UBERF-9015: Remove confusing SYSTEM_EMAIL env (#7548)

Signed-off-by: Andrey Sobolev <haiodo@gmail.com>
2025-04-13 03:40:48 +00:00 · 2024-12-25 11:53:01 +07:00 · 2024-12-25 11:53:01 +07:00 · 9672f5064e
commit 9672f5064e
parent fa4dc0dcbe
17 changed files with 29 additions and 47 deletions
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@ -441,7 +441,6 @@
        "CLIENT_SECRET": "${env:POD_GITHUB_CLIENT_SECRET}",
        "PRIVATE_KEY": "${env:POD_GITHUB_PRIVATE_KEY}",
        "COLLABORATOR_URL": "ws://localhost:3078",
-        "SYSTEM_EMAIL": "anticrm@hc.engineering",
        "MINIO_ENDPOINT": "localhost",
        "MINIO_ACCESS_KEY": "minioadmin",
        "MINIO_SECRET_KEY": "minioadmin",
@ -463,7 +462,6 @@
      "args": ["src/index.ts"],
      "env": {
        "ACCOUNTS_URL": "http://localhost:3000",
-        "SYSTEM_EMAIL": "anticrm@hc.engineering",
        "SECRET": "secret",
        "DOCS_RELEASE_INTERVAL": "10000",
        "DOCS_IN_REVIEW_CHECK_INTERVAL": "10000",
@ -523,7 +521,6 @@
        "MINIO_ACCESS_KEY": "minioadmin",
        "MINIO_SECRET_KEY": "minioadmin",
        "SERVICE_ID": "sign-service",
-        "SYSTEM_EMAIL": "",
        "ACCOUNTS_URL": "http://localhost:3000",
        "BRANDING_PATH": "${workspaceRoot}/services/sign/pod-sign/debug/branding.json"
      },
--- a/server/account/src/operations.ts
+++ b/server/account/src/operations.ts
@ -761,8 +761,7 @@ export async function createAcc (
  const salt = randomBytes(32)
  const hash = password !== null ? hashWithSalt(password, salt) : null

-  const systemEmails = [systemAccountEmail]
-  if (systemEmails.includes(email)) {
+  if (systemAccountEmail === email) {
    ctx.error('system email used for account', { email })
    throw new PlatformError(new Status(Severity.ERROR, platform.status.AccountAlreadyExists, { account: email }))
  }
--- a/services/calendar/pod-calendar/src/config.ts
+++ b/services/calendar/pod-calendar/src/config.ts
@ -23,7 +23,6 @@ interface Config {
  Secret: string
  Credentials: string
  WATCH_URL: string
-  SystemEmail: string
  InitLimit: number
 }

@ -37,7 +36,6 @@ const envMap: { [key in keyof Config]: string } = {
  ServiceID: 'SERVICE_ID',
  Secret: 'SECRET',
  Credentials: 'Credentials',
-  SystemEmail: 'SYSTEM_EMAIL',
  WATCH_URL: 'WATCH_URL',
  InitLimit: 'INIT_LIMIT'
 }
@ -52,7 +50,6 @@ const config: Config = (() => {
    AccountsURL: process.env[envMap.AccountsURL],
    ServiceID: process.env[envMap.ServiceID] ?? 'calendar-service',
    Secret: process.env[envMap.Secret],
-    SystemEmail: process.env[envMap.SystemEmail] ?? 'anticrm@hc.engineering',
    Credentials: process.env[envMap.Credentials],
    InitLimit: parseNumber(process.env[envMap.InitLimit]) ?? 50,
    WATCH_URL: process.env[envMap.WATCH_URL]
--- a/services/calendar/pod-calendar/src/workspaceClient.ts
+++ b/services/calendar/pod-calendar/src/workspaceClient.ts
@ -18,6 +18,7 @@ import contact, { Channel, Contact, type Employee, type PersonAccount } from '@h
 import core, {
  TxOperations,
  TxProcessor,
+  systemAccountEmail,
  toIdMap,
  type Account,
  type Client,
@ -34,7 +35,6 @@ import { Collection, type Db } from 'mongodb'
 import { CalendarClient } from './calendar'
 import { CalendarController } from './calendarController'
 import { getClient } from './client'
-import config from './config'
 import { SyncHistory, type ProjectCredentials, type User } from './types'

 export class WorkspaceClient {
@ -159,7 +159,7 @@ export class WorkspaceClient {
  }

  private async initClient (workspace: string): Promise<Client> {
-    const token = generateToken(config.SystemEmail, { name: workspace })
+    const token = generateToken(systemAccountEmail, { name: workspace })
    const client = await getClient(token)
    client.notify = (...tx: Tx[]) => {
      void this.txHandler(...tx)
--- a/services/github/pod-github/src/client.ts
+++ b/services/github/pod-github/src/client.ts
@ -5,7 +5,7 @@

 import client, { ClientSocket } from '@hcengineering/client'
 import clientResources from '@hcengineering/client-resources'
-import { Client, ClientConnectEvent } from '@hcengineering/core'
+import { Client, ClientConnectEvent, systemAccountEmail } from '@hcengineering/core'
 import { setMetadata } from '@hcengineering/platform'
 import { getTransactorEndpoint } from '@hcengineering/server-client'
 import serverToken, { generateToken } from '@hcengineering/server-token'
@ -30,7 +30,7 @@ export async function createPlatformClient (

  setMetadata(serverToken.metadata.Secret, config.ServerSecret)
  const token = generateToken(
-    config.SystemEmail,
+    systemAccountEmail,
    {
      name: workspace
    },
--- a/services/github/pod-github/src/collaborator.ts
+++ b/services/github/pod-github/src/collaborator.ts
@ -4,7 +4,7 @@
 //

 import { CollaboratorClient, getClient as getCollaboratorClient } from '@hcengineering/collaborator-client'
-import { WorkspaceId } from '@hcengineering/core'
+import { systemAccountEmail, WorkspaceId } from '@hcengineering/core'
 import { generateToken } from '@hcengineering/server-token'
 import config from './config'

@ -12,6 +12,6 @@ import config from './config'
 * @public
 */
 export function createCollaboratorClient (workspaceId: WorkspaceId): CollaboratorClient {
-  const token = generateToken(config.SystemEmail, workspaceId, { mode: 'github' })
+  const token = generateToken(systemAccountEmail, workspaceId, { mode: 'github' })
  return getCollaboratorClient(workspaceId, token, config.CollaboratorURL)
 }
--- a/services/github/pod-github/src/config.ts
+++ b/services/github/pod-github/src/config.ts
@ -2,13 +2,10 @@
 // Copyright © 2023 Hardcore Engineering Inc.
 //

-import { systemAccountEmail } from '@hcengineering/core'
-
 interface Config {
  AccountsURL: string
  ServiceID: string
  ServerSecret: string
-  SystemEmail: string
  FrontURL: string

  // '*' means all workspaces
@ -36,7 +33,6 @@ const envMap: { [key in keyof Config]: string } = {
  AccountsURL: 'ACCOUNTS_URL',
  ServiceID: 'SERVICE_ID',
  ServerSecret: 'SERVER_SECRET',
-  SystemEmail: 'SYSTEM_EMAIL',
  FrontURL: 'FRONT_URL',

  AppID: 'APP_ID',
@ -62,7 +58,6 @@ const required: Array<keyof Config> = [
  'AccountsURL',
  'ServerSecret',
  'ServiceID',
-  'SystemEmail',
  'FrontURL',
  'AppID',
  'ClientID',
@ -82,7 +77,6 @@ const config: Config = (() => {
    AccountsURL: process.env[envMap.AccountsURL],
    ServerSecret: process.env[envMap.ServerSecret],
    ServiceID: process.env[envMap.ServiceID] ?? 'github-service',
-    SystemEmail: process.env[envMap.SystemEmail] ?? systemAccountEmail,
    AllowedWorkspaces: process.env[envMap.AllowedWorkspaces]?.split(',') ?? ['*'],
    FrontURL: process.env[envMap.FrontURL] ?? '',

--- a/services/github/pod-github/src/platform.ts
+++ b/services/github/pod-github/src/platform.ts
@ -14,6 +14,7 @@ import core, {
  MeasureContext,
  RateLimiter,
  Ref,
+  systemAccountEmail,
  TxOperations
 } from '@hcengineering/core'
 import github, { GithubAuthentication, makeQuery, type GithubIntegration } from '@hcengineering/github'
@ -730,7 +731,7 @@ export class PlatformWorker {
      }
      await rateLimiter.add(async () => {
        const token = generateToken(
-          config.SystemEmail,
+          systemAccountEmail,
          {
            name: workspace
          },
--- a/services/gmail/pod-gmail/src/config.ts
+++ b/services/gmail/pod-gmail/src/config.ts
@ -24,7 +24,6 @@ interface Config {
  Secret: string
  Credentials: string
  WATCH_TOPIC_NAME: string
-  SystemEmail: string
  FooterMessage: string
  InitLimit: number
 }
@ -39,7 +38,6 @@ const envMap: { [key in keyof Config]: string } = {
  ServiceID: 'SERVICE_ID',
  Secret: 'SECRET',
  Credentials: 'Credentials',
-  SystemEmail: 'SYSTEM_EMAIL',
  WATCH_TOPIC_NAME: 'WATCH_TOPIC_NAME',
  FooterMessage: 'FOOTER_MESSAGE',
  InitLimit: 'INIT_LIMIT'
@ -55,7 +53,6 @@ const config: Config = (() => {
    AccountsURL: process.env[envMap.AccountsURL],
    ServiceID: process.env[envMap.ServiceID] ?? 'gmail-service',
    Secret: process.env[envMap.Secret],
-    SystemEmail: process.env[envMap.SystemEmail] ?? 'anticrm@hc.engineering',
    Credentials: process.env[envMap.Credentials],
    WATCH_TOPIC_NAME: process.env[envMap.WATCH_TOPIC_NAME],
    InitLimit: parseNumber(process.env[envMap.InitLimit]) ?? 50,
--- a/services/gmail/pod-gmail/src/workspaceClient.ts
+++ b/services/gmail/pod-gmail/src/workspaceClient.ts
@ -20,6 +20,7 @@ import core, {
  type Doc,
  MeasureContext,
  type Ref,
+  systemAccountEmail,
  type Tx,
  type TxCreateDoc,
  TxProcessor,
@ -31,7 +32,6 @@ import type { StorageAdapter } from '@hcengineering/server-core'
 import { generateToken } from '@hcengineering/server-token'
 import { type Db } from 'mongodb'
 import { getClient } from './client'
-import config from './config'
 import { GmailClient } from './gmail'
 import { type Channel, type ProjectCredentials, type User } from './types'

@ -121,7 +121,7 @@ export class WorkspaceClient {
  }

  private async initClient (workspace: string): Promise<Client> {
-    const token = generateToken(config.SystemEmail, { name: workspace })
+    const token = generateToken(systemAccountEmail, { name: workspace })
    console.log('token', token, workspace)
    const client = await getClient(token)
    client.notify = (...tx: Tx[]) => {
--- a/services/love/src/config.ts
+++ b/services/love/src/config.ts
@ -16,7 +16,6 @@
 interface Config {
  AccountsURL: string
  Port: number
-  SystemEmail: string
  ServiceID: string

  LiveKitHost: string
@ -42,7 +41,6 @@ const envMap: { [key in keyof Config]: string } = {
  StorageProviderName: 'STORAGE_PROVIDER_NAME',
  Secret: 'SECRET',
  ServiceID: 'SERVICE_ID',
-  SystemEmail: 'SYSTEM_EMAIL',
  MongoUrl: 'MONGO_URL'
 }

@ -59,7 +57,6 @@ const config: Config = (() => {
    StorageProviderName: process.env[envMap.StorageProviderName] ?? 's3',
    Secret: process.env[envMap.Secret],
    ServiceID: process.env[envMap.ServiceID] ?? 'love-service',
-    SystemEmail: process.env[envMap.SystemEmail] ?? 'anticrm@hc.engineering',
    MongoUrl: process.env[envMap.MongoUrl]
  }

--- a/services/love/src/workspaceClient.ts
+++ b/services/love/src/workspaceClient.ts
@ -12,13 +12,20 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

-import core, { Client, Ref, TxOperations, type Blob, Data, MeasureContext } from '@hcengineering/core'
+import attachment, { Attachment } from '@hcengineering/attachment'
+import core, {
+  Client,
+  Data,
+  MeasureContext,
+  Ref,
+  systemAccountEmail,
+  TxOperations,
+  type Blob
+} from '@hcengineering/core'
 import drive, { createFile } from '@hcengineering/drive'
 import love, { MeetingMinutes } from '@hcengineering/love'
 import { generateToken } from '@hcengineering/server-token'
-import attachment, { Attachment } from '@hcengineering/attachment'
 import { getClient } from './client'
-import config from './config'

 export class WorkspaceClient {
  private client!: TxOperations
@ -39,7 +46,7 @@ export class WorkspaceClient {
  }

  private async initClient (workspace: string): Promise<Client> {
-    const token = generateToken(config.SystemEmail, { name: workspace })
+    const token = generateToken(systemAccountEmail, { name: workspace })
    const client = await getClient(token)
    this.client = new TxOperations(client, core.account.System)
    return this.client
--- a/services/sign/pod-sign/src/config.ts
+++ b/services/sign/pod-sign/src/config.ts
@ -11,7 +11,6 @@ export interface Config {
  Port: number
  Secret: string
  ServiceID: string
-  SystemEmail: string
  BrandingPath: string
 }

@ -25,7 +24,6 @@ const config: Config = (() => {
    Port: parseNumber(process.env.PORT) ?? 4006,
    Secret: process.env.SECRET,
    ServiceID: process.env.SERVICE_ID,
-    SystemEmail: process.env.SYSTEM_EMAIL ?? 'anticrm@hc.engineering',
    BrandingPath: process.env.BRANDING_PATH ?? ''
  }

--- a/services/sign/pod-sign/src/sign.ts
+++ b/services/sign/pod-sign/src/sign.ts
@ -6,7 +6,7 @@ import { P12Signer } from '@signpdf/signer-p12'
 import signpdf from '@signpdf/signpdf'
 import { PDFDocument, StandardFonts, degrees, degreesToRadians, rgb } from 'pdf-lib'

-import config from './config'
+import { systemAccountEmail } from '@hcengineering/core'

 interface Rect {
  x: number
@ -50,7 +50,7 @@ export async function signPDF (file: Buffer, certp12: Buffer, pwd: string, ctx:
  // Make it configurable when will be needed to allow signing for different reasons.
  const options: Options = {
    name: ctx.title,
-    contactInfo: config.SystemEmail,
+    contactInfo: systemAccountEmail,
    appName: ctx.title,
    reason: 'Export from the system',
    location: 'N/A'
--- a/services/sign/pod-sign/src/signController.ts
+++ b/services/sign/pod-sign/src/signController.ts
@ -13,11 +13,10 @@
 // limitations under the License.
 //

-import { type Client } from '@hcengineering/core'
+import { systemAccountEmail, type Client } from '@hcengineering/core'
 import { generateToken, type Token } from '@hcengineering/server-token'

 import { createClient, getTransactorEndpoint } from '@hcengineering/server-client'
-import config from './config'

 export class SignController {
  private readonly clients: Map<string, Client> = new Map<string, Client>()
@ -50,7 +49,7 @@ export class SignController {
  }

  private async createPlatformClient (workspace: string): Promise<Client> {
-    const token = generateToken(config.SystemEmail, {
+    const token = generateToken(systemAccountEmail, {
      name: workspace
    })
    const endpoint = await getTransactorEndpoint(token)
--- a/services/telegram/pod-telegram/src/config.ts
+++ b/services/telegram/pod-telegram/src/config.ts
@ -12,7 +12,6 @@ interface Config {
  AccountsURL: string
  ServiceID: string
  Secret: string
-  SystemEmail: string
 }

 const envMap: { [key in keyof Config]: string } = {
@ -28,8 +27,7 @@ const envMap: { [key in keyof Config]: string } = {

  AccountsURL: 'ACCOUNTS_URL',
  ServiceID: 'SERVICE_ID',
-  Secret: 'SECRET',
-  SystemEmail: 'SYSTEM_EMAIL'
+  Secret: 'SECRET'
 }

 const defaults: Partial<Config> = {
@ -45,7 +43,6 @@ const defaults: Partial<Config> = {

  AccountsURL: undefined,
  ServiceID: 'telegram-service',
-  SystemEmail: 'anticrm@hc.engineering',

  Secret: undefined
 }
@ -76,7 +73,6 @@ const config = (() => {
    MongoURI: process.env[envMap.MongoURI],
    AccountsURL: process.env[envMap.AccountsURL],
    ServiceID: process.env[envMap.ServiceID],
-    SystemEmail: process.env[envMap.SystemEmail],
    Secret: process.env[envMap.Secret]
  }

--- a/services/telegram/pod-telegram/src/workspace.ts
+++ b/services/telegram/pod-telegram/src/workspace.ts
@ -15,6 +15,7 @@ import core, {
  Hierarchy,
  MeasureContext,
  Ref,
+  systemAccountEmail,
  Tx,
  TxCreateDoc,
  TxCUD,
@ -31,7 +32,6 @@ import telegramP, { NewTelegramMessage } from '@hcengineering/telegram'
 import type { Collection } from 'mongodb'
 import { Api } from 'telegram'
 import { v4 as uuid } from 'uuid'
-import config from './config'
 import { platformToTelegram, telegramToPlatform } from './markup'
 import { MsgQueue } from './queue'
 import type { TelegramConnectionInterface } from './telegram'
@ -151,7 +151,7 @@ export class WorkspaceWorker {
    lastMsgStorage: Collection<LastMsgRecord>,
    channelsStorage: Collection<WorkspaceChannel>
  ): Promise<WorkspaceWorker> {
-    const token = generateToken(config.SystemEmail, { name: workspace })
+    const token = generateToken(systemAccountEmail, { name: workspace })
    const client = await createPlatformClient(token)

    const worker = new WorkspaceWorker(