* Add ALLOW_IP_ADDRESS_LIST environment variable
This adds support for allowing specific private IP addresses to be accessed
by the request-filtering-agent, which is useful for OIDC providers and
webhooks on private networks.
The environment variable accepts a comma-separated list of IP addresses
that should be allowed even if they are private IP addresses.
Example: ALLOW_IP_ADDRESS_LIST=10.0.0.1,192.168.1.100
Fixes issue with OIDC providers on private IP addresses being blocked.
* Rename environment variable to ALLOWED_PRIVATE_IP_ADDRESSES
Changed from ALLOW_IP_ADDRESS_LIST to ALLOWED_PRIVATE_IP_ADDRESSES
for better clarity and naming consistency.
---------
Co-authored-by: codegen-sh[bot] <131295404+codegen-sh[bot]@users.noreply.github.com>
* Improve webhook disabling heuristic with time-based analysis
- Add WEBHOOK_FAILURE_TIME_WINDOW environment variable (default: 24 hours)
- Add WEBHOOK_FAILURE_RATE_THRESHOLD environment variable (default: 80%)
- Replace simple count-based logic with time-window failure rate analysis
- Require minimum 5 deliveries in time window before disabling
- Add comprehensive logging for webhook failure analysis
- Update email template to reflect new time-based approach
Addresses GitHub issue #9788 by making webhook disabling smarter and
considering time factors instead of just consecutive failure counts.
* Fix Logger.warn type error
Remove extra 'task' parameter from Logger.warn call to match the correct
signature: Logger.warn(message: string, extra?: Extra)
* Update WEBHOOK_FAILURE_TIME_WINDOW to use seconds instead of hours
- Change default value from 24 (hours) to 86400 (seconds)
- Update time conversion logic from hours*60*60*1000 to seconds*1000
- Rename timeWindowHours variable to timeWindowSeconds for clarity
- Update documentation comments to reflect seconds-based configuration
This provides more granular control while maintaining the same default
behavior (24 hours = 86400 seconds).
* Improve webhook failure logging and analysis threshold
- Only log webhook failure analysis when failedDeliveries.length > 0
- Extract hardcoded minimum deliveries threshold to constant
- Update minimum deliveries threshold from 5 to 10 for more reliable analysis
This reduces log noise when there are no failures and requires more data
points before considering webhook disabling.
---------
Co-authored-by: codegen-sh[bot] <131295404+codegen-sh[bot]@users.noreply.github.com>
* Upgrade @typescript-eslint dependencies from v6.21.0 to v8.33.0
- Updated @typescript-eslint/eslint-plugin from ^6.21.0 to ^8.33.0
- Updated @typescript-eslint/parser from ^6.21.0 to ^8.33.0
- Tested linting functionality to ensure compatibility
- This brings the latest TypeScript ESLint features and bug fixes
* lint
* tsc
---------
Co-authored-by: codegen-sh[bot] <131295404+codegen-sh[bot]@users.noreply.github.com>
Co-authored-by: Tom Moor <tom@getoutline.com>
* Add support for individual database environment variables
- Add DATABASE_HOST, DATABASE_PORT, DATABASE_NAME, DATABASE_USER, DATABASE_PASSWORD env vars
- Implement mutual exclusivity validation between DATABASE_URL and individual components
- Add effectiveDatabaseUrl getter to construct URL from individual components
- Update database connection logic to use new configuration options
- Ensure backward compatibility with existing DATABASE_URL configuration
Resolves: https://github.com/outline/outline/discussions/9158
* Refactor database configuration methods
- Move effectiveDatabaseUrl method from env.ts to database.ts as getEffectiveDatabaseUrl function
- Remove validateDatabaseConfiguration method from env.ts as validation is handled by decorators
- Maintain clean separation of concerns between environment and database modules
* Pass database options directly to Sequelize constructor
- Replace URL construction with direct Sequelize configuration object
- Support both DATABASE_URL string and individual component object configurations
- Maintain common Sequelize options for both configuration types
- Improve error messaging for different configuration scenarios
* remove spurious comments
* tsc
---------
Co-authored-by: codegen-sh[bot] <131295404+codegen-sh[bot]@users.noreply.github.com>
Co-authored-by: Tom Moor <tom@getoutline.com>
This PR contains the necessary work to make Outline an OAuth provider including:
- OAuth app registration
- OAuth app management
- Private / public apps (Public in cloud only)
- Full OAuth 2.0 spec compatible authentication flow
- Granular scopes
- User token management screen in settings
- Associated API endpoints for programatic access
* Add SMTP_SERVICE environment variable for well-known services
* Fix PR #8777: Restore code in teams.ts and users.ts
* The rest of the work
* fix validation
---------
Co-authored-by: codegen-sh[bot] <131295404+codegen-sh[bot]@users.noreply.github.com>
Co-authored-by: Tom Moor <tom.moor@gmail.com>
* Add Discord Provider Prototype
* Add Discord Logo
* Add Plugin to Plugin Manager
* fixed discord auth support and added icon
* add csv role verification
* grab discord server icon and test server id and roles
* subdomain derived from server name
* use discord server specific nickname if available
* Cleanup and comment
* move discord api types to dev deps
* cleanup of server vs default params
* remove commented out lines
* revert envv.development
* revert in vscode
* update yarn lock
* add gif support for discord server icon
* add comment with docs link
* add env section for discord
* fix errors and clarify env
* add new cannot use without
* fix suggestions
* fix: public env vars using decorator
* fix: relocate
* fix: use env.public
* fix: register public env vars across plugins
* fix: test
* fix: tsc
* fix: mark remaining ones as public
* fix: move oidc ones to plugin
* fix: prevent overwrite
* fix: review
* Separate environment configs
* wip
* wip
* test
* plugins
* test
* test
* .sequelizerc, unfortunately can't go through /utils/environment due to not supporting TS
* docker-compose -> docker compose
* fix: .local wipes .development
* Add custom validation message for invalid SECRET_KEY (often confused)
Tom Moor