Commit Graph

47 Commits

Author SHA1 Message Date
Mazen Khalil
ca5e112a8c feat: TikTok channel (#12741)
fixes: #11834

This pull request introduces TikTok channel integration, enabling users
to connect and manage TikTok business accounts similarly to other
supported social channels. The changes span backend API endpoints,
authentication helpers, webhook handling, configuration, and frontend
components to support TikTok as a first-class channel.


**Key Notes**
* This integration is only compatible with TikTok Business Accounts
* Special permissions are required to access the TikTok [Business
Messaging
API](https://business-api.tiktok.com/portal/docs?id=1832183871604753).
* The Business Messaging API is region-restricted and is currently
unavailable to users in the EU.
* Only TEXT, IMAGE, and POST_SHARE messages are currently supported due
to limitations in the TikTok Business Messaging API
* A message will be successfully sent only if it contains text alone or
one image attachment. Messages with multiple attachments or those
combining text and attachments will fail and receive a descriptive error
status.
* Messages sent directly from the TikTok App will be synced into the
system
* Initiating a new conversation from the system is not permitted due to
limitations from the TikTok Business Messaging API.


**Backend: TikTok Channel Integration**

* Added `Api::V1::Accounts::Tiktok::AuthorizationsController` to handle
TikTok OAuth authorization initiation, returning the TikTok
authorization URL.
* Implemented `Tiktok::CallbacksController` to handle TikTok OAuth
callback, process authorization results, create or update channel/inbox,
and handle errors or denied scopes.
* Added `Webhooks::TiktokController` to receive and verify TikTok
webhook events, including signature verification and event dispatching.
* Created `Tiktok::IntegrationHelper` module for JWT-based token
generation and verification for secure TikTok OAuth state management.

**Configuration and Feature Flags**

* Added TikTok app credentials (`TIKTOK_APP_ID`, `TIKTOK_APP_SECRET`) to
allowed configs and app config, and registered TikTok as a feature in
the super admin features YAML.
[[1]](diffhunk://#diff-5e46e1d248631a1147521477d84a54f8ba6846ea21c61eca5f70042d960467f4R43)
[[2]](diffhunk://#diff-8bf37a019cab1dedea458c437bd93e34af1d6e22b1672b1d43ef6eaa4dcb7732R69)
[[3]](diffhunk://#diff-123164bea29f3c096b0d018702b090d5ae670760c729141bd4169a36f5f5c1caR74-R79)

**Frontend: TikTok Channel UI and Messaging Support**

* Added `TiktokChannel` API client for frontend TikTok authorization
requests.
* Updated channel icon mappings and tests to include TikTok
(`Channel::Tiktok`).
[[1]](diffhunk://#diff-b852739ed45def61218d581d0de1ba73f213f55570aa5eec52aaa08f380d0e16R16)
[[2]](diffhunk://#diff-3cd3ae32e94ef85f1f2c4435abf0775cc0614fb37ee25d97945cd51573ef199eR64-R69)
* Enabled TikTok as a supported channel in contact forms, channel
widgets, and feature toggles.
[[1]](diffhunk://#diff-ec59c85e1403aaed1a7de35971fe16b7033d5cd763be590903ebf8f1ca25a010R47)
[[2]](diffhunk://#diff-ec59c85e1403aaed1a7de35971fe16b7033d5cd763be590903ebf8f1ca25a010R69)
[[3]](diffhunk://#diff-725b90ca7e3a6837ec8291e9f57094f6a46b3ee00e598d16564f77f32cf354b0R26-R29)
[[4]](diffhunk://#diff-725b90ca7e3a6837ec8291e9f57094f6a46b3ee00e598d16564f77f32cf354b0R51-R54)
[[5]](diffhunk://#diff-725b90ca7e3a6837ec8291e9f57094f6a46b3ee00e598d16564f77f32cf354b0R68)
* Updated message meta logic to support TikTok-specific message statuses
(sent, delivered, read).
[[1]](diffhunk://#diff-e41239cf8dda36c1bd1066dbb17588ae8868e56289072c74b3a6d7ef5abdd696R23)
[[2]](diffhunk://#diff-e41239cf8dda36c1bd1066dbb17588ae8868e56289072c74b3a6d7ef5abdd696L63-R65)
[[3]](diffhunk://#diff-e41239cf8dda36c1bd1066dbb17588ae8868e56289072c74b3a6d7ef5abdd696L81-R84)
[[4]](diffhunk://#diff-e41239cf8dda36c1bd1066dbb17588ae8868e56289072c74b3a6d7ef5abdd696L103-R107)
* Added support for embedded message attachments (e.g., TikTok embeds)
with a new `EmbedBubble` component and updated message rendering logic.
[[1]](diffhunk://#diff-c3d701caf27d9c31e200c6143c11a11b9d8826f78aa2ce5aa107470e6fdb9d7fR31)
[[2]](diffhunk://#diff-047859f9368a46d6d20177df7d6d623768488ecc38a5b1e284f958fad49add68R1-R19)
[[3]](diffhunk://#diff-c3d701caf27d9c31e200c6143c11a11b9d8826f78aa2ce5aa107470e6fdb9d7fR316)
[[4]](diffhunk://#diff-cbc85e7c4c8d56f2a847d0b01cd48ef36e5f87b43023bff0520fdfc707283085R52)
* Adjusted reply policy and UI messaging for TikTok's 48-hour reply
window.
[[1]](diffhunk://#diff-0d691f6a983bd89502f91253ecf22e871314545d1e3d3b106fbfc76bf6d8e1c7R208-R210)
[[2]](diffhunk://#diff-0d691f6a983bd89502f91253ecf22e871314545d1e3d3b106fbfc76bf6d8e1c7R224-R226)

These changes collectively enable end-to-end TikTok channel support,
from configuration and OAuth flow to webhook processing and frontend
message handling.


------------

# TikTok App Setup & Configuration
1. Grant access to the Business Messaging API
([Documentation](https://business-api.tiktok.com/portal/docs?id=1832184145137922))
2. Set the app authorization redirect URL to
`https://FRONTEND_URL/tiktok/callback`
3. Update the installation config with TikTok App ID and Secret
4. Create a Business Messaging Webhook configuration and set the
callback url to `https://FRONTEND_URL/webhooks/tiktok`
([Documentation](https://business-api.tiktok.com/portal/docs?id=1832190670631937))
. You can do this by calling
`Tiktok::AuthClient.update_webhook_callback` from rails console once you
finish Tiktok channel configuration in super admin ( will be automated
in future )
5. Enable TikTok channel feature in an account

---------

Co-authored-by: Sojan Jose <sojan@pepalo.com>
Co-authored-by: iamsivin <iamsivin@gmail.com>
2025-12-17 07:54:50 -08:00
Sojan Jose
77f492590e feat: Control the allowed login methods via Super Admin (#12892)
- Control the allowed authentication methods for a chatwoot installation
via super admin configs. [SAML, Google Auth etc]
------
[Codex
Task](https://chatgpt.com/codex/tasks/task_e_6917d503b6e48326a261672c1de91462)

---------

Co-authored-by: Pranav <pranav@chatwoot.com>
Co-authored-by: Sivin Varghese <64252451+iamsivin@users.noreply.github.com>
2025-11-17 21:55:12 -08:00
Sojan Jose
bf806f0c28 feat: allow configuring attachment upload limit (#12835)
## Summary
- add a configurable MAXIMUM_FILE_UPLOAD_SIZE installation setting and
surface it through super admin and global config payloads
- apply the configurable limit to attachment validations and shared
upload helpers on dashboard and widget
- introduce a reusable helper with unit tests for parsing the limit and
extend attachment specs for configurability


------
[Codex
Task](https://chatgpt.com/codex/tasks/task_e_6912644786b08326bc8dee9401af6d0a)

---------

Co-authored-by: Sivin Varghese <64252451+iamsivin@users.noreply.github.com>
Co-authored-by: iamsivin <iamsivin@gmail.com>
2025-11-17 14:03:08 -08:00
Muhsin Keloth
8d12cf0c6b chore: Upgrade Facebook API version from v17.0 to v18.0 (#12384)
Meta announced that Graph API v17.0 will reach end-of-life on September
12, 2025, requiring migration to v18.0 or higher. Updated the default
Facebook API version from v17.0 to v18.0 across configuration files in
response to Meta's deprecation notice.
2025-09-09 11:20:58 +05:30
Tanmay Deep Sharma
61d10044a0 feat: Whatsapp embedded signup (#11612)
## Description

This PR introduces WhatsApp Embedded Signup functionality, enabling
users to connect their WhatsApp Business accounts through Meta's
streamlined OAuth flow without manual webhook configuration. This
significantly improves the user experience by automating the entire
setup process.

**Key Features:**

- Embedded signup flow using Facebook SDK and Meta's OAuth 2.0
- Automatic webhook registration and phone number configuration
- Enhanced provider selection UI with card-based design
- Real-time progress tracking during signup process
- Comprehensive error handling and user feedback


## Required Configuration

The following environment variables must be configured by administrators
before this feature can be used:
Super Admin Configuration (via
super_admin/app_config?config=whatsapp_embedded)

- `WHATSAPP_APP_ID`: The Facebook App ID for WhatsApp Business API
integration
- `WHATSAPP_CONFIGURATION_ID`: The Configuration ID for WhatsApp
Embedded Signup flow (obtained from Meta Developer Portal)
- `WHATSAPP_APP_SECRET`: The App Secret for WhatsApp Embedded Signup
flow (required for token exchange)
![Screenshot 2025-06-09 at 11 21
08 AM](https://github.com/user-attachments/assets/1615fb0d-27fc-4d9e-b193-9be7894ea93a)


## How Has This Been Tested?

#### Backend Tests (RSpec):

- Authentication validation for embedded signup endpoints
- Authorization code validation and error handling
- Missing business parameter validation
- Proper response format for configuration endpoint
- Unauthorized access prevention

#### Manual Test Cases:

- Complete embedded signup flow (happy path)
- Provider selection UI navigation
- Facebook authentication popup handling
- Error scenarios (cancelled auth, invalid business data, API failures)
- Configuration presence/absence behavior

## Related Screenshots:

![Screenshot 2025-06-09 at 7 48
18 PM](https://github.com/user-attachments/assets/34001425-df11-4d78-9424-334461e3178f)
![Screenshot 2025-06-09 at 7 48
22 PM](https://github.com/user-attachments/assets/c09f4964-3aba-4c39-9285-d1e8e37d0e33)
![Screenshot 2025-06-09 at 7 48
32 PM](https://github.com/user-attachments/assets/a34d5382-7a91-4e1c-906e-dc2d570c864a)
![Screenshot 2025-06-09 at 10 43
05 AM](https://github.com/user-attachments/assets/a15840d8-8223-4513-82e4-b08f23c95927)
![Screenshot 2025-06-09 at 10 42
56 AM](https://github.com/user-attachments/assets/8c345022-38b5-44c4-aba2-0cda81389c69)


Fixes
https://linear.app/chatwoot/issue/CW-2131/spec-for-whatsapp-cloud-channels-sign-in-with-facebook

---------

Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: iamsivin <iamsivin@gmail.com>
Co-authored-by: Sivin Varghese <64252451+iamsivin@users.noreply.github.com>
Co-authored-by: Sojan Jose <sojan@pepalo.com>
2025-07-14 21:37:06 -07:00
Pranav
4a83e70158 fix: Avoid throwing 406 for non-json requests (#11701)
Users get confused between app routes and API routes. Instead of hitting
/api, they append /app in the API call, which ends up calling the
dashboard controller and throws an error. To fix this, we added a check
to throw a 406 Not Acceptable for non-HTML requests. But Meta requires
Accept: \*/\* to return 200 for the integration to be accepted.

This change will only throw an error for JSON requests.

Fixes #11697
Fixes https://github.com/chatwoot/chatwoot/issues/11251
Fixes https://github.com/chatwoot/chatwoot/issues/11205
2025-06-10 15:12:32 -04:00
Muhsin Keloth
0b156f6d4e fix: Handle Instagram text and attachments as separate messages (#11315)
When we send text with attachments on Instagram, Instagram treats text
and attachments as separate messages. However, Chatwoot keeps them as a
single message. Since Instagram sends echo events for each message, this
can create duplicate messages in Chatwoot. To prevent this, we will send
text and attachments as separate messages.

---------

Co-authored-by: Pranav <pranav@chatwoot.com>
2025-04-16 20:46:47 +05:30
Sojan Jose
630826baed feat: Implement UI for Agent Bots in settings and remove CSML support (#11276)
- Add agent bots management UI in settings with avatar upload
- Enable agent bot configuration for all inbox types
- Implement proper CRUD operations with webhook URL support
- Fix agent bots menu item visibility in settings sidebar
- Remove all CSML-related code and features
- Add migration to convert existing CSML bots to webhook bots
- Simplify agent bot model and services to focus on webhook bots
- Improve UI to differentiate between system bots and account bots

## Video 





https://github.com/user-attachments/assets/3f4edbb7-b758-468c-8dd6-a9537b983f7d

---------

Co-authored-by: iamsivin <iamsivin@gmail.com>
Co-authored-by: Sivin Varghese <64252451+iamsivin@users.noreply.github.com>
Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
Co-authored-by: Pranav <pranav@chatwoot.com>
2025-04-16 18:02:49 +05:30
Shivam Mishra
161024db9d feat: Add visibility checks for installation types (#10773)
This pull request includes multiple changes to the sidebar and route
metas to configure visibility of features on the dashboard.

Here's a summary of the changes

1. Added `installationTypes`, field to routes `meta`, this works along
side `permissions` and `featureFlags`
This allows us to decide weather a particular feature is accessible on a
particular type. For instance, the Billing pages should only be
available on Cloud
2. Updated `usePolicy` and `policy.vue` to use the new
`installationTypes` config
3. Updated Sidebar related components to remove `showOnlyOnCloud` to use
the new policy updates.

Testing the PR

Here's the matrix of cases:
https://docs.google.com/spreadsheets/d/15AAJntJZoyudaby77BOnRcC4435FGuT7PXbUXoTyU50/edit?usp=sharing

---------

Co-authored-by: Pranav <pranav@chatwoot.com>
Co-authored-by: Sojan Jose <sojan@pepalo.com>
Co-authored-by: Pranav <pranavrajs@gmail.com>
2025-02-21 14:48:31 -08:00
Pranav
ccf890d855 fix: Handle JSON requests in DashboardController (#10910)
This is the error that is triggering a P0 incident in Chatwoot. 

```
DashboardController#index is missing a template for this request format and variant. request.formats: ["application/json"] request.variant: []
```

The user is calling `/app/accounts/api/v1/accounts/<account-id>/inboxes`. The URL is wrong, the requests are routed to dashboard controller as it starts with `/app/accounts`. The dashboard controller is not handling JSON requests and it creates errors. There are 312k errors over the last 2 years. Close to 50k during last 3 days.

This fix would return not_acceptable response to the attempts.
2025-02-15 09:32:50 -08:00
Shivam Mishra
42f6621afb feat: Vite + vue 3 💚 (#10047)
Fixes https://github.com/chatwoot/chatwoot/issues/8436
Fixes https://github.com/chatwoot/chatwoot/issues/9767
Fixes https://github.com/chatwoot/chatwoot/issues/10156
Fixes https://github.com/chatwoot/chatwoot/issues/6031
Fixes https://github.com/chatwoot/chatwoot/issues/5696
Fixes https://github.com/chatwoot/chatwoot/issues/9250
Fixes https://github.com/chatwoot/chatwoot/issues/9762

---------

Co-authored-by: Pranav <pranavrajs@gmail.com>
Co-authored-by: Sivin Varghese <64252451+iamsivin@users.noreply.github.com>
2024-10-02 00:36:30 -07:00
Shivam Mishra
5520bf68f3 feat: disable scripts on password reset page (#9693) 2024-07-01 11:11:57 +05:30
Shivam Mishra
616e3a8092 feat: allow setting dashboard scripts from super_admin (#9514)
This PR allows setting scripts for `vueapp.html.erb` via super admin
config. This PR has the following changes

1. Allow `DASHBOARD_SCRIPTS` in internal config
2. Remove existing scripts from `vueapp.html.erb`
3. Add scripts from `GlobalConfig` to `vueapp.html.erb`

---------

Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
2024-05-23 14:30:41 +05:30
Shivam Mishra
f6650b5025 feat: move Azure config to installation_config (#9481)
This PR has the following changes

1. Add `AZURE_APP_ID` and `AZURE_APP_SECRET` to installation config
2. Add Microsoft config to `super_admin/features.yml`
3. Replace usage of `ENV.fetch` with `GlobalConfigService.load` for
fetch App ID and Secret
2024-05-20 11:52:42 +05:30
Shivam Mishra
bd97226c95 fix: Locale not correct in root url when accessing help center with custom domain (#9110)
- Ensuring that SwitchLocale concern handles the case of custom domain for portals and set locale according to that

Co-authored-by: Sojan Jose <sojan@pepalo.com>
2024-03-19 18:48:59 +05:30
Sojan Jose
7320957405 chore: Add facebook_api_version to global config (#8965)
- Ability to configure facebook_api_version from global config

Co-authored-by: Pranav <pranav@chatwoot.com>
2024-02-20 15:53:29 +05:30
Pranav Raj S
b57063a8b8 feat: Support dark mode in login pages (#7420)
Co-authored-by: Sivin Varghese <64252451+iamsivin@users.noreply.github.com>
2023-07-01 07:49:52 +05:30
Pranav Raj S
4f8ce7b597 chore: Add support for dark mode logo (#7378) 2023-06-23 12:06:01 -07:00
Vishnu Narayanan
4505c5dda3 chore: add build id to settings page (#6873)
- Adds a build Id to the settings page
2023-04-18 00:35:35 +05:30
Pranav Raj S
f6a56edf86 feat: Add the UI flow for Microsoft Oauth (#6243) 2023-01-17 17:48:14 +05:30
Pranav Raj S
6200559123 chore: Update analytics events (#6050) 2022-12-08 20:53:13 -08:00
Fayaz Ahmed
47676c3cce feat: Allow agent-bots to be created from the UI (#4153)
Co-authored-by: Pranav Raj S <pranav@chatwoot.com>
2022-11-17 22:15:58 -08:00
Pranav Raj S
83eee7df91 chore: Set locale in default_locale (#5515) 2022-09-28 08:29:00 -07:00
Sojan Jose
99de8f4500 chore: Improve Helpcenter custom domains (#5456)
- Support rendering articles over frontend URL
- Support rendering articles over help center URL
- Support rendering help center home page in the custom domain root
2022-09-19 17:36:01 -07:00
Tejaswini Chile
db73d033b7 feat: Fetching the portal data related to a specific custom domain (#5249) 2022-09-07 12:22:24 +05:30
Pranav Raj S
7fc0d166e8 feat: Allow SaaS users to manage subscription within the dashboard (#5059) 2022-07-19 19:04:17 +05:30
Sojan Jose
713fdb44ee feat (ee): APIs to configure an auto assignment limit for inboxes (#4672)
Co-authored-by: Pranav Raj S <pranav@chatwoot.com>
2022-06-13 20:18:38 +05:30
Tejaswini Chile
9bac5873ef chore: upgrade FB api version (#4834) 2022-06-10 12:26:21 +05:30
Tejaswini Chile
9ed1f5d96b Fix: Make version changeable from the environment vars (#4654) 2022-05-10 19:20:55 +05:30
Pranav Raj S
cc74bebc0f feat: Display Account context in the UI (#4069) 2022-02-25 16:36:36 +05:30
Pranav Raj S
ea44a32758 feat: Add hCaptcha for public forms (#4017)
- added hCaptcha based verification for chatwoot signups

Co-authored-by: Sojan <sojan@pepalo.com>
2022-02-18 20:02:50 +05:30
Tejaswini Chile
94a473c9f8 chore: Delayed deploy of direct uploads (#3966)
Co-authored-by: Pranav Raj S <pranav@chatwoot.com>
2022-02-15 16:16:54 +05:30
Vishnu Narayanan
3a48e08fe0 feat: migrate facebook env vars to globalConfig (#3369)
Migrate facebook env vars to globalConfig and make it editable from the super admin UI.
2021-11-25 00:55:26 +05:30
Santhosh C
6cfd7d3836 feat: autogenerate vapid keys for push notifications (#3128)
* feat: Autogenerate push notification keys
* add vapid service class and remove pushkey model
* add spec for vapid service
* unset vapid env keys
* Unset VAPID_PRIVATE_KEY env variable

Co-authored-by: Sojan Jose <sojan@chatwoot.com>
Co-authored-by: Vishnu Narayanan <vishnu@chatwoot.com>
2021-11-09 21:36:32 +05:30
Vishnu Narayanan
97ee1bfa97 feat: add GlobalConfigService to support env vars migration (#3288) 2021-11-03 21:34:42 +04:00
Pranav Raj S
4759730022 feat: Configure Chatwoot & Analytics for SaaS app (#2975)
* feat: Add Chatwoot support inside Chatwoot SaaS
* Fix identity issues with Chatwoot
2021-09-07 23:11:01 +05:30
Pranav Raj S
1ebab21cfa chore: Configure API channel name and thumbnail (#2398) 2021-06-08 00:22:36 +05:30
Pranav Raj S
d4c2a78db6 chore: Add Chatwoot SDK to Chatwoot Dashboard (#1726)
Add Chatwoot SDK to Chatwoot Dashboard
2021-02-08 16:38:35 +05:30
Sojan Jose
14eefe3824 feat: Add Installation onboarding flow (#1640)
Co-authored-by: Pranav Raj S <pranav@chatwoot.com>
2021-01-17 14:07:18 +05:30
Pranav Raj S
a9344fbf4c fix: Add missing switch_locale on DashboardController (#1631) 2021-01-09 01:43:17 +05:30
Pranav Raj S
64733ca3bc fix: Move integration text to translation file (#1463)
- Move integration text to translation file
- Split switch_locale
2020-11-30 16:24:54 +05:30
Adam Zysko
30802e0c13 feat: Ability to set installation-wide default locale (#1433)
* Dashboard locale can be set via env variable
* Change account locale based on registration page
* Set account locale if available

Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com>
2020-11-24 18:34:31 +05:30
Pranav Raj Sreepuram
f30c8943d9 chore: Display app version on settings/admin area 2020-07-26 21:50:59 +05:30
Divyesh Kothari
89ed0b425b feat: Ability for the logged in user to create a new account (#985)
Co-authored-by: Divyesh <dkothari@box8.in>
Co-authored-by: Pranav Raj S <pranav@thoughtwoot.com>
2020-07-26 12:54:50 +05:30
Pranav Raj S
d219b0a45e Chore: Add an option to toggle web manifest (#848) 2020-05-12 12:45:28 +05:30
Pranav Raj S
94c6d6db6f 🚨Fix Rubocop lint errors 2019-10-20 14:17:26 +05:30
Pranav Raj Sreepuram
2a34255e0b Initial Commit
Co-authored-by: Subin <subinthattaparambil@gmail.com>
Co-authored-by: Manoj <manojmj92@gmail.com>
Co-authored-by: Nithin <webofnithin@gmail.com>
2019-08-14 15:18:44 +05:30