Commit graph

41 commits

Author SHA1 Message Date
prabhatlepton
e7494e9c21
feat(auth): gate OSS signup behind ENABLE_SIGNUP flag (#514)
* feat(auth): gate OSS signup behind ENABLE_SIGNUP flag

## Problem

The `POST /api/v1/auth/signup` endpoint is unconditionally exposed on
every OSS install. Operators running an invite-only deployment (private
customer instances, staging environments, internal-only tenants) have
no way to disable public account creation without patching the codebase.
The UI also shows the "Sign up" link on `/auth/login` regardless of
whether signup is available, so a locked-down deployment leaves broken
navigation on the login page.

## Fix

Introduce a single `ENABLE_SIGNUP` env var (default `true` — no behavior
change for existing installs) that controls signup end-to-end:

- **Backend** — `api/constants.ENABLE_SIGNUP` is read at module load.
  The signup handler returns 403 when it's false. Also exposed on
  `GET /api/v1/health` as `signup_enabled: bool` so the UI can mirror
  the operator's choice at runtime instead of at bundle-build time.

- **UI** — `getSignupEnabled()` in `lib/auth/config.ts` proxies the
  health field, `/api/config/auth` surfaces it to the browser, the
  login page conditionally renders the "Sign up" link via a one-shot
  `fetch("/api/config/auth")` in `useEffect`, and the middleware
  redirects `/auth/signup` → `/auth/login` when disabled (fires before
  Next.js can serve the statically-prerendered signup page).

- **Helm** — `config.enableSignup` (default `true`) is rendered into
  the ConfigMap as `ENABLE_SIGNUP` so operators can flip it via
  `--set config.enableSignup=false` at install/upgrade time.

Fallbacks default to `signupEnabled: true` in every layer so a fresh
install "just works" and matches the backend default.

* address review: rollout on ConfigMap change, cache TTL, no signup-link flash

Four review points on #514:

**P1 — ConfigMap Change Skips Rollout** (`configmap.yaml`). `helm upgrade
--set config.enableSignup=false` updated the ConfigMap but did NOT roll
the api pods, so running processes kept the ENABLE_SIGNUP env from
startup and continued serving the old signup behavior — including
divergence between replicas mid-upgrade.

Fix: add the standard `checksum/config` pod-template annotation on the
four backend Deployments that `envFrom` the ConfigMap (`web`,
`arq-worker`, `ari-manager`, `campaign-orchestrator`). Verified with
`helm template`: all four Deployments share the same checksum on any
given render, and flipping `config.enableSignup` changes the checksum
uniformly so kubectl sees a pod-template diff and rolls all four.

**P1 — Signup Flag Stays Cached (server)** (`ui/src/lib/auth/config.ts`).
Module-scoped cache had no TTL. `revalidate: 300` was passed on the
underlying `fetch()` but the in-memory short-circuit above ran first, so
the value never refreshed until the UI pod restarted.

Fix: add `AUTH_CONFIG_TTL_MS = 5 * 60 * 1000` (matching the fetch
revalidate hint) so the module cache and the Next fetch cache stay in
sync. Backend flag flips propagate within 5 minutes without a pod
restart.

**P1 — Middleware Redirect Uses Stale State** (`ui/src/middleware.ts`).
Same shape as above — a separate module cache with no expiry could keep
redirecting `/auth/signup → /auth/login` after signup was re-enabled, or
keep serving the statically-prerendered signup page after lockdown.

Fix: same `SERVER_CONFIG_TTL_MS = 5 * 60 * 1000` TTL on the middleware
cache.

**P2 — Signup link flash on login page** (`ui/src/app/auth/login/page.tsx`).
Initial `signupEnabled` state was `null`, so `{signupEnabled && ...}`
hid the link on first paint and it popped in after the fetch resolved
— a CLS on every login-page load on stock installs where signup is
enabled.

Fix: initialise the state to `true` (matches the backend default). The
fetch still overrides to `false` when the operator has actually
disabled signup, so the lockdown UI behavior is unchanged; only the
happy-path flash is gone.

* simplify signup flag: drop TTL caches and middleware redirect

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* resolve signup flag server-side to avoid signup link flicker

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

---------

Co-authored-by: prabhat pankaj <prabhatiitbhu@gmail.com>
Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
2026-07-13 14:08:25 +05:30
Abhishek
a54ab519b8
chore: refactor file upload mechanism to avoid NFS dependency (#496)
* chore: refactor file upload mechanism to avoid NFS dependency

* add regression test for deregistration of calls

* fix: fix minio upload issue

* fix: make transcript upload async
2026-07-03 20:01:52 +05:30
Abhishek
78427817a6
feat(scripts): free trusted HTTPS via sslip.io for public-IP remote i… (#460)
* feat(scripts): free trusted HTTPS via sslip.io for public-IP remote installs

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* chore: refactor setup scripts

* chore: generate sdk

* chore: fix messaging for setup_remote script

* fix: fix ffmpeg download url

* feat: centralise and simplify the url configuration

* fix: force script run as sudo

* fix: fix documentation

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-27 17:19:29 +05:30
Abhishek Kumar
978fb9c262 fix: pass s3 compose settings into storage 2026-06-24 18:37:20 +05:30
Sky Moore
1e2a276a61
feat: support other s3 sig versions so it works with s3 (#461) 2026-06-24 18:36:34 +05:30
Abhishek Kumar
678d4bfb1e Harden Docker service credential setup 2026-06-21 13:44:31 +05:30
Manuel Bruña
17054e3f26
feat(scripts): generate REDIS_PASSWORD on setup, plumb through compose (#458)
* feat(scripts): generate REDIS_PASSWORD on setup, plumb through compose

Per the discussion on #453, this takes the recommended path of extending
the setup scripts rather than introducing a parallel compose file.

  - scripts/setup_remote.sh now generates REDIS_PASSWORD alongside
    OSS_JWT_SECRET and POSTGRES_PASSWORD and writes it to the rendered
    .env (with a short comment noting it can be rotated, unlike the
    postgres password which is baked into the volume on first init).
  - scripts/start_docker.sh now generates REDIS_PASSWORD on first run
    if missing, mirroring the existing OSS_JWT_SECRET pattern (reuses
    generate_secret, which falls back through python3 → openssl →
    /dev/urandom).
  - docker-compose.yaml and docker-compose-local.yaml now interpolate
    ${REDIS_PASSWORD:-redissecret} in the redis --requirepass, the redis
    healthcheck, and the api REDIS_URL.

The :-redissecret fallback preserves backwards compatibility for users
with an existing .env that predates this change — they keep the old
value until they regenerate. New installs (via either script) get a
secure random hex.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* Harden local Docker secret setup

---------

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
2026-06-21 13:11:31 +05:30
Abhishek Kumar
5dfd261930 fix: signature mismatch for telephony 2026-06-18 18:56:58 +05:30
Abhishek Kumar
d60065bf0a fix: fix auth provider caching 2026-06-18 17:34:48 +05:30
Abhishek Kumar
49e68b49d5 fix: harden the postgres default password 2026-06-05 14:30:02 +05:30
nuthalapativarun
7eecadd8d6
fix: abort docker compose when OSS_JWT_SECRET is unset (#356)
Using :-ChangeMeInProduction silently starts the stack with a known
public signing key. Switch to :? so docker compose up exits with a
clear error when the variable is not provided.
2026-05-27 16:51:20 +05:30
Abhishek
87699f2dee
chore: refactor setup scrpts (#288)
* refactor setup scrpts

* update docker compose to use dograh-init

* avoid creating unnecessary conf files

* fix local setup script

* add agents.md
2026-05-14 14:45:34 +05:30
Abhishek
59619e9eaa
feat: an option to setup remote server with docker compose build (#280)
* feat: remote setup with docker build option

* chore: update documentation

* chore: make script run in non tty

* chore: add warning about slow build

* chore: add more documentation

* feat: add FASTAPI_WORKERS parameter

* feat: add scaling docs

* feat: add update script

* fix: fix semver options in update_remote.sh
2026-05-13 17:22:14 +05:30
Abhishek
e2fe1f3cd4
feat: enable FORCE_TURN_RELAY to diagnose turn connectivity for local deployment setups (#272)
* filter out local sdp candidates on non local environment

* feat: add FORCE_TURN_RELAY variable

* add FORCE_TURN_RELAY option in docker-compose

* fix: fix github workflow
2026-05-11 17:13:01 +05:30
Abhishek Kumar
6d93be3ef6 fix: number pool initialization in multi telephony setup
If there are multiple telephony configurations, the form number should be initialized from the campaigns given telephonic configuration rather than the organization default telephonic configuration.
2026-05-08 14:48:53 +05:30
Sabiha Khan
f7c1f63e1b
feat: add posthog signup and signin events, enable backend posthog events for oss version (#249) 2026-04-24 12:02:52 +05:30
Abhishek
79bc91b1e0
feat: add mcp server to Dograh OSS (#240)
* feat: add mcp server

* update mcp endpoint
2026-04-16 13:03:29 +05:30
Sabiha Khan
bd07b753cd
feat: tansfer calls with aasterisk (#171)
* feat: tansfer calls with aasterisk

* chore: format code with pre-commit script

* chore: refactor code

* refactor: add call strategies, cleanup transfer events

* fix: docker compose, add missing files from merge conflicts

* chore: update pipecat

* docs: restructure & add mintilify pages for tool

* chore: upgrade pipecat
2026-03-05 09:28:05 +05:30
Abhishek
a836825b83
feat: add qa node in workflow builder (#172)
* feat: add qa node in workflow builder

* feat: add qa analysis token usage in usage_info

* fix: mask the API key in QA node

* feat: add advanced configuration in QA node
2026-02-25 13:53:30 +05:30
Abhishek Kumar
20b8dc60c1 fix: use environment variable for BACKEND_URL 2026-02-20 19:26:41 +05:30
Abhishek
642cc34e8c
feat: add authentication for OSS (#167)
* feat: add authentication for OSS

Fixes #157 and #156

* fix: fix token generation

* fix: limit fastapi workers to 1
2026-02-20 18:21:24 +05:30
Sabiha Khan
c711920165
feat: telephony call transfer (#155)
* transfer call

* fix: ignore completed call status

* chore: refactor telephony

* chore: refactor pipecat engine custom tools and other telephony services

* chore: code refactor

* chore: put back office ambient sound files

* chore: remove transport from engine

* fix: fix alembic revision

* chore: remove set_transferring_call from engine

* fix: send OutputAudio frame and let transport chunk it

* fix: reinstate docker compose

* chore: remove unused transfer-twmil route for caller

* chore: update pipecat submodule

---------

Co-authored-by: Abhishek Kumar <abhishek@a6k.me>
2026-02-16 14:33:33 +05:30
Abhishek
87fc64d55c
fix: fix remote deployment method (#145)
* fix: disable file logging for docker compose mode

* fix: wait for processes in Docker compose mode

* fix: add default turn server conf for remote mode

* remove sentence transformers

* make turn detection configurable
2026-02-05 13:10:33 +05:30
Abhishek
bf972fcfec
feat: add coturn configurations (#143)
* feat: add coturn changes

* add turn credentials and config

* fix: fix setup_remote script and docker compose
2026-02-03 13:52:50 +05:30
Abhishek
911c5ed416
fix: changes to update pipecat version to 0.0.100 (#122)
* feat: add stt evals

* add smart turn as provider

* chore: remove deprecations

* chore: format files

* fix: remove deprecated UserIdleProcessor

* fix: remove deprecated TranscriptProcessor

* chore: update pipecat submodule

* feat: add evals visualisation

* fix: trigger llm generation on client connected and pipeline started

* chore: update pipecat

* chore: update pipecat submodule

* Add tests

* fix: slow loading of workflow page

* chore: update pipecat submodule

* Show version after release

* Fixes #99

* fix: provider check for websocket connection

* Fixes #107

* Fix #96

* chore: fix documentation

* fix: cloudonix campaign call error

---------

Co-authored-by: Sabiha Khan <sabihak89@gmail.com>
2026-01-23 18:53:59 +05:30
Abhishek Kumar
4ddb144dd0 fix: use config for turn 2025-12-22 14:06:17 +05:30
Abhishek
17409998d2
feat: add coturn for remote deployments (#84)
* feat: add coturn for remote deployment

* Simplify remote setup

* fix logic in UI
2025-12-22 13:29:41 +05:30
Sabiha Khan
6efe7d6bd4
feat: enable remote server deployment for OSS deployment (#57) 2025-11-20 21:33:05 +05:30
Abhishek
3babb5ced6
feat: add csv upload functionality for OSS (#29)
feat: add csv upload functionality
chore: remove redundant arq-worker from docker-compose
2025-10-09 17:54:31 +05:30
Abhishek
1f4ff8f865
chore: Update README and add Mintlify docs
* Update README and add Mintlify docs

* Add Twilio documentation

* Remove license and fix readme
2025-10-04 15:05:07 +05:30
Abhishek
90f7aac8ad
Feat: Enable Poshog and Sentry for OSS (#23)
feat: enable posthog and sentry for oss
2025-10-04 12:23:20 +05:30
Abhishek
8e2e5c9327
feat: Enable telephony for OSS (#21)
* fix: fix tooltip bug

* feat: add Twilio with CloudFlare configuration

* chore: update Tella Video
2025-10-04 12:22:50 +05:30
Sabiha Khan
43c56d0b95 feat: create docker-image.yml, update README.md and docker-compose.yaml 2025-09-25 17:00:28 +05:30
Sabiha Khan
4ef1ff92b1 chore: use latest tags in docker compose 2025-09-11 11:49:05 +05:30
Sabiha Khan
c1d21d224c chore: update image versions 2025-09-10 14:09:40 +05:30
Sabiha Khan
abaa750dea
Merge pull request #1 from dograh-hq/dev
fix storage_backend value and docker image versions
2025-09-10 11:22:51 +05:30
Abhishek Kumar
240c560602 Add popup after create workflow 2025-09-10 10:24:04 +05:30
Sabiha Khan
957cdcf363 feat: add README, LICENSE, CONTRIBUTING 2025-09-10 09:20:38 +05:30
Abhishek Kumar
a5524dbbac Add debugging logs in stachAuthService 2025-09-09 19:10:18 +05:30
Sabiha Khan
d28991fc60 fix storage_backend value and docker image versions 2025-09-09 16:37:05 +05:30
Abhishek Kumar
4f2a629340 Initial Commit 🚀 🚀 2025-09-09 14:37:32 +05:30