Commit graph

1513 commits

Author SHA1 Message Date
Kailash Nadh
8c07a2a1c4 Fix broken status in subscriber export query. 2024-10-20 23:50:06 +05:30
Kailash Nadh
71f9e861e4 Show OIDC URL warning only when enabled on the UI. 2024-10-20 23:50:06 +05:30
Kailash Nadh
03744e0dde Fix broken settings references on forms page 2024-10-20 23:50:06 +05:30
albanobattistella
d02a9d62b5
Update it.json (#2085) 2024-10-14 22:17:53 +05:30
Kailash Nadh
6fe47b2e61
Merge pull request #2082 from knadh/multiuser
Add multi-user auth, permissions, and user management.
2024-10-13 21:54:36 +05:30
Kailash Nadh
39463d719d Refresh i18n langauge strings. 2024-10-13 18:58:28 +05:30
Kailash Nadh
cc71899e86 Add non-prod ODIC URL warning on admin settings UI. 2024-10-13 18:53:39 +05:30
Kailash Nadh
af06d2e462 Upgrade prismjs. 2024-10-13 18:16:43 +05:30
Kailash Nadh
f226acaa23 Add missing auth permissions file. 2024-10-13 17:03:59 +05:30
Kailash Nadh
cea65c009d Fix and refactor subscriber batch fetching in campaign processing.
This has been a hair-pulling rabbit hole of an issue. #1931 and others.
When the `next-campaign-subscribers` query that fetches $n subscribers
per batch for a campaign returns no results, the manager assumes
that the campaign is done and marks as finished.

Marathon debugging revealed fundamental flaws in qyery's logic that
would incorrectly return 0 rows under certain conditions.
- Based on the "layout" of subscribers for eg: a series of blocklisted
  subscribers between confirmed subscribers.
  A series of unconfirmed subscribers in a batch belonging to a double
  opt-in list.
- Bulk import blocklisting users, but not marking their subscriptions
  as 'unsubscribed'.
- Conditions spread across multiple CTEs resulted in returning an
  arbitrary number of rows and $N per batch as the selected $N rows
  would get filtered out elsewhere, possibly even becoming 0.

After fixing this and testing it on our prod instance that has
15 million subscribers and ~70 million subscriptions in the
`subscriber_lists` table, ended up discovered significant inefficiences
in Postgres query planning. When `subscriber_lists` and campaign list IDs
are joined dynamically (CTE or ANY() or any kind of JOIN that involves)
a query, the Postgres query planner is unable to use the right indexes.

After testing dozens of approaches, discovered that statically passing
the values to join on (hardcoding or passing via parametrized $1 vars),
the query uses the right indexes. The difference is staggering.
For the particular scenario on our large prod DB to pull a batch,
~15 seconds vs. ~50ms, a whopping 300x improvement!

This patch splits `next-campaign-subscribers` into two separate queries,
one which fetches campaign metadata and list_ids, whose values are then
passed statically to the next query to fetch subscribers by batch.

In addition, it fixes and refactors broken filtering and counting logic
in `create-campaign` and `next-campaign` queries.

Closes #1931, #1993, #1986.
2024-10-13 17:03:59 +05:30
Kailash Nadh
ee119b0088 Fix import not 'unsubscribing' list subs for already blacklisted subscribers. Ref #1931. 2024-10-13 17:03:59 +05:30
Kailash Nadh
a26834196e Refactor subscriber APIs list permission filtering. 2024-10-13 17:03:59 +05:30
Kailash Nadh
d9b4bae0a8 Rename migration to v4.0.0 2024-10-13 17:03:59 +05:30
Kailash Nadh
0331e3ce4e Sory users by created_at always. 2024-10-13 17:03:59 +05:30
Kailash Nadh
eb47e80c35 Fix list auth by adding an explicit 'getAll' flag to query. 2024-10-13 17:03:59 +05:30
Kailash Nadh
3671a5254e Update profile UI with new user data structures. 2024-10-13 17:03:58 +05:30
Kailash Nadh
ae2a386193 Add support for "list roles".
This commit splits roles into two, user roles and list roles, both of which
are attached separately to a user.

List roles are collection of lists each with read|write permissions, while
user roles now have all permissions except for per-list ones.

This allows for easier management of roles, eliminating the need to clone and
create new roles just to adjust specific list permissions.
2024-10-13 17:03:58 +05:30
Kailash Nadh
12a6451ed0 Add list permission check to subscriber calls. 2024-10-13 17:03:55 +05:30
Kailash Nadh
d74e067961 Add per-list permission to list management.
- Filter lists by permitted list IDs in DB get calls.
- Split getLists() handlers into two (one, all) for clarity.
- Introduce new `subscribers:get_by_list` permission.
- Tweak UI rendering to work with new per-list permssions.
2024-10-13 16:59:52 +05:30
Kailash Nadh
982e8d8320 Fix post v4.x.x upgrade warning on admin UI. 2024-10-13 16:59:52 +05:30
Kailash Nadh
f8e6eaa2d9 Add docs for v4.x.x multi-user upgrade changes. 2024-10-13 16:59:52 +05:30
Kailash Nadh
26c6db0a13 Remove admin user/password from sample config generation. 2024-10-13 16:59:52 +05:30
Kailash Nadh
1649b3b135 Fix logic for preventing sole super admin from being wrongly updated/deleted. 2024-10-13 16:59:52 +05:30
Kailash Nadh
bf00fd2951 Add support for setting admin user/password via env on --install. 2024-10-13 16:59:52 +05:30
Kailash Nadh
68870ad6b1 Fix update check looping on failed HTTP requests. 2024-10-13 16:59:52 +05:30
Kailash Nadh
2da920d634 Add legacy TOML user+password to API auth on init with warning. 2024-10-13 16:59:52 +05:30
Kailash Nadh
5024ded763 Add API user authentication to auth module with caching of creds on user CRUD. 2024-10-13 16:59:52 +05:30
Kailash Nadh
0bea9989ec Fix role selection on in user form. 2024-10-13 16:59:52 +05:30
Kailash Nadh
e6ec1cb9b3 User legacy (TOML) admin credentials as API creds for backwards compatibility. 2024-10-13 16:59:52 +05:30
Kailash Nadh
b7155a45e4 Fix admin UI legacy user warning. 2024-10-13 16:59:52 +05:30
Kailash Nadh
b0f6c22baa Fix broken subscription status tag on subscriber form UI. 2024-10-13 16:59:52 +05:30
Kailash Nadh
1e875afa67 Add OIDC auth hooks (init, callback, session) and finish OIDC support. 2024-10-13 16:59:52 +05:30
Kailash Nadh
7c92b654c7 Add avatar field to user schema for OIDC avatars. 2024-10-13 16:59:52 +05:30
Kailash Nadh
834f541263 Update OIDC auth URL in login form. 2024-10-13 16:59:52 +05:30
Kailash Nadh
90591fc57e Apply OIDC/user profile related changes to admin UI. 2024-10-13 16:59:52 +05:30
Kailash Nadh
193f8a866b Add one-click provider config shortcut in OIDC settings. 2024-10-13 16:59:52 +05:30
Kailash Nadh
4eabd967d8 Refactor update check.
- Switch away from GitHub releases API to a statically hosted custom
  JSON message to include richer data.
- Instead of checking 24 hours post-boot, check 15 mins later post boot
  and then every 24 hours.
- Add provision for messages to display on the admin dashboard to
  communicate important / urgent announcements.
  (Fingers crossed, this never has to be used!)
2024-10-13 16:59:52 +05:30
Kailash Nadh
a8c17780f9 Add warning on admin UI for legacy creds in the TOML file. 2024-10-13 16:59:52 +05:30
Kailash Nadh
ee90496df9 Apply minor linting fixes to role form. 2024-10-13 16:59:52 +05:30
Kailash Nadh
72c7676ce5 Add cookie check hack to auth for v3 -> 4 browser BasicAuth session issue. 2024-10-13 16:59:52 +05:30
Kailash Nadh
17b5cc1774 Sort roles by created date. 2024-10-13 16:59:52 +05:30
Kailash Nadh
d52eac0948 Update user APIs and queries to embed role + list permissions. 2024-10-13 16:59:52 +05:30
Kailash Nadh
612c1d6eac Add per-list permission management to roles. 2024-10-13 16:59:52 +05:30
Kailash Nadh
19527f97eb Add new fields to /api/config to remove /settings dependency in camapign UI. 2024-10-13 16:59:52 +05:30
Kailash Nadh
f69aa300b4 Move User/Roles nav items under Settings. 2024-10-13 16:59:52 +05:30
Kailash Nadh
4a69f0ac5b Minor refactor to subscribers UI. Remove superfluous status column. 2024-10-13 16:59:52 +05:30
Kailash Nadh
474f93559f Add permission checks to admin UI to toggle visibility/functionality of components. 2024-10-13 16:59:52 +05:30
Kailash Nadh
dd9612b1ed Add user profile based permission check in auth middleware. 2024-10-13 16:59:52 +05:30
Kailash Nadh
09145b4abe Fix profile edit page. 2024-10-13 16:59:52 +05:30
Kailash Nadh
32d5823dfe Refactor 'super' user type to a pre-defined super admin role. 2024-10-13 16:59:52 +05:30