Merge branch 'main' into devin/rename-repository-files-1753364183

Author: eunjae-lee

.cursor/rules/review.mdc

@@ -1,5 +1,13 @@
 # Review Instructions
 
+## File Naming Conventions
+
+- **Repository Files**: Must include `Repository` suffix, prefix with technology if applicable (e.g., `PrismaAppRepository.ts`), use PascalCase matching exported class
+- **Service Files**: Must include `Service` suffix, use PascalCase matching exported class, avoid generic names (e.g., `MembershipService.ts`)
+- **New files**: Avoid dot-suffixes like `.service.ts` or `.repository.ts`; reserve `.test.ts`, `.spec.ts`, `.types.ts` for their specific purposes
+
+## Code Quality
+
 - Prefer early returns. It is recommended to throw/return early so we can ensure null-checks and prevent further nesting.
 - Prefer Composition over Prop Drilling. Instead of relying on prop drilling, let's try to take advantage of react children feature.
 - For Prisma queries:

.github/workflows/changesets.yml

@@ -34,4 +34,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          VITE_BOOKER_EMBED_OAUTH_CLIENT_ID: ${{ secrets.VITE_BOOKER_EMBED_OAUTH_CLIENT_ID }}
+          VITE_BOOKER_EMBED_API_URL: ${{ secrets.VITE_BOOKER_EMBED_API_URL }}
+          NEXT_PUBLIC_WEBAPP_URL: ${{ secrets.NEXT_PUBLIC_WEBAPP_URL }}

.yarn/versions/178162d8.yml

@@ -0,0 +1,3 @@
+undecided:
+  - calcom-monorepo
+  - "@calcom/prisma"

.yarn/versions/26346cfc.yml

@@ -0,0 +1,2 @@
+undecided:
+  - "@calcom/prisma"

CONTRIBUTING.md

@@ -95,6 +95,57 @@ Write with the future in mind. If there are trade-offs, edge cases, or temporary
   </tr>
 </table>
 
+## File Naming Conventions
+
+To ensure consistency and make files easy to fuzzy-find, we follow the naming conventions below for **services**, **repositories**, and other class-based files.
+
+### Repository Files
+
+- Repository class files must include the `Repository` suffix.
+- If the repository is backed by a specific technology (e.g. Prisma), prefix the filename and class name with it.
+- File name must match the exported class exactly (PascalCase).
+
+**Pattern:**
+
+`Prisma<Entity>Repository.ts`
+
+**Examples:**
+
+```ts
+// File: PrismaAppRepository.ts
+export class PrismaAppRepository { ... }
+
+// File: PrismaMembershipRepository.ts
+export class PrismaMembershipRepository { ... }
+```
+
+This avoids ambiguous filenames like app.ts and improves discoverability in editors.
+
+### Service Files
+
+- Service class files must include the Service suffix.
+- File name should be in PascalCase, matching the exported class.
+- Keep naming specific — avoid generic names like AppService.ts.
+
+**Pattern:**
+
+`<Entity>Service.ts`
+
+**Examples:**
+
+```ts
+// File: MembershipService.ts
+export class MembershipService { ... }
+
+// File: HashedLinkService.ts
+export class HashedLinkService { ... }
+```
+
+**Note:**
+
+- New files must avoid dot-suffixes like .service.ts or .repository.ts; these will be migrated from the existing codebase progressively.
+- We still reserve suffixes such as .test.ts, .spec.ts, and .types.ts for their respective use cases.
+
 ## Developing
 
 [See README](https://github.com/calcom/cal.com#development)

__checks__/README.md

@@ -1,4 +1,6 @@
 # Checkly Tests
 
 Run as `yarn checkly test`
+Optionally, run as `yarn checkly test --record` to be able to get detailed debugging view in Checkly UI
+Run the tests for a particylar file as `yarn checkly test {filePattern}`
 Deploy the tests as `yarn checkly deploy`

__checks__/csp-login.spec.ts

@@ -0,0 +1,22 @@
+import { test, expect } from "@playwright/test";
+
+test.describe("CSP Headers", () => {
+  test("Login page should have CSP header with nonce", async ({ page }) => {
+    const targetUrl = process.env.ENVIRONMENT_URL || "https://app.cal.com";
+
+    const response = await page.goto(`${targetUrl}/auth/login`);
+
+    expect(response?.status()).toBe(200);
+
+    const cspHeader = response?.headers()["content-security-policy"];
+    expect(cspHeader).toBeTruthy();
+
+    // Verify nonce is present in CSP header
+    const nonceMatch = cspHeader?.match(/'nonce-([^']+)'/);
+    expect(nonceMatch).toBeTruthy();
+    expect(nonceMatch![1]).toHaveLength(24);
+    expect(nonceMatch![1]).toMatch(/==$/);
+
+    await page.screenshot({ path: "screenshot.jpg" });
+  });
+});

apps/api/v1/lib/helpers/verifyApiKey.test.ts

@@ -14,20 +14,29 @@ import { MembershipRole, UserPermissionRole } from "@calcom/prisma/enums";
 
 import { verifyApiKey } from "./verifyApiKey";
 
+vi.mock("@calcom/lib/crypto", () => ({
+  symmetricDecrypt: vi.fn().mockReturnValue("mocked-decrypted-value"),
+  symmetricEncrypt: vi.fn().mockReturnValue("mocked-encrypted-value"),
+}));
+
 type CustomNextApiRequest = NextApiRequest & Request;
 type CustomNextApiResponse = NextApiResponse & Response;
 
+beforeEach(() => {
+  vi.stubEnv("CALENDSO_ENCRYPTION_KEY", "22gfxhWUlcKliUeXcu8xNah2+HP/29ZX");
+});
+
 afterEach(() => {
   vi.resetAllMocks();
+  vi.unstubAllEnvs();
 });
 
 const mockDeploymentRepository: IDeploymentRepository = {
   getLicenseKeyWithId: vi.fn().mockResolvedValue("mockLicenseKey"), // Mocked return value
   getSignatureToken: vi.fn().mockResolvedValue("mockSignatureToken"),
 };
 
-// TODO: Fix the skip condition for this test suite
-describe.skip("Verify API key", () => {
+describe("Verify API key", () => {
   let service: ILicenseKeyService;
 
   beforeEach(async () => {

apps/api/v1/pages/api/bookings/[id]/_get.ts

@@ -1,5 +1,7 @@
 import type { NextApiRequest } from "next";
 
+import { ErrorCode } from "@calcom/lib/errorCodes";
+import { ErrorWithCode } from "@calcom/lib/errors";
 import { defaultResponder } from "@calcom/lib/server/defaultResponder";
 import prisma from "@calcom/prisma";
 
@@ -106,6 +108,11 @@ export async function getHandler(req: NextApiRequest) {
       eventType: expand.includes("team") ? { include: { team: true } } : false,
     },
   });
+
+  if (!booking) {
+    throw new ErrorWithCode(ErrorCode.BookingNotFound, "Booking not found");
+  }
+
   return { booking: schemaBookingReadPublic.parse(booking) };
 }
 

apps/api/v1/pages/api/bookings/_post.ts

@@ -254,6 +254,14 @@ async function handler(req: NextApiRequest) {
       throw new HttpError({ statusCode: 400, message: knownError.message });
     }
 
+    if (knownError?.message === ErrorCode.RequestBodyInvalid) {
+      throw new HttpError({ statusCode: 400, message: knownError.message });
+    }
+
+    if (knownError?.message === ErrorCode.EventTypeNotFound) {
+      throw new HttpError({ statusCode: 400, message: knownError.message });
+    }
+
     throw error;
   }
 }