added react grab URL to CSP if FF is enabled, removed dead db hook

waleedlatif1 · waleedlatif1 · commit f466dc62a58a · 2026-01-14T20:41:35.000-08:00
diff --git a/apps/sim/lib/auth/auth.ts b/apps/sim/lib/auth/auth.ts
@@ -453,33 +453,6 @@ export const auth = betterAuth({
         }
       }
     },
-    // afterEmailVerification is called by link-based verification (kept for backwards compatibility)
-    afterEmailVerification: async (user) => {
-      if (isHosted && user.email) {
-        try {
-          const html = await renderWelcomeEmail(user.name || undefined)
-          const { from, replyTo } = getPersonalEmailFrom()
-
-          await sendEmail({
-            to: user.email,
-            subject: getEmailSubject('welcome'),
-            html,
-            from,
-            replyTo,
-            emailType: 'transactional',
-          })
-
-          logger.info('[emailVerification.afterEmailVerification] Welcome email sent', {
-            userId: user.id,
-          })
-        } catch (error) {
-          logger.error('[emailVerification.afterEmailVerification] Failed to send welcome email', {
-            userId: user.id,
-            error,
-          })
-        }
-      }
-    },
   },
   emailAndPassword: {
     enabled: true,
diff --git a/apps/sim/lib/core/security/csp.ts b/apps/sim/lib/core/security/csp.ts
@@ -1,5 +1,5 @@
 import { env, getEnv } from '../config/env'
-import { isDev } from '../config/feature-flags'
+import { isDev, isReactGrabEnabled } from '../config/feature-flags'
 
 /**
  * Content Security Policy (CSP) configuration builder
@@ -40,6 +40,7 @@ export const buildTimeCSPDirectives: CSPDirectives = {
     'https://*.google.com',
     'https://apis.google.com',
     'https://assets.onedollarstats.com',
+    ...(isReactGrabEnabled ? ['https://unpkg.com'] : []),
   ],
 
   'style-src': ["'self'", "'unsafe-inline'", 'https://fonts.googleapis.com'],
@@ -166,10 +167,11 @@ export function generateRuntimeCSP(): string {
   const dynamicDomainsStr = uniqueDynamicDomains.join(' ')
   const brandLogoDomain = brandLogoDomains[0] || ''
   const brandFaviconDomain = brandFaviconDomains[0] || ''
+  const reactGrabScript = isReactGrabEnabled ? 'https://unpkg.com' : ''
 
   return `
     default-src 'self';
-    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://apis.google.com https://assets.onedollarstats.com;
+    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://apis.google.com https://assets.onedollarstats.com ${reactGrabScript};
     style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
     img-src 'self' data: blob: https://*.googleusercontent.com https://*.google.com https://*.atlassian.com https://cdn.discordapp.com https://*.githubusercontent.com https://*.s3.amazonaws.com https://s3.amazonaws.com https://*.amazonaws.com https://*.blob.core.windows.net https://github.com/* https://collector.onedollarstats.com ${brandLogoDomain} ${brandFaviconDomain};
     media-src 'self' blob:;
