feat: resolved errorsf for self hosted license v2#7062
Conversation
|
💬 Discussion in Slack: #pr-review-infisical-7062-feat-resolved-errorsf-for-self-hosted-license-v2 Posted by Review Police — reviews, comments, new commits, and CI failures will stream into this channel. |
|
| Filename | Overview |
|---|---|
| backend/src/services/license-client/license-client.ts | Routes self-hosted v2 keys to the new backend. The URL validation accepts plain http:, which can expose the license key bearer token in plaintext — usage-reporter.ts in the same PR rejects non-HTTPS. |
| backend/src/services/license-client/license-client-backends.ts | Adds licenseServerSelfHostedBackend — single-tenant HTTP client using the raw license key as bearer. All sensitive ops use redirect: "manual". Stubs out unsupported Stripe ops with explicit rejections. |
| backend/src/services/license-client/usage/usage-reporter.ts | Extends bearer selection to prefer the self-hosted license key when detected. Correctly enforces HTTPS before forwarding the credential. Minor: duplicates the prefix constant. |
| backend/src/ee/services/license/license-service.ts | Adds EnterpriseOnPremV2 init path, background cron sync, syncSelfHostedV2Features, and refreshEntitlements on manual refresh. Guards on LICENSE_SERVER_KEY for cloud-only seat ops look intentional for the migration. |
| backend/src/ee/services/license/license-fns.ts | Exports isV2SelfHostedLicenseKey helper and SELF_HOSTED_V2_LICENSE_KEY_PREFIX; routes infisical_lk_ keys to LicenseType.OnlineV2. Logic is clean. |
| backend/src/ee/services/license/license-types.ts | Adds EnterpriseOnPremV2 to InstanceType and OnlineV2 to LicenseType. Clean enum extension. |
| backend/src/ee/services/license-v2/license-v2-service.ts | Self-hosted billing overview now reads seat caps from entitlements instead of cloud plan, skips Stripe billing profile, and sets isCloud: false / mode: "managed". Logic is clear and correctly branched. |
| backend/src/services/license-client/license-client-types.ts | Adds refreshEntitlements to TLicenseClientBackend. Interface update is consistent with both implementations. |
| frontend/src/pages/organization/BillingV2Page/BillingV2Page.tsx | Detects mode === "managed" to swap the billing page description text for self-hosted license holders. Simple, safe change. |
Comments Outside Diff (1)
-
backend/src/services/license-client/license-client.ts, line 56-59 (link)Bearer credential sent over plain HTTP
buildBackendexplicitly allowshttp:in the URL check, so if an operator configuresLICENSE_SERVER_V2_URLwith anhttp://address the raw license key (infisical_lk_…) is transmitted in plaintext.usage-reporter.tsin this same PR already enforces HTTPS for the same bearer — the inconsistency means the main entitlement/refresh client has weaker protection than the usage reporter.
Reviews (1): Last reviewed commit: "feat: resolved errorsf for self hosted l..." | Re-trigger Greptile
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f03e991ba8
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Context
infisical_lk_license keys (legacyQVHK-HIGYHkeys still work) and run the instance in a newEnterpriseOnPremV2mode.Screenshots
Steps to verify the change
Type
Checklist
type(scope): short description(scope is optional, e.g.,fix: prevent crash on syncorfix(api): handle null response).