54 Commits

Author SHA1 Message Date
Mike Dalessio 45d165749f Fix CORS issues when using minio in development (#2814)
Move MinIO from minio.localhost to minio.fizzy.localhost, which makes
it same-site with the app, so the CORS redirect succeeds.

The service worker fetches Active Storage URLs with `mode: "cors"` so
it can inspect response sizes for offline caching. Active Storage's
redirect controller returns a 302 to the MinIO presigned URL. When
that redirect crosses site boundaries (from fizzy.localhost to
minio.localhost), the browser sets the Origin header to "null" on the
redirected request per the Fetch spec, which fails the CORS check and
produces net::ERR_FAILED.
2026-04-08 16:06:38 -04:00
Donal McBreen 6a27853a58 Provision QUEENBEE_SECRET env var 2026-03-30 11:17:38 +01:00
Jorge Manrubia 964915bc66 Remove payment/subscription system and card/storage limits
Fizzy is now free. Remove the entire Stripe billing system,
subscription management, and card/storage limit enforcement.

Removes from saas/: Plan model, Account::Billing, Account::Subscription,
Account::Limited, Account::OverriddenLimits, Account::BillingWaiver,
all subscription/billing controllers and views, Stripe webhook handler,
card creation/publishing limit enforcement, admin account override UI,
usage report rake task, and all related tests.

Removes from main app: Fizzy.saas? guards for subscription panel,
SaaS card footer override, near-limit notices, and saas.css stylesheet.

Adds migration to drop billing tables from the SaaS database.

Non-billing SaaS features (push notifications, signup, authorization,
telemetry, console1984/audits1984) are preserved.
2026-03-17 09:22:04 +01:00
Rosa Gutierrez e217c7286e Clean up now unused /devices routes
Follow-up to #2652
2026-03-04 11:10:44 +00:00
Rosa Gutierrez 53df0e405b Move devices endpoint from /devices to /my/devices
Keep legacy /devices routes for backwards compatibility with mobile
apps not yet updated.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 16:30:41 +01:00
Silvia Uberti 0a83a2db73 Restore sc-chi cache after maintenance.
This reverts commit 4d2e111b01.
2026-02-27 10:30:08 +01:00
Silvia Uberti 4d2e111b01 Temporarily disable sc-chi cache for maintenance. (#2618) 2026-02-27 10:14:50 +01:00
Rosa Gutierrez 5bea9633d0 Make APNS and FCM env vars available
To beta and production deploys.
2026-02-25 19:31:13 +01:00
Rosa Gutierrez 5ad1e8cee7 Simplify push.yml to only use B64 encryption keys
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-25 19:31:13 +01:00
Rosa Gutierrez 6b1598eebb Configure APNS and FCM encryption keys in Kamal secrets
Move encryption keys to base64 password fields for easier Kamal secret
management, and organize them at the root level.
2026-02-25 19:31:13 +01:00
Rosa Gutierrez 1b53396050 Make devices controller untenanted with engine routes
- Add disallow_account_scope to skip tenant requirement
- Move routes to saas/config/routes.rb (engine routes)
- Use saas.devices_path/saas.device_path for engine route helpers
- Update tests to work without tenant context

Devices belong to Identity (global), not Account, so they don't
need tenant context in the URL.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-25 19:31:13 +01:00
Fernando Olivares 7d04bb514f Add Firebase configuration
- Update local script to load Firebase key
- Configure Firebase projectId in push.yml
2026-02-25 19:31:13 +01:00
Fernando Olivares 55336873b2 Fix database issues and add APNS configuration
- Fix owner_id type to UUID in devices migration
- Fix NOT NULL crash in device registration
- Add APNS config and 1Password integration
- Add --apns flag to bin/dev for local development
- Clean up devices controller
2026-02-25 19:31:13 +01:00
Fernando Olivares 3c54cd84fc Add native push notification infrastructure
- Add action_push_native gem and SaaS configuration
- Add device registration API and UI
- Add User::Devices concern
- Add NotificationPusher::Native for push delivery
- Add tests and fixtures for native push
2026-02-25 19:31:13 +01:00
Rosa Gutierrez 025d70dd13 Use separate cache namespaces for each beta instance
Otherwise we end up with views including URLs from all the betas,
leading to some confusion and problems with the CSP.
2026-01-12 20:28:18 +01:00
Mike Dalessio a7c9b7479c saas: move log_level setting into an environment variable 2026-01-07 11:24:22 -05:00
Fernando Álvarez 037559fb25 Set beta site automatically in deployment 2025-12-23 12:27:03 +01:00
Fernando Álvarez dbb8113080 Extend the number of Beta environments 2025-12-23 12:27:03 +01:00
Fernando Álvarez 43dd149ff2 Cleanup beta deployment
Current beta runs in Chicago only.
2025-12-23 10:17:30 +01:00
Mike Dalessio 28250b340c Move the :fatal log setting into the SaaS config
This should only be set if the app is using the
rails-structured-logging gem, which means it should only be set in the
SAAS config. I think this is just something we missed in one of the
decoupling exercises we did.
2025-12-19 09:09:40 -05:00
Jorge Manrubia 5ab6b1299e Restoring kamal secrets we lost when moving back to Fizzy 2025-12-19 10:49:16 +01:00
Jeremy Daer c691d39ecf Integrate fizzy-saas as vendored gem at saas/
- Update Gemfile.saas to use path: "saas" instead of GitHub source
- Update config/database.yml to reference local saas/ directory
- Update bin/setup to source saas/bin/setup directly
- Remove redundant dotfiles (ruby-version, gitignore, rubocop, github workflows)
- Add saas/db exclusions to root rubocop config
2025-12-16 12:25:22 -08:00
Jorge Manrubia 8dd31e3635 Add system to comp accounts 2025-12-16 12:00:23 +01:00
Jorge Manrubia 3ef5e4eeef Add record to track overridden limits
Before, we were relying on just changing the cards_count in account, but this
could create problems where the system to calculate the next card number fails due
to the unique constraint.
2025-12-16 12:00:23 +01:00
Jorge Manrubia 984a5dd4ce Add Stripe-based billing system
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Jason Zimdars <jz@37signals.com>
2025-12-16 12:00:23 +01:00
Jeremy Daer 6050b80fdd Reduce retained containers to free disk space faster (#32)
Beta/staging: 1 (down from default 5)
Production: 2 (registry is local, quick to pull)
2025-12-13 10:32:18 -08:00
Fernando Álvarez 88de372f41 Migrate Staging app URL to app.fizzy-staging.com 2025-12-11 17:36:06 +01:00
Kevin McConnell 54a9641dee Also set multi_tenant for SaaS development 2025-12-11 12:22:10 +00:00
Kevin McConnell 03ea5f7b89 Set multi_tenant config option
To allow the non-SaaS version of Fizzy to default to single-tenant mode,
we'll enable a `multi_tenant.enabled` config option here that overrides
the default behaviour.
2025-12-11 11:38:42 +00:00
Jeremy Daer 221e596c5d Enforce CSP (#25) 2025-12-10 17:36:23 -08:00
Jeremy Daer 59d77cf104 CSP: move SaaS-only sources out of OSS (#24) 2025-12-10 17:11:36 -08:00
Jeremy Daer 8572fd77b8 Content Security Policy: report-only mode to Sentry (#21) 2025-12-05 10:57:41 -08:00
Mike Dalessio 8f73e1e1be Add console1984 and audits1984
To keep as much of this as we can in the `fizzy-saas` gem, this PR
opts to store console/audits models in a separate database, and so:

- the gem contains the migrations and the database config
- the app contains a separate schema file distinctly for SaaS concerns
  - Rails' current behavior prevents us from easily keeping this file in the gem

Also note that the stock `audits1984` schema is updated to reference
the auditor via a UUID foreign key.

Finally, in order for the database schema file to be located in the
gem directory (and not the application directory), it's necessary to
monkeypatch `AR::DatabaseTasks.schema_dump_path` to support absolute
paths. This functionality has been proposed upstream in
https://github.com/rails/rails/pull/56290 but is awaiting a decision
from the core team.

ref: https://app.fizzy.do/5986089/cards/2469
ref: #17
2025-12-04 11:43:48 -05:00
Mike Dalessio ca6caa7a92 Add deployment secrets for active record encryption
which is used by console1984 and audits1984.

ref: https://app.fizzy.do/5986089/cards/2469
2025-12-02 22:30:07 -05:00
Mike Dalessio d2db893677 We don't run jobs in beta
I think this was hallucinated in the original commit. This is causing
racing between beta and prod, and as a result beta was attempting to
send emails for production.

Fortunately, smtp is not configured in beta and prevented bad emails
from going out. 😅
2025-11-29 19:24:03 -05:00
Jorge Manrubia f7482d5c55 Move solid-queue dev setup to the engine 2025-11-29 21:45:48 +01:00
Jorge Manrubia 17bd37d731 Merge pull request #10 from basecamp/move-env-configs
Move env-specific bits to env files
2025-11-29 16:28:25 +01:00
Jorge Manrubia 1a74735218 We need to require this *after* or the mocks won't work 2025-11-29 11:53:47 +01:00
Jorge Manrubia 299212aae1 Move env-specific bits to env files
TIL Rails engines load these by default before loading the host app's
2025-11-29 11:46:23 +01:00
Stanko K.R. 0ce46ddc36 Remove unused route 2025-11-29 10:05:16 +01:00
Jorge Manrubia 2f9a34117f Bring changes from https://github.com/basecamp/fizzy/commit/91929d7c092f15fa6f145a17e61aa6493d3edd34 2025-11-28 15:32:02 +01:00
Jorge Manrubia de1e344b89 Align beta deploy config with main's 2025-11-28 15:05:56 +01:00
Jorge Manrubia b6bb2338ed Align beta deploy descriptor 2025-11-28 14:39:23 +01:00
Jorge Manrubia 3d849a202a Move signup code back to the app, leave only queenbee hooks 2025-11-27 12:52:12 +01:00
Jorge Manrubia 1f230e3f57 Add Sentry DSN via kamal secrets 2025-11-27 09:29:05 +01:00
Jorge Manrubia 5bdb19bdaf Fix secrets path 2025-11-26 20:15:20 +01:00
Jorge Manrubia 2b711fc592 Moving kamal secrets here now that we can configure the path 2025-11-26 17:47:07 +01:00
Jorge Manrubia d8ab713c7b Add missing kamal secrets 2025-11-26 17:11:26 +01:00
Jorge Manrubia ebd4e0dbd7 Move storage from main fizzy app 2025-11-26 17:04:37 +01:00
Jorge Manrubia eef94b0442 Remove unused setup 2025-11-26 14:01:02 +01:00