fix: runtime issue for electron app (#6306)

Looks like we need to be careful to share common libraries between electron (nodejs) & web

![image.png](https://graphite-user-uploaded-assets-prod.s3.amazonaws.com/T2klNLEk0wxLh4NRDzhk/7e568e47-2d61-45c8-8a1e-b933b63fd1a9.png)

.eslintrc.js

@@ -1,4 +1,4 @@
-const { resolve } = require('node:path');
+const { join } = require('node:path');
 
 const createPattern = packageName => [
   {
@@ -31,11 +31,6 @@ const createPattern = packageName => [
     message: 'Use `useNavigateHelper` instead',
     importNames: ['useNavigate'],
   },
-  {
-    group: ['yjs'],
-    message: 'Do not use this API because it has a bug',
-    importNames: ['mergeUpdates'],
-  },
   {
     group: ['@affine/env/constant'],
     message:
@@ -93,16 +88,17 @@ const config = {
     },
     ecmaVersion: 'latest',
     sourceType: 'module',
-    project: resolve(__dirname, './tsconfig.eslint.json'),
+    project: join(__dirname, 'tsconfig.eslint.json'),
   },
   plugins: [
     'react',
     '@typescript-eslint',
     'simple-import-sort',
     'sonarjs',
-    'i',
+    'import-x',
     'unused-imports',
     'unicorn',
+    'rxjs',
   ],
   rules: {
     'array-callback-return': 'error',
@@ -135,6 +131,7 @@ const config = {
     'unused-imports/no-unused-imports': 'error',
     'simple-import-sort/imports': 'error',
     'simple-import-sort/exports': 'error',
+    'import-x/no-duplicates': 'error',
     '@typescript-eslint/ban-ts-comment': [
       'error',
       {
@@ -168,11 +165,6 @@ const config = {
             message: 'Use `useNavigateHelper` instead',
             importNames: ['useNavigate'],
           },
-          {
-            group: ['yjs'],
-            message: 'Do not use this API because it has a bug',
-            importNames: ['mergeUpdates'],
-          },
         ],
       },
     ],
@@ -212,6 +204,21 @@ const config = {
     'sonarjs/no-collection-size-mischeck': 'error',
     'sonarjs/no-useless-catch': 'error',
     'sonarjs/no-identical-functions': 'error',
+    'rxjs/finnish': [
+      'error',
+      {
+        functions: false,
+        methods: false,
+        strict: true,
+        types: {
+          '^LiveData$': true,
+          // some yjs classes are Observables, but they don't need to be in Finnish notation
+          '^Doc$': false, // yjs Doc
+          '^Awareness$': false, // yjs Awareness
+          '^UndoManager$': false, // yjs UndoManager
+        },
+      },
+    ],
   },
   overrides: [
     {
@@ -228,9 +235,6 @@ const config = {
     },
     ...allPackages.map(pkg => ({
       files: [`${pkg}/src/**/*.ts`, `${pkg}/src/**/*.tsx`],
-      parserOptions: {
-        project: resolve(__dirname, './tsconfig.eslint.json'),
-      },
       rules: {
         '@typescript-eslint/no-restricted-imports': [
           'error',
@@ -247,7 +251,7 @@ const config = {
         ],
         '@typescript-eslint/no-misused-promises': ['error'],
         '@typescript-eslint/prefer-readonly': 'error',
-        'i/no-extraneous-dependencies': ['error'],
+        'import-x/no-extraneous-dependencies': ['error'],
         'react-hooks/exhaustive-deps': [
           'warn',
           {

.github/actions/deploy/deploy.mjs

@@ -21,7 +21,6 @@ const {
   AFFINE_GOOGLE_CLIENT_ID,
   AFFINE_GOOGLE_CLIENT_SECRET,
   CLOUD_SQL_IAM_ACCOUNT,
-  CLOUD_LOGGER_IAM_ACCOUNT,
   GCLOUD_CONNECTION_NAME,
   GCLOUD_CLOUD_SQL_INTERNAL_ENDPOINT,
   REDIS_HOST,
@@ -60,9 +59,7 @@ const createHelmCommand = ({ isDryRun }) => {
       ? [
           `--set-json   web.service.annotations=\"{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }\"`,
           `--set-json   graphql.service.annotations=\"{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }\"`,
-          `--set-json   graphql.serviceAccount.annotations=\"{ \\"iam.gke.io/gcp-service-account\\": \\"${CLOUD_LOGGER_IAM_ACCOUNT}\\"}\"`,
           `--set-json   sync.service.annotations=\"{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }\"`,
-          `--set-json   sync.serviceAccount.annotations=\"{ \\"iam.gke.io/gcp-service-account\\": \\"${CLOUD_LOGGER_IAM_ACCOUNT}\\"}\"`,
           `--set-json   cloud-sql-proxy.serviceAccount.annotations=\"{ \\"iam.gke.io/gcp-service-account\\": \\"${CLOUD_SQL_IAM_ACCOUNT}\\" }\"`,
           `--set-json   cloud-sql-proxy.nodeSelector=\"{ \\"iam.gke.io/gke-metadata-server-enabled\\": \\"true\\" }\"`,
         ]
@@ -114,7 +111,7 @@ const createHelmCommand = ({ isDryRun }) => {
     `--set-string graphql.app.oauth.google.clientSecret="${AFFINE_GOOGLE_CLIENT_SECRET}"`,
     `--set-string graphql.app.payment.stripe.apiKey="${STRIPE_API_KEY}"`,
     `--set-string graphql.app.payment.stripe.webhookKey="${STRIPE_WEBHOOK_KEY}"`,
-    `--set        graphql.app.experimental.enableJwstCodec=${isInternal}`,
+    `--set        graphql.app.experimental.enableJwstCodec=${namespace === 'dev'}`,
     `--set        graphql.app.features.earlyAccessPreview=false`,
     `--set        graphql.app.features.syncClientVersionCheck=true`,
     `--set        sync.replicaCount=${syncReplicaCount}`,

.github/actions/download-web/action.yml

@@ -11,7 +11,7 @@ runs:
     - name: Download tar.gz
       uses: actions/download-artifact@v4
       with:
-        name: core
+        name: web
         path: .
 
     - name: Extract core artifacts

.github/deployment/front/Dockerfile

@@ -1,6 +1,6 @@
 FROM openresty/openresty:1.25.3.1-0-buster
 WORKDIR /app
-COPY ./packages/frontend/core/dist ./dist
+COPY ./packages/frontend/web/dist ./dist
 COPY ./.github/deployment/front/nginx.conf /usr/local/openresty/nginx/conf/nginx.conf
 COPY ./.github/deployment/front/affine.nginx.conf /etc/nginx/conf.d/affine.nginx.conf
 

.github/deployment/node/Dockerfile

@@ -1,7 +1,7 @@
 FROM node:20-bookworm-slim
 
 COPY ./packages/backend/server /app
-COPY ./packages/frontend/core/dist /app/static
+COPY ./packages/frontend/web/dist /app/static
 WORKDIR /app
 
 RUN apt-get update && \

.github/helm/affine/Chart.yaml

@@ -3,4 +3,4 @@ name: affine
 description: AFFiNE cloud chart
 type: application
 version: 0.0.0
-appVersion: "0.12.0"
+appVersion: "0.14.0"

.github/helm/affine/charts/graphql/Chart.yaml

@@ -3,7 +3,7 @@ name: graphql
 description: AFFiNE GraphQL server
 type: application
 version: 0.0.0
-appVersion: "0.12.0"
+appVersion: "0.14.0"
 dependencies:
   - name: gcloud-sql-proxy
     version: 0.0.0

.github/helm/affine/charts/graphql/templates/_helpers.tpl

@@ -61,18 +61,3 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
-
-{{- define "jwt.key" -}}
-{{- $secret := lookup "v1" "Secret" .Release.Namespace .Values.app.jwt.secretName -}}
-{{- if and $secret $secret.data.private -}}
-{{/*
-   Reusing existing secret data
-*/}}
-key: {{ $secret.data.private }}
-{{- else -}}
-{{/*
-    Generate new data
-*/}}
-key: {{ genPrivateKey "ecdsa" | b64enc }}
-{{- end -}}
-{{- end -}}

.github/helm/affine/charts/graphql/templates/deployment.yaml

@@ -28,10 +28,10 @@ spec:
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           env:
-          - name: AUTH_PRIVATE_KEY
+          - name: AFFINE_PRIVATE_KEY
             valueFrom:
               secretKeyRef:
-                name: "{{ .Values.app.jwt.secretName }}"
+                name: "{{ .Values.global.secret.secretName }}"
                 key: key
           - name: NODE_ENV
             value: "{{ .Values.env }}"
@@ -45,8 +45,6 @@ spec:
             value: "graphql"
           - name: AFFINE_ENV
             value: "{{ .Release.Namespace }}"
-          - name: NEXTAUTH_URL
-            value: "{{ .Values.global.ingress.host }}"
           - name: DATABASE_PASSWORD
             valueFrom:
               secretKeyRef:

.github/helm/affine/charts/graphql/templates/jwt-secret.yaml

@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: "{{ .Values.app.jwt.secretName }}"
-type: Opaque
-data:
-{{- ( include "jwt.key" . ) | indent 2 -}}

.github/helm/affine/charts/graphql/templates/secret.yaml

@@ -0,0 +1,18 @@
+{{- $privateKey := default (genPrivateKey "ecdsa") .Values.global.secret.privateKey | b64enc | quote }}
+
+{{- if not .Values.global.secret.privateKey }}
+{{- $existingKey := (lookup "v1" "Secret" .Release.Namespace .Values.global.secret.secretName) }}
+{{- if $existingKey }}
+{{- $privateKey = index $existingKey.data "key" }}
+{{- end -}}
+{{- end -}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.global.secret.secretName }}
+  annotations:
+    "helm.sh/resource-policy": "keep"
+type: Opaque
+data:
+  key: {{ $privateKey }}

.github/helm/affine/charts/graphql/values.yaml

@@ -19,10 +19,6 @@ app:
   https: true
   doc:
     mergeInterval: "3000"
-  jwt:
-    secretName: jwt-private-key
-    # base64 encoded ecdsa private key
-    privateKey: ''
   captcha:
     enable: false
     secretName: captcha

.github/helm/affine/charts/sync/Chart.yaml

@@ -3,7 +3,7 @@ name: sync
 description: AFFiNE Sync Server
 type: application
 version: 0.0.0
-appVersion: "0.12.0"
+appVersion: "0.14.0"
 dependencies:
   - name: gcloud-sql-proxy
     version: 0.0.0

.github/helm/affine/charts/sync/templates/deployment.yaml

@@ -32,6 +32,11 @@ spec:
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           env:
+          - name: AFFINE_PRIVATE_KEY
+            valueFrom:
+              secretKeyRef:
+                name: "{{ .Values.global.secret.secretName }}"
+                key: key
           - name: NODE_ENV
             value: "{{ .Values.env }}"
           - name: NO_COLOR
@@ -40,8 +45,6 @@ spec:
             value: "affine"
           - name: SERVER_FLAVOR
             value: "sync"
-          - name: NEXTAUTH_URL
-            value: "{{ .Values.global.ingress.host }}"
           - name: AFFINE_ENV
             value: "{{ .Release.Namespace }}"
           - name: DATABASE_PASSWORD

.github/helm/affine/charts/sync/values.yaml

@@ -12,7 +12,6 @@ env: 'production'
 app:
   # AFFINE_SERVER_HOST
   host: '0.0.0.0'
-
 serviceAccount:
   create: true
   annotations: {}

.github/helm/affine/values.yaml

@@ -4,6 +4,9 @@ global:
     className: ''
     host: affine.pro
     tls: []
+  secret:
+    secretName: 'server-private-key'
+    privateKey: ''
   database:
     user: 'postgres'
     url: 'pg-postgresql'

.github/workflows/build-test.yml

@@ -266,8 +266,8 @@ jobs:
           path: ./packages/backend/storage/storage.node
           if-no-files-found: error
 
-  build-core:
-    name: Build @affine/core
+  build-web:
+    name: Build @affine/web
     runs-on: ubuntu-latest
 
     steps:
@@ -277,15 +277,15 @@ jobs:
         with:
           electron-install: false
           full-cache: true
-      - name: Build Core
+      - name: Build Web
         # always skip cache because its fast, and cache configuration is always changing
-        run: yarn nx build @affine/core --skip-nx-cache
-      - name: zip core
-        run: tar -czf dist.tar.gz --directory=packages/frontend/core/dist .
-      - name: Upload core artifact
+        run: yarn nx build @affine/web --skip-nx-cache
+      - name: zip web
+        run: tar -czf dist.tar.gz --directory=packages/frontend/web/dist .
+      - name: Upload web artifact
         uses: actions/upload-artifact@v4
         with:
-          name: core
+          name: web
           path: dist.tar.gz
           if-no-files-found: error
 
@@ -485,7 +485,7 @@ jobs:
               test: true,
             }
     needs:
-      - build-core
+      - build-web
       - build-native
     steps:
       - uses: actions/checkout@v4
@@ -516,8 +516,8 @@ jobs:
         shell: bash
         run: yarn workspace @affine/electron vitest
 
-      - name: Download core artifact
-        uses: ./.github/actions/download-core
+      - name: Download web artifact
+        uses: ./.github/actions/download-web
         with:
           path: packages/frontend/electron/resources/web-static
 

.github/workflows/deploy-automatically.yml

@@ -7,6 +7,11 @@ on:
   schedule:
     - cron: '0 9 * * *'
 
+permissions:
+  contents: write
+  pull-requests: write
+  actions: write
+
 jobs:
   dispatch-deploy:
     runs-on: ubuntu-latest

.github/workflows/deploy.yml

@@ -15,6 +15,7 @@ on:
 env:
   APP_NAME: affine
   NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
+  MIXPANEL_TOKEN: '389c0615a69b57cca7d3fa0a4824c930'
 
 jobs:
   build-server:
@@ -38,8 +39,8 @@ jobs:
           name: server-dist
           path: ./packages/backend/server/dist
           if-no-files-found: error
-  build-core:
-    name: Build @affine/core
+  build-web:
+    name: Build @affine/web
     runs-on: ubuntu-latest
     environment: ${{ github.event.inputs.flavor }}
     steps:
@@ -50,7 +51,7 @@ jobs:
       - name: Setup Node.js
         uses: ./.github/actions/setup-node
       - name: Build Core
-        run: yarn nx build @affine/core --skip-nx-cache
+        run: yarn nx build @affine/web --skip-nx-cache
         env:
           R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }}
           R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
@@ -64,15 +65,15 @@ jobs:
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
           SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
           PERFSEE_TOKEN: ${{ secrets.PERFSEE_TOKEN }}
-      - name: Upload core artifact
+      - name: Upload web artifact
         uses: actions/upload-artifact@v4
         with:
-          name: core
-          path: ./packages/frontend/core/dist
+          name: web
+          path: ./packages/frontend/web/dist
           if-no-files-found: error
 
-  build-core-selfhost:
-    name: Build @affine/core selfhost
+  build-web-selfhost:
+    name: Build @affine/web selfhost
     runs-on: ubuntu-latest
     environment: ${{ github.event.inputs.flavor }}
     steps:
@@ -83,7 +84,7 @@ jobs:
       - name: Setup Node.js
         uses: ./.github/actions/setup-node
       - name: Build Core
-        run: yarn nx build @affine/core --skip-nx-cache
+        run: yarn nx build @affine/web --skip-nx-cache
         env:
           BUILD_TYPE: ${{ github.event.inputs.flavor }}
           SHOULD_REPORT_TRACE: false
@@ -91,11 +92,11 @@ jobs:
           SELF_HOSTED: true
       - name: Download selfhost fonts
         run: node ./scripts/download-blocksuite-fonts.mjs
-      - name: Upload core artifact
+      - name: Upload web artifact
         uses: actions/upload-artifact@v4
         with:
-          name: selfhost-core
-          path: ./packages/frontend/core/dist
+          name: selfhost-web
+          path: ./packages/frontend/web/dist
           if-no-files-found: error
 
   build-storage:
@@ -143,16 +144,16 @@ jobs:
       packages: 'write'
     needs:
       - build-server
-      - build-core
-      - build-core-selfhost
+      - build-web
+      - build-web-selfhost
       - build-storage
     steps:
       - uses: actions/checkout@v4
       - name: Download core artifact
         uses: actions/download-artifact@v4
         with:
-          name: core
-          path: ./packages/frontend/core/dist
+          name: web
+          path: ./packages/frontend/web/dist
       - name: Download server dist
         uses: actions/download-artifact@v4
         with:
@@ -218,14 +219,14 @@ jobs:
           registry-url: https://npm.pkg.github.com
           scope: '@toeverything'
 
-      - name: Remove core dist
-        run: rm -rf ./packages/frontend/core/dist
+      - name: Remove web dist
+        run: rm -rf ./packages/frontend/web/dist
 
-      - name: Download selfhost core artifact
+      - name: Download selfhost web artifact
         uses: actions/download-artifact@v4
         with:
-          name: selfhost-core
-          path: ./packages/frontend/core/dist
+          name: selfhost-web
+          path: ./packages/frontend/web/dist
 
       - name: Install Node.js dependencies
         run: |
@@ -295,7 +296,6 @@ jobs:
           REDIS_HOST: ${{ secrets.REDIS_HOST }}
           REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }}
           CLOUD_SQL_IAM_ACCOUNT: ${{ secrets.CLOUD_SQL_IAM_ACCOUNT }}
-          CLOUD_LOGGER_IAM_ACCOUNT: ${{ secrets.CLOUD_LOGGER_IAM_ACCOUNT }}
           STRIPE_API_KEY: ${{ secrets.STRIPE_API_KEY }}
           STRIPE_WEBHOOK_KEY: ${{ secrets.STRIPE_WEBHOOK_KEY }}
           STATIC_IP_NAME: ${{ secrets.STATIC_IP_NAME }}

.github/workflows/release-desktop.yml

@@ -33,6 +33,7 @@ env:
   DEBUG: napi:*
   APP_NAME: affine
   MACOSX_DEPLOYMENT_TARGET: '10.13'
+  MIXPANEL_TOKEN: '389c0615a69b57cca7d3fa0a4824c930'
 
 jobs:
   before-make:
@@ -60,10 +61,10 @@ jobs:
           SKIP_PLUGIN_BUILD: 'true'
           SKIP_NX_CACHE: 'true'
 
-      - name: Upload core artifact
+      - name: Upload web artifact
         uses: actions/upload-artifact@v4
         with:
-          name: core
+          name: web
           path: packages/frontend/electron/resources/web-static
 
   make-distribution:
@@ -110,7 +111,7 @@ jobs:
           nx_token: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
       - uses: actions/download-artifact@v4
         with:
-          name: core
+          name: web
           path: packages/frontend/electron/resources/web-static
 
       - name: Build Desktop Layers
@@ -188,7 +189,7 @@ jobs:
           nx_token: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
       - uses: actions/download-artifact@v4
         with:
-          name: core
+          name: web
           path: packages/frontend/electron/resources/web-static
 
       - name: Build Desktop Layers
@@ -317,7 +318,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/download-artifact@v4
         with:
-          name: core
+          name: web
           path: web-static
       - name: Zip web-static
         run: zip -r web-static.zip web-static

docs/developing-server.md

@@ -55,7 +55,6 @@ When logging in via email, you will see the mail arriving at localhost:8025 in a
 
 ```
 DATABASE_URL="postgresql://affine:affine@localhost:5432/affine"
-NEXTAUTH_URL="http://localhost:8080"
 MAILER_SENDER="noreply@toeverything.info"
 MAILER_USER="auth"
 MAILER_PASSWORD="auth"
@@ -67,6 +66,7 @@ MAILER_PORT="1025"
 
 ```
 yarn workspace @affine/server prisma db push
+yarn workspace @affine/server data-migration run
 ```
 
 Note, you may need to do it again if db schema changed.

docs/reference/package.json

@@ -19,5 +19,5 @@
     ],
     "ext": "ts,md,json"
   },
-  "version": "0.12.0"
+  "version": "0.14.0"
 }

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@affine/monorepo",
-  "version": "0.12.0",
+  "version": "0.14.0",
   "private": true,
   "author": "toeverything",
   "license": "MIT",
@@ -17,16 +17,16 @@
     "node": "<21.0.0"
   },
   "scripts": {
-    "dev": "dev-core",
+    "dev": "yarn workspace @affine/cli dev",
     "dev:electron": "yarn workspace @affine/electron dev",
-    "build": "yarn nx build @affine/core",
+    "build": "yarn nx build @affine/web",
     "build:electron": "yarn nx build @affine/electron",
     "build:storage": "yarn nx run-many -t build -p @affine/storage",
     "build:storybook": "yarn nx build @affine/storybook",
-    "start:web-static": "yarn workspace @affine/core static-server",
+    "start:web-static": "yarn workspace @affine/web static-server",
     "start:storybook": "yarn exec serve tests/storybook/storybook-static -l 6006",
     "serve:test-static": "yarn exec serve tests/fixtures --cors -p 8081",
-    "lint:eslint": "eslint . --ext .js,mjs,.ts,.tsx --cache",
+    "lint:eslint": "cross-env NODE_OPTIONS=\"--max-old-space-size=8192\" eslint . --ext .js,mjs,.ts,.tsx --cache",
     "lint:eslint:fix": "yarn lint:eslint --fix",
     "lint:prettier": "prettier --ignore-unknown --cache --check .",
     "lint:prettier:fix": "prettier --ignore-unknown --cache --write .",
@@ -44,7 +44,7 @@
     "*": "prettier --write --ignore-unknown --cache",
     "*.{ts,tsx,mjs,js,jsx}": [
       "prettier --ignore-unknown --write",
-      "eslint --cache --fix"
+      "cross-env NODE_OPTIONS=\"--max-old-space-size=8192\" eslint --cache --fix"
     ],
     "*.toml": [
       "taplo format"
@@ -61,7 +61,7 @@
     "@faker-js/faker": "^8.4.1",
     "@istanbuljs/schema": "^0.1.3",
     "@magic-works/i18n-codegen": "^0.5.0",
-    "@nx/vite": "18.0.8",
+    "@nx/vite": "18.1.2",
     "@playwright/test": "^1.41.2",
     "@taplo/cli": "^0.7.0",
     "@testing-library/react": "^14.2.1",
@@ -74,21 +74,23 @@
     "@vanilla-extract/vite-plugin": "^4.0.4",
     "@vanilla-extract/webpack-plugin": "^2.3.6",
     "@vitejs/plugin-react-swc": "^3.6.0",
-    "@vitest/coverage-istanbul": "1.3.1",
-    "@vitest/ui": "1.3.1",
+    "@vitest/coverage-istanbul": "1.4.0",
+    "@vitest/ui": "1.4.0",
+    "cross-env": "^7.0.3",
     "electron": "^29.0.1",
     "eslint": "^8.56.0",
     "eslint-config-prettier": "^9.1.0",
-    "eslint-plugin-i": "^2.29.1",
+    "eslint-plugin-import-x": "^0.4.1",
     "eslint-plugin-react": "^7.33.2",
     "eslint-plugin-react-hooks": "^4.6.0",
+    "eslint-plugin-rxjs": "^5.0.3",
     "eslint-plugin-simple-import-sort": "^12.0.0",
     "eslint-plugin-sonarjs": "^0.24.0",
     "eslint-plugin-unicorn": "^51.0.1",
     "eslint-plugin-unused-imports": "^3.1.0",
     "eslint-plugin-vue": "^9.22.0",
     "fake-indexeddb": "5.0.2",
-    "happy-dom": "^13.4.1",
+    "happy-dom": "^14.0.0",
     "husky": "^9.0.11",
     "lint-staged": "^15.2.2",
     "msw": "^2.2.1",
@@ -105,7 +107,7 @@
     "vite": "^5.1.4",
     "vite-plugin-istanbul": "^6.0.0",
     "vite-plugin-static-copy": "^1.0.1",
-    "vitest": "1.3.1",
+    "vitest": "1.4.0",
     "vitest-fetch-mock": "^0.2.2",
     "vitest-mock-extended": "^1.3.1"
   },
@@ -168,7 +170,7 @@
     "which-boxed-primitive": "npm:@nolyfill/which-boxed-primitive@latest",
     "which-typed-array": "npm:@nolyfill/which-typed-array@latest",
     "@reforged/maker-appimage/@electron-forge/maker-base": "7.3.0",
-    "macos-alias": "npm:@napi-rs/macos-alias@latest",
+    "macos-alias": "npm:@napi-rs/macos-alias@0.0.4",
     "fs-xattr": "npm:@napi-rs/xattr@latest",
     "@radix-ui/react-dialog": "npm:@radix-ui/react-dialog@latest"
   }

packages/backend/server/migrations/20240319104623_user_subscriptions/migration.sql

@@ -0,0 +1,11 @@
+/*
+  Warnings:
+
+  - A unique constraint covering the columns `[user_id,plan]` on the table `user_subscriptions` will be added. If there are existing duplicate values, this will fail.
+
+*/
+-- DropIndex
+DROP INDEX "user_subscriptions_user_id_key";
+
+-- CreateIndex
+CREATE UNIQUE INDEX "user_subscriptions_user_id_plan_key" ON "user_subscriptions"("user_id", "plan");

packages/backend/server/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@affine/server",
   "private": true,
-  "version": "0.12.0",
+  "version": "0.14.0",
   "description": "Affine Node.js server",
   "type": "module",
   "bin": {
@@ -20,7 +20,7 @@
   "dependencies": {
     "@apollo/server": "^4.10.0",
     "@auth/prisma-adapter": "^1.4.0",
-    "@aws-sdk/client-s3": "^3.515.0",
+    "@aws-sdk/client-s3": "^3.536.0",
     "@google-cloud/opentelemetry-cloud-monitoring-exporter": "^0.17.0",
     "@google-cloud/opentelemetry-cloud-trace-exporter": "^2.1.0",
     "@google-cloud/opentelemetry-resource-util": "^2.1.0",
@@ -63,7 +63,7 @@
     "dotenv-cli": "^7.3.0",
     "express": "^4.18.2",
     "file-type": "^19.0.0",
-    "get-stream": "^8.0.1",
+    "get-stream": "^9.0.0",
     "graphql": "^16.8.1",
     "graphql-scalars": "^1.22.4",
     "graphql-type-json": "^0.3.2",
@@ -71,6 +71,7 @@
     "ioredis": "^5.3.2",
     "keyv": "^4.5.4",
     "lodash-es": "^4.17.21",
+    "mixpanel": "^0.18.0",
     "nanoid": "^5.0.6",
     "nest-commander": "^3.12.5",
     "nestjs-throttler-storage-redis": "^0.4.1",
@@ -102,6 +103,7 @@
     "@types/graphql-upload": "^16.0.7",
     "@types/keyv": "^4.2.0",
     "@types/lodash-es": "^4.17.12",
+    "@types/mixpanel": "^2.14.8",
     "@types/node": "^20.11.20",
     "@types/nodemailer": "^6.4.14",
     "@types/on-headers": "^1.0.3",

packages/backend/server/schema.prisma

@@ -24,7 +24,7 @@ model User {
 
   features             UserFeatures[]
   customer             UserStripeCustomer?
-  subscription         UserSubscription?
+  subscriptions        UserSubscription[]
   invoices             UserInvoice[]
   workspacePermissions WorkspaceUserPermission[]
   pagePermissions      WorkspacePageUserPermission[]
@@ -369,7 +369,7 @@ model UserStripeCustomer {
 
 model UserSubscription {
   id                   Int       @id @default(autoincrement()) @db.Integer
-  userId               String    @unique @map("user_id") @db.VarChar(36)
+  userId               String    @map("user_id") @db.VarChar(36)
   plan                 String    @db.VarChar(20)
   // yearly/monthly
   recurring            String    @db.VarChar(20)
@@ -395,6 +395,7 @@ model UserSubscription {
   updatedAt DateTime @updatedAt @map("updated_at") @db.Timestamptz(6)
   user      User     @relation(fields: [userId], references: [id], onDelete: Cascade)
 
+  @@unique([userId, plan])
   @@map("user_subscriptions")
 }
 

packages/backend/server/scripts/self-host-predeploy.js

@@ -1,7 +1,10 @@
 import { execSync } from 'node:child_process';
+import { generateKeyPairSync } from 'node:crypto';
 import fs from 'node:fs';
 import path from 'node:path';
 
+import { parse } from 'dotenv';
+
 const SELF_HOST_CONFIG_DIR = '/root/.affine/config';
 /**
  * @type {Array<{ from: string; to?: string, modifier?: (content: string): string }>}
@@ -36,6 +39,26 @@ function prepare() {
         });
       }
     }
+
+    // make the default .env
+    if (to === '.env') {
+      const dotenvFile = fs.readFileSync(targetFilePath, 'utf-8');
+      const envs = parse(dotenvFile);
+      // generate a new private key
+      if (!envs.AFFINE_PRIVATE_KEY) {
+        const privateKey = generateKeyPairSync('ec', {
+          namedCurve: 'prime256v1',
+        }).privateKey.export({
+          type: 'sec1',
+          format: 'pem',
+        });
+
+        fs.writeFileSync(
+          targetFilePath,
+          `AFFINE_PRIVATE_KEY=${privateKey}\n` + dotenvFile
+        );
+      }
+    }
   }
 }
 

packages/backend/server/src/app.module.ts

@@ -18,16 +18,14 @@ import { UserModule } from './core/user';
 import { WorkspaceModule } from './core/workspaces';
 import { getOptionalModuleMetadata } from './fundamentals';
 import { CacheInterceptor, CacheModule } from './fundamentals/cache';
-import {
-  type AvailablePlugins,
-  Config,
-  ConfigModule,
-} from './fundamentals/config';
+import type { AvailablePlugins } from './fundamentals/config';
+import { Config, ConfigModule } from './fundamentals/config';
 import { EventModule } from './fundamentals/event';
 import { GqlModule } from './fundamentals/graphql';
 import { HelpersModule } from './fundamentals/helpers';
 import { MailModule } from './fundamentals/mailer';
 import { MetricsModule } from './fundamentals/metrics';
+import { MutexModule } from './fundamentals/mutex';
 import { PrismaModule } from './fundamentals/prisma';
 import { StorageProviderModule } from './fundamentals/storage';
 import { RateLimiterModule } from './fundamentals/throttler';
@@ -39,6 +37,7 @@ export const FunctionalityModules = [
   ScheduleModule.forRoot(),
   EventModule,
   CacheModule,
+  MutexModule,
   PrismaModule,
   MetricsModule,
   RateLimiterModule,

packages/backend/server/src/app.ts

@@ -43,5 +43,12 @@ export async function createApp() {
     app.useWebSocketAdapter(adapter);
   }
 
+  if (AFFiNE.isSelfhosted && AFFiNE.telemetry.enabled) {
+    const mixpanel = await import('mixpanel');
+    mixpanel.init(AFFiNE.telemetry.token).track('selfhost-server-started', {
+      version: AFFiNE.version,
+    });
+  }
+
   return app;
 }

packages/backend/server/src/config/affine.self.ts

@@ -39,7 +39,15 @@ if (env.R2_OBJECT_STORAGE_ACCOUNT_ID) {
 }
 
 AFFiNE.plugins.use('redis');
-AFFiNE.plugins.use('payment');
+AFFiNE.plugins.use('payment', {
+  stripe: {
+    keys: {
+      // fake the key to ensure the server generate full GraphQL Schema even env vars are not set
+      APIKey: '1',
+      webhookKey: '1',
+    },
+  },
+});
 AFFiNE.plugins.use('oauth');
 
 if (AFFiNE.deploy) {

packages/backend/server/src/config/affine.ts

@@ -52,6 +52,18 @@ AFFiNE.port = 3010;
 // /* The metrics will be available at `http://localhost:9464/metrics` with [Prometheus] format exported */
 // AFFiNE.metrics.enabled = true;
 //
+// /* Authentication Settings */
+// /* User Signup password limitation */
+// AFFiNE.auth.password = {
+//   minLength: 8,
+//   maxLength: 20,
+// };
+//
+// /* How long the login session would last by default */
+// AFFiNE.auth.session = {
+//   ttl: 15 * 24 * 60 * 60, // 15 days
+// };
+//
 // /* GraphQL configurations that control the behavior of the Apollo Server behind */
 // /* @see https://www.apollographql.com/docs/apollo-server/api/apollo-server */
 // AFFiNE.graphql = {
@@ -84,15 +96,15 @@ AFFiNE.port = 3010;
 // /* Redis Plugin */
 // /* Provide caching and session storing backed by Redis. */
 // /* Useful when you deploy AFFiNE server in a cluster. */
-AFFiNE.plugins.use('redis', {
-  /* override options */
-});
+// AFFiNE.plugins.use('redis', {
+//   /* override options */
+// });
 //
 //
 // /* Payment Plugin */
-AFFiNE.plugins.use('payment', {
-  stripe: { keys: {}, apiVersion: '2023-10-16' },
-});
+// AFFiNE.plugins.use('payment', {
+//   stripe: { keys: {}, apiVersion: '2023-10-16' },
+// });
 //
 //
 // /* Cloudflare R2 Plugin */

packages/backend/server/src/core/auth/controller.ts

@@ -58,7 +58,6 @@ export class AuthController {
     }
 
     if (credential.password) {
-      validators.assertValidPassword(credential.password);
       const user = await this.auth.signIn(
         credential.email,
         credential.password
@@ -142,6 +141,7 @@ export class AuthController {
     }
 
     email = decodeURIComponent(email);
+    token = decodeURIComponent(token);
     validators.assertValidEmail(email);
 
     const valid = await this.token.verifyToken(TokenType.SignIn, token, {

packages/backend/server/src/core/auth/guard.ts

@@ -11,7 +11,7 @@ import {
 } from '@nestjs/common';
 import { ModuleRef, Reflector } from '@nestjs/core';
 
-import { Config, getRequestResponseFromContext } from '../../fundamentals';
+import { getRequestResponseFromContext } from '../../fundamentals';
 import { AuthService, parseAuthUserSeqNum } from './service';
 
 function extractTokenFromHeader(authorization: string) {
@@ -27,7 +27,6 @@ export class AuthGuard implements CanActivate, OnModuleInit {
   private auth!: AuthService;
 
   constructor(
-    private readonly config: Config,
     private readonly ref: ModuleRef,
     private readonly reflector: Reflector
   ) {}
@@ -43,17 +42,6 @@ export class AuthGuard implements CanActivate, OnModuleInit {
     let sessionToken: string | undefined =
       req.cookies[AuthService.sessionCookieName];
 
-    // backward compatibility for client older then 0.12
-    // TODO: remove
-    if (!sessionToken) {
-      sessionToken =
-        req.cookies[
-          this.config.https
-            ? '__Secure-next-auth.session-token'
-            : 'next-auth.session-token'
-        ];
-    }
-
     if (!sessionToken && req.headers.authorization) {
       sessionToken = extractTokenFromHeader(req.headers.authorization);
     }

packages/backend/server/src/core/auth/resolver.ts

@@ -132,7 +132,7 @@ export class AuthResolver {
     @Args('email') email: string,
     @Args('password') password: string
   ) {
-    validators.assertValidCredential({ email, password });
+    validators.assertValidEmail(email);
     const user = await this.auth.signIn(email, password);
     await this.auth.setCookie(ctx.req, ctx.res, user);
     ctx.req.user = user;

packages/backend/server/src/core/auth/service.ts

@@ -5,7 +5,8 @@ import {
   NotFoundException,
   OnApplicationBootstrap,
 } from '@nestjs/common';
-import { PrismaClient, type User } from '@prisma/client';
+import type { User } from '@prisma/client';
+import { PrismaClient } from '@prisma/client';
 import type { CookieOptions, Request, Response } from 'express';
 import { assign, omit } from 'lodash-es';
 
@@ -226,6 +227,10 @@ export class AuthService implements OnApplicationBootstrap {
   }
 
   async getSession(token: string) {
+    if (!token) {
+      return null;
+    }
+
     return this.db.$transaction(async tx => {
       const session = await tx.session.findUnique({
         where: {

packages/backend/server/src/core/doc/history.ts

@@ -4,12 +4,8 @@ import { Injectable, Logger } from '@nestjs/common';
 import { Cron, CronExpression } from '@nestjs/schedule';
 import { PrismaClient } from '@prisma/client';
 
-import {
-  Config,
-  type EventPayload,
-  metrics,
-  OnEvent,
-} from '../../fundamentals';
+import type { EventPayload } from '../../fundamentals';
+import { Config, metrics, OnEvent } from '../../fundamentals';
 import { QuotaService } from '../quota';
 import { Permission } from '../workspaces/types';
 import { isEmptyBuffer } from './manager';

packages/backend/server/src/core/doc/manager.ts

@@ -16,12 +16,12 @@ import {
   transact,
 } from 'yjs';
 
+import type { EventPayload } from '../../fundamentals';
 import {
   Cache,
   CallTimer,
   Config,
   EventEmitter,
-  type EventPayload,
   mergeUpdatesInApplyWay as jwstMergeUpdates,
   metrics,
   OnEvent,
@@ -55,6 +55,16 @@ export function isEmptyBuffer(buf: Buffer): boolean {
 const MAX_SEQ_NUM = 0x3fffffff; // u31
 const UPDATES_QUEUE_CACHE_KEY = 'doc:manager:updates';
 
+interface DocResponse {
+  doc: Doc;
+  timestamp: number;
+}
+
+interface BinaryResponse {
+  binary: Buffer;
+  timestamp: number;
+}
+
 /**
  * Since we can't directly save all client updates into database, in which way the database will overload,
  * we need to buffer the updates and merge them to reduce db write.
@@ -229,12 +239,12 @@ export class DocManager implements OnModuleInit, OnModuleDestroy {
     update: Buffer,
     retryTimes = 10
   ) {
-    await new Promise<void>((resolve, reject) => {
+    const timestamp = await new Promise<number>((resolve, reject) => {
       defer(async () => {
         const seq = await this.getUpdateSeq(workspaceId, guid);
-        await this.db.update.create({
+        const { createdAt } = await this.db.update.create({
           select: {
-            seq: true,
+            createdAt: true,
           },
           data: {
             workspaceId,
@@ -243,23 +253,27 @@ export class DocManager implements OnModuleInit, OnModuleDestroy {
             blob: update,
           },
         });
+
+        return createdAt.getTime();
       })
         .pipe(retry(retryTimes)) // retry until seq num not conflict
         .subscribe({
-          next: () => {
+          next: timestamp => {
             this.logger.debug(
               `pushed 1 update for ${guid} in workspace ${workspaceId}`
             );
-            resolve();
+            resolve(timestamp);
           },
           error: e => {
             this.logger.error('Failed to push updates', e);
             reject(new Error('Failed to push update'));
           },
         });
-    }).then(() => {
-      return this.updateCachedUpdatesCount(workspaceId, guid, 1);
     });
+
+    await this.updateCachedUpdatesCount(workspaceId, guid, 1);
+
+    return timestamp;
   }
 
   async batchPush(
@@ -268,56 +282,124 @@ export class DocManager implements OnModuleInit, OnModuleDestroy {
     updates: Buffer[],
     retryTimes = 10
   ) {
-    await new Promise<void>((resolve, reject) => {
+    const timestamp = await new Promise<number>((resolve, reject) => {
       defer(async () => {
-        const seq = await this.getUpdateSeq(workspaceId, guid, updates.length);
+        const lastSeq = await this.getUpdateSeq(
+          workspaceId,
+          guid,
+          updates.length
+        );
+        const now = Date.now();
+        let timestamp = now;
         let turn = 0;
         const batchCount = 10;
         for (const batch of chunk(updates, batchCount)) {
           await this.db.update.createMany({
-            data: batch.map((update, i) => ({
-              workspaceId,
-              id: guid,
+            data: batch.map((update, i) => {
+              const subSeq = turn * batchCount + i + 1;
               // `seq` is the last seq num of the batch
               // example for 11 batched updates, start from seq num 20
               // seq for first update in the batch should be:
-              // 31             - 11                + 0        * 10          + 0 + 1 = 21
-              // ^ last seq num   ^ updates.length    ^ turn     ^ batchCount  ^i
-              seq: seq - updates.length + turn * batchCount + i + 1,
-              blob: update,
-            })),
+              // 31             - 11                + subSeq(0        * 10          + 0 + 1) = 21
+              // ^ last seq num   ^ updates.length           ^ turn     ^ batchCount  ^i
+              const seq = lastSeq - updates.length + subSeq;
+              const createdAt = now + subSeq;
+              timestamp = Math.max(timestamp, createdAt);
+
+              return {
+                workspaceId,
+                id: guid,
+                blob: update,
+                seq,
+                createdAt: new Date(createdAt), // make sure the updates can be ordered by create time
+              };
+            }),
           });
           turn++;
         }
+
+        return timestamp;
       })
         .pipe(retry(retryTimes)) // retry until seq num not conflict
         .subscribe({
-          next: () => {
+          next: timestamp => {
             this.logger.debug(
               `pushed ${updates.length} updates for ${guid} in workspace ${workspaceId}`
             );
-            resolve();
+            resolve(timestamp);
           },
           error: e => {
             this.logger.error('Failed to push updates', e);
             reject(new Error('Failed to push update'));
           },
         });
-    }).then(() => {
-      return this.updateCachedUpdatesCount(workspaceId, guid, updates.length);
     });
+    await this.updateCachedUpdatesCount(workspaceId, guid, updates.length);
+
+    return timestamp;
+  }
+
+  /**
+   * Get latest timestamp of all docs in the workspace.
+   */
+  @CallTimer('doc', 'get_doc_timestamps')
+  async getDocTimestamps(workspaceId: string, after: number | undefined = 0) {
+    const snapshots = await this.db.snapshot.findMany({
+      where: {
+        workspaceId,
+        updatedAt: {
+          gt: new Date(after),
+        },
+      },
+      select: {
+        id: true,
+        updatedAt: true,
+      },
+    });
+
+    const updates = await this.db.update.groupBy({
+      where: {
+        workspaceId,
+        createdAt: {
+          gt: new Date(after),
+        },
+      },
+      by: ['id'],
+      _max: {
+        createdAt: true,
+      },
+    });
+
+    const result: Record<string, number> = {};
+
+    snapshots.forEach(s => {
+      result[s.id] = s.updatedAt.getTime();
+    });
+
+    updates.forEach(u => {
+      if (u._max.createdAt) {
+        result[u.id] = u._max.createdAt.getTime();
+      }
+    });
+
+    return result;
   }
 
   /**
    * get the latest doc with all update applied.
    */
-  async get(workspaceId: string, guid: string): Promise<Doc | null> {
+  async get(workspaceId: string, guid: string): Promise<DocResponse | null> {
     const result = await this._get(workspaceId, guid);
     if (result) {
       if ('doc' in result) {
-        return result.doc;
-      } else if ('snapshot' in result) {
-        return this.recoverDoc(result.snapshot);
+        return result;
+      } else {
+        const doc = await this.recoverDoc(result.binary);
+
+        return {
+          doc,
+          timestamp: result.timestamp,
+        };
       }
     }
 
@@ -327,13 +409,19 @@ export class DocManager implements OnModuleInit, OnModuleDestroy {
   /**
    * get the latest doc binary with all update applied.
    */
-  async getBinary(workspaceId: string, guid: string): Promise<Buffer | null> {
+  async getBinary(
+    workspaceId: string,
+    guid: string
+  ): Promise<BinaryResponse | null> {
     const result = await this._get(workspaceId, guid);
     if (result) {
       if ('doc' in result) {
-        return Buffer.from(encodeStateAsUpdate(result.doc));
-      } else if ('snapshot' in result) {
-        return result.snapshot;
+        return {
+          binary: Buffer.from(encodeStateAsUpdate(result.doc)),
+          timestamp: result.timestamp,
+        };
+      } else {
+        return result;
       }
     }
 
@@ -343,16 +431,27 @@ export class DocManager implements OnModuleInit, OnModuleDestroy {
   /**
    * get the latest doc state vector with all update applied.
    */
-  async getState(workspaceId: string, guid: string): Promise<Buffer | null> {
+  async getDocState(
+    workspaceId: string,
+    guid: string
+  ): Promise<BinaryResponse | null> {
     const snapshot = await this.getSnapshot(workspaceId, guid);
     const updates = await this.getUpdates(workspaceId, guid);
 
     if (updates.length) {
-      const doc = await this.squash(snapshot, updates);
-      return Buffer.from(encodeStateVector(doc));
+      const { doc, timestamp } = await this.squash(snapshot, updates);
+      return {
+        binary: Buffer.from(encodeStateVector(doc)),
+        timestamp,
+      };
     }
 
-    return snapshot ? snapshot.state : null;
+    return snapshot?.state
+      ? {
+          binary: snapshot.state,
+          timestamp: snapshot.updatedAt.getTime(),
+        }
+      : null;
   }
 
   /**
@@ -520,17 +619,17 @@ export class DocManager implements OnModuleInit, OnModuleDestroy {
   private async _get(
     workspaceId: string,
     guid: string
-  ): Promise<{ doc: Doc } | { snapshot: Buffer } | null> {
+  ): Promise<DocResponse | BinaryResponse | null> {
     const snapshot = await this.getSnapshot(workspaceId, guid);
     const updates = await this.getUpdates(workspaceId, guid);
 
     if (updates.length) {
-      return {
-        doc: await this.squash(snapshot, updates),
-      };
+      return this.squash(snapshot, updates);
     }
 
-    return snapshot ? { snapshot: snapshot.blob } : null;
+    return snapshot
+      ? { binary: snapshot.blob, timestamp: snapshot.updatedAt.getTime() }
+      : null;
   }
 
   /**
@@ -538,7 +637,10 @@ export class DocManager implements OnModuleInit, OnModuleDestroy {
    * and delete the updates records at the same time.
    */
   @CallTimer('doc', 'squash')
-  private async squash(snapshot: Snapshot | null, updates: Update[]) {
+  private async squash(
+    snapshot: Snapshot | null,
+    updates: Update[]
+  ): Promise<DocResponse> {
     if (!updates.length) {
       throw new Error('No updates to squash');
     }
@@ -597,7 +699,7 @@ export class DocManager implements OnModuleInit, OnModuleDestroy {
       await this.updateCachedUpdatesCount(workspaceId, id, -count);
     }
 
-    return doc;
+    return { doc, timestamp: last.createdAt.getTime() };
   }
 
   private async getUpdateSeq(workspaceId: string, guid: string, batch = 1) {

packages/backend/server/src/core/features/feature.ts

@@ -1,5 +1,4 @@
-import { PrismaClient } from '@prisma/client';
-
+import { PrismaTransaction } from '../../fundamentals';
 import { Feature, FeatureSchema, FeatureType } from './types';
 
 class FeatureConfig {
@@ -67,7 +66,7 @@ export type FeatureConfigType<F extends FeatureType> = InstanceType<
 
 const FeatureCache = new Map<number, FeatureConfigType<FeatureType>>();
 
-export async function getFeature(prisma: PrismaClient, featureId: number) {
+export async function getFeature(prisma: PrismaTransaction, featureId: number) {
   const cachedQuota = FeatureCache.get(featureId);
 
   if (cachedQuota) {

packages/backend/server/src/core/quota/quota.ts

@@ -1,5 +1,4 @@
-import { PrismaClient } from '@prisma/client';
-
+import { PrismaTransaction } from '../../fundamentals';
 import { formatDate, formatSize, Quota, QuotaSchema } from './types';
 
 const QuotaCache = new Map<number, QuotaConfig>();
@@ -7,14 +6,14 @@ const QuotaCache = new Map<number, QuotaConfig>();
 export class QuotaConfig {
   readonly config: Quota;
 
-  static async get(prisma: PrismaClient, featureId: number) {
+  static async get(tx: PrismaTransaction, featureId: number) {
     const cachedQuota = QuotaCache.get(featureId);
 
     if (cachedQuota) {
       return cachedQuota;
     }
 
-    const quota = await prisma.features.findFirst({
+    const quota = await tx.features.findFirst({
       where: {
         id: featureId,
       },

packages/backend/server/src/core/quota/service.ts

@@ -1,13 +1,12 @@
 import { Injectable } from '@nestjs/common';
 import { PrismaClient } from '@prisma/client';
 
-import { type EventPayload, OnEvent } from '../../fundamentals';
+import type { EventPayload } from '../../fundamentals';
+import { OnEvent, PrismaTransaction } from '../../fundamentals';
 import { FeatureKind } from '../features';
 import { QuotaConfig } from './quota';
 import { QuotaType } from './types';
 
-type Transaction = Parameters<Parameters<PrismaClient['$transaction']>[0]>[0];
-
 @Injectable()
 export class QuotaService {
   constructor(private readonly prisma: PrismaClient) {}
@@ -140,8 +139,8 @@ export class QuotaService {
     });
   }
 
-  async hasQuota(userId: string, quota: QuotaType, transaction?: Transaction) {
-    const executor = transaction ?? this.prisma;
+  async hasQuota(userId: string, quota: QuotaType, tx?: PrismaTransaction) {
+    const executor = tx ?? this.prisma;
 
     return executor.userFeatures
       .count({

packages/backend/server/src/core/sync/events/events.gateway.ts

@@ -38,27 +38,21 @@ export const GatewayErrorWrapper = (): MethodDecorator => {
       return desc;
     }
 
-    desc.value = function (...args: any[]) {
-      let result: any;
+    desc.value = async function (...args: any[]) {
       try {
-        result = originalMethod.apply(this, args);
+        return await originalMethod.apply(this, args);
       } catch (e) {
-        metrics.socketio.counter('unhandled_errors').add(1);
-        return {
-          error: new InternalError(e as Error),
-        };
-      }
-
-      if (result instanceof Promise) {
-        return result.catch(e => {
-          metrics.socketio.counter('unhandled_errors').add(1);
-          new Logger('EventsGateway').error(e, e.stack);
+        if (e instanceof EventError) {
           return {
-            error: new InternalError(e),
+            error: e,
           };
-        });
-      } else {
-        return result;
+        } else {
+          metrics.socketio.counter('unhandled_errors').add(1);
+          new Logger('EventsGateway').error(e, (e as Error).stack);
+          return {
+            error: new InternalError(e as Error),
+          };
+        }
       }
     };
 
@@ -85,8 +79,16 @@ type EventResponse<Data = any> =
           data: Data;
         });
 
+function Sync(workspaceId: string): `${string}:sync` {
+  return `${workspaceId}:sync`;
+}
+
+function Awareness(workspaceId: string): `${string}:awareness` {
+  return `${workspaceId}:awareness`;
+}
+
 @WebSocketGateway({
-  cors: process.env.NODE_ENV !== 'production',
+  cors: !AFFiNE.node.prod,
   transports: ['websocket'],
   // see: https://socket.io/docs/v4/server-options/#maxhttpbuffersize
   maxHttpBufferSize: 1e8, // 100 MB
@@ -113,7 +115,7 @@ export class EventsGateway implements OnGatewayConnection, OnGatewayDisconnect {
     metrics.socketio.gauge('realtime_connections').record(this.connectionCount);
   }
 
-  checkVersion(client: Socket, version?: string) {
+  assertVersion(client: Socket, version?: string) {
     if (
       // @todo(@darkskygit): remove this flag after 0.12 goes stable
       AFFiNE.featureFlags.syncClientVersionCheck &&
@@ -126,14 +128,48 @@ export class EventsGateway implements OnGatewayConnection, OnGatewayDisconnect {
           version ? ` ${version}` : ''
         } is outdated, please update to ${AFFiNE.version}`,
       });
-      return {
-        error: new EventError(
-          EventErrorCode.VERSION_REJECTED,
-          `Client version ${version} is outdated, please update to ${AFFiNE.version}`
-        ),
-      };
+
+      throw new EventError(
+        EventErrorCode.VERSION_REJECTED,
+        `Client version ${version} is outdated, please update to ${AFFiNE.version}`
+      );
+    }
+  }
+
+  async joinWorkspace(
+    client: Socket,
+    room: `${string}:${'sync' | 'awareness'}`
+  ) {
+    await client.join(room);
+  }
+
+  async leaveWorkspace(
+    client: Socket,
+    room: `${string}:${'sync' | 'awareness'}`
+  ) {
+    await client.leave(room);
+  }
+
+  assertInWorkspace(client: Socket, room: `${string}:${'sync' | 'awareness'}`) {
+    if (!client.rooms.has(room)) {
+      throw new NotInWorkspaceError(room);
+    }
+  }
+
+  async assertWorkspaceAccessible(
+    workspaceId: string,
+    userId: string,
+    permission: Permission = Permission.Read
+  ) {
+    if (
+      !(await this.permissions.isWorkspaceMember(
+        workspaceId,
+        userId,
+        permission
+      ))
+    ) {
+      throw new AccessDeniedError(workspaceId);
     }
-    return null;
   }
 
   @Auth()
@@ -144,29 +180,19 @@ export class EventsGateway implements OnGatewayConnection, OnGatewayDisconnect {
     @MessageBody('version') version: string | undefined,
     @ConnectedSocket() client: Socket
   ): Promise<EventResponse<{ clientId: string }>> {
-    const versionError = this.checkVersion(client, version);
-    if (versionError) {
-      return versionError;
-    }
-
-    const canWrite = await this.permissions.tryCheckWorkspace(
+    this.assertVersion(client, version);
+    await this.assertWorkspaceAccessible(
       workspaceId,
       user.id,
       Permission.Write
     );
 
-    if (canWrite) {
-      await client.join(`${workspaceId}:sync`);
-      return {
-        data: {
-          clientId: client.id,
-        },
-      };
-    } else {
-      return {
-        error: new AccessDeniedError(workspaceId),
-      };
-    }
+    await this.joinWorkspace(client, Sync(workspaceId));
+    return {
+      data: {
+        clientId: client.id,
+      },
+    };
   }
 
   @Auth()
@@ -177,47 +203,18 @@ export class EventsGateway implements OnGatewayConnection, OnGatewayDisconnect {
     @MessageBody('version') version: string | undefined,
     @ConnectedSocket() client: Socket
   ): Promise<EventResponse<{ clientId: string }>> {
-    const versionError = this.checkVersion(client, version);
-    if (versionError) {
-      return versionError;
-    }
-
-    const canWrite = await this.permissions.tryCheckWorkspace(
+    this.assertVersion(client, version);
+    await this.assertWorkspaceAccessible(
       workspaceId,
       user.id,
       Permission.Write
     );
 
-    if (canWrite) {
-      await client.join(`${workspaceId}:awareness`);
-      return {
-        data: {
-          clientId: client.id,
-        },
-      };
-    } else {
-      return {
-        error: new AccessDeniedError(workspaceId),
-      };
-    }
-  }
-
-  /**
-   * @deprecated use `client-handshake-sync` and `client-handshake-awareness` instead
-   */
-  @Auth()
-  @SubscribeMessage('client-handshake')
-  async handleClientHandShake(
-    @MessageBody() workspaceId: string,
-    @ConnectedSocket() client: Socket
-  ): Promise<EventResponse<{ clientId: string }>> {
-    const versionError = this.checkVersion(client);
-    if (versionError) {
-      return versionError;
-    }
-    // should unreachable
+    await this.joinWorkspace(client, Awareness(workspaceId));
     return {
-      error: new AccessDeniedError(workspaceId),
+      data: {
+        clientId: client.id,
+      },
     };
   }
 
@@ -226,14 +223,9 @@ export class EventsGateway implements OnGatewayConnection, OnGatewayDisconnect {
     @MessageBody() workspaceId: string,
     @ConnectedSocket() client: Socket
   ): Promise<EventResponse> {
-    if (client.rooms.has(`${workspaceId}:sync`)) {
-      await client.leave(`${workspaceId}:sync`);
-      return {};
-    } else {
-      return {
-        error: new NotInWorkspaceError(workspaceId),
-      };
-    }
+    this.assertInWorkspace(client, Sync(workspaceId));
+    await this.leaveWorkspace(client, Sync(workspaceId));
+    return {};
   }
 
   @SubscribeMessage('client-leave-awareness')
@@ -241,14 +233,27 @@ export class EventsGateway implements OnGatewayConnection, OnGatewayDisconnect {
     @MessageBody() workspaceId: string,
     @ConnectedSocket() client: Socket
   ): Promise<EventResponse> {
-    if (client.rooms.has(`${workspaceId}:awareness`)) {
-      await client.leave(`${workspaceId}:awareness`);
-      return {};
-    } else {
-      return {
-        error: new NotInWorkspaceError(workspaceId),
-      };
-    }
+    this.assertInWorkspace(client, Awareness(workspaceId));
+    await this.leaveWorkspace(client, Awareness(workspaceId));
+    return {};
+  }
+
+  @SubscribeMessage('client-pre-sync')
+  async loadDocStats(
+    @ConnectedSocket() client: Socket,
+    @MessageBody()
+    { workspaceId, timestamp }: { workspaceId: string; timestamp?: number }
+  ): Promise<EventResponse<Record<string, number>>> {
+    this.assertInWorkspace(client, Sync(workspaceId));
+
+    const stats = await this.docManager.getDocTimestamps(
+      workspaceId,
+      timestamp
+    );
+
+    return {
+      data: stats,
+    };
   }
 
   @SubscribeMessage('client-update-v2')
@@ -264,33 +269,32 @@ export class EventsGateway implements OnGatewayConnection, OnGatewayDisconnect {
       updates: string[];
     },
     @ConnectedSocket() client: Socket
-  ): Promise<EventResponse<{ accepted: true }>> {
-    if (!client.rooms.has(`${workspaceId}:sync`)) {
-      return {
-        error: new NotInWorkspaceError(workspaceId),
-      };
-    }
+  ): Promise<EventResponse<{ accepted: true; timestamp?: number }>> {
+    this.assertInWorkspace(client, Sync(workspaceId));
 
     const docId = new DocID(guid, workspaceId);
-    client
-      .to(`${docId.workspace}:sync`)
-      .emit('server-updates', { workspaceId, guid, updates });
-
     const buffers = updates.map(update => Buffer.from(update, 'base64'));
+    const timestamp = await this.docManager.batchPush(
+      docId.workspace,
+      docId.guid,
+      buffers
+    );
+
+    client
+      .to(Sync(workspaceId))
+      .emit('server-updates', { workspaceId, guid, updates, timestamp });
 
-    await this.docManager.batchPush(docId.workspace, docId.guid, buffers);
     return {
       data: {
         accepted: true,
+        timestamp,
       },
     };
   }
 
-  @Auth()
   @SubscribeMessage('doc-load-v2')
   async loadDocV2(
     @ConnectedSocket() client: Socket,
-    @CurrentUser() user: CurrentUser,
     @MessageBody()
     {
       workspaceId,
@@ -301,23 +305,15 @@ export class EventsGateway implements OnGatewayConnection, OnGatewayDisconnect {
       guid: string;
       stateVector?: string;
     }
-  ): Promise<EventResponse<{ missing: string; state?: string }>> {
-    if (!client.rooms.has(`${workspaceId}:sync`)) {
-      const canRead = await this.permissions.tryCheckWorkspace(
-        workspaceId,
-        user.id
-      );
-      if (!canRead) {
-        return {
-          error: new AccessDeniedError(workspaceId),
-        };
-      }
-    }
+  ): Promise<
+    EventResponse<{ missing: string; state?: string; timestamp: number }>
+  > {
+    this.assertInWorkspace(client, Sync(workspaceId));
 
     const docId = new DocID(guid, workspaceId);
-    const doc = await this.docManager.get(docId.workspace, docId.guid);
+    const res = await this.docManager.get(docId.workspace, docId.guid);
 
-    if (!doc) {
+    if (!res) {
       return {
         error: new DocNotFoundError(workspaceId, docId.guid),
       };
@@ -325,54 +321,48 @@ export class EventsGateway implements OnGatewayConnection, OnGatewayDisconnect {
 
     const missing = Buffer.from(
       encodeStateAsUpdate(
-        doc,
+        res.doc,
         stateVector ? Buffer.from(stateVector, 'base64') : undefined
       )
     ).toString('base64');
-    const state = Buffer.from(encodeStateVector(doc)).toString('base64');
+    const state = Buffer.from(encodeStateVector(res.doc)).toString('base64');
 
     return {
       data: {
         missing,
         state,
+        timestamp: res.timestamp,
       },
     };
   }
 
-  @Auth()
   @SubscribeMessage('awareness-init')
   async handleInitAwareness(
     @MessageBody() workspaceId: string,
     @ConnectedSocket() client: Socket
   ): Promise<EventResponse<{ clientId: string }>> {
-    if (client.rooms.has(`${workspaceId}:awareness`)) {
-      client.to(`${workspaceId}:awareness`).emit('new-client-awareness-init');
-      return {
-        data: {
-          clientId: client.id,
-        },
-      };
-    } else {
-      return {
-        error: new NotInWorkspaceError(workspaceId),
-      };
-    }
+    this.assertInWorkspace(client, Awareness(workspaceId));
+    client.to(Awareness(workspaceId)).emit('new-client-awareness-init');
+    return {
+      data: {
+        clientId: client.id,
+      },
+    };
   }
 
   @SubscribeMessage('awareness-update')
   async handleHelpGatheringAwareness(
-    @MessageBody() message: { workspaceId: string; awarenessUpdate: string },
+    @MessageBody()
+    {
+      workspaceId,
+      awarenessUpdate,
+    }: { workspaceId: string; awarenessUpdate: string },
     @ConnectedSocket() client: Socket
   ): Promise<EventResponse> {
-    if (client.rooms.has(`${message.workspaceId}:awareness`)) {
-      client
-        .to(`${message.workspaceId}:awareness`)
-        .emit('server-awareness-broadcast', message);
-      return {};
-    } else {
-      return {
-        error: new NotInWorkspaceError(message.workspaceId),
-      };
-    }
+    this.assertInWorkspace(client, Awareness(workspaceId));
+    client
+      .to(Awareness(workspaceId))
+      .emit('server-awareness-broadcast', { workspaceId, awarenessUpdate });
+    return {};
   }
 }

packages/backend/server/src/core/user/resolver.ts

@@ -7,14 +7,15 @@ import {
   ResolveField,
   Resolver,
 } from '@nestjs/graphql';
-import { PrismaClient, type User } from '@prisma/client';
+import type { User } from '@prisma/client';
+import { PrismaClient } from '@prisma/client';
 import GraphQLUpload from 'graphql-upload/GraphQLUpload.mjs';
 import { isNil, omitBy } from 'lodash-es';
 
+import type { FileUpload } from '../../fundamentals';
 import {
   CloudThrottlerGuard,
   EventEmitter,
-  type FileUpload,
   PaymentRequiredException,
   Throttle,
 } from '../../fundamentals';

packages/backend/server/src/core/user/service.ts

@@ -54,7 +54,7 @@ export class UserService {
 
     return this.createUser({
       email,
-      name: 'Unnamed',
+      name: email.split('@')[0],
       ...data,
     });
   }

packages/backend/server/src/core/utils/validators.ts

@@ -5,12 +5,13 @@ function getAuthCredentialValidator() {
   const email = z.string().email({ message: 'Invalid email address' });
   let password = z.string();
 
-  const minPasswordLength = AFFiNE.node.prod ? 8 : 1;
   password = password
-    .min(minPasswordLength, {
-      message: `Password must be ${minPasswordLength} or more charactors long`,
+    .min(AFFiNE.auth.password.minLength, {
+      message: `Password must be ${AFFiNE.auth.password.minLength} or more charactors long`,
     })
-    .max(20, { message: 'Password must be 20 or fewer charactors long' });
+    .max(AFFiNE.auth.password.maxLength, {
+      message: `Password must be ${AFFiNE.auth.password.maxLength} or fewer charactors long`,
+    });
 
   return z
     .object({

packages/backend/server/src/core/workspaces/controller.ts

@@ -51,7 +51,7 @@ export class WorkspacesController {
     // metadata should always exists if body is not null
     if (metadata) {
       res.setHeader('content-type', metadata.contentType);
-      res.setHeader('last-modified', metadata.lastModified.toISOString());
+      res.setHeader('last-modified', metadata.lastModified.toUTCString());
       res.setHeader('content-length', metadata.contentLength);
     } else {
       this.logger.warn(`Blob ${workspaceId}/${name} has no metadata`);
@@ -83,9 +83,12 @@ export class WorkspacesController {
       throw new ForbiddenException('Permission denied');
     }
 
-    const update = await this.docManager.getBinary(docId.workspace, docId.guid);
+    const binResponse = await this.docManager.getBinary(
+      docId.workspace,
+      docId.guid
+    );
 
-    if (!update) {
+    if (!binResponse) {
       throw new NotFoundException('Doc not found');
     }
 
@@ -106,8 +109,12 @@ export class WorkspacesController {
     }
 
     res.setHeader('content-type', 'application/octet-stream');
-    res.setHeader('cache-control', 'no-cache');
-    res.send(update);
+    res.setHeader(
+      'last-modified',
+      new Date(binResponse.timestamp).toUTCString()
+    );
+    res.setHeader('cache-control', 'private, max-age=2592000');
+    res.send(binResponse.binary);
   }
 
   @Get('/:id/docs/:guid/histories/:timestamp')
@@ -142,7 +149,7 @@ export class WorkspacesController {
 
     if (history) {
       res.setHeader('content-type', 'application/octet-stream');
-      res.setHeader('cache-control', 'public, max-age=2592000, immutable');
+      res.setHeader('cache-control', 'private, max-age=2592000, immutable');
       res.send(history.blob);
     } else {
       throw new NotFoundException('Doc history not found');

packages/backend/server/src/core/workspaces/permission.ts

@@ -1,5 +1,6 @@
 import { ForbiddenException, Injectable } from '@nestjs/common';
-import { type Prisma, PrismaClient } from '@prisma/client';
+import type { Prisma } from '@prisma/client';
+import { PrismaClient } from '@prisma/client';
 
 import { Permission } from './types';
 
@@ -73,6 +74,28 @@ export class PermissionService {
     return this.tryCheckPage(ws, id, user);
   }
 
+  /**
+   * Returns whether a given user is a member of a workspace and has the given or higher permission.
+   */
+  async isWorkspaceMember(
+    ws: string,
+    user: string,
+    permission: Permission
+  ): Promise<boolean> {
+    const count = await this.prisma.workspaceUserPermission.count({
+      where: {
+        workspaceId: ws,
+        userId: user,
+        accepted: true,
+        type: {
+          gte: permission,
+        },
+      },
+    });
+
+    return count !== 0;
+  }
+
   async checkWorkspace(
     ws: string,
     user?: string,

packages/backend/server/src/core/workspaces/resolvers/blob.ts

@@ -16,9 +16,9 @@ import {
 import { SafeIntResolver } from 'graphql-scalars';
 import GraphQLUpload from 'graphql-upload/GraphQLUpload.mjs';
 
+import type { FileUpload } from '../../../fundamentals';
 import {
   CloudThrottlerGuard,
-  type FileUpload,
   MakeCache,
   PreventCache,
 } from '../../../fundamentals';

packages/backend/server/src/core/workspaces/resolvers/page.ts

@@ -9,10 +9,8 @@ import {
   ResolveField,
   Resolver,
 } from '@nestjs/graphql';
-import {
-  PrismaClient,
-  type WorkspacePage as PrismaWorkspacePage,
-} from '@prisma/client';
+import type { WorkspacePage as PrismaWorkspacePage } from '@prisma/client';
+import { PrismaClient } from '@prisma/client';
 
 import { CloudThrottlerGuard } from '../../../fundamentals';
 import { CurrentUser } from '../../auth';

packages/backend/server/src/core/workspaces/resolvers/workspace.ts

@@ -20,12 +20,14 @@ import { getStreamAsBuffer } from 'get-stream';
 import GraphQLUpload from 'graphql-upload/GraphQLUpload.mjs';
 import { applyUpdate, Doc } from 'yjs';
 
+import type { FileUpload } from '../../../fundamentals';
 import {
   CloudThrottlerGuard,
   EventEmitter,
-  type FileUpload,
   MailService,
+  MutexService,
   Throttle,
+  TooManyRequestsException,
 } from '../../../fundamentals';
 import { CurrentUser, Public } from '../../auth';
 import { QuotaManagementService, QuotaQueryType } from '../../quota';
@@ -58,7 +60,8 @@ export class WorkspaceResolver {
     private readonly quota: QuotaManagementService,
     private readonly users: UserService,
     private readonly event: EventEmitter,
-    private readonly blobStorage: WorkspaceBlobStorage
+    private readonly blobStorage: WorkspaceBlobStorage,
+    private readonly mutex: MutexService
   ) {}
 
   @ResolveField(() => Permission, {
@@ -336,74 +339,87 @@ export class WorkspaceResolver {
       throw new ForbiddenException('Cannot change owner');
     }
 
-    // member limit check
-    const [memberCount, quota] = await Promise.all([
-      this.prisma.workspaceUserPermission.count({
-        where: { workspaceId },
-      }),
-      this.quota.getWorkspaceUsage(workspaceId),
-    ]);
-    if (memberCount >= quota.memberLimit) {
-      throw new PayloadTooLargeException('Workspace member limit reached.');
-    }
+    try {
+      // lock to prevent concurrent invite
+      const lockFlag = `invite:${workspaceId}`;
+      await using lock = await this.mutex.lock(lockFlag);
+      if (!lock) {
+        return new TooManyRequestsException('Server is busy');
+      }
 
-    let target = await this.users.findUserByEmail(email);
-    if (target) {
-      const originRecord = await this.prisma.workspaceUserPermission.findFirst({
-        where: {
-          workspaceId,
-          userId: target.id,
-        },
-      });
-      // only invite if the user is not already in the workspace
-      if (originRecord) return originRecord.id;
-    } else {
-      target = await this.users.createAnonymousUser(email, {
-        registered: false,
-      });
-    }
+      // member limit check
+      const [memberCount, quota] = await Promise.all([
+        this.prisma.workspaceUserPermission.count({
+          where: { workspaceId },
+        }),
+        this.quota.getWorkspaceUsage(workspaceId),
+      ]);
+      if (memberCount >= quota.memberLimit) {
+        return new PayloadTooLargeException('Workspace member limit reached.');
+      }
 
-    const inviteId = await this.permissions.grant(
-      workspaceId,
-      target.id,
-      permission
-    );
-    if (sendInviteMail) {
-      const inviteInfo = await this.getInviteInfo(inviteId);
-
-      try {
-        await this.mailer.sendInviteEmail(email, inviteId, {
-          workspace: {
-            id: inviteInfo.workspace.id,
-            name: inviteInfo.workspace.name,
-            avatar: inviteInfo.workspace.avatar,
-          },
-          user: {
-            avatar: inviteInfo.user?.avatarUrl || '',
-            name: inviteInfo.user?.name || '',
-          },
+      let target = await this.users.findUserByEmail(email);
+      if (target) {
+        const originRecord =
+          await this.prisma.workspaceUserPermission.findFirst({
+            where: {
+              workspaceId,
+              userId: target.id,
+            },
+          });
+        // only invite if the user is not already in the workspace
+        if (originRecord) return originRecord.id;
+      } else {
+        target = await this.users.createAnonymousUser(email, {
+          registered: false,
         });
-      } catch (e) {
-        const ret = await this.permissions.revokeWorkspace(
-          workspaceId,
-          target.id
-        );
+      }
 
-        if (!ret) {
-          this.logger.fatal(
-            `failed to send ${workspaceId} invite email to ${email} and failed to revoke permission: ${inviteId}, ${e}`
+      const inviteId = await this.permissions.grant(
+        workspaceId,
+        target.id,
+        permission
+      );
+      if (sendInviteMail) {
+        const inviteInfo = await this.getInviteInfo(inviteId);
+
+        try {
+          await this.mailer.sendInviteEmail(email, inviteId, {
+            workspace: {
+              id: inviteInfo.workspace.id,
+              name: inviteInfo.workspace.name,
+              avatar: inviteInfo.workspace.avatar,
+            },
+            user: {
+              avatar: inviteInfo.user?.avatarUrl || '',
+              name: inviteInfo.user?.name || '',
+            },
+          });
+        } catch (e) {
+          const ret = await this.permissions.revokeWorkspace(
+            workspaceId,
+            target.id
           );
-        } else {
-          this.logger.warn(
-            `failed to send ${workspaceId} invite email to ${email}, but successfully revoked permission: ${e}`
+
+          if (!ret) {
+            this.logger.fatal(
+              `failed to send ${workspaceId} invite email to ${email} and failed to revoke permission: ${inviteId}, ${e}`
+            );
+          } else {
+            this.logger.warn(
+              `failed to send ${workspaceId} invite email to ${email}, but successfully revoked permission: ${e}`
+            );
+          }
+          return new InternalServerErrorException(
+            'Failed to send invite email. Please try again.'
           );
         }
-        return new InternalServerErrorException(
-          'Failed to send invite email. Please try again.'
-        );
       }
+      return inviteId;
+    } catch (e) {
+      this.logger.error('failed to invite user', e);
+      return new TooManyRequestsException('Server is busy');
     }
-    return inviteId;
   }
 
   @Throttle({

packages/backend/server/src/data/commands/run.ts

@@ -23,6 +23,8 @@ export async function collectMigrations(): Promise<Migration[]> {
     )
     .map(desc => join(folder, desc));
 
+  migrationFiles.sort((a, b) => a.localeCompare(b));
+
   const migrations: Migration[] = await Promise.all(
     migrationFiles.map(async file => {
       return import(pathToFileURL(file).href).then(mod => {

packages/backend/server/src/data/index.ts

@@ -3,9 +3,8 @@ import '../prelude';
 import { Logger } from '@nestjs/common';
 import { CommandFactory } from 'nest-commander';
 
-import { CliAppModule } from './app';
-
 async function bootstrap() {
+  const { CliAppModule } = await import('./app');
   await CommandFactory.run(CliAppModule, new Logger()).catch(e => {
     console.error(e);
     process.exit(1);

packages/backend/server/src/data/migrations/1703756315970-unamed-account.ts

@@ -1,4 +1,5 @@
-import { PrismaClient, type User } from '@prisma/client';
+import type { User } from '@prisma/client';
+import { PrismaClient } from '@prisma/client';
 
 export class UnamedAccount1703756315970 {
   // do the migration

packages/backend/server/src/data/migrations/99999999-self-host-admin.ts

@@ -4,7 +4,7 @@ import { PrismaClient } from '@prisma/client';
 import { UserService } from '../../core/user';
 import { Config, CryptoHelper } from '../../fundamentals';
 
-export class SelfHostAdmin1605053000403 {
+export class SelfHostAdmin99999999 {
   // do the migration
   static async up(_db: PrismaClient, ref: ModuleRef) {
     const config = ref.get(Config, { strict: false });

packages/backend/server/src/fundamentals/config/def.ts

@@ -220,6 +220,20 @@ export interface AFFiNEConfig {
    * authentication config
    */
   auth: {
+    password: {
+      /**
+       * The minimum and maximum length of the password when registering new users
+       *
+       * @default 8
+       */
+      minLength: number;
+      /**
+       * The maximum length of the password
+       *
+       * @default 20
+       */
+      maxLength: number;
+    };
     session: {
       /**
        * Application auth expiration time in seconds
@@ -319,6 +333,11 @@ export interface AFFiNEConfig {
   metrics: {
     enabled: boolean;
   };
+
+  telemetry: {
+    enabled: boolean;
+    token: string;
+  };
 }
 
 export * from './storage';

packages/backend/server/src/fundamentals/config/default.ts

@@ -5,13 +5,8 @@ import { createPrivateKey, createPublicKey } from 'node:crypto';
 import { merge } from 'lodash-es';
 
 import pkg from '../../../package.json' assert { type: 'json' };
-import {
-  type AFFINE_ENV,
-  AFFiNEConfig,
-  DeploymentType,
-  type NODE_ENV,
-  type ServerFlavor,
-} from './def';
+import type { AFFINE_ENV, NODE_ENV, ServerFlavor } from './def';
+import { AFFiNEConfig, DeploymentType } from './def';
 import { readEnv } from './env';
 import { getDefaultAFFiNEStorageConfig } from './storage';
 
@@ -25,9 +20,10 @@ AwEHoUQDQgAEF3U/0wIeJ3jRKXeFKqQyBKlr9F7xaAUScRrAuSP33rajm3cdfihI
 const ONE_DAY_IN_SEC = 60 * 60 * 24;
 
 const keyPair = (function () {
-  const AUTH_PRIVATE_KEY = process.env.AUTH_PRIVATE_KEY ?? examplePrivateKey;
+  const AFFINE_PRIVATE_KEY =
+    process.env.AFFINE_PRIVATE_KEY ?? examplePrivateKey;
   const privateKey = createPrivateKey({
-    key: Buffer.from(AUTH_PRIVATE_KEY),
+    key: Buffer.from(AFFINE_PRIVATE_KEY),
     format: 'pem',
     type: 'sec1',
   })
@@ -37,7 +33,7 @@ const keyPair = (function () {
     })
     .toString('utf8');
   const publicKey = createPublicKey({
-    key: Buffer.from(AUTH_PRIVATE_KEY),
+    key: Buffer.from(AFFINE_PRIVATE_KEY),
     format: 'pem',
     type: 'spki',
   })
@@ -77,7 +73,16 @@ export const getDefaultAFFiNEConfig: () => AFFiNEConfig = () => {
     Object.values(DeploymentType)
   );
   const isSelfhosted = deploymentType === DeploymentType.Selfhosted;
-
+  const affine = {
+    canary: AFFINE_ENV === 'dev',
+    beta: AFFINE_ENV === 'beta',
+    stable: AFFINE_ENV === 'production',
+  };
+  const node = {
+    prod: NODE_ENV === 'production',
+    dev: NODE_ENV === 'development',
+    test: NODE_ENV === 'test',
+  };
   const defaultConfig = {
     serverId: 'affine-nestjs-server',
     serverName: isSelfhosted ? 'Self-Host Cloud' : 'AFFiNE Cloud',
@@ -98,19 +103,11 @@ export const getDefaultAFFiNEConfig: () => AFFiNEConfig = () => {
     ENV_MAP: {},
     AFFINE_ENV,
     get affine() {
-      return {
-        canary: AFFINE_ENV === 'dev',
-        beta: AFFINE_ENV === 'beta',
-        stable: AFFINE_ENV === 'production',
-      };
+      return affine;
     },
     NODE_ENV,
     get node() {
-      return {
-        prod: NODE_ENV === 'production',
-        dev: NODE_ENV === 'development',
-        test: NODE_ENV === 'test',
-      };
+      return node;
     },
     get deploy() {
       return !this.node.dev && !this.node.test;
@@ -150,6 +147,10 @@ export const getDefaultAFFiNEConfig: () => AFFiNEConfig = () => {
       playground: true,
     },
     auth: {
+      password: {
+        minLength: node.prod ? 8 : 1,
+        maxLength: 32,
+      },
       session: {
         ttl: 15 * ONE_DAY_IN_SEC,
       },
@@ -186,6 +187,10 @@ export const getDefaultAFFiNEConfig: () => AFFiNEConfig = () => {
     metrics: {
       enabled: false,
     },
+    telemetry: {
+      enabled: isSelfhosted && !process.env.DISABLE_SERVER_TELEMETRY,
+      token: '389c0615a69b57cca7d3fa0a4824c930',
+    },
     plugins: {
       enabled: new Set(),
       use(plugin, config) {

packages/backend/server/src/fundamentals/error/index.ts

@@ -1 +1,2 @@
 export * from './payment-required';
+export * from './too-many-requests';

packages/backend/server/src/fundamentals/error/too-many-requests.ts

@@ -0,0 +1,14 @@
+import { HttpException, HttpStatus } from '@nestjs/common';
+
+export class TooManyRequestsException extends HttpException {
+  constructor(desc?: string, code: string = 'Too Many Requests') {
+    super(
+      HttpException.createBody(
+        desc ?? code,
+        code,
+        HttpStatus.TOO_MANY_REQUESTS
+      ),
+      HttpStatus.TOO_MANY_REQUESTS
+    );
+  }
+}

packages/backend/server/src/fundamentals/graphql/index.ts

@@ -11,6 +11,12 @@ import { GraphQLError } from 'graphql';
 import { Config } from '../config';
 import { GQLLoggerPlugin } from './logger-plugin';
 
+export type GraphqlContext = {
+  req: Request;
+  res: Response;
+  isAdminQuery: boolean;
+};
+
 @Global()
 @Module({
   imports: [
@@ -30,7 +36,13 @@ import { GQLLoggerPlugin } from './logger-plugin';
               : '../../../schema.gql'
           ),
           sortSchema: true,
-          context: ({ req, res }: { req: Request; res: Response }) => ({
+          context: ({
+            req,
+            res,
+          }: {
+            req: Request;
+            res: Response;
+          }): GraphqlContext => ({
             req,
             res,
             isAdminQuery: false,

packages/backend/server/src/fundamentals/helpers/url.ts

@@ -1,5 +1,5 @@
 import { Injectable } from '@nestjs/common';
-import { type Response } from 'express';
+import type { Response } from 'express';
 
 import { Config } from '../config';
 

packages/backend/server/src/fundamentals/index.ts

@@ -14,14 +14,17 @@ export {
 } from './config';
 export * from './error';
 export { EventEmitter, type EventPayload, OnEvent } from './event';
+export type { GraphqlContext } from './graphql';
 export { CryptoHelper, URLHelper } from './helpers';
 export { MailService } from './mailer';
 export { CallCounter, CallTimer, metrics } from './metrics';
+export { type ILocker, Lock, Locker, MutexService } from './mutex';
 export {
   getOptionalModuleMetadata,
   GlobalExceptionFilter,
   OptionalModule,
 } from './nestjs';
+export type { PrismaTransaction } from './prisma';
 export * from './storage';
 export { type StorageProvider, StorageProviderFactory } from './storage';
 export { AuthThrottlerGuard, CloudThrottlerGuard, Throttle } from './throttler';

packages/backend/server/src/fundamentals/mailer/mail.service.ts

@@ -2,7 +2,8 @@ import { Inject, Injectable, Optional } from '@nestjs/common';
 
 import { Config } from '../config';
 import { URLHelper } from '../helpers';
-import { MAILER_SERVICE, type MailerService, type Options } from './mailer';
+import type { MailerService, Options } from './mailer';
+import { MAILER_SERVICE } from './mailer';
 import { emailTemplate } from './template';
 @Injectable()
 export class MailService {

packages/backend/server/src/fundamentals/metrics/metrics.ts

@@ -43,9 +43,9 @@ const metricCreators: MetricCreators = {
   gauge(meter: Meter, name: string, opts?: MetricOptions) {
     let value: any;
     let attrs: Attributes | undefined;
-    const ob = meter.createObservableGauge(name, opts);
+    const ob$ = meter.createObservableGauge(name, opts);
 
-    ob.addCallback(result => {
+    ob$.addCallback(result => {
       result.observe(value, attrs);
     });
 

packages/backend/server/src/fundamentals/metrics/opentelemetry.ts

@@ -15,11 +15,8 @@ import { IORedisInstrumentation } from '@opentelemetry/instrumentation-ioredis';
 import { NestInstrumentation } from '@opentelemetry/instrumentation-nestjs-core';
 import { SocketIoInstrumentation } from '@opentelemetry/instrumentation-socket.io';
 import { Resource } from '@opentelemetry/resources';
-import {
-  type MeterProvider,
-  MetricProducer,
-  MetricReader,
-} from '@opentelemetry/sdk-metrics';
+import type { MeterProvider } from '@opentelemetry/sdk-metrics';
+import { MetricProducer, MetricReader } from '@opentelemetry/sdk-metrics';
 import { NodeSDK } from '@opentelemetry/sdk-node';
 import {
   BatchSpanProcessor,

packages/backend/server/src/fundamentals/metrics/utils.ts

@@ -18,11 +18,16 @@ export const CallTimer = (
       return desc;
     }
 
-    desc.value = function (...args: any[]) {
+    desc.value = async function (...args: any[]) {
       const timer = metrics[scope].histogram(name, {
         description: `function call time costs of ${name}`,
         unit: 'ms',
       });
+      metrics[scope]
+        .counter(`${name}_calls`, {
+          description: `function call counts of ${name}`,
+        })
+        .add(1, attrs);
 
       const start = Date.now();
 
@@ -30,19 +35,10 @@ export const CallTimer = (
         timer.record(Date.now() - start, attrs);
       };
 
-      let result: any;
       try {
-        result = originalMethod.apply(this, args);
-      } catch (e) {
+        return await originalMethod.apply(this, args);
+      } finally {
         end();
-        throw e;
-      }
-
-      if (result instanceof Promise) {
-        return result.finally(end);
-      } else {
-        end();
-        return result;
       }
     };
 

packages/backend/server/src/fundamentals/mutex/index.ts

@@ -0,0 +1,14 @@
+import { Global, Module } from '@nestjs/common';
+
+import { Locker } from './local-lock';
+import { MutexService } from './mutex';
+
+@Global()
+@Module({
+  providers: [MutexService, Locker],
+  exports: [MutexService],
+})
+export class MutexModule {}
+
+export { Locker, MutexService };
+export { type Locker as ILocker, Lock } from './lock';

packages/backend/server/src/fundamentals/mutex/local-lock.ts

@@ -0,0 +1,28 @@
+import { Injectable } from '@nestjs/common';
+
+import { Cache } from '../cache';
+import { Lock, Locker as ILocker } from './lock';
+
+@Injectable()
+export class Locker implements ILocker {
+  constructor(private readonly cache: Cache) {}
+
+  async lock(owner: string, key: string): Promise<Lock> {
+    const lockKey = `MutexLock:${key}`;
+    const prevOwner = await this.cache.get<string>(lockKey);
+
+    if (prevOwner && prevOwner !== owner) {
+      throw new Error(`Lock for resource [${key}] has been holder by others`);
+    }
+
+    const acquired = await this.cache.set(lockKey, owner);
+
+    if (acquired) {
+      return new Lock(async () => {
+        await this.cache.delete(lockKey);
+      });
+    }
+
+    throw new Error(`Failed to acquire lock for resource [${key}]`);
+  }
+}

packages/backend/server/src/fundamentals/mutex/lock.ts

@@ -0,0 +1,23 @@
+import { Logger } from '@nestjs/common';
+
+import { retryable } from '../utils/promise';
+
+export class Lock implements AsyncDisposable {
+  private readonly logger = new Logger(Lock.name);
+
+  constructor(private readonly dispose: () => Promise<void>) {}
+
+  async release() {
+    await retryable(() => this.dispose()).catch(e => {
+      this.logger.error('Failed to release lock', e);
+    });
+  }
+
+  async [Symbol.asyncDispose]() {
+    await this.release();
+  }
+}
+
+export interface Locker {
+  lock(owner: string, key: string): Promise<Lock>;
+}

packages/backend/server/src/fundamentals/mutex/mutex.ts

@@ -0,0 +1,80 @@
+import { randomUUID } from 'node:crypto';
+
+import { Inject, Injectable, Logger, Scope } from '@nestjs/common';
+import { ModuleRef } from '@nestjs/core';
+import { CONTEXT } from '@nestjs/graphql';
+
+import type { GraphqlContext } from '../graphql';
+import { retryable } from '../utils/promise';
+import { Locker } from './local-lock';
+
+export const MUTEX_RETRY = 5;
+export const MUTEX_WAIT = 100;
+
+@Injectable({ scope: Scope.REQUEST })
+export class MutexService {
+  protected logger = new Logger(MutexService.name);
+  private readonly locker: Locker;
+
+  constructor(
+    @Inject(CONTEXT) private readonly context: GraphqlContext,
+    private readonly ref: ModuleRef
+  ) {
+    // nestjs will always find and injecting the locker from local module
+    // so the RedisLocker implemented by the plugin mechanism will not be able to overwrite the internal locker
+    // we need to use find and get the locker from the `ModuleRef` manually
+    //
+    // NOTE: when a `constructor` execute in normal service, the Locker module we expect may not have been initialized
+    //       but in the Service with `Scope.REQUEST`, we will create a separate Service instance for each request
+    //       at this time, all modules have been initialized, so we able to get the correct Locker instance in `constructor`
+    this.locker = this.ref.get(Locker, { strict: false });
+  }
+
+  protected getId() {
+    let id = this.context.req.headers['x-transaction-id'] as string;
+
+    if (!id) {
+      id = randomUUID();
+      this.context.req.headers['x-transaction-id'] = id;
+    }
+
+    return id;
+  }
+
+  /**
+   * lock an resource and return a lock guard, which will release the lock when disposed
+   *
+   * if the lock is not available, it will retry for [MUTEX_RETRY] times
+   *
+   * usage:
+   * ```typescript
+   * {
+   *   // lock is acquired here
+   *   await using lock = await mutex.lock('resource-key');
+   *   if (lock) {
+   *     // do something
+   *   } else {
+   *     // failed to lock
+   *   }
+   * }
+   * // lock is released here
+   * ```
+   * @param key resource key
+   * @returns LockGuard
+   */
+  async lock(key: string) {
+    try {
+      return await retryable(
+        () => this.locker.lock(this.getId(), key),
+        MUTEX_RETRY,
+        MUTEX_WAIT
+      );
+    } catch (e) {
+      this.logger.error(
+        `Failed to lock resource [${key}] after retry ${MUTEX_RETRY} times`,
+        e
+      );
+      return undefined;
+    }
+  }
+}

packages/backend/server/src/fundamentals/prisma/index.ts

@@ -16,3 +16,7 @@ const clientProvider: Provider = {
 })
 export class PrismaModule {}
 export { PrismaService } from './service';
+
+export type PrismaTransaction = Parameters<
+  Parameters<PrismaClient['$transaction']>[0]
+>[0];

packages/backend/server/src/fundamentals/throttler/index.ts

@@ -1,5 +1,4 @@
-import { ExecutionContext, Injectable } from '@nestjs/common';
-import { Global, Module } from '@nestjs/common';
+import { ExecutionContext, Global, Injectable, Module } from '@nestjs/common';
 import {
   Throttle,
   ThrottlerGuard,

packages/backend/server/src/fundamentals/utils/promise.ts

@@ -0,0 +1,44 @@
+import { defer, retry } from 'rxjs';
+
+export class RetryablePromise<T> extends Promise<T> {
+  constructor(
+    executor: (
+      resolve: (value: T | PromiseLike<T>) => void,
+      reject: (reason?: any) => void
+    ) => void,
+    retryTimes: number = 3,
+    retryIntervalInMs: number = 300
+  ) {
+    super((resolve, reject) => {
+      defer(() => new Promise<T>(executor))
+        .pipe(
+          retry({
+            count: retryTimes,
+            delay: retryIntervalInMs,
+          })
+        )
+        .subscribe({
+          next: v => {
+            resolve(v);
+          },
+          error: e => {
+            reject(e);
+          },
+        });
+    });
+  }
+}
+
+export function retryable<Ret = unknown>(
+  asyncFn: () => Promise<Ret>,
+  retryTimes = 3,
+  retryIntervalInMs = 300
+): Promise<Ret> {
+  return new RetryablePromise<Ret>(
+    (resolve, reject) => {
+      asyncFn().then(resolve).catch(reject);
+    },
+    retryTimes,
+    retryIntervalInMs
+  );
+}

packages/backend/server/src/plugins/oauth/providers/google.ts

@@ -36,7 +36,7 @@ export class GoogleOAuthProvider extends AutoRegisteredOAuthProvider {
       redirect_uri: this.url.link('/oauth/callback'),
       response_type: 'code',
       scope: 'openid email profile',
-      promot: 'select_account',
+      prompt: 'select_account',
       access_type: 'offline',
       ...this.config.args,
       state,

packages/backend/server/src/plugins/payment/resolver.ts

@@ -1,8 +1,4 @@
-import {
-  BadGatewayException,
-  ForbiddenException,
-  InternalServerErrorException,
-} from '@nestjs/common';
+import { BadGatewayException, ForbiddenException } from '@nestjs/common';
 import {
   Args,
   Context,
@@ -48,11 +44,11 @@ class SubscriptionPrice {
   @Field()
   currency!: string;
 
-  @Field()
-  amount!: number;
+  @Field(() => Int, { nullable: true })
+  amount?: number | null;
 
-  @Field()
-  yearlyAmount!: number;
+  @Field(() => Int, { nullable: true })
+  yearlyAmount?: number | null;
 }
 
 @ObjectType('UserSubscription')
@@ -176,64 +172,39 @@ export class SubscriptionResolver {
       }
     );
 
-    return Object.entries(group).map(([plan, prices]) => {
-      const yearly = prices.find(
-        price =>
-          decodeLookupKey(
-            // @ts-expect-error empty lookup key is filtered out
-            price.lookup_key
-          )[1] === SubscriptionRecurring.Yearly
-      );
-      const monthly = prices.find(
-        price =>
-          decodeLookupKey(
-            // @ts-expect-error empty lookup key is filtered out
-            price.lookup_key
-          )[1] === SubscriptionRecurring.Monthly
-      );
+    function findPrice(plan: SubscriptionPlan) {
+      const prices = group[plan];
 
-      if (!yearly || !monthly) {
-        throw new InternalServerErrorException(
-          'The prices are not configured correctly.'
-        );
+      if (!prices) {
+        return null;
       }
 
+      const monthlyPrice = prices.find(p => p.recurring?.interval === 'month');
+      const yearlyPrice = prices.find(p => p.recurring?.interval === 'year');
+      const currency = monthlyPrice?.currency ?? yearlyPrice?.currency ?? 'usd';
       return {
-        type: 'fixed',
-        plan: plan as SubscriptionPlan,
-        currency: monthly.currency,
-        amount: monthly.unit_amount ?? 0,
-        yearlyAmount: yearly.unit_amount ?? 0,
+        currency,
+        amount: monthlyPrice?.unit_amount,
+        yearlyAmount: yearlyPrice?.unit_amount,
       };
-    });
-  }
-
-  /**
-   * @deprecated
-   */
-  @Mutation(() => String, {
-    deprecationReason: 'use `createCheckoutSession` instead',
-    description: 'Create a subscription checkout link of stripe',
-  })
-  async checkout(
-    @CurrentUser() user: CurrentUser,
-    @Args({ name: 'recurring', type: () => SubscriptionRecurring })
-    recurring: SubscriptionRecurring,
-    @Args('idempotencyKey') idempotencyKey: string
-  ) {
-    const session = await this.service.createCheckoutSession({
-      user,
-      plan: SubscriptionPlan.Pro,
-      recurring,
-      redirectUrl: `${this.config.baseUrl}/upgrade-success`,
-      idempotencyKey,
-    });
-
-    if (!session.url) {
-      throw new BadGatewayException('Failed to create checkout session.');
     }
 
-    return session.url;
+    // extend it when new plans are added
+    const fixedPlans = [SubscriptionPlan.Pro, SubscriptionPlan.AI];
+
+    return fixedPlans.reduce((prices, plan) => {
+      const price = findPrice(plan);
+
+      if (price && (price.amount || price.yearlyAmount)) {
+        prices.push({
+          type: 'fixed',
+          plan,
+          ...price,
+        });
+      }
+
+      return prices;
+    }, [] as SubscriptionPrice[]);
   }
 
   @Mutation(() => String, {
@@ -271,17 +242,35 @@ export class SubscriptionResolver {
   @Mutation(() => UserSubscriptionType)
   async cancelSubscription(
     @CurrentUser() user: CurrentUser,
+    @Args({
+      name: 'plan',
+      type: () => SubscriptionPlan,
+      nullable: true,
+      defaultValue: SubscriptionPlan.Pro,
+    })
+    plan: SubscriptionPlan,
     @Args('idempotencyKey') idempotencyKey: string
   ) {
-    return this.service.cancelSubscription(idempotencyKey, user.id);
+    return this.service.cancelSubscription(idempotencyKey, user.id, plan);
   }
 
   @Mutation(() => UserSubscriptionType)
   async resumeSubscription(
     @CurrentUser() user: CurrentUser,
+    @Args({
+      name: 'plan',
+      type: () => SubscriptionPlan,
+      nullable: true,
+      defaultValue: SubscriptionPlan.Pro,
+    })
+    plan: SubscriptionPlan,
     @Args('idempotencyKey') idempotencyKey: string
   ) {
-    return this.service.resumeCanceledSubscription(idempotencyKey, user.id);
+    return this.service.resumeCanceledSubscription(
+      idempotencyKey,
+      user.id,
+      plan
+    );
   }
 
   @Mutation(() => UserSubscriptionType)
@@ -289,11 +278,19 @@ export class SubscriptionResolver {
     @CurrentUser() user: CurrentUser,
     @Args({ name: 'recurring', type: () => SubscriptionRecurring })
     recurring: SubscriptionRecurring,
+    @Args({
+      name: 'plan',
+      type: () => SubscriptionPlan,
+      nullable: true,
+      defaultValue: SubscriptionPlan.Pro,
+    })
+    plan: SubscriptionPlan,
     @Args('idempotencyKey') idempotencyKey: string
   ) {
     return this.service.updateSubscriptionRecurring(
       idempotencyKey,
       user.id,
+      plan,
       recurring
     );
   }
@@ -306,11 +303,21 @@ export class UserSubscriptionResolver {
     private readonly db: PrismaClient
   ) {}
 
-  @ResolveField(() => UserSubscriptionType, { nullable: true })
+  @ResolveField(() => UserSubscriptionType, {
+    nullable: true,
+    deprecationReason: 'use `UserType.subscriptions`',
+  })
   async subscription(
     @Context() ctx: { isAdminQuery: boolean },
     @CurrentUser() me: User,
-    @Parent() user: User
+    @Parent() user: User,
+    @Args({
+      name: 'plan',
+      type: () => SubscriptionPlan,
+      nullable: true,
+      defaultValue: SubscriptionPlan.Pro,
+    })
+    plan: SubscriptionPlan
   ) {
     // allow admin to query other user's subscription
     if (!ctx.isAdminQuery && me.id !== user.id) {
@@ -340,12 +347,33 @@ export class UserSubscriptionResolver {
 
     return this.db.userSubscription.findUnique({
       where: {
-        userId: user.id,
+        userId_plan: {
+          userId: user.id,
+          plan,
+        },
         status: SubscriptionStatus.Active,
       },
     });
   }
 
+  @ResolveField(() => [UserSubscriptionType])
+  async subscriptions(
+    @CurrentUser() me: User,
+    @Parent() user: User
+  ): Promise<UserSubscription[]> {
+    if (me.id !== user.id) {
+      throw new ForbiddenException(
+        'You are not allowed to access this subscription.'
+      );
+    }
+
+    return this.db.userSubscription.findMany({
+      where: {
+        userId: user.id,
+      },
+    });
+  }
+
   @ResolveField(() => [UserInvoiceType])
   async invoices(
     @CurrentUser() me: User,

packages/backend/server/src/plugins/payment/service.ts

@@ -1,4 +1,4 @@
-import { Injectable, Logger } from '@nestjs/common';
+import { BadRequestException, Injectable, Logger } from '@nestjs/common';
 import { OnEvent as RawOnEvent } from '@nestjs/event-emitter';
 import type {
   Prisma,
@@ -65,7 +65,9 @@ export class SubscriptionService {
   ) {}
 
   async listPrices() {
-    return this.stripe.prices.list();
+    return this.stripe.prices.list({
+      active: true,
+    });
   }
 
   async createCheckoutSession({
@@ -86,12 +88,15 @@ export class SubscriptionService {
     const currentSubscription = await this.db.userSubscription.findFirst({
       where: {
         userId: user.id,
+        plan,
         status: SubscriptionStatus.Active,
       },
     });
 
     if (currentSubscription) {
-      throw new Error('You already have a subscription');
+      throw new BadRequestException(
+        `You've already subscripted to the ${plan} plan`
+      );
     }
 
     const price = await this.getPrice(plan, recurring);
@@ -152,35 +157,47 @@ export class SubscriptionService {
 
   async cancelSubscription(
     idempotencyKey: string,
-    userId: string
+    userId: string,
+    plan: SubscriptionPlan
   ): Promise<UserSubscription> {
     const user = await this.db.user.findUnique({
       where: {
         id: userId,
       },
       include: {
-        subscription: true,
+        subscriptions: {
+          where: {
+            plan,
+          },
+        },
       },
     });
 
-    if (!user?.subscription) {
-      throw new Error('You do not have any subscription');
+    if (!user) {
+      throw new BadRequestException('Unknown user');
     }
 
-    if (user.subscription.canceledAt) {
-      throw new Error('Your subscription has already been canceled');
+    const subscriptionInDB = user?.subscriptions.find(s => s.plan === plan);
+    if (!subscriptionInDB) {
+      throw new BadRequestException(`You didn't subscript to the ${plan} plan`);
+    }
+
+    if (subscriptionInDB.canceledAt) {
+      throw new BadRequestException(
+        'Your subscription has already been canceled'
+      );
     }
 
     // should release the schedule first
-    if (user.subscription.stripeScheduleId) {
+    if (subscriptionInDB.stripeScheduleId) {
       const manager = await this.scheduleManager.fromSchedule(
-        user.subscription.stripeScheduleId
+        subscriptionInDB.stripeScheduleId
       );
       await manager.cancel(idempotencyKey);
       return this.saveSubscription(
         user,
         await this.stripe.subscriptions.retrieve(
-          user.subscription.stripeSubscriptionId
+          subscriptionInDB.stripeSubscriptionId
         ),
         false
       );
@@ -188,7 +205,7 @@ export class SubscriptionService {
       // let customer contact support if they want to cancel immediately
       // see https://stripe.com/docs/billing/subscriptions/cancel
       const subscription = await this.stripe.subscriptions.update(
-        user.subscription.stripeSubscriptionId,
+        subscriptionInDB.stripeSubscriptionId,
         { cancel_at_period_end: true },
         { idempotencyKey }
       );
@@ -198,44 +215,52 @@ export class SubscriptionService {
 
   async resumeCanceledSubscription(
     idempotencyKey: string,
-    userId: string
+    userId: string,
+    plan: SubscriptionPlan
   ): Promise<UserSubscription> {
     const user = await this.db.user.findUnique({
       where: {
         id: userId,
       },
       include: {
-        subscription: true,
+        subscriptions: true,
       },
     });
 
-    if (!user?.subscription) {
-      throw new Error('You do not have any subscription');
+    if (!user) {
+      throw new BadRequestException('Unknown user');
     }
 
-    if (!user.subscription.canceledAt) {
-      throw new Error('Your subscription has not been canceled');
+    const subscriptionInDB = user?.subscriptions.find(s => s.plan === plan);
+    if (!subscriptionInDB) {
+      throw new BadRequestException(`You didn't subscript to the ${plan} plan`);
     }
 
-    if (user.subscription.end < new Date()) {
-      throw new Error('Your subscription is expired, please checkout again.');
+    if (!subscriptionInDB.canceledAt) {
+      throw new BadRequestException('Your subscription has not been canceled');
     }
 
-    if (user.subscription.stripeScheduleId) {
+    if (subscriptionInDB.end < new Date()) {
+      throw new BadRequestException(
+        'Your subscription is expired, please checkout again.'
+      );
+    }
+
+    if (subscriptionInDB.stripeScheduleId) {
       const manager = await this.scheduleManager.fromSchedule(
-        user.subscription.stripeScheduleId
+        subscriptionInDB.stripeScheduleId
       );
       await manager.resume(idempotencyKey);
       return this.saveSubscription(
         user,
         await this.stripe.subscriptions.retrieve(
-          user.subscription.stripeSubscriptionId
+          subscriptionInDB.stripeSubscriptionId
         ),
         false
       );
     } else {
       const subscription = await this.stripe.subscriptions.update(
-        user.subscription.stripeSubscriptionId,
+        subscriptionInDB.stripeSubscriptionId,
         { cancel_at_period_end: false },
         { idempotencyKey }
       );
@@ -247,6 +272,7 @@ export class SubscriptionService {
   async updateSubscriptionRecurring(
     idempotencyKey: string,
     userId: string,
+    plan: SubscriptionPlan,
     recurring: SubscriptionRecurring
   ): Promise<UserSubscription> {
     const user = await this.db.user.findUnique({
@@ -254,30 +280,38 @@ export class SubscriptionService {
         id: userId,
       },
       include: {
-        subscription: true,
+        subscriptions: true,
       },
     });
 
-    if (!user?.subscription) {
-      throw new Error('You do not have any subscription');
+    if (!user) {
+      throw new BadRequestException('Unknown user');
+    }
+    const subscriptionInDB = user?.subscriptions.find(s => s.plan === plan);
+    if (!subscriptionInDB) {
+      throw new BadRequestException(`You didn't subscript to the ${plan} plan`);
     }
 
-    if (user.subscription.canceledAt) {
-      throw new Error('Your subscription has already been canceled ');
+    if (subscriptionInDB.canceledAt) {
+      throw new BadRequestException(
+        'Your subscription has already been canceled '
+      );
     }
 
-    if (user.subscription.recurring === recurring) {
-      throw new Error('You have already subscribed to this plan');
+    if (subscriptionInDB.recurring === recurring) {
+      throw new BadRequestException(
+        `You are already in ${recurring} recurring`
+      );
     }
 
     const price = await this.getPrice(
-      user.subscription.plan as SubscriptionPlan,
+      subscriptionInDB.plan as SubscriptionPlan,
       recurring
     );
 
     const manager = await this.scheduleManager.fromSubscription(
       `${idempotencyKey}-fromSubscription`,
-      user.subscription.stripeSubscriptionId
+      subscriptionInDB.stripeSubscriptionId
     );
 
     await manager.update(
@@ -293,7 +327,7 @@ export class SubscriptionService {
 
     return await this.db.userSubscription.update({
       where: {
-        id: user.subscription.id,
+        id: subscriptionInDB.id,
       },
       data: {
         stripeScheduleId: manager.schedule?.id ?? null, // update schedule id or set to null(undefined means untouched)
@@ -310,7 +344,7 @@ export class SubscriptionService {
     });
 
     if (!user) {
-      throw new Error('Unknown user');
+      throw new BadRequestException('Unknown user');
     }
 
     try {
@@ -321,7 +355,7 @@ export class SubscriptionService {
       return portal.url;
     } catch (e) {
       this.logger.error('Failed to create customer portal.', e);
-      throw new Error('Failed to create customer portal');
+      throw new BadRequestException('Failed to create customer portal');
     }
   }
 
@@ -518,7 +552,10 @@ export class SubscriptionService {
 
     const currentSubscription = await this.db.userSubscription.findUnique({
       where: {
-        userId: user.id,
+        userId_plan: {
+          userId: user.id,
+          plan,
+        },
       },
     });
 
@@ -641,8 +678,8 @@ export class SubscriptionService {
     });
 
     if (!prices.data.length) {
-      throw new Error(
-        `Unknown subscription plan ${plan} with recurring ${recurring}`
+      throw new BadRequestException(
+        `Unknown subscription plan ${plan} with ${recurring} recurring`
       );
     }
 

packages/backend/server/src/plugins/payment/types.ts

@@ -1,5 +1,5 @@
-import { type User } from '@prisma/client';
-import { type Stripe } from 'stripe';
+import type { User } from '@prisma/client';
+import type { Stripe } from 'stripe';
 
 import type { Payload } from '../../fundamentals/event/def';
 
@@ -20,6 +20,7 @@ export enum SubscriptionRecurring {
 export enum SubscriptionPlan {
   Free = 'free',
   Pro = 'pro',
+  AI = 'ai',
   Team = 'team',
   Enterprise = 'enterprise',
   SelfHosted = 'selfhosted',

packages/backend/server/src/plugins/payment/webhook.ts

@@ -12,6 +12,7 @@ import { EventEmitter2 } from '@nestjs/event-emitter';
 import type { Request } from 'express';
 import Stripe from 'stripe';
 
+import { Public } from '../../core/auth';
 import { Config } from '../../fundamentals';
 
 @Controller('/api/stripe')
@@ -28,6 +29,7 @@ export class StripeWebhook {
     this.webhookKey = config.plugins.payment.stripe.keys.webhookKey;
   }
 
+  @Public()
   @Post('/webhook')
   async handleWebhook(@Req() req: RawBodyRequest<Request>) {
     // Check if webhook signing is configured.

packages/backend/server/src/plugins/redis/index.ts

@@ -1,18 +1,15 @@
 import { Global, Provider, Type } from '@nestjs/common';
-import { Redis, type RedisOptions } from 'ioredis';
+import type { RedisOptions } from 'ioredis';
+import { Redis } from 'ioredis';
 import { ThrottlerStorageRedisService } from 'nestjs-throttler-storage-redis';
 
-import { Cache, SessionCache } from '../../fundamentals';
+import { Cache, Locker, SessionCache } from '../../fundamentals';
 import { ThrottlerStorage } from '../../fundamentals/throttler';
 import { SocketIoAdapterImpl } from '../../fundamentals/websocket';
 import { Plugin } from '../registry';
 import { RedisCache } from './cache';
-import {
-  CacheRedis,
-  SessionRedis,
-  SocketIoRedis,
-  ThrottlerRedis,
-} from './instances';
+import { CacheRedis, SessionRedis, SocketIoRedis } from './instances';
+import { RedisMutexLocker } from './mutex';
 import { createSockerIoAdapterImpl } from './ws-adapter';
 
 function makeProvider(token: Type, impl: Type<Redis>): Provider {
@@ -35,7 +32,7 @@ const throttlerStorageProvider: Provider = {
   useFactory: (redis: Redis) => {
     return new ThrottlerStorageRedisService(redis);
   },
-  inject: [ThrottlerRedis],
+  inject: [SessionRedis],
 };
 
 // socket io
@@ -47,15 +44,22 @@ const socketIoRedisAdapterProvider: Provider = {
   inject: [SocketIoRedis],
 };
 
+// mutex
+const mutexRedisAdapterProvider: Provider = {
+  provide: Locker,
+  useClass: RedisMutexLocker,
+};
+
 @Global()
 @Plugin({
   name: 'redis',
-  providers: [CacheRedis, SessionRedis, ThrottlerRedis, SocketIoRedis],
+  providers: [CacheRedis, SessionRedis, SocketIoRedis],
   overrides: [
     cacheProvider,
     sessionCacheProvider,
     socketIoRedisAdapterProvider,
     throttlerStorageProvider,
+    mutexRedisAdapterProvider,
   ],
   requires: ['plugins.redis.host'],
 })

packages/backend/server/src/plugins/redis/instances.ts

@@ -34,13 +34,6 @@ export class CacheRedis extends Redis {
   }
 }
 
-@Injectable()
-export class ThrottlerRedis extends Redis {
-  constructor(config: Config) {
-    super({ ...config.plugins.redis, db: (config.plugins.redis?.db ?? 0) + 1 });
-  }
-}
-
 @Injectable()
 export class SessionRedis extends Redis {
   constructor(config: Config) {

packages/backend/server/src/plugins/redis/mutex.ts

@@ -0,0 +1,65 @@
+import { Injectable, Logger } from '@nestjs/common';
+import { Command } from 'ioredis';
+
+import { ILocker, Lock } from '../../fundamentals';
+import { SessionRedis } from './instances';
+
+// === atomic mutex lock ===
+// acquire lock
+// return 1 if lock is acquired
+// return 0 if lock is not acquired
+const lockScript = `local key = KEYS[1]
+local owner = ARGV[1]
+
+-- if lock is not exists or lock is owned by the owner
+-- then set lock to the owner and return 1, otherwise return 0
+-- if the lock is not released correctly due to unexpected reasons
+-- lock will be released after 60 seconds
+if redis.call("get", key) == owner or redis.call("set", key, owner, "NX", "EX", 60) then
+  return 1
+else
+  return 0
+end`;
+// release lock
+// return 1 if lock is released or lock is not exists
+// return 0 if lock is not owned by the owner
+const unlockScript = `local key = KEYS[1]
+local owner = ARGV[1]
+
+local value = redis.call("get", key)
+if value == owner then
+  return redis.call("del", key)
+elseif value == nil then
+  return 1
+else
+  return 0
+end`;
+
+@Injectable()
+export class RedisMutexLocker implements ILocker {
+  private readonly logger = new Logger(RedisMutexLocker.name);
+  constructor(private readonly redis: SessionRedis) {}
+
+  async lock(owner: string, key: string): Promise<Lock> {
+    const lockKey = `MutexLock:${key}`;
+    this.logger.debug(`Client ${owner} is trying to lock resource ${key}`);
+
+    const success = await this.redis.sendCommand(
+      new Command('EVAL', [lockScript, '1', lockKey, owner])
+    );
+
+    if (success === 1) {
+      return new Lock(async () => {
+        const result = await this.redis.sendCommand(
+          new Command('EVAL', [unlockScript, '1', lockKey, owner])
+        );
+
+        if (result === 0) {
+          throw new Error(`Failed to release lock ${key}`);
+        }
+      });
+    }
+
+    throw new Error(`Failed to acquire lock for resource [${key}]`);
+  }
+}

packages/backend/server/src/schema.gql

@@ -110,13 +110,10 @@ type Mutation {
   acceptInviteById(inviteId: String!, sendAcceptMail: Boolean, workspaceId: String!): Boolean!
   addToEarlyAccess(email: String!): Int!
   addWorkspaceFeature(feature: FeatureType!, workspaceId: String!): Int!
-  cancelSubscription(idempotencyKey: String!): UserSubscription!
+  cancelSubscription(idempotencyKey: String!, plan: SubscriptionPlan = Pro): UserSubscription!
   changeEmail(email: String!, token: String!): UserType!
   changePassword(newPassword: String!, token: String!): UserType!
 
-  """Create a subscription checkout link of stripe"""
-  checkout(idempotencyKey: String!, recurring: SubscriptionRecurring!): String! @deprecated(reason: "use `createCheckoutSession` instead")
-
   """Create a subscription checkout link of stripe"""
   createCheckoutSession(input: CreateCheckoutSessionInput!): String!
 
@@ -137,7 +134,7 @@ type Mutation {
   removeAvatar: RemoveAvatar!
   removeEarlyAccess(email: String!): Int!
   removeWorkspaceFeature(feature: FeatureType!, workspaceId: String!): Int!
-  resumeSubscription(idempotencyKey: String!): UserSubscription!
+  resumeSubscription(idempotencyKey: String!, plan: SubscriptionPlan = Pro): UserSubscription!
   revoke(userId: String!, workspaceId: String!): Boolean!
   revokePage(pageId: String!, workspaceId: String!): Boolean! @deprecated(reason: "use revokePublicPage")
   revokePublicPage(pageId: String!, workspaceId: String!): WorkspacePage!
@@ -152,7 +149,7 @@ type Mutation {
   signIn(email: String!, password: String!): UserType!
   signUp(email: String!, name: String!, password: String!): UserType!
   updateProfile(input: UpdateUserInput!): UserType!
-  updateSubscriptionRecurring(idempotencyKey: String!, recurring: SubscriptionRecurring!): UserSubscription!
+  updateSubscriptionRecurring(idempotencyKey: String!, plan: SubscriptionPlan = Pro, recurring: SubscriptionRecurring!): UserSubscription!
 
   """Update workspace"""
   updateWorkspace(input: UpdateWorkspaceInput!): WorkspaceType!
@@ -267,6 +264,7 @@ enum ServerFeature {
 }
 
 enum SubscriptionPlan {
+  AI
   Enterprise
   Free
   Pro
@@ -275,11 +273,11 @@ enum SubscriptionPlan {
 }
 
 type SubscriptionPrice {
-  amount: Int!
+  amount: Int
   currency: String!
   plan: SubscriptionPlan!
   type: String!
-  yearlyAmount: Int!
+  yearlyAmount: Int
 }
 
 enum SubscriptionRecurring {
@@ -388,7 +386,8 @@ type UserType {
   """User name"""
   name: String!
   quota: UserQuota
-  subscription: UserSubscription
+  subscription(plan: SubscriptionPlan = Pro): UserSubscription @deprecated(reason: "use `UserType.subscriptions`")
+  subscriptions: [UserSubscription!]!
   token: tokenType! @deprecated(reason: "use [/api/auth/authorize]")
 }
 

packages/backend/server/tests/app.e2e.ts

@@ -1,5 +1,6 @@
 import type { INestApplication } from '@nestjs/common';
-import ava, { type TestFn } from 'ava';
+import type { TestFn } from 'ava';
+import ava from 'ava';
 import request from 'supertest';
 
 import { AppModule } from '../src/app.module';

packages/backend/server/tests/auth.e2e.ts

@@ -3,7 +3,8 @@ import {
   getLatestMailMessage,
 } from '@affine-test/kit/utils/cloud';
 import type { INestApplication } from '@nestjs/common';
-import ava, { type TestFn } from 'ava';
+import type { TestFn } from 'ava';
+import ava from 'ava';
 
 import { AuthService } from '../src/core/auth/service';
 import { MailService } from '../src/fundamentals/mailer';

packages/backend/server/tests/doc.spec.ts

@@ -127,7 +127,7 @@ test('should merge update when intervel due', async t => {
   await manager.autoSquash();
 
   t.deepEqual(
-    (await manager.getBinary(ws.id, '1'))?.toString('hex'),
+    (await manager.getBinary(ws.id, '1'))?.binary.toString('hex'),
     Buffer.from(update.buffer).toString('hex')
   );
 
@@ -150,7 +150,7 @@ test('should merge update when intervel due', async t => {
   await manager.autoSquash();
 
   t.deepEqual(
-    (await manager.getBinary(ws.id, '1'))?.toString('hex'),
+    (await manager.getBinary(ws.id, '1'))?.binary.toString('hex'),
     Buffer.from(encodeStateAsUpdate(doc)).toString('hex')
   );
 });
@@ -275,20 +275,21 @@ test('should throw if meet max retry times', async t => {
 test('should be able to insert the snapshot if it is new created', async t => {
   const manager = m.get(DocManager);
 
-  const doc = new YDoc();
-  const text = doc.getText('content');
-  text.insert(0, 'hello');
-  const update = encodeStateAsUpdate(doc);
-
-  await manager.push('1', '1', Buffer.from(update));
+  {
+    const doc = new YDoc();
+    const text = doc.getText('content');
+    text.insert(0, 'hello');
+    const update = encodeStateAsUpdate(doc);
 
+    await manager.push('1', '1', Buffer.from(update));
+  }
   const updates = await manager.getUpdates('1', '1');
   t.is(updates.length, 1);
   // @ts-expect-error private
-  const snapshot = await manager.squash(null, updates);
+  const { doc } = await manager.squash(null, updates);
 
-  t.truthy(snapshot);
-  t.is(snapshot.getText('content').toString(), 'hello');
+  t.truthy(doc);
+  t.is(doc.getText('content').toString(), 'hello');
 
   const restUpdates = await manager.getUpdates('1', '1');
 
@@ -315,14 +316,14 @@ test('should be able to merge updates into snapshot', async t => {
   {
     await manager.batchPush('1', '1', updates.slice(0, 2));
     // do the merge
-    const doc = (await manager.get('1', '1'))!;
+    const { doc } = (await manager.get('1', '1'))!;
 
     t.is(doc.getText('content').toString(), 'helloworld');
   }
 
   {
     await manager.batchPush('1', '1', updates.slice(2));
-    const doc = (await manager.get('1', '1'))!;
+    const { doc } = (await manager.get('1', '1'))!;
 
     t.is(doc.getText('content').toString(), 'hello world!');
   }
@@ -372,7 +373,7 @@ test('should not update snapshot if doc is outdated', async t => {
     const updateRecords = await manager.getUpdates('2', '1');
 
     // @ts-expect-error private
-    const doc = await manager.squash(snapshot, updateRecords);
+    const { doc } = await manager.squash(snapshot, updateRecords);
 
     // all updated will merged into doc not matter it's timestamp is outdated or not,
     // but the snapshot record will not be updated

packages/backend/server/tests/feature.spec.ts

@@ -2,7 +2,8 @@
 
 import { INestApplication, Injectable } from '@nestjs/common';
 import { PrismaClient } from '@prisma/client';
-import ava, { type TestFn } from 'ava';
+import type { TestFn } from 'ava';
+import ava from 'ava';
 
 import { AuthService } from '../src/core/auth/service';
 import {

packages/backend/server/tests/history.spec.ts

@@ -7,7 +7,7 @@ import * as Sinon from 'sinon';
 import { DocHistoryManager } from '../src/core/doc';
 import { QuotaModule } from '../src/core/quota';
 import { StorageModule } from '../src/core/storage';
-import { type EventPayload } from '../src/fundamentals/event';
+import type { EventPayload } from '../src/fundamentals/event';
 import { createTestingModule } from './utils';
 
 let m: TestingModule;

packages/backend/server/tests/mailer.e2e.ts

@@ -7,7 +7,8 @@ import {
   getLatestMailMessage,
 } from '@affine-test/kit/utils/cloud';
 import { TestingModule } from '@nestjs/testing';
-import ava, { type TestFn } from 'ava';
+import type { TestFn } from 'ava';
+import ava from 'ava';
 
 import { AuthService } from '../src/core/auth/service';
 import { ConfigModule } from '../src/fundamentals/config';

packages/backend/server/tests/mailer.spec.ts

@@ -1,5 +1,6 @@
 import type { INestApplication } from '@nestjs/common';
-import ava, { type TestFn } from 'ava';
+import type { TestFn } from 'ava';
+import ava from 'ava';
 import Sinon from 'sinon';
 
 import { AppModule } from '../src/app.module';

packages/backend/server/tests/quota.spec.ts

@@ -1,7 +1,8 @@
 /// <reference types="../src/global.d.ts" />
 
 import { TestingModule } from '@nestjs/testing';
-import ava, { type TestFn } from 'ava';
+import type { TestFn } from 'ava';
+import ava from 'ava';
 
 import { AuthService } from '../src/core/auth';
 import {

packages/backend/server/tests/tsconfig.json

@@ -2,7 +2,7 @@
   "extends": "../../../../tsconfig.json",
   "compilerOptions": {
     "composite": true,
-    "target": "ESNext",
+    "target": "ES2022",
     "emitDecoratorMetadata": true,
     "experimentalDecorators": true,
     "rootDir": ".",

packages/backend/server/tests/workspace-invite.e2e.ts

@@ -4,7 +4,8 @@ import {
 } from '@affine-test/kit/utils/cloud';
 import type { INestApplication } from '@nestjs/common';
 import { PrismaClient } from '@prisma/client';
-import ava, { type TestFn } from 'ava';
+import type { TestFn } from 'ava';
+import ava from 'ava';
 
 import { AppModule } from '../src/app.module';
 import { AuthService } from '../src/core/auth/service';
@@ -104,7 +105,7 @@ test('should create user if not exist', async t => {
 
   const user = await auth.getUserByEmail('u2@affine.pro');
   t.not(user, undefined, 'failed to create user');
-  t.is(user?.name, 'Unnamed', 'failed to create user');
+  t.is(user?.name, 'u2', 'failed to create user');
 });
 
 test('should invite a user by link', async t => {
@@ -255,3 +256,25 @@ test('should support pagination for member', async t => {
   );
   t.is(secondPageWorkspace.members.length, 1, 'failed to check invite id');
 });
+
+test('should limit member count correctly', async t => {
+  const { app } = t.context;
+  const u1 = await signUp(app, 'u1', 'u1@affine.pro', '1');
+  for (let i = 0; i < 10; i++) {
+    const workspace = await createWorkspace(app, u1.token.token);
+    await Promise.allSettled(
+      Array.from({ length: 10 }).map(async (_, i) =>
+        inviteUser(
+          app,
+          u1.token.token,
+          workspace.id,
+          `u${i}@affine.pro`,
+          'Admin'
+        )
+      )
+    );
+
+    const ws = await getWorkspace(app, u1.token.token, workspace.id);
+    t.assert(ws.members.length <= 3, 'failed to check member list');
+  }
+});

packages/backend/server/tests/workspace.e2e.ts

@@ -1,6 +1,7 @@
 import type { INestApplication } from '@nestjs/common';
 import { PrismaClient } from '@prisma/client';
-import ava, { type TestFn } from 'ava';
+import type { TestFn } from 'ava';
+import ava from 'ava';
 import request from 'supertest';
 
 import { AppModule } from '../src/app.module';

packages/backend/server/tsconfig.json

@@ -2,7 +2,7 @@
   "extends": "../../../tsconfig.json",
   "compilerOptions": {
     "composite": true,
-    "target": "ESNext",
+    "target": "ES2022",
     "module": "ESNext",
     "emitDecoratorMetadata": true,
     "experimentalDecorators": true,

packages/backend/storage/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@affine/storage",
-  "version": "0.12.0",
+  "version": "0.14.0",
   "engines": {
     "node": ">= 10.16.0 < 11 || >= 11.8.0"
   },

packages/common/debug/package.json

@@ -7,7 +7,7 @@
   },
   "devDependencies": {
     "@types/debug": "^4.1.12",
-    "vitest": "1.3.1"
+    "vitest": "1.4.0"
   },
-  "version": "0.12.0"
+  "version": "0.14.0"
 }

packages/common/env/package.json

@@ -3,11 +3,11 @@
   "private": true,
   "type": "module",
   "devDependencies": {
-    "@blocksuite/global": "0.13.0-canary-202403140320-a2b362b",
-    "@blocksuite/store": "0.13.0-canary-202403140320-a2b362b",
+    "@blocksuite/global": "0.14.0-canary-202403250855-4171ecd",
+    "@blocksuite/store": "0.14.0-canary-202403250855-4171ecd",
     "react": "18.2.0",
     "react-dom": "18.2.0",
-    "vitest": "1.3.1"
+    "vitest": "1.4.0"
   },
   "exports": {
     "./automation": "./src/automation.ts",
@@ -26,5 +26,5 @@
     "lit": "^3.1.2",
     "zod": "^3.22.4"
   },
-  "version": "0.12.0"
+  "version": "0.14.0"
 }

packages/common/env/src/filter.ts

@@ -53,6 +53,8 @@ export const collectionSchema = z.object({
   name: z.string(),
   filterList: z.array(filterSchema),
   allowList: z.array(z.string()),
+  createDate: z.union([z.date(), z.number()]).optional(),
+  updateDate: z.union([z.date(), z.number()]).optional(),
 });
 export const deletedCollectionSchema = z.object({
   userId: z.string().optional(),
@@ -78,6 +80,8 @@ export const tagSchema = z.object({
   value: z.string(),
   color: z.string(),
   parentId: z.string().optional(),
+  createDate: z.union([z.date(), z.number()]).optional(),
+  updateDate: z.union([z.date(), z.number()]).optional(),
 });
 export type Tag = z.input<typeof tagSchema>;
 

packages/common/env/src/global.ts

@@ -19,7 +19,6 @@ export const runtimeFlagsSchema = z.object({
   enableNewSettingModal: z.boolean(),
   enableNewSettingUnstableApi: z.boolean(),
   enableSQLiteProvider: z.boolean(),
-  enableNotificationCenter: z.boolean(),
   enableCloud: z.boolean(),
   enableCaptcha: z.boolean(),
   enableEnhanceShareMode: z.boolean(),

packages/common/env/tsconfig.json

@@ -6,9 +6,5 @@
     "noEmit": false,
     "outDir": "lib"
   },
-  "references": [
-    {
-      "path": "../../../tests/fixtures"
-    }
-  ]
+  "references": []
 }

packages/common/infra/package.json

@@ -4,22 +4,17 @@
   "private": true,
   "exports": {
     "./blocksuite": "./src/blocksuite/index.ts",
-    "./command": "./src/command/index.ts",
-    "./atom": "./src/atom/index.ts",
     "./app-config-storage": "./src/app-config-storage.ts",
-    "./di": "./src/di/index.ts",
-    "./livedata": "./src/livedata/index.ts",
-    "./storage": "./src/storage/index.ts",
-    "./lifecycle": "./src/lifecycle/index.ts",
     ".": "./src/index.ts"
   },
   "dependencies": {
     "@affine/debug": "workspace:*",
     "@affine/env": "workspace:*",
     "@affine/templates": "workspace:*",
-    "@blocksuite/blocks": "0.13.0-canary-202403140320-a2b362b",
-    "@blocksuite/global": "0.13.0-canary-202403140320-a2b362b",
-    "@blocksuite/store": "0.13.0-canary-202403140320-a2b362b",
+    "@blocksuite/blocks": "0.14.0-canary-202403250855-4171ecd",
+    "@blocksuite/global": "0.14.0-canary-202403250855-4171ecd",
+    "@blocksuite/store": "0.14.0-canary-202403250855-4171ecd",
+    "@datastructures-js/binary-search-tree": "^5.3.2",
     "foxact": "^0.2.31",
     "jotai": "^2.6.5",
     "jotai-effect": "^0.6.0",
@@ -33,15 +28,15 @@
   "devDependencies": {
     "@affine-test/fixtures": "workspace:*",
     "@affine/templates": "workspace:*",
-    "@blocksuite/lit": "0.13.0-canary-202403140320-a2b362b",
-    "@blocksuite/presets": "0.13.0-canary-202403140320-a2b362b",
+    "@blocksuite/block-std": "0.14.0-canary-202403250855-4171ecd",
+    "@blocksuite/presets": "0.14.0-canary-202403250855-4171ecd",
     "@testing-library/react": "^14.2.1",
     "async-call-rpc": "^6.4.0",
     "react": "^18.2.0",
     "rxjs": "^7.8.1",
     "vite": "^5.1.4",
     "vite-plugin-dts": "3.7.3",
-    "vitest": "1.3.1"
+    "vitest": "1.4.0"
   },
   "peerDependencies": {
     "@affine/templates": "*",
@@ -71,5 +66,5 @@
       "optional": true
     }
   },
-  "version": "0.12.0"
+  "version": "0.14.0"
 }

packages/common/infra/src/atom/settings.ts

@@ -32,6 +32,7 @@ export type AppSetting = {
   autoCheckUpdate: boolean;
   autoDownloadUpdate: boolean;
   enableMultiView: boolean;
+  enableTelemetry: boolean;
   editorFlags: Partial<Omit<BlockSuiteFlags, 'readonly'>>;
 };
 export const windowFrameStyleOptions: AppSetting['windowFrameStyle'][] = [
@@ -71,6 +72,7 @@ const appSettingBaseAtom = atomWithStorage<AppSetting>('affine-settings', {
   enableNoisyBackground: true,
   autoCheckUpdate: true,
   autoDownloadUpdate: true,
+  enableTelemetry: true,
   enableMultiView: false,
   editorFlags: {},
 });
@@ -80,7 +82,7 @@ export function setupEditorFlags(docCollection: DocCollection) {
   const syncEditorFlags = () => {
     try {
       const editorFlags = getCurrentStore().get(appSettingBaseAtom).editorFlags;
-      Object.entries(editorFlags).forEach(([key, value]) => {
+      Object.entries(editorFlags ?? {}).forEach(([key, value]) => {
         docCollection.awarenessStore.setFlag(
           key as keyof BlockSuiteFlags,
           value