Closed naelob closed 2 months ago
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.
The latest updates on your projects. Learn more about Vercel for Git ↗︎
Name | Status | Preview | Comments | Updated (UTC) |
---|---|---|---|---|
panora-client-ts | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | May 1, 2024 3:55pm |
The updates primarily focus on enhancing security and project-specific data handling across various components and hooks in the TypeScript client and associated API. Key changes include the introduction of Cookies
for managing authentication tokens, the addition of project IDs to data fetches, and the refinement of function parameters and imports to streamline operations and improve readability.
File Path | Change Summary |
---|---|
.../api-keys/page.tsx , .../configuration/page.tsx , .../b2c/login/page.tsx |
Updated imports and function parameters, removed unused UI components. |
.../Configuration/*.tsx |
Code clean-up, removed unused imports and variables, added project IDs to hooks. |
.../hooks/mutations/*.tsx , .../hooks/use*.tsx |
Added Cookies for auth, updated function parameters to include project_id , added auth headers. |
packages/api/src/@core/auth/*.ts , .../connections-strategies/*.ts |
Enhanced security with new guards, updated method signatures, improved readability and structure. |
🐇💻🌟
In the burrow of code, under moon's soft glow, Little paws dance, on keys they flow. A sprinkle of cookies, a dash of auth, Safe and sound, on the data path. Oh, what a night, for a code delight, With every commit, we hop to new heights!
Build and Test (18.x) success (15)
packages/api/src/@core/auth/guards/jwt-auth.guard.ts: [warning] 20-20: '_info' is defined but never used --- packages/api/src/@core/auth/guards/jwt-auth.guard.ts: [warning] 21-21: '_context' is defined but never used --- packages/api/src/@core/auth/guards/jwt-auth.guard.ts: [warning] 22-22: '_status' is defined but never used
apps/client-ts/src/hooks/useApiKeys.tsx (2)
`4-4`: Import of `Cookies` from 'js-cookie' is correctly added to handle authorization tokens. --- `6-6`: The function `useApiKeys` now correctly accepts `project_id` as a parameter, aligning with the PR's objective to make data fetching project-specific.apps/client-ts/src/hooks/useConnections.tsx (2)
`4-4`: Import of `Cookies` from 'js-cookie' is correctly added to handle authorization tokens. --- `7-7`: The function `useConnections` now correctly accepts `project_id` as a parameter, aligning with the PR's objective to make data fetching project-specific.apps/client-ts/src/hooks/useLinkedUsers.tsx (2)
`4-4`: Import of `Cookies` from 'js-cookie' is correctly added to handle authorization tokens. --- `6-6`: The function `useLinkedUsers` now correctly accepts `project_id` as a parameter, aligning with the PR's objective to make data fetching project-specific.apps/client-ts/src/hooks/useWebhooks.tsx (2)
`4-4`: Import of `Cookies` from 'js-cookie' is correctly added to handle authorization tokens. --- `6-6`: The function `useWebhooks` now correctly accepts `project_id` as a parameter, aligning with the PR's objective to make data fetching project-specific.apps/client-ts/src/hooks/useProviderProperties.tsx (1)
`3-3`: Import of `Cookies` from 'js-cookie' is correctly added to handle authorization tokens.packages/api/src/@core/utils/services/validateUser.service.ts (1)
`1-25`: The `ValidateUserService` class is well-implemented with robust error handling: - The service correctly checks if the project's user ID matches the provided user ID, throwing an error if not, which is crucial for security. - Errors are appropriately handled using a custom error handler, which likely logs and processes the error, though the implementation of `handleServiceError` should be verified for completeness.Verification successful
--- The implementation of `handleServiceError` in the `errors.ts` file has been reviewed. The function is designed to handle different types of errors, including Axios errors, Prisma errors, and general errors. It logs the error details using the provided `LoggerService` and throws appropriate HTTP exceptions when necessary. This ensures that errors are not only logged but also correctly communicated back to the client, adhering to HTTP standards. Here are the key points observed in the implementation: - **Axios Errors**: The function checks if the error is an Axios error and logs it accordingly. It also uses the HTTP status from the Axios response or defaults to 500 if not available. - **Prisma Errors**: Errors from Prisma are logged, and an HTTP exception is thrown with the appropriate status code. - **General Errors**: All other errors are logged as unknown errors. - **HttpExceptions**: If the error is already an instance of `HttpException`, it is re-thrown, ensuring that the error handling in NestJS's controller layer works as expected. This implementation aligns with the requirements for robust error handling and logging as mentioned in the review comment. Therefore, the use of `handleServiceError` in the `ValidateUserService` is appropriate and well-implemented.Scripts Executed
The following scripts were executed for the analysis: --- Script: ```shell #!/bin/bash # Description: Verify the implementation of `handleServiceError` to ensure it logs and handles errors adequately. # Search for the implementation of `handleServiceError` in the codebase. rg --files-with-matches --type ts $'handleServiceError' ``` Length of output: 8898 --- --- Script: ```shell #!/bin/bash # Description: Fetch the implementation of `handleServiceError` from the likely file. # Display the contents of the file where `handleServiceError` is defined. cat packages/api/src/@core/utils/errors.ts ``` Length of output: 3123packages/api/src/@core/webhook/webhook.module.ts (2)
`8-8`: The import of `ValidateUserService` is correctly added, ensuring that this service can be injected into other components within the module, enhancing the security features of the webhooks. --- `22-28`: The `providers` array correctly includes `ValidateUserService`, which is essential for the module to utilize this service for user validation in webhook processing.apps/client-ts/src/hooks/useConnectionStrategies.tsx (2)
`4-4`: Import of `Cookies` from 'js-cookie' is correctly added to handle authorization tokens. --- `10-17`: Ensure proper error handling and security in API calls: - The `Authorization` header is correctly set using the access token from cookies, enhancing security. - The error handling for non-OK responses is appropriate, but consider logging this error or handling specific HTTP status codes for more granular error management. ```diff - throw an Error('Network response was not ok'); + if (response.status === 401) { + throw an Error('Unauthorized access'); + } else if (response.status === 500) { + console.error('Server error occurred'); + throw an Error('Server error'); + } else { + throw an Error('Network response was not ok'); + } ```packages/api/src/@core/utils/guards/validate-user.guard.ts (1)
`10-23`: The implementation of `canActivate` method correctly extracts user and project IDs, validates them, and uses the `validateUserService` to ensure the user is authorized for the given project. This is a crucial security feature and is implemented robustly.packages/api/src/@core/auth/auth.module.ts (1)
`23-23`: The addition of `ValidateUserService` to the providers array is appropriate and necessary for the `ValidateUserGuard` to function correctly within the module.apps/client-ts/src/hooks/useEvents.tsx (2)
`7-20`: The `fetchEvents` function correctly integrates the `project_id` for contextual data fetching and includes an authorization header using a token from cookies. This ensures that the data fetching is both secure and relevant to the specific project. --- `28-31`: The `useEvents` hook correctly utilizes the updated `fetchEvents` function to ensure that the data fetched is specific to the project, aligning with the PR's objectives.packages/api/src/@core/connections/connections.module.ts (1)
`19-19`: The addition of `ValidateUserService` to the providers array is appropriate and necessary for the `ValidateUserGuard` to function correctly within the module.apps/client-ts/src/hooks/mutations/useWebhookUpdate.tsx (1)
`17-17`: The `updateStatusWebhookEndpoint` function correctly includes an authorization header using a token from cookies, ensuring secure data handling as per the PR's objectives.packages/api/src/@core/projects/projects.controller.ts (2)
`28-32`: The `getProjects` method correctly utilizes `JwtAuthGuard` to ensure that the endpoint is protected by JWT authentication, enhancing the security as intended in the PR's objectives. --- `38-38`: The `createProject` method correctly utilizes `JwtAuthGuard` to ensure that the endpoint is protected by JWT authentication, enhancing the security as intended in the PR's objectives.packages/api/src/@core/events/events.controller.ts (2)
`37-43`: The `getEvents` method correctly utilizes both `JwtAuthGuard` and `ValidateUserGuard` to ensure that the endpoint is protected by JWT authentication and validates the user, enhancing security and ensuring contextual data handling as intended in the PR's objectives. --- `52-52`: The `getEventsCount` method correctly utilizes `JwtAuthGuard` to ensure that the endpoint is protected by JWT authentication, enhancing the security as intended in the PR's objectives.packages/api/src/@core/events/events.service.ts (1)
`12-36`: The `findEvents` method correctly implements project-specific data fetching by retrieving linked users based on `project_id` and using their IDs to filter events. This enhances both security and the relevance of the data fetched, aligning with the PR's objectives.packages/api/src/@core/magic-link/magic-link.controller.ts (4)
`29-29`: Ensure `JwtAuthGuard` is appropriately configured to handle the specific authorization needs of magic link creation. --- `35-35`: Clarify the implementation of admin-only access for `getMagicLinks`. Consider using a specific guard if not already implemented. --- `46-46`: Ensure that the admin access for `getMagicLink` is enforced through appropriate guards or checks. --- `55-55`: Implement or verify the validation of `project_id` against the user's authorized projects in `getMagicLink`.apps/client-ts/src/components/Events/EventsTable.tsx (2)
`8-8`: Ensure `useProjectStore` is properly implemented and tested to fetch and manage project-related state. --- Line range hint `14-24`: Validate the integration of `idProject` in `useEvents` to ensure it correctly influences the data fetching logic.packages/api/src/@core/linked-users/linked-users.service.ts (1)
`13-19`: Ensure the `getLinkedUsers` method correctly filters users based on `project_id` and handles errors appropriately.apps/client-ts/src/hooks/mutations/useMapFieldMutation.tsx (1)
`20-20`: Ensure the 'Authorization' header is correctly formatted and the token is securely handled.packages/api/src/@core/webhook/webhook.controller.ts (3)
`34-34`: Ensure `JwtAuthGuard` and `ValidateUserGuard` are correctly configured to handle the specific authorization and validation needs of webhook retrieval. --- `44-51`: Verify the implementation of `updateWebhookStatus` to ensure it correctly checks the webhook ID against the user's permissions before updating. --- `61-64`: Ensure the `addWebhook` method correctly verifies the project ID from the user data before creating a webhook.apps/client-ts/src/hooks/mutations/useMagicLinkMutation.tsx (1)
`21-21`: Ensure the 'Authorization' header is correctly formatted and the token is securely handled.apps/client-ts/src/hooks/mutations/useProjectMutation.tsx (1)
`20-20`: Ensure the 'Authorization' header is correctly formatted and the token is securely handled.apps/client-ts/src/hooks/mutations/useWebhookMutation.tsx (1)
`20-20`: Ensure the 'Authorization' header is correctly formatted and the token is securely handled.apps/client-ts/src/hooks/mutations/useDefineFieldMutation.tsx (2)
`4-4`: Ensure secure usage of cookies for authorization tokens. --- `22-22`: Authorization header correctly uses bearer token from cookies for secure API calls.apps/client-ts/src/components/Nav/user-nav.tsx (2)
Line range hint `4-4`: Ensure secure usage of cookies for authorization tokens. --- Line range hint `4-4`: Cookies used for session management and logout functionality are implemented correctly.packages/api/src/@core/linked-users/linked-users.controller.ts (2)
`12-13`: JWT and custom user validation guards are correctly applied to secure the controller methods. --- `40-40`: Correct application of security guards for the `getLinkedUsers` method.apps/client-ts/src/hooks/mutations/useConnectionStrategyAuthCredentials.tsx (2)
`4-4`: Ensure secure usage of cookies for authorization tokens. --- `26-26`: Authorization header correctly uses bearer token from cookies for secure API calls.apps/client-ts/src/hooks/mutations/useConnectionStrategy.tsx (2)
`4-4`: Ensure secure usage of cookies for authorization tokens. --- `31-31`: Authorization header correctly uses bearer token from cookies for secure API calls.apps/client-ts/src/hooks/mutations/useDeleteConnectionStrategy.tsx (2)
`5-5`: Ensure secure usage of cookies for authorization tokens. --- `25-25`: Authorization header correctly uses bearer token from cookies for secure API calls.packages/api/src/@core/auth/auth.controller.ts (3)
`8-8`: Query decorator imported for enhanced query parameter handling in controller methods. --- `17-17`: Custom user validation guard added to enhance security in authentication-related operations. --- `70-75`: Security guards correctly applied to ensure that API key retrieval is protected and contextual.packages/api/src/@core/field-mapping/field-mapping.controller.ts (7)
`9-9`: JWT guard imported to secure field mapping operations. --- `26-26`: JWT guard correctly applied to secure the retrieval of field mapping entities. --- `38-38`: JWT guard correctly applied to secure the retrieval of field mapping attributes. --- `49-49`: JWT guard correctly applied to secure the retrieval of field mapping values. --- `62-62`: JWT guard correctly applied to secure the operation of defining target fields. --- `70-70`: JWT guard correctly applied to secure the operation of mapping fields to providers. --- `81-81`: JWT guard correctly applied to secure the retrieval of custom properties for providers.apps/client-ts/src/components/RootLayout/index.tsx (3)
`14-14`: Added import of `useProjects` hook. This change aligns with the PR's objective to enhance project-specific data handling by fetching projects data at the root layout level. --- `22-22`: Use of `useProjects` hook to fetch project data. This is a good use of React hooks to fetch and manage state related to projects, which is crucial for the application's functionality as described in the PR objectives. --- `22-22`: Setting the project ID in state when it is not already set. This logic ensures that the application has a current project ID set if available, which is important for contextual data fetching across the application.apps/client-ts/src/hooks/mutations/useUpdateConnectionStrategy.tsx (2)
`5-5`: Added import of `Cookies` from 'js-cookie'. This import is necessary for accessing cookies within the hook, specifically to retrieve the authorization token as seen in the subsequent changes. --- `31-31`: Added 'Authorization' header to API requests using the token from cookies. This is a critical security enhancement ensuring that the API requests are authenticated, aligning with the PR's objectives to enhance security.packages/api/src/@core/connections-strategies/connections-strategies.controller.ts (7)
`10-11`: Added `JwtAuthGuard` and `ValidateUserGuard` to the controller. The addition of these guards is crucial for ensuring that the endpoints are protected and that the user is validated against the project, which enhances security as intended by the PR. --- `29-29`: Applied `JwtAuthGuard` to the `createConnectionStrategy` method. This ensures that the method is protected by JWT authentication, which is essential for maintaining secure access to this endpoint. --- `50-50`: Applied `JwtAuthGuard` to the `toggleConnectionStrategy` method. Similar to the previous comment, applying the guard here ensures that only authenticated users can toggle connection strategies. --- `63-63`: Applied `JwtAuthGuard` to the `deleteConnectionStrategy` method. Continuing the pattern, this guard ensures that deletion of connection strategies is also protected by authentication. --- `78-78`: Applied `JwtAuthGuard` to the `updateConnectionStrategy` method. This guard is crucial for ensuring that updates to connection strategies are performed by authenticated users, aligning with security best practices. --- `97-97`: Applied `JwtAuthGuard` to the `getConnectionStrategyCredential` method. Ensuring that fetching connection strategy credentials is protected by authentication is vital for security. --- `134-135`: Applied `JwtAuthGuard` and `ValidateUserGuard` to the `getConnectionStrategiesForProject` method. This double layer of guards ensures that the method is not only protected by authentication but also validates the user against the project, which is excellent for security and data integrity.packages/api/src/@core/connections/connections.controller.ts (2)
`20-21`: Added `JwtAuthGuard` and `ValidateUserGuard` to the controller. The addition of these guards is essential for ensuring that the controller's methods are secure and that the user is validated properly, which enhances security as intended by the PR. --- `148-158`: Applied `JwtAuthGuard` and `ValidateUserGuard` to the `getConnections` method. This ensures that fetching connections is protected by both authentication and user validation against the project, which is crucial for security and data integrity.apps/client-ts/src/components/Connection/ConnectionTable.tsx (2)
`24-24`: Added import of `Cookies` from 'js-cookie'. This import is necessary for accessing cookies within the component, specifically to retrieve the authorization token as seen in the subsequent changes. --- `28-29`: Use of `idProject` from `useProjectStore` to fetch connections data. This change ensures that the connections data fetched is specific to the current project, enhancing both security and user experience by tailoring the data to the user's context.apps/client-ts/src/app/(Dashboard)/api-keys/page.tsx (2)
`39-39`: Added import of `Cookies` from 'js-cookie'. This import is necessary for accessing cookies within the component, specifically to retrieve the authorization token as seen in the subsequent changes. --- `57-60`: Use of `idProject` from `useProjectStore` to fetch API keys data. This change ensures that the API keys data fetched is specific to the current project, enhancing both security and user experience by tailoring the data to the user's context.apps/client-ts/src/components/Configuration/AddWebhook.tsx (1)
Line range hint `24-24`: Use of `idProject` from `useProjectStore` to add webhooks. This change ensures that the webhooks added are specific to the current project, enhancing both security and user experience by tailoring the data to the user's context.packages/api/src/@core/auth/auth.service.ts (1)
`63-70`: Modified `getApiKeys` method to require `user_id` and `project_id`. This change ensures that API keys are fetched specifically for an authenticated user and within the correct project context, enhancing security and ensuring that the data served is appropriate for the authenticated user.apps/client-ts/src/app/(Dashboard)/configuration/page.tsx (1)
`49-50`: Usage of `idProject` in hooks aligns with project-specific data fetching objectives. The integration of `idProject` as a parameter in hooks like `useLinkedUsers` and `useWebhooks` is correctly implemented and aligns with the PR's objectives to enhance security and functionality by ensuring data is fetched contextually.apps/client-ts/src/components/Configuration/FieldMappingModal.tsx (1)
`112-112`: Ensure `idProject` is used consistently for project-specific data fetching. The use of `idProject` in the `useLinkedUsers` hook within `FieldMappingModal.tsx` is consistent with the PR's objectives and ensures that the data fetched is relevant to the specific project.
⚠️ No Changeset found
Latest commit: 04b713f57a0779d97b7039854bc655a872122448
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
This PR includes no changesets
When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver typesClick here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR