File token chores (#4664)

* Missing file token chores

* Make whole idea folder ignored

.gitignore

@@ -1,6 +1,6 @@
 **/**/.env
 .DS_Store
-.idea/workspace.xml
+/.idea
 **/**/node_modules/
 
 # yarn is the recommended package manager across the project
@@ -21,4 +21,4 @@ coverage
 
 **/**/logs/**
 
-storybook-static
+storybook-static

packages/twenty-docker/prod/docker-compose.yml

@@ -22,6 +22,7 @@ services:
       ACCESS_TOKEN_SECRET: ${ACCESS_TOKEN_SECRET}
       LOGIN_TOKEN_SECRET: ${LOGIN_TOKEN_SECRET}
       REFRESH_TOKEN_SECRET: ${REFRESH_TOKEN_SECRET}
+      FILE_TOKEN_SECRET: ${FILE_TOKEN_SECRET}
     depends_on:
       db:
         condition: service_healthy

packages/twenty-docs/docs/start/self-hosting/cloud-providers.mdx

@@ -15,7 +15,7 @@ Feel free to join our discord if you need assistance.
 - [Azure Container Apps](#azure-container-apps)
 - [Others](#others)
 
-## Azure Container Apps 
+## Azure Container Apps
 
 ### About
 
@@ -261,6 +261,7 @@ resource "azapi_update_resource" "cors" {
 resource "random_uuid" "access_token_secret" {}
 resource "random_uuid" "login_token_secret" {}
 resource "random_uuid" "refresh_token_secret" {}
+resource "random_uuid" "file_token_secret" {}
 
 resource "azurerm_container_app" "twenty_server" {
   name                         = local.server_name
@@ -338,6 +339,10 @@ resource "azurerm_container_app" "twenty_server" {
         name  = "REFRESH_TOKEN_SECRET"
         value = random_uuid.refresh_token_secret.result
       }
+      env {
+        name  = "FILE_TOKEN_SECRET"
+        value = random_uuid.file_token_secret.result
+      }
     }
   }
 }
@@ -424,4 +429,4 @@ resource "azurerm_container_app" "twenty_db" {
 
 ## Others
 
-Please feel free to Open a PR to add more Cloud Provider options.
+Please feel free to Open a PR to add more Cloud Provider options.

packages/twenty-docs/docs/start/self-hosting/docker-compose.mdx

@@ -11,24 +11,25 @@ sidebar_custom_props:
 3. In your .env file, replace the three "replace_me_with_a_random_string_access" with the three random strings you just generated.
 
 ```
-ACCESS_TOKEN_SECRET=replace_me_with_a_random_string_access 
+ACCESS_TOKEN_SECRET=replace_me_with_a_random_string_access
-LOGIN_TOKEN_SECRET=replace_me_with_a_random_string_login 
+LOGIN_TOKEN_SECRET=replace_me_with_a_random_string_login
 REFRESH_TOKEN_SECRET=replace_me_with_a_random_string_refresh
+FILE_TOKEN_SECRET=replace_me_with_a_random_string_refresh
 ```
 
 4. Create a `docker-compose.yml` file from the example below.
 5. Run the command `docker-compose up -d`
 6. Go to http://localhost:3001 and see your docker instance.
 
-## Troubleshooting 
+## Troubleshooting
 
-### Not able to login 
+### Not able to login
 
-If you encounter errors, (not able to log into the application after inputting an email) after the inital setup, try running `docker exec -it twenty-backend-1 yarn nx database:reset` and see if that solves your issue. 
+If you encounter errors, (not able to log into the application after inputting an email) after the inital setup, try running `docker exec -it twenty-backend-1 yarn nx database:reset` and see if that solves your issue.
 
 ### Cannot connect to server, running behind a reverse proxy
 
-Complete step three and four with : 
+Complete step three and four with :
 
 3. Add `SERVER_URL=https://<your-api-url.com>` to your `.env`
 4. Uncomment `SERVER_URL=${SERVER_URL}` in your `docker-compose.yml`
@@ -76,6 +77,7 @@ services:
       - ACCESS_TOKEN_SECRET=${ACCESS_TOKEN_SECRET}
       - LOGIN_TOKEN_SECRET=${LOGIN_TOKEN_SECRET}
       - REFRESH_TOKEN_SECRET=${REFRESH_TOKEN_SECRET}
+      - FILE_TOKEN_SECRET=${FILE_TOKEN_SECRET}
       # Uncomment if behind a reverse proxy
       # - SERVER_URL=${SERVER_URL}
     depends_on:

packages/twenty-docs/docs/start/self-hosting/self-hosting.mdx

@@ -59,6 +59,8 @@ import TabItem from '@theme/TabItem';
     ['REFRESH_TOKEN_SECRET', '<random>', 'Secret used for the refresh tokens'],
     ['REFRESH_TOKEN_EXPIRES_IN', '90d', 'Refresh token expiration time'],
     ['REFRESH_TOKEN_COOL_DOWN', '1m', 'Refresh token cooldown'],
+    ['FILE_TOKEN_SECRET', '<random>', 'Secret used for the file tokens'],
+    ['FILE_TOKEN_EXPIRES_IN', '1d', 'File token expiration time'],
     ['API_TOKEN_EXPIRES_IN', '1000y', 'Api token expiration time'],
     ]}></OptionTable>
 

packages/twenty-server/.env.example

@@ -18,8 +18,9 @@ SIGN_IN_PREFILLED=true
 # ACCESS_TOKEN_EXPIRES_IN=30m
 # LOGIN_TOKEN_EXPIRES_IN=15m
 # API_TOKEN_EXPIRES_IN=1000y
-# REFRESH_TOKEN_EXPIRES_IN=90d 
+# REFRESH_TOKEN_EXPIRES_IN=90d
-# FRONT_AUTH_CALLBACK_URL=http://localhost:3001/verify 
+# FILE_TOKEN_EXPIRES_IN=1d
+# FRONT_AUTH_CALLBACK_URL=http://localhost:3001/verify
 # AUTH_GOOGLE_ENABLED=false
 # MESSAGING_PROVIDER_GMAIL_ENABLED=false
 # CALENDAR_PROVIDER_GOOGLE_ENABLED=false

packages/twenty-server/.env.test

@@ -9,15 +9,16 @@ FRONT_BASE_URL=http://localhost:3001
 ACCESS_TOKEN_SECRET=secret_jwt
 LOGIN_TOKEN_SECRET=secret_login_tokens
 REFRESH_TOKEN_SECRET=secret_refresh_token
-FILE_TOKEN_SECRET=replace_me_with_a_random_string_refresh
+FILE_TOKEN_SECRET=secret_file_token
 
 # ———————— Optional ————————
 # DEBUG_MODE=false
 # SIGN_IN_PREFILLED=false
 # ACCESS_TOKEN_EXPIRES_IN=30m
 # LOGIN_TOKEN_EXPIRES_IN=15m
-# REFRESH_TOKEN_EXPIRES_IN=90d 
+# REFRESH_TOKEN_EXPIRES_IN=90d
-# FRONT_AUTH_CALLBACK_URL=http://localhost:3001/verify 
+# FILE_TOKEN_EXPIRES_IN=1d
+# FRONT_AUTH_CALLBACK_URL=http://localhost:3001/verify
 # AUTH_GOOGLE_ENABLED=false
 # MESSAGING_PROVIDER_GMAIL_ENABLED=false
 # STORAGE_TYPE=local

render.yaml

@@ -32,6 +32,8 @@ services:
       generateValue: true
     - key: REFRESH_TOKEN_SECRET
       generateValue: true
+    - key: FILE_TOKEN_SECRET
+      generateValue: true
     - key: PG_DATABASE_HOST
       fromService:
         name: twenty_postgres