fix: update badge styles for previous and current state indicators in StateTransition template

[Snyk] Upgrade react-router-dom from 6.30.1 to 6.30.2

.github/instructions/instructions.md

@@ -0,0 +1,17 @@
+---
+applyTo: '**'
+---
+
+# Building and Compiling
+
+If you would like to compile or build any project. Please cd into the directory and run the following command:
+
+```
+npm run compile
+```
+
+Ths will make sure there are no type / syntax errors. 
+
+# Typescript Types.
+
+Please do not use "any" types. Please create proper types where required. 

.github/workflows/build.yml

@@ -19,11 +19,19 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Preinstall 
-        run: npm run prerun
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 10
+          max_attempts: 3
+          command: npm run prerun
       
       # build image for accounts service
       - name: build docker image
-        run: sudo docker build -f ./Accounts/Dockerfile .
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 45
+          max_attempts: 3
+          command: sudo docker build --no-cache -f ./Accounts/Dockerfile .
 
   docker-build-isolated-vm:
     runs-on: ubuntu-latest
@@ -34,11 +42,19 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Preinstall 
-        run: npm run prerun
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 10
+          max_attempts: 3
+          command: npm run prerun
       
       # build image for accounts service
       - name: build docker image
-        run: sudo docker build -f ./IsolatedVM/Dockerfile .
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 45
+          max_attempts: 3
+          command: sudo docker build --no-cache -f ./IsolatedVM/Dockerfile .
 
   docker-build-home:
     runs-on: ubuntu-latest
@@ -49,11 +65,19 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Preinstall 
-        run: npm run prerun
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 10
+          max_attempts: 3
+          command: npm run prerun
       
       # build image for accounts service
       - name: build docker image
-        run: sudo docker build -f ./Home/Dockerfile .
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 45
+          max_attempts: 3
+          command: sudo docker build --no-cache -f ./Home/Dockerfile .
 
   docker-build-worker:
     runs-on: ubuntu-latest
@@ -64,11 +88,19 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Preinstall 
-        run: npm run prerun
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 10
+          max_attempts: 3
+          command: npm run prerun
       
       # build image for accounts service
       - name: build docker image
-        run: sudo docker build -f ./Worker/Dockerfile .
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 45
+          max_attempts: 3
+          command: sudo docker build --no-cache -f ./Worker/Dockerfile .
 
   docker-build-workflow:
     runs-on: ubuntu-latest
@@ -79,11 +111,19 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Preinstall 
-        run: npm run prerun
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 10
+          max_attempts: 3
+          command: npm run prerun
       
       # build image for accounts service
       - name: build docker image
-        run: sudo docker build -f ./Workflow/Dockerfile .
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 45
+          max_attempts: 3
+          command: sudo docker build --no-cache -f ./Workflow/Dockerfile .
 
   docker-build-api-reference:
     runs-on: ubuntu-latest
@@ -94,11 +134,19 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Preinstall 
-        run: npm run prerun
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 10
+          max_attempts: 3
+          command: npm run prerun
       
       # build image for accounts service
       - name: build docker image
-        run: sudo docker build -f ./APIReference/Dockerfile .
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 45
+          max_attempts: 3
+          command: sudo docker build --no-cache -f ./APIReference/Dockerfile .
 
   docker-build-docs:
     runs-on: ubuntu-latest
@@ -109,11 +157,19 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Preinstall 
-        run: npm run prerun
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 10
+          max_attempts: 3
+          command: npm run prerun
       
       # build image for accounts service
       - name: build docker image
-        run: sudo docker build -f ./Docs/Dockerfile .
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 45
+          max_attempts: 3
+          command: sudo docker build --no-cache -f ./Docs/Dockerfile .
 
 
   docker-build-otel-collector:
@@ -125,11 +181,19 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Preinstall 
-        run: npm run prerun
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 10
+          max_attempts: 3
+          command: npm run prerun
       
       # build image for accounts service
       - name: build docker image
-        run: sudo docker build -f ./OTelCollector/Dockerfile .
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 45
+          max_attempts: 3
+          command: sudo docker build --no-cache -f ./OTelCollector/Dockerfile .
 
   docker-build-app:
     runs-on: ubuntu-latest
@@ -140,12 +204,20 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Preinstall 
-        run: npm run prerun
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 10
+          max_attempts: 3
+          command: npm run prerun
 
         
       # build image for accounts service
       - name: build docker image
-        run: sudo docker build -f ./App/Dockerfile .
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 45
+          max_attempts: 3
+          command: sudo docker build --no-cache -f ./App/Dockerfile .
 
 
   docker-build-copilot:
@@ -157,11 +229,19 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Preinstall 
-        run: npm run prerun
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 10
+          max_attempts: 3
+          command: npm run prerun
 
       # build image for accounts service
       - name: build docker image
-        run: sudo docker build -f ./Copilot/Dockerfile .
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 45
+          max_attempts: 3
+          command: sudo docker build --no-cache -f ./Copilot/Dockerfile .
 
   docker-build-e2e:
     runs-on: ubuntu-latest
@@ -172,12 +252,20 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Preinstall 
-        run: npm run prerun
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 10
+          max_attempts: 3
+          command: npm run prerun
 
         
       # build image for accounts service
       - name: build docker image
-        run: sudo docker build -f ./E2E/Dockerfile .
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 45
+          max_attempts: 3
+          command: sudo docker build --no-cache -f ./E2E/Dockerfile .
 
   docker-build-admin-dashboard:
     runs-on: ubuntu-latest
@@ -188,11 +276,19 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Preinstall 
-        run: npm run prerun
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 10
+          max_attempts: 3
+          command: npm run prerun
 
       # build image for home
       - name: build docker image
-        run: sudo docker build -f ./AdminDashboard/Dockerfile .
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 45
+          max_attempts: 3
+          command: sudo docker build --no-cache -f ./AdminDashboard/Dockerfile .
 
   docker-build-dashboard:
     runs-on: ubuntu-latest
@@ -203,11 +299,19 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Preinstall 
-        run: npm run prerun
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 10
+          max_attempts: 3
+          command: npm run prerun
 
       # build image for home
       - name: build docker image
-        run: sudo docker build -f ./Dashboard/Dockerfile .
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 45
+          max_attempts: 3
+          command: sudo docker build --no-cache -f ./Dashboard/Dockerfile .
 
   docker-build-probe:
     runs-on: ubuntu-latest
@@ -218,11 +322,19 @@ jobs:
         uses: actions/checkout@v4
       
       - name: Preinstall 
-        run: npm run prerun
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 10
+          max_attempts: 3
+          command: npm run prerun
         
       # build image probe api
       - name: build docker image
-        run: sudo docker build -f ./Probe/Dockerfile .
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 45
+          max_attempts: 3
+          command: sudo docker build --no-cache -f ./Probe/Dockerfile .
 
   docker-build-probe-ingest:
     runs-on: ubuntu-latest
@@ -233,11 +345,19 @@ jobs:
         uses: actions/checkout@v4
       
       - name: Preinstall 
-        run: npm run prerun
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 10
+          max_attempts: 3
+          command: npm run prerun
         
       # build image probe api
       - name: build docker image
-        run: sudo docker build -f ./ProbeIngest/Dockerfile .
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 45
+          max_attempts: 3
+          command: sudo docker build --no-cache -f ./ProbeIngest/Dockerfile .
 
   docker-build-server-monitor-ingest:
     runs-on: ubuntu-latest
@@ -248,13 +368,21 @@ jobs:
         uses: actions/checkout@v4
       
       - name: Preinstall 
-        run: npm run prerun
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 10
+          max_attempts: 3
+          command: npm run prerun
         
       # build image probe api
       - name: build docker image
-        run: sudo docker build -f ./ServerMonitorIngest/Dockerfile .
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 45
+          max_attempts: 3
+          command: sudo docker build --no-cache -f ./ServerMonitorIngest/Dockerfile .
 
-  docker-build-open-telemetry-ingest:
+  docker-build-telemetry:
     runs-on: ubuntu-latest
     env:
       CI_PIPELINE_ID: ${{github.run_number}}
@@ -263,11 +391,19 @@ jobs:
         uses: actions/checkout@v4
       
       - name: Preinstall 
-        run: npm run prerun
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 10
+          max_attempts: 3
+          command: npm run prerun
         
       # build image probe api
       - name: build docker image
-        run: sudo docker build -f ./OpenTelemetryIngest/Dockerfile .
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 45
+          max_attempts: 3
+          command: sudo docker build --no-cache -f ./Telemetry/Dockerfile .
 
   docker-build-incoming-request-ingest:
     runs-on: ubuntu-latest
@@ -278,26 +414,19 @@ jobs:
         uses: actions/checkout@v4
       
       - name: Preinstall 
-        run: npm run prerun
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 10
+          max_attempts: 3
+          command: npm run prerun
         
       # build image probe api
       - name: build docker image
-        run: sudo docker build -f ./IncomingRequestIngest/Dockerfile .
-
-  docker-build-fluent-ingest:
-    runs-on: ubuntu-latest
-    env:
-      CI_PIPELINE_ID: ${{github.run_number}}
-    steps:
-      - name: Checkout 
-        uses: actions/checkout@v4
-      
-      - name: Preinstall 
-        run: npm run prerun
-        
-      # build image probe api
-      - name: build docker image
-        run: sudo docker build -f ./FluentIngest/Dockerfile .
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 45
+          max_attempts: 3
+          command: sudo docker build --no-cache -f ./IncomingRequestIngest/Dockerfile .
 
   docker-build-status-page:
     runs-on: ubuntu-latest
@@ -308,11 +437,19 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Preinstall 
-        run: npm run prerun
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 10
+          max_attempts: 3
+          command: npm run prerun
         
       # build image for home
       - name: build docker image
-        run: sudo docker build -f ./StatusPage/Dockerfile .
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 45
+          max_attempts: 3
+          command: sudo docker build --no-cache -f ./StatusPage/Dockerfile .
 
   docker-build-test-server:
     runs-on: ubuntu-latest
@@ -323,8 +460,16 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Preinstall 
-        run: npm run prerun
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 10
+          max_attempts: 3
+          command: npm run prerun
 
       # build image for mail service
       - name: build docker image
-        run: sudo docker build -f ./TestServer/Dockerfile .
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 45
+          max_attempts: 3
+          command: sudo docker build --no-cache -f ./TestServer/Dockerfile .

.github/workflows/compile.yml

@@ -20,7 +20,12 @@ jobs:
         with:
           node-version: latest
       - run: cd Common && npm install
-      - run: cd Accounts && npm install && npm run compile && npm run dep-check
+      - name: Compile Accounts
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd Accounts && npm install && npm run compile && npm run dep-check
 
   compile-isolated-vm:
     runs-on: ubuntu-latest
@@ -32,7 +37,12 @@ jobs:
         with:
           node-version: latest
       - run: cd Common && npm install
-      - run: cd IsolatedVM && npm install && npm run compile && npm run dep-check
+      - name: Compile IsolatedVM
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd IsolatedVM && npm install && npm run compile && npm run dep-check
 
   compile-common:
     runs-on: ubuntu-latest
@@ -43,7 +53,12 @@ jobs:
       - uses: actions/setup-node@v4
         with:
           node-version: latest
-      - run: cd Common && npm install && npm run compile && npm run dep-check
+      - name: Compile Common
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd Common && npm install && npm run compile && npm run dep-check
 
   compile-app:
     runs-on: ubuntu-latest
@@ -55,7 +70,12 @@ jobs:
         with:
           node-version: latest
       - run: cd Common && npm install
-      - run: cd App && npm install && npm run compile && npm run dep-check
+      - name: Compile App
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd App && npm install && npm run compile && npm run dep-check
 
   compile-home:
     runs-on: ubuntu-latest
@@ -67,7 +87,12 @@ jobs:
         with:
           node-version: latest
       - run: cd Common && npm install
-      - run: cd Home && npm install && npm run compile && npm run dep-check
+      - name: Compile Home
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd Home && npm install && npm run compile && npm run dep-check
 
   compile-worker:
     runs-on: ubuntu-latest
@@ -79,7 +104,12 @@ jobs:
         with:
           node-version: latest
       - run: cd Common && npm install
-      - run: cd Worker && npm install && npm run compile && npm run dep-check
+      - name: Compile Worker
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd Worker && npm install && npm run compile && npm run dep-check
 
   compile-workflow:
     runs-on: ubuntu-latest
@@ -91,7 +121,12 @@ jobs:
         with:
           node-version: latest
       - run: cd Common && npm install
-      - run: cd Workflow && npm install && npm run compile && npm run dep-check
+      - name: Compile Workflow
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd Workflow && npm install && npm run compile && npm run dep-check
 
   compile-api-reference:
     runs-on: ubuntu-latest
@@ -103,7 +138,12 @@ jobs:
         with:
           node-version: latest
       - run: cd Common && npm install
-      - run: cd APIReference && npm install && npm run compile && npm run dep-check
+      - name: Compile API Reference
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd APIReference && npm install && npm run compile && npm run dep-check
 
   compile-docs-reference:
     runs-on: ubuntu-latest
@@ -115,7 +155,12 @@ jobs:
         with:
           node-version: latest
       - run: cd Common && npm install
-      - run: cd Docs && npm install && npm run compile && npm run dep-check
+      - name: Compile Docs Reference
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd Docs && npm install && npm run compile && npm run dep-check
 
   compile-copilot:
     runs-on: ubuntu-latest
@@ -127,7 +172,12 @@ jobs:
         with:
           node-version: latest
       - run: cd Common && npm install
-      - run: cd Copilot && npm install && npm run compile && npm run dep-check
+      - name: Compile Copilot
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd Copilot && npm install && npm run compile && npm run dep-check
 
   compile-nginx:
     runs-on: ubuntu-latest
@@ -140,7 +190,12 @@ jobs:
           node-version: latest
       - run: cd Common && npm install
       
-      - run: cd Nginx && npm install && npm run compile && npm run dep-check
+      - name: Compile Nginx
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd Nginx && npm install && npm run compile && npm run dep-check
 
   compile-infrastructure-agent:
     runs-on: ubuntu-latest
@@ -150,7 +205,12 @@ jobs:
       - uses: actions/checkout@v4
       # Setup Go
       - uses: actions/setup-go@v5
-      - run: cd InfrastructureAgent && go build .
+      - name: Compile Infrastructure Agent
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd InfrastructureAgent && go build .
   
 
   compile-admin-dashboard:
@@ -164,7 +224,12 @@ jobs:
           node-version: latest
       - run: cd Common && npm install
       
-      - run: cd AdminDashboard && npm install && npm run compile && npm run dep-check
+      - name: Compile Admin Dashboard
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd AdminDashboard && npm install && npm run compile && npm run dep-check
 
   compile-dashboard:
     runs-on: ubuntu-latest
@@ -177,7 +242,12 @@ jobs:
           node-version: latest
       - run: cd Common && npm install
       
-      - run: cd Dashboard && npm install && npm run compile && npm run dep-check
+      - name: Compile Dashboard
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd Dashboard && npm install && npm run compile && npm run dep-check
 
 
   compile-e2e:
@@ -191,7 +261,12 @@ jobs:
           node-version: latest
       - run: sudo apt-get update
       - run: cd Common && npm install
-      - run: cd E2E && npm install && npm run compile && npm run dep-check
+      - name: Compile E2E
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd E2E && npm install && npm run compile && npm run dep-check
 
   compile-probe:
     runs-on: ubuntu-latest
@@ -203,7 +278,12 @@ jobs:
         with:
           node-version: latest
       - run: cd Common && npm install
-      - run: cd Probe && npm install && npm run compile && npm run dep-check
+      - name: Compile Probe
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd Probe && npm install && npm run compile && npm run dep-check
 
   compile-probe-ingest:
     runs-on: ubuntu-latest
@@ -215,7 +295,12 @@ jobs:
         with:
           node-version: latest
       - run: cd Common && npm install
-      - run: cd ProbeIngest && npm install && npm run compile && npm run dep-check
+      - name: Compile Probe Ingest
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd ProbeIngest && npm install && npm run compile && npm run dep-check
 
   compile-server-monitor-ingest:
     runs-on: ubuntu-latest
@@ -227,9 +312,14 @@ jobs:
         with:
           node-version: latest
       - run: cd Common && npm install
-      - run: cd ServerMonitorIngest && npm install && npm run compile && npm run dep-check
+      - name: Compile Server Monitor Ingest
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd ServerMonitorIngest && npm install && npm run compile && npm run dep-check
 
-  compile-open-telemetry-ingest:
+  compile-telemetry:
     runs-on: ubuntu-latest
     env:
       CI_PIPELINE_ID: ${{github.run_number}}
@@ -239,7 +329,12 @@ jobs:
         with:
           node-version: latest
       - run: cd Common && npm install
-      - run: cd OpenTelemetryIngest && npm install && npm run compile && npm run dep-check
+      - name: Compile Telemetry
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd Telemetry && npm install && npm run compile && npm run dep-check
 
 
   compile-incoming-request-ingest: 
@@ -252,20 +347,12 @@ jobs:
         with:
           node-version: latest
       - run: cd Common && npm install
-      - run: cd IncomingRequestIngest && npm install && npm run compile && npm run dep-check
-
-  compile-fluent-ingest:
-    runs-on: ubuntu-latest
-    env:
-      CI_PIPELINE_ID: ${{github.run_number}}
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - name: Compile Incoming Request Ingest
+        uses: nick-fields/retry@v3
         with:
-          node-version: latest
-      - run: cd Common && npm install
-      - run: cd FluentIngest && npm install && npm run compile && npm run dep-check
-  
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd IncomingRequestIngest && npm install && npm run compile && npm run dep-check
 
   compile-status-page:
     runs-on: ubuntu-latest
@@ -278,7 +365,12 @@ jobs:
           node-version: latest
       - run: cd Common && npm install
       
-      - run: cd StatusPage && npm install && npm run compile && npm run dep-check
+      - name: Compile Status Page
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd StatusPage && npm install && npm run compile && npm run dep-check
 
   compile-test-server:
     runs-on: ubuntu-latest
@@ -290,7 +382,12 @@ jobs:
         with:
           node-version: latest
       - run: cd Common && npm install
-      - run: cd TestServer && npm install && npm run compile && npm run dep-check
+      - name: Compile Test Server
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd TestServer && npm install && npm run compile && npm run dep-check
 
   compile-mcp:
     runs-on: ubuntu-latest
@@ -302,4 +399,9 @@ jobs:
         with:
           node-version: latest
       - run: cd Common && npm install
-      - run: cd MCP && npm install && npm run compile && npm run dep-check
+      - name: Compile MCP
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: cd MCP && npm update @oneuptime/common && npm install && npm run compile && npm run dep-check

.github/workflows/npm-audit-fix.yml

@@ -0,0 +1,49 @@
+name: NPM Audit Fix
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  npm-audit-fix:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: Run npm audit fix across packages
+        run: npm run audit-fix
+
+      - name: Detect changes
+        id: changes
+        run: |
+          if git status --porcelain | grep .; then
+            echo "has_changes=true" >> $GITHUB_OUTPUT
+          else
+            echo "has_changes=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Create pull request
+        if: steps.changes.outputs.has_changes == 'true'
+        uses: peter-evans/create-pull-request@v6
+        with:
+          commit-message: "chore: npm audit fix"
+          title: "chore: npm audit fix"
+          body: |
+            Automated npm audit fix run.
+            Workflow: ${{ github.workflow }}
+            Run ID: ${{ github.run_id }}
+          branch: chore/npm-audit-fix
+          delete-branch: true

.github/workflows/reliability-copilot.yml

@@ -1,32 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-name: "OneUptime Reliability Copilot"
-
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ master ]
-  schedule:
-    # Run every day at midnight UTC
-    - cron: '0 0 * * *'
-
-jobs:
-  analyze:
-    name: Analyze Code
-    runs-on: ubuntu-latest
-
-    steps:
-      
-    # Run Reliability Copilot in Docker Container
-    - name: Run Copilot
-      run: |
-        docker run --rm \
-          -e ONEUPTIME_URL="https://test.oneuptime.com" \
-          -e ONEUPTIME_REPOSITORY_SECRET_KEY="${{ secrets.COPILOT_ONEUPTIME_REPOSITORY_SECRET_KEY }}" \
-          -e CODE_REPOSITORY_PASSWORD="${{ github.token }}" \
-          -e CODE_REPOSITORY_USERNAME="simlarsen" \
-          -e OPENAI_API_KEY="${{ secrets.OPENAI_API_KEY }}" \
-          --net=host oneuptime/copilot:test

.github/workflows/terraform-provider-generation.yml

@@ -77,17 +77,21 @@ jobs:
           ls -la "$PROVIDER_DIR" || true
 
       - name: Test Go build
-        run: |
-          PROVIDER_DIR="./Terraform"
-          if [ -d "$PROVIDER_DIR" ] && [ -f "$PROVIDER_DIR/go.mod" ]; then
-            cd "$PROVIDER_DIR"
-            echo "🔨 Testing Go build..."
-            go mod tidy
-            go build -v ./...
-            echo "✅ Go build successful"
-          else
-            echo "⚠️ Cannot test build - missing go.mod or provider directory"
-          fi
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: |
+            PROVIDER_DIR="./Terraform"
+            if [ -d "$PROVIDER_DIR" ] && [ -f "$PROVIDER_DIR/go.mod" ]; then
+              cd "$PROVIDER_DIR"
+              echo "🔨 Testing Go build..."
+              go mod tidy
+              go build -v ./...
+              echo "✅ Go build successful"
+            else
+              echo "⚠️ Cannot test build - missing go.mod or provider directory"
+            fi
 
       - name: Upload Terraform provider as artifact
         uses: actions/upload-artifact@v4

.github/workflows/test.fluent-ingest.yaml

@@ -1,20 +0,0 @@
-name: Fluent Ingest Test
-
-on:
-  pull_request: 
-  push:
-    branches-ignore:
-      - 'hotfix-*'   # excludes hotfix branches
-      - 'release'
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    env:
-      CI_PIPELINE_ID: ${{github.run_number}}
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version: latest
-      - run: cd FluentIngest && npm install && npm run test

.github/workflows/test.telemetry.yaml

@@ -1,4 +1,4 @@
-name: OpenTelemetryIngest Test
+name: Telemetry Test
 
 on:
   pull_request: 
@@ -17,5 +17,6 @@ jobs:
       - uses: actions/setup-node@v4
         with:
           node-version: latest
-      - run: cd OpenTelemetryIngest && npm install && npm run test
+      - run: cd Common && npm install
+      - run: cd Telemetry && npm install && npm run test
   

.gitignore

@@ -127,3 +127,4 @@ MCP/build/
 MCP/.env
 MCP/node_modules 
 Dashboard/public/sw.js
+.claude/settings.local.json

.vscode/launch.json

@@ -205,8 +205,8 @@
         },
         {
             "address": "127.0.0.1",
-            "localRoot": "${workspaceFolder}/OpenTelemetryIngest",
-            "name": "OpenTelemetryIngest: Debug with Docker",
+            "localRoot": "${workspaceFolder}/Telemetry",
+            "name": "Telemetry: Debug with Docker",
             "port": 9938,
             "remoteRoot": "/usr/src/app",
             "request": "attach",
@@ -217,20 +217,6 @@
             "restart": true,
             "autoAttachChildProcesses": true
         },
-        {
-            "address": "127.0.0.1",
-            "localRoot": "${workspaceFolder}/FluentIngest",
-            "name": "Fluent Ingest: Debug with Docker",
-            "port": 9937,
-            "remoteRoot": "/usr/src/app",
-            "request": "attach",
-            "skipFiles": [
-                "<node_internals>/**"
-            ],
-            "type": "node",
-            "restart": true,
-            "autoAttachChildProcesses": true
-        },
         {
             "address": "127.0.0.1",
             "localRoot": "${workspaceFolder}/IsolatedVM",

APIReference/Dockerfile.tpl

@@ -3,7 +3,7 @@
 #
 
 # Pull base image nodejs image.
-FROM public.ecr.aws/docker/library/node:23.8-alpine3.21
+FROM public.ecr.aws/docker/library/node:24.9-alpine3.21
 RUN mkdir /tmp/npm &&  chmod 2777 /tmp/npm && chown 1000:1000 /tmp/npm && npm config set cache /tmp/npm --global
 
 RUN npm config set fetch-retries 5
@@ -14,9 +14,12 @@ RUN npm config set fetch-retry-maxtimeout 600000
 
 ARG GIT_SHA
 ARG APP_VERSION
+ARG IS_ENTERPRISE_EDITION=false
 
 ENV GIT_SHA=${GIT_SHA}
 ENV APP_VERSION=${APP_VERSION}
+ENV IS_ENTERPRISE_EDITION=${IS_ENTERPRISE_EDITION}
+ENV PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1
 
 
 # IF APP_VERSION is not set, set it to 1.0.0

APIReference/Service/Authentication.ts

@@ -2,6 +2,7 @@ import { IsBillingEnabled } from "Common/Server/EnvironmentConfig";
 import { ViewsPath } from "../Utils/Config";
 import ResourceUtil, { ModelDocumentation } from "../Utils/Resources";
 import { ExpressRequest, ExpressResponse } from "Common/Server/Utils/Express";
+import Dictionary from "Common/Types/Dictionary";
 
 // Retrieve resources documentation
 const Resources: Array<ModelDocumentation> = ResourceUtil.getResources();
@@ -16,7 +17,7 @@ export default class ServiceHandler {
 
     // Extract page parameter from request
     const page: string | undefined = req.params["page"];
-    const pageData: any = {};
+    const pageData: Dictionary<unknown> = {};
 
     // Set default page title and description for the authentication page
     pageTitle = "Authentication";

APIReference/Service/DataType.ts

@@ -4,6 +4,7 @@ import ResourceUtil, { ModelDocumentation } from "../Utils/Resources";
 import LocalCache from "Common/Server/Infrastructure/LocalCache";
 import { ExpressRequest, ExpressResponse } from "Common/Server/Utils/Express";
 import LocalFile from "Common/Server/Utils/LocalFile";
+import Dictionary from "Common/Types/Dictionary";
 
 const Resources: Array<ModelDocumentation> = ResourceUtil.getResources();
 
@@ -12,9 +13,9 @@ export default class ServiceHandler {
     _req: ExpressRequest,
     res: ExpressResponse,
   ): Promise<void> {
-    const pageData: any = {};
+    const pageData: Dictionary<unknown> = {};
 
-    pageData.selectCode = await LocalCache.getOrSetString(
+    pageData["selectCode"] = await LocalCache.getOrSetString(
       "data-type",
       "select",
       async () => {
@@ -22,7 +23,7 @@ export default class ServiceHandler {
       },
     );
 
-    pageData.sortCode = await LocalCache.getOrSetString(
+    pageData["sortCode"] = await LocalCache.getOrSetString(
       "data-type",
       "sort",
       async () => {
@@ -30,7 +31,7 @@ export default class ServiceHandler {
       },
     );
 
-    pageData.equalToCode = await LocalCache.getOrSetString(
+    pageData["equalToCode"] = await LocalCache.getOrSetString(
       "data-type",
       "equal-to",
       async () => {
@@ -38,7 +39,7 @@ export default class ServiceHandler {
       },
     );
 
-    pageData.equalToOrNullCode = await LocalCache.getOrSetString(
+    pageData["equalToOrNullCode"] = await LocalCache.getOrSetString(
       "data-type",
       "equal-to-or-null",
       async () => {
@@ -48,7 +49,7 @@ export default class ServiceHandler {
       },
     );
 
-    pageData.greaterThanCode = await LocalCache.getOrSetString(
+    pageData["greaterThanCode"] = await LocalCache.getOrSetString(
       "data-type",
       "greater-than",
       async () => {
@@ -58,7 +59,7 @@ export default class ServiceHandler {
       },
     );
 
-    pageData.greaterThanOrEqualCode = await LocalCache.getOrSetString(
+    pageData["greaterThanOrEqualCode"] = await LocalCache.getOrSetString(
       "data-type",
       "greater-than-or-equal",
       async () => {
@@ -68,7 +69,7 @@ export default class ServiceHandler {
       },
     );
 
-    pageData.lessThanCode = await LocalCache.getOrSetString(
+    pageData["lessThanCode"] = await LocalCache.getOrSetString(
       "data-type",
       "less-than",
       async () => {
@@ -78,7 +79,7 @@ export default class ServiceHandler {
       },
     );
 
-    pageData.lessThanOrEqualCode = await LocalCache.getOrSetString(
+    pageData["lessThanOrEqualCode"] = await LocalCache.getOrSetString(
       "data-type",
       "less-than-or-equal",
       async () => {
@@ -88,7 +89,7 @@ export default class ServiceHandler {
       },
     );
 
-    pageData.includesCode = await LocalCache.getOrSetString(
+    pageData["includesCode"] = await LocalCache.getOrSetString(
       "data-type",
       "includes",
       async () => {
@@ -98,7 +99,7 @@ export default class ServiceHandler {
       },
     );
 
-    pageData.lessThanOrNullCode = await LocalCache.getOrSetString(
+    pageData["lessThanOrNullCode"] = await LocalCache.getOrSetString(
       "data-type",
       "less-than-or-equal",
       async () => {
@@ -108,7 +109,7 @@ export default class ServiceHandler {
       },
     );
 
-    pageData.greaterThanOrNullCode = await LocalCache.getOrSetString(
+    pageData["greaterThanOrNullCode"] = await LocalCache.getOrSetString(
       "data-type",
       "less-than-or-equal",
       async () => {
@@ -118,7 +119,7 @@ export default class ServiceHandler {
       },
     );
 
-    pageData.isNullCode = await LocalCache.getOrSetString(
+    pageData["isNullCode"] = await LocalCache.getOrSetString(
       "data-type",
       "is-null",
       async () => {
@@ -126,7 +127,7 @@ export default class ServiceHandler {
       },
     );
 
-    pageData.notNullCode = await LocalCache.getOrSetString(
+    pageData["notNullCode"] = await LocalCache.getOrSetString(
       "data-type",
       "not-null",
       async () => {
@@ -134,7 +135,7 @@ export default class ServiceHandler {
       },
     );
 
-    pageData.notEqualToCode = await LocalCache.getOrSetString(
+    pageData["notEqualToCode"] = await LocalCache.getOrSetString(
       "data-type",
       "not-equals",
       async () => {

APIReference/Service/Errors.ts

@@ -2,6 +2,7 @@ import { IsBillingEnabled } from "Common/Server/EnvironmentConfig";
 import { ViewsPath } from "../Utils/Config";
 import ResourceUtil, { ModelDocumentation } from "../Utils/Resources";
 import { ExpressRequest, ExpressResponse } from "Common/Server/Utils/Express";
+import Dictionary from "Common/Types/Dictionary";
 
 // Fetch a list of resources used in the application
 const Resources: Array<ModelDocumentation> = ResourceUtil.getResources();
@@ -17,7 +18,7 @@ export default class ServiceHandler {
 
     // Get the 'page' parameter from the request
     const page: string | undefined = req.params["page"];
-    const pageData: any = {};
+    const pageData: Dictionary<unknown> = {};
 
     // Set the default page title and description
     pageTitle = "Errors";

APIReference/Service/Introduction.ts

@@ -2,6 +2,7 @@ import { IsBillingEnabled } from "Common/Server/EnvironmentConfig";
 import { ViewsPath } from "../Utils/Config";
 import ResourceUtil, { ModelDocumentation } from "../Utils/Resources";
 import { ExpressRequest, ExpressResponse } from "Common/Server/Utils/Express";
+import Dictionary from "Common/Types/Dictionary";
 
 // Get all resources and featured resources from ResourceUtil
 const Resources: Array<ModelDocumentation> = ResourceUtil.getResources();
@@ -20,10 +21,10 @@ export default class ServiceHandler {
 
     // Get the requested page from the URL parameters
     const page: string | undefined = req.params["page"];
-    const pageData: any = {};
+    const pageData: Dictionary<unknown> = {};
 
     // Set featured resources for the page
-    pageData.featuredResources = FeaturedResources;
+    pageData["featuredResources"] = FeaturedResources;
 
     // Set page title and description
     pageTitle = "Introduction";

APIReference/Service/Model.ts

@@ -3,7 +3,10 @@ import ResourceUtil, { ModelDocumentation } from "../Utils/Resources";
 import PageNotFoundServiceHandler from "./PageNotFound";
 import { AppApiRoute } from "Common/ServiceRoute";
 import { ColumnAccessControl } from "Common/Types/BaseDatabase/AccessControl";
-import { getTableColumns } from "Common/Types/Database/TableColumn";
+import {
+  getTableColumns,
+  TableColumnMetadata,
+} from "Common/Types/Database/TableColumn";
 import Dictionary from "Common/Types/Dictionary";
 import ObjectID from "Common/Types/ObjectID";
 import Permission, {
@@ -33,7 +36,7 @@ export default class ServiceHandler {
     let pageTitle: string = "";
     let pageDescription: string = "";
     let page: string | undefined = req.params["page"];
-    const pageData: any = {};
+    const pageData: Dictionary<unknown> = {};
 
     // Check if page is provided
     if (!page) {
@@ -56,7 +59,9 @@ export default class ServiceHandler {
     page = "model";
 
     // Get table columns for current resource
-    const tableColumns: any = getTableColumns(currentResource.model);
+    const tableColumns: Dictionary<TableColumnMetadata> = getTableColumns(
+      currentResource.model,
+    );
 
     // Filter out columns with no access
     for (const key in tableColumns) {
@@ -77,12 +82,14 @@ export default class ServiceHandler {
         continue;
       }
 
-      if (tableColumns[key].hideColumnInDocumentation) {
+      if (tableColumns[key] && tableColumns[key]!.hideColumnInDocumentation) {
         delete tableColumns[key];
         continue;
       }
 
-      tableColumns[key].permissions = accessControl;
+      if (tableColumns[key]) {
+        (tableColumns[key] as any).permissions = accessControl;
+      }
     }
 
     // Remove unnecessary columns
@@ -92,11 +99,11 @@ export default class ServiceHandler {
     delete tableColumns["version"];
 
     // Set page data
-    pageData.title = currentResource.model.singularName;
-    pageData.description = currentResource.model.tableDescription;
-    pageData.columns = tableColumns;
+    pageData["title"] = currentResource.model.singularName;
+    pageData["description"] = currentResource.model.tableDescription;
+    pageData["columns"] = tableColumns;
 
-    pageData.tablePermissions = {
+    pageData["tablePermissions"] = {
       read: currentResource.model.readRecordPermissions.map(
         (permission: Permission) => {
           return PermissionDictionary[permission];
@@ -120,7 +127,7 @@ export default class ServiceHandler {
     };
 
     // Cache the list request data
-    pageData.listRequest = await LocalCache.getOrSetString(
+    pageData["listRequest"] = await LocalCache.getOrSetString(
       "model",
       "list-request",
       async () => {
@@ -130,7 +137,7 @@ export default class ServiceHandler {
     );
 
     // Cache the item request data
-    pageData.itemRequest = await LocalCache.getOrSetString(
+    pageData["itemRequest"] = await LocalCache.getOrSetString(
       "model",
       "item-request",
       async () => {
@@ -140,7 +147,7 @@ export default class ServiceHandler {
     );
 
     // Cache the item response data
-    pageData.itemResponse = await LocalCache.getOrSetString(
+    pageData["itemResponse"] = await LocalCache.getOrSetString(
       "model",
       "item-response",
       async () => {
@@ -152,7 +159,7 @@ export default class ServiceHandler {
     );
 
     // Cache the count request data
-    pageData.countRequest = await LocalCache.getOrSetString(
+    pageData["countRequest"] = await LocalCache.getOrSetString(
       "model",
       "count-request",
       async () => {
@@ -164,7 +171,7 @@ export default class ServiceHandler {
     );
 
     // Cache the count response data
-    pageData.countResponse = await LocalCache.getOrSetString(
+    pageData["countResponse"] = await LocalCache.getOrSetString(
       "model",
       "count-response",
       async () => {
@@ -175,7 +182,7 @@ export default class ServiceHandler {
       },
     );
 
-    pageData.updateRequest = await LocalCache.getOrSetString(
+    pageData["updateRequest"] = await LocalCache.getOrSetString(
       "model",
       "update-request",
       async () => {
@@ -186,7 +193,7 @@ export default class ServiceHandler {
       },
     );
 
-    pageData.updateResponse = await LocalCache.getOrSetString(
+    pageData["updateResponse"] = await LocalCache.getOrSetString(
       "model",
       "update-response",
       async () => {
@@ -197,7 +204,7 @@ export default class ServiceHandler {
       },
     );
 
-    pageData.createRequest = await LocalCache.getOrSetString(
+    pageData["createRequest"] = await LocalCache.getOrSetString(
       "model",
       "create-request",
       async () => {
@@ -208,7 +215,7 @@ export default class ServiceHandler {
       },
     );
 
-    pageData.createResponse = await LocalCache.getOrSetString(
+    pageData["createResponse"] = await LocalCache.getOrSetString(
       "model",
       "create-response",
       async () => {
@@ -219,7 +226,7 @@ export default class ServiceHandler {
       },
     );
 
-    pageData.deleteRequest = await LocalCache.getOrSetString(
+    pageData["deleteRequest"] = await LocalCache.getOrSetString(
       "model",
       "delete-request",
       async () => {
@@ -230,7 +237,7 @@ export default class ServiceHandler {
       },
     );
 
-    pageData.deleteResponse = await LocalCache.getOrSetString(
+    pageData["deleteResponse"] = await LocalCache.getOrSetString(
       "model",
       "delete-response",
       async () => {
@@ -242,7 +249,7 @@ export default class ServiceHandler {
     );
 
     // Get list response from cache or set it if it's not available
-    pageData.listResponse = await LocalCache.getOrSetString(
+    pageData["listResponse"] = await LocalCache.getOrSetString(
       "model",
       "list-response",
       async () => {
@@ -254,14 +261,15 @@ export default class ServiceHandler {
     );
 
     // Generate a unique ID for the example object
-    pageData.exampleObjectID = ObjectID.generate();
+    pageData["exampleObjectID"] = ObjectID.generate();
 
     // Construct the API path for the current resource
-    pageData.apiPath =
+    pageData["apiPath"] =
       AppApiRoute.toString() + currentResource.model.crudApiPath?.toString();
 
     // Check if the current resource is a master admin API
-    pageData.isMasterAdminApiDocs = currentResource.model.isMasterAdminApiDocs;
+    pageData["isMasterAdminApiDocs"] =
+      currentResource.model.isMasterAdminApiDocs;
 
     // Render the index page with the required data
     return res.render(`${ViewsPath}/pages/index`, {

APIReference/Service/OpenAPI.ts

@@ -7,6 +7,7 @@ import { ViewsPath } from "../Utils/Config";
 import ResourceUtil, { ModelDocumentation } from "../Utils/Resources";
 import { ExpressRequest, ExpressResponse } from "Common/Server/Utils/Express";
 import URL from "Common/Types/API/URL";
+import Dictionary from "Common/Types/Dictionary";
 
 // Fetch a list of resources used in the application
 const Resources: Array<ModelDocumentation> = ResourceUtil.getResources();
@@ -22,7 +23,7 @@ export default class ServiceHandler {
 
     // Get the 'page' parameter from the request
     const page: string | undefined = req.params["page"];
-    const pageData: any = {
+    const pageData: Dictionary<unknown> = {
       hostUrl: new URL(HttpProtocol, Host).toString(),
     };
 

APIReference/Service/Pagination.ts

@@ -4,6 +4,7 @@ import ResourceUtil, { ModelDocumentation } from "../Utils/Resources";
 import LocalCache from "Common/Server/Infrastructure/LocalCache";
 import { ExpressRequest, ExpressResponse } from "Common/Server/Utils/Express";
 import LocalFile from "Common/Server/Utils/LocalFile";
+import Dictionary from "Common/Types/Dictionary";
 
 const Resources: Array<ModelDocumentation> = ResourceUtil.getResources(); // Get all resources from ResourceUtil
 
@@ -15,14 +16,14 @@ export default class ServiceHandler {
     let pageTitle: string = ""; // Initialize page title
     let pageDescription: string = ""; // Initialize page description
     const page: string | undefined = req.params["page"]; // Get the page parameter from the request
-    const pageData: any = {}; // Initialize page data object
+    const pageData: Dictionary<unknown> = {}; // Initialize page data object
 
     // Set page title and description
     pageTitle = "Pagination";
     pageDescription = "Learn how to paginate requests with OneUptime API";
 
     // Get response and request code from LocalCache or LocalFile
-    pageData.responseCode = await LocalCache.getOrSetString(
+    pageData["responseCode"] = await LocalCache.getOrSetString(
       "pagination",
       "response",
       async () => {
@@ -33,7 +34,7 @@ export default class ServiceHandler {
       },
     );
 
-    pageData.requestCode = await LocalCache.getOrSetString(
+    pageData["requestCode"] = await LocalCache.getOrSetString(
       "pagination",
       "request",
       async () => {

APIReference/Service/Permissions.ts

@@ -3,6 +3,7 @@ import ResourceUtil, { ModelDocumentation } from "../Utils/Resources";
 import { PermissionHelper, PermissionProps } from "Common/Types/Permission";
 import { ExpressRequest, ExpressResponse } from "Common/Server/Utils/Express";
 import { IsBillingEnabled } from "Common/Server/EnvironmentConfig";
+import Dictionary from "Common/Types/Dictionary";
 
 const Resources: Array<ModelDocumentation> = ResourceUtil.getResources();
 
@@ -17,14 +18,14 @@ export default class ServiceHandler {
 
     // Get the requested page
     const page: string | undefined = req.params["page"];
-    const pageData: any = {};
+    const pageData: Dictionary<unknown> = {};
 
     // Set page title and description
     pageTitle = "Permissions";
     pageDescription = "Learn how permissions work with OneUptime";
 
     // Filter permissions to only include those assignable to tenants
-    pageData.permissions = PermissionHelper.getAllPermissionProps().filter(
+    pageData["permissions"] = PermissionHelper.getAllPermissionProps().filter(
       (i: PermissionProps) => {
         return i.isAssignableToTenant;
       },

APIReference/nodemon.json

@@ -1,8 +1,14 @@
 {
     "watch": ["./","../Common/Server", "../Common/Types", "../Common/Utils", "../Common/Models"],
-    "ext": "ts,json,tsx,env,js,jsx,hbs",
+    "ext": "ts,tsx",
     "ignore": [
+        "./node_modules/**",
+        "./public/**",
+        "./bin/**",
+        "./build/**",
         "greenlock.d/*"
     ],
-    "exec": "node --inspect=0.0.0.0:9229 --require ts-node/register Index.ts"
+    "watchOptions": {"useFsEvents": false, "interval": 500},
+    "env": {"TS_NODE_TRANSPILE_ONLY": "1", "TS_NODE_FILES": "false"},
+    "exec": "node  -r ts-node/register/transpile-only Index.ts"
 }

APIReference/package-lock.json

@@ -29,27 +29,29 @@
         "@bull-board/express": "^5.21.4",
         "@clickhouse/client": "^1.10.1",
         "@elastic/elasticsearch": "^8.12.1",
+        "@hcaptcha/react-hcaptcha": "^1.14.0",
         "@monaco-editor/react": "^4.4.6",
         "@opentelemetry/api": "^1.9.0",
-        "@opentelemetry/api-logs": "^0.52.1",
+        "@opentelemetry/api-logs": "^0.206.0",
         "@opentelemetry/context-zone": "^1.25.1",
-        "@opentelemetry/exporter-logs-otlp-http": "^0.52.1",
-        "@opentelemetry/exporter-metrics-otlp-proto": "^0.52.1",
-        "@opentelemetry/exporter-trace-otlp-http": "^0.52.1",
-        "@opentelemetry/exporter-trace-otlp-proto": "^0.52.1",
+        "@opentelemetry/exporter-logs-otlp-http": "^0.207.0",
+        "@opentelemetry/exporter-metrics-otlp-proto": "^0.207.0",
+        "@opentelemetry/exporter-trace-otlp-http": "^0.207.0",
+        "@opentelemetry/exporter-trace-otlp-proto": "^0.207.0",
         "@opentelemetry/id-generator-aws-xray": "^1.2.2",
-        "@opentelemetry/instrumentation": "^0.52.1",
-        "@opentelemetry/instrumentation-fetch": "^0.52.1",
-        "@opentelemetry/instrumentation-xml-http-request": "^0.52.1",
+        "@opentelemetry/instrumentation": "^0.207.0",
+        "@opentelemetry/instrumentation-fetch": "^0.207.0",
+        "@opentelemetry/instrumentation-xml-http-request": "^0.207.0",
         "@opentelemetry/resources": "^1.25.1",
-        "@opentelemetry/sdk-logs": "^0.52.1",
+        "@opentelemetry/sdk-logs": "^0.207.0",
         "@opentelemetry/sdk-metrics": "^1.25.1",
-        "@opentelemetry/sdk-node": "^0.52.1",
-        "@opentelemetry/sdk-trace-node": "^1.25.1",
+        "@opentelemetry/sdk-node": "^0.207.0",
         "@opentelemetry/sdk-trace-web": "^1.25.1",
-        "@opentelemetry/semantic-conventions": "^1.26.0",
+        "@opentelemetry/semantic-conventions": "^1.37.0",
         "@remixicon/react": "^4.2.0",
+        "@simplewebauthn/server": "^13.2.2",
         "@tippyjs/react": "^4.2.6",
+        "@types/archiver": "^6.0.3",
         "@types/crypto-js": "^4.2.2",
         "@types/qrcode": "^1.5.5",
         "@types/react-highlight": "^0.12.8",
@@ -58,14 +60,17 @@
         "@types/web-push": "^3.6.4",
         "acme-client": "^5.3.0",
         "airtable": "^0.12.2",
-        "axios": "^1.7.2",
-        "bullmq": "^5.3.3",
+        "archiver": "^7.0.1",
+        "axios": "^1.12.0",
+        "botbuilder": "^4.23.3",
+        "bullmq": "^5.61.0",
         "cookie-parser": "^1.4.7",
         "cors": "^2.8.5",
         "cron-parser": "^4.8.1",
         "crypto-js": "^4.2.0",
         "dotenv": "^16.4.4",
         "ejs": "^3.1.10",
+        "elkjs": "^0.10.0",
         "esbuild": "^0.25.5",
         "express": "^4.21.1",
         "formik": "^2.4.6",
@@ -79,26 +84,26 @@
         "moment": "^2.30.1",
         "moment-timezone": "^0.5.45",
         "node-cron": "^3.0.3",
-        "nodemailer": "^6.9.10",
+        "nodemailer": "^7.0.7",
         "otpauth": "^9.3.1",
-        "pg": "^8.7.3",
-        "playwright": "^1.50.0",
-        "posthog-js": "^1.139.6",
+        "pg": "^8.16.3",
+        "playwright": "^1.56.0",
+        "posthog-js": "^1.275.3",
         "prop-types": "^15.8.1",
         "qrcode": "^1.5.3",
         "react": "^18.3.1",
         "react-beautiful-dnd": "^13.1.1",
-        "react-big-calendar": "^1.13.0",
+        "react-big-calendar": "^1.19.4",
         "react-color": "^2.19.3",
         "react-dom": "^18.3.1",
         "react-dropzone": "^14.2.2",
         "react-error-boundary": "^4.0.13",
         "react-highlight": "^0.15.0",
         "react-markdown": "^8.0.3",
-        "react-router-dom": "^6.24.1",
+        "react-router-dom": "^6.30.1",
         "react-select": "^5.4.0",
         "react-spinners": "^0.14.1",
-        "react-syntax-highlighter": "^15.5.0",
+        "react-syntax-highlighter": "^16.0.0",
         "react-toggle": "^4.1.3",
         "reactflow": "^11.11.4",
         "recharts": "^2.12.7",
@@ -110,16 +115,16 @@
         "socket.io": "^4.7.4",
         "socket.io-client": "^4.7.5",
         "stripe": "^10.17.0",
-        "tailwind-merge": "^2.5.2",
+        "tailwind-merge": "^2.6.0",
         "tippy.js": "^6.3.7",
         "twilio": "^4.22.0",
-        "typeorm": "^0.3.20",
+        "typeorm": "^0.3.26",
         "typeorm-extension": "^2.2.13",
         "universal-cookie": "^7.2.1",
         "use-async-effect": "^2.2.6",
         "uuid": "^8.3.2",
         "web-push": "^3.6.7",
-        "zod": "^3.25.30"
+        "zod": "^3.25.76"
       },
       "devDependencies": {
         "@faker-js/faker": "^8.0.2",
@@ -242,89 +247,20 @@
       }
     },
     "node_modules/@babel/code-frame": {
-      "version": "7.23.5",
-      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.23.5.tgz",
-      "integrity": "sha512-CgH3s1a96LipHCmSUmYFPwY7MNx8C3avkq7i4Wl3cfa662ldtUe4VM1TPXX70pfmrlWTb6jLqTYrZyT2ZTJBgA==",
+      "version": "7.27.1",
+      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.27.1.tgz",
+      "integrity": "sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
-        "@babel/highlight": "^7.23.4",
-        "chalk": "^2.4.2"
+        "@babel/helper-validator-identifier": "^7.27.1",
+        "js-tokens": "^4.0.0",
+        "picocolors": "^1.1.1"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
-    "node_modules/@babel/code-frame/node_modules/ansi-styles": {
-      "version": "3.2.1",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
-      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
-      "dev": true,
-      "dependencies": {
-        "color-convert": "^1.9.0"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
-    "node_modules/@babel/code-frame/node_modules/chalk": {
-      "version": "2.4.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
-      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
-      "dev": true,
-      "dependencies": {
-        "ansi-styles": "^3.2.1",
-        "escape-string-regexp": "^1.0.5",
-        "supports-color": "^5.3.0"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
-    "node_modules/@babel/code-frame/node_modules/color-convert": {
-      "version": "1.9.3",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
-      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
-      "dev": true,
-      "dependencies": {
-        "color-name": "1.1.3"
-      }
-    },
-    "node_modules/@babel/code-frame/node_modules/color-name": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
-      "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==",
-      "dev": true
-    },
-    "node_modules/@babel/code-frame/node_modules/escape-string-regexp": {
-      "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
-      "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==",
-      "dev": true,
-      "engines": {
-        "node": ">=0.8.0"
-      }
-    },
-    "node_modules/@babel/code-frame/node_modules/has-flag": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
-      "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
-      "dev": true,
-      "engines": {
-        "node": ">=4"
-      }
-    },
-    "node_modules/@babel/code-frame/node_modules/supports-color": {
-      "version": "5.5.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
-      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
-      "dev": true,
-      "dependencies": {
-        "has-flag": "^3.0.0"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
     "node_modules/@babel/compat-data": {
       "version": "7.23.5",
       "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.23.5.tgz",
@@ -500,19 +436,21 @@
       }
     },
     "node_modules/@babel/helper-string-parser": {
-      "version": "7.23.4",
-      "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.23.4.tgz",
-      "integrity": "sha512-803gmbQdqwdf4olxrX4AJyFBV/RTr3rSmOj0rKwesmzlfhYNDEs+/iOcznzpNWlJlIlTJC2QfPFcHB6DlzdVLQ==",
+      "version": "7.27.1",
+      "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz",
+      "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==",
       "dev": true,
+      "license": "MIT",
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-validator-identifier": {
-      "version": "7.22.20",
-      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz",
-      "integrity": "sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==",
+      "version": "7.28.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz",
+      "integrity": "sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q==",
       "dev": true,
+      "license": "MIT",
       "engines": {
         "node": ">=6.9.0"
       }
@@ -527,109 +465,28 @@
       }
     },
     "node_modules/@babel/helpers": {
-      "version": "7.23.6",
-      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.23.6.tgz",
-      "integrity": "sha512-wCfsbN4nBidDRhpDhvcKlzHWCTlgJYUUdSJfzXb2NuBssDSIjc3xcb+znA7l+zYsFljAcGM0aFkN40cR3lXiGA==",
+      "version": "7.28.4",
+      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.28.4.tgz",
+      "integrity": "sha512-HFN59MmQXGHVyYadKLVumYsA9dBFun/ldYxipEjzA4196jpLZd8UjEEBLkbEkvfYreDqJhZxYAWFPtrfhNpj4w==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
-        "@babel/template": "^7.22.15",
-        "@babel/traverse": "^7.23.6",
-        "@babel/types": "^7.23.6"
+        "@babel/template": "^7.27.2",
+        "@babel/types": "^7.28.4"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
-    "node_modules/@babel/highlight": {
-      "version": "7.23.4",
-      "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.23.4.tgz",
-      "integrity": "sha512-acGdbYSfp2WheJoJm/EBBBLh/ID8KDc64ISZ9DYtBmC8/Q204PZJLHyzeB5qMzJ5trcOkybd78M4x2KWsUq++A==",
-      "dev": true,
-      "dependencies": {
-        "@babel/helper-validator-identifier": "^7.22.20",
-        "chalk": "^2.4.2",
-        "js-tokens": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=6.9.0"
-      }
-    },
-    "node_modules/@babel/highlight/node_modules/ansi-styles": {
-      "version": "3.2.1",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
-      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
-      "dev": true,
-      "dependencies": {
-        "color-convert": "^1.9.0"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
-    "node_modules/@babel/highlight/node_modules/chalk": {
-      "version": "2.4.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
-      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
-      "dev": true,
-      "dependencies": {
-        "ansi-styles": "^3.2.1",
-        "escape-string-regexp": "^1.0.5",
-        "supports-color": "^5.3.0"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
-    "node_modules/@babel/highlight/node_modules/color-convert": {
-      "version": "1.9.3",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
-      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
-      "dev": true,
-      "dependencies": {
-        "color-name": "1.1.3"
-      }
-    },
-    "node_modules/@babel/highlight/node_modules/color-name": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
-      "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==",
-      "dev": true
-    },
-    "node_modules/@babel/highlight/node_modules/escape-string-regexp": {
-      "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
-      "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==",
-      "dev": true,
-      "engines": {
-        "node": ">=0.8.0"
-      }
-    },
-    "node_modules/@babel/highlight/node_modules/has-flag": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
-      "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
-      "dev": true,
-      "engines": {
-        "node": ">=4"
-      }
-    },
-    "node_modules/@babel/highlight/node_modules/supports-color": {
-      "version": "5.5.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
-      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
-      "dev": true,
-      "dependencies": {
-        "has-flag": "^3.0.0"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
     "node_modules/@babel/parser": {
-      "version": "7.23.6",
-      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.23.6.tgz",
-      "integrity": "sha512-Z2uID7YJ7oNvAI20O9X0bblw7Qqs8Q2hFy0R9tAfnfLkp5MW0UH9eUvnDSnFwKZ0AvgS1ucqR4KzvVHgnke1VQ==",
+      "version": "7.28.5",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.5.tgz",
+      "integrity": "sha512-KKBU1VGYR7ORr3At5HAtUQ+TV3SzRCXmA/8OdDZiLDBIZxVyzXuztPjfLd3BV1PRAQGCMWWSHYhL0F8d5uHBDQ==",
       "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/types": "^7.28.5"
+      },
       "bin": {
         "parser": "bin/babel-parser.js"
       },
@@ -800,14 +657,15 @@
       }
     },
     "node_modules/@babel/template": {
-      "version": "7.22.15",
-      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.22.15.tgz",
-      "integrity": "sha512-QPErUVm4uyJa60rkI73qneDacvdvzxshT3kksGqlGWYdOTIUOwJ7RDUL8sGqslY1uXWSL6xMFKEXDS3ox2uF0w==",
+      "version": "7.27.2",
+      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.27.2.tgz",
+      "integrity": "sha512-LPDZ85aEJyYSd18/DkjNh4/y1ntkE5KwUHWTiqgRxruuZL2F1yuHligVHLvcHY2vMHXttKFpJn6LwfI7cw7ODw==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
-        "@babel/code-frame": "^7.22.13",
-        "@babel/parser": "^7.22.15",
-        "@babel/types": "^7.22.15"
+        "@babel/code-frame": "^7.27.1",
+        "@babel/parser": "^7.27.2",
+        "@babel/types": "^7.27.1"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -835,14 +693,14 @@
       }
     },
     "node_modules/@babel/types": {
-      "version": "7.23.6",
-      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.23.6.tgz",
-      "integrity": "sha512-+uarb83brBzPKN38NX1MkB6vb6+mwvR6amUulqAE7ccQw1pEl+bCia9TbdG1lsnFP7lZySvUn37CHyXQdfTwzg==",
+      "version": "7.28.5",
+      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.5.tgz",
+      "integrity": "sha512-qQ5m48eI/MFLQ5PxQj4PFaprjyCTLI37ElWMmNs0K8Lk3dVeOdNpB3ks8jc7yM5CDmVC73eMVk/trk3fgmrUpA==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
-        "@babel/helper-string-parser": "^7.23.4",
-        "@babel/helper-validator-identifier": "^7.22.20",
-        "to-fast-properties": "^2.0.0"
+        "@babel/helper-string-parser": "^7.27.1",
+        "@babel/helper-validator-identifier": "^7.28.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1759,21 +1617,23 @@
       }
     },
     "node_modules/brace-expansion": {
-      "version": "1.1.11",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
-      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+      "version": "1.1.12",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
+      "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+      "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0",
         "concat-map": "0.0.1"
       }
     },
     "node_modules/braces": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
-      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
-        "fill-range": "^7.0.1"
+        "fill-range": "^7.1.1"
       },
       "engines": {
         "node": ">=8"
@@ -2003,10 +1863,11 @@
       "integrity": "sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ=="
     },
     "node_modules/cross-spawn": {
-      "version": "7.0.3",
-      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
-      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+      "version": "7.0.6",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
+      "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "path-key": "^3.1.0",
         "shebang-command": "^2.0.0",
@@ -2075,9 +1936,10 @@
       }
     },
     "node_modules/ejs": {
-      "version": "3.1.9",
-      "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.9.tgz",
-      "integrity": "sha512-rC+QVNMJWv+MtPgkt0y+0rVEIdbtxVADApW9JXrUVlzHetgcyczP/E7DJmWJ4fJCZF2cPcBk0laWO9ZHMG3DmQ==",
+      "version": "3.1.10",
+      "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz",
+      "integrity": "sha512-UeJmFfOrAQS8OJWPZ4qtgHyWExa088/MtK5UEyoJGFH67cDEXkZSviOiKRCZ4Xij0zxI3JECgYs3oKx+AizQBA==",
+      "license": "Apache-2.0",
       "dependencies": {
         "jake": "^10.8.5"
       },
@@ -2224,9 +2086,10 @@
       }
     },
     "node_modules/filelist/node_modules/brace-expansion": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-      "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+      "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0"
       }
@@ -2243,10 +2106,11 @@
       }
     },
     "node_modules/fill-range": {
-      "version": "7.0.1",
-      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
-      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+      "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "to-regex-range": "^5.0.1"
       },
@@ -2541,6 +2405,7 @@
       "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
       "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
       "dev": true,
+      "license": "MIT",
       "engines": {
         "node": ">=0.12.0"
       }
@@ -3238,13 +3103,15 @@
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
       "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==",
-      "dev": true
+      "dev": true,
+      "license": "MIT"
     },
     "node_modules/js-yaml": {
-      "version": "3.14.1",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
-      "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
+      "version": "3.14.2",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
+      "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "argparse": "^1.0.7",
         "esprima": "^4.0.0"
@@ -3397,12 +3264,13 @@
       "dev": true
     },
     "node_modules/micromatch": {
-      "version": "4.0.5",
-      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
-      "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
+      "version": "4.0.8",
+      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz",
+      "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
-        "braces": "^3.0.2",
+        "braces": "^3.0.3",
         "picomatch": "^2.3.1"
       },
       "engines": {
@@ -3683,10 +3551,11 @@
       "dev": true
     },
     "node_modules/picocolors": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz",
-      "integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==",
-      "dev": true
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz",
+      "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==",
+      "dev": true,
+      "license": "ISC"
     },
     "node_modules/picomatch": {
       "version": "2.3.1",
@@ -4106,20 +3975,12 @@
       "integrity": "sha512-3f0uOEAQwIqGuWW2MVzYg8fV/QNnc/IpuJNG837rLuczAaLVHslWHZQj4IGiEl5Hs3kkbhwL9Ab7Hrsmuj+Smw==",
       "dev": true
     },
-    "node_modules/to-fast-properties": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz",
-      "integrity": "sha512-/OaKK0xYrs3DmxRYqL/yDc+FxFUVYhDlXMhRmv3z915w2HF1tnN1omB354j8VUGO/hbRzyD6Y3sA7v7GS/ceog==",
-      "dev": true,
-      "engines": {
-        "node": ">=4"
-      }
-    },
     "node_modules/to-regex-range": {
       "version": "5.0.1",
       "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
       "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "is-number": "^7.0.0"
       },

APIReference/views/main/pagination.ejs

@@ -108,7 +108,7 @@
          </div>
          </div>
          <div class="[&amp;>:first-child]:mt-0 [&amp;>:last-child]:mb-0">
-            <%- include('../partials/code', {title: "Example Pagination Request", requestUrl: "/api/monitors/get-list?skip=0&limit=3", requestType: "GET", code: pageData.requestCode }) -%>
+            <%- include('../partials/code', {title: "Example Pagination Request", requestUrl: "/api/monitors/get-list?skip=0&limit=3", requestType: "POST", code: pageData.requestCode }) -%>
             <%- include('../partials/code', {title: "Example Pagination Response" , requestUrl: "", requestType: "", code: pageData.responseCode }) -%>
          </div>
       </div>

APIReference/views/partials/head.ejs

@@ -135,7 +135,6 @@
    <link rel="apple-touch-icon-precomposed" href="/img/ou-wb.svg">
    <link rel="icon" href="/img/ou-wb.svg">
    <link rel="image_src" type="image/png" href="/img/hou-wb.svg">
-   <link rel="canonical" href="/">
    <link rel="manifest" href="/manifest.json">
    <meta property="og:title" content="OneUptime - One Complete Observability platform.">
    <meta property="og:url" content="https://oneuptime.com">

Accounts/Dockerfile.tpl

@@ -3,7 +3,7 @@
 #
 
 # Pull base image nodejs image.
-FROM public.ecr.aws/docker/library/node:23.8-alpine3.21
+FROM public.ecr.aws/docker/library/node:24.9-alpine3.21
 RUN mkdir /tmp/npm &&  chmod 2777 /tmp/npm && chown 1000:1000 /tmp/npm && npm config set cache /tmp/npm --global
 
 RUN npm config set fetch-retries 5
@@ -14,9 +14,12 @@ RUN npm config set fetch-retry-maxtimeout 600000
 
 ARG GIT_SHA
 ARG APP_VERSION
+ARG IS_ENTERPRISE_EDITION=false
 
 ENV GIT_SHA=${GIT_SHA}
 ENV APP_VERSION=${APP_VERSION}
+ENV IS_ENTERPRISE_EDITION=${IS_ENTERPRISE_EDITION}
+ENV PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1
 
 
 # IF APP_VERSION is not set, set it to 1.0.0

Accounts/nodemon.json

@@ -1,7 +1,10 @@
 {
     "watch": ["./","../Common/UI", "../Common/Types", "../Common/Utils", "../Common/Models"],
-    "ext": "ts,json,tsx,env,js,jsx,hbs",
+    "ext": "ts,tsx",
     "ignore": [
+        "./node_modules/**",
+        "./public/**",
+        "./bin/**",
         "./public/**",
         "./public/dist/**",
         "./build/*",

Accounts/package-lock.json

@@ -12,7 +12,7 @@
                 "ejs": "^3.1.10",
                 "react": "^18.3.1",
                 "react-dom": "^18.3.1",
-                "react-router-dom": "^6.23.1",
+                "react-router-dom": "^6.30.1",
                 "use-async-effect": "^2.2.7"
             },
             "devDependencies": {
@@ -33,27 +33,29 @@
                 "@bull-board/express": "^5.21.4",
                 "@clickhouse/client": "^1.10.1",
                 "@elastic/elasticsearch": "^8.12.1",
+                "@hcaptcha/react-hcaptcha": "^1.14.0",
                 "@monaco-editor/react": "^4.4.6",
                 "@opentelemetry/api": "^1.9.0",
-                "@opentelemetry/api-logs": "^0.52.1",
+                "@opentelemetry/api-logs": "^0.206.0",
                 "@opentelemetry/context-zone": "^1.25.1",
-                "@opentelemetry/exporter-logs-otlp-http": "^0.52.1",
-                "@opentelemetry/exporter-metrics-otlp-proto": "^0.52.1",
-                "@opentelemetry/exporter-trace-otlp-http": "^0.52.1",
-                "@opentelemetry/exporter-trace-otlp-proto": "^0.52.1",
+                "@opentelemetry/exporter-logs-otlp-http": "^0.207.0",
+                "@opentelemetry/exporter-metrics-otlp-proto": "^0.207.0",
+                "@opentelemetry/exporter-trace-otlp-http": "^0.207.0",
+                "@opentelemetry/exporter-trace-otlp-proto": "^0.207.0",
                 "@opentelemetry/id-generator-aws-xray": "^1.2.2",
-                "@opentelemetry/instrumentation": "^0.52.1",
-                "@opentelemetry/instrumentation-fetch": "^0.52.1",
-                "@opentelemetry/instrumentation-xml-http-request": "^0.52.1",
+                "@opentelemetry/instrumentation": "^0.207.0",
+                "@opentelemetry/instrumentation-fetch": "^0.207.0",
+                "@opentelemetry/instrumentation-xml-http-request": "^0.207.0",
                 "@opentelemetry/resources": "^1.25.1",
-                "@opentelemetry/sdk-logs": "^0.52.1",
+                "@opentelemetry/sdk-logs": "^0.207.0",
                 "@opentelemetry/sdk-metrics": "^1.25.1",
-                "@opentelemetry/sdk-node": "^0.52.1",
-                "@opentelemetry/sdk-trace-node": "^1.25.1",
+                "@opentelemetry/sdk-node": "^0.207.0",
                 "@opentelemetry/sdk-trace-web": "^1.25.1",
-                "@opentelemetry/semantic-conventions": "^1.26.0",
+                "@opentelemetry/semantic-conventions": "^1.37.0",
                 "@remixicon/react": "^4.2.0",
+                "@simplewebauthn/server": "^13.2.2",
                 "@tippyjs/react": "^4.2.6",
+                "@types/archiver": "^6.0.3",
                 "@types/crypto-js": "^4.2.2",
                 "@types/qrcode": "^1.5.5",
                 "@types/react-highlight": "^0.12.8",
@@ -62,14 +64,17 @@
                 "@types/web-push": "^3.6.4",
                 "acme-client": "^5.3.0",
                 "airtable": "^0.12.2",
-                "axios": "^1.7.2",
-                "bullmq": "^5.3.3",
+                "archiver": "^7.0.1",
+                "axios": "^1.12.0",
+                "botbuilder": "^4.23.3",
+                "bullmq": "^5.61.0",
                 "cookie-parser": "^1.4.7",
                 "cors": "^2.8.5",
                 "cron-parser": "^4.8.1",
                 "crypto-js": "^4.2.0",
                 "dotenv": "^16.4.4",
                 "ejs": "^3.1.10",
+                "elkjs": "^0.10.0",
                 "esbuild": "^0.25.5",
                 "express": "^4.21.1",
                 "formik": "^2.4.6",
@@ -83,26 +88,26 @@
                 "moment": "^2.30.1",
                 "moment-timezone": "^0.5.45",
                 "node-cron": "^3.0.3",
-                "nodemailer": "^6.9.10",
+                "nodemailer": "^7.0.7",
                 "otpauth": "^9.3.1",
-                "pg": "^8.7.3",
-                "playwright": "^1.50.0",
-                "posthog-js": "^1.139.6",
+                "pg": "^8.16.3",
+                "playwright": "^1.56.0",
+                "posthog-js": "^1.275.3",
                 "prop-types": "^15.8.1",
                 "qrcode": "^1.5.3",
                 "react": "^18.3.1",
                 "react-beautiful-dnd": "^13.1.1",
-                "react-big-calendar": "^1.13.0",
+                "react-big-calendar": "^1.19.4",
                 "react-color": "^2.19.3",
                 "react-dom": "^18.3.1",
                 "react-dropzone": "^14.2.2",
                 "react-error-boundary": "^4.0.13",
                 "react-highlight": "^0.15.0",
                 "react-markdown": "^8.0.3",
-                "react-router-dom": "^6.24.1",
+                "react-router-dom": "^6.30.1",
                 "react-select": "^5.4.0",
                 "react-spinners": "^0.14.1",
-                "react-syntax-highlighter": "^15.5.0",
+                "react-syntax-highlighter": "^16.0.0",
                 "react-toggle": "^4.1.3",
                 "reactflow": "^11.11.4",
                 "recharts": "^2.12.7",
@@ -114,16 +119,16 @@
                 "socket.io": "^4.7.4",
                 "socket.io-client": "^4.7.5",
                 "stripe": "^10.17.0",
-                "tailwind-merge": "^2.5.2",
+                "tailwind-merge": "^2.6.0",
                 "tippy.js": "^6.3.7",
                 "twilio": "^4.22.0",
-                "typeorm": "^0.3.20",
+                "typeorm": "^0.3.26",
                 "typeorm-extension": "^2.2.13",
                 "universal-cookie": "^7.2.1",
                 "use-async-effect": "^2.2.6",
                 "uuid": "^8.3.2",
                 "web-push": "^3.6.7",
-                "zod": "^3.25.30"
+                "zod": "^3.25.76"
             },
             "devDependencies": {
                 "@faker-js/faker": "^8.0.2",
@@ -343,9 +348,9 @@
             }
         },
         "node_modules/@remix-run/router": {
-            "version": "1.16.1",
-            "resolved": "https://registry.npmjs.org/@remix-run/router/-/router-1.16.1.tgz",
-            "integrity": "sha512-es2g3dq6Nb07iFxGk5GuHN20RwBZOsuDQN7izWIisUcv9r+d2C5jQxqmgkdebXgReWfiyUabcki6Fg77mSNrig==",
+            "version": "1.23.0",
+            "resolved": "https://registry.npmjs.org/@remix-run/router/-/router-1.23.0.tgz",
+            "integrity": "sha512-O3rHJzAQKamUz1fvE0Qaw0xSFqsA/yafi2iqeE0pvdFtCO1viYx8QL6f3Ln/aCCTLxs68SLf0KPM9eSeM8yBnA==",
             "license": "MIT",
             "engines": {
                 "node": ">=14.0.0"
@@ -521,21 +526,23 @@
             }
         },
         "node_modules/brace-expansion": {
-            "version": "1.1.11",
-            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
-            "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+            "version": "1.1.12",
+            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
+            "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+            "license": "MIT",
             "dependencies": {
                 "balanced-match": "^1.0.0",
                 "concat-map": "0.0.1"
             }
         },
         "node_modules/braces": {
-            "version": "3.0.2",
-            "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
-            "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+            "version": "3.0.3",
+            "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+            "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
             "dev": true,
+            "license": "MIT",
             "dependencies": {
-                "fill-range": "^7.0.1"
+                "fill-range": "^7.1.1"
             },
             "engines": {
                 "node": ">=8"
@@ -682,9 +689,9 @@
             }
         },
         "node_modules/filelist/node_modules/brace-expansion": {
-            "version": "2.0.1",
-            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-            "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+            "version": "2.0.2",
+            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+            "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
             "license": "MIT",
             "dependencies": {
                 "balanced-match": "^1.0.0"
@@ -703,10 +710,11 @@
             }
         },
         "node_modules/fill-range": {
-            "version": "7.0.1",
-            "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
-            "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+            "version": "7.1.1",
+            "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+            "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
             "dev": true,
+            "license": "MIT",
             "dependencies": {
                 "to-regex-range": "^5.0.1"
             },
@@ -793,6 +801,7 @@
             "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
             "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
             "dev": true,
+            "license": "MIT",
             "engines": {
                 "node": ">=0.12.0"
             }
@@ -957,12 +966,12 @@
             }
         },
         "node_modules/react-router": {
-            "version": "6.23.1",
-            "resolved": "https://registry.npmjs.org/react-router/-/react-router-6.23.1.tgz",
-            "integrity": "sha512-fzcOaRF69uvqbbM7OhvQyBTFDVrrGlsFdS3AL+1KfIBtGETibHzi3FkoTRyiDJnWNc2VxrfvR+657ROHjaNjqQ==",
+            "version": "6.30.1",
+            "resolved": "https://registry.npmjs.org/react-router/-/react-router-6.30.1.tgz",
+            "integrity": "sha512-X1m21aEmxGXqENEPG3T6u0Th7g0aS4ZmoNynhbs+Cn+q+QGTLt+d5IQ2bHAXKzKcxGJjxACpVbnYQSCRcfxHlQ==",
             "license": "MIT",
             "dependencies": {
-                "@remix-run/router": "1.16.1"
+                "@remix-run/router": "1.23.0"
             },
             "engines": {
                 "node": ">=14.0.0"
@@ -972,13 +981,13 @@
             }
         },
         "node_modules/react-router-dom": {
-            "version": "6.23.1",
-            "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-6.23.1.tgz",
-            "integrity": "sha512-utP+K+aSTtEdbWpC+4gxhdlPFwuEfDKq8ZrPFU65bbRJY+l706qjR7yaidBpo3MSeA/fzwbXWbKBI6ftOnP3OQ==",
+            "version": "6.30.1",
+            "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-6.30.1.tgz",
+            "integrity": "sha512-llKsgOkZdbPU1Eg3zK8lCn+sjD9wMRZZPuzmdWWX5SUs8OFkN5HnFVC0u5KMeMaC9aoancFI/KoLuKPqN+hxHw==",
             "license": "MIT",
             "dependencies": {
-                "@remix-run/router": "1.16.1",
-                "react-router": "6.23.1"
+                "@remix-run/router": "1.23.0",
+                "react-router": "6.30.1"
             },
             "engines": {
                 "node": ">=14.0.0"
@@ -1008,6 +1017,16 @@
                 "loose-envify": "^1.1.0"
             }
         },
+        "node_modules/semver": {
+            "version": "7.0.0",
+            "resolved": "https://registry.npmjs.org/semver/-/semver-7.0.0.tgz",
+            "integrity": "sha512-+GB6zVA9LWh6zovYQLALHwv5rb2PHGlJi3lfiqIHxR0uuwCgefcOJc59v9fv1w8GbStwxuuqqAjI9NMAOOgq1A==",
+            "dev": true,
+            "license": "ISC",
+            "bin": {
+                "semver": "bin/semver.js"
+            }
+        },
         "node_modules/simple-update-notifier": {
             "version": "1.1.0",
             "resolved": "https://registry.npmjs.org/simple-update-notifier/-/simple-update-notifier-1.1.0.tgz",
@@ -1020,15 +1039,6 @@
                 "node": ">=8.10.0"
             }
         },
-        "node_modules/simple-update-notifier/node_modules/semver": {
-            "version": "7.0.0",
-            "resolved": "https://registry.npmjs.org/semver/-/semver-7.0.0.tgz",
-            "integrity": "sha512-+GB6zVA9LWh6zovYQLALHwv5rb2PHGlJi3lfiqIHxR0uuwCgefcOJc59v9fv1w8GbStwxuuqqAjI9NMAOOgq1A==",
-            "dev": true,
-            "bin": {
-                "semver": "bin/semver.js"
-            }
-        },
         "node_modules/supports-color": {
             "version": "5.5.0",
             "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
@@ -1046,6 +1056,7 @@
             "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
             "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
             "dev": true,
+            "license": "MIT",
             "dependencies": {
                 "is-number": "^7.0.0"
             },

Accounts/package.json

@@ -33,7 +33,7 @@
         "ejs": "^3.1.10",
         "react": "^18.3.1",
         "react-dom": "^18.3.1",
-        "react-router-dom": "^6.23.1",
+        "react-router-dom": "^6.30.1",
         "use-async-effect": "^2.2.7"
     },
     "devDependencies": {

Accounts/src/Pages/Login.tsx

@@ -1,28 +1,44 @@
 import {
   LOGIN_API_URL,
-  VERIFY_TWO_FACTOR_AUTH_API_URL,
+  VERIFY_TOTP_AUTH_API_URL,
+  GENERATE_WEBAUTHN_AUTH_OPTIONS_API_URL,
+  VERIFY_WEBAUTHN_AUTH_API_URL,
 } from "../Utils/ApiPaths";
 import Route from "Common/Types/API/Route";
 import URL from "Common/Types/API/URL";
 import { JSONArray, JSONObject } from "Common/Types/JSON";
-import ModelForm, { FormType } from "Common/UI/Components/Forms/ModelForm";
+import ModelForm, {
+  FormType,
+  ModelField,
+} from "Common/UI/Components/Forms/ModelForm";
+import { CustomElementProps } from "Common/UI/Components/Forms/Types/Field";
+import FormValues from "Common/UI/Components/Forms/Types/FormValues";
 import FormFieldSchemaType from "Common/UI/Components/Forms/Types/FormFieldSchemaType";
 import Link from "Common/UI/Components/Link/Link";
-import { DASHBOARD_URL } from "Common/UI/Config";
+import Captcha from "Common/UI/Components/Captcha/Captcha";
+import {
+  DASHBOARD_URL,
+  CAPTCHA_ENABLED,
+  CAPTCHA_SITE_KEY,
+} from "Common/UI/Config";
 import OneUptimeLogo from "Common/UI/Images/logos/OneUptimeSVG/3-transparent.svg";
+import EditionLabel from "Common/UI/Components/EditionLabel/EditionLabel";
 import UiAnalytics from "Common/UI/Utils/Analytics";
 import LoginUtil from "Common/UI/Utils/Login";
-import UserTwoFactorAuth from "Common/Models/DatabaseModels/UserTwoFactorAuth";
+import UserTotpAuth from "Common/Models/DatabaseModels/UserTotpAuth";
+import UserWebAuthn from "Common/Models/DatabaseModels/UserWebAuthn";
 import Navigation from "Common/UI/Utils/Navigation";
 import UserUtil from "Common/UI/Utils/User";
 import User from "Common/Models/DatabaseModels/User";
 import React from "react";
 import useAsyncEffect from "use-async-effect";
-import StaticModelList from "Common/UI/Components/ModelList/StaticModelList";
 import BasicForm from "Common/UI/Components/Forms/BasicForm";
 import API from "Common/UI/Utils/API/API";
 import HTTPErrorResponse from "Common/Types/API/HTTPErrorResponse";
 import HTTPResponse from "Common/Types/API/HTTPResponse";
+import Base64 from "Common/Utils/Base64";
+import ErrorMessage from "Common/UI/Components/ErrorMessage/ErrorMessage";
+import ComponentLoader from "Common/UI/Components/ComponentLoader/ComponentLoader";
 
 const LoginPage: () => JSX.Element = () => {
   const apiUrl: URL = LOGIN_API_URL;
@@ -36,19 +52,115 @@ const LoginPage: () => JSX.Element = () => {
   const [showTwoFactorAuth, setShowTwoFactorAuth] =
     React.useState<boolean>(false);
 
-  const [twoFactorAuthList, setTwoFactorAuthList] = React.useState<
-    UserTwoFactorAuth[]
-  >([]);
+  const [totpAuthList, setTotpAuthList] = React.useState<UserTotpAuth[]>([]);
 
-  const [selectedTwoFactorAuth, setSelectedTwoFactorAuth] = React.useState<
-    UserTwoFactorAuth | undefined
+  const [webAuthnList, setWebAuthnList] = React.useState<UserWebAuthn[]>([]);
+
+  const [selectedTotpAuth, setSelectedTotpAuth] = React.useState<
+    UserTotpAuth | undefined
   >(undefined);
 
+  const [selectedWebAuthn, setSelectedWebAuthn] = React.useState<
+    UserWebAuthn | undefined
+  >(undefined);
+
+  type TwoFactorMethod = {
+    type: "totp" | "webauthn";
+    item: UserTotpAuth | UserWebAuthn;
+  };
+
+  const twoFactorMethods: TwoFactorMethod[] = [
+    ...totpAuthList.map((item: UserTotpAuth) => {
+      return { type: "totp" as const, item };
+    }),
+    ...webAuthnList.map((item: UserWebAuthn) => {
+      return { type: "webauthn" as const, item };
+    }),
+  ];
+
   const [isTwoFactorAuthLoading, setIsTwoFactorAuthLoading] =
     React.useState<boolean>(false);
   const [twofactorAuthError, setTwoFactorAuthError] =
     React.useState<string>("");
 
+  const isCaptchaEnabled: boolean =
+    CAPTCHA_ENABLED && Boolean(CAPTCHA_SITE_KEY);
+
+  const [shouldResetCaptcha, setShouldResetCaptcha] =
+    React.useState<boolean>(false);
+  const [captchaResetSignal, setCaptchaResetSignal] = React.useState<number>(0);
+
+  const handleCaptchaReset: () => void = React.useCallback(() => {
+    setCaptchaResetSignal((current: number) => {
+      return current + 1;
+    });
+  }, []);
+  let loginFields: Array<ModelField<User>> = [
+    {
+      field: {
+        email: true,
+      },
+      fieldType: FormFieldSchemaType.Email,
+      placeholder: "jeff@example.com",
+      required: true,
+      disabled: Boolean(initialValues && initialValues["email"]),
+      title: "Email",
+      dataTestId: "email",
+      disableSpellCheck: true,
+    },
+    {
+      field: {
+        password: true,
+      },
+      title: "Password",
+      required: true,
+      validation: {
+        minLength: 6,
+      },
+      fieldType: FormFieldSchemaType.Password,
+      sideLink: {
+        text: "Forgot password?",
+        url: new Route("/accounts/forgot-password"),
+        openLinkInNewTab: false,
+      },
+      dataTestId: "password",
+      disableSpellCheck: true,
+    },
+  ];
+
+  if (isCaptchaEnabled) {
+    loginFields = loginFields.concat([
+      {
+        overrideField: {
+          captchaToken: true,
+        },
+        overrideFieldKey: "captchaToken",
+        fieldType: FormFieldSchemaType.CustomComponent,
+        title: "Human Verification",
+        description:
+          "Complete the captcha challenge so we know you're not a bot.",
+        required: true,
+        showEvenIfPermissionDoesNotExist: true,
+        getCustomElement: (
+          _values: FormValues<User>,
+          customProps: CustomElementProps,
+        ) => {
+          return (
+            <Captcha
+              siteKey={CAPTCHA_SITE_KEY}
+              resetSignal={captchaResetSignal}
+              error={customProps.error}
+              onTokenChange={(token: string) => {
+                customProps.onChange?.(token);
+              }}
+              onBlur={customProps.onBlur}
+            />
+          );
+        },
+      },
+    ]);
+  }
+
   useAsyncEffect(async () => {
     if (Navigation.getQueryStringByName("email")) {
       setInitialValues({
@@ -57,6 +169,96 @@ const LoginPage: () => JSX.Element = () => {
     }
   }, []);
 
+  useAsyncEffect(async () => {
+    if (selectedWebAuthn) {
+      setIsTwoFactorAuthLoading(true);
+      try {
+        const result: HTTPResponse<JSONObject> = await API.post({
+          url: GENERATE_WEBAUTHN_AUTH_OPTIONS_API_URL,
+          data: {
+            data: {
+              email: initialValues["email"],
+            },
+          },
+        });
+
+        if (result instanceof HTTPErrorResponse) {
+          throw result;
+        }
+
+        const data: any = result.data as any;
+
+        // Convert base64url strings back to Uint8Array
+        data.options.challenge = Base64.base64UrlToUint8Array(
+          data.options.challenge,
+        );
+        if (data.options.allowCredentials) {
+          data.options.allowCredentials.forEach((cred: any) => {
+            cred.id = Base64.base64UrlToUint8Array(cred.id);
+          });
+        }
+
+        // Use WebAuthn API
+        const credential: PublicKeyCredential =
+          (await navigator.credentials.get({
+            publicKey: data.options,
+          })) as PublicKeyCredential;
+
+        const assertionResponse: AuthenticatorAssertionResponse =
+          credential.response as AuthenticatorAssertionResponse;
+
+        // Verify
+        const verifyResult: HTTPResponse<JSONObject> = await API.post({
+          url: VERIFY_WEBAUTHN_AUTH_API_URL,
+          data: {
+            data: {
+              ...initialValues,
+              challenge: data.challenge,
+              credential: {
+                id: credential.id,
+                rawId: Base64.uint8ArrayToBase64Url(
+                  new Uint8Array(credential.rawId),
+                ),
+                response: {
+                  authenticatorData: Base64.uint8ArrayToBase64Url(
+                    new Uint8Array(assertionResponse.authenticatorData),
+                  ),
+                  clientDataJSON: Base64.uint8ArrayToBase64Url(
+                    new Uint8Array(assertionResponse.clientDataJSON),
+                  ),
+                  signature: Base64.uint8ArrayToBase64Url(
+                    new Uint8Array(assertionResponse.signature),
+                  ),
+                  userHandle: assertionResponse.userHandle
+                    ? Base64.uint8ArrayToBase64Url(
+                        new Uint8Array(assertionResponse.userHandle),
+                      )
+                    : null,
+                },
+                type: credential.type,
+              },
+            },
+          },
+        });
+
+        if (verifyResult instanceof HTTPErrorResponse) {
+          throw verifyResult;
+        }
+
+        const user: User = User.fromJSON(
+          verifyResult.data as JSONObject,
+          User,
+        ) as User;
+        const miscData: JSONObject = {};
+
+        login(user as User, miscData);
+      } catch (error) {
+        setTwoFactorAuthError(API.getFriendlyErrorMessage(error as Error));
+      }
+      setIsTwoFactorAuthLoading(false);
+    }
+  }, [selectedWebAuthn]);
+
   type LoginFunction = (user: User, miscData: JSONObject) => void;
 
   const login: LoginFunction = (user: User, miscData: JSONObject): void => {
@@ -79,6 +281,9 @@ const LoginPage: () => JSX.Element = () => {
           src={OneUptimeLogo}
           alt="OneUptime"
         />
+        <div className="mt-4 flex justify-center">
+          <EditionLabel />
+        </div>
         {!showTwoFactorAuth && (
           <>
             <h2 className="mt-6 text-center text-2xl  tracking-tight text-gray-900">
@@ -111,61 +316,64 @@ const LoginPage: () => JSX.Element = () => {
               modelType={User}
               id="login-form"
               name="Login"
-              fields={[
-                {
-                  field: {
-                    email: true,
-                  },
-                  fieldType: FormFieldSchemaType.Email,
-                  placeholder: "jeff@example.com",
-                  required: true,
-                  disabled: Boolean(initialValues && initialValues["email"]),
-                  title: "Email",
-                  dataTestId: "email",
-                  disableSpellCheck: true,
-                },
-                {
-                  field: {
-                    password: true,
-                  },
-                  title: "Password",
-                  required: true,
-                  validation: {
-                    minLength: 6,
-                  },
-                  fieldType: FormFieldSchemaType.Password,
-                  sideLink: {
-                    text: "Forgot password?",
-                    url: new Route("/accounts/forgot-password"),
-                    openLinkInNewTab: false,
-                  },
-                  dataTestId: "password",
-                  disableSpellCheck: true,
-                },
-              ]}
+              fields={loginFields}
               createOrUpdateApiUrl={apiUrl}
               formType={FormType.Create}
               submitButtonText={"Login"}
-              onBeforeCreate={(data: User) => {
+              onBeforeCreate={(data: User, miscDataProps: JSONObject) => {
+                if (isCaptchaEnabled) {
+                  const captchaToken: string | undefined = (
+                    miscDataProps["captchaToken"] as string | undefined
+                  )
+                    ?.toString()
+                    .trim();
+
+                  if (!captchaToken) {
+                    throw new Error(
+                      "Please complete the captcha challenge before signing in.",
+                    );
+                  }
+
+                  miscDataProps["captchaToken"] = captchaToken;
+                  setShouldResetCaptcha(true);
+                }
+
                 setInitialValues(User.toJSON(data, User));
                 return Promise.resolve(data);
               }}
+              onLoadingChange={(loading: boolean) => {
+                if (!isCaptchaEnabled) {
+                  return;
+                }
+
+                if (!loading && shouldResetCaptcha) {
+                  setShouldResetCaptcha(false);
+                  handleCaptchaReset();
+                }
+              }}
               onSuccess={(
                 value: User | JSONObject,
                 miscData: JSONObject | undefined,
               ) => {
                 if (
                   miscData &&
-                  (miscData as JSONObject)["twoFactorAuth"] === true
+                  ((((miscData as JSONObject)["totpAuthList"] as JSONArray)
+                    ?.length || 0) > 0 ||
+                    (((miscData as JSONObject)["webAuthnList"] as JSONArray)
+                      ?.length || 0) > 0)
                 ) {
-                  const twoFactorAuthList: Array<UserTwoFactorAuth> =
-                    UserTwoFactorAuth.fromJSONArray(
-                      (miscData as JSONObject)[
-                        "twoFactorAuthList"
-                      ] as JSONArray,
-                      UserTwoFactorAuth,
+                  const totpAuthList: Array<UserTotpAuth> =
+                    UserTotpAuth.fromJSONArray(
+                      (miscData as JSONObject)["totpAuthList"] as JSONArray,
+                      UserTotpAuth,
                     );
-                  setTwoFactorAuthList(twoFactorAuthList);
+                  const webAuthnList: Array<UserWebAuthn> =
+                    UserWebAuthn.fromJSONArray(
+                      (miscData as JSONObject)["webAuthnList"] as JSONArray,
+                      UserWebAuthn,
+                    );
+                  setTotpAuthList(totpAuthList);
+                  setWebAuthnList(webAuthnList);
                   setShowTwoFactorAuth(true);
                   return;
                 }
@@ -187,19 +395,53 @@ const LoginPage: () => JSX.Element = () => {
             />
           )}
 
-          {showTwoFactorAuth && !selectedTwoFactorAuth && (
-            <StaticModelList<UserTwoFactorAuth>
-              titleField="name"
-              descriptionField=""
-              selectedItems={[]}
-              list={twoFactorAuthList}
-              onClick={(item: UserTwoFactorAuth) => {
-                setSelectedTwoFactorAuth(item);
-              }}
-            />
+          {showTwoFactorAuth && !selectedTotpAuth && !selectedWebAuthn && (
+            <div className="space-y-4">
+              {twoFactorMethods.map(
+                (method: TwoFactorMethod, index: number) => {
+                  return (
+                    <div
+                      key={index}
+                      className="cursor-pointer p-4 border border-gray-300 rounded-lg hover:bg-gray-50"
+                      onClick={() => {
+                        if (method.type === "totp") {
+                          setSelectedTotpAuth(method.item as UserTotpAuth);
+                        } else {
+                          setSelectedWebAuthn(method.item as UserWebAuthn);
+                        }
+                      }}
+                    >
+                      <div className="font-medium">
+                        {(method.item as any).name}
+                      </div>
+                      <div className="text-sm text-gray-500">
+                        {method.type === "totp"
+                          ? "Authenticator App"
+                          : "Security Key"}
+                      </div>
+                    </div>
+                  );
+                },
+              )}
+            </div>
           )}
 
-          {showTwoFactorAuth && selectedTwoFactorAuth && (
+          {showTwoFactorAuth && selectedWebAuthn && (
+            <div className="text-center">
+              <div className="text-lg font-medium mb-4">
+                Authenticating with Security Key
+              </div>
+              <div className="text-sm text-gray-500 mb-4">
+                Please follow the instructions on your security key device.
+              </div>
+              {isTwoFactorAuthLoading && <ComponentLoader />}
+              {twofactorAuthError && (
+                <ErrorMessage message={twofactorAuthError} />
+              )}
+            </div>
+          )}
+
+          {showTwoFactorAuth && selectedTotpAuth && (
             <BasicForm
               id="two-factor-auth-form"
               name="Two Factor Auth"
@@ -225,14 +467,17 @@ const LoginPage: () => JSX.Element = () => {
                 try {
                   const code: string = data["code"] as string;
                   const twoFactorAuthId: string =
-                    selectedTwoFactorAuth.id?.toString() as string;
+                    selectedTotpAuth!.id?.toString() as string;
 
                   const result: HTTPErrorResponse | HTTPResponse<JSONObject> =
-                    await API.post(VERIFY_TWO_FACTOR_AUTH_API_URL, {
+                    await API.post({
+                      url: VERIFY_TOTP_AUTH_API_URL,
                       data: {
-                        ...initialValues,
-                        code: code,
-                        twoFactorAuthId: twoFactorAuthId,
+                        data: {
+                          ...initialValues,
+                          code: code,
+                          twoFactorAuthId: twoFactorAuthId,
+                        },
                       },
                     });
 
@@ -261,7 +506,7 @@ const LoginPage: () => JSX.Element = () => {
           )}
         </div>
         <div className="mt-10 text-center">
-          {!selectedTwoFactorAuth && (
+          {!selectedTotpAuth && !selectedWebAuthn && (
             <div className="text-muted mb-0 text-gray-500">
               Don&apos;t have an account?{" "}
               <Link
@@ -272,11 +517,12 @@ const LoginPage: () => JSX.Element = () => {
               </Link>
             </div>
           )}
-          {selectedTwoFactorAuth ? (
+          {selectedTotpAuth || selectedWebAuthn ? (
             <div className="text-muted mb-0 text-gray-500">
               <Link
                 onClick={() => {
-                  setSelectedTwoFactorAuth(undefined);
+                  setSelectedTotpAuth(undefined);
+                  setSelectedWebAuthn(undefined);
                 }}
                 className="text-indigo-500 hover:text-indigo-900 cursor-pointer"
               >

Accounts/src/Pages/LoginWithSSO.tsx

@@ -42,12 +42,12 @@ const LoginPage: () => JSX.Element = () => {
       try {
         // get sso config by email.
         const listResult: HTTPErrorResponse | HTTPResponse<JSONArray> =
-          await API.get(
-            URL.fromString(apiUrl.toString()).addQueryParam(
+          await API.get({
+            url: URL.fromString(apiUrl.toString()).addQueryParam(
               "email",
               email.toString(),
             ),
-          );
+          });
 
         if (listResult instanceof HTTPErrorResponse) {
           throw listResult;

Accounts/src/Pages/Register.tsx

@@ -4,12 +4,22 @@ import URL from "Common/Types/API/URL";
 import Dictionary from "Common/Types/Dictionary";
 import { JSONObject } from "Common/Types/JSON";
 import ErrorMessage from "Common/UI/Components/ErrorMessage/ErrorMessage";
-import ModelForm, { FormType } from "Common/UI/Components/Forms/ModelForm";
-import Fields from "Common/UI/Components/Forms/Types/Fields";
+import ModelForm, {
+  FormType,
+  ModelField,
+} from "Common/UI/Components/Forms/ModelForm";
+import { CustomElementProps } from "Common/UI/Components/Forms/Types/Field";
 import FormFieldSchemaType from "Common/UI/Components/Forms/Types/FormFieldSchemaType";
+import FormValues from "Common/UI/Components/Forms/Types/FormValues";
 import Link from "Common/UI/Components/Link/Link";
 import PageLoader from "Common/UI/Components/Loader/PageLoader";
-import { BILLING_ENABLED, DASHBOARD_URL } from "Common/UI/Config";
+import Captcha from "Common/UI/Components/Captcha/Captcha";
+import {
+  BILLING_ENABLED,
+  DASHBOARD_URL,
+  CAPTCHA_ENABLED,
+  CAPTCHA_SITE_KEY,
+} from "Common/UI/Config";
 import OneUptimeLogo from "Common/UI/Images/logos/OneUptimeSVG/3-transparent.svg";
 import BaseAPI from "Common/UI/Utils/API/API";
 import UiAnalytics from "Common/UI/Utils/Analytics";
@@ -36,6 +46,19 @@ const RegisterPage: () => JSX.Element = () => {
     undefined,
   );
 
+  const isCaptchaEnabled: boolean =
+    CAPTCHA_ENABLED && Boolean(CAPTCHA_SITE_KEY);
+
+  const [shouldResetCaptcha, setShouldResetCaptcha] =
+    React.useState<boolean>(false);
+  const [captchaResetSignal, setCaptchaResetSignal] = React.useState<number>(0);
+
+  const handleCaptchaReset: () => void = React.useCallback(() => {
+    setCaptchaResetSignal((current: number) => {
+      return current + 1;
+    });
+  }, []);
+
   if (UserUtil.isLoggedIn()) {
     Navigation.navigate(DASHBOARD_URL);
   }
@@ -93,7 +116,7 @@ const RegisterPage: () => JSX.Element = () => {
     }
   }, []);
 
-  let formFields: Fields<User> = [
+  let formFields: Array<ModelField<User>> = [
     {
       field: {
         email: true,
@@ -183,6 +206,39 @@ const RegisterPage: () => JSX.Element = () => {
     },
   ]);
 
+  if (isCaptchaEnabled) {
+    formFields = formFields.concat([
+      {
+        overrideField: {
+          captchaToken: true,
+        },
+        overrideFieldKey: "captchaToken",
+        fieldType: FormFieldSchemaType.CustomComponent,
+        title: "Human Verification",
+        description:
+          "Complete the captcha challenge so we know you're not a bot.",
+        required: true,
+        showEvenIfPermissionDoesNotExist: true,
+        getCustomElement: (
+          _values: FormValues<User>,
+          customProps: CustomElementProps,
+        ) => {
+          return (
+            <Captcha
+              siteKey={CAPTCHA_SITE_KEY}
+              resetSignal={captchaResetSignal}
+              error={customProps.error}
+              onTokenChange={(token: string) => {
+                customProps.onChange?.(token);
+              }}
+              onBlur={customProps.onBlur}
+            />
+          );
+        },
+      },
+    ]);
+  }
+
   if (error) {
     return <ErrorMessage message={error} />;
   }
@@ -222,7 +278,27 @@ const RegisterPage: () => JSX.Element = () => {
             maxPrimaryButtonWidth={true}
             fields={formFields}
             createOrUpdateApiUrl={apiUrl}
-            onBeforeCreate={(item: User): Promise<User> => {
+            onBeforeCreate={(
+              item: User,
+              miscDataProps: JSONObject,
+            ): Promise<User> => {
+              if (isCaptchaEnabled) {
+                const captchaToken: string | undefined = (
+                  miscDataProps["captchaToken"] as string | undefined
+                )
+                  ?.toString()
+                  .trim();
+
+                if (!captchaToken) {
+                  throw new Error(
+                    "Please complete the captcha challenge before signing up.",
+                  );
+                }
+
+                miscDataProps["captchaToken"] = captchaToken;
+                setShouldResetCaptcha(true);
+              }
+
               const utmParams: Dictionary<string> = UserUtil.getUtmParams();
 
               if (utmParams && Object.keys(utmParams).length > 0) {
@@ -240,6 +316,16 @@ const RegisterPage: () => JSX.Element = () => {
             }}
             formType={FormType.Create}
             submitButtonText={"Sign Up"}
+            onLoadingChange={(loading: boolean) => {
+              if (!isCaptchaEnabled) {
+                return;
+              }
+
+              if (!loading && shouldResetCaptcha) {
+                setShouldResetCaptcha(false);
+                handleCaptchaReset();
+              }
+            }}
             onSuccess={(value: User, miscData: JSONObject | undefined) => {
               if (value && value.email) {
                 UiAnalytics.userAuth(value.email);

Accounts/src/Utils/ApiPaths.ts

@@ -1,6 +1,6 @@
 import Route from "Common/Types/API/Route";
 import URL from "Common/Types/API/URL";
-import { IDENTITY_URL } from "Common/UI/Config";
+import { IDENTITY_URL, APP_API_URL } from "Common/UI/Config";
 
 export const SIGNUP_API_URL: URL = URL.fromURL(IDENTITY_URL).addRoute(
   new Route("/signup"),
@@ -9,9 +9,17 @@ export const LOGIN_API_URL: URL = URL.fromURL(IDENTITY_URL).addRoute(
   new Route("/login"),
 );
 
-export const VERIFY_TWO_FACTOR_AUTH_API_URL: URL = URL.fromURL(
+export const VERIFY_TOTP_AUTH_API_URL: URL = URL.fromURL(IDENTITY_URL).addRoute(
+  new Route("/verify-totp-auth"),
+);
+
+export const GENERATE_WEBAUTHN_AUTH_OPTIONS_API_URL: URL = URL.fromURL(
+  APP_API_URL,
+).addRoute(new Route("/user-webauthn/generate-authentication-options"));
+
+export const VERIFY_WEBAUTHN_AUTH_API_URL: URL = URL.fromURL(
   IDENTITY_URL,
-).addRoute(new Route("/verify-two-factor-auth"));
+).addRoute(new Route("/verify-webauthn-auth"));
 
 export const SERVICE_PROVIDER_LOGIN_URL: URL = URL.fromURL(
   IDENTITY_URL,

AdminDashboard/Dockerfile.tpl

@@ -3,7 +3,7 @@
 #
 
 # Pull base image nodejs image.
-FROM public.ecr.aws/docker/library/node:23.8-alpine3.21
+FROM public.ecr.aws/docker/library/node:24.9-alpine3.21
 RUN mkdir /tmp/npm &&  chmod 2777 /tmp/npm && chown 1000:1000 /tmp/npm && npm config set cache /tmp/npm --global
 
 RUN npm config set fetch-retries 5
@@ -14,9 +14,12 @@ RUN npm config set fetch-retry-maxtimeout 600000
 
 ARG GIT_SHA
 ARG APP_VERSION
+ARG IS_ENTERPRISE_EDITION=false
 
 ENV GIT_SHA=${GIT_SHA}
 ENV APP_VERSION=${APP_VERSION}
+ENV IS_ENTERPRISE_EDITION=${IS_ENTERPRISE_EDITION}
+ENV PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1
 
 
 # IF APP_VERSION is not set, set it to 1.0.0

AdminDashboard/Serve.ts

@@ -1,13 +1,74 @@
 import { PromiseVoidFunction } from "Common/Types/FunctionTypes";
-import Express, { ExpressApplication } from "Common/Server/Utils/Express";
+import Express, {
+  ExpressApplication,
+  ExpressRequest,
+  ExpressResponse,
+} from "Common/Server/Utils/Express";
 import logger from "Common/Server/Utils/Logger";
 import App from "Common/Server/Utils/StartServer";
+import Response from "Common/Server/Utils/Response";
+import UserMiddleware from "Common/Server/Middleware/UserAuthorization";
+import JSONWebToken from "Common/Server/Utils/JsonWebToken";
+import NotAuthorizedException from "Common/Types/Exception/NotAuthorizedException";
+import { JSONObject } from "Common/Types/JSON";
 import "ejs";
+import JSONWebTokenData from "Common/Types/JsonWebTokenData";
 
 export const APP_NAME: string = "admin";
 
 const app: ExpressApplication = Express.getExpressApp();
 
+type EnsureMasterAdminAccessFunction = (
+  req: ExpressRequest,
+  res: ExpressResponse,
+) => Promise<JSONObject>;
+
+const ensureMasterAdminAccess: EnsureMasterAdminAccessFunction = async (
+  req: ExpressRequest,
+  res: ExpressResponse,
+): Promise<JSONObject> => {
+  try {
+    const accessToken: string | undefined =
+      UserMiddleware.getAccessTokenFromExpressRequest(req);
+
+    if (!accessToken) {
+      Response.sendErrorResponse(
+        req,
+        res,
+        new NotAuthorizedException(
+          "Unauthorized: Only master admins can access the admin dashboard.",
+        ),
+      );
+      return {};
+    }
+
+    const authData: JSONWebTokenData = JSONWebToken.decode(accessToken);
+
+    if (!authData.isMasterAdmin) {
+      Response.sendErrorResponse(
+        req,
+        res,
+        new NotAuthorizedException(
+          "Unauthorized: Only master admins can access the admin dashboard.",
+        ),
+      );
+      return {};
+    }
+
+    return {};
+  } catch (error) {
+    logger.error(error);
+    Response.sendErrorResponse(
+      req,
+      res,
+      new NotAuthorizedException(
+        "Unauthorized: Only master admins can access the admin dashboard.",
+      ),
+    );
+    return {};
+  }
+};
+
 const init: PromiseVoidFunction = async (): Promise<void> => {
   try {
     // init the app
@@ -19,6 +80,7 @@ const init: PromiseVoidFunction = async (): Promise<void> => {
         liveCheck: async () => {},
         readyCheck: async () => {},
       },
+      getVariablesToRenderIndexPage: ensureMasterAdminAccess,
     });
 
     // add default routes

AdminDashboard/nodemon.json

@@ -1,7 +1,10 @@
 {
     "watch": ["./","../Common/UI", "../Common/Types", "../Common/Utils", "../Common/Models"],
-    "ext": "ts,json,tsx,env,js,jsx,hbs",
+    "ext": "ts,tsx",
     "ignore": [
+        "./node_modules/**",
+        "./public/**",
+        "./bin/**",
         "./public/**",
         "./public/dist/**",
         "./build/*",

AdminDashboard/package-lock.json

@@ -12,7 +12,7 @@
                 "ejs": "^3.1.10",
                 "react": "^18.3.1",
                 "react-dom": "^18.3.1",
-                "react-router-dom": "^6.23.1"
+                "react-router-dom": "^6.30.1"
             },
             "devDependencies": {
                 "@types/node": "^16.11.35",
@@ -32,27 +32,29 @@
                 "@bull-board/express": "^5.21.4",
                 "@clickhouse/client": "^1.10.1",
                 "@elastic/elasticsearch": "^8.12.1",
+                "@hcaptcha/react-hcaptcha": "^1.14.0",
                 "@monaco-editor/react": "^4.4.6",
                 "@opentelemetry/api": "^1.9.0",
-                "@opentelemetry/api-logs": "^0.52.1",
+                "@opentelemetry/api-logs": "^0.206.0",
                 "@opentelemetry/context-zone": "^1.25.1",
-                "@opentelemetry/exporter-logs-otlp-http": "^0.52.1",
-                "@opentelemetry/exporter-metrics-otlp-proto": "^0.52.1",
-                "@opentelemetry/exporter-trace-otlp-http": "^0.52.1",
-                "@opentelemetry/exporter-trace-otlp-proto": "^0.52.1",
+                "@opentelemetry/exporter-logs-otlp-http": "^0.207.0",
+                "@opentelemetry/exporter-metrics-otlp-proto": "^0.207.0",
+                "@opentelemetry/exporter-trace-otlp-http": "^0.207.0",
+                "@opentelemetry/exporter-trace-otlp-proto": "^0.207.0",
                 "@opentelemetry/id-generator-aws-xray": "^1.2.2",
-                "@opentelemetry/instrumentation": "^0.52.1",
-                "@opentelemetry/instrumentation-fetch": "^0.52.1",
-                "@opentelemetry/instrumentation-xml-http-request": "^0.52.1",
+                "@opentelemetry/instrumentation": "^0.207.0",
+                "@opentelemetry/instrumentation-fetch": "^0.207.0",
+                "@opentelemetry/instrumentation-xml-http-request": "^0.207.0",
                 "@opentelemetry/resources": "^1.25.1",
-                "@opentelemetry/sdk-logs": "^0.52.1",
+                "@opentelemetry/sdk-logs": "^0.207.0",
                 "@opentelemetry/sdk-metrics": "^1.25.1",
-                "@opentelemetry/sdk-node": "^0.52.1",
-                "@opentelemetry/sdk-trace-node": "^1.25.1",
+                "@opentelemetry/sdk-node": "^0.207.0",
                 "@opentelemetry/sdk-trace-web": "^1.25.1",
-                "@opentelemetry/semantic-conventions": "^1.26.0",
+                "@opentelemetry/semantic-conventions": "^1.37.0",
                 "@remixicon/react": "^4.2.0",
+                "@simplewebauthn/server": "^13.2.2",
                 "@tippyjs/react": "^4.2.6",
+                "@types/archiver": "^6.0.3",
                 "@types/crypto-js": "^4.2.2",
                 "@types/qrcode": "^1.5.5",
                 "@types/react-highlight": "^0.12.8",
@@ -61,14 +63,17 @@
                 "@types/web-push": "^3.6.4",
                 "acme-client": "^5.3.0",
                 "airtable": "^0.12.2",
-                "axios": "^1.7.2",
-                "bullmq": "^5.3.3",
+                "archiver": "^7.0.1",
+                "axios": "^1.12.0",
+                "botbuilder": "^4.23.3",
+                "bullmq": "^5.61.0",
                 "cookie-parser": "^1.4.7",
                 "cors": "^2.8.5",
                 "cron-parser": "^4.8.1",
                 "crypto-js": "^4.2.0",
                 "dotenv": "^16.4.4",
                 "ejs": "^3.1.10",
+                "elkjs": "^0.10.0",
                 "esbuild": "^0.25.5",
                 "express": "^4.21.1",
                 "formik": "^2.4.6",
@@ -82,26 +87,26 @@
                 "moment": "^2.30.1",
                 "moment-timezone": "^0.5.45",
                 "node-cron": "^3.0.3",
-                "nodemailer": "^6.9.10",
+                "nodemailer": "^7.0.7",
                 "otpauth": "^9.3.1",
-                "pg": "^8.7.3",
-                "playwright": "^1.50.0",
-                "posthog-js": "^1.139.6",
+                "pg": "^8.16.3",
+                "playwright": "^1.56.0",
+                "posthog-js": "^1.275.3",
                 "prop-types": "^15.8.1",
                 "qrcode": "^1.5.3",
                 "react": "^18.3.1",
                 "react-beautiful-dnd": "^13.1.1",
-                "react-big-calendar": "^1.13.0",
+                "react-big-calendar": "^1.19.4",
                 "react-color": "^2.19.3",
                 "react-dom": "^18.3.1",
                 "react-dropzone": "^14.2.2",
                 "react-error-boundary": "^4.0.13",
                 "react-highlight": "^0.15.0",
                 "react-markdown": "^8.0.3",
-                "react-router-dom": "^6.24.1",
+                "react-router-dom": "^6.30.1",
                 "react-select": "^5.4.0",
                 "react-spinners": "^0.14.1",
-                "react-syntax-highlighter": "^15.5.0",
+                "react-syntax-highlighter": "^16.0.0",
                 "react-toggle": "^4.1.3",
                 "reactflow": "^11.11.4",
                 "recharts": "^2.12.7",
@@ -113,16 +118,16 @@
                 "socket.io": "^4.7.4",
                 "socket.io-client": "^4.7.5",
                 "stripe": "^10.17.0",
-                "tailwind-merge": "^2.5.2",
+                "tailwind-merge": "^2.6.0",
                 "tippy.js": "^6.3.7",
                 "twilio": "^4.22.0",
-                "typeorm": "^0.3.20",
+                "typeorm": "^0.3.26",
                 "typeorm-extension": "^2.2.13",
                 "universal-cookie": "^7.2.1",
                 "use-async-effect": "^2.2.6",
                 "uuid": "^8.3.2",
                 "web-push": "^3.6.7",
-                "zod": "^3.25.30"
+                "zod": "^3.25.76"
             },
             "devDependencies": {
                 "@faker-js/faker": "^8.0.2",
@@ -342,9 +347,9 @@
             "dev": true
         },
         "node_modules/@remix-run/router": {
-            "version": "1.16.1",
-            "resolved": "https://registry.npmjs.org/@remix-run/router/-/router-1.16.1.tgz",
-            "integrity": "sha512-es2g3dq6Nb07iFxGk5GuHN20RwBZOsuDQN7izWIisUcv9r+d2C5jQxqmgkdebXgReWfiyUabcki6Fg77mSNrig==",
+            "version": "1.23.0",
+            "resolved": "https://registry.npmjs.org/@remix-run/router/-/router-1.23.0.tgz",
+            "integrity": "sha512-O3rHJzAQKamUz1fvE0Qaw0xSFqsA/yafi2iqeE0pvdFtCO1viYx8QL6f3Ln/aCCTLxs68SLf0KPM9eSeM8yBnA==",
             "license": "MIT",
             "engines": {
                 "node": ">=14.0.0"
@@ -490,21 +495,23 @@
             }
         },
         "node_modules/brace-expansion": {
-            "version": "1.1.11",
-            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
-            "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+            "version": "1.1.12",
+            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
+            "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+            "license": "MIT",
             "dependencies": {
                 "balanced-match": "^1.0.0",
                 "concat-map": "0.0.1"
             }
         },
         "node_modules/braces": {
-            "version": "3.0.2",
-            "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
-            "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+            "version": "3.0.3",
+            "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+            "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
             "dev": true,
+            "license": "MIT",
             "dependencies": {
-                "fill-range": "^7.0.1"
+                "fill-range": "^7.1.1"
             },
             "engines": {
                 "node": ">=8"
@@ -600,9 +607,10 @@
             }
         },
         "node_modules/filelist/node_modules/brace-expansion": {
-            "version": "2.0.1",
-            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-            "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+            "version": "2.0.2",
+            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+            "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+            "license": "MIT",
             "dependencies": {
                 "balanced-match": "^1.0.0"
             }
@@ -619,10 +627,11 @@
             }
         },
         "node_modules/fill-range": {
-            "version": "7.0.1",
-            "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
-            "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+            "version": "7.1.1",
+            "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+            "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
             "dev": true,
+            "license": "MIT",
             "dependencies": {
                 "to-regex-range": "^5.0.1"
             },
@@ -709,6 +718,7 @@
             "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
             "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
             "dev": true,
+            "license": "MIT",
             "engines": {
                 "node": ">=0.12.0"
             }
@@ -936,12 +946,12 @@
             }
         },
         "node_modules/react-router": {
-            "version": "6.23.1",
-            "resolved": "https://registry.npmjs.org/react-router/-/react-router-6.23.1.tgz",
-            "integrity": "sha512-fzcOaRF69uvqbbM7OhvQyBTFDVrrGlsFdS3AL+1KfIBtGETibHzi3FkoTRyiDJnWNc2VxrfvR+657ROHjaNjqQ==",
+            "version": "6.30.1",
+            "resolved": "https://registry.npmjs.org/react-router/-/react-router-6.30.1.tgz",
+            "integrity": "sha512-X1m21aEmxGXqENEPG3T6u0Th7g0aS4ZmoNynhbs+Cn+q+QGTLt+d5IQ2bHAXKzKcxGJjxACpVbnYQSCRcfxHlQ==",
             "license": "MIT",
             "dependencies": {
-                "@remix-run/router": "1.16.1"
+                "@remix-run/router": "1.23.0"
             },
             "engines": {
                 "node": ">=14.0.0"
@@ -951,13 +961,13 @@
             }
         },
         "node_modules/react-router-dom": {
-            "version": "6.23.1",
-            "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-6.23.1.tgz",
-            "integrity": "sha512-utP+K+aSTtEdbWpC+4gxhdlPFwuEfDKq8ZrPFU65bbRJY+l706qjR7yaidBpo3MSeA/fzwbXWbKBI6ftOnP3OQ==",
+            "version": "6.30.1",
+            "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-6.30.1.tgz",
+            "integrity": "sha512-llKsgOkZdbPU1Eg3zK8lCn+sjD9wMRZZPuzmdWWX5SUs8OFkN5HnFVC0u5KMeMaC9aoancFI/KoLuKPqN+hxHw==",
             "license": "MIT",
             "dependencies": {
-                "@remix-run/router": "1.16.1",
-                "react-router": "6.23.1"
+                "@remix-run/router": "1.23.0",
+                "react-router": "6.30.1"
             },
             "engines": {
                 "node": ">=14.0.0"
@@ -987,6 +997,16 @@
                 "loose-envify": "^1.1.0"
             }
         },
+        "node_modules/semver": {
+            "version": "7.0.0",
+            "resolved": "https://registry.npmjs.org/semver/-/semver-7.0.0.tgz",
+            "integrity": "sha512-+GB6zVA9LWh6zovYQLALHwv5rb2PHGlJi3lfiqIHxR0uuwCgefcOJc59v9fv1w8GbStwxuuqqAjI9NMAOOgq1A==",
+            "dev": true,
+            "license": "ISC",
+            "bin": {
+                "semver": "bin/semver.js"
+            }
+        },
         "node_modules/simple-update-notifier": {
             "version": "1.1.0",
             "resolved": "https://registry.npmjs.org/simple-update-notifier/-/simple-update-notifier-1.1.0.tgz",
@@ -999,15 +1019,6 @@
                 "node": ">=8.10.0"
             }
         },
-        "node_modules/simple-update-notifier/node_modules/semver": {
-            "version": "7.0.0",
-            "resolved": "https://registry.npmjs.org/semver/-/semver-7.0.0.tgz",
-            "integrity": "sha512-+GB6zVA9LWh6zovYQLALHwv5rb2PHGlJi3lfiqIHxR0uuwCgefcOJc59v9fv1w8GbStwxuuqqAjI9NMAOOgq1A==",
-            "dev": true,
-            "bin": {
-                "semver": "bin/semver.js"
-            }
-        },
         "node_modules/supports-color": {
             "version": "5.5.0",
             "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
@@ -1025,6 +1036,7 @@
             "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
             "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
             "dev": true,
+            "license": "MIT",
             "dependencies": {
                 "is-number": "^7.0.0"
             },

AdminDashboard/package.json

@@ -8,7 +8,7 @@
         "ejs": "^3.1.10",
         "react": "^18.3.1",
         "react-dom": "^18.3.1",
-        "react-router-dom": "^6.23.1"
+        "react-router-dom": "^6.30.2"
     },
     "scripts": {
         "dev-build": "NODE_ENV=development node esbuild.config.js",

AdminDashboard/public/assets/img/favicons/html_code.html

@@ -3,7 +3,6 @@
 <link rel="icon" type="image/png" sizes="194x194" href="/favicon-194x194.png">
 <link rel="icon" type="image/png" sizes="192x192" href="/android-chrome-192x192.png">
 <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png">
-<link rel="manifest" href="/site.webmanifest">
 <link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5">
 <meta name="msapplication-TileColor" content="#121212">
 <meta name="theme-color" content="#121212">

AdminDashboard/public/assets/img/favicons/site.webmanifest

@@ -1,56 +0,0 @@
-{
-    "name": "OneUptime Account",
-    "short_name": "OneUptime",
-    "icons": [
-        {
-            "src": "/accounts/assets/img/favicons/android-chrome-36x36.png",
-            "sizes": "36x36",
-            "type": "image/png"
-        },
-        {
-            "src": "/accounts/assets/img/favicons/android-chrome-48x48.png",
-            "sizes": "48x48",
-            "type": "image/png"
-        },
-        {
-            "src": "/accounts/assets/img/favicons/android-chrome-72x72.png",
-            "sizes": "72x72",
-            "type": "image/png"
-        },
-        {
-            "src": "/accounts/assets/img/favicons/android-chrome-96x96.png",
-            "sizes": "96x96",
-            "type": "image/png"
-        },
-        {
-            "src": "/accounts/assets/img/favicons/android-chrome-144x144.png",
-            "sizes": "144x144",
-            "type": "image/png"
-        },
-        {
-            "src": "/accounts/assets/img/favicons/android-chrome-192x192.png",
-            "sizes": "192x192",
-            "type": "image/png"
-        },
-        {
-            "src": "/accounts/assets/img/favicons/android-chrome-256x256.png",
-            "sizes": "256x256",
-            "type": "image/png"
-        },
-        {
-            "src": "/accounts/assets/img/favicons/android-chrome-384x384.png",
-            "sizes": "384x384",
-            "type": "image/png"
-        },
-        {
-            "src": "/accounts/assets/img/favicons/android-chrome-512x512.png",
-            "sizes": "512x512",
-            "type": "image/png"
-        }
-    ],
-    "start_url": ".",
-    "theme_color": "#121212",
-    "background_color": "#121212",
-    "display": "standalone"
-  }
-  

AdminDashboard/public/manifest.json

@@ -1,25 +0,0 @@
-{
-  "short_name": "React App",
-  "name": "Create React App Sample",
-  "icons": [
-    {
-      "src": "./assets/img/favicons/favicon.ico",
-      "sizes": "64x64 32x32 24x24 16x16",
-      "type": "image/x-icon"
-    },
-    {
-      "src": "logo192.png",
-      "type": "image/png",
-      "sizes": "192x192"
-    },
-    {
-      "src": "logo512.png",
-      "type": "image/png",
-      "sizes": "512x512"
-    }
-  ],
-  "start_url": ".",
-  "display": "standalone",
-  "theme_color": "#000000",
-  "background_color": "#ffffff"
-}

AdminDashboard/src/App.tsx

@@ -5,6 +5,7 @@ import Projects from "./Pages/Projects/Index";
 import SettingsAPIKey from "./Pages/Settings/APIKey/Index";
 import SettingsAuthentication from "./Pages/Settings/Authentication/Index";
 import SettingsCallSMS from "./Pages/Settings/CallSMS/Index";
+import SettingsWhatsApp from "./Pages/Settings/WhatsApp/Index";
 // Settings Pages.
 import SettingsEmail from "./Pages/Settings/Email/Index";
 import SettingsProbes from "./Pages/Settings/Probes/Index";
@@ -25,6 +26,7 @@ import {
 } from "react-router-dom";
 import UserView from "./Pages/Users/View/Index";
 import UserDelete from "./Pages/Users/View/Delete";
+import UserSettings from "./Pages/Users/View/Settings";
 import ProjectView from "./Pages/Projects/View/Index";
 import ProjectDelete from "./Pages/Projects/View/Delete";
 
@@ -70,6 +72,11 @@ const App: () => JSX.Element = () => {
           element={<UserView />}
         />
 
+        <PageRoute
+          path={RouteMap[PageMap.USER_SETTINGS]?.toString() || ""}
+          element={<UserSettings />}
+        />
+
         <PageRoute
           path={RouteMap[PageMap.USER_DELETE]?.toString() || ""}
           element={<UserDelete />}
@@ -105,6 +112,11 @@ const App: () => JSX.Element = () => {
           element={<SettingsCallSMS />}
         />
 
+        <PageRoute
+          path={RouteMap[PageMap.SETTINGS_WHATSAPP]?.toString() || ""}
+          element={<SettingsWhatsApp />}
+        />
+
         <PageRoute
           path={RouteMap[PageMap.SETTINGS_PROBES]?.toString() || ""}
           element={<SettingsProbes />}

AdminDashboard/src/Components/Footer/Footer.tsx

@@ -54,9 +54,9 @@ const DashboardFooter: () => JSX.Element = () => {
   const fetchAppVersion: (appName: string) => Promise<JSONObject> = async (
     appName: string,
   ): Promise<JSONObject> => {
-    const response: HTTPResponse<JSONObject> = await API.get<JSONObject>(
-      URL.fromString(`${HTTP_PROTOCOL}/${HOST}${appName}/version`),
-    );
+    const response: HTTPResponse<JSONObject> = await API.get<JSONObject>({
+      url: URL.fromString(`${HTTP_PROTOCOL}/${HOST}${appName}/version`),
+    });
 
     if (response.data) {
       return response.data as JSONObject;

AdminDashboard/src/Components/Header/Header.tsx

@@ -3,6 +3,7 @@ import Logo from "./Logo";
 import UserProfile from "./UserProfile";
 import Button, { ButtonStyleType } from "Common/UI/Components/Button/Button";
 import Header from "Common/UI/Components/Header/Header";
+import EditionLabel from "Common/UI/Components/EditionLabel/EditionLabel";
 import { DASHBOARD_URL } from "Common/UI/Config";
 import Navigation from "Common/UI/Utils/Navigation";
 import React, { FunctionComponent, ReactElement } from "react";
@@ -27,6 +28,7 @@ const DashboardHeader: FunctionComponent = (): ReactElement => {
         }
         rightComponents={
           <>
+            <EditionLabel className="mr-3 hidden md:inline-flex" />
             <Button
               title="Exit Admin"
               buttonStyle={ButtonStyleType.NORMAL}

AdminDashboard/src/Pages/Settings/SideMenu.tsx

@@ -50,6 +50,15 @@ const DashboardSideMenu: () => JSX.Element = (): ReactElement => {
           }}
           icon={IconProp.Call}
         />
+        <SideMenuItem
+          link={{
+            title: "WhatsApp",
+            to: RouteUtil.populateRouteParams(
+              RouteMap[PageMap.SETTINGS_WHATSAPP] as Route,
+            ),
+          }}
+          icon={IconProp.WhatsApp}
+        />
       </SideMenuSection>
 
       <SideMenuSection title="Monitoring">

AdminDashboard/src/Pages/Settings/WhatsApp/Index.tsx

@@ -0,0 +1,491 @@
+import PageMap from "../../../Utils/PageMap";
+import RouteMap, { RouteUtil } from "../../../Utils/RouteMap";
+import DashboardSideMenu from "../SideMenu";
+import Route from "Common/Types/API/Route";
+import ObjectID from "Common/Types/ObjectID";
+import FormFieldSchemaType from "Common/UI/Components/Forms/Types/FormFieldSchemaType";
+import CardModelDetail from "Common/UI/Components/ModelDetail/CardModelDetail";
+import Page from "Common/UI/Components/Page/Page";
+import FieldType from "Common/UI/Components/Types/FieldType";
+import GlobalConfig from "Common/Models/DatabaseModels/GlobalConfig";
+import React, { FunctionComponent, ReactElement, useState } from "react";
+import Card from "Common/UI/Components/Card/Card";
+import MarkdownViewer from "Common/UI/Components/Markdown.tsx/MarkdownViewer";
+import BasicForm from "Common/UI/Components/Forms/BasicForm";
+import Alert, { AlertType } from "Common/UI/Components/Alerts/Alert";
+import { JSONObject } from "Common/Types/JSON";
+import HTTPErrorResponse from "Common/Types/API/HTTPErrorResponse";
+import HTTPResponse from "Common/Types/API/HTTPResponse";
+import URL from "Common/Types/API/URL";
+import API from "Common/UI/Utils/API/API";
+import { APP_API_URL } from "Common/UI/Config";
+import WhatsAppTemplateMessages, {
+  WhatsAppTemplateId,
+  WhatsAppTemplateIds,
+  WhatsAppTemplateLanguage,
+} from "Common/Types/WhatsApp/WhatsAppTemplates";
+
+type ToFriendlyName = (value: string) => string;
+
+const toFriendlyName: ToFriendlyName = (value: string): string => {
+  return value
+    .replace(/([a-z0-9])([A-Z])/g, "$1 $2")
+    .replace(/_/g, " ")
+    .replace(/\s+/g, " ")
+    .trim();
+};
+
+type ExtractTemplateVariables = (template: string) => Array<string>;
+
+const extractTemplateVariables: ExtractTemplateVariables = (
+  template: string,
+): Array<string> => {
+  const matches: RegExpMatchArray | null = template.match(/\{\{(.*?)\}\}/g);
+
+  if (!matches) {
+    return [];
+  }
+
+  const uniqueVariables: Set<string> = new Set<string>();
+
+  for (const match of matches) {
+    const variable: string = match.replace("{{", "").replace("}}", "").trim();
+
+    if (variable) {
+      uniqueVariables.add(variable);
+    }
+  }
+
+  return Array.from(uniqueVariables).sort((a: string, b: string) => {
+    return a.localeCompare(b);
+  });
+};
+
+type BuildWhatsAppSetupMarkdown = () => string;
+
+const buildWhatsAppSetupMarkdown: BuildWhatsAppSetupMarkdown = (): string => {
+  const templateKeys: Array<keyof typeof WhatsAppTemplateIds> = Object.keys(
+    WhatsAppTemplateIds,
+  ) as Array<keyof typeof WhatsAppTemplateIds>;
+
+  const appApiBaseUrl: string = APP_API_URL.toString().replace(/\/$/, "");
+  const primaryWebhookUrl: string = `${appApiBaseUrl}/notification/whatsapp/webhook`;
+
+  const description: string =
+    "Follow these steps to connect Meta WhatsApp with OneUptime so notifications can be delivered via WhatsApp.";
+
+  const prerequisitesList: Array<string> = [
+    "Meta Business Manager admin access for the WhatsApp Business Account.",
+    "A WhatsApp Business phone number approved for API messaging.",
+    "Admin access to OneUptime with permission to edit global notification settings.",
+    "A webhook verify token string that you'll configure identically in Meta and OneUptime.",
+  ];
+
+  const setupStepsList: Array<string> = [
+    "Sign in to the [Meta Business Manager](https://business.facebook.com/) with admin access to your WhatsApp Business Account.",
+    "From **Business Settings → Accounts → WhatsApp Accounts**, create or select the account that owns your sender phone number.",
+    "In Buisness Portfolio, create a system user and assign it to the WhatsApp Business Account with the role of **Admin**.",
+    "Generate a token for this system user and this will be your long-lived access token. Make sure to select the **whatsapp_business_management** and **whatsapp_business_messaging** permissions when generating the token.",
+    "Paste the access token, phone number ID, and webhook verify token into the **Meta WhatsApp Settings** card above, then save.",
+    "For the **Business Account ID**, go to **Business Settings → Business Info** (or **Business Settings → WhatsApp Accounts → Settings**) and copy the **WhatsApp Business Account ID** value.",
+    "To locate the **App ID** and **App Secret**, open [Meta for Developers](https://developers.facebook.com/apps/), select your WhatsApp app, then navigate to **Settings → Basic**. The App ID is shown at the top; click **Show** next to **App Secret** to reveal and copy it.",
+    "Create each template listed below in the Meta WhatsApp Manager. Make sure the template name, language, and variables match exactly. You can however change the content to your preference. Please make sure it's approved by Meta.",
+    "Send a test notification from OneUptime to confirm that WhatsApp delivery succeeds.",
+  ];
+
+  const prerequisitesMarkdown: string = prerequisitesList
+    .map((item: string) => {
+      return `- ${item}`;
+    })
+    .join("\n");
+
+  const setupStepsMarkdown: string = setupStepsList
+    .map((item: string, index: number) => {
+      return `${index + 1}. ${item}`;
+    })
+    .join("\n");
+
+  const tableRows: string = templateKeys
+    .map((enumKey: keyof typeof WhatsAppTemplateIds) => {
+      const templateId: WhatsAppTemplateId = WhatsAppTemplateIds[enumKey];
+      const friendlyName: string = toFriendlyName(enumKey.toString());
+      const templateMessage: string = WhatsAppTemplateMessages[templateId];
+      const language: string = WhatsAppTemplateLanguage[templateId] || "en";
+      const variables: Array<string> =
+        extractTemplateVariables(templateMessage);
+      const variableList: string =
+        variables.length > 0
+          ? variables
+              .map((variable: string) => {
+                return `\`${variable}\``;
+              })
+              .join(", ")
+          : "_None_";
+
+      return `| ${friendlyName} | \`${templateId}\` | ${language} | ${variableList} |`;
+    })
+    .join("\n");
+
+  const templateBodies: string = templateKeys
+    .map((enumKey: keyof typeof WhatsAppTemplateIds) => {
+      const templateId: WhatsAppTemplateId = WhatsAppTemplateIds[enumKey];
+      const friendlyName: string = toFriendlyName(enumKey.toString());
+      const templateMessage: string = WhatsAppTemplateMessages[templateId];
+      const language: string = WhatsAppTemplateLanguage[templateId] || "en";
+      const variables: Array<string> =
+        extractTemplateVariables(templateMessage);
+      const variableMarkdown: string =
+        variables.length > 0
+          ? variables
+              .map((variable: string) => {
+                return `- \`${variable}\``;
+              })
+              .join("\n")
+          : "_None_";
+      const variablesHeading: string = variables.length
+        ? `**Variables (${variables.length})**`
+        : "**Variables**";
+
+      return [
+        `#### ${friendlyName}`,
+        "",
+        `**Template Name:** \`${templateId}\``,
+        `**Language:** ${language}`,
+        "",
+        variablesHeading,
+        variableMarkdown,
+        "",
+        "**Body**",
+        "```plaintext",
+        templateMessage,
+        "```",
+        "",
+        "---",
+      ].join("\n");
+    })
+    .join("\n\n");
+
+  const templateSummaryTable: string = [
+    "| Friendly Name | Template Name | Language | Variables |",
+    "| --- | --- | --- | --- |",
+    tableRows,
+  ]
+    .filter(Boolean)
+    .join("\n");
+
+  const webhookSection: string = [
+    "### Configure Meta Webhook Subscription",
+    "1. In the OneUptime Admin Dashboard, open **Settings → WhatsApp → Meta WhatsApp Settings** and enter a strong value in **Webhook Verify Token**. Save the form so the encrypted token is stored in Global Config.",
+    "2. Keep that verify token handy—Meta does not generate one for you. You'll paste the exact same value when configuring the callback.",
+    "3. In [Meta for Developers](https://developers.facebook.com/apps/), select your WhatsApp app and navigate to **WhatsApp → Configuration → Webhooks**.",
+    `4. Click **Configure**, then supply one of the following callback URLs when Meta asks for your endpoint:\n   - \`${primaryWebhookUrl}\`\n `,
+    "5. Paste the verify token from step 1 into Meta's **Verify Token** field and submit. Meta will call the callback URL and expect that value to match before it approves the subscription.",
+    "6. After verification succeeds, subscribe to the **messages** field (and any other WhatsApp webhook categories you need) so delivery status updates are forwarded to OneUptime.",
+  ]
+    .filter(Boolean)
+    .join("\n\n");
+
+  return [
+    description,
+    "### Prerequisites",
+    prerequisitesMarkdown,
+    "### Setup Steps",
+    setupStepsMarkdown,
+    webhookSection,
+    "### Required WhatsApp Templates",
+    templateSummaryTable,
+    "### Template Bodies",
+    "> Copy the exact template body below—including punctuation and spacing—when creating each template inside Meta. The variables list shows every placeholder that must be configured in WhatsApp Manager.",
+    templateBodies,
+  ]
+    .filter(Boolean)
+    .join("\n\n");
+};
+
+const whatsappSetupMarkdown: string = buildWhatsAppSetupMarkdown();
+
+const SettingsWhatsApp: FunctionComponent = (): ReactElement => {
+  const [isSendingTest, setIsSendingTest] = useState<boolean>(false);
+  const [testError, setTestError] = useState<string>("");
+  const [testSuccess, setTestSuccess] = useState<string>("");
+
+  return (
+    <Page
+      title={"Admin Settings"}
+      breadcrumbLinks={[
+        {
+          title: "Admin Dashboard",
+          to: RouteUtil.populateRouteParams(RouteMap[PageMap.HOME] as Route),
+        },
+        {
+          title: "Settings",
+          to: RouteUtil.populateRouteParams(
+            RouteMap[PageMap.SETTINGS] as Route,
+          ),
+        },
+        {
+          title: "WhatsApp",
+          to: RouteUtil.populateRouteParams(
+            RouteMap[PageMap.SETTINGS_WHATSAPP] as Route,
+          ),
+        },
+      ]}
+      sideMenu={<DashboardSideMenu />}
+    >
+      <CardModelDetail
+        name="Meta WhatsApp Settings"
+        cardProps={{
+          title: "Meta WhatsApp Settings",
+          description:
+            "Configure Meta WhatsApp credentials. These values are used to send WhatsApp notifications from OneUptime.",
+        }}
+        isEditable={true}
+        editButtonText="Edit Meta WhatsApp Config"
+        formSteps={[
+          {
+            title: "Credentials",
+            id: "meta-credentials",
+          },
+          {
+            title: "Meta App",
+            id: "meta-app",
+          },
+        ]}
+        formFields={[
+          {
+            field: {
+              metaWhatsAppAccessToken: true,
+            },
+            title: "Access Token",
+            stepId: "meta-credentials",
+            fieldType: FormFieldSchemaType.EncryptedText,
+            required: true,
+            description:
+              "Long-lived access token generated in the Meta WhatsApp Business Platform.",
+            placeholder: "EAAG...",
+          },
+          {
+            field: {
+              metaWhatsAppPhoneNumberId: true,
+            },
+            title: "Phone Number ID",
+            stepId: "meta-credentials",
+            fieldType: FormFieldSchemaType.Text,
+            required: true,
+            description:
+              "The WhatsApp Business phone number ID associated with your sending number.",
+            placeholder: "123456789012345",
+          },
+          {
+            field: {
+              metaWhatsAppBusinessAccountId: true,
+            },
+            title: "Business Account ID",
+            stepId: "meta-credentials",
+            fieldType: FormFieldSchemaType.Text,
+            required: false,
+            description:
+              "Optional Business Account ID that owns the WhatsApp templates.",
+            placeholder: "123456789012345",
+          },
+          {
+            field: {
+              metaWhatsAppWebhookVerifyToken: true,
+            },
+            title: "Webhook Verify Token",
+            stepId: "meta-credentials",
+            fieldType: FormFieldSchemaType.EncryptedText,
+            required: false,
+            description:
+              "Secret token configured in Meta to validate webhook subscription requests.",
+            placeholder: "Webhook verify token",
+          },
+          {
+            field: {
+              metaWhatsAppAppId: true,
+            },
+            title: "App ID",
+            stepId: "meta-app",
+            fieldType: FormFieldSchemaType.Text,
+            required: false,
+            description:
+              "Optional Facebook App ID tied to your WhatsApp integration.",
+            placeholder: "987654321098765",
+          },
+          {
+            field: {
+              metaWhatsAppAppSecret: true,
+            },
+            title: "App Secret",
+            stepId: "meta-app",
+            fieldType: FormFieldSchemaType.EncryptedText,
+            required: false,
+            description:
+              "Optional Facebook App Secret used for webhook signature verification.",
+            placeholder: "Facebook App Secret",
+          },
+        ]}
+        modelDetailProps={{
+          modelType: GlobalConfig,
+          id: "model-detail-global-config-meta-whatsapp",
+          fields: [
+            {
+              field: {
+                metaWhatsAppAccessToken: true,
+              },
+              title: "Access Token",
+              fieldType: FieldType.HiddenText,
+              placeholder: "Not Configured",
+            },
+            {
+              field: {
+                metaWhatsAppPhoneNumberId: true,
+              },
+              title: "Phone Number ID",
+              fieldType: FieldType.Text,
+              placeholder: "Not Configured",
+            },
+            {
+              field: {
+                metaWhatsAppBusinessAccountId: true,
+              },
+              title: "Business Account ID",
+              fieldType: FieldType.Text,
+              placeholder: "Not Configured",
+            },
+            {
+              field: {
+                metaWhatsAppWebhookVerifyToken: true,
+              },
+              title: "Webhook Verify Token",
+              fieldType: FieldType.HiddenText,
+              placeholder: "Not Configured",
+            },
+            {
+              field: {
+                metaWhatsAppAppId: true,
+              },
+              title: "App ID",
+              fieldType: FieldType.Text,
+              placeholder: "Not Configured",
+            },
+            {
+              field: {
+                metaWhatsAppAppSecret: true,
+              },
+              title: "App Secret",
+              fieldType: FieldType.HiddenText,
+              placeholder: "Not Configured",
+            },
+          ],
+          modelId: ObjectID.getZeroObjectID(),
+        }}
+      />
+
+      <Card
+        title="Send Test WhatsApp Message"
+        description="Send a test WhatsApp template message to confirm your Meta configuration."
+      >
+        {testSuccess ? (
+          <Alert
+            type={AlertType.SUCCESS}
+            title={testSuccess}
+            className="mb-4"
+          />
+        ) : (
+          <></>
+        )}
+
+        <BasicForm
+          id="send-test-whatsapp-form"
+          name="Send Test WhatsApp Message"
+          isLoading={isSendingTest}
+          error={testError || ""}
+          submitButtonText="Send Test Message"
+          maxPrimaryButtonWidth={true}
+          initialValues={{
+            phoneNumber: "",
+          }}
+          fields={[
+            {
+              field: {
+                phoneNumber: true,
+              },
+              title: "Recipient WhatsApp Number",
+              description:
+                "Enter the full international phone number (including country code) that should receive the test message.",
+              placeholder: "+11234567890",
+              required: true,
+              fieldType: FormFieldSchemaType.Phone,
+              disableSpellCheck: true,
+            },
+          ]}
+          onSubmit={async (
+            values: JSONObject,
+            onSubmitSuccessful?: () => void,
+          ) => {
+            const toPhone: string = String(values["phoneNumber"] || "").trim();
+
+            if (!toPhone) {
+              setTestSuccess("");
+              setTestError(
+                "Please enter a WhatsApp number before sending a test message.",
+              );
+              return;
+            }
+
+            setIsSendingTest(true);
+            setTestError("");
+            setTestSuccess("");
+
+            try {
+              const response: HTTPResponse<JSONObject> | HTTPErrorResponse =
+                await API.post({
+                  url: URL.fromString(APP_API_URL.toString()).addRoute(
+                    "/notification/whatsapp/test",
+                  ),
+                  data: {
+                    toPhone,
+                    templateKey: WhatsAppTemplateIds.TestNotification,
+                    templateLanguageCode:
+                      WhatsAppTemplateLanguage[
+                        WhatsAppTemplateIds.TestNotification
+                      ],
+                  },
+                });
+
+              if (response instanceof HTTPErrorResponse) {
+                throw response;
+              }
+
+              if (response.isFailure()) {
+                throw new Error("Failed to send test WhatsApp message.");
+              }
+
+              setTestSuccess(
+                "Test WhatsApp message sent successfully. Check the recipient device to confirm delivery.",
+              );
+
+              if (onSubmitSuccessful) {
+                onSubmitSuccessful();
+              }
+            } catch (err) {
+              setTestError(API.getFriendlyMessage(err));
+            } finally {
+              setIsSendingTest(false);
+            }
+          }}
+        />
+      </Card>
+
+      <Card
+        title="Meta WhatsApp Setup Guide"
+        description="Steps to connect Meta WhatsApp and the templates you must provision."
+      >
+        <MarkdownViewer text={whatsappSetupMarkdown} />
+      </Card>
+    </Page>
+  );
+};
+
+export default SettingsWhatsApp;

AdminDashboard/src/Pages/Users/View/Settings.tsx

@@ -0,0 +1,94 @@
+import PageMap from "../../../Utils/PageMap";
+import RouteMap, { RouteUtil } from "../../../Utils/RouteMap";
+import Route from "Common/Types/API/Route";
+import ObjectID from "Common/Types/ObjectID";
+import Navigation from "Common/UI/Utils/Navigation";
+import React, { FunctionComponent, ReactElement } from "react";
+import SideMenuComponent from "./SideMenu";
+import User from "Common/Models/DatabaseModels/User";
+import ModelPage from "Common/UI/Components/Page/ModelPage";
+import CardModelDetail from "Common/UI/Components/ModelDetail/CardModelDetail";
+import FormFieldSchemaType from "Common/UI/Components/Forms/Types/FormFieldSchemaType";
+import FieldType from "Common/UI/Components/Types/FieldType";
+
+const UserSettings: FunctionComponent = (): ReactElement => {
+  const modelId: ObjectID = Navigation.getLastParamAsObjectID(1);
+
+  return (
+    <ModelPage<User>
+      modelId={modelId}
+      modelNameField="email"
+      modelType={User}
+      title={"User"}
+      breadcrumbLinks={[
+        {
+          title: "Admin Dashboard",
+          to: RouteUtil.populateRouteParams(RouteMap[PageMap.HOME] as Route),
+        },
+        {
+          title: "Users",
+          to: RouteUtil.populateRouteParams(RouteMap[PageMap.USERS] as Route),
+        },
+        {
+          title: "User",
+          to: RouteUtil.populateRouteParams(
+            RouteMap[PageMap.USER_VIEW] as Route,
+            {
+              modelId: modelId,
+            },
+          ),
+        },
+        {
+          title: "Settings",
+          to: RouteUtil.populateRouteParams(
+            RouteMap[PageMap.USER_SETTINGS] as Route,
+            {
+              modelId: modelId,
+            },
+          ),
+        },
+      ]}
+      sideMenu={<SideMenuComponent modelId={modelId} />}
+    >
+      <CardModelDetail<User>
+        name="user-master-admin-settings"
+        cardProps={{
+          title: "Master Admin Access",
+          description:
+            "Grant or revoke master admin access for this user. Master admins can manage every project and workspace.",
+        }}
+        isEditable={true}
+        editButtonText="Update Access"
+        formFields={[
+          {
+            field: {
+              isMasterAdmin: true,
+            },
+            title: "Master Admin",
+            description:
+              "Enable to give this user full access to the entire platform.",
+            fieldType: FormFieldSchemaType.Toggle,
+            required: true,
+          },
+        ]}
+        modelDetailProps={{
+          modelType: User,
+          id: "user-master-admin-settings-detail",
+          fields: [
+            {
+              field: {
+                isMasterAdmin: true,
+              },
+              title: "Master Admin",
+              fieldType: FieldType.Boolean,
+              placeholder: "No",
+            },
+          ],
+          modelId: modelId,
+        }}
+      />
+    </ModelPage>
+  );
+};
+
+export default UserSettings;

AdminDashboard/src/Pages/Users/View/SideMenu.tsx

@@ -30,6 +30,18 @@ const SideMenuComponent: FunctionComponent<SideMenuProps> = (
           }}
           icon={IconProp.Info}
         />
+        <SideMenuItem
+          link={{
+            title: "Settings",
+            to: RouteUtil.populateRouteParams(
+              RouteMap[PageMap.USER_SETTINGS] as Route,
+              {
+                modelId: props.modelId,
+              },
+            ),
+          }}
+          icon={IconProp.Settings}
+        />
       </SideMenuSection>
 
       <SideMenuSection title="Advanced">

AdminDashboard/src/Utils/PageMap.ts

@@ -6,6 +6,7 @@ enum PageMap {
 
   USERS = "USERS",
   USER_VIEW = "USER_VIEW",
+  USER_SETTINGS = "USER_SETTINGS",
   USER_DELETE = "USER_DELETE",
 
   PROJECTS = "PROJECTS",
@@ -15,6 +16,7 @@ enum PageMap {
   SETTINGS_HOST = "SETTINGS_HOST",
   SETTINGS_SMTP = "SETTINGS_SMTP",
   SETTINGS_CALL_AND_SMS = "SETTINGS_CALL_AND_SMS",
+  SETTINGS_WHATSAPP = "SETTINGS_WHATSAPP",
   SETTINGS_PROBES = "SETTINGS_PROBES",
   SETTINGS_AUTHENTICATION = "SETTINGS_AUTHENTICATION",
   SETTINGS_API_KEY = "SETTINGS_API_KEY",

AdminDashboard/src/Utils/RouteMap.ts

@@ -18,6 +18,9 @@ const RouteMap: Dictionary<Route> = {
 
   [PageMap.USERS]: new Route(`/admin/users`),
   [PageMap.USER_VIEW]: new Route(`/admin/users/${RouteParams.ModelID}`),
+  [PageMap.USER_SETTINGS]: new Route(
+    `/admin/users/${RouteParams.ModelID}/settings`,
+  ),
   [PageMap.USER_DELETE]: new Route(
     `/admin/users/${RouteParams.ModelID}/delete`,
   ),
@@ -25,6 +28,7 @@ const RouteMap: Dictionary<Route> = {
   [PageMap.SETTINGS_HOST]: new Route(`/admin/settings/host`),
   [PageMap.SETTINGS_SMTP]: new Route(`/admin/settings/smtp`),
   [PageMap.SETTINGS_CALL_AND_SMS]: new Route(`/admin/settings/call-and-sms`),
+  [PageMap.SETTINGS_WHATSAPP]: new Route(`/admin/settings/whatsapp`),
   [PageMap.SETTINGS_PROBES]: new Route(`/admin/settings/probes`),
   [PageMap.SETTINGS_AUTHENTICATION]: new Route(
     `/admin/settings/authentication`,

AdminDashboard/views/index.ejs

@@ -22,7 +22,6 @@
     <!-- End Google Tag Manager -->
     <% } %>
 
-    <link rel="manifest" href="/admin/assets/img/favicons/ma">
     <link rel="apple-touch-icon" sizes="180x180" href="/admin/assets/img/favicons/apple-touch-icon.png">
     <link rel="shortcut icon" href="/admin/assets/img/favicons/favicon.ico">
     <link rel="icon" type="image/png" sizes="32x32" href="/admin/assets/img/favicons/favicon-32x32.png">
@@ -75,20 +74,6 @@
 
     <title>OneUptime Admin Dashboard</title>
 
-   
-    <!--
-      manifest.json provides metadata used when your web app is installed on a
-      user's mobile device or desktop. See https://developers.google.com/web/fundamentals/web-app-manifest/
-    -->
-    <!--
-      Notice the use of %PUBLIC_URL% in the tags above.
-      It will be replaced with the URL of the `public` folder during the build.
-      Only files inside the `public` folder can be referenced from the HTML.
-
-      Unlike "/favicon.ico" or "favicon.ico", "%PUBLIC_URL%/favicon.ico" will
-      work correctly both with client-side routing and a non-root public URL.
-      Learn how to configure a non-root public URL by running `npm run build`.
-    -->
   </head>
   <body class="h-full bg-gray-50">
     <% if(typeof enableGoogleTagManager !== 'undefined' ? enableGoogleTagManager : false){ %> 

App/Dockerfile.tpl

@@ -3,7 +3,7 @@
 #
 
 # Pull base image nodejs image.
-FROM public.ecr.aws/docker/library/node:23.8-alpine3.21
+FROM public.ecr.aws/docker/library/node:24.9-alpine3.21
 RUN mkdir /tmp/npm &&  chmod 2777 /tmp/npm && chown 1000:1000 /tmp/npm && npm config set cache /tmp/npm --global
 
 RUN npm config set fetch-retries 5
@@ -14,9 +14,12 @@ RUN npm config set fetch-retry-maxtimeout 600000
 
 ARG GIT_SHA
 ARG APP_VERSION
+ARG IS_ENTERPRISE_EDITION=false
 
 ENV GIT_SHA=${GIT_SHA}
 ENV APP_VERSION=${APP_VERSION}
+ENV IS_ENTERPRISE_EDITION=${IS_ENTERPRISE_EDITION}
+ENV PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1
 
 
 # IF APP_VERSION is not set, set it to 1.0.0

App/FeatureSet/BaseAPI/Index.ts

@@ -1,5 +1,6 @@
 import BaseAPI from "Common/Server/API/BaseAPI";
 import BaseAnalyticsAPI from "Common/Server/API/BaseAnalyticsAPI";
+import BillingAPI from "Common/Server/API/BillingAPI";
 import BillingInvoiceAPI from "Common/Server/API/BillingInvoiceAPI";
 import BillingPaymentMethodAPI from "Common/Server/API/BillingPaymentMethodAPI";
 import CopilotCodeRepositoryAPI from "Common/Server/API/CopilotCodeRepositoryAPI";
@@ -13,9 +14,11 @@ import TelemetryAPI from "Common/Server/API/TelemetryAPI";
 import ProbeAPI from "Common/Server/API/ProbeAPI";
 import ProjectAPI from "Common/Server/API/ProjectAPI";
 import ProjectSsoAPI from "Common/Server/API/ProjectSSO";
+import WhatsAppLogAPI from "./WhatsAppLogAPI";
 
 // Import API
 import ResellerPlanAPI from "Common/Server/API/ResellerPlanAPI";
+import EnterpriseLicenseAPI from "Common/Server/API/EnterpriseLicenseAPI";
 import MonitorAPI from "Common/Server/API/MonitorAPI";
 import ShortLinkAPI from "Common/Server/API/ShortLinkAPI";
 import StatusPageAPI from "Common/Server/API/StatusPageAPI";
@@ -23,13 +26,21 @@ import WorkspaceNotificationRuleAPI from "Common/Server/API/WorkspaceNotificatio
 import StatusPageDomainAPI from "Common/Server/API/StatusPageDomainAPI";
 import StatusPageSubscriberAPI from "Common/Server/API/StatusPageSubscriberAPI";
 import UserCallAPI from "Common/Server/API/UserCallAPI";
-import UserTwoFactorAuthAPI from "Common/Server/API/UserTwoFactorAuthAPI";
+import UserTotpAuthAPI from "Common/Server/API/UserTotpAuthAPI";
+import UserWebAuthnAPI from "Common/Server/API/UserWebAuthnAPI";
 import MonitorTest from "Common/Models/DatabaseModels/MonitorTest";
+import IncidentInternalNoteAPI from "Common/Server/API/IncidentInternalNoteAPI";
+import IncidentPublicNoteAPI from "Common/Server/API/IncidentPublicNoteAPI";
+import ScheduledMaintenanceInternalNoteAPI from "Common/Server/API/ScheduledMaintenanceInternalNoteAPI";
+import ScheduledMaintenancePublicNoteAPI from "Common/Server/API/ScheduledMaintenancePublicNoteAPI";
+import IncidentAPI from "Common/Server/API/IncidentAPI";
 // User Notification methods.
 import UserEmailAPI from "Common/Server/API/UserEmailAPI";
 import UserNotificationLogTimelineAPI from "Common/Server/API/UserOnCallLogTimelineAPI";
 import UserSMSAPI from "Common/Server/API/UserSmsAPI";
+import UserWhatsAppAPI from "Common/Server/API/UserWhatsAppAPI";
 import UserPushAPI from "Common/Server/API/UserPushAPI";
+import UserAPI from "Common/Server/API/UserAPI";
 import ApiKeyPermissionService, {
   Service as ApiKeyPermissionServiceType,
 } from "Common/Server/Services/ApiKeyPermissionService";
@@ -55,9 +66,7 @@ import EmailVerificationTokenService, {
 import AlertCustomFieldService, {
   Service as AlertCustomFieldServiceType,
 } from "Common/Server/Services/AlertCustomFieldService";
-import AlertInternalNoteService, {
-  Service as AlertInternalNoteServiceType,
-} from "Common/Server/Services/AlertInternalNoteService";
+import AlertInternalNoteAPI from "Common/Server/API/AlertInternalNoteAPI";
 import AlertNoteTemplateService, {
   Service as AlertNoteTemplateServiceType,
 } from "Common/Server/Services/AlertNoteTemplateService";
@@ -88,12 +97,12 @@ import AlertStateTimelineService, {
 import IncidentCustomFieldService, {
   Service as IncidentCustomFieldServiceType,
 } from "Common/Server/Services/IncidentCustomFieldService";
-import IncidentInternalNoteService, {
-  Service as IncidentInternalNoteServiceType,
-} from "Common/Server/Services/IncidentInternalNoteService";
 import IncidentNoteTemplateService, {
   Service as IncidentNoteTemplateServiceType,
 } from "Common/Server/Services/IncidentNoteTemplateService";
+import IncidentPostmortemTemplateService, {
+  Service as IncidentPostmortemTemplateServiceType,
+} from "Common/Server/Services/IncidentPostmortemTemplateService";
 import TableViewService, {
   Service as TableViewServiceType,
 } from "Common/Server/Services/TableViewService";
@@ -103,12 +112,6 @@ import IncidentOwnerTeamService, {
 import IncidentOwnerUserService, {
   Service as IncidentOwnerUserServiceType,
 } from "Common/Server/Services/IncidentOwnerUserService";
-import IncidentPublicNoteService, {
-  Service as IncidentPublicNoteServiceType,
-} from "Common/Server/Services/IncidentPublicNoteService";
-import IncidentService, {
-  Service as IncidentServiceType,
-} from "Common/Server/Services/IncidentService";
 import IncidentSeverityService, {
   Service as IncidentSeverityServiceType,
 } from "Common/Server/Services/IncidentSeverityService";
@@ -137,9 +140,6 @@ import LogService, {
   LogService as LogServiceType,
 } from "Common/Server/Services/LogService";
 
-import TelemetryAttributeService, {
-  TelemetryAttributeService as TelemetryAttributeServiceType,
-} from "Common/Server/Services/TelemetryAttributeService";
 import CopilotActionTypePriorityService, {
   Service as CopilotActionTypePriorityServiceType,
 } from "Common/Server/Services/CopilotActionTypePriorityService";
@@ -227,9 +227,6 @@ import ResellerService, {
 import ScheduledMaintenanceCustomFieldService, {
   Service as ScheduledMaintenanceCustomFieldServiceType,
 } from "Common/Server/Services/ScheduledMaintenanceCustomFieldService";
-import ScheduledMaintenanceInternalNoteService, {
-  Service as ScheduledMaintenanceInternalNoteServiceType,
-} from "Common/Server/Services/ScheduledMaintenanceInternalNoteService";
 import ScheduledMaintenanceNoteTemplateService, {
   Service as ScheduledMaintenanceNoteTemplateServiceType,
 } from "Common/Server/Services/ScheduledMaintenanceNoteTemplateService";
@@ -239,9 +236,6 @@ import ScheduledMaintenanceOwnerTeamService, {
 import ScheduledMaintenanceOwnerUserService, {
   Service as ScheduledMaintenanceOwnerUserServiceType,
 } from "Common/Server/Services/ScheduledMaintenanceOwnerUserService";
-import ScheduledMaintenancePublicNoteService, {
-  Service as ScheduledMaintenancePublicNoteServiceType,
-} from "Common/Server/Services/ScheduledMaintenancePublicNoteService";
 import ScheduledMaintenanceService, {
   Service as ScheduledMaintenanceServiceType,
 } from "Common/Server/Services/ScheduledMaintenanceService";
@@ -282,12 +276,13 @@ import ShortLinkService, {
 import SmsLogService, {
   Service as SmsLogServiceType,
 } from "Common/Server/Services/SmsLogService";
+import PushNotificationLogService, {
+  Service as PushNotificationLogServiceType,
+} from "Common/Server/Services/PushNotificationLogService";
 import SpanService, {
   SpanService as SpanServiceType,
 } from "Common/Server/Services/SpanService";
-import StatusPageAnnouncementService, {
-  Service as StatusPageAnnouncementServiceType,
-} from "Common/Server/Services/StatusPageAnnouncementService";
+import StatusPageAnnouncementAPI from "Common/Server/API/StatusPageAnnouncementAPI";
 import StatusPageCustomFieldService, {
   Service as StatusPageCustomFieldServiceType,
 } from "Common/Server/Services/StatusPageCustomFieldService";
@@ -324,6 +319,9 @@ import TeamMemberService, {
 import TeamPermissionService, {
   Service as TeamPermissionServiceType,
 } from "Common/Server/Services/TeamPermissionService";
+import TeamComplianceSettingService, {
+  TeamComplianceSettingService as TeamComplianceSettingServiceType,
+} from "Common/Server/Services/TeamComplianceSettingService";
 import TeamService, {
   Service as TeamServiceType,
 } from "Common/Server/Services/TeamService";
@@ -342,9 +340,6 @@ import UserNotificationSettingService, {
 import UserOnCallLogService, {
   Service as UserNotificationLogServiceType,
 } from "Common/Server/Services/UserOnCallLogService";
-import UserService, {
-  Service as UserServiceType,
-} from "Common/Server/Services/UserService";
 import WorkflowLogService, {
   Service as WorkflowLogServiceType,
 } from "Common/Server/Services/WorkflowLogService";
@@ -370,6 +365,7 @@ import TelemetryExceptionService, {
 import ExceptionInstanceService, {
   ExceptionInstanceService as ExceptionInstanceServiceType,
 } from "Common/Server/Services/ExceptionInstanceService";
+import AcmeChallengeAPI from "Common/Server/API/AcmeChallengeAPI";
 
 import FeatureSet from "Common/Server/Types/FeatureSet";
 import Express, { ExpressApplication } from "Common/Server/Utils/Express";
@@ -379,6 +375,8 @@ import Span from "Common/Models/AnalyticsModels/Span";
 import ApiKey from "Common/Models/DatabaseModels/ApiKey";
 import ApiKeyPermission from "Common/Models/DatabaseModels/ApiKeyPermission";
 import CallLog from "Common/Models/DatabaseModels/CallLog";
+import PushNotificationLog from "Common/Models/DatabaseModels/PushNotificationLog";
+import WorkspaceNotificationLog from "Common/Models/DatabaseModels/WorkspaceNotificationLog";
 import Domain from "Common/Models/DatabaseModels/Domain";
 import EmailLog from "Common/Models/DatabaseModels/EmailLog";
 import EmailVerificationToken from "Common/Models/DatabaseModels/EmailVerificationToken";
@@ -386,7 +384,6 @@ import Dashboard from "Common/Models/DatabaseModels/Dashboard";
 
 import Alert from "Common/Models/DatabaseModels/Alert";
 import AlertCustomField from "Common/Models/DatabaseModels/AlertCustomField";
-import AlertInternalNote from "Common/Models/DatabaseModels/AlertInternalNote";
 import AlertNoteTemplate from "Common/Models/DatabaseModels/AlertNoteTemplate";
 import AlertOwnerTeam from "Common/Models/DatabaseModels/AlertOwnerTeam";
 import AlertOwnerUser from "Common/Models/DatabaseModels/AlertOwnerUser";
@@ -394,13 +391,11 @@ import AlertSeverity from "Common/Models/DatabaseModels/AlertSeverity";
 import AlertState from "Common/Models/DatabaseModels/AlertState";
 import AlertStateTimeline from "Common/Models/DatabaseModels/AlertStateTimeline";
 
-import Incident from "Common/Models/DatabaseModels/Incident";
 import IncidentCustomField from "Common/Models/DatabaseModels/IncidentCustomField";
-import IncidentInternalNote from "Common/Models/DatabaseModels/IncidentInternalNote";
 import IncidentNoteTemplate from "Common/Models/DatabaseModels/IncidentNoteTemplate";
+import IncidentPostmortemTemplate from "Common/Models/DatabaseModels/IncidentPostmortemTemplate";
 import IncidentOwnerTeam from "Common/Models/DatabaseModels/IncidentOwnerTeam";
 import IncidentOwnerUser from "Common/Models/DatabaseModels/IncidentOwnerUser";
-import IncidentPublicNote from "Common/Models/DatabaseModels/IncidentPublicNote";
 import IncidentSeverity from "Common/Models/DatabaseModels/IncidentSeverity";
 import IncidentState from "Common/Models/DatabaseModels/IncidentState";
 import IncidentStateTimeline from "Common/Models/DatabaseModels/IncidentStateTimeline";
@@ -435,11 +430,9 @@ import PromoCode from "Common/Models/DatabaseModels/PromoCode";
 import Reseller from "Common/Models/DatabaseModels/Reseller";
 import ScheduledMaintenance from "Common/Models/DatabaseModels/ScheduledMaintenance";
 import ScheduledMaintenanceCustomField from "Common/Models/DatabaseModels/ScheduledMaintenanceCustomField";
-import ScheduledMaintenanceInternalNote from "Common/Models/DatabaseModels/ScheduledMaintenanceInternalNote";
 import ScheduledMaintenanceNoteTemplate from "Common/Models/DatabaseModels/ScheduledMaintenanceNoteTemplate";
 import ScheduledMaintenanceOwnerTeam from "Common/Models/DatabaseModels/ScheduledMaintenanceOwnerTeam";
 import ScheduledMaintenanceOwnerUser from "Common/Models/DatabaseModels/ScheduledMaintenanceOwnerUser";
-import ScheduledMaintenancePublicNote from "Common/Models/DatabaseModels/ScheduledMaintenancePublicNote";
 import ScheduledMaintenanceState from "Common/Models/DatabaseModels/ScheduledMaintenanceState";
 import ScheduledMaintenanceStateTimeline from "Common/Models/DatabaseModels/ScheduledMaintenanceStateTimeline";
 import ServiceCatalog from "Common/Models/DatabaseModels/ServiceCatalog";
@@ -448,7 +441,6 @@ import ServiceCatalogOwnerUser from "Common/Models/DatabaseModels/ServiceCatalog
 import ServiceCopilotCodeRepository from "Common/Models/DatabaseModels/ServiceCopilotCodeRepository";
 import ShortLink from "Common/Models/DatabaseModels/ShortLink";
 import SmsLog from "Common/Models/DatabaseModels/SmsLog";
-import StatusPageAnnouncement from "Common/Models/DatabaseModels/StatusPageAnnouncement";
 // Custom Fields API
 import StatusPageCustomField from "Common/Models/DatabaseModels/StatusPageCustomField";
 import StatusPageFooterLink from "Common/Models/DatabaseModels/StatusPageFooterLink";
@@ -464,9 +456,9 @@ import StatusPageSSO from "Common/Models/DatabaseModels/StatusPageSso";
 import Team from "Common/Models/DatabaseModels/Team";
 import TeamMember from "Common/Models/DatabaseModels/TeamMember";
 import TeamPermission from "Common/Models/DatabaseModels/TeamPermission";
+import TeamComplianceSetting from "Common/Models/DatabaseModels/TeamComplianceSetting";
 import TelemetryService from "Common/Models/DatabaseModels/TelemetryService";
 import TelemetryUsageBilling from "Common/Models/DatabaseModels/TelemetryUsageBilling";
-import User from "Common/Models/DatabaseModels/User";
 import UserNotificationRule from "Common/Models/DatabaseModels/UserNotificationRule";
 import UserNotificationSetting from "Common/Models/DatabaseModels/UserNotificationSetting";
 import UserOnCallLog from "Common/Models/DatabaseModels/UserOnCallLog";
@@ -476,10 +468,12 @@ import WorkflowVariable from "Common/Models/DatabaseModels/WorkflowVariable";
 import ProbeOwnerTeam from "Common/Models/DatabaseModels/ProbeOwnerTeam";
 import ProbeOwnerUser from "Common/Models/DatabaseModels/ProbeOwnerUser";
 import ServiceCatalogDependency from "Common/Models/DatabaseModels/ServiceCatalogDependency";
-import TelemetryAttribute from "Common/Models/AnalyticsModels/TelemetryAttribute";
 import ExceptionInstance from "Common/Models/AnalyticsModels/ExceptionInstance";
 import TelemetyException from "Common/Models/DatabaseModels/TelemetryException";
 import CopilotActionTypePriority from "Common/Models/DatabaseModels/CopilotActionTypePriority";
+import WorkspaceNotificationLogService, {
+  Service as WorkspaceNotificationLogServiceType,
+} from "Common/Server/Services/WorkspaceNotificationLogService";
 
 // scheduled maintenance template
 import ScheduledMaintenanceTemplate from "Common/Models/DatabaseModels/ScheduledMaintenanceTemplate";
@@ -513,6 +507,7 @@ import ScheduledMaintenanceFeedService, {
 } from "Common/Server/Services/ScheduledMaintenanceFeedService";
 
 import SlackAPI from "Common/Server/API/SlackAPI";
+import MicrosoftTeamsAPI from "Common/Server/API/MicrosoftTeamsAPI";
 
 import WorkspaceProjectAuthToken from "Common/Models/DatabaseModels/WorkspaceProjectAuthToken";
 import WorkspaceProjectAuthTokenService, {
@@ -530,11 +525,6 @@ import WorkspaceSettingService, {
   Service as WorkspaceSettingServiceType,
 } from "Common/Server/Services/WorkspaceSettingService";
 
-import ProjectUser from "Common/Models/DatabaseModels/ProjectUser";
-import ProjectUserService, {
-  Service as ProjectUserServiceType,
-} from "Common/Server/Services/ProjectUserService";
-
 import MonitorFeed from "Common/Models/DatabaseModels/MonitorFeed";
 import MonitorFeedService, {
   Service as MonitorFeedServiceType,
@@ -547,10 +537,7 @@ import MetricTypeService, {
 import MetricType from "Common/Models/DatabaseModels/MetricType";
 
 import OnCallDutyPolicyAPI from "Common/Server/API/OnCallDutyPolicyAPI";
-
-// OnCallDutyPolicyOwnerTeam
-// OnCallDutyPolicyOwnerUser
-// OnCallDutyPolicyFeed
+import TeamComplianceAPI from "Common/Server/API/TeamComplianceAPI";
 
 import OnCallDutyPolicyFeed from "Common/Models/DatabaseModels/OnCallDutyPolicyFeed";
 import OnCallDutyPolicyFeedService, {
@@ -583,6 +570,18 @@ import StatusPageAnnouncementTemplateService, {
   Service as StatusPageAnnouncementTemplateServiceType,
 } from "Common/Server/Services/StatusPageAnnouncementTemplateService";
 
+// ProjectSCIM
+import ProjectSCIM from "Common/Models/DatabaseModels/ProjectSCIM";
+import ProjectSCIMService, {
+  Service as ProjectSCIMServiceType,
+} from "Common/Server/Services/ProjectSCIMService";
+
+// StatusPageSCIM
+import StatusPageSCIM from "Common/Models/DatabaseModels/StatusPageSCIM";
+import StatusPageSCIMService, {
+  Service as StatusPageSCIMServiceType,
+} from "Common/Server/Services/StatusPageSCIMService";
+
 // Open API Spec
 import OpenAPI from "Common/Server/API/OpenAPI";
 
@@ -594,10 +593,7 @@ const BaseAPIFeatureSet: FeatureSet = {
 
     app.use(
       `/${APP_NAME.toLocaleLowerCase()}`,
-      new BaseAnalyticsAPI<TelemetryAttribute, TelemetryAttributeServiceType>(
-        TelemetryAttribute,
-        TelemetryAttributeService,
-      ).getRouter(),
+      new AcmeChallengeAPI().getRouter(),
     );
 
     app.use(`/${APP_NAME.toLocaleLowerCase()}`, OpenAPI.getRouter());
@@ -618,6 +614,24 @@ const BaseAPIFeatureSet: FeatureSet = {
       ).getRouter(),
     );
 
+    // Project SCIM
+    app.use(
+      `/${APP_NAME.toLocaleLowerCase()}`,
+      new BaseAPI<ProjectSCIM, ProjectSCIMServiceType>(
+        ProjectSCIM,
+        ProjectSCIMService,
+      ).getRouter(),
+    );
+
+    // Status Page SCIM
+    app.use(
+      `/${APP_NAME.toLocaleLowerCase()}`,
+      new BaseAPI<StatusPageSCIM, StatusPageSCIMServiceType>(
+        StatusPageSCIM,
+        StatusPageSCIMService,
+      ).getRouter(),
+    );
+
     // status page announcement templates
     app.use(
       `/${APP_NAME.toLocaleLowerCase()}`,
@@ -698,14 +712,6 @@ const BaseAPIFeatureSet: FeatureSet = {
       ).getRouter(),
     );
 
-    app.use(
-      `/${APP_NAME.toLocaleLowerCase()}`,
-      new BaseAPI<ProjectUser, ProjectUserServiceType>(
-        ProjectUser,
-        ProjectUserService,
-      ).getRouter(),
-    );
-
     //service provider setting
     app.use(
       `/${APP_NAME.toLocaleLowerCase()}`,
@@ -818,10 +824,7 @@ const BaseAPIFeatureSet: FeatureSet = {
 
     app.use(
       `/${APP_NAME.toLocaleLowerCase()}`,
-      new BaseAPI<AlertInternalNote, AlertInternalNoteServiceType>(
-        AlertInternalNote,
-        AlertInternalNoteService,
-      ).getRouter(),
+      new AlertInternalNoteAPI().getRouter(),
     );
 
     app.use(
@@ -1018,10 +1021,7 @@ const BaseAPIFeatureSet: FeatureSet = {
 
     app.use(
       `/${APP_NAME.toLocaleLowerCase()}`,
-      new BaseAPI<StatusPageAnnouncement, StatusPageAnnouncementServiceType>(
-        StatusPageAnnouncement,
-        StatusPageAnnouncementService,
-      ).getRouter(),
+      new StatusPageAnnouncementAPI().getRouter(),
     );
 
     app.use(
@@ -1142,6 +1142,14 @@ const BaseAPIFeatureSet: FeatureSet = {
       ).getRouter(),
     );
 
+    app.use(
+      `/${APP_NAME.toLocaleLowerCase()}`,
+      new BaseAPI<TeamComplianceSetting, TeamComplianceSettingServiceType>(
+        TeamComplianceSetting,
+        TeamComplianceSettingService,
+      ).getRouter(),
+    );
+
     app.use(
       `/${APP_NAME.toLocaleLowerCase()}`,
       new BaseAPI<MonitorStatus, MonitorStatusServiceType>(
@@ -1257,13 +1265,7 @@ const BaseAPIFeatureSet: FeatureSet = {
       ).getRouter(),
     );
 
-    app.use(
-      `/${APP_NAME.toLocaleLowerCase()}`,
-      new BaseAPI<Incident, IncidentServiceType>(
-        Incident,
-        IncidentService,
-      ).getRouter(),
-    );
+    app.use(`/${APP_NAME.toLocaleLowerCase()}`, new IncidentAPI().getRouter());
 
     app.use(
       `/${APP_NAME.toLocaleLowerCase()}`,
@@ -1361,6 +1363,17 @@ const BaseAPIFeatureSet: FeatureSet = {
       ).getRouter(),
     );
 
+    app.use(
+      `/${APP_NAME.toLocaleLowerCase()}`,
+      new BaseAPI<
+        IncidentPostmortemTemplate,
+        IncidentPostmortemTemplateServiceType
+      >(
+        IncidentPostmortemTemplate,
+        IncidentPostmortemTemplateService,
+      ).getRouter(),
+    );
+
     app.use(
       `/${APP_NAME.toLocaleLowerCase()}`,
       new BaseAPI<
@@ -1501,6 +1514,27 @@ const BaseAPIFeatureSet: FeatureSet = {
       new BaseAPI<SmsLog, SmsLogServiceType>(SmsLog, SmsLogService).getRouter(),
     );
 
+    app.use(
+      `/${APP_NAME.toLocaleLowerCase()}`,
+      new WhatsAppLogAPI().getRouter(),
+    );
+
+    app.use(
+      `/${APP_NAME.toLocaleLowerCase()}`,
+      new BaseAPI<PushNotificationLog, PushNotificationLogServiceType>(
+        PushNotificationLog,
+        PushNotificationLogService,
+      ).getRouter(),
+    );
+
+    app.use(
+      `/${APP_NAME.toLocaleLowerCase()}`,
+      new BaseAPI<
+        WorkspaceNotificationLog,
+        WorkspaceNotificationLogServiceType
+      >(WorkspaceNotificationLog, WorkspaceNotificationLogService).getRouter(),
+    );
+
     app.use(
       `/${APP_NAME.toLocaleLowerCase()}`,
       new BaseAPI<EmailLog, EmailLogServiceType>(
@@ -1540,7 +1574,6 @@ const BaseAPIFeatureSet: FeatureSet = {
         MonitorTimelineStatusService,
       ).getRouter(),
     );
-
     app.use(`/${APP_NAME.toLocaleLowerCase()}`, new ShortLinkAPI().getRouter());
     app.use(`/${APP_NAME.toLocaleLowerCase()}`, new MonitorAPI().getRouter());
     app.use(
@@ -1554,6 +1587,12 @@ const BaseAPIFeatureSet: FeatureSet = {
       new OnCallDutyPolicyAPI().getRouter(),
     );
 
+    // TeamComplianceAPI
+    app.use(
+      `/${APP_NAME.toLocaleLowerCase()}`,
+      new TeamComplianceAPI().getRouter(),
+    );
+
     app.use(
       `/${APP_NAME.toLocaleLowerCase()}`,
       new WorkspaceNotificationRuleAPI().getRouter(),
@@ -1577,7 +1616,15 @@ const BaseAPIFeatureSet: FeatureSet = {
       `/${APP_NAME.toLocaleLowerCase()}`,
       new ResellerPlanAPI().getRouter(),
     );
+    app.use(
+      `/${APP_NAME.toLocaleLowerCase()}`,
+      new EnterpriseLicenseAPI().getRouter(),
+    );
     app.use(`/${APP_NAME.toLocaleLowerCase()}`, new SlackAPI().getRouter());
+    app.use(
+      `/${APP_NAME.toLocaleLowerCase()}`,
+      new MicrosoftTeamsAPI().getRouter(),
+    );
     app.use(
       `/${APP_NAME.toLocaleLowerCase()}`,
       new GlobalConfigAPI().getRouter(),
@@ -1605,10 +1652,18 @@ const BaseAPIFeatureSet: FeatureSet = {
     app.use(`/${APP_NAME.toLocaleLowerCase()}`, new UserCallAPI().getRouter());
     app.use(
       `/${APP_NAME.toLocaleLowerCase()}`,
-      new UserTwoFactorAuthAPI().getRouter(),
+      new UserTotpAuthAPI().getRouter(),
+    );
+    app.use(
+      `/${APP_NAME.toLocaleLowerCase()}`,
+      new UserWebAuthnAPI().getRouter(),
     );
     app.use(`/${APP_NAME.toLocaleLowerCase()}`, new UserEmailAPI().getRouter());
     app.use(`/${APP_NAME.toLocaleLowerCase()}`, new UserSMSAPI().getRouter());
+    app.use(
+      `/${APP_NAME.toLocaleLowerCase()}`,
+      new UserWhatsAppAPI().getRouter(),
+    );
     app.use(`/${APP_NAME.toLocaleLowerCase()}`, new UserPushAPI().getRouter());
     app.use(`/${APP_NAME.toLocaleLowerCase()}`, new ProbeAPI().getRouter());
 
@@ -1629,42 +1684,26 @@ const BaseAPIFeatureSet: FeatureSet = {
       new BillingInvoiceAPI().getRouter(),
     );
 
+    app.use(`/${APP_NAME.toLocaleLowerCase()}`, new BillingAPI().getRouter());
+
     app.use(
       `/${APP_NAME.toLocaleLowerCase()}`,
-      new BaseAPI<
-        ScheduledMaintenancePublicNote,
-        ScheduledMaintenancePublicNoteServiceType
-      >(
-        ScheduledMaintenancePublicNote,
-        ScheduledMaintenancePublicNoteService,
-      ).getRouter(),
+      new ScheduledMaintenancePublicNoteAPI().getRouter(),
     );
 
     app.use(
       `/${APP_NAME.toLocaleLowerCase()}`,
-      new BaseAPI<
-        ScheduledMaintenanceInternalNote,
-        ScheduledMaintenanceInternalNoteServiceType
-      >(
-        ScheduledMaintenanceInternalNote,
-        ScheduledMaintenanceInternalNoteService,
-      ).getRouter(),
+      new ScheduledMaintenanceInternalNoteAPI().getRouter(),
     );
 
     app.use(
       `/${APP_NAME.toLocaleLowerCase()}`,
-      new BaseAPI<IncidentPublicNote, IncidentPublicNoteServiceType>(
-        IncidentPublicNote,
-        IncidentPublicNoteService,
-      ).getRouter(),
+      new IncidentPublicNoteAPI().getRouter(),
     );
 
     app.use(
       `/${APP_NAME.toLocaleLowerCase()}`,
-      new BaseAPI<IncidentInternalNote, IncidentInternalNoteServiceType>(
-        IncidentInternalNote,
-        IncidentInternalNoteService,
-      ).getRouter(),
+      new IncidentInternalNoteAPI().getRouter(),
     );
 
     app.use(
@@ -1781,10 +1820,7 @@ const BaseAPIFeatureSet: FeatureSet = {
     app.use(`/${APP_NAME.toLocaleLowerCase()}`, TelemetryAPI);
 
     //attach api's
-    app.use(
-      `/${APP_NAME.toLocaleLowerCase()}`,
-      new BaseAPI<User, UserServiceType>(User, UserService).getRouter(),
-    );
+    app.use(`/${APP_NAME.toLocaleLowerCase()}`, new UserAPI().getRouter());
   },
 };
 

App/FeatureSet/BaseAPI/WhatsAppLogAPI.ts

@@ -0,0 +1,14 @@
+import BaseAPI from "Common/Server/API/BaseAPI";
+import WhatsAppLog from "Common/Models/DatabaseModels/WhatsAppLog";
+import WhatsAppLogService, {
+  Service as WhatsAppLogServiceType,
+} from "Common/Server/Services/WhatsAppLogService";
+
+export default class WhatsAppLogAPI extends BaseAPI<
+  WhatsAppLog,
+  WhatsAppLogServiceType
+> {
+  public constructor() {
+    super(WhatsAppLog, WhatsAppLogService);
+  }
+}

App/FeatureSet/Identity/API/Authentication.ts

@@ -24,23 +24,72 @@ import AccessTokenService from "Common/Server/Services/AccessTokenService";
 import EmailVerificationTokenService from "Common/Server/Services/EmailVerificationTokenService";
 import MailService from "Common/Server/Services/MailService";
 import UserService from "Common/Server/Services/UserService";
-import UserTwoFactorAuthService from "Common/Server/Services/UserTwoFactorAuthService";
+import UserTotpAuthService from "Common/Server/Services/UserTotpAuthService";
+import UserSessionService, {
+  SessionMetadata,
+} from "Common/Server/Services/UserSessionService";
 import CookieUtil from "Common/Server/Utils/Cookie";
 import Express, {
   ExpressRequest,
   ExpressResponse,
   ExpressRouter,
   NextFunction,
+  extractDeviceInfo,
+  getClientIp,
+  headerValueToString,
 } from "Common/Server/Utils/Express";
+import CaptchaUtil from "Common/Server/Utils/Captcha";
 import logger from "Common/Server/Utils/Logger";
 import Response from "Common/Server/Utils/Response";
-import TwoFactorAuth from "Common/Server/Utils/TwoFactorAuth";
+import TotpAuth from "Common/Server/Utils/TotpAuth";
 import EmailVerificationToken from "Common/Models/DatabaseModels/EmailVerificationToken";
 import User from "Common/Models/DatabaseModels/User";
-import UserTwoFactorAuth from "Common/Models/DatabaseModels/UserTwoFactorAuth";
+import UserSession from "Common/Models/DatabaseModels/UserSession";
+import UserTotpAuth from "Common/Models/DatabaseModels/UserTotpAuth";
+import UserWebAuthn from "Common/Models/DatabaseModels/UserWebAuthn";
+import UserWebAuthnService from "Common/Server/Services/UserWebAuthnService";
+import NotAuthenticatedException from "Common/Types/Exception/NotAuthenticatedException";
 
 const router: ExpressRouter = Express.getRouter();
 
+const ACCESS_TOKEN_EXPIRY_SECONDS: number = 15 * 60;
+
+type FinalizeUserLoginInput = {
+  req: ExpressRequest;
+  res: ExpressResponse;
+  user: User;
+  isGlobalLogin: boolean;
+};
+
+const finalizeUserLogin: (
+  data: FinalizeUserLoginInput,
+) => Promise<SessionMetadata> = async (
+  data: FinalizeUserLoginInput,
+): Promise<SessionMetadata> => {
+  const { req, res, user, isGlobalLogin } = data;
+
+  const sessionMetadata: SessionMetadata =
+    await UserSessionService.createSession({
+      userId: user.id!,
+      isGlobalLogin,
+      ipAddress: getClientIp(req),
+      userAgent: headerValueToString(req.headers["user-agent"]),
+      ...extractDeviceInfo(req),
+    });
+
+  CookieUtil.setUserCookie({
+    expressResponse: res,
+    user,
+    isGlobalLogin,
+    sessionId: sessionMetadata.session.id!,
+    refreshToken: sessionMetadata.refreshToken,
+    refreshTokenExpiresAt: sessionMetadata.refreshTokenExpiresAt,
+    accessTokenExpiresInSeconds: ACCESS_TOKEN_EXPIRY_SECONDS,
+  });
+
+  return sessionMetadata;
+};
+
 router.post(
   "/signup",
   async (
@@ -59,6 +108,16 @@ router.post(
         );
       }
 
+      const miscDataProps: JSONObject =
+        (req.body["miscDataProps"] as JSONObject) || {};
+
+      await CaptchaUtil.verifyCaptcha({
+        token:
+          (miscDataProps["captchaToken"] as string | undefined) ||
+          (req.body["captchaToken"] as string | undefined),
+        remoteIp: getClientIp(req) || null,
+      });
+
       const data: JSONObject = req.body["data"];
 
       /* Creating a type that is a partial of the TBaseModel type. */
@@ -183,9 +242,9 @@ router.post(
       if (savedUser) {
         // Refresh Permissions for this user here.
         await AccessTokenService.refreshUserAllPermissions(savedUser.id!);
-
-        CookieUtil.setUserCookie({
-          expressResponse: res,
+        await finalizeUserLogin({
+          req,
+          res,
           user: savedUser,
           isGlobalLogin: true,
         });
@@ -485,6 +544,127 @@ router.post(
   },
 );
 
+router.post(
+  "/refresh-token",
+  async (
+    req: ExpressRequest,
+    res: ExpressResponse,
+    next: NextFunction,
+  ): Promise<void> => {
+    try {
+      const refreshToken: string | undefined =
+        CookieUtil.getRefreshTokenFromExpressRequest(req);
+
+      if (!refreshToken) {
+        CookieUtil.removeAllCookies(req, res);
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new NotAuthenticatedException(
+            "Refresh token missing. Please login again.",
+          ),
+        );
+      }
+
+      const session: UserSession | null =
+        await UserSessionService.findActiveSessionByRefreshToken(refreshToken);
+
+      if (!session || !session.id) {
+        CookieUtil.removeAllCookies(req, res);
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new NotAuthenticatedException("Session expired. Please login again."),
+        );
+      }
+
+      if (
+        session.refreshTokenExpiresAt &&
+        OneUptimeDate.hasExpired(session.refreshTokenExpiresAt)
+      ) {
+        await UserSessionService.revokeSessionById(session.id, {
+          reason: "Refresh token expired",
+        });
+        CookieUtil.removeAllCookies(req, res);
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new NotAuthenticatedException("Session expired. Please login again."),
+        );
+      }
+
+      if (!session.userId) {
+        await UserSessionService.revokeSessionById(session.id, {
+          reason: "Session missing user",
+        });
+        CookieUtil.removeAllCookies(req, res);
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new NotAuthenticatedException("Session expired. Please login again."),
+        );
+      }
+
+      const user: User | null = await UserService.findOneById({
+        id: session.userId,
+        props: {
+          isRoot: true,
+        },
+        select: {
+          _id: true,
+          email: true,
+          name: true,
+          isMasterAdmin: true,
+          profilePictureId: true,
+          timezone: true,
+          enableTwoFactorAuth: true,
+        },
+      });
+
+      if (!user) {
+        await UserSessionService.revokeSessionById(session.id, {
+          reason: "User not found",
+        });
+        CookieUtil.removeAllCookies(req, res);
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new NotAuthenticatedException("Account no longer exists."),
+        );
+      }
+
+      const additionalInfo: JSONObject = (session.additionalInfo ||
+        {}) as JSONObject;
+      const isGlobalLogin: boolean =
+        typeof additionalInfo["isGlobalLogin"] === "boolean"
+          ? (additionalInfo["isGlobalLogin"] as boolean)
+          : true;
+
+      const renewedSession: SessionMetadata =
+        await UserSessionService.renewSessionWithNewRefreshToken({
+          session,
+          ipAddress: getClientIp(req),
+          userAgent: headerValueToString(req.headers["user-agent"]),
+          ...extractDeviceInfo(req),
+        });
+
+      CookieUtil.setUserCookie({
+        expressResponse: res,
+        user,
+        isGlobalLogin,
+        sessionId: renewedSession.session.id!,
+        refreshToken: renewedSession.refreshToken,
+        refreshTokenExpiresAt: renewedSession.refreshTokenExpiresAt,
+        accessTokenExpiresInSeconds: ACCESS_TOKEN_EXPIRY_SECONDS,
+      });
+
+      return Response.sendEmptySuccessResponse(req, res);
+    } catch (err) {
+      return next(err);
+    }
+  },
+);
+
 router.post(
   "/logout",
   async (
@@ -493,6 +673,15 @@ router.post(
     next: NextFunction,
   ): Promise<void> => {
     try {
+      const refreshToken: string | undefined =
+        CookieUtil.getRefreshTokenFromExpressRequest(req);
+
+      if (refreshToken) {
+        await UserSessionService.revokeSessionByRefreshToken(refreshToken, {
+          reason: "User logout",
+        });
+      }
+
       CookieUtil.removeAllCookies(req, res);
 
       return Response.sendEmptySuccessResponse(req, res);
@@ -503,7 +692,7 @@ router.post(
 );
 
 router.post(
-  "/verify-two-factor-auth",
+  "/verify-totp-auth",
   async (
     req: ExpressRequest,
     res: ExpressResponse,
@@ -513,7 +702,25 @@ router.post(
       req: req,
       res: res,
       next: next,
-      verifyTwoFactorAuth: true,
+      verifyTotpAuth: true,
+      verifyWebAuthn: false,
+    });
+  },
+);
+
+router.post(
+  "/verify-webauthn-auth",
+  async (
+    req: ExpressRequest,
+    res: ExpressResponse,
+    next: NextFunction,
+  ): Promise<void> => {
+    return login({
+      req: req,
+      res: res,
+      next: next,
+      verifyTotpAuth: false,
+      verifyWebAuthn: true,
     });
   },
 );
@@ -529,62 +736,111 @@ router.post(
       req: req,
       res: res,
       next: next,
-      verifyTwoFactorAuth: false,
+      verifyTotpAuth: false,
+      verifyWebAuthn: false,
     });
   },
 );
 
-type FetchTwoFactorAuthListFunction = (
-  userId: ObjectID,
-) => Promise<Array<UserTwoFactorAuth>>;
+type FetchTotpAuthListFunction = (userId: ObjectID) => Promise<{
+  totpAuthList: Array<UserTotpAuth>;
+  webAuthnList: Array<UserWebAuthn>;
+}>;
 
-const fetchTwoFactorAuthList: FetchTwoFactorAuthListFunction = async (
+const fetchTotpAuthList: FetchTotpAuthListFunction = async (
   userId: ObjectID,
-): Promise<Array<UserTwoFactorAuth>> => {
-  const twoFactorAuthList: Array<UserTwoFactorAuth> =
-    await UserTwoFactorAuthService.findBy({
-      query: {
-        userId: userId,
-        isVerified: true,
-      },
-      select: {
-        _id: true,
-        userId: true,
-        name: true,
-      },
-      limit: LIMIT_PER_PROJECT,
-      skip: 0,
-      props: {
-        isRoot: true,
-      },
-    });
+): Promise<{
+  totpAuthList: Array<UserTotpAuth>;
+  webAuthnList: Array<UserWebAuthn>;
+}> => {
+  const totpAuthList: Array<UserTotpAuth> = await UserTotpAuthService.findBy({
+    query: {
+      userId: userId,
+      isVerified: true,
+    },
+    select: {
+      _id: true,
+      userId: true,
+      name: true,
+    },
+    limit: LIMIT_PER_PROJECT,
+    skip: 0,
+    props: {
+      isRoot: true,
+    },
+  });
 
-  return twoFactorAuthList;
+  const webAuthnList: Array<UserWebAuthn> = await UserWebAuthnService.findBy({
+    query: {
+      userId: userId,
+      isVerified: true,
+    },
+    select: {
+      _id: true,
+      userId: true,
+      name: true,
+    },
+    limit: LIMIT_PER_PROJECT,
+    skip: 0,
+    props: {
+      isRoot: true,
+    },
+  });
+
+  return {
+    totpAuthList: totpAuthList || [],
+    webAuthnList: webAuthnList || [],
+  };
 };
 
 type LoginFunction = (options: {
   req: ExpressRequest;
   res: ExpressResponse;
   next: NextFunction;
-  verifyTwoFactorAuth: boolean;
+  verifyTotpAuth: boolean;
+  verifyWebAuthn: boolean;
 }) => Promise<void>;
 
 const login: LoginFunction = async (options: {
   req: ExpressRequest;
   res: ExpressResponse;
   next: NextFunction;
-  verifyTwoFactorAuth: boolean;
+  verifyTotpAuth: boolean;
+  verifyWebAuthn: boolean;
 }): Promise<void> => {
   const req: ExpressRequest = options.req;
   const res: ExpressResponse = options.res;
   const next: NextFunction = options.next;
-  const verifyTwoFactorAuth: boolean = options.verifyTwoFactorAuth;
+  const verifyTotpAuth: boolean = options.verifyTotpAuth;
+  const verifyWebAuthn: boolean = options.verifyWebAuthn;
 
   try {
+    const miscDataProps: JSONObject =
+      (req.body["miscDataProps"] as JSONObject) || {};
+
+    if (!verifyTotpAuth && !verifyWebAuthn) {
+      await CaptchaUtil.verifyCaptcha({
+        token:
+          (miscDataProps["captchaToken"] as string | undefined) ||
+          (req.body["captchaToken"] as string | undefined),
+        remoteIp: getClientIp(req) || null,
+      });
+    }
+
     const data: JSONObject = req.body["data"];
 
+    logger.debug("Login request data: " + JSON.stringify(req.body, null, 2));
+
     const user: User = BaseModel.fromJSON(data as JSONObject, User) as User;
 
+    if (!user.email || !user.password) {
+      return Response.sendErrorResponse(
+        req,
+        res,
+        new BadDataException("Email and password are required."),
+      );
+    }
+
     await user.password?.hashValue(EncryptionSecret);
 
     const alreadySavedUser: User | null = await UserService.findOneBy({
@@ -638,13 +894,21 @@ const login: LoginFunction = async (options: {
         );
       }
 
-      if (alreadySavedUser.enableTwoFactorAuth && !verifyTwoFactorAuth) {
+      if (
+        alreadySavedUser.enableTwoFactorAuth &&
+        !verifyTotpAuth &&
+        !verifyWebAuthn
+      ) {
         // If two factor auth is enabled then we will send the user to the two factor auth page.
 
-        const twoFactorAuthList: Array<UserTwoFactorAuth> =
-          await fetchTwoFactorAuthList(alreadySavedUser.id!);
+        const { totpAuthList, webAuthnList } = await fetchTotpAuthList(
+          alreadySavedUser.id!,
+        );
 
-        if (!twoFactorAuthList || twoFactorAuthList.length === 0) {
+        if (
+          (!totpAuthList || totpAuthList.length === 0) &&
+          (!webAuthnList || webAuthnList.length === 0)
+        ) {
           const errorMessage: string = IsBillingEnabled
             ? "Two Factor Authentication is enabled but no two factor auth is setup. Please contact OneUptime support for help."
             : "Two Factor Authentication is enabled but no two factor auth is setup. Please contact your server admin to disable two factor auth for this account.";
@@ -656,69 +920,76 @@ const login: LoginFunction = async (options: {
           );
         }
 
-        return Response.sendEntityResponse(req, res, user, User, {
+        return Response.sendEntityResponse(req, res, alreadySavedUser, User, {
           miscData: {
-            twoFactorAuthList: UserTwoFactorAuth.toJSONArray(
-              twoFactorAuthList,
-              UserTwoFactorAuth,
-            ),
-            twoFactorAuth: true,
+            totpAuthList: UserTotpAuth.toJSONArray(totpAuthList, UserTotpAuth),
+            webAuthnList: UserWebAuthn.toJSONArray(webAuthnList, UserWebAuthn),
           },
         });
       }
 
-      if (verifyTwoFactorAuth) {
-        // code from req
-        const code: string = data["code"] as string;
-        const twoFactorAuthId: string = data["twoFactorAuthId"] as string;
+      if (verifyTotpAuth || verifyWebAuthn) {
+        if (verifyTotpAuth) {
+          // code from req
+          const code: string = data["code"] as string;
+          const twoFactorAuthId: string = data["twoFactorAuthId"] as string;
 
-        const twoFactorAuth: UserTwoFactorAuth | null =
-          await UserTwoFactorAuthService.findOneBy({
-            query: {
-              _id: twoFactorAuthId,
-              userId: alreadySavedUser.id!,
-              isVerified: true,
-            },
-            select: {
-              _id: true,
-              twoFactorSecret: true,
-            },
-            props: {
-              isRoot: true,
-            },
+          const totpAuth: UserTotpAuth | null =
+            await UserTotpAuthService.findOneBy({
+              query: {
+                _id: twoFactorAuthId,
+                userId: alreadySavedUser.id!,
+                isVerified: true,
+              },
+              select: {
+                _id: true,
+                twoFactorSecret: true,
+              },
+              props: {
+                isRoot: true,
+              },
+            });
+
+          if (!totpAuth) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new BadDataException("Invalid two factor auth id."),
+            );
+          }
+
+          const isVerified: boolean = TotpAuth.verifyToken({
+            token: code,
+            secret: totpAuth.twoFactorSecret!,
+            email: alreadySavedUser.email!,
           });
 
-        if (!twoFactorAuth) {
-          return Response.sendErrorResponse(
-            req,
-            res,
-            new BadDataException("Invalid two factor auth id."),
-          );
+          if (!isVerified) {
+            return Response.sendErrorResponse(
+              req,
+              res,
+              new BadDataException("Invalid code."),
+            );
+          }
+        } else if (verifyWebAuthn) {
+          const expectedChallenge: string = data["challenge"] as string;
+          const credential: any = data["credential"];
+
+          await UserWebAuthnService.verifyAuthentication({
+            userId: alreadySavedUser.id!.toString(),
+            challenge: expectedChallenge,
+            credential: credential,
+          });
         }
-
-        const isVerified: boolean = TwoFactorAuth.verifyToken({
-          token: code,
-          secret: twoFactorAuth.twoFactorSecret!,
-          email: alreadySavedUser.email!,
-        });
-
-        if (!isVerified) {
-          return Response.sendErrorResponse(
-            req,
-            res,
-            new BadDataException("Invalid code."),
-          );
-        }
-      }
-
-      // Refresh Permissions for this user here.
+      } // Refresh Permissions for this user here.
       await AccessTokenService.refreshUserAllPermissions(alreadySavedUser.id!);
 
       if (alreadySavedUser.password.toString() === user.password!.toString()) {
         logger.info("User logged in: " + alreadySavedUser.email?.toString());
 
-        CookieUtil.setUserCookie({
-          expressResponse: res,
+        await finalizeUserLogin({
+          req,
+          res,
           user: alreadySavedUser,
           isGlobalLogin: true,
         });

App/FeatureSet/Identity/API/SSO.ts

@@ -20,6 +20,9 @@ import AccessTokenService from "Common/Server/Services/AccessTokenService";
 import ProjectSSOService from "Common/Server/Services/ProjectSsoService";
 import TeamMemberService from "Common/Server/Services/TeamMemberService";
 import UserService from "Common/Server/Services/UserService";
+import UserSessionService, {
+  SessionMetadata,
+} from "Common/Server/Services/UserSessionService";
 import QueryHelper from "Common/Server/Types/Database/QueryHelper";
 import Select from "Common/Server/Types/Database/Select";
 import CookieUtil from "Common/Server/Utils/Cookie";
@@ -28,6 +31,9 @@ import Express, {
   ExpressResponse,
   ExpressRouter,
   NextFunction,
+  extractDeviceInfo,
+  getClientIp,
+  headerValueToString,
 } from "Common/Server/Utils/Express";
 import logger from "Common/Server/Utils/Logger";
 import Response from "Common/Server/Utils/Response";
@@ -40,12 +46,20 @@ import Name from "Common/Types/Name";
 
 const router: ExpressRouter = Express.getRouter();
 
-// This route is used to get the SSO config for the user.
-// when the user logs in from OneUptime and not from the IDP.
+const ACCESS_TOKEN_EXPIRY_SECONDS: number = 15 * 60;
+
+/*
+ * This route is used to get the SSO config for the user.
+ * when the user logs in from OneUptime and not from the IDP.
+ */
 
 router.get(
   "/service-provider-login",
-  async (req: ExpressRequest, res: ExpressResponse): Promise<void> => {
+  async (
+    req: ExpressRequest,
+    res: ExpressResponse,
+    next: NextFunction,
+  ): Promise<void> => {
     try {
       if (!req.query["email"]) {
         return Response.sendErrorResponse(
@@ -150,7 +164,11 @@ router.get(
     } catch (err) {
       logger.error(err);
 
-      Response.sendErrorResponse(req, res, err as Exception);
+      if (err instanceof Exception) {
+        return next(err);
+      }
+
+      return next(new ServerException());
     }
   },
 );
@@ -160,7 +178,7 @@ router.get(
   async (
     req: ExpressRequest,
     res: ExpressResponse,
-    _next: NextFunction,
+    next: NextFunction,
   ): Promise<void> => {
     try {
       if (!req.params["projectId"]) {
@@ -236,22 +254,42 @@ router.get(
     } catch (err) {
       logger.error(err);
 
-      Response.sendErrorResponse(req, res, err as Exception);
+      if (err instanceof Exception) {
+        return next(err);
+      }
+
+      return next(new ServerException());
     }
   },
 );
 
 router.get(
   "/idp-login/:projectId/:projectSsoId",
-  async (req: ExpressRequest, res: ExpressResponse): Promise<void> => {
-    return await loginUserWithSso(req, res);
+  async (
+    req: ExpressRequest,
+    res: ExpressResponse,
+    next: NextFunction,
+  ): Promise<void> => {
+    try {
+      await loginUserWithSso(req, res);
+    } catch (err) {
+      return next(err);
+    }
   },
 );
 
 router.post(
   "/idp-login/:projectId/:projectSsoId",
-  async (req: ExpressRequest, res: ExpressResponse): Promise<void> => {
-    return await loginUserWithSso(req, res);
+  async (
+    req: ExpressRequest,
+    res: ExpressResponse,
+    next: NextFunction,
+  ): Promise<void> => {
+    try {
+      await loginUserWithSso(req, res);
+    } catch (err) {
+      return next(err);
+    }
   },
 );
 
@@ -434,8 +472,10 @@ const loginUserWithSso: LoginUserWithSsoFunction = async (
       isNewUser = true;
     }
 
-    // If he does not then add him to teams that he should belong and log in.
-    // This should never happen because email is verified before he logs in with SSO.
+    /*
+     * If he does not then add him to teams that he should belong and log in.
+     * This should never happen because email is verified before he logs in with SSO.
+     */
     if (!alreadySavedUser.isEmailVerified && !isNewUser) {
       await AuthenticationEmail.sendVerificationEmail(alreadySavedUser!);
 
@@ -507,15 +547,31 @@ const loginUserWithSso: LoginUserWithSsoFunction = async (
       expressResponse: res,
     });
 
+    // Refresh Permissions for this user here.
+    await AccessTokenService.refreshUserAllPermissions(alreadySavedUser.id!);
+
+    const sessionMetadata: SessionMetadata =
+      await UserSessionService.createSession({
+        userId: alreadySavedUser.id!,
+        isGlobalLogin: false,
+        ipAddress: getClientIp(req),
+        userAgent: headerValueToString(req.headers["user-agent"]),
+        ...extractDeviceInfo(req),
+        additionalInfo: {
+          projectId: projectId.toString(),
+        },
+      });
+
     CookieUtil.setUserCookie({
       expressResponse: res,
       user: alreadySavedUser,
       isGlobalLogin: false,
+      sessionId: sessionMetadata.session.id!,
+      refreshToken: sessionMetadata.refreshToken,
+      refreshTokenExpiresAt: sessionMetadata.refreshTokenExpiresAt,
+      accessTokenExpiresInSeconds: ACCESS_TOKEN_EXPIRY_SECONDS,
     });
 
-    // Refresh Permissions for this user here.
-    await AccessTokenService.refreshUserAllPermissions(alreadySavedUser.id!);
-
     const host: Hostname = await DatabaseConfig.getHost();
     const httpProtocol: Protocol = await DatabaseConfig.getHttpProtocol();
 

App/FeatureSet/Identity/API/StatusPageAuthentication.ts

@@ -1,35 +1,145 @@
 import BaseModel from "Common/Models/DatabaseModels/DatabaseBaseModel/DatabaseBaseModel";
-import { FileRoute } from "Common/ServiceRoute";
+import { StatusPageApiRoute } from "Common/ServiceRoute";
 import Hostname from "Common/Types/API/Hostname";
 import Protocol from "Common/Types/API/Protocol";
 import URL from "Common/Types/API/URL";
 import OneUptimeDate from "Common/Types/Date";
 import EmailTemplateType from "Common/Types/Email/EmailTemplateType";
 import BadDataException from "Common/Types/Exception/BadDataException";
+import NotAuthenticatedException from "Common/Types/Exception/NotAuthenticatedException";
 import { JSONObject } from "Common/Types/JSON";
 import JSONFunctions from "Common/Types/JSONFunctions";
 import ObjectID from "Common/Types/ObjectID";
-import PositiveNumber from "Common/Types/PositiveNumber";
 import DatabaseConfig from "Common/Server/DatabaseConfig";
 import { EncryptionSecret } from "Common/Server/EnvironmentConfig";
 import MailService from "Common/Server/Services/MailService";
 import StatusPagePrivateUserService from "Common/Server/Services/StatusPagePrivateUserService";
 import StatusPageService from "Common/Server/Services/StatusPageService";
+import StatusPagePrivateUserSessionService, {
+  SessionMetadata as StatusPageSessionMetadata,
+} from "Common/Server/Services/StatusPagePrivateUserSessionService";
 import CookieUtil from "Common/Server/Utils/Cookie";
+import JSONWebToken from "Common/Server/Utils/JsonWebToken";
 import Express, {
   ExpressRequest,
   ExpressResponse,
   ExpressRouter,
   NextFunction,
+  extractDeviceInfo,
+  getClientIp,
+  headerValueToString,
 } from "Common/Server/Utils/Express";
-import JSONWebToken from "Common/Server/Utils/JsonWebToken";
 import logger from "Common/Server/Utils/Logger";
 import Response from "Common/Server/Utils/Response";
 import StatusPage from "Common/Models/DatabaseModels/StatusPage";
 import StatusPagePrivateUser from "Common/Models/DatabaseModels/StatusPagePrivateUser";
+import StatusPagePrivateUserSession from "Common/Models/DatabaseModels/StatusPagePrivateUserSession";
+import { MASTER_PASSWORD_COOKIE_IDENTIFIER } from "Common/Types/StatusPage/MasterPassword";
 
 const router: ExpressRouter = Express.getRouter();
 
+const ACCESS_TOKEN_EXPIRY_SECONDS: number = 15 * 60;
+
+type MasterPasswordAuthInput = {
+  req: ExpressRequest;
+  res?: ExpressResponse;
+  statusPageId: ObjectID;
+};
+
+const hasValidMasterPasswordSession: (
+  data: MasterPasswordAuthInput,
+) => boolean = (data: MasterPasswordAuthInput): boolean => {
+  const token: string | undefined = CookieUtil.getCookieFromExpressRequest(
+    data.req,
+    CookieUtil.getStatusPageMasterPasswordKey(data.statusPageId),
+  );
+
+  if (!token) {
+    return false;
+  }
+
+  try {
+    const payload: JSONObject = JSONWebToken.decodeJsonPayload(token);
+
+    return (
+      payload["statusPageId"] === data.statusPageId.toString() &&
+      payload["type"] === MASTER_PASSWORD_COOKIE_IDENTIFIER
+    );
+  } catch (err) {
+    logger.error(err);
+  }
+
+  return false;
+};
+
+const respondWithMasterPasswordAccess: (
+  data: MasterPasswordAuthInput & { res: ExpressResponse },
+) => boolean = (
+  data: MasterPasswordAuthInput & { res: ExpressResponse },
+): boolean => {
+  if (!hasValidMasterPasswordSession(data)) {
+    return false;
+  }
+
+  Response.sendEmptySuccessResponse(data.req, data.res);
+  return true;
+};
+
+type FinalizeStatusPageLoginInput = {
+  req: ExpressRequest;
+  res: ExpressResponse;
+  user: StatusPagePrivateUser;
+};
+
+const finalizeStatusPageLogin: (data: FinalizeStatusPageLoginInput) => Promise<{
+  sessionMetadata: StatusPageSessionMetadata;
+  accessToken: string;
+}> = async (
+  data: FinalizeStatusPageLoginInput,
+): Promise<{
+  sessionMetadata: StatusPageSessionMetadata;
+  accessToken: string;
+}> => {
+  const { req, res, user } = data;
+
+  if (!user.projectId) {
+    throw new BadDataException(
+      "Status page user is missing associated projectId.",
+    );
+  }
+
+  if (!user.statusPageId) {
+    throw new BadDataException(
+      "Status page user is missing associated statusPageId.",
+    );
+  }
+
+  const sessionMetadata: StatusPageSessionMetadata =
+    await StatusPagePrivateUserSessionService.createSession({
+      projectId: user.projectId,
+      statusPageId: user.statusPageId,
+      statusPagePrivateUserId: user.id!,
+      ipAddress: getClientIp(req),
+      userAgent: headerValueToString(req.headers["user-agent"]),
+      ...extractDeviceInfo(req),
+    });
+
+  const accessToken: string = CookieUtil.setStatusPagePrivateUserCookie({
+    expressResponse: res,
+    user,
+    statusPageId: user.statusPageId,
+    sessionId: sessionMetadata.session.id!,
+    refreshToken: sessionMetadata.refreshToken,
+    refreshTokenExpiresAt: sessionMetadata.refreshTokenExpiresAt,
+    accessTokenExpiresInSeconds: ACCESS_TOKEN_EXPIRY_SECONDS,
+  });
+
+  return {
+    sessionMetadata,
+    accessToken,
+  };
+};
+
 router.post(
   "/logout/:statuspageid",
   async (
@@ -46,7 +156,21 @@ router.post(
         req.params["statuspageid"].toString(),
       );
 
-      CookieUtil.removeCookie(res, CookieUtil.getUserTokenKey(statusPageId)); // remove the cookie.
+      const refreshToken: string | undefined =
+        CookieUtil.getRefreshTokenFromExpressRequest(req, statusPageId);
+
+      if (refreshToken) {
+        await StatusPagePrivateUserSessionService.revokeSessionByRefreshToken(
+          refreshToken,
+          {
+            reason: "User logged out",
+          },
+        );
+      }
+
+      CookieUtil.removeCookie(res, CookieUtil.getUserTokenKey(statusPageId));
+      CookieUtil.removeCookie(res, CookieUtil.getRefreshTokenKey(statusPageId));
+      CookieUtil.removeStatusPageMasterPasswordCookie(res, statusPageId);
 
       return Response.sendEmptySuccessResponse(req, res);
     } catch (err) {
@@ -55,6 +179,258 @@ router.post(
   },
 );
 
+router.post(
+  "/refresh-token/:statuspageid",
+  async (
+    req: ExpressRequest,
+    res: ExpressResponse,
+    next: NextFunction,
+  ): Promise<void> => {
+    try {
+      const statusPageIdParam: string | undefined = req.params["statuspageid"];
+
+      if (!statusPageIdParam) {
+        throw new BadDataException("Status Page ID is required.");
+      }
+
+      const statusPageId: ObjectID = new ObjectID(statusPageIdParam.toString());
+
+      const refreshToken: string | undefined =
+        CookieUtil.getRefreshTokenFromExpressRequest(req, statusPageId);
+
+      if (!refreshToken) {
+        CookieUtil.removeCookie(res, CookieUtil.getUserTokenKey(statusPageId));
+        CookieUtil.removeCookie(
+          res,
+          CookieUtil.getRefreshTokenKey(statusPageId),
+        );
+
+        if (
+          respondWithMasterPasswordAccess({
+            req,
+            res,
+            statusPageId,
+          })
+        ) {
+          return;
+        }
+
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new NotAuthenticatedException(
+            "Refresh token missing. Please login again.",
+          ),
+        );
+      }
+
+      const session: StatusPagePrivateUserSession | null =
+        await StatusPagePrivateUserSessionService.findActiveSessionByRefreshToken(
+          refreshToken,
+        );
+
+      if (!session || !session.id || !session.statusPageId) {
+        CookieUtil.removeCookie(res, CookieUtil.getUserTokenKey(statusPageId));
+        CookieUtil.removeCookie(
+          res,
+          CookieUtil.getRefreshTokenKey(statusPageId),
+        );
+
+        if (
+          respondWithMasterPasswordAccess({
+            req,
+            res,
+            statusPageId,
+          })
+        ) {
+          return;
+        }
+
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new NotAuthenticatedException("Session expired. Please login again."),
+        );
+      }
+
+      if (session.statusPageId.toString() !== statusPageId.toString()) {
+        await StatusPagePrivateUserSessionService.revokeSessionById(
+          session.id,
+          {
+            reason: "Status page mismatch",
+          },
+        );
+
+        CookieUtil.removeCookie(res, CookieUtil.getUserTokenKey(statusPageId));
+        CookieUtil.removeCookie(
+          res,
+          CookieUtil.getRefreshTokenKey(statusPageId),
+        );
+
+        if (
+          respondWithMasterPasswordAccess({
+            req,
+            res,
+            statusPageId,
+          })
+        ) {
+          return;
+        }
+
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new NotAuthenticatedException("Session expired. Please login again."),
+        );
+      }
+
+      if (
+        session.refreshTokenExpiresAt &&
+        OneUptimeDate.hasExpired(session.refreshTokenExpiresAt)
+      ) {
+        await StatusPagePrivateUserSessionService.revokeSessionById(
+          session.id,
+          {
+            reason: "Refresh token expired",
+          },
+        );
+
+        CookieUtil.removeCookie(res, CookieUtil.getUserTokenKey(statusPageId));
+        CookieUtil.removeCookie(
+          res,
+          CookieUtil.getRefreshTokenKey(statusPageId),
+        );
+
+        if (
+          respondWithMasterPasswordAccess({
+            req,
+            res,
+            statusPageId,
+          })
+        ) {
+          return;
+        }
+
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new NotAuthenticatedException("Session expired. Please login again."),
+        );
+      }
+
+      if (!session.statusPagePrivateUserId) {
+        await StatusPagePrivateUserSessionService.revokeSessionById(
+          session.id,
+          {
+            reason: "Session missing user",
+          },
+        );
+
+        CookieUtil.removeCookie(res, CookieUtil.getUserTokenKey(statusPageId));
+        CookieUtil.removeCookie(
+          res,
+          CookieUtil.getRefreshTokenKey(statusPageId),
+        );
+
+        if (
+          respondWithMasterPasswordAccess({
+            req,
+            res,
+            statusPageId,
+          })
+        ) {
+          return;
+        }
+
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new NotAuthenticatedException("Session expired. Please login again."),
+        );
+      }
+
+      const user: StatusPagePrivateUser | null =
+        await StatusPagePrivateUserService.findOneById({
+          id: session.statusPagePrivateUserId,
+          props: {
+            isRoot: true,
+          },
+          select: {
+            _id: true,
+            email: true,
+            statusPageId: true,
+            projectId: true,
+          },
+        });
+
+      if (!user) {
+        await StatusPagePrivateUserSessionService.revokeSessionById(
+          session.id,
+          {
+            reason: "User not found",
+          },
+        );
+
+        CookieUtil.removeCookie(res, CookieUtil.getUserTokenKey(statusPageId));
+        CookieUtil.removeCookie(
+          res,
+          CookieUtil.getRefreshTokenKey(statusPageId),
+        );
+
+        if (
+          respondWithMasterPasswordAccess({
+            req,
+            res,
+            statusPageId,
+          })
+        ) {
+          return;
+        }
+
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new NotAuthenticatedException("Account no longer exists."),
+        );
+      }
+
+      const renewedSession: StatusPageSessionMetadata =
+        await StatusPagePrivateUserSessionService.renewSessionWithNewRefreshToken(
+          {
+            session,
+            ipAddress: getClientIp(req),
+            userAgent: headerValueToString(req.headers["user-agent"]),
+            ...extractDeviceInfo(req),
+          },
+        );
+
+      const accessToken: string = CookieUtil.setStatusPagePrivateUserCookie({
+        expressResponse: res,
+        user,
+        statusPageId: user.statusPageId!,
+        sessionId: renewedSession.session.id!,
+        refreshToken: renewedSession.refreshToken,
+        refreshTokenExpiresAt: renewedSession.refreshTokenExpiresAt,
+        accessTokenExpiresInSeconds: ACCESS_TOKEN_EXPIRY_SECONDS,
+      });
+
+      return Response.sendEntityResponse(
+        req,
+        res,
+        user,
+        StatusPagePrivateUser,
+        {
+          miscData: {
+            token: accessToken,
+          },
+        },
+      );
+    } catch (err) {
+      return next(err);
+    }
+  },
+);
+
 router.post(
   "/forgot-password",
   async (
@@ -146,6 +522,8 @@ router.post(
 
         const host: Hostname = await DatabaseConfig.getHost();
         const httpProtocol: Protocol = await DatabaseConfig.getHttpProtocol();
+        const statusPageIdString: string | null =
+          statusPage.id?.toString() || statusPage._id?.toString() || null;
 
         MailService.sendMail(
           {
@@ -154,12 +532,13 @@ router.post(
             templateType: EmailTemplateType.StatusPageForgotPassword,
             vars: {
               statusPageName: statusPageName!,
-              logoUrl: statusPage.logoFileId
-                ? new URL(httpProtocol, host)
-                    .addRoute(FileRoute)
-                    .addRoute("/image/" + statusPage.logoFileId)
-                    .toString()
-                : "",
+              logoUrl:
+                statusPage.logoFileId && statusPageIdString
+                  ? new URL(httpProtocol, host)
+                      .addRoute(StatusPageApiRoute)
+                      .addRoute(`/logo/${statusPageIdString}`)
+                      .toString()
+                  : "",
               homeURL: statusPageURL,
               tokenVerifyUrl: URL.fromString(statusPageURL)
                 .addRoute("/reset-password/" + token)
@@ -168,6 +547,7 @@ router.post(
           },
           {
             projectId: statusPage.projectId!,
+            statusPageId: statusPage.id!,
           },
         ).catch((err: Error) => {
           logger.error(err);
@@ -287,6 +667,8 @@ router.post(
 
       const host: Hostname = await DatabaseConfig.getHost();
       const httpProtocol: Protocol = await DatabaseConfig.getHttpProtocol();
+      const statusPageIdString: string | null =
+        statusPage.id?.toString() || statusPage._id?.toString() || null;
 
       MailService.sendMail(
         {
@@ -296,16 +678,18 @@ router.post(
           vars: {
             homeURL: statusPageURL,
             statusPageName: statusPageName || "",
-            logoUrl: statusPage.logoFileId
-              ? new URL(httpProtocol, host)
-                  .addRoute(FileRoute)
-                  .addRoute("/image/" + statusPage.logoFileId)
-                  .toString()
-              : "",
+            logoUrl:
+              statusPage.logoFileId && statusPageIdString
+                ? new URL(httpProtocol, host)
+                    .addRoute(StatusPageApiRoute)
+                    .addRoute(`/logo/${statusPageIdString}`)
+                    .toString()
+                : "",
           },
         },
         {
           projectId: statusPage.projectId!,
+          statusPageId: statusPage.id!,
         },
       ).catch((err: Error) => {
         logger.error(err);
@@ -374,6 +758,7 @@ router.post(
             password: true,
             email: true,
             statusPageId: true,
+            projectId: true,
           },
           props: {
             isRoot: true,
@@ -381,31 +766,38 @@ router.post(
         });
 
       if (alreadySavedUser) {
-        const token: string = JSONWebToken.sign({
-          data: alreadySavedUser,
-          expiresInSeconds: OneUptimeDate.getSecondsInDays(
-            new PositiveNumber(30),
-          ),
+        const { accessToken } = await finalizeStatusPageLogin({
+          req,
+          res,
+          user: alreadySavedUser,
         });
 
-        CookieUtil.setCookie(
-          res,
-          CookieUtil.getUserTokenKey(alreadySavedUser.statusPageId!),
-          token,
-          {
-            httpOnly: true,
-            maxAge: OneUptimeDate.getMillisecondsInDays(new PositiveNumber(30)),
-          },
-        );
+        const sanitizedUser: StatusPagePrivateUser | null =
+          await StatusPagePrivateUserService.findOneById({
+            id: alreadySavedUser.id!,
+            props: {
+              isRoot: true,
+            },
+            select: {
+              _id: true,
+              email: true,
+              statusPageId: true,
+              projectId: true,
+            },
+          });
+
+        if (!sanitizedUser && (alreadySavedUser as any).password) {
+          delete (alreadySavedUser as any).password;
+        }
 
         return Response.sendEntityResponse(
           req,
           res,
-          alreadySavedUser,
+          sanitizedUser || alreadySavedUser,
           StatusPagePrivateUser,
           {
             miscData: {
-              token: token,
+              token: accessToken,
             },
           },
         );

App/FeatureSet/Identity/API/StatusPageSCIM.ts

@@ -0,0 +1,606 @@
+import SCIMMiddleware from "Common/Server/Middleware/SCIMAuthorization";
+import StatusPagePrivateUserService from "Common/Server/Services/StatusPagePrivateUserService";
+import Express, {
+  ExpressRequest,
+  ExpressResponse,
+  ExpressRouter,
+  NextFunction,
+  OneUptimeRequest,
+} from "Common/Server/Utils/Express";
+import Response from "Common/Server/Utils/Response";
+import logger from "Common/Server/Utils/Logger";
+import ObjectID from "Common/Types/ObjectID";
+import Email from "Common/Types/Email";
+import { JSONObject } from "Common/Types/JSON";
+import StatusPagePrivateUser from "Common/Models/DatabaseModels/StatusPagePrivateUser";
+import StatusPageSCIM from "Common/Models/DatabaseModels/StatusPageSCIM";
+import BadRequestException from "Common/Types/Exception/BadRequestException";
+import NotFoundException from "Common/Types/Exception/NotFoundException";
+import LIMIT_MAX, { LIMIT_PER_PROJECT } from "Common/Types/Database/LimitMax";
+import {
+  formatUserForSCIM,
+  generateServiceProviderConfig,
+} from "../Utils/SCIMUtils";
+import Text from "Common/Types/Text";
+import HashedString from "Common/Types/HashedString";
+
+const router: ExpressRouter = Express.getRouter();
+
+// SCIM Service Provider Configuration - GET /status-page-scim/v2/ServiceProviderConfig
+router.get(
+  "/status-page-scim/v2/:statusPageScimId/ServiceProviderConfig",
+  SCIMMiddleware.isAuthorizedSCIMRequest,
+  async (
+    req: ExpressRequest,
+    res: ExpressResponse,
+    next: NextFunction,
+  ): Promise<void> => {
+    try {
+      logger.debug(
+        `Status Page SCIM ServiceProviderConfig - scimId: ${req.params["statusPageScimId"]!}`,
+      );
+
+      const serviceProviderConfig: JSONObject = generateServiceProviderConfig(
+        req,
+        req.params["statusPageScimId"]!,
+        "status-page",
+      );
+
+      return Response.sendJsonObjectResponse(req, res, serviceProviderConfig);
+    } catch (err) {
+      logger.error(err);
+      return next(err);
+    }
+  },
+);
+
+// Status Page Users endpoint - GET /status-page-scim/v2/Users
+router.get(
+  "/status-page-scim/v2/:statusPageScimId/Users",
+  SCIMMiddleware.isAuthorizedSCIMRequest,
+  async (
+    req: ExpressRequest,
+    res: ExpressResponse,
+    next: NextFunction,
+  ): Promise<void> => {
+    try {
+      logger.debug(
+        `Status Page SCIM Users list request for statusPageScimId: ${req.params["statusPageScimId"]}`,
+      );
+      const oneuptimeRequest: OneUptimeRequest = req as OneUptimeRequest;
+      const bearerData: JSONObject =
+        oneuptimeRequest.bearerTokenData as JSONObject;
+      const statusPageId: ObjectID = bearerData["statusPageId"] as ObjectID;
+
+      // Parse query parameters
+      const startIndex: number =
+        parseInt(req.query["startIndex"] as string) || 1;
+      const count: number = Math.min(
+        parseInt(req.query["count"] as string) || 100,
+        LIMIT_PER_PROJECT,
+      );
+      const filter: string = req.query["filter"] as string;
+
+      logger.debug(
+        `Status Page SCIM Users - statusPageId: ${statusPageId}, startIndex: ${startIndex}, count: ${count}, filter: ${filter || "none"}`,
+      );
+
+      // Build query for status page users
+      const query: any = {
+        statusPageId: statusPageId,
+      };
+
+      // Handle SCIM filter for userName
+      if (filter) {
+        const emailMatch: RegExpMatchArray | null = filter.match(
+          /userName eq "([^"]+)"/i,
+        );
+        if (emailMatch) {
+          const email: string = emailMatch[1]!;
+          logger.debug(
+            `Status Page SCIM Users list - statusPageScimId: ${req.params["statusPageScimId"]!}, filter by email: ${email}`,
+          );
+
+          if (email) {
+            if (Email.isValid(email)) {
+              query.email = new Email(email);
+              logger.debug(
+                `Status Page SCIM Users list - statusPageScimId: ${req.params["statusPageScimId"]!}, filtering by email: ${email}`,
+              );
+            } else {
+              logger.debug(
+                `Status Page SCIM Users list - statusPageScimId: ${req.params["statusPageScimId"]!}, invalid email format in filter: ${email}`,
+              );
+              return Response.sendJsonObjectResponse(req, res, {
+                schemas: ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
+                totalResults: 0,
+                startIndex: startIndex,
+                itemsPerPage: 0,
+                Resources: [],
+              });
+            }
+          }
+        }
+      }
+
+      // Get all private users for this status page
+      const statusPageUsers: Array<StatusPagePrivateUser> =
+        await StatusPagePrivateUserService.findBy({
+          query: query,
+          select: {
+            _id: true,
+            email: true,
+            createdAt: true,
+            updatedAt: true,
+          },
+          skip: 0,
+          limit: LIMIT_MAX,
+          props: { isRoot: true },
+        });
+
+      logger.debug(
+        `Status Page SCIM Users - found ${statusPageUsers.length} users`,
+      );
+
+      // Format users for SCIM
+      const users: Array<JSONObject> = statusPageUsers.map(
+        (user: StatusPagePrivateUser) => {
+          return formatUserForSCIM(
+            user,
+            req,
+            req.params["statusPageScimId"]!,
+            "status-page",
+          );
+        },
+      );
+
+      // Paginate the results
+      const paginatedUsers: Array<JSONObject> = users.slice(
+        (startIndex - 1) * count,
+        startIndex * count,
+      );
+
+      logger.debug(
+        `Status Page SCIM Users response prepared with ${users.length} users`,
+      );
+
+      return Response.sendJsonObjectResponse(req, res, {
+        schemas: ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
+        totalResults: users.length,
+        startIndex: startIndex,
+        itemsPerPage: paginatedUsers.length,
+        Resources: paginatedUsers,
+      });
+    } catch (err) {
+      logger.error(err);
+      return next(err);
+    }
+  },
+);
+
+// Get Individual Status Page User - GET /status-page-scim/v2/Users/{id}
+router.get(
+  "/status-page-scim/v2/:statusPageScimId/Users/:userId",
+  SCIMMiddleware.isAuthorizedSCIMRequest,
+  async (
+    req: ExpressRequest,
+    res: ExpressResponse,
+    next: NextFunction,
+  ): Promise<void> => {
+    try {
+      logger.debug(
+        `Status Page SCIM Get individual user request for userId: ${req.params["userId"]}, statusPageScimId: ${req.params["statusPageScimId"]}`,
+      );
+      const oneuptimeRequest: OneUptimeRequest = req as OneUptimeRequest;
+      const bearerData: JSONObject =
+        oneuptimeRequest.bearerTokenData as JSONObject;
+      const statusPageId: ObjectID = bearerData["statusPageId"] as ObjectID;
+      const userId: string = req.params["userId"]!;
+
+      logger.debug(
+        `Status Page SCIM Get user - statusPageId: ${statusPageId}, userId: ${userId}`,
+      );
+
+      if (!userId) {
+        throw new BadRequestException("User ID is required");
+      }
+
+      // Check if user exists and belongs to this status page
+      const statusPageUser: StatusPagePrivateUser | null =
+        await StatusPagePrivateUserService.findOneBy({
+          query: {
+            statusPageId: statusPageId,
+            _id: new ObjectID(userId),
+          },
+          select: {
+            _id: true,
+            email: true,
+            createdAt: true,
+            updatedAt: true,
+          },
+          props: { isRoot: true },
+        });
+
+      if (!statusPageUser) {
+        logger.debug(
+          `Status Page SCIM Get user - user not found for userId: ${userId}`,
+        );
+        throw new NotFoundException(
+          "User not found or not part of this status page",
+        );
+      }
+
+      const user: JSONObject = formatUserForSCIM(
+        statusPageUser,
+        req,
+        req.params["statusPageScimId"]!,
+        "status-page",
+      );
+
+      logger.debug(
+        `Status Page SCIM Get user - returning user with id: ${statusPageUser.id}`,
+      );
+
+      return Response.sendJsonObjectResponse(req, res, user);
+    } catch (err) {
+      logger.error(err);
+      return next(err);
+    }
+  },
+);
+
+// Create Status Page User - POST /status-page-scim/v2/Users
+router.post(
+  "/status-page-scim/v2/:statusPageScimId/Users",
+  SCIMMiddleware.isAuthorizedSCIMRequest,
+  async (
+    req: ExpressRequest,
+    res: ExpressResponse,
+    next: NextFunction,
+  ): Promise<void> => {
+    try {
+      logger.debug(
+        `Status Page SCIM Create user request for statusPageScimId: ${req.params["statusPageScimId"]}`,
+      );
+      const oneuptimeRequest: OneUptimeRequest = req as OneUptimeRequest;
+      const bearerData: JSONObject =
+        oneuptimeRequest.bearerTokenData as JSONObject;
+      const statusPageId: ObjectID = bearerData["statusPageId"] as ObjectID;
+      const scimConfig: StatusPageSCIM = bearerData[
+        "scimConfig"
+      ] as StatusPageSCIM;
+
+      if (!scimConfig.autoProvisionUsers) {
+        throw new BadRequestException(
+          "Auto-provisioning is disabled for this status page",
+        );
+      }
+
+      const scimUser: JSONObject = req.body;
+
+      logger.debug(
+        `Status Page SCIM Create user - statusPageId: ${statusPageId}`,
+      );
+
+      logger.debug(
+        `Request body for Status Page SCIM Create user: ${JSON.stringify(scimUser, null, 2)}`,
+      );
+
+      // Extract user data from SCIM payload
+      const email: string =
+        (scimUser["userName"] as string) ||
+        ((scimUser["emails"] as JSONObject[])?.[0]?.["value"] as string);
+
+      if (!email) {
+        throw new BadRequestException("Email is required for user creation");
+      }
+
+      logger.debug(`Status Page SCIM Create user - email: ${email}`);
+
+      // Check if user already exists for this status page
+      let user: StatusPagePrivateUser | null =
+        await StatusPagePrivateUserService.findOneBy({
+          query: {
+            statusPageId: statusPageId,
+            email: new Email(email),
+          },
+          select: {
+            _id: true,
+            email: true,
+            createdAt: true,
+            updatedAt: true,
+          },
+          props: { isRoot: true },
+        });
+
+      if (!user) {
+        logger.debug(
+          `Status Page SCIM Create user - creating new user with email: ${email}`,
+        );
+
+        const privateUser: StatusPagePrivateUser = new StatusPagePrivateUser();
+        privateUser.statusPageId = statusPageId;
+        privateUser.email = new Email(email);
+        privateUser.password = new HashedString(Text.generateRandomText(32));
+        privateUser.projectId = bearerData["projectId"] as ObjectID;
+
+        // Create new status page private user
+        user = await StatusPagePrivateUserService.create({
+          data: privateUser as any,
+          props: { isRoot: true },
+        });
+      } else {
+        logger.debug(
+          `Status Page SCIM Create user - user already exists with id: ${user.id}`,
+        );
+      }
+
+      const createdUser: JSONObject = formatUserForSCIM(
+        user,
+        req,
+        req.params["statusPageScimId"]!,
+        "status-page",
+      );
+
+      logger.debug(
+        `Status Page SCIM Create user - returning created user with id: ${user.id}`,
+      );
+
+      res.status(201);
+      return Response.sendJsonObjectResponse(req, res, createdUser);
+    } catch (err) {
+      logger.error(err);
+      return next(err);
+    }
+  },
+);
+
+const handleStatusPageUserUpdate: (
+  req: ExpressRequest,
+  res: ExpressResponse,
+  next: NextFunction,
+) => Promise<void> = async (
+  req: ExpressRequest,
+  res: ExpressResponse,
+  next: NextFunction,
+): Promise<void> => {
+  try {
+    logger.debug(
+      `Status Page SCIM Update user request for userId: ${req.params["userId"]}, statusPageScimId: ${req.params["statusPageScimId"]}`,
+    );
+    const oneuptimeRequest: OneUptimeRequest = req as OneUptimeRequest;
+    const bearerData: JSONObject =
+      oneuptimeRequest.bearerTokenData as JSONObject;
+    const statusPageId: ObjectID = bearerData["statusPageId"] as ObjectID;
+    const userId: string = req.params["userId"]!;
+    const scimUser: JSONObject = req.body;
+
+    logger.debug(
+      `Status Page SCIM Update user - statusPageId: ${statusPageId}, userId: ${userId}`,
+    );
+
+    logger.debug(
+      `Request body for Status Page SCIM Update user: ${JSON.stringify(scimUser, null, 2)}`,
+    );
+
+    if (!userId) {
+      throw new BadRequestException("User ID is required");
+    }
+
+    // Check if user exists and belongs to this status page
+    const statusPageUser: StatusPagePrivateUser | null =
+      await StatusPagePrivateUserService.findOneBy({
+        query: {
+          statusPageId: statusPageId,
+          _id: new ObjectID(userId),
+        },
+        select: {
+          _id: true,
+          email: true,
+          createdAt: true,
+          updatedAt: true,
+        },
+        props: { isRoot: true },
+      });
+
+    if (!statusPageUser) {
+      logger.debug(
+        `Status Page SCIM Update user - user not found for userId: ${userId}`,
+      );
+      throw new NotFoundException(
+        "User not found or not part of this status page",
+      );
+    }
+
+    // Update user information
+    const email: string =
+      (scimUser["userName"] as string) ||
+      ((scimUser["emails"] as JSONObject[])?.[0]?.["value"] as string);
+    const active: boolean = scimUser["active"] as boolean;
+
+    logger.debug(
+      `Status Page SCIM Update user - email: ${email}, active: ${active}`,
+    );
+
+    // Handle user deactivation by deleting from status page
+    if (active === false) {
+      logger.debug(
+        `Status Page SCIM Update user - user marked as inactive, removing from status page`,
+      );
+
+      const scimConfig: StatusPageSCIM = bearerData[
+        "scimConfig"
+      ] as StatusPageSCIM;
+      if (scimConfig.autoDeprovisionUsers) {
+        await StatusPagePrivateUserService.deleteOneById({
+          id: new ObjectID(userId),
+          props: { isRoot: true },
+        });
+
+        logger.debug(
+          `Status Page SCIM Update user - user removed from status page`,
+        );
+
+        // Return empty response for deleted user
+        return Response.sendJsonObjectResponse(req, res, {});
+      }
+    }
+
+    // Prepare update data
+    const updateData: {
+      email?: Email;
+    } = {};
+
+    if (email && email !== statusPageUser.email?.toString()) {
+      updateData.email = new Email(email);
+    }
+
+    // Only update if there are changes
+    if (Object.keys(updateData).length > 0) {
+      logger.debug(
+        `Status Page SCIM Update user - updating user with data: ${JSON.stringify(updateData)}`,
+      );
+
+      await StatusPagePrivateUserService.updateOneById({
+        id: new ObjectID(userId),
+        data: updateData,
+        props: { isRoot: true },
+      });
+
+      logger.debug(`Status Page SCIM Update user - user updated successfully`);
+
+      // Fetch updated user
+      const updatedUser: StatusPagePrivateUser | null =
+        await StatusPagePrivateUserService.findOneById({
+          id: new ObjectID(userId),
+          select: {
+            _id: true,
+            email: true,
+            createdAt: true,
+            updatedAt: true,
+          },
+          props: { isRoot: true },
+        });
+
+      if (updatedUser) {
+        const user: JSONObject = formatUserForSCIM(
+          updatedUser,
+          req,
+          req.params["statusPageScimId"]!,
+          "status-page",
+        );
+        return Response.sendJsonObjectResponse(req, res, user);
+      }
+    }
+
+    logger.debug(
+      `Status Page SCIM Update user - no updates made, returning existing user`,
+    );
+
+    // If no updates were made, return the existing user
+    const user: JSONObject = formatUserForSCIM(
+      statusPageUser,
+      req,
+      req.params["statusPageScimId"]!,
+      "status-page",
+    );
+
+    return Response.sendJsonObjectResponse(req, res, user);
+  } catch (err) {
+    logger.error(err);
+    return next(err);
+  }
+};
+
+// Update Status Page User - PUT /status-page-scim/v2/Users/{id}
+router.put(
+  "/status-page-scim/v2/:statusPageScimId/Users/:userId",
+  SCIMMiddleware.isAuthorizedSCIMRequest,
+  handleStatusPageUserUpdate,
+);
+
+// Update Status Page User - PATCH /status-page-scim/v2/Users/{id}
+router.patch(
+  "/status-page-scim/v2/:statusPageScimId/Users/:userId",
+  SCIMMiddleware.isAuthorizedSCIMRequest,
+  handleStatusPageUserUpdate,
+);
+
+// Delete Status Page User - DELETE /status-page-scim/v2/Users/{id}
+router.delete(
+  "/status-page-scim/v2/:statusPageScimId/Users/:userId",
+  SCIMMiddleware.isAuthorizedSCIMRequest,
+  async (
+    req: ExpressRequest,
+    res: ExpressResponse,
+    next: NextFunction,
+  ): Promise<void> => {
+    try {
+      logger.debug(
+        `Status Page SCIM Delete user request for userId: ${req.params["userId"]}, statusPageScimId: ${req.params["statusPageScimId"]}`,
+      );
+      const oneuptimeRequest: OneUptimeRequest = req as OneUptimeRequest;
+      const bearerData: JSONObject =
+        oneuptimeRequest.bearerTokenData as JSONObject;
+      const statusPageId: ObjectID = bearerData["statusPageId"] as ObjectID;
+      const scimConfig: StatusPageSCIM = bearerData[
+        "scimConfig"
+      ] as StatusPageSCIM;
+      const userId: string = req.params["userId"]!;
+
+      if (!scimConfig.autoDeprovisionUsers) {
+        throw new BadRequestException(
+          "Auto-deprovisioning is disabled for this status page",
+        );
+      }
+
+      logger.debug(
+        `Status Page SCIM Delete user - statusPageId: ${statusPageId}, userId: ${userId}`,
+      );
+
+      if (!userId) {
+        throw new BadRequestException("User ID is required");
+      }
+
+      // Check if user exists and belongs to this status page
+      const statusPageUser: StatusPagePrivateUser | null =
+        await StatusPagePrivateUserService.findOneBy({
+          query: {
+            statusPageId: statusPageId,
+            _id: new ObjectID(userId),
+          },
+          select: {
+            _id: true,
+          },
+          props: { isRoot: true },
+        });
+
+      if (!statusPageUser) {
+        logger.debug(
+          `Status Page SCIM Delete user - user not found for userId: ${userId}`,
+        );
+        // SCIM spec says to return 404 for non-existent resources
+        throw new NotFoundException("User not found");
+      }
+
+      // Delete the user from status page
+      await StatusPagePrivateUserService.deleteOneById({
+        id: new ObjectID(userId),
+        props: { isRoot: true },
+      });
+
+      logger.debug(
+        `Status Page SCIM Delete user - user deleted successfully for userId: ${userId}`,
+      );
+
+      // Return 204 No Content for successful deletion
+      res.status(204);
+      return Response.sendEmptySuccessResponse(req, res);
+    } catch (err) {
+      logger.error(err);
+      return next(err);
+    }
+  },
+);
+
+export default router;

App/FeatureSet/Identity/API/StatusPageSSO.ts

@@ -1,6 +1,5 @@
 import SSOUtil from "../Utils/SSO";
 import URL from "Common/Types/API/URL";
-import OneUptimeDate from "Common/Types/Date";
 import Email from "Common/Types/Email";
 import BadRequestException from "Common/Types/Exception/BadRequestException";
 import Exception from "Common/Types/Exception/Exception";
@@ -8,9 +7,11 @@ import ServerException from "Common/Types/Exception/ServerException";
 import HashedString from "Common/Types/HashedString";
 import { JSONObject } from "Common/Types/JSON";
 import ObjectID from "Common/Types/ObjectID";
-import PositiveNumber from "Common/Types/PositiveNumber";
 import { Host, HttpProtocol } from "Common/Server/EnvironmentConfig";
 import StatusPagePrivateUserService from "Common/Server/Services/StatusPagePrivateUserService";
+import StatusPagePrivateUserSessionService, {
+  SessionMetadata as StatusPageSessionMetadata,
+} from "Common/Server/Services/StatusPagePrivateUserSessionService";
 import StatusPageService from "Common/Server/Services/StatusPageService";
 import StatusPageSsoService from "Common/Server/Services/StatusPageSsoService";
 import CookieUtil from "Common/Server/Utils/Cookie";
@@ -19,8 +20,10 @@ import Express, {
   ExpressResponse,
   ExpressRouter,
   NextFunction,
+  extractDeviceInfo,
+  getClientIp,
+  headerValueToString,
 } from "Common/Server/Utils/Express";
-import JSONWebToken from "Common/Server/Utils/JsonWebToken";
 import logger from "Common/Server/Utils/Logger";
 import Response from "Common/Server/Utils/Response";
 import StatusPagePrivateUser from "Common/Models/DatabaseModels/StatusPagePrivateUser";
@@ -30,6 +33,8 @@ import xml2js from "xml2js";
 // Initialize Express router.
 const router: ExpressRouter = Express.getRouter();
 
+const ACCESS_TOKEN_EXPIRY_SECONDS: number = 15 * 60;
+
 // Define a GET route for SSO in a status page context.
 router.get(
   "/status-page-sso/:statusPageId/:statusPageSsoId",
@@ -115,7 +120,11 @@ router.get(
 
 router.post(
   "/status-page-idp-login/:statusPageId/:statusPageSsoId",
-  async (req: ExpressRequest, res: ExpressResponse): Promise<void> => {
+  async (
+    req: ExpressRequest,
+    res: ExpressResponse,
+    next: NextFunction,
+  ): Promise<void> => {
     try {
       const samlResponseBase64: string = req.body.SAMLResponse;
 
@@ -281,24 +290,30 @@ router.post(
         });
       }
 
-      const token: string = JSONWebToken.sign({
-        data: alreadySavedUser,
-        expiresInSeconds: OneUptimeDate.getSecondsInDays(
-          new PositiveNumber(30),
-        ),
+      if (!alreadySavedUser.projectId) {
+        alreadySavedUser.projectId = projectId;
+      }
+
+      const sessionMetadata: StatusPageSessionMetadata =
+        await StatusPagePrivateUserSessionService.createSession({
+          projectId: alreadySavedUser.projectId!,
+          statusPageId: statusPageId,
+          statusPagePrivateUserId: alreadySavedUser.id!,
+          ipAddress: getClientIp(req),
+          userAgent: headerValueToString(req.headers["user-agent"]),
+          ...extractDeviceInfo(req),
+        });
+
+      const token: string = CookieUtil.setStatusPagePrivateUserCookie({
+        expressResponse: res,
+        user: alreadySavedUser,
+        statusPageId: statusPageId,
+        sessionId: sessionMetadata.session.id!,
+        refreshToken: sessionMetadata.refreshToken,
+        refreshTokenExpiresAt: sessionMetadata.refreshTokenExpiresAt,
+        accessTokenExpiresInSeconds: ACCESS_TOKEN_EXPIRY_SECONDS,
       });
 
-      CookieUtil.setCookie(
-        res,
-        CookieUtil.getUserTokenKey(alreadySavedUser.statusPageId!),
-        token,
-
-        {
-          httpOnly: true,
-          maxAge: OneUptimeDate.getMillisecondsInDays(new PositiveNumber(30)),
-        },
-      );
-
       // get status page URL.
       const statusPageURL: string =
         await StatusPageService.getStatusPageFirstURL(statusPageId);
@@ -312,7 +327,11 @@ router.post(
       );
     } catch (err) {
       logger.error(err);
-      Response.sendErrorResponse(req, res, new ServerException());
+      if (err instanceof Exception) {
+        return next(err);
+      }
+
+      return next(new ServerException());
     }
   },
 );

App/FeatureSet/Identity/Index.ts

@@ -1,8 +1,10 @@
 import AuthenticationAPI from "./API/Authentication";
 import ResellerAPI from "./API/Reseller";
 import SsoAPI from "./API/SSO";
+import SCIMAPI from "./API/SCIM";
 import StatusPageAuthenticationAPI from "./API/StatusPageAuthentication";
 import StatusPageSsoAPI from "./API/StatusPageSSO";
+import StatusPageSCIMAPI from "./API/StatusPageSCIM";
 import FeatureSet from "Common/Server/Types/FeatureSet";
 import Express, { ExpressApplication } from "Common/Server/Utils/Express";
 import "ejs";
@@ -19,6 +21,10 @@ const IdentityFeatureSet: FeatureSet = {
 
     app.use([`/${APP_NAME}`, "/"], SsoAPI);
 
+    app.use([`/${APP_NAME}`, "/"], SCIMAPI);
+
+    app.use([`/${APP_NAME}`, "/"], StatusPageSCIMAPI);
+
     app.use([`/${APP_NAME}`, "/"], StatusPageSsoAPI);
 
     app.use(

App/FeatureSet/Identity/Utils/AuthenticationEmail.ts

@@ -35,6 +35,8 @@ export default class AuthenticationEmail {
     const host: Hostname = await DatabaseConfig.getHost();
     const httpProtocol: Protocol = await DatabaseConfig.getHttpProtocol();
 
+    logger.debug("Sending verification email");
+
     MailService.sendMail({
       toEmail: user.email!,
       subject: "Please verify email.",
@@ -50,8 +52,13 @@ export default class AuthenticationEmail {
         ).toString(),
         homeUrl: new URL(httpProtocol, host).toString(),
       },
-    }).catch((err: Error) => {
-      logger.error(err);
-    });
+    })
+      .then(() => {
+        logger.debug("Verification email sent");
+      })
+      .catch((err: Error) => {
+        logger.debug("Error sending verification email");
+        logger.error(err);
+      });
   }
 }

App/FeatureSet/Identity/Utils/SCIMUtils.ts

@@ -0,0 +1,265 @@
+import { ExpressRequest } from "Common/Server/Utils/Express";
+import logger from "Common/Server/Utils/Logger";
+import { JSONObject } from "Common/Types/JSON";
+import Email from "Common/Types/Email";
+import Name from "Common/Types/Name";
+import ObjectID from "Common/Types/ObjectID";
+
+/**
+ * Shared SCIM utility functions for both Project SCIM and Status Page SCIM
+ */
+
+// Base interface for SCIM user-like objects - compatible with User model
+export interface SCIMUser {
+  id?: ObjectID | null;
+  email?: Email;
+  name?: Name | string;
+  createdAt?: Date;
+  updatedAt?: Date;
+}
+
+/**
+ * Parse name information from SCIM user payload
+ */
+export const parseNameFromSCIM: (scimUser: JSONObject) => string = (
+  scimUser: JSONObject,
+): string => {
+  logger.debug(
+    `SCIM - Parsing name from SCIM user: ${JSON.stringify(scimUser, null, 2)}`,
+  );
+
+  const givenName: string =
+    ((scimUser["name"] as JSONObject)?.["givenName"] as string) || "";
+  const familyName: string =
+    ((scimUser["name"] as JSONObject)?.["familyName"] as string) || "";
+  const formattedName: string = (scimUser["name"] as JSONObject)?.[
+    "formatted"
+  ] as string;
+
+  // Construct full name: prefer formatted, then combine given+family, then fallback to displayName
+  if (formattedName) {
+    return formattedName;
+  } else if (givenName || familyName) {
+    return `${givenName} ${familyName}`.trim();
+  } else if (scimUser["displayName"]) {
+    return scimUser["displayName"] as string;
+  }
+  return "";
+};
+
+/**
+ * Parse full name into SCIM name format
+ */
+export const parseNameToSCIMFormat: (fullName: string) => {
+  givenName: string;
+  familyName: string;
+  formatted: string;
+} = (
+  fullName: string,
+): { givenName: string; familyName: string; formatted: string } => {
+  const nameParts: string[] = fullName.trim().split(/\s+/);
+  const givenName: string = nameParts[0] || "";
+  const familyName: string = nameParts.slice(1).join(" ") || "";
+
+  return {
+    givenName,
+    familyName,
+    formatted: fullName,
+  };
+};
+
+/**
+ * Format user object for SCIM response
+ */
+export const formatUserForSCIM: (
+  user: SCIMUser,
+  req: ExpressRequest,
+  scimId: string,
+  scimType: "project" | "status-page",
+) => JSONObject = (
+  user: SCIMUser,
+  req: ExpressRequest,
+  scimId: string,
+  scimType: "project" | "status-page",
+): JSONObject => {
+  const baseUrl: string = `${req.protocol}://${req.get("host")}`;
+  const userName: string = user.email?.toString() || "";
+  const fullName: string =
+    user.name?.toString() || userName.split("@")[0] || "Unknown User";
+
+  const nameData: { givenName: string; familyName: string; formatted: string } =
+    parseNameToSCIMFormat(fullName);
+
+  // Determine the correct endpoint path based on SCIM type
+  const endpointPath: string =
+    scimType === "project"
+      ? `/scim/v2/${scimId}/Users/${user.id?.toString()}`
+      : `/status-page-scim/v2/${scimId}/Users/${user.id?.toString()}`;
+
+  return {
+    schemas: ["urn:ietf:params:scim:schemas:core:2.0:User"],
+    id: user.id?.toString(),
+    userName: userName,
+    displayName: nameData.formatted,
+    name: {
+      formatted: nameData.formatted,
+      familyName: nameData.familyName,
+      givenName: nameData.givenName,
+    },
+    emails: [
+      {
+        value: userName,
+        type: "work",
+        primary: true,
+      },
+    ],
+    active: true,
+    meta: {
+      resourceType: "User",
+      created: user.createdAt?.toISOString(),
+      lastModified: user.updatedAt?.toISOString(),
+      location: `${baseUrl}${endpointPath}`,
+    },
+  };
+};
+
+/**
+ * Extract email from SCIM user payload
+ */
+export const extractEmailFromSCIM: (scimUser: JSONObject) => string = (
+  scimUser: JSONObject,
+): string => {
+  return (
+    (scimUser["userName"] as string) ||
+    ((scimUser["emails"] as JSONObject[])?.[0]?.["value"] as string) ||
+    ""
+  );
+};
+
+/**
+ * Extract active status from SCIM user payload
+ */
+export const extractActiveFromSCIM: (scimUser: JSONObject) => boolean = (
+  scimUser: JSONObject,
+): boolean => {
+  return scimUser["active"] !== false; // Default to true if not specified
+};
+
+/**
+ * Generate SCIM ServiceProviderConfig response
+ */
+export const generateServiceProviderConfig: (
+  req: ExpressRequest,
+  scimId: string,
+  scimType: "project" | "status-page",
+  documentationUrl?: string,
+) => JSONObject = (
+  req: ExpressRequest,
+  scimId: string,
+  scimType: "project" | "status-page",
+  documentationUrl: string = "https://oneuptime.com/docs/identity/scim",
+): JSONObject => {
+  const baseUrl: string = `${req.protocol}://${req.get("host")}`;
+  const endpointPath: string =
+    scimType === "project"
+      ? `/scim/v2/${scimId}`
+      : `/status-page-scim/v2/${scimId}`;
+
+  return {
+    schemas: ["urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"],
+    documentationUri: documentationUrl,
+    patch: {
+      supported: true,
+    },
+    bulk: {
+      supported: true,
+      maxOperations: 1000,
+      maxPayloadSize: 1048576,
+    },
+    filter: {
+      supported: true,
+      maxResults: 200,
+    },
+    changePassword: {
+      supported: false,
+    },
+    sort: {
+      supported: true,
+    },
+    etag: {
+      supported: false,
+    },
+    authenticationSchemes: [
+      {
+        type: "httpbearer",
+        name: "HTTP Bearer",
+        description: "Authentication scheme using HTTP Bearer Token",
+        primary: true,
+      },
+    ],
+    meta: {
+      location: `${baseUrl}${endpointPath}/ServiceProviderConfig`,
+      resourceType: "ServiceProviderConfig",
+      created: "2023-01-01T00:00:00Z",
+      lastModified: "2023-01-01T00:00:00Z",
+    },
+  };
+};
+
+/**
+ * Generate SCIM ListResponse for users
+ */
+export const generateUsersListResponse: (
+  users: JSONObject[],
+  startIndex: number,
+  totalResults: number,
+) => JSONObject = (
+  users: JSONObject[],
+  startIndex: number,
+  totalResults: number,
+): JSONObject => {
+  return {
+    schemas: ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
+    totalResults: totalResults,
+    startIndex: startIndex,
+    itemsPerPage: users.length,
+    Resources: users,
+  };
+};
+
+/**
+ * Generate SCIM ListResponse for groups
+ */
+export const generateGroupsListResponse: (
+  groups: JSONObject[],
+  startIndex: number,
+  totalResults: number,
+) => JSONObject = (
+  groups: JSONObject[],
+  startIndex: number,
+  totalResults: number,
+): JSONObject => {
+  return {
+    schemas: ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
+    totalResults: totalResults,
+    startIndex: startIndex,
+    itemsPerPage: groups.length,
+    Resources: groups,
+  };
+};
+
+/**
+ * Parse query parameters for SCIM list requests
+ */
+export const parseSCIMQueryParams: (req: ExpressRequest) => {
+  startIndex: number;
+  count: number;
+} = (req: ExpressRequest): { startIndex: number; count: number } => {
+  const startIndex: number = parseInt(req.query["startIndex"] as string) || 1;
+  const count: number = Math.min(
+    parseInt(req.query["count"] as string) || 100,
+    200, // SCIM recommended max
+  );
+
+  return { startIndex, count };
+};

App/FeatureSet/Identity/Utils/SSO.ts

@@ -184,15 +184,17 @@ export default class SSOUtil {
       return null;
     }
 
-    // get displayName attribute.
-    //   {
-    //     "$": {
-    //         "Name": "http://schemas.microsoft.com/identity/claims/displayname"
-    //     },
-    //     "AttributeValue": [
-    //         "Nawaz Dhandala"
-    //     ]
-    // },
+    /*
+     * get displayName attribute.
+     *   {
+     *     "$": {
+     *         "Name": "http://schemas.microsoft.com/identity/claims/displayname"
+     *     },
+     *     "AttributeValue": [
+     *         "Nawaz Dhandala"
+     *     ]
+     * },
+     */
 
     for (let i: number = 0; i < samlAttribute.length; i++) {
       const attribute: JSONObject = samlAttribute[i] as JSONObject;

App/FeatureSet/Identity/Views/Partials/Head.ejs

@@ -67,7 +67,6 @@
 <link rel="apple-touch-icon-precomposed" href="/img/ou-wb.svg">
 <link rel="icon" href="/img/ou-wb.svg">
 <link rel="image_src" type="image/png" href="/img/hou-wb.svg">
-<link rel="canonical" href="/">
 <link rel="manifest" href="/manifest.json">
 <meta property="og:title" content="OneUptime - One Complete Observability platform.">
 <meta property="og:url" content="https://oneuptime.com">

App/FeatureSet/Notification/API/Call.ts

@@ -12,6 +12,7 @@ import Express, {
   ExpressRequest,
   ExpressResponse,
   ExpressRouter,
+  NextFunction,
 } from "Common/Server/Utils/Express";
 import logger from "Common/Server/Utils/Logger";
 import Response from "Common/Server/Utils/Response";
@@ -22,123 +23,146 @@ const router: ExpressRouter = Express.getRouter();
 router.post(
   "/make-call",
   ClusterKeyAuthorization.isAuthorizedServiceMiddleware,
-  async (req: ExpressRequest, res: ExpressResponse) => {
-    const body: JSONObject = JSONFunctions.deserialize(req.body);
+  async (req: ExpressRequest, res: ExpressResponse, next: NextFunction) => {
+    try {
+      const body: JSONObject = JSONFunctions.deserialize(req.body);
 
-    await CallService.makeCall(body["callRequest"] as CallRequest, {
-      projectId: body["projectId"] as ObjectID,
-      isSensitive: (body["isSensitive"] as boolean) || false,
-      userOnCallLogTimelineId:
-        (body["userOnCallLogTimelineId"] as ObjectID) || undefined,
-      customTwilioConfig: body["customTwilioConfig"] as any,
-    });
+      await CallService.makeCall(body["callRequest"] as CallRequest, {
+        projectId: body["projectId"] as ObjectID,
+        isSensitive: (body["isSensitive"] as boolean) || false,
+        userOnCallLogTimelineId:
+          (body["userOnCallLogTimelineId"] as ObjectID) || undefined,
+        customTwilioConfig: body["customTwilioConfig"] as any,
+        incidentId: (body["incidentId"] as ObjectID) || undefined,
+        alertId: (body["alertId"] as ObjectID) || undefined,
+        scheduledMaintenanceId:
+          (body["scheduledMaintenanceId"] as ObjectID) || undefined,
+        statusPageId: (body["statusPageId"] as ObjectID) || undefined,
+        statusPageAnnouncementId:
+          (body["statusPageAnnouncementId"] as ObjectID) || undefined,
+        userId: (body["userId"] as ObjectID) || undefined,
+        onCallPolicyId: (body["onCallPolicyId"] as ObjectID) || undefined,
+        onCallPolicyEscalationRuleId:
+          (body["onCallPolicyEscalationRuleId"] as ObjectID) || undefined,
+        onCallDutyPolicyExecutionLogTimelineId:
+          (body["onCallDutyPolicyExecutionLogTimelineId"] as ObjectID) ||
+          undefined,
+        onCallScheduleId: (body["onCallScheduleId"] as ObjectID) || undefined,
+        teamId: (body["teamId"] as ObjectID) || undefined,
+      });
 
-    return Response.sendEmptySuccessResponse(req, res);
+      return Response.sendEmptySuccessResponse(req, res);
+    } catch (err) {
+      return next(err);
+    }
   },
 );
 
-router.post("/test", async (req: ExpressRequest, res: ExpressResponse) => {
-  const body: JSONObject = req.body;
+router.post(
+  "/test",
+  async (req: ExpressRequest, res: ExpressResponse, next: NextFunction) => {
+    try {
+      const body: JSONObject = req.body;
 
-  const callSMSConfigId: ObjectID = new ObjectID(
-    body["callSMSConfigId"] as string,
-  );
+      const callSMSConfigId: ObjectID = new ObjectID(
+        body["callSMSConfigId"] as string,
+      );
 
-  const config: ProjectCallSMSConfig | null =
-    await ProjectCallSMSConfigService.findOneById({
-      id: callSMSConfigId,
-      props: {
-        isRoot: true,
-      },
-      select: {
-        _id: true,
-        twilioAccountSID: true,
-        twilioAuthToken: true,
-        twilioPrimaryPhoneNumber: true,
-        twilioSecondaryPhoneNumbers: true,
-        projectId: true,
-      },
-    });
+      const config: ProjectCallSMSConfig | null =
+        await ProjectCallSMSConfigService.findOneById({
+          id: callSMSConfigId,
+          props: {
+            isRoot: true,
+          },
+          select: {
+            _id: true,
+            twilioAccountSID: true,
+            twilioAuthToken: true,
+            twilioPrimaryPhoneNumber: true,
+            twilioSecondaryPhoneNumbers: true,
+            projectId: true,
+          },
+        });
 
-  if (!config) {
-    return Response.sendErrorResponse(
-      req,
-      res,
-      new BadDataException(
-        "call and sms config not found for id" + callSMSConfigId.toString(),
-      ),
-    );
-  }
+      if (!config) {
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new BadDataException(
+            "call and sms config not found for id" + callSMSConfigId.toString(),
+          ),
+        );
+      }
 
-  const toPhone: Phone = new Phone(body["toPhone"] as string);
+      const toPhone: Phone = new Phone(body["toPhone"] as string);
 
-  if (!toPhone) {
-    return Response.sendErrorResponse(
-      req,
-      res,
-      new BadDataException("toPhone is required"),
-    );
-  }
+      if (!toPhone) {
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new BadDataException("toPhone is required"),
+        );
+      }
 
-  // if any of the twilio config is missing, we will not send make the call
+      // if any of the twilio config is missing, we will not send make the call
 
-  if (!config.twilioAccountSID) {
-    return Response.sendErrorResponse(
-      req,
-      res,
-      new BadDataException("twilioAccountSID is required"),
-    );
-  }
+      if (!config.twilioAccountSID) {
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new BadDataException("twilioAccountSID is required"),
+        );
+      }
 
-  if (!config.twilioAuthToken) {
-    return Response.sendErrorResponse(
-      req,
-      res,
-      new BadDataException("twilioAuthToken is required"),
-    );
-  }
+      if (!config.twilioAuthToken) {
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new BadDataException("twilioAuthToken is required"),
+        );
+      }
 
-  if (!config.twilioPrimaryPhoneNumber) {
-    return Response.sendErrorResponse(
-      req,
-      res,
-      new BadDataException("twilioPrimaryPhoneNumber is required"),
-    );
-  }
+      if (!config.twilioPrimaryPhoneNumber) {
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new BadDataException("twilioPrimaryPhoneNumber is required"),
+        );
+      }
 
-  const twilioConfig: TwilioConfig | undefined =
-    ProjectCallSMSConfigService.toTwilioConfig(config);
+      const twilioConfig: TwilioConfig | undefined =
+        ProjectCallSMSConfigService.toTwilioConfig(config);
 
-  try {
-    if (!twilioConfig) {
-      throw new BadDataException("twilioConfig is undefined");
+      try {
+        if (!twilioConfig) {
+          throw new BadDataException("twilioConfig is undefined");
+        }
+
+        const testCallRequest: CallRequest = {
+          data: [
+            {
+              sayMessage: "This is a test call from OneUptime.",
+            },
+          ],
+          to: toPhone,
+        };
+
+        await CallService.makeCall(testCallRequest, {
+          projectId: config.projectId,
+          customTwilioConfig: twilioConfig,
+        });
+      } catch (err) {
+        logger.error(err);
+        throw new BadDataException(
+          "Error making test call. Please check the twilio logs for more details",
+        );
+      }
+
+      return Response.sendEmptySuccessResponse(req, res);
+    } catch (err) {
+      return next(err);
     }
-
-    const testCallRequest: CallRequest = {
-      data: [
-        {
-          sayMessage: "This is a test call from OneUptime.",
-        },
-      ],
-      to: toPhone,
-    };
-
-    await CallService.makeCall(testCallRequest, {
-      projectId: config.projectId,
-      customTwilioConfig: twilioConfig,
-    });
-  } catch (err) {
-    logger.error(err);
-    return Response.sendErrorResponse(
-      req,
-      res,
-      new BadDataException(
-        "Error making test call. Please check the twilio logs for more details",
-      ),
-    );
-  }
-
-  return Response.sendEmptySuccessResponse(req, res);
-});
+  },
+);
 
 export default router;

App/FeatureSet/Notification/API/Mail.ts

@@ -11,6 +11,7 @@ import Express, {
   ExpressRequest,
   ExpressResponse,
   ExpressRouter,
+  NextFunction,
 } from "Common/Server/Utils/Express";
 import Response from "Common/Server/Utils/Response";
 
@@ -19,33 +20,74 @@ const router: ExpressRouter = Express.getRouter();
 router.post(
   "/send",
   ClusterKeyAuthorization.isAuthorizedServiceMiddleware,
-  async (req: ExpressRequest, res: ExpressResponse) => {
-    const body: JSONObject = req.body;
+  async (req: ExpressRequest, res: ExpressResponse, next: NextFunction) => {
+    try {
+      const body: JSONObject = req.body;
 
-    const mail: EmailMessage = {
-      templateType: body["templateType"] as EmailTemplateType,
-      toEmail: new Email(body["toEmail"] as string),
-      subject: body["subject"] as string,
-      vars: body["vars"] as Dictionary<string>,
-      body: (body["body"] as string) || "",
-    };
+      const mail: EmailMessage = {
+        templateType: body["templateType"] as EmailTemplateType,
+        toEmail: new Email(body["toEmail"] as string),
+        subject: body["subject"] as string,
+        vars: body["vars"] as Dictionary<string>,
+        body: (body["body"] as string) || "",
+      };
 
-    let mailServer: EmailServer | undefined = undefined;
+      let mailServer: EmailServer | undefined = undefined;
 
-    if (hasMailServerSettingsInBody(body)) {
-      mailServer = MailService.getEmailServer(req.body);
+      if (hasMailServerSettingsInBody(body)) {
+        mailServer = MailService.getEmailServer(req.body);
+      }
+
+      await MailService.send(mail, {
+        projectId: body["projectId"]
+          ? new ObjectID(body["projectId"] as string)
+          : undefined,
+        emailServer: mailServer,
+        userOnCallLogTimelineId:
+          (body["userOnCallLogTimelineId"] as ObjectID) || undefined,
+        incidentId: body["incidentId"]
+          ? new ObjectID(body["incidentId"].toString())
+          : undefined,
+        alertId: body["alertId"]
+          ? new ObjectID(body["alertId"].toString())
+          : undefined,
+        scheduledMaintenanceId: body["scheduledMaintenanceId"]
+          ? new ObjectID(body["scheduledMaintenanceId"].toString())
+          : undefined,
+        statusPageId: body["statusPageId"]
+          ? new ObjectID(body["statusPageId"].toString())
+          : undefined,
+        statusPageAnnouncementId: body["statusPageAnnouncementId"]
+          ? new ObjectID(body["statusPageAnnouncementId"].toString())
+          : undefined,
+        userId: body["userId"]
+          ? new ObjectID(body["userId"].toString())
+          : undefined,
+        onCallPolicyId: body["onCallPolicyId"]
+          ? new ObjectID(body["onCallPolicyId"].toString())
+          : undefined,
+        onCallPolicyEscalationRuleId: body["onCallPolicyEscalationRuleId"]
+          ? new ObjectID(body["onCallPolicyEscalationRuleId"].toString())
+          : undefined,
+        onCallDutyPolicyExecutionLogTimelineId: body[
+          "onCallDutyPolicyExecutionLogTimelineId"
+        ]
+          ? new ObjectID(
+              body["onCallDutyPolicyExecutionLogTimelineId"].toString(),
+            )
+          : undefined,
+        onCallScheduleId: body["onCallScheduleId"]
+          ? new ObjectID(body["onCallScheduleId"].toString())
+          : undefined,
+        teamId: body["teamId"]
+          ? new ObjectID(body["teamId"].toString())
+          : undefined,
+      });
+
+      return Response.sendEmptySuccessResponse(req, res);
+    } catch (err) {
+      return next(err);
     }
-
-    await MailService.send(mail, {
-      projectId: body["projectId"]
-        ? new ObjectID(body["projectId"] as string)
-        : undefined,
-      emailServer: mailServer,
-      userOnCallLogTimelineId:
-        (body["userOnCallLogTimelineId"] as ObjectID) || undefined,
-    });
-
-    return Response.sendEmptySuccessResponse(req, res);
   },
 );
 

App/FeatureSet/Notification/API/PushNotification.ts

@@ -0,0 +1,70 @@
+import PushService from "../Services/PushNotificationService";
+import ClusterKeyAuthorization from "Common/Server/Middleware/ClusterKeyAuthorization";
+import ObjectID from "Common/Types/ObjectID";
+import Express, {
+  ExpressRequest,
+  ExpressResponse,
+  ExpressRouter,
+  NextFunction,
+} from "Common/Server/Utils/Express";
+import Response from "Common/Server/Utils/Response";
+import { JSONObject } from "Common/Types/JSON";
+import JSONFunctions from "Common/Types/JSONFunctions";
+
+const router: ExpressRouter = Express.getRouter();
+
+router.post(
+  "/send",
+  ClusterKeyAuthorization.isAuthorizedServiceMiddleware,
+  async (req: ExpressRequest, res: ExpressResponse, next: NextFunction) => {
+    try {
+      const body: JSONObject = JSONFunctions.deserialize(req.body);
+
+      // Support both new devices format and legacy deviceTokens/deviceNames format
+      let devices: Array<{ token: string; name?: string }> = [];
+
+      if (body["devices"]) {
+        // New format: devices as array of objects
+        devices = body["devices"] as Array<{ token: string; name?: string }>;
+      } else {
+        throw new Error("Invalid request format: 'devices' array is required.");
+      }
+
+      await PushService.send(
+        {
+          devices,
+          deviceType: (body["deviceType"] as any) || "web",
+          message: body["message"] as any,
+        },
+        {
+          projectId: (body["projectId"] as ObjectID) || undefined,
+          isSensitive: (body["isSensitive"] as boolean) || false,
+          userOnCallLogTimelineId:
+            (body["userOnCallLogTimelineId"] as ObjectID) || undefined,
+          incidentId: (body["incidentId"] as ObjectID) || undefined,
+          alertId: (body["alertId"] as ObjectID) || undefined,
+          scheduledMaintenanceId:
+            (body["scheduledMaintenanceId"] as ObjectID) || undefined,
+          statusPageId: (body["statusPageId"] as ObjectID) || undefined,
+          statusPageAnnouncementId:
+            (body["statusPageAnnouncementId"] as ObjectID) || undefined,
+          userId: (body["userId"] as ObjectID) || undefined,
+          onCallPolicyId: (body["onCallPolicyId"] as ObjectID) || undefined,
+          onCallPolicyEscalationRuleId:
+            (body["onCallPolicyEscalationRuleId"] as ObjectID) || undefined,
+          onCallDutyPolicyExecutionLogTimelineId:
+            (body["onCallDutyPolicyExecutionLogTimelineId"] as ObjectID) ||
+            undefined,
+          onCallScheduleId: (body["onCallScheduleId"] as ObjectID) || undefined,
+          teamId: (body["teamId"] as ObjectID) || undefined,
+        },
+      );
+
+      return Response.sendEmptySuccessResponse(req, res);
+    } catch (err) {
+      return next(err);
+    }
+  },
+);
+
+export default router;

App/FeatureSet/Notification/API/SMS.ts

@@ -11,6 +11,7 @@ import Express, {
   ExpressRequest,
   ExpressResponse,
   ExpressRouter,
+  NextFunction,
 } from "Common/Server/Utils/Express";
 import logger from "Common/Server/Utils/Logger";
 import Response from "Common/Server/Utils/Response";
@@ -21,114 +22,141 @@ const router: ExpressRouter = Express.getRouter();
 router.post(
   "/send",
   ClusterKeyAuthorization.isAuthorizedServiceMiddleware,
-  async (req: ExpressRequest, res: ExpressResponse) => {
-    const body: JSONObject = JSONFunctions.deserialize(req.body);
+  async (req: ExpressRequest, res: ExpressResponse, next: NextFunction) => {
+    try {
+      const body: JSONObject = JSONFunctions.deserialize(req.body);
 
-    await SmsService.sendSms(body["to"] as Phone, body["message"] as string, {
-      projectId: body["projectId"] as ObjectID,
-      isSensitive: (body["isSensitive"] as boolean) || false,
-      userOnCallLogTimelineId:
-        (body["userOnCallLogTimelineId"] as ObjectID) || undefined,
-      customTwilioConfig: body["customTwilioConfig"] as any,
-    });
+      await SmsService.sendSms(body["to"] as Phone, body["message"] as string, {
+        projectId: body["projectId"] as ObjectID,
+        isSensitive: (body["isSensitive"] as boolean) || false,
+        userOnCallLogTimelineId:
+          (body["userOnCallLogTimelineId"] as ObjectID) || undefined,
+        customTwilioConfig: body["customTwilioConfig"] as any,
+        incidentId: (body["incidentId"] as ObjectID) || undefined,
+        alertId: (body["alertId"] as ObjectID) || undefined,
+        scheduledMaintenanceId:
+          (body["scheduledMaintenanceId"] as ObjectID) || undefined,
+        statusPageId: (body["statusPageId"] as ObjectID) || undefined,
+        statusPageAnnouncementId:
+          (body["statusPageAnnouncementId"] as ObjectID) || undefined,
+        userId: (body["userId"] as ObjectID) || undefined,
+        onCallPolicyId: (body["onCallPolicyId"] as ObjectID) || undefined,
+        onCallPolicyEscalationRuleId:
+          (body["onCallPolicyEscalationRuleId"] as ObjectID) || undefined,
+        onCallDutyPolicyExecutionLogTimelineId:
+          (body["onCallDutyPolicyExecutionLogTimelineId"] as ObjectID) ||
+          undefined,
+        onCallScheduleId: (body["onCallScheduleId"] as ObjectID) || undefined,
+        teamId: (body["teamId"] as ObjectID) || undefined,
+      });
 
-    return Response.sendEmptySuccessResponse(req, res);
+      return Response.sendEmptySuccessResponse(req, res);
+    } catch (err) {
+      return next(err);
+    }
   },
 );
 
-router.post("/test", async (req: ExpressRequest, res: ExpressResponse) => {
-  const body: JSONObject = req.body;
+router.post(
+  "/test",
+  async (req: ExpressRequest, res: ExpressResponse, next: NextFunction) => {
+    try {
+      const body: JSONObject = req.body;
 
-  const callSMSConfigId: ObjectID = new ObjectID(
-    body["callSMSConfigId"] as string,
-  );
+      const callSMSConfigId: ObjectID = new ObjectID(
+        body["callSMSConfigId"] as string,
+      );
 
-  const config: ProjectCallSMSConfig | null =
-    await ProjectCallSMSConfigService.findOneById({
-      id: callSMSConfigId,
-      props: {
-        isRoot: true,
-      },
-      select: {
-        _id: true,
-        twilioAccountSID: true,
-        twilioAuthToken: true,
-        twilioPrimaryPhoneNumber: true,
-        twilioSecondaryPhoneNumbers: true,
-        projectId: true,
-      },
-    });
+      const config: ProjectCallSMSConfig | null =
+        await ProjectCallSMSConfigService.findOneById({
+          id: callSMSConfigId,
+          props: {
+            isRoot: true,
+          },
+          select: {
+            _id: true,
+            twilioAccountSID: true,
+            twilioAuthToken: true,
+            twilioPrimaryPhoneNumber: true,
+            twilioSecondaryPhoneNumbers: true,
+            projectId: true,
+          },
+        });
 
-  if (!config) {
-    return Response.sendErrorResponse(
-      req,
-      res,
-      new BadDataException(
-        "call and sms config not found for id" + callSMSConfigId.toString(),
-      ),
-    );
-  }
+      if (!config) {
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new BadDataException(
+            "call and sms config not found for id" + callSMSConfigId.toString(),
+          ),
+        );
+      }
 
-  const toPhone: Phone = new Phone(body["toPhone"] as string);
+      const toPhone: Phone = new Phone(body["toPhone"] as string);
 
-  if (!toPhone) {
-    return Response.sendErrorResponse(
-      req,
-      res,
-      new BadDataException("toPhone is required"),
-    );
-  }
+      if (!toPhone) {
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new BadDataException("toPhone is required"),
+        );
+      }
 
-  // if any of the twilio config is missing, we will not send make the call
+      // if any of the twilio config is missing, we will not send make the call
 
-  if (!config.twilioAccountSID) {
-    return Response.sendErrorResponse(
-      req,
-      res,
-      new BadDataException("twilioAccountSID is required"),
-    );
-  }
+      if (!config.twilioAccountSID) {
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new BadDataException("twilioAccountSID is required"),
+        );
+      }
 
-  if (!config.twilioAuthToken) {
-    return Response.sendErrorResponse(
-      req,
-      res,
-      new BadDataException("twilioAuthToken is required"),
-    );
-  }
+      if (!config.twilioAuthToken) {
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new BadDataException("twilioAuthToken is required"),
+        );
+      }
 
-  if (!config.twilioPrimaryPhoneNumber) {
-    return Response.sendErrorResponse(
-      req,
-      res,
-      new BadDataException("twilioPrimaryPhoneNumber is required"),
-    );
-  }
+      if (!config.twilioPrimaryPhoneNumber) {
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new BadDataException("twilioPrimaryPhoneNumber is required"),
+        );
+      }
 
-  const twilioConfig: TwilioConfig | undefined =
-    ProjectCallSMSConfigService.toTwilioConfig(config);
+      const twilioConfig: TwilioConfig | undefined =
+        ProjectCallSMSConfigService.toTwilioConfig(config);
 
-  try {
-    if (!twilioConfig) {
-      throw new BadDataException("twilioConfig is undefined");
+      try {
+        if (!twilioConfig) {
+          throw new BadDataException("twilioConfig is undefined");
+        }
+
+        await SmsService.sendSms(
+          toPhone,
+          "This is a test SMS from OneUptime.",
+          {
+            projectId: config.projectId,
+            customTwilioConfig: twilioConfig,
+          },
+        );
+      } catch (err) {
+        logger.error(err);
+        throw new BadDataException(
+          "Failed to send test SMS. Please check the twilio logs for more details.",
+        );
+      }
+
+      return Response.sendEmptySuccessResponse(req, res);
+    } catch (err) {
+      return next(err);
     }
-
-    await SmsService.sendSms(toPhone, "This is a test SMS from OneUptime.", {
-      projectId: config.projectId,
-      customTwilioConfig: twilioConfig,
-    });
-  } catch (err) {
-    logger.error(err);
-    return Response.sendErrorResponse(
-      req,
-      res,
-      new BadDataException(
-        "Failed to send test SMS. Please check the twilio logs for more details.",
-      ),
-    );
-  }
-
-  return Response.sendEmptySuccessResponse(req, res);
-});
+  },
+);
 
 export default router;

App/FeatureSet/Notification/API/SMTPConfig.ts

@@ -11,6 +11,7 @@ import Express, {
   ExpressRequest,
   ExpressResponse,
   ExpressRouter,
+  NextFunction,
 } from "Common/Server/Utils/Express";
 import logger from "Common/Server/Utils/Logger";
 import Response from "Common/Server/Utils/Response";
@@ -18,87 +19,92 @@ import ProjectSmtpConfig from "Common/Models/DatabaseModels/ProjectSmtpConfig";
 
 const router: ExpressRouter = Express.getRouter();
 
-router.post("/test", async (req: ExpressRequest, res: ExpressResponse) => {
-  const body: JSONObject = req.body;
+router.post(
+  "/test",
+  async (req: ExpressRequest, res: ExpressResponse, next: NextFunction) => {
+    try {
+      const body: JSONObject = req.body;
 
-  const smtpConfigId: ObjectID = new ObjectID(body["smtpConfigId"] as string);
+      const smtpConfigId: ObjectID = new ObjectID(
+        body["smtpConfigId"] as string,
+      );
 
-  const config: ProjectSmtpConfig | null =
-    await ProjectSMTPConfigService.findOneById({
-      id: smtpConfigId,
-      props: {
-        isRoot: true,
-      },
-      select: {
-        _id: true,
-        hostname: true,
-        port: true,
-        username: true,
-        password: true,
-        fromEmail: true,
-        fromName: true,
-        secure: true,
-        projectId: true,
-      },
-    });
+      const config: ProjectSmtpConfig | null =
+        await ProjectSMTPConfigService.findOneById({
+          id: smtpConfigId,
+          props: {
+            isRoot: true,
+          },
+          select: {
+            _id: true,
+            hostname: true,
+            port: true,
+            username: true,
+            password: true,
+            fromEmail: true,
+            fromName: true,
+            secure: true,
+            projectId: true,
+          },
+        });
 
-  if (!config) {
-    return Response.sendErrorResponse(
-      req,
-      res,
-      new BadDataException(
-        "smtp-config not found for id" + smtpConfigId.toString(),
-      ),
-    );
-  }
+      if (!config) {
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new BadDataException(
+            "smtp-config not found for id" + smtpConfigId.toString(),
+          ),
+        );
+      }
 
-  const toEmail: Email = new Email(body["toEmail"] as string);
+      const toEmail: Email = new Email(body["toEmail"] as string);
 
-  if (!toEmail) {
-    return Response.sendErrorResponse(
-      req,
-      res,
-      new BadDataException("toEmail is required"),
-    );
-  }
+      if (!toEmail) {
+        return Response.sendErrorResponse(
+          req,
+          res,
+          new BadDataException("toEmail is required"),
+        );
+      }
 
-  const mail: EmailMessage = {
-    templateType: EmailTemplateType.SMTPTest,
-    toEmail: new Email(body["toEmail"] as string),
-    subject: "Test Email from OneUptime",
-    vars: {},
-    body: "",
-  };
+      const mail: EmailMessage = {
+        templateType: EmailTemplateType.SMTPTest,
+        toEmail: new Email(body["toEmail"] as string),
+        subject: "Test Email from OneUptime",
+        vars: {},
+        body: "",
+      };
 
-  const mailServer: EmailServer = {
-    id: config.id!,
-    host: config.hostname!,
-    port: config.port!,
-    username: config.username!,
-    password: config.password!,
-    fromEmail: config.fromEmail!,
-    fromName: config.fromName!,
-    secure: Boolean(config.secure),
-  };
+      const mailServer: EmailServer = {
+        id: config.id!,
+        host: config.hostname!,
+        port: config.port!,
+        username: config.username!,
+        password: config.password!,
+        fromEmail: config.fromEmail!,
+        fromName: config.fromName!,
+        secure: Boolean(config.secure),
+      };
 
-  try {
-    await MailService.send(mail, {
-      emailServer: mailServer,
-      projectId: config.projectId!,
-      timeout: 4000,
-    });
-  } catch (err) {
-    logger.error(err);
-    return Response.sendErrorResponse(
-      req,
-      res,
-      new BadDataException(
-        "Cannot send email. Please check your SMTP config. If you are using Google or Gmail, please dont since it does not support machine access to their mail servers. If you are still having issues, please uncheck SSL/TLS toggle and try again. We recommend using SendGrid or Mailgun or any large volume mail provider for SMTP.",
-      ),
-    );
-  }
+      try {
+        await MailService.send(mail, {
+          emailServer: mailServer,
+          projectId: config.projectId!,
+          timeout: 4000,
+        });
+      } catch (err) {
+        logger.error(err);
+        throw new BadDataException(
+          "Cannot send email. Please check your SMTP config. If you are using Google or Gmail, please dont since it does not support machine access to their mail servers. If you are still having issues, please uncheck SSL/TLS toggle and try again. We recommend using SendGrid or Mailgun or any large volume mail provider for SMTP.",
+        );
+      }
 
-  return Response.sendEmptySuccessResponse(req, res);
-});
+      return Response.sendEmptySuccessResponse(req, res);
+    } catch (err) {
+      return next(err);
+    }
+  },
+);
 
 export default router;

App/FeatureSet/Notification/API/WhatsApp.ts

@@ -0,0 +1,491 @@
+import WhatsAppService from "../Services/WhatsAppService";
+import BadDataException from "Common/Types/Exception/BadDataException";
+import GlobalConfig from "Common/Models/DatabaseModels/GlobalConfig";
+import { JSONArray, JSONObject } from "Common/Types/JSON";
+import ObjectID from "Common/Types/ObjectID";
+import Phone from "Common/Types/Phone";
+import WhatsAppMessage from "Common/Types/WhatsApp/WhatsAppMessage";
+import {
+  WhatsAppTemplateId,
+  WhatsAppTemplateIds,
+  WhatsAppTemplateLanguage,
+} from "Common/Types/WhatsApp/WhatsAppTemplates";
+import WhatsAppStatus from "Common/Types/WhatsAppStatus";
+import ClusterKeyAuthorization from "Common/Server/Middleware/ClusterKeyAuthorization";
+import WhatsAppLogService from "Common/Server/Services/WhatsAppLogService";
+import GlobalConfigService from "Common/Server/Services/GlobalConfigService";
+import Express, {
+  ExpressRequest,
+  ExpressResponse,
+  ExpressRouter,
+  NextFunction,
+} from "Common/Server/Utils/Express";
+import logger from "Common/Server/Utils/Logger";
+import Response from "Common/Server/Utils/Response";
+
+const router: ExpressRouter = Express.getRouter();
+
+const MAX_STATUS_MESSAGE_LENGTH: number = 500;
+
+export const mapWebhookStatusToWhatsAppStatus: (
+  status?: string,
+) => WhatsAppStatus = (status?: string): WhatsAppStatus => {
+  switch ((status || "").toLowerCase()) {
+    case "sent":
+      return WhatsAppStatus.Sent;
+    case "delivered":
+      return WhatsAppStatus.Delivered;
+    case "read":
+      return WhatsAppStatus.Read;
+    case "failed":
+      return WhatsAppStatus.Failed;
+    case "deleted":
+    case "removed":
+      return WhatsAppStatus.Deleted;
+    case "warning":
+      return WhatsAppStatus.Warning;
+    case "queued":
+    case "pending":
+      return WhatsAppStatus.Queued;
+    case "error":
+      return WhatsAppStatus.Error;
+    case "success":
+      return WhatsAppStatus.Success;
+    default:
+      return WhatsAppStatus.Unknown;
+  }
+};
+
+export const buildStatusMessage: (payload: JSONObject) => string | undefined = (
+  payload: JSONObject,
+): string | undefined => {
+  const messageParts: Array<string> = [];
+  const rawStatus: string | undefined = payload["status"]
+    ? String(payload["status"])
+    : undefined;
+
+  if (rawStatus) {
+    messageParts.push(`Status: ${rawStatus}`);
+  }
+
+  const timestamp: string | undefined = payload["timestamp"]
+    ? String(payload["timestamp"])
+    : undefined;
+
+  if (timestamp) {
+    const numericTimestamp: number = Number(timestamp);
+    if (!isNaN(numericTimestamp)) {
+      messageParts.push(
+        `Timestamp: ${new Date(numericTimestamp * 1000).toISOString()}`,
+      );
+    } else {
+      messageParts.push(`Timestamp: ${timestamp}`);
+    }
+  }
+
+  const conversation: JSONObject | undefined =
+    (payload["conversation"] as JSONObject | undefined) || undefined;
+
+  if (conversation) {
+    if (conversation["id"]) {
+      messageParts.push(`Conversation: ${conversation["id"]}`);
+    }
+
+    const origin: JSONObject | undefined =
+      (conversation["origin"] as JSONObject | undefined) || undefined;
+
+    if (origin?.["type"]) {
+      messageParts.push(`Origin: ${origin["type"]}`);
+    }
+
+    if (conversation["expiration_timestamp"]) {
+      const expirationTimestamp: number = Number(
+        conversation["expiration_timestamp"],
+      );
+
+      if (!isNaN(expirationTimestamp)) {
+        messageParts.push(
+          `Conversation expires: ${new Date(expirationTimestamp * 1000).toISOString()}`,
+        );
+      }
+    }
+  }
+
+  const pricing: JSONObject | undefined =
+    (payload["pricing"] as JSONObject | undefined) || undefined;
+
+  if (pricing) {
+    const pricingParts: Array<string> = [];
+
+    if (pricing["billable"] !== undefined) {
+      pricingParts.push(`billable=${pricing["billable"]}`);
+    }
+
+    if (pricing["category"]) {
+      pricingParts.push(`category=${pricing["category"]}`);
+    }
+
+    if (pricing["pricing_model"]) {
+      pricingParts.push(`model=${pricing["pricing_model"]}`);
+    }
+
+    if (pricingParts.length > 0) {
+      messageParts.push(`Pricing: ${pricingParts.join(", ")}`);
+    }
+  }
+
+  const errors: JSONArray | undefined =
+    (payload["errors"] as JSONArray | undefined) || undefined;
+
+  if (Array.isArray(errors) && errors.length > 0) {
+    const firstError: JSONObject = errors[0] as JSONObject;
+    const errorParts: Array<string> = [];
+
+    if (firstError["title"]) {
+      errorParts.push(String(firstError["title"]));
+    }
+
+    if (firstError["code"]) {
+      errorParts.push(`code=${firstError["code"]}`);
+    }
+
+    if (firstError["detail"]) {
+      errorParts.push(String(firstError["detail"]));
+    }
+
+    if (errorParts.length > 0) {
+      messageParts.push(`Error: ${errorParts.join(" - ")}`);
+    }
+  }
+
+  if (messageParts.length === 0) {
+    return undefined;
+  }
+
+  const statusMessage: string = messageParts.join(" | ");
+
+  if (statusMessage.length <= MAX_STATUS_MESSAGE_LENGTH) {
+    return statusMessage;
+  }
+
+  return `${statusMessage.substring(0, MAX_STATUS_MESSAGE_LENGTH - 3)}...`;
+};
+
+const updateWhatsAppLogStatus: (
+  statusPayload: JSONObject,
+) => Promise<void> = async (statusPayload: JSONObject): Promise<void> => {
+  const messageId: string | undefined = statusPayload["id"]
+    ? String(statusPayload["id"])
+    : undefined;
+
+  if (!messageId) {
+    logger.warn(
+      `[Meta WhatsApp Webhook] Received status payload without message id. Payload: ${JSON.stringify(statusPayload)}`,
+    );
+    return;
+  }
+
+  const rawStatus: string | undefined = statusPayload["status"]
+    ? String(statusPayload["status"])
+    : undefined;
+
+  const derivedStatus: WhatsAppStatus =
+    mapWebhookStatusToWhatsAppStatus(rawStatus);
+
+  const statusMessage: string | undefined = buildStatusMessage(statusPayload);
+
+  const updateResult: number = await WhatsAppLogService.updateOneBy({
+    query: {
+      whatsAppMessageId: messageId,
+    },
+    data: {
+      status: derivedStatus,
+      ...(statusMessage ? { statusMessage } : {}),
+    },
+    props: {
+      isRoot: true,
+    },
+  });
+
+  if (updateResult === 0) {
+    logger.warn(
+      `[Meta WhatsApp Webhook] No WhatsApp log found for message id ${messageId}. Payload: ${JSON.stringify(statusPayload)}`,
+    );
+  } else {
+    logger.debug(
+      `[Meta WhatsApp Webhook] Updated WhatsApp log for message id ${messageId} with status ${derivedStatus}.`,
+    );
+  }
+};
+
+const toTemplateVariables: (
+  rawVariables: JSONObject | undefined,
+) => Record<string, string> | undefined = (
+  rawVariables: JSONObject | undefined,
+): Record<string, string> | undefined => {
+  if (!rawVariables) {
+    return undefined;
+  }
+
+  const result: Record<string, string> = {};
+
+  for (const key of Object.keys(rawVariables)) {
+    const value: unknown = rawVariables[key];
+    if (value !== null && value !== undefined) {
+      result[key] = String(value);
+    }
+  }
+
+  return Object.keys(result).length > 0 ? result : undefined;
+};
+
+router.post(
+  "/send",
+  ClusterKeyAuthorization.isAuthorizedServiceMiddleware,
+  async (req: ExpressRequest, res: ExpressResponse, next: NextFunction) => {
+    const body: JSONObject = req.body as JSONObject;
+
+    if (!body["to"]) {
+      throw new BadDataException("`to` phone number is required");
+    }
+
+    const toPhone: Phone = new Phone(body["to"] as string);
+
+    const message: WhatsAppMessage = {
+      to: toPhone,
+      body: (body["body"] as string) || "",
+      templateKey: (body["templateKey"] as string) || undefined,
+      templateVariables: toTemplateVariables(
+        body["templateVariables"] as JSONObject | undefined,
+      ),
+      templateLanguageCode:
+        (body["templateLanguageCode"] as string) || undefined,
+    };
+
+    try {
+      await WhatsAppService.sendWhatsApp(message, {
+        projectId: body["projectId"]
+          ? new ObjectID(body["projectId"] as string)
+          : undefined,
+        isSensitive: (body["isSensitive"] as boolean) || false,
+        userOnCallLogTimelineId: body["userOnCallLogTimelineId"]
+          ? new ObjectID(body["userOnCallLogTimelineId"] as string)
+          : undefined,
+        incidentId: body["incidentId"]
+          ? new ObjectID(body["incidentId"] as string)
+          : undefined,
+        alertId: body["alertId"]
+          ? new ObjectID(body["alertId"] as string)
+          : undefined,
+        scheduledMaintenanceId: body["scheduledMaintenanceId"]
+          ? new ObjectID(body["scheduledMaintenanceId"] as string)
+          : undefined,
+        statusPageId: body["statusPageId"]
+          ? new ObjectID(body["statusPageId"] as string)
+          : undefined,
+        statusPageAnnouncementId: body["statusPageAnnouncementId"]
+          ? new ObjectID(body["statusPageAnnouncementId"] as string)
+          : undefined,
+        userId: body["userId"]
+          ? new ObjectID(body["userId"] as string)
+          : undefined,
+        onCallPolicyId: body["onCallPolicyId"]
+          ? new ObjectID(body["onCallPolicyId"] as string)
+          : undefined,
+        onCallPolicyEscalationRuleId: body["onCallPolicyEscalationRuleId"]
+          ? new ObjectID(body["onCallPolicyEscalationRuleId"] as string)
+          : undefined,
+        onCallDutyPolicyExecutionLogTimelineId: body[
+          "onCallDutyPolicyExecutionLogTimelineId"
+        ]
+          ? new ObjectID(
+              body["onCallDutyPolicyExecutionLogTimelineId"] as string,
+            )
+          : undefined,
+        onCallScheduleId: body["onCallScheduleId"]
+          ? new ObjectID(body["onCallScheduleId"] as string)
+          : undefined,
+        teamId: body["teamId"]
+          ? new ObjectID(body["teamId"] as string)
+          : undefined,
+      });
+
+      return Response.sendEmptySuccessResponse(req, res);
+    } catch (err) {
+      return next(err);
+    }
+  },
+);
+
+router.get("/webhook", async (req: ExpressRequest, res: ExpressResponse) => {
+  const mode: string | undefined = req.query["hub.mode"]
+    ? String(req.query["hub.mode"])
+    : undefined;
+  const verifyToken: string | undefined = req.query["hub.verify_token"]
+    ? String(req.query["hub.verify_token"])
+    : undefined;
+  const challenge: string | undefined = req.query["hub.challenge"]
+    ? String(req.query["hub.challenge"])
+    : undefined;
+
+  if (mode === "subscribe" && challenge) {
+    const globalConfigTokenResponse: GlobalConfig | null =
+      await GlobalConfigService.findOneBy({
+        query: {
+          _id: ObjectID.getZeroObjectID().toString(),
+        },
+        props: {
+          isRoot: true,
+        },
+        select: {
+          metaWhatsAppWebhookVerifyToken: true,
+        },
+      });
+
+    const configuredVerifyToken: string | undefined =
+      globalConfigTokenResponse?.metaWhatsAppWebhookVerifyToken?.trim() ||
+      undefined;
+
+    if (!configuredVerifyToken) {
+      logger.error(
+        "Meta WhatsApp webhook verify token is not configured. Rejecting verification request.",
+      );
+      res.sendStatus(403);
+      return;
+    }
+
+    if (verifyToken === configuredVerifyToken) {
+      res.status(200).send(challenge);
+      return;
+    }
+
+    logger.warn(
+      "Meta WhatsApp webhook verification failed due to token mismatch.",
+    );
+    res.sendStatus(403);
+    return;
+  }
+
+  res.sendStatus(400);
+});
+
+router.post(
+  "/webhook",
+  async (req: ExpressRequest, res: ExpressResponse, next: NextFunction) => {
+    try {
+      const body: JSONObject = req.body as JSONObject;
+
+      if (
+        (body["object"] as string | undefined) !== "whatsapp_business_account"
+      ) {
+        logger.debug(
+          `[Meta WhatsApp Webhook] Received event for unsupported object: ${JSON.stringify(body)}`,
+        );
+        return Response.sendEmptySuccessResponse(req, res);
+      }
+
+      const entries: JSONArray | undefined = body["entry"] as
+        | JSONArray
+        | undefined;
+
+      if (!Array.isArray(entries)) {
+        logger.warn(
+          `[Meta WhatsApp Webhook] Payload did not include entries array. Payload: ${JSON.stringify(body)}`,
+        );
+        return Response.sendEmptySuccessResponse(req, res);
+      }
+
+      const statusUpdatePromises: Array<Promise<void>> = [];
+
+      for (const entry of entries) {
+        const entryObject: JSONObject = entry as JSONObject;
+        const changes: JSONArray | undefined =
+          (entryObject["changes"] as JSONArray | undefined) || undefined;
+
+        if (!Array.isArray(changes)) {
+          continue;
+        }
+
+        for (const change of changes) {
+          const changeObject: JSONObject = change as JSONObject;
+          const value: JSONObject | undefined =
+            (changeObject["value"] as JSONObject | undefined) || undefined;
+
+          if (!value) {
+            continue;
+          }
+
+          const statuses: JSONArray | undefined =
+            (value["statuses"] as JSONArray | undefined) || undefined;
+
+          if (Array.isArray(statuses)) {
+            for (const statusItem of statuses) {
+              statusUpdatePromises.push(
+                updateWhatsAppLogStatus(statusItem as JSONObject),
+              );
+            }
+          }
+        }
+      }
+
+      if (statusUpdatePromises.length > 0) {
+        await Promise.allSettled(statusUpdatePromises);
+      }
+
+      return Response.sendEmptySuccessResponse(req, res);
+    } catch (err) {
+      return next(err);
+    }
+  },
+);
+
+router.post(
+  "/test",
+  async (req: ExpressRequest, res: ExpressResponse, next: NextFunction) => {
+    try {
+      const body: JSONObject = req.body as JSONObject;
+
+      if (!body["toPhone"]) {
+        throw new BadDataException("toPhone is required");
+      }
+
+      const toPhone: Phone = new Phone(body["toPhone"] as string);
+
+      const templateKey: WhatsAppTemplateId =
+        WhatsAppTemplateIds.TestNotification;
+
+      const templateLanguageCode: string =
+        WhatsAppTemplateLanguage[templateKey] || "en";
+
+      const message: WhatsAppMessage = {
+        to: toPhone,
+        body: "",
+        templateKey,
+        templateVariables: undefined,
+        templateLanguageCode,
+      };
+
+      try {
+        await WhatsAppService.sendWhatsApp(message, {
+          projectId: body["projectId"]
+            ? new ObjectID(body["projectId"] as string)
+            : undefined,
+          isSensitive: false,
+        });
+      } catch (err) {
+        const errorMsg: string =
+          err instanceof Error && err.message
+            ? err.message
+            : "Failed to send test WhatsApp message.";
+
+        throw new BadDataException(errorMsg);
+      }
+
+      return Response.sendEmptySuccessResponse(req, res);
+    } catch (err) {
+      return next(err);
+    }
+  },
+);
+
+export default router;

App/FeatureSet/Notification/Config.ts

@@ -12,6 +12,8 @@ import Phone from "Common/Types/Phone";
 
 type GetGlobalSMTPConfig = () => Promise<EmailServer | null>;
 
+export const DEFAULT_META_WHATSAPP_API_VERSION: string = "v23.0";
+
 export const getGlobalSMTPConfig: GetGlobalSMTPConfig =
   async (): Promise<EmailServer | null> => {
     const globalConfig: GlobalConfig | null =
@@ -222,6 +224,83 @@ export const SMSHighRiskCostInCents: number = process.env[
   ? parseInt(process.env["SMS_HIGH_RISK_COST_IN_CENTS"])
   : 0;
 
+export interface MetaWhatsAppConfig {
+  accessToken: string;
+  phoneNumberId: string;
+  businessAccountId?: string | undefined;
+  appId?: string | undefined;
+  appSecret?: string | undefined;
+  apiVersion?: string | undefined;
+}
+
+type GetMetaWhatsAppConfigFunction = () => Promise<MetaWhatsAppConfig>;
+
+export const getMetaWhatsAppConfig: GetMetaWhatsAppConfigFunction =
+  async (): Promise<MetaWhatsAppConfig> => {
+    const globalConfig: GlobalConfig | null =
+      await GlobalConfigService.findOneBy({
+        query: {
+          _id: ObjectID.getZeroObjectID().toString(),
+        },
+        props: {
+          isRoot: true,
+        },
+        select: {
+          metaWhatsAppAccessToken: true,
+          metaWhatsAppPhoneNumberId: true,
+          metaWhatsAppBusinessAccountId: true,
+          metaWhatsAppAppId: true,
+          metaWhatsAppAppSecret: true,
+        },
+      });
+
+    if (!globalConfig) {
+      throw new BadDataException("Global Config not found");
+    }
+
+    const accessToken: string | undefined =
+      globalConfig.metaWhatsAppAccessToken?.trim();
+    const phoneNumberId: string | undefined =
+      globalConfig.metaWhatsAppPhoneNumberId?.trim();
+
+    if (!accessToken) {
+      throw new BadDataException(
+        "Meta WhatsApp access token not configured. Please set it in the Admin Dashboard: " +
+          AdminDashboardClientURL.toString(),
+      );
+    }
+
+    if (!phoneNumberId) {
+      throw new BadDataException(
+        "Meta WhatsApp phone number ID not configured. Please set it in the Admin Dashboard: " +
+          AdminDashboardClientURL.toString(),
+      );
+    }
+
+    const businessAccountId: string | undefined =
+      globalConfig.metaWhatsAppBusinessAccountId?.trim() || undefined;
+    const appId: string | undefined =
+      globalConfig.metaWhatsAppAppId?.trim() || undefined;
+    const appSecret: string | undefined =
+      globalConfig.metaWhatsAppAppSecret?.trim() || undefined;
+    const apiVersion: string = DEFAULT_META_WHATSAPP_API_VERSION;
+
+    return {
+      accessToken,
+      phoneNumberId,
+      businessAccountId,
+      appId,
+      appSecret,
+      apiVersion,
+    };
+  };
+
+export const WhatsAppTextDefaultCostInCents: number = process.env[
+  "WHATSAPP_TEXT_DEFAULT_COST_IN_CENTS"
+]
+  ? parseInt(process.env["WHATSAPP_TEXT_DEFAULT_COST_IN_CENTS"])
+  : 0;
+
 export const CallHighRiskCostInCentsPerMinute: number = process.env[
   "CALL_HIGH_RISK_COST_IN_CENTS_PER_MINUTE"
 ]

App/FeatureSet/Notification/Index.ts

@@ -2,6 +2,8 @@ import CallAPI from "./API/Call";
 // API
 import MailAPI from "./API/Mail";
 import SmsAPI from "./API/SMS";
+import WhatsAppAPI from "./API/WhatsApp";
+import PushNotificationAPI from "./API/PushNotification";
 import SMTPConfigAPI from "./API/SMTPConfig";
 import "./Utils/Handlebars";
 import FeatureSet from "Common/Server/Types/FeatureSet";
@@ -15,6 +17,8 @@ const NotificationFeatureSet: FeatureSet = {
 
     app.use([`/${APP_NAME}/email`, "/email"], MailAPI);
     app.use([`/${APP_NAME}/sms`, "/sms"], SmsAPI);
+    app.use([`/${APP_NAME}/whatsapp`, "/whatsapp"], WhatsAppAPI);
+    app.use([`/${APP_NAME}/push`, "/push"], PushNotificationAPI);
     app.use([`/${APP_NAME}/call`, "/call"], CallAPI);
     app.use([`/${APP_NAME}/smtp-config`, "/smtp-config"], SMTPConfigAPI);
   },

App/FeatureSet/Notification/Services/CallService.ts

@@ -28,6 +28,38 @@ import Twilio from "twilio";
 import { CallInstance } from "twilio/lib/rest/api/v2010/account/call";
 import Phone from "Common/Types/Phone";
 
+/**
+ * Extracts the main sayMessage values from a CallRequest's data array for call summary.
+ * Excludes acknowledgment responses, error messages, and other system messages.
+ * @param callRequest The call request containing data array with various objects
+ * @returns A string containing main call content messages separated by newlines
+ */
+function extractSayMessagesFromCallRequest(callRequest: CallRequest): string {
+  const sayMessages: string[] = [];
+
+  if (callRequest.data && Array.isArray(callRequest.data)) {
+    for (const item of callRequest.data) {
+      // Check if the item is a Say object with sayMessage
+      if ((item as Say).sayMessage) {
+        sayMessages.push((item as Say).sayMessage);
+      }
+      // Check if the item is a GatherInput with introMessage
+      if ((item as GatherInput).introMessage) {
+        sayMessages.push((item as GatherInput).introMessage);
+      }
+      /*
+       * NOTE: Excluding noInputMessage and onInputCallRequest messages from summary
+       * as they contain system responses like "Good bye", "Invalid input", "You have acknowledged"
+       * which should not be included in the call summary according to user requirements
+       */
+    }
+  }
+
+  return sayMessages.length > 0
+    ? sayMessages.join(" ")
+    : "No message content found";
+}
+
 export default class CallService {
   public static async makeCall(
     callRequest: CallRequest,
@@ -36,6 +68,18 @@ export default class CallService {
       isSensitive?: boolean; // if true, message will not be logged
       userOnCallLogTimelineId?: ObjectID | undefined; // user notification log timeline id
       customTwilioConfig?: TwilioConfig | undefined;
+      incidentId?: ObjectID | undefined;
+      alertId?: ObjectID | undefined;
+      scheduledMaintenanceId?: ObjectID | undefined;
+      statusPageId?: ObjectID | undefined;
+      statusPageAnnouncementId?: ObjectID | undefined;
+      userId?: ObjectID | undefined;
+      // On-call policy related fields
+      onCallPolicyId?: ObjectID | undefined;
+      onCallPolicyEscalationRuleId?: ObjectID | undefined;
+      onCallDutyPolicyExecutionLogTimelineId?: ObjectID | undefined;
+      onCallScheduleId?: ObjectID | undefined;
+      teamId?: ObjectID | undefined;
     },
   ): Promise<void> {
     let callError: Error | null = null;
@@ -82,14 +126,58 @@ export default class CallService {
       callLog.fromNumber = fromNumber;
       callLog.callData =
         options && options.isSensitive
-          ? { message: "This call is sensitive and is not logged" }
-          : JSON.parse(JSON.stringify(callRequest));
+          ? ({ message: "This call is sensitive and is not logged" } as any)
+          : ({
+              message: extractSayMessagesFromCallRequest(callRequest),
+            } as any);
       callLog.callCostInUSDCents = 0;
 
       if (options.projectId) {
         callLog.projectId = options.projectId;
       }
 
+      if (options.incidentId) {
+        callLog.incidentId = options.incidentId;
+      }
+
+      if (options.alertId) {
+        callLog.alertId = options.alertId;
+      }
+
+      if (options.scheduledMaintenanceId) {
+        callLog.scheduledMaintenanceId = options.scheduledMaintenanceId;
+      }
+
+      if (options.statusPageId) {
+        callLog.statusPageId = options.statusPageId;
+      }
+
+      if (options.statusPageAnnouncementId) {
+        callLog.statusPageAnnouncementId = options.statusPageAnnouncementId;
+      }
+
+      if (options.userId) {
+        callLog.userId = options.userId;
+      }
+
+      if (options.teamId) {
+        callLog.teamId = options.teamId;
+      }
+
+      // Set OnCall-related fields
+      if (options.onCallPolicyId) {
+        callLog.onCallDutyPolicyId = options.onCallPolicyId;
+      }
+
+      if (options.onCallPolicyEscalationRuleId) {
+        callLog.onCallDutyPolicyEscalationRuleId =
+          options.onCallPolicyEscalationRuleId;
+      }
+
+      if (options.onCallScheduleId) {
+        callLog.onCallDutyPolicyScheduleId = options.onCallScheduleId;
+      }
+
       let project: Project | null = null;
 
       // make sure project has enough balance.

App/FeatureSet/Notification/Services/MailService.ts

@@ -37,11 +37,49 @@ class TransporterPool {
   private static semaphore: Map<string, number> = new Map();
   private static readonly MAX_CONCURRENT_CONNECTIONS = 100;
 
+  private static resolveConnectionSettings(emailServer: EmailServer): {
+    portNumber: number;
+    wantsSecureConnection: boolean;
+    secureConnection: boolean;
+    requireTLS: boolean;
+    mode: "implicit-tls" | "starttls" | "plain";
+  } {
+    const portNumber: number = emailServer.port.toNumber();
+    const wantsSecureConnection: boolean = emailServer.secure;
+    const isImplicitTLSPort: boolean = portNumber === 465;
+
+    const secureConnection: boolean = isImplicitTLSPort;
+    const requireTLS: boolean = wantsSecureConnection && !isImplicitTLSPort;
+
+    let mode: "implicit-tls" | "starttls" | "plain" = "plain";
+
+    if (secureConnection) {
+      mode = "implicit-tls";
+    } else if (requireTLS) {
+      mode = "starttls";
+    }
+
+    return {
+      portNumber,
+      wantsSecureConnection,
+      secureConnection,
+      requireTLS,
+      mode,
+    };
+  }
+
+  private static getPoolKey(emailServer: EmailServer): string {
+    const { portNumber, mode } = this.resolveConnectionSettings(emailServer);
+    const username: string = emailServer.username || "noauth";
+
+    return `${emailServer.host.toString()}:${portNumber}:${username}:${mode}`;
+  }
+
   public static getTransporter(
     emailServer: EmailServer,
     options: { timeout?: number | undefined },
   ): Transporter {
-    const key: string = `${emailServer.host.toString()}:${emailServer.port.toNumber()}:${emailServer.username || "noauth"}`;
+    const key: string = this.getPoolKey(emailServer);
 
     if (!this.pools.has(key)) {
       const transporter: Transporter = this.createTransporter(
@@ -59,9 +97,12 @@ class TransporterPool {
     emailServer: EmailServer,
     options: { timeout?: number | undefined },
   ): Transporter {
+    const { portNumber, wantsSecureConnection, secureConnection, requireTLS } =
+      this.resolveConnectionSettings(emailServer);
+
     let tlsOptions: tls.ConnectionOptions | undefined = undefined;
 
-    if (!emailServer.secure) {
+    if (!wantsSecureConnection) {
       tlsOptions = {
         rejectUnauthorized: false,
       };
@@ -69,8 +110,9 @@ class TransporterPool {
 
     return nodemailer.createTransport({
       host: emailServer.host.toString(),
-      port: emailServer.port.toNumber(),
-      secure: emailServer.secure,
+      port: portNumber,
+      secure: secureConnection,
+      requireTLS,
       tls: tlsOptions,
       auth:
         emailServer.username && emailServer.password
@@ -88,7 +130,7 @@ class TransporterPool {
   public static async acquireConnection(
     emailServer: EmailServer,
   ): Promise<void> {
-    const key: string = `${emailServer.host.toString()}:${emailServer.port.toNumber()}:${emailServer.username || "noauth"}`;
+    const key: string = this.getPoolKey(emailServer);
 
     while ((this.semaphore.get(key) || 0) >= this.MAX_CONCURRENT_CONNECTIONS) {
       await new Promise<void>((resolve: () => void) => {
@@ -100,7 +142,7 @@ class TransporterPool {
   }
 
   public static releaseConnection(emailServer: EmailServer): void {
-    const key: string = `${emailServer.host.toString()}:${emailServer.port.toNumber()}:${emailServer.username || "noauth"}`;
+    const key: string = this.getPoolKey(emailServer);
     const current: number = this.semaphore.get(key) || 0;
     this.semaphore.set(key, Math.max(0, current - 1));
   }
@@ -345,6 +387,18 @@ export default class MailService {
           emailServer?: EmailServer | undefined;
           userOnCallLogTimelineId?: ObjectID | undefined;
           timeout?: number | undefined;
+          incidentId?: ObjectID | undefined;
+          alertId?: ObjectID | undefined;
+          scheduledMaintenanceId?: ObjectID | undefined;
+          statusPageId?: ObjectID | undefined;
+          statusPageAnnouncementId?: ObjectID | undefined;
+          userId?: ObjectID | undefined;
+          // On-call policy related fields
+          onCallPolicyId?: ObjectID | undefined;
+          onCallPolicyEscalationRuleId?: ObjectID | undefined;
+          onCallDutyPolicyExecutionLogTimelineId?: ObjectID | undefined;
+          onCallScheduleId?: ObjectID | undefined;
+          teamId?: ObjectID | undefined;
         }
       | undefined,
   ): Promise<void> {
@@ -359,6 +413,48 @@ export default class MailService {
       if (options.emailServer?.id) {
         emailLog.projectSmtpConfigId = options.emailServer?.id;
       }
+
+      if (options.incidentId) {
+        emailLog.incidentId = options.incidentId;
+      }
+
+      if (options.alertId) {
+        emailLog.alertId = options.alertId;
+      }
+
+      if (options.scheduledMaintenanceId) {
+        emailLog.scheduledMaintenanceId = options.scheduledMaintenanceId;
+      }
+
+      if (options.statusPageId) {
+        emailLog.statusPageId = options.statusPageId;
+      }
+
+      if (options.statusPageAnnouncementId) {
+        emailLog.statusPageAnnouncementId = options.statusPageAnnouncementId;
+      }
+
+      if (options.userId) {
+        emailLog.userId = options.userId;
+      }
+
+      if (options.teamId) {
+        emailLog.teamId = options.teamId;
+      }
+
+      // Set OnCall-related fields
+      if (options.onCallPolicyId) {
+        emailLog.onCallDutyPolicyId = options.onCallPolicyId;
+      }
+
+      if (options.onCallPolicyEscalationRuleId) {
+        emailLog.onCallDutyPolicyEscalationRuleId =
+          options.onCallPolicyEscalationRuleId;
+      }
+
+      if (options.onCallScheduleId) {
+        emailLog.onCallDutyPolicyScheduleId = options.onCallScheduleId;
+      }
     }
 
     // default vars.

App/FeatureSet/Notification/Services/PushNotificationService.ts

@@ -0,0 +1,44 @@
+import PushNotificationRequest from "Common/Types/PushNotification/PushNotificationRequest";
+import ObjectID from "Common/Types/ObjectID";
+import PushNotificationServiceCommon from "Common/Server/Services/PushNotificationService";
+
+export default class PushNotificationService {
+  public static async send(
+    request: PushNotificationRequest,
+    options: {
+      projectId?: ObjectID | undefined;
+      isSensitive?: boolean;
+      userOnCallLogTimelineId?: ObjectID | undefined;
+      incidentId?: ObjectID | undefined;
+      alertId?: ObjectID | undefined;
+      scheduledMaintenanceId?: ObjectID | undefined;
+      statusPageId?: ObjectID | undefined;
+      statusPageAnnouncementId?: ObjectID | undefined;
+      userId?: ObjectID | undefined;
+      onCallPolicyId?: ObjectID | undefined;
+      onCallPolicyEscalationRuleId?: ObjectID | undefined;
+      onCallDutyPolicyExecutionLogTimelineId?: ObjectID | undefined;
+      onCallScheduleId?: ObjectID | undefined;
+      teamId?: ObjectID | undefined;
+    } = {},
+  ): Promise<void> {
+    // Delegate to Common service which now handles logging and timeline updates
+    await PushNotificationServiceCommon.sendPushNotification(request, {
+      projectId: options.projectId,
+      isSensitive: Boolean(options.isSensitive),
+      userOnCallLogTimelineId: options.userOnCallLogTimelineId,
+      incidentId: options.incidentId,
+      alertId: options.alertId,
+      scheduledMaintenanceId: options.scheduledMaintenanceId,
+      statusPageId: options.statusPageId,
+      statusPageAnnouncementId: options.statusPageAnnouncementId,
+      userId: options.userId,
+      onCallPolicyId: options.onCallPolicyId,
+      onCallPolicyEscalationRuleId: options.onCallPolicyEscalationRuleId,
+      onCallDutyPolicyExecutionLogTimelineId:
+        options.onCallDutyPolicyExecutionLogTimelineId,
+      onCallScheduleId: options.onCallScheduleId,
+      teamId: options.teamId,
+    });
+  }
+}

App/FeatureSet/Notification/Services/SmsService.ts

@@ -31,6 +31,18 @@ export default class SmsService {
       customTwilioConfig?: TwilioConfig | undefined;
       isSensitive?: boolean; // if true, message will not be logged
       userOnCallLogTimelineId?: ObjectID | undefined;
+      incidentId?: ObjectID | undefined;
+      alertId?: ObjectID | undefined;
+      scheduledMaintenanceId?: ObjectID | undefined;
+      statusPageId?: ObjectID | undefined;
+      statusPageAnnouncementId?: ObjectID | undefined;
+      userId?: ObjectID | undefined;
+      // On-call policy related fields
+      onCallPolicyId?: ObjectID | undefined;
+      onCallPolicyEscalationRuleId?: ObjectID | undefined;
+      onCallDutyPolicyExecutionLogTimelineId?: ObjectID | undefined;
+      onCallScheduleId?: ObjectID | undefined;
+      teamId?: ObjectID | undefined;
     },
   ): Promise<void> {
     let smsError: Error | null = null;
@@ -71,6 +83,48 @@ export default class SmsService {
         smsLog.projectId = options.projectId;
       }
 
+      if (options.incidentId) {
+        smsLog.incidentId = options.incidentId;
+      }
+
+      if (options.alertId) {
+        smsLog.alertId = options.alertId;
+      }
+
+      if (options.scheduledMaintenanceId) {
+        smsLog.scheduledMaintenanceId = options.scheduledMaintenanceId;
+      }
+
+      if (options.statusPageId) {
+        smsLog.statusPageId = options.statusPageId;
+      }
+
+      if (options.statusPageAnnouncementId) {
+        smsLog.statusPageAnnouncementId = options.statusPageAnnouncementId;
+      }
+
+      if (options.userId) {
+        smsLog.userId = options.userId;
+      }
+
+      if (options.teamId) {
+        smsLog.teamId = options.teamId;
+      }
+
+      // Set OnCall-related fields
+      if (options.onCallPolicyId) {
+        smsLog.onCallDutyPolicyId = options.onCallPolicyId;
+      }
+
+      if (options.onCallPolicyEscalationRuleId) {
+        smsLog.onCallDutyPolicyEscalationRuleId =
+          options.onCallPolicyEscalationRuleId;
+      }
+
+      if (options.onCallScheduleId) {
+        smsLog.onCallDutyPolicyScheduleId = options.onCallScheduleId;
+      }
+
       const twilioConfig: TwilioConfig | null =
         options.customTwilioConfig || (await getTwilioConfig());
 

App/FeatureSet/Notification/Services/WhatsAppService.ts

@@ -0,0 +1,497 @@
+import {
+  WhatsAppTextDefaultCostInCents,
+  getMetaWhatsAppConfig,
+  MetaWhatsAppConfig,
+  DEFAULT_META_WHATSAPP_API_VERSION,
+} from "../Config";
+import BadDataException from "Common/Types/Exception/BadDataException";
+import ObjectID from "Common/Types/ObjectID";
+import UserNotificationStatus from "Common/Types/UserNotification/UserNotificationStatus";
+import WhatsAppMessage from "Common/Types/WhatsApp/WhatsAppMessage";
+import WhatsAppStatus from "Common/Types/WhatsAppStatus";
+import {
+  AuthenticationTemplates,
+  WhatsAppTemplateId,
+} from "Common/Types/WhatsApp/WhatsAppTemplates";
+import { JSONArray, JSONObject } from "Common/Types/JSON";
+import { IsBillingEnabled } from "Common/Server/EnvironmentConfig";
+import NotificationService from "Common/Server/Services/NotificationService";
+import ProjectService from "Common/Server/Services/ProjectService";
+import UserOnCallLogTimelineService from "Common/Server/Services/UserOnCallLogTimelineService";
+import WhatsAppLogService from "Common/Server/Services/WhatsAppLogService";
+import logger from "Common/Server/Utils/Logger";
+import Project from "Common/Models/DatabaseModels/Project";
+import WhatsAppLog from "Common/Models/DatabaseModels/WhatsAppLog";
+import API from "Common/Utils/API";
+import HTTPErrorResponse from "Common/Types/API/HTTPErrorResponse";
+import HTTPResponse from "Common/Types/API/HTTPResponse";
+import Protocol from "Common/Types/API/Protocol";
+import Route from "Common/Types/API/Route";
+import URL from "Common/Types/API/URL";
+
+const SENSITIVE_MESSAGE_PLACEHOLDER: string =
+  "This message is sensitive and is not logged";
+
+export default class WhatsAppService {
+  public static async sendWhatsApp(
+    message: WhatsAppMessage,
+    options: {
+      projectId?: ObjectID | undefined;
+      isSensitive?: boolean | undefined;
+      userOnCallLogTimelineId?: ObjectID | undefined;
+      incidentId?: ObjectID | undefined;
+      alertId?: ObjectID | undefined;
+      scheduledMaintenanceId?: ObjectID | undefined;
+      statusPageId?: ObjectID | undefined;
+      statusPageAnnouncementId?: ObjectID | undefined;
+      userId?: ObjectID | undefined;
+      onCallPolicyId?: ObjectID | undefined;
+      onCallPolicyEscalationRuleId?: ObjectID | undefined;
+      onCallDutyPolicyExecutionLogTimelineId?: ObjectID | undefined;
+      onCallScheduleId?: ObjectID | undefined;
+      teamId?: ObjectID | undefined;
+    } = {},
+  ): Promise<void> {
+    let sendError: Error | null = null;
+    const whatsAppLog: WhatsAppLog = new WhatsAppLog();
+
+    try {
+      if (!message.to) {
+        throw new BadDataException(
+          "WhatsApp recipient phone number is required",
+        );
+      }
+
+      if (!message.body && !message.templateKey) {
+        throw new BadDataException(
+          "Either WhatsApp message body or template key must be provided",
+        );
+      }
+
+      const isSensitiveMessage: boolean = Boolean(options.isSensitive);
+      const messageSummary: string = isSensitiveMessage
+        ? SENSITIVE_MESSAGE_PLACEHOLDER
+        : message.body ||
+          (message.templateKey
+            ? `Template: ${message.templateKey}${
+                message.templateVariables
+                  ? " Variables: " + JSON.stringify(message.templateVariables)
+                  : ""
+              }`
+            : "");
+
+      whatsAppLog.toNumber = message.to;
+      whatsAppLog.messageText = messageSummary;
+      whatsAppLog.whatsAppCostInUSDCents = 0;
+
+      if (options.projectId) {
+        whatsAppLog.projectId = options.projectId;
+      }
+
+      if (options.incidentId) {
+        whatsAppLog.incidentId = options.incidentId;
+      }
+
+      if (options.alertId) {
+        whatsAppLog.alertId = options.alertId;
+      }
+
+      if (options.scheduledMaintenanceId) {
+        whatsAppLog.scheduledMaintenanceId = options.scheduledMaintenanceId;
+      }
+
+      if (options.statusPageId) {
+        whatsAppLog.statusPageId = options.statusPageId;
+      }
+
+      if (options.statusPageAnnouncementId) {
+        whatsAppLog.statusPageAnnouncementId = options.statusPageAnnouncementId;
+      }
+
+      if (options.userId) {
+        whatsAppLog.userId = options.userId;
+      }
+
+      if (options.teamId) {
+        whatsAppLog.teamId = options.teamId;
+      }
+
+      if (options.onCallPolicyId) {
+        whatsAppLog.onCallDutyPolicyId = options.onCallPolicyId;
+      }
+
+      if (options.onCallPolicyEscalationRuleId) {
+        whatsAppLog.onCallDutyPolicyEscalationRuleId =
+          options.onCallPolicyEscalationRuleId;
+      }
+
+      if (options.onCallScheduleId) {
+        whatsAppLog.onCallDutyPolicyScheduleId = options.onCallScheduleId;
+      }
+
+      const config: MetaWhatsAppConfig = await getMetaWhatsAppConfig();
+
+      let messageCost: number = 0;
+      const shouldChargeForMessage: boolean = IsBillingEnabled;
+
+      if (shouldChargeForMessage) {
+        messageCost = WhatsAppTextDefaultCostInCents / 100;
+      }
+
+      let project: Project | null = null;
+
+      if (options.projectId) {
+        project = await ProjectService.findOneById({
+          id: options.projectId,
+          select: {
+            smsOrCallCurrentBalanceInUSDCents: true,
+            lowCallAndSMSBalanceNotificationSentToOwners: true,
+            name: true,
+            notEnabledSmsOrCallNotificationSentToOwners: true,
+          },
+          props: {
+            isRoot: true,
+          },
+        });
+
+        if (!project) {
+          whatsAppLog.status = WhatsAppStatus.Error;
+          whatsAppLog.statusMessage = `Project ${options.projectId.toString()} not found.`;
+          logger.error(whatsAppLog.statusMessage);
+          await WhatsAppLogService.create({
+            data: whatsAppLog,
+            props: {
+              isRoot: true,
+            },
+          });
+          return;
+        }
+
+        if (shouldChargeForMessage) {
+          let updatedBalance: number =
+            project.smsOrCallCurrentBalanceInUSDCents || 0;
+
+          try {
+            updatedBalance = await NotificationService.rechargeIfBalanceIsLow(
+              project.id!,
+            );
+          } catch (err) {
+            logger.error(err);
+          }
+
+          project.smsOrCallCurrentBalanceInUSDCents = updatedBalance;
+
+          if (!project.smsOrCallCurrentBalanceInUSDCents) {
+            whatsAppLog.status = WhatsAppStatus.LowBalance;
+            whatsAppLog.statusMessage = `Project ${options.projectId.toString()} does not have enough balance for WhatsApp messages.`;
+            logger.error(whatsAppLog.statusMessage);
+
+            await WhatsAppLogService.create({
+              data: whatsAppLog,
+              props: {
+                isRoot: true,
+              },
+            });
+
+            if (!project.lowCallAndSMSBalanceNotificationSentToOwners) {
+              await ProjectService.updateOneById({
+                id: project.id!,
+                data: {
+                  lowCallAndSMSBalanceNotificationSentToOwners: true,
+                },
+                props: {
+                  isRoot: true,
+                },
+              });
+
+              await ProjectService.sendEmailToProjectOwners(
+                project.id!,
+                `Low WhatsApp message balance for ${project.name || ""}`,
+                `We tried to send a WhatsApp message to ${message.to.toString()} with message:<br/><br/>${messageSummary}<br/><br/>The message was not sent because your project does not have enough balance for WhatsApp messages. Current balance is ${
+                  (project.smsOrCallCurrentBalanceInUSDCents || 0) / 100
+                } USD. Required balance for this message is ${messageCost} USD. Please enable auto recharge or recharge manually.`,
+              );
+            }
+            return;
+          }
+
+          if (project.smsOrCallCurrentBalanceInUSDCents < messageCost * 100) {
+            whatsAppLog.status = WhatsAppStatus.LowBalance;
+            whatsAppLog.statusMessage = `Project does not have enough balance to send WhatsApp message. Current balance is ${
+              project.smsOrCallCurrentBalanceInUSDCents / 100
+            } USD. Required balance is ${messageCost} USD.`;
+            logger.error(whatsAppLog.statusMessage);
+
+            await WhatsAppLogService.create({
+              data: whatsAppLog,
+              props: {
+                isRoot: true,
+              },
+            });
+
+            if (!project.lowCallAndSMSBalanceNotificationSentToOwners) {
+              await ProjectService.updateOneById({
+                id: project.id!,
+                data: {
+                  lowCallAndSMSBalanceNotificationSentToOwners: true,
+                },
+                props: {
+                  isRoot: true,
+                },
+              });
+
+              await ProjectService.sendEmailToProjectOwners(
+                project.id!,
+                `Low WhatsApp message balance for ${project.name || ""}`,
+                `We tried to send a WhatsApp message to ${message.to.toString()} with message:<br/><br/>${messageSummary}<br/><br/>The message was not sent because your project does not have enough balance for WhatsApp messages. Current balance is ${
+                  project.smsOrCallCurrentBalanceInUSDCents / 100
+                } USD. Required balance is ${messageCost} USD. Please enable auto recharge or recharge manually.`,
+              );
+            }
+            return;
+          }
+        }
+      }
+
+      const payload: JSONObject = {
+        messaging_product: "whatsapp",
+        recipient_type: "individual",
+        to: message.to.toString(),
+      } as JSONObject;
+
+      if (!message.templateKey) {
+        throw new BadDataException("WhatsApp message template key is required");
+      }
+
+      if (message.templateKey) {
+        const template: JSONObject = {
+          name: message.templateKey,
+          language: {
+            code: message.templateLanguageCode || "en",
+          },
+        } as JSONObject;
+
+        const components: JSONArray = [];
+
+        if (
+          message.templateVariables &&
+          Object.keys(message.templateVariables).length > 0
+        ) {
+          const parameters: JSONArray = [];
+
+          for (const [key, value] of Object.entries(
+            message.templateVariables,
+          )) {
+            parameters.push({
+              type: "text",
+              parameter_name: key,
+              text: value,
+            } as JSONObject);
+          }
+
+          if (parameters.length > 0) {
+            components.push({
+              type: "body",
+              parameters,
+            } as JSONObject);
+          }
+        }
+
+        /*
+         * Check if this is an authentication template
+         * Authentication templates may have special requirements including button components
+         */
+        const isAuthTemplate: boolean = AuthenticationTemplates.has(
+          message.templateKey as WhatsAppTemplateId,
+        );
+
+        if (isAuthTemplate) {
+          logger.info(
+            `Sending authentication template: ${message.templateKey}`,
+          );
+
+          /*
+           * Authentication templates in WhatsApp may have a button component for "Copy Code"
+           * If the template was created with a button, we need to provide button parameters
+           */
+          if (message.templateVariables) {
+            const otpCode: string | undefined =
+              message.templateVariables["1"] ||
+              message.templateVariables["otp"] ||
+              message.templateVariables["code"];
+
+            if (otpCode) {
+              /*
+               * Add button component - the index should match the button position in the template
+               * Usually authentication templates have the button as the first (and only) button
+               */
+              components.push({
+                type: "button",
+                sub_type: "url",
+                index: 0,
+                parameters: [
+                  {
+                    type: "text",
+                    text: otpCode,
+                  },
+                ],
+              } as JSONObject);
+            }
+          }
+        }
+
+        if (components.length > 0) {
+          template["components"] = components;
+        }
+
+        payload["type"] = "template";
+        payload["template"] = template;
+      } else {
+        payload["type"] = "text";
+        payload["text"] = {
+          body: message.body || "",
+        } as JSONObject;
+      }
+
+      const apiVersion: string =
+        config.apiVersion?.trim() || DEFAULT_META_WHATSAPP_API_VERSION;
+
+      const url: URL = new URL(
+        Protocol.HTTPS,
+        "graph.facebook.com",
+        new Route(`${apiVersion}/${config.phoneNumberId}/messages`),
+      );
+
+      logger.debug(`WhatsApp API request: ${JSON.stringify(payload)}`);
+
+      const response: HTTPResponse<JSONObject> | HTTPErrorResponse =
+        await API.post<JSONObject>({
+          url,
+          data: payload,
+          headers: {
+            Authorization: `Bearer ${config.accessToken}`,
+            "Content-Type": "application/json",
+          },
+        });
+
+      if (response instanceof HTTPErrorResponse) {
+        logger.error("Failed to send WhatsApp message.");
+        logger.error(response);
+        const responseDataAsJSONObject: JSONObject = response.data;
+        const responseJsonAsJSONObject: JSONObject | undefined =
+          (response.jsonData as JSONObject | undefined) || undefined;
+
+        // Log full error details for debugging
+        const errorObject: JSONObject | undefined =
+          (responseDataAsJSONObject["error"] as JSONObject | undefined) ||
+          (responseJsonAsJSONObject?.["error"] as JSONObject | undefined);
+
+        if (errorObject) {
+          logger.error("WhatsApp API Error Details:");
+          logger.error(JSON.stringify(errorObject, null, 2));
+        }
+
+        const detailedErrorMessage: string | undefined =
+          ((responseDataAsJSONObject["error"] as JSONObject | undefined)?.[
+            "message"
+          ] as string | undefined) ||
+          ((responseJsonAsJSONObject?.["error"] as JSONObject | undefined)?.[
+            "message"
+          ] as string | undefined);
+
+        throw new BadDataException(
+          detailedErrorMessage || "Failed to send WhatsApp message.",
+        );
+      }
+
+      const responseData: JSONObject = (response.jsonData || {}) as JSONObject;
+
+      let messageId: string | undefined = undefined;
+      const messagesArray: JSONArray | undefined =
+        (responseData["messages"] as JSONArray) || undefined;
+
+      if (Array.isArray(messagesArray) && messagesArray.length > 0) {
+        const firstMessage: JSONObject = messagesArray[0] as JSONObject;
+        if (firstMessage["id"]) {
+          messageId = firstMessage["id"] as string;
+        }
+      }
+
+      if (messageId) {
+        whatsAppLog.whatsAppMessageId = messageId;
+      }
+
+      whatsAppLog.status = WhatsAppStatus.Sent;
+      whatsAppLog.statusMessage = messageId
+        ? `Message ID: ${messageId}`
+        : "WhatsApp message sent successfully";
+
+      if (shouldChargeForMessage && project) {
+        const deduction: number = Math.floor(messageCost * 100);
+        whatsAppLog.whatsAppCostInUSDCents = deduction;
+
+        project.smsOrCallCurrentBalanceInUSDCents = Math.max(
+          0,
+          Math.floor(
+            (project.smsOrCallCurrentBalanceInUSDCents || 0) - deduction,
+          ),
+        );
+
+        await ProjectService.updateOneById({
+          id: project.id!,
+          data: {
+            smsOrCallCurrentBalanceInUSDCents:
+              project.smsOrCallCurrentBalanceInUSDCents,
+            notEnabledSmsOrCallNotificationSentToOwners: false,
+          },
+          props: {
+            isRoot: true,
+          },
+        });
+      }
+    } catch (error: any) {
+      logger.error("Failed to send WhatsApp message.");
+      logger.error(error);
+      whatsAppLog.whatsAppCostInUSDCents = 0;
+      whatsAppLog.status = WhatsAppStatus.Error;
+      const errorMessage: string =
+        error && error.message ? error.message.toString() : `${error}`;
+      whatsAppLog.statusMessage = errorMessage;
+
+      sendError = error;
+    }
+
+    if (options.projectId) {
+      await WhatsAppLogService.create({
+        data: whatsAppLog,
+        props: {
+          isRoot: true,
+        },
+      });
+    }
+
+    if (options.userOnCallLogTimelineId) {
+      await UserOnCallLogTimelineService.updateOneById({
+        id: options.userOnCallLogTimelineId,
+        data: {
+          status: [
+            WhatsAppStatus.Success,
+            WhatsAppStatus.Sent,
+            WhatsAppStatus.Delivered,
+            WhatsAppStatus.Read,
+          ].includes(whatsAppLog.status || WhatsAppStatus.Error)
+            ? UserNotificationStatus.Sent
+            : UserNotificationStatus.Error,
+          statusMessage: whatsAppLog.statusMessage,
+        },
+        props: {
+          isRoot: true,
+        },
+      });
+    }
+
+    if (sendError) {
+      throw sendError;
+    }
+  }
+}

App/FeatureSet/Notification/Templates/AcknowledgeAlert.hbs

@@ -13,10 +13,8 @@
 {{> DetailBoxField title="Current State: " text=currentState  }}
 {{> DetailBoxField title="Resources Affected: " text=resourcesAffected  }}
 {{> DetailBoxField title="Severity: " text=alertSeverity  }}
-{{> DetailBoxField title="Root Cause: " text=""  }}
-{{> DetailBoxField title="" text=rootCause  }}
-{{> DetailBoxField title="Description: " text=""  }}
-{{> DetailBoxField title="" text=alertDescription  }}
+{{> DetailBoxField title="Root Cause: " text=rootCause  }}
+{{> DetailBoxField title="Description: " text=alertDescription  }}
 {{> DetailBoxEnd this }}
 
 

App/FeatureSet/Notification/Templates/AcknowledgeIncident.hbs

@@ -13,10 +13,8 @@
 {{> DetailBoxField title="Current State: " text=currentState  }}
 {{> DetailBoxField title="Resources Affected: " text=resourcesAffected  }}
 {{> DetailBoxField title="Severity: " text=incidentSeverity  }}
-{{> DetailBoxField title="Root Cause: " text=""  }}
-{{> DetailBoxField title="" text=rootCause  }}
-{{> DetailBoxField title="Description: " text=""  }}
-{{> DetailBoxField title="" text=incidentDescription  }}
+{{> DetailBoxField title="Root Cause: " text=rootCause  }}
+{{> DetailBoxField title="Description: " text=incidentDescription  }}
 {{> DetailBoxEnd this }}
 
 

App/FeatureSet/Notification/Templates/AlertOwnerAdded.hbs

@@ -13,8 +13,7 @@
 {{> DetailBoxField title="Current State: " text=currentState  }}
 {{> DetailBoxField title="Resources Affected: " text=resourcesAffected  }}
 {{> DetailBoxField title="Severity: " text=alertSeverity  }}
-{{> DetailBoxField title="Description: " text=""  }}
-{{> DetailBoxField title="" text=alertDescription  }}
+{{> DetailBoxField title="Description: " text=alertDescription  }}
 {{> DetailBoxEnd this }}
 
 

App/FeatureSet/Notification/Templates/AlertOwnerNotePosted.hbs

@@ -14,11 +14,10 @@
 {{> DetailBoxField title="Resources Affected: " text=resourcesAffected  }}
 {{> DetailBoxField title="Severity: " text=alertSeverity  }}
 {{#if isPrivateNote}}
-{{> DetailBoxField title="Private Note: " text=""  }}
+{{> DetailBoxField title="Private Note: " text=note  }}
 {{else}}
-{{> DetailBoxField title="Public Note: " text=""  }}
+{{> DetailBoxField title="Public Note: " text=note  }}
 {{/if}}
-{{> DetailBoxField title="" text=note  }}
 {{> DetailBoxEnd this }}
 
 

App/FeatureSet/Notification/Templates/AlertOwnerResourceCreated.hbs

@@ -13,16 +13,12 @@
 {{> DetailBoxField title="Current State: " text=currentState  }}
 {{> DetailBoxField title="Resources Affected: " text=resourcesAffected  }}
 {{> DetailBoxField title="Alert Declared By: " text=declaredBy  }}
-{{> DetailBoxField title="Alert Declared At: " text=""  }}
-{{> DetailBoxField title="" text=declaredAt  }}
+{{> DetailBoxField title="Alert Declared At: " text=declaredAt  }}
 {{> DetailBoxField title="Severity: " text=alertSeverity  }}
-{{> DetailBoxField title="Root Cause: " text=""  }}
-{{> DetailBoxField title="" text=rootCause  }}
-{{> DetailBoxField title="Description: " text=""  }}
-{{> DetailBoxField title="" text=alertDescription  }}
+{{> DetailBoxField title="Root Cause: " text=rootCause  }}
+{{> DetailBoxField title="Description: " text=alertDescription  }}
 {{#ifNotCond remediationNotes ""}}
-{{> DetailBoxField title="Remediation Notes: " text=""  }}
-{{> DetailBoxField title="" text=remediationNotes  }}
+{{> DetailBoxField title="Remediation Notes: " text=remediationNotes  }}
 {{/ifNotCond}}
 {{> DetailBoxEnd this }}
 

App/FeatureSet/Notification/Templates/AlertOwnerStateChanged.hbs

@@ -4,19 +4,17 @@
 {{> Logo this}}
 {{> EmailTitle title=(concat "Alert: " alertTitle) }}
 
-{{> InfoBlock info=(concat "Alert state changed to - " currentState)}}
+{{> InfoBlock info="Alert state has changed"}}
 
 {{> InfoBlock info="Here are the details: "}}
 
 {{> DetailBoxStart this }}
+{{> StateTransition this}}
 {{> DetailBoxField title="Alert Title:" text=alertTitle }}
-{{> DetailBoxField title="New State: " text=currentState  }}
-{{> DetailBoxField title="State changed at: " text=""  }}
-{{> DetailBoxField title="" text=stateChangedAt  }}
-{{> DetailBoxField title="Resources Affected: " text=resourcesAffected  }}
-{{> DetailBoxField title="Severity: " text=alertSeverity  }}
-{{> DetailBoxField title="Description: " text=""  }}
-{{> DetailBoxField title="" text=alertDescription  }}
+{{> DetailBoxField title="State changed at:" text=stateChangedAt }}
+{{> DetailBoxField title="Resources Affected:" text=resourcesAffected }}
+{{> DetailBoxField title="Severity:" text=alertSeverity }}
+{{> DetailBoxField title="Description:" text=alertDescription }}
 {{> DetailBoxEnd this }}
 
 

App/FeatureSet/Notification/Templates/ForgotPassword.hbs

@@ -2,15 +2,20 @@
 
 {{> Logo this}}
 
-{{> EmailTitle title="Forgot Password? We're here to help." }}
+{{> EmailTitle title="Reset Your Password" }}
 
-{{> InfoBlock info="Please click on the 'Reset your password' button below which will help you reset your password and once you're done, You're good to go!"}}
+{{> InfoBlock info="We received a request to reset your password. Click the button below to create a new password for your account."}}
 
-{{> ButtonBlock buttonUrl=tokenVerifyUrl buttonText="Reset your password"}}
+{{> ButtonBlock buttonUrl=tokenVerifyUrl buttonText="Reset Password"}}
 
-{{> InfoBlock info="You can also copy and paste this link:"}}
+{{> VerticalSpace this}}
+
+{{> InfoBlock info="Or copy and paste this link into your browser:"}}
 {{> InfoBlock info=tokenVerifyUrl}}
-{{> InfoBlock info="This password reset link expires in 24 hours."}}
+
+{{> VerticalSpace this}}
+
+{{> InfoBlock info="<strong>Note:</strong> This password reset link will expire in 24 hours. If you didn't request this reset, you can safely ignore this email."}}
 
 {{> SupportBlock this }}
 

App/FeatureSet/Notification/Templates/IncidentOwnerAdded.hbs

@@ -13,8 +13,7 @@
 {{> DetailBoxField title="Current State: " text=currentState  }}
 {{> DetailBoxField title="Resources Affected: " text=resourcesAffected  }}
 {{> DetailBoxField title="Severity: " text=incidentSeverity  }}
-{{> DetailBoxField title="Description: " text=""  }}
-{{> DetailBoxField title="" text=incidentDescription  }}
+{{> DetailBoxField title="Description: " text=incidentDescription  }}
 {{> DetailBoxEnd this }}
 
 

App/FeatureSet/Notification/Templates/IncidentOwnerNotePosted.hbs

@@ -14,11 +14,10 @@
 {{> DetailBoxField title="Resources Affected: " text=resourcesAffected  }}
 {{> DetailBoxField title="Severity: " text=incidentSeverity  }}
 {{#if isPrivateNote}}
-{{> DetailBoxField title="Private Note: " text=""  }}
+{{> DetailBoxField title="Private Note: " text=note  }}
 {{else}}
-{{> DetailBoxField title="Public Note: " text=""  }}
+{{> DetailBoxField title="Public Note: " text=note  }}
 {{/if}}
-{{> DetailBoxField title="" text=note  }}
 {{> DetailBoxEnd this }}
 
 

App/FeatureSet/Notification/Templates/IncidentOwnerResourceCreated.hbs

@@ -13,16 +13,12 @@
 {{> DetailBoxField title="Current State: " text=currentState  }}
 {{> DetailBoxField title="Resources Affected: " text=resourcesAffected  }}
 {{> DetailBoxField title="Incident Declared By: " text=declaredBy  }}
-{{> DetailBoxField title="Incident Declared At: " text=""  }}
-{{> DetailBoxField title="" text=declaredAt  }}
+{{> DetailBoxField title="Incident Declared At: " text=declaredAt  }}
 {{> DetailBoxField title="Severity: " text=incidentSeverity  }}
-{{> DetailBoxField title="Root Cause: " text=""  }}
-{{> DetailBoxField title="" text=rootCause  }}
-{{> DetailBoxField title="Description: " text=""  }}
-{{> DetailBoxField title="" text=incidentDescription  }}
+{{> DetailBoxField title="Root Cause: " text=rootCause  }}
+{{> DetailBoxField title="Description: " text=incidentDescription  }}
 {{#ifNotCond remediationNotes ""}}
-{{> DetailBoxField title="Remediation Notes: " text=""  }}
-{{> DetailBoxField title="" text=remediationNotes  }}
+{{> DetailBoxField title="Remediation Notes: " text=remediationNotes  }}
 {{/ifNotCond}}
 {{> DetailBoxEnd this }}
 

App/FeatureSet/Notification/Templates/IncidentOwnerStateChanged.hbs

@@ -4,19 +4,17 @@
 {{> Logo this}}
 {{> EmailTitle title=(concat "Incident: " incidentTitle) }}
 
-{{> InfoBlock info=(concat "Incident state changed to - " currentState)}}
+{{> InfoBlock info="Incident state has changed"}}
 
 {{> InfoBlock info="Here are the details: "}}
 
 {{> DetailBoxStart this }}
+{{> StateTransition this}}
 {{> DetailBoxField title="Incident Title:" text=incidentTitle }}
-{{> DetailBoxField title="New State: " text=currentState  }}
-{{> DetailBoxField title="State changed at: " text=""  }}
-{{> DetailBoxField title="" text=stateChangedAt  }}
-{{> DetailBoxField title="Resources Affected: " text=resourcesAffected  }}
-{{> DetailBoxField title="Severity: " text=incidentSeverity  }}
-{{> DetailBoxField title="Description: " text=""  }}
-{{> DetailBoxField title="" text=incidentDescription  }}
+{{> DetailBoxField title="State changed at:" text=stateChangedAt }}
+{{> DetailBoxField title="Resources Affected:" text=resourcesAffected }}
+{{> DetailBoxField title="Severity:" text=incidentSeverity }}
+{{> DetailBoxField title="Description:" text=incidentDescription }}
 {{> DetailBoxEnd this }}
 
 

App/FeatureSet/Notification/Templates/InviteMember.hbs

@@ -2,28 +2,33 @@
 
 {{> Logo this}}
 
-{{> EmailTitle title=(concat "You have been invited to " projectName) }}
+{{> EmailTitle title=(concat "👋 You're Invited to " projectName) }}
 
 {{#ifCond isNewUser "true"}}
-{{> InfoBlock info="Please sign up to a new account to accept this invitation"}}
+{{> InfoBlock info="You've been invited to join a project on OneUptime. Create your account to get started."}}
 
-{{> ButtonBlock buttonUrl=registerLink buttonText="Sign up to a new account"}}
+{{> ButtonBlock buttonUrl=registerLink buttonText="Create Your Account"}}
 
-{{> InfoBlock info="You can also copy and paste this link:"}}
+{{> VerticalSpace this}}
+
+{{> InfoBlock info="Or copy and paste this link into your browser:"}}
 {{> InfoBlock info=registerLink}}
 {{/ifCond}}
 
 {{#ifCond isNewUser "false"}}
-{{> InfoBlock info="Please sign in to your account to see all your invitations and manage them."}}
+{{> InfoBlock info="You've been invited to join a project on OneUptime. Sign in to view and manage your invitations."}}
 
-{{> ButtonBlock buttonUrl=signInLink buttonText="Sign in to OneUptime"}}
+{{> ButtonBlock buttonUrl=signInLink buttonText="Sign In to OneUptime"}}
 
-{{> InfoBlock info="You can also copy and paste this link:"}}
+{{> VerticalSpace this}}
+
+{{> InfoBlock info="Or copy and paste this link into your browser:"}}
 {{> InfoBlock info=signInLink}}
 {{/ifCond}}
 
+{{> VerticalSpace this}}
 
-{{> InfoBlock info="If you have not signed up to OneUptime so far. You'll be redirected to the account sign up page to sign up first."}}
+{{> InfoBlock info="<em>If you don't have an account yet, you'll be redirected to create one first.</em>"}}
 
 {{> SupportBlock this }}
 

App/FeatureSet/Notification/Templates/MonitorOwnerAdded.hbs

@@ -10,9 +10,15 @@
 
 {{> DetailBoxStart this }}
 {{> DetailBoxField title="Monitor Name:" text=monitorName }}
+{{#ifNotCond monitorDestination ""}}
+{{#ifCond monitorType "API"}}
+{{> DetailBoxField title="Monitor URL:" text=(concat requestType " " monitorDestination) }}
+{{else}}
+{{> DetailBoxField title="Monitor Destination:" text=monitorDestination }}
+{{/ifCond}}
+{{/ifNotCond}}
 {{> DetailBoxField title="Current Status: " text=currentStatus  }}
-{{> DetailBoxField title="Description: " text=""  }}
-{{> DetailBoxField title="" text=monitorDescription  }}
+{{> DetailBoxField title="Description: " text=monitorDescription  }}
 {{> DetailBoxEnd this }}
 
 

App/FeatureSet/Notification/Templates/MonitorOwnerResourceCreated.hbs

@@ -10,9 +10,15 @@
 
 {{> DetailBoxStart this }}
 {{> DetailBoxField title="Monitor Name:" text=monitorName }}
+{{#ifNotCond monitorDestination ""}}
+{{#ifCond monitorType "API"}}
+{{> DetailBoxField title="Monitor URL:" text=(concat requestType " " monitorDestination) }}
+{{else}}
+{{> DetailBoxField title="Monitor Destination:" text=monitorDestination }}
+{{/ifCond}}
+{{/ifNotCond}}
 {{> DetailBoxField title="Current Status: " text=currentStatus  }}
-{{> DetailBoxField title="Description: " text=""  }}
-{{> DetailBoxField title="" text=monitorDescription  }}
+{{> DetailBoxField title="Description: " text=monitorDescription  }}
 {{> DetailBoxEnd this }}
 
 

App/FeatureSet/Notification/Templates/MonitorOwnerStatusChanged.hbs

@@ -4,21 +4,28 @@
 {{> Logo this}}
 {{> EmailTitle title=(concat "Monitor: " monitorName) }}
 
-{{> InfoBlock info=(concat "Monitor status changed to - " currentStatus)}}
+{{> InfoBlock info="Monitor status has changed"}}
 
 {{> InfoBlock info="Here are the details: "}}
 
 {{> DetailBoxStart this }}
-{{> DetailBoxField title="Monitor Name:" text=monitorName }}
-{{> DetailBoxField title="New Status: " text=currentStatus  }}
-{{#ifNotCond rootCause ""}}
-{{> DetailBoxField title="Root Cause: " text=""  }}
-{{> DetailBoxField title="" text=rootCause  }}
+{{> StatusTransition this}}
+{{#ifNotCond previousStatusDurationText ""}}
+{{> DetailBoxField title="Duration in Previous Status:" text=previousStatusDurationText }}
 {{/ifNotCond}}
-{{> DetailBoxField title="Status changed at: " text=""  }}
-{{> DetailBoxField title="" text=statusChangedAt  }}
-{{> DetailBoxField title="Description: " text=""  }}
-{{> DetailBoxField title="" text=monitorDescription  }}
+{{> DetailBoxField title="Monitor Name:" text=monitorName }}
+{{#ifNotCond monitorDestination ""}}
+{{#ifCond monitorType "API"}}
+{{> DetailBoxField title="Monitor URL:" text=(concat requestType " " monitorDestination) }}
+{{else}}
+{{> DetailBoxField title="Monitor Destination:" text=monitorDestination }}
+{{/ifCond}}
+{{/ifNotCond}}
+{{#ifNotCond rootCause ""}}
+{{> DetailBoxField title="Root Cause:" text=rootCause }}
+{{/ifNotCond}}
+{{> DetailBoxField title="Status changed at:" text=statusChangedAt }}
+{{> DetailBoxField title="Description:" text=monitorDescription }}
 {{> DetailBoxEnd this }}
 
 

App/FeatureSet/Notification/Templates/MonitorProbesStatus.hbs

@@ -8,8 +8,14 @@
 
 {{> DetailBoxStart this }}
 {{> DetailBoxField title="Monitor Name:" text=monitorName }}
-{{> DetailBoxField title="Monitor Description: " text=""  }}
-{{> DetailBoxField title="" text=monitorDescription  }}
+{{#ifNotCond monitorDestination ""}}
+{{#ifCond monitorType "API"}}
+{{> DetailBoxField title="Monitor URL:" text=(concat requestType " " monitorDestination) }}
+{{else}}
+{{> DetailBoxField title="Monitor Destination:" text=monitorDestination }}
+{{/ifCond}}
+{{/ifNotCond}}
+{{> DetailBoxField title="Monitor Description: " text=monitorDescription  }}
 {{> DetailBoxField title="Probe Status: " text=currentStatus  }}
 {{> DetailBoxEnd this }}
 

App/FeatureSet/Notification/Templates/Partials/ButtonBlock.hbs

@@ -1,3 +1,4 @@
+<!-- Primary Action Button -->
 <table class="st-Copy st-Width st-Width--mobile" border="0" cellpadding="0" cellspacing="0"
                     width="600" style="min-width: 600px;">
                     <tbody>
@@ -8,26 +9,26 @@
                           <div class="st-Spacer st-Spacer--filler"></div>
                         </td>
                         <td class="st-Font st-Font--body"
-                          style="border: 0; margin: 0; padding: 0; color: #000000; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Ubuntu, sans-serif; font-size: 16px; line-height: 24px;">
+                          style="border: 0; margin: 0; padding: 0; color: #1a1a2e; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Ubuntu, sans-serif; font-size: 16px; line-height: 24px;">
 
-                          <!-- Button & Modifier: fullWidth -->
+                          <!-- Button & Modifier: fullWidth with gradient -->
                           <table class="st-Button st-Button--fullWidth" border="0" cellpadding="0" cellspacing="0"
                             width="100%">
                             <tbody>
                               <tr>
-                                <td align="center" class="st-Button-area" height="38" valign="middle"
-                                  style="border: 0; margin: 0; padding: 0; background-color: #000000; border-radius: 5px; text-align: center;">
+                                <td align="center" class="st-Button-area" height="48" valign="middle"
+                                  style="border: 0; margin: 0; padding: 0; background: linear-gradient(135deg, #1a1a2e 0%, #000000 100%); border-radius: 8px; text-align: center; box-shadow: 0 2px 4px rgba(0, 0, 0, 0.2);">
                                   <a class="st-Button-link"
-                                    style="border: 0; margin: 0; padding: 0; color: #ffffff; display: block; height: 38px; text-align: center; text-decoration: none;"
+                                    style="border: 0; margin: 0; padding: 0; color: #ffffff; display: block; height: 48px; text-align: center; text-decoration: none;"
                                     href={{buttonUrl}}>
                                     <span class="st-Button-internal"
-                                      style="border: 0; margin: 0; padding: 0; color: #ffffff; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Ubuntu, sans-serif; font-size: 16px; font-weight: bold; height: 38px; line-height: 38px; mso-line-height-rule: exactly; text-decoration: none; vertical-align: middle; white-space: nowrap; width: 100%;">{{buttonText}}</span>
+                                      style="border: 0; margin: 0; padding: 0; color: #ffffff; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Ubuntu, sans-serif; font-size: 15px; font-weight: 600; height: 48px; line-height: 48px; mso-line-height-rule: exactly; text-decoration: none; vertical-align: middle; white-space: nowrap; width: 100%; letter-spacing: 0.3px;">{{buttonText}}</span>
                                   </a>
                                 </td>
                               </tr>
                             </tbody>
                           </table>
-                          <!-- /Button & Modifier: fullWidth -->
+                          <!-- /Button & Modifier: fullWidth with gradient -->
 
                         </td>
                         <td class="st-Spacer st-Spacer--gutter"
@@ -37,10 +38,11 @@
                         </td>
                       </tr>
                       <tr>
-                        <td class="st-Spacer st-Spacer--stacked" colspan="3" height="12"
+                        <td class="st-Spacer st-Spacer--stacked" colspan="3" height="16"
                           style="border: 0; margin: 0; padding: 0; font-size: 1px; line-height: 1px; mso-line-height-rule: exactly;">
                           <div class="st-Spacer st-Spacer--filler"></div>
                         </td>
                       </tr>
                     </tbody>
-                  </table>
+                  </table>
+<!-- /Primary Action Button -->

App/FeatureSet/Notification/Templates/Partials/CustomLogo.hbs

@@ -19,7 +19,7 @@
                             <a style="border: 0; margin: 0; padding: 0; text-decoration: none;" href={{homeURL}}>
 
                               <img alt="OneUptime" height="70" border="0"
-                                style="height:70px; border: 0; margin: 0; padding: 0; color: #000000; display: block; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Ubuntu, sans-serif; font-size: 12px; font-weight: normal;"
+                                style="height:70px; border: 0; margin: 0; padding: 0; color: #000000; display: block; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Ubuntu, sans-serif; font-size: 12px; font-weight: normal; border-radius: 10%;"
                                 src="{{logoUrl}}">
                             </a>
                           </div>

App/FeatureSet/Notification/Templates/Partials/DetailBoxEnd.hbs

@@ -1,4 +1,4 @@
-   
+<!-- End Detail Card Field Container -->
                                         </td>
                                       </tr>
                                     </tbody>
@@ -10,4 +10,5 @@
                         </td>
                       </tr>
                     </tbody>
-                  </table>
+                  </table>
+<!-- /Detail Card Container -->

App/FeatureSet/Notification/Templates/Partials/DetailBoxField.hbs

@@ -1,7 +1,9 @@
-<p style="Margin:0;font-size:16px;font-family:'inter','helvetica neue',helvetica,arial,sans-serif;line-height:30px;color:#424761">
+<!-- Detail Card Field -->
+<div class="st-DetailCard-field" style="padding: 10px 0; border-bottom: 1px solid #e2e8f0;">
 {{#if title}} 
-<strong>{{{title}}} </strong>{{{text}}} </span>
-{{else}}
-{{{text}}}
+<p class="st-DetailCard-label" style="Margin:0 0 4px 0;font-size:11px;font-family:'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', sans-serif;line-height:16px;color:#64748b;font-weight:600;text-transform:uppercase;letter-spacing:0.5px;">{{{title}}}</p>
 {{/if}}
-</p>
+{{#if text}}
+<p class="st-DetailCard-value" style="Margin:0;font-size:15px;font-family:'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', sans-serif;line-height:24px;color:#1e293b;font-weight:500;">{{{text}}}</p>
+{{/if}}
+</div>

App/FeatureSet/Notification/Templates/Partials/DetailBoxStart.hbs

@@ -1,19 +1,20 @@
-<table class="st-Copy st-Width st-Width--mobile" border="0" cellpadding="0" cellspacing="0"
-                    width="500" style="min-width: 500px;margin: 10px 50px;">
+<!-- Detail Card Container -->
+<table class="st-Copy st-Width st-Width--mobile st-DetailCard" border="0" cellpadding="0" cellspacing="0"
+                    width="472" style="min-width: 472px; margin: 16px 64px; border-radius: 12px; overflow: hidden;">
                     <tbody>
                       <tr style="border-collapse:collapse">
-                        <td width="720" align="center" valign="top" style="padding:0;Margin:0"></td>
+                        <td width="100%" align="center" valign="top" style="padding:0;Margin:0"></td>
                       </tr>
                       <tr style="border-collapse:collapse">
                         <td align="left"
-                          style="padding:0;Margin:0;padding-top:0px;padding-left:40px;padding-right:40px;padding-bottom:30px;background-color:#f7f8fa;border-radius: 5px">
+                          style="padding:0;Margin:0;padding-top:0px;padding-left:0;padding-right:0;padding-bottom:0;background: linear-gradient(135deg, #f8fafc 0%, #f1f5f9 100%);border-radius: 12px; border: 1px solid #e2e8f0; box-shadow: 0 1px 3px rgba(0, 0, 0, 0.05);">
                           <table cellpadding="0" cellspacing="0" width="100%"
                             style="border-collapse:collapse;border-spacing:0px">
                             <tbody>
                               <tr style="border-collapse:collapse">
-                                <td width="720" align="center" valign="top" style="padding:0;Margin:0">
+                                <td width="100%" align="center" valign="top" style="padding:0;Margin:0">
                                   <table cellpadding="0" cellspacing="0" width="100%" role="presentation"
                                     style="border-collapse:collapse;border-spacing:0px">
                                     <tbody>
                                       <tr style="border-collapse:collapse">
-                                        <td align="left" style="padding:0;Margin:0;padding-top:30px">
+                                        <td align="left" style="padding:24px 28px 0 28px;Margin:0;">

App/FeatureSet/Notification/Templates/Partials/EmailTitle.hbs

@@ -1,3 +1,4 @@
+<!-- Email Title Block -->
   <table class="st-Copy st-Width st-Width--mobile" border="0" cellpadding="0" cellspacing="0"
                     width="600" style="min-width: 600px;">
                     <tbody>
@@ -7,10 +8,10 @@
                           width="64">
                           <div class="st-Spacer st-Spacer--filler"></div>
                         </td>
-                        <td class="st-Font st-Font--body"
-                          style="color: #000000 !important; border:0;margin:0;padding:0; font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,'Helvetica Neue',Ubuntu,sans-serif;font-size:16px;line-height:24px">
+                        <td class="st-Font st-Font--title"
+                          style="color: #1a1a2e !important; border:0;margin:0;padding:0; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Ubuntu, sans-serif;font-size:24px;line-height:32px;font-weight:700;">
 
-                          <h3>{{title}}</h3>
+                          <h2 style="margin: 0; padding: 0; font-size: 24px; line-height: 32px; font-weight: 700; color: #1a1a2e;">{{title}}</h2>
 
                         </td>
                         <td class="st-Spacer st-Spacer--gutter"
@@ -20,10 +21,11 @@
                         </td>
                       </tr>
                       <tr>
-                        <td class="st-Spacer st-Spacer--stacked" colspan="3" height="12"
+                        <td class="st-Spacer st-Spacer--stacked" colspan="3" height="16"
                           style="border: 0; margin: 0; padding: 0; font-size: 1px; line-height: 1px; mso-line-height-rule: exactly;">
                           <div class="st-Spacer st-Spacer--filler"></div>
                         </td>
                       </tr>
                     </tbody>
-                  </table>
+                  </table>
+<!-- /Email Title Block -->