create, and reload the association
to avoid caching after destroy_all.

Update fixture references after rebase: use `logo_assignment_kevin`
as base notification and `logo_mentioned_david` for mention tests.
Update source to `logo_published` in tests that need generic card events.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-25 19:31:13 +01:00
Fernando Olivares cefc20612a Add creator_familiar_name to push notification payload
Include the shortened familiar name format (e.g., "Salvador D.")
for display in iOS notification titles.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-25 19:31:13 +01:00
Fernando Olivares b1cdb72381 Add creator initials and avatar color to push notification payload
Move avatar_background_color logic from helper to User::Avatar concern
so it can be accessed from models. Include creator_id, creator_initials,
and creator_avatar_color in native push notifications for local avatar
rendering on iOS.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-25 19:31:13 +01:00
Fernando Olivares 113e61d418 Add avatar_url so we always get an avatar even when the user hasn't set one 2026-02-25 19:31:13 +01:00
Rosa Gutierrez 6ec3cc6f2c Document --push flag for testing native push notifications
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-25 19:31:13 +01:00
Rosa Gutierrez 9c165e1e89 Don't read APNS_TEAM_ID from 1Password
It's a public value like the APNs topic, so just fallback to this value
in push.yml. In this way we have one fewer field we need to maintain
consistently across multiple 1Password items.
2026-02-25 19:31:13 +01:00
Rosa Gutierrez 5ad1e8cee7 Simplify push.yml to only use B64 encryption keys
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-25 19:31:13 +01:00
Rosa Gutierrez d1500ad4ec Rename apns-dev to push-dev and unify 1Password credentials
- Rename script from apns-dev to push-dev (handles both APNs and FCM)
- Fetch credentials from Deploy/Fizzy Production (same as Kamal)
- Use _B64 env vars to avoid escaping issues with multiline keys
- Update bin/dev flag from --apns to --push

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-25 19:31:13 +01:00
Rosa Gutierrez 126ccb5e3a Add integration test for notification delivery and simplify test helpers
- Add comprehensive integration test covering card assignment, comments,
  mentions, email bundling, and edge cases (system user, inactive user)
- Inline push notification test helpers into the only test that uses them
- Remove separate PushNotificationTestHelper module

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-25 19:31:13 +01:00
Rosa Gutierrez 6b1598eebb Configure APNS and FCM encryption keys in Kamal secrets
Move encryption keys to base64 password fields for easier Kamal secret
management, and organize them at the root level.
2026-02-25 19:31:13 +01:00
Rosa Gutierrez 7864748be9 Simplify PushTarget by removing template method pattern
Each target now implements process directly with its own logic,
rather than using processable?/perform_push hooks. The pushable?
check is done once in Notification#push before iterating targets.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-25 19:31:13 +01:00
Rosa Gutierrez 0948533da7 Rename push to process on PushTarget for clearer semantics
"Push to target" reads naturally - we push the notification to the
target. "Target processes" also makes sense - the target receives
and handles the notification in its own way.

- Add class method PushTarget.process(notification) that instantiates
  and calls the instance method
- Rename instance method from push to process
- Add private push_to helper in Pushable for readable iteration

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-25 19:31:13 +01:00
Rosa Gutierrez 3621df8f0f Consolidate push jobs into single Notification::PushJob
Replace separate WebPushJob and NativePushJob with a single PushJob
that calls notification.push, which iterates over registered targets.
Each target handles its own delivery - Web pushes synchronously via
the pool, Native enqueues device-level jobs via deliver_later_to.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-25 19:31:13 +01:00
Rosa Gutierrez 4f19c42958 Move category and high_priority to payload classes
Use polymorphism instead of case statements in Native push target:
- DefaultPayload#category returns "default", #high_priority? returns false
- EventPayload#category returns "assignment"/"comment"/"card" based on action
- MentionPayload#category returns "mention", #high_priority? returns true

This simplifies the Native push target by delegating source-specific
logic to the appropriate payload classes.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-25 19:31:13 +01:00
Rosa Gutierrez 9299300dbf Move push priority concerns from Event and Mention into Native push target 2026-02-25 19:31:13 +01:00