-
Notifications
You must be signed in to change notification settings - Fork 7
Add Oauth Login #279
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Oauth Login #279
Conversation
Note Reviews pausedUse the following commands to manage reviews:
WalkthroughThe recent updates introduce a structured OAuth approach to enhance the application's authentication and authorization capabilities. This includes new environment variables for OAuth, improvements to development environment configurations, and a comprehensive update to the database schema for user management. Additionally, new services and handlers streamline the OAuth flow and improve JWT handling. Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant AuthHandler
participant AuthService
participant JwtService
User->>AuthHandler: Initiates OAuth login
AuthHandler->>AuthService: Redirects to OAuth provider
AuthService->>User: Redirects to provider's login page
User->>AuthService: Returns with authorization code
AuthService->>AuthHandler: Handles callback with code
AuthHandler->>AuthService: Validates state and retrieves user info
AuthService->>JwtService: Creates JWT for user
JwtService-->>AuthService: Returns JWT
AuthHandler-->>User: Sets cookie and redirects to app
sequenceDiagram
participant User
participant AuthHandler
participant AuthService
participant JwtStorage
User->>AuthHandler: Requests logout
AuthHandler->>AuthService: Calls logout function
AuthService->>JwtStorage: Removes user session
JwtStorage-->>AuthService: Confirms logout
AuthService-->>AuthHandler: Returns logout success
AuthHandler-->>User: Redirects to login page
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 5
Outside diff range, codebase verification and nitpick comments (5)
services/backend/src/resources/auth/http/redirect.go (1)
27-27
: Is there a specific reason for usinghttp.StatusFound
?Would
fiber.StatusFound
be more consistent with the rest of the Fiber framework usage?- c.Redirect(redirectUrl, http.StatusFound) + c.Redirect(redirectUrl, fiber.StatusFound)services/backend/src/resources/auth/service/callback.go (2)
9-13
: Could you clarify if the error message provides enough context?Would it be helpful to include more details in the error message to aid debugging?
- fmt.Println("CALLBACK ERROR") + fmt.Println("CALLBACK ERROR:", oauthUserErr)
20-22
: Could you clarify if the error message provides enough context?Would it be helpful to include more details in the error message to aid debugging?
- fmt.Println("JWT ERROR") + fmt.Println("JWT ERROR:", jwtErr)services/backend/src/resources/auth/http/callback.go (1)
26-27
: Would you consider improving the error logging?Using
fmt.Println
for logging errors might not be sufficient. Would you consider using a structured logging library to provide more context?- fmt.Println("#ERROR JWT / CALLBACK", err) + h.logger.Errorf("JWT Callback error: %v", err)services/go_app_modules/authentication-api/ressources/jwt/service/verify_jwt.go (1)
9-11
: Could you please update the function call inservices/backend/src/web-app/middlewares/authentication.go
to match the newVerifyJWT
signature?The current call uses two arguments, but the new signature only accepts one.
services/backend/src/web-app/middlewares/authentication.go
(line withjwtService.VerifyJWT
)Analysis chain
Could you please verify the function usage?
This function acts as a wrapper for another
VerifyJWT
function. Is there a specific reason for this design choice? Please ensure that all calls to this function are consistent with the new signature.Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify all function calls to `VerifyJWT` match the new signature. # Test: Search for the function usage. Expect: Only occurrences of the new signature. rg --type go -A 5 $'VerifyJWT'Length of output: 1814
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files ignored due to path filters (5)
services/backend/src/assets/swagger-css/gopher-coffee.gif
is excluded by!**/*.gif
services/go.work
is excluded by!**/*.work
services/go.work.sum
is excluded by!**/*.sum
services/go_app_modules/authentication-api/go.sum
is excluded by!**/*.sum
services/go_app_modules/user-api/go.sum
is excluded by!**/*.sum
Files selected for processing (37)
- .env (1 hunks)
- Makefile (1 hunks)
- docker-compose.dev.yaml (1 hunks)
- services/backend/src/assets/assets.go (1 hunks)
- services/backend/src/configuration/variables.go (1 hunks)
- services/backend/src/migrator/migration-files/1_add_extensions.up.sql (1 hunks)
- services/backend/src/resources/auth/http/callback.go (1 hunks)
- services/backend/src/resources/auth/http/handler.go (1 hunks)
- services/backend/src/resources/auth/http/logout.go (1 hunks)
- services/backend/src/resources/auth/http/redirect.go (1 hunks)
- services/backend/src/resources/auth/service/callback.go (1 hunks)
- services/backend/src/resources/auth/service/handler.go (1 hunks)
- services/backend/src/resources/auth/service/logout.go (1 hunks)
- services/backend/src/resources/auth/service/redirect.go (1 hunks)
- services/backend/src/resources/general/http/asset_gopher_coffee.go (1 hunks)
- services/backend/src/web-app/app.go (3 hunks)
- services/backend/src/web-app/handler.go (1 hunks)
- services/backend/src/web-app/middlewares/authentication.go (1 hunks)
- services/backend/src/web-app/routes.go (3 hunks)
- services/frontend/src/lib/components/SidebarAccount/sidebar-account.svelte (2 hunks)
- services/frontend/src/lib/components/SidebarNavigation/navigation.svelte (2 hunks)
- services/frontend/src/routes/(app)/+layout.svelte (2 hunks)
- services/go_app_modules/authentication-api/go.mod (1 hunks)
- services/go_app_modules/authentication-api/ressources/auth/service/callback.go (1 hunks)
- services/go_app_modules/authentication-api/ressources/auth/service/handler.go (1 hunks)
- services/go_app_modules/authentication-api/ressources/auth/service/logout.go (1 hunks)
- services/go_app_modules/authentication-api/ressources/auth/service/redirect.go (1 hunks)
- services/go_app_modules/authentication-api/ressources/auth/service/userinfo_model.go (1 hunks)
- services/go_app_modules/authentication-api/ressources/jwt/service/create_jwt.go (1 hunks)
- services/go_app_modules/authentication-api/ressources/jwt/service/handler.go (1 hunks)
- services/go_app_modules/authentication-api/ressources/jwt/service/model.go (1 hunks)
- services/go_app_modules/authentication-api/ressources/jwt/service/verify_jwt.go (1 hunks)
- services/go_app_modules/authentication-api/ressources/jwt/storage/handler.go (1 hunks)
- services/go_app_modules/basic-utils/configuration/util-functions.go (2 hunks)
- services/go_app_modules/user-api/go.mod (1 hunks)
- services/go_app_modules/user-api/ressources/user/service/handler.go (1 hunks)
- services/go_app_modules/user-api/ressources/user/storage/handler.go (1 hunks)
Files skipped from review due to trivial changes (4)
- services/backend/src/assets/assets.go
- services/go_app_modules/authentication-api/ressources/jwt/service/model.go
- services/go_app_modules/authentication-api/ressources/jwt/storage/handler.go
- services/go_app_modules/user-api/go.mod
Additional context used
Gitleaks
.env
17-17: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
18-18: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
Additional comments not posted (80)
services/backend/src/resources/auth/service/logout.go (1)
3-5
: Can you clarify hows.auth.Logout
handles errors?It would be helpful to understand the error handling mechanism of
s.auth.Logout()
to ensure robustness.services/backend/src/resources/auth/service/redirect.go (1)
3-5
: Can you clarify hows.auth.CreateRedirect
handles the state parameter?It would be helpful to understand how
s.auth.CreateRedirect(state)
processes the state parameter to ensure it is handled securely.services/go_app_modules/authentication-api/ressources/auth/service/logout.go (1)
5-7
: Is it necessary to logoauthLogoutEP
?Logging sensitive information like
oauthLogoutEP
could be a security concern. Would it be possible to remove this log statement if it's not essential?services/go_app_modules/authentication-api/ressources/auth/service/redirect.go (1)
5-7
: Iss.config
properly initialized before callingCreateRedirect
? This ensures that theAuthCodeURL
method works correctly.Could you verify how the
state
parameter is generated and ensure it is securely handled to prevent CSRF attacks?services/go_app_modules/authentication-api/go.mod (3)
6-6
: Isgithub.com/go-sqlx/sqlx
being used effectively in the codebase? This dependency is for SQL database interaction.
7-7
: Isgithub.com/golang-jwt/jwt
being used effectively in the codebase? This dependency is for handling JSON Web Tokens.
8-8
: Isgolang.org/x/oauth2
being used effectively in the codebase? This dependency is for OAuth 2.0 authentication flows.services/go_app_modules/user-api/ressources/user/storage/handler.go (2)
5-7
: Is thedb
field inAuthStorage
being correctly utilized and initialized? This ensures proper database interaction.
9-13
: Is thedb
parameter passed toNewAuthStorage
valid and correctly initialized? This ensures proper database interaction.services/go_app_modules/user-api/ressources/user/service/handler.go (3)
3-5
: Is theUserService
struct correctly defined?The
UserService
struct looks good. Is there any specific reason for not including additional fields or methods at this stage?
7-11
: Is theNewUserService
function correctly defined?The
NewUserService
function looks good. Is there any specific reason for not including additional initialization logic at this stage?
13-14
: Is theUserStore
interface intentionally left empty?The
UserStore
interface is currently empty. Is this intentional for future expansion, or are there methods that need to be defined here?services/backend/src/resources/general/http/asset_gopher_coffee.go (1)
8-11
: Is theAssetGopherCoffee
function correctly defined?The
AssetGopherCoffee
function looks good. Is there any specific reason for sending the asset as a string instead of a byte slice?services/backend/src/resources/auth/http/handler.go (2)
7-9
: Is theAuthHandler
struct correctly defined?The
AuthHandler
struct looks good. Is there any specific reason for not including additional fields or methods at this stage?
11-15
: Is theNewAuthHandler
function correctly defined?The
NewAuthHandler
function looks good. Is there any specific reason for not including additional initialization logic at this stage?services/backend/src/web-app/handler.go (2)
5-9
: This looks good to me!The
AuthHandler
interface is well-defined and aligns with the typical responsibilities of an authentication handler.
14-14
: This looks good to me!The addition of the
AssetGopherCoffee
method aligns with the existing methods in theGeneralHandler
interface.services/go_app_modules/authentication-api/ressources/jwt/service/handler.go (1)
15-16
: Could you provide more details on the methods intended for this interface?The
JwtStorage
interface is currently empty. It would be helpful to know the methods that are intended to be part of this interface.services/go_app_modules/authentication-api/ressources/auth/service/userinfo_model.go (5)
3-12
: Could you clarify the purpose of each field in the struct?The struct
AuthentikUserInfo
has several fields. Are all these fields necessary for the OAuth implementation? For example,Nickname
andGroups
might not be required in all cases.
4-4
: Is theID
field secure?The
ID
field is a string representing the user's unique identifier. Is this field securely generated and unique across different providers?
5-6
: Are there any concerns with storing email information?The
EmailVerified
fields store email information. Are there any privacy concerns or regulations that need to be considered when storing this information?
7-10
: Can you explain the difference betweenName
,DisplayName
, andPreferredUsername
?The struct contains fields for
Name
,DisplayName
, andPreferredUsername
. Could you provide more details on how these fields are used differently?
11-11
: What is the purpose of theGroups
field?The
Groups
field is a slice of strings. Could you explain how this field is used and whether it is necessary for the OAuth implementation?services/backend/src/migrator/migration-files/1_add_extensions.up.sql (4)
1-1
: Is theuuid-ossp
extension necessary?The
uuid-ossp
extension is used for generating UUIDs. Are there any specific reasons for choosing this extension over other UUID generation methods?
3-3
: Is theidentity_provider
ENUM type extensible?The ENUM type
identity_provider
currently has a single value 'Authentik'. Are there plans to add more identity providers in the future? How will this ENUM type be updated?
5-8
: Is theusername
column length sufficient?The
username
column is defined asVARCHAR(255)
. Is this length sufficient for all possible usernames? Are there any constraints on the format of usernames?
10-17
: Can you explain the composite primary key choice?The
user_identities
table uses a composite primary key ofprovider
andprovider_user_id
. Could you explain the reasoning behind this choice and its impact on performance?services/go_app_modules/authentication-api/ressources/jwt/service/create_jwt.go (3)
10-15
: Are the JWT claims sufficient?The JWT claims include
user-uuid
,exp
, andauthorized
. Are these claims sufficient for the application's requirements? Are there any additional claims needed?
17-17
: Is the signing method secure?The JWT is signed using
HS256
. Is this signing method secure enough for the application's requirements? Have other signing methods been considered?
19-23
: Is the error handling sufficient?The error handling prints an error message and returns an empty string and the error. Is this error handling sufficient? Should the error be logged more comprehensively?
services/backend/src/resources/auth/http/redirect.go (1)
19-19
: Could you clarify ifCreateRedirect
handles invalid states?What happens if the state is invalid or the redirect URL is not properly formed?
services/backend/src/resources/auth/service/handler.go (1)
9-13
: Is theuser
field intentionally left uninitialized in the constructor?Should the
user
field be initialized in theNewAuthService
constructor for consistency?services/backend/src/resources/auth/service/callback.go (1)
16-18
: Is theUserUuid
field the only required field for JWT creation?Are there any additional fields that should be included in the
JwtDataModel
for better security or functionality?services/go_app_modules/authentication-api/ressources/auth/service/handler.go (2)
13-33
: Are you handling sensitive information securely?The
OAuthKey
andOAuthSecret
are passed as plain strings. Are these values securely stored and retrieved (e.g., from environment variables or a secrets manager)?
13-33
: LGTM!The function correctly initializes the OAuth configuration and returns an
AuthService
instance.services/backend/src/web-app/middlewares/authentication.go (3)
12-16
: Could the extraction logic for theAuthorization
header be improved?The current logic assumes that the
Authorization
header is always present if the cookie is not. Should we add a check to ensure the header is properly formatted and contains a token?
18-22
: LGTM!The error handling for JWT verification is clear and robust.
25-25
: Is storingjwt-token
in the request context secure?Storing
jwt-token
in the request context is a good practice. Are there any additional security measures in place to protect this data?services/go_app_modules/authentication-api/ressources/auth/service/callback.go (4)
10-16
: Should we enhance error logging?The error logging for the token exchange is minimal. Would it be beneficial to log more details for debugging purposes?
18-22
: LGTM!The function correctly fetches user info using the OAuth token.
25-28
: Is the error handling for reading response body sufficient?The error handling for reading the response body is good. Are there any additional steps we should consider to handle edge cases?
30-33
: LGTM!The JSON unmarshalling and error handling are correctly implemented.
services/backend/src/resources/auth/http/callback.go (3)
16-18
: Could you verify the state validation logic?The state validation is crucial for security. Can you ensure that the
oauthstate
cookie is securely set and handled?
25-28
: Can you confirm the JWT token handling?If the
jwtToken
is empty or an error occurs, it should be handled more explicitly. Would you consider providing a more detailed error message to the user?
11-38
: LGTM!The code changes are approved.
services/frontend/src/lib/components/SidebarNavigation/navigation.svelte (3)
9-16
: Could you verify the URLs of the new navigation links?The new navigation links for "Swagger," "Oauth," and "Logout" look good. Can you ensure that these URLs are correct and functional?
9-16
: LGTM!The code changes are approved.
35-36
: LGTM!The styling changes are approved.
services/backend/src/web-app/routes.go (4)
24-26
: Could you verify the new OAuth routes and handlers?The new routes for OAuth redirect, callback, and logout look good. Can you ensure that the corresponding handlers are correctly implemented and functional?
24-26
: LGTM!The code changes are approved.
28-30
: Could you verify the middleware functionality?The authentication middleware looks good. Can you ensure that it correctly protects the new routes?
43-47
: LGTM!The code changes are approved.
services/go_app_modules/authentication-api/ressources/jwt/service/verify_jwt.go (4)
13-24
: Is the signing key handling secure?The signing key is returned as a byte slice. Could you confirm that this approach is secure and follows best practices for key management?
30-33
: Could you ensure the claims are handled securely?The claims are cast to
jwt.MapClaims
and checked for validity. Are there any additional checks or sanitization steps needed to ensure the claims are secure and trustworthy?
37-39
: Could you confirm the handling of theauthorized
claim?The function checks if the
authorized
claim is true. Is this sufficient for your authorization logic? Are there any additional checks or context needed here?
41-43
: Could you confirm the type assertion foruser-uuid
?The
user-uuid
claim is cast to a string. Is it guaranteed that this claim will always be a string? Are there any edge cases that need to be handled?.env (9)
15-15
: Could you confirm the variable name change?The variable
APP_SECURITY_JWT_SECRET
has been replaced withAPP_AUTHORIZATION_JWT_SECRET
. Is this change consistent with the updated focus on authorization throughout the codebase?
17-17
: Could you ensure the OAuth client key is securely managed?The OAuth client key is stored in an environment variable. Are there any additional security measures in place to protect this key from exposure?
Tools
Gitleaks
17-17: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
18-18
: Could you ensure the OAuth client secret is securely managed?The OAuth client secret is stored in an environment variable. Are there any additional security measures in place to protect this secret from exposure?
Tools
Gitleaks
18-18: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
19-19
: Could you confirm the OAuth authorization URL configuration?The OAuth authorization URL is set to
http://localhost:9000/application/o/authorize/
. Is this URL correctly configured and accessible in your environment?
20-20
: Could you confirm the OAuth token URL configuration?The OAuth token URL is set to
http://authentik-server:9000/application/o/token/
. Is this URL correctly configured and accessible in your environment?
21-21
: Could you confirm the OAuth redirect URL configuration?The OAuth redirect URL is set to
http://web.localhost/api/v1/oauth/callback
. Is this URL correctly configured and accessible in your environment?
22-22
: Could you confirm the OAuth user info URL configuration?The OAuth user info URL is set to
http://authentik-server:9000/application/o/userinfo/
. Is this URL correctly configured and accessible in your environment?
23-23
: Could you confirm the OAuth logout URL configuration?The OAuth logout URL is set to
http://localhost:9000/application/o/gosvelte/end-session/
. Is this URL correctly configured and accessible in your environment?
24-24
: Could you confirm the OAuth scopes configuration?The OAuth scopes are set to
email openid profile
. Are these scopes correctly configured and aligned with your application's requirements?services/go_app_modules/basic-utils/configuration/util-functions.go (1)
17-31
: Could you confirm the function logic?The function retrieves an environment variable as a slice of strings. Is the logic for splitting and trimming the values correct and efficient? Are there any edge cases that need to be handled?
services/frontend/src/lib/components/SidebarAccount/sidebar-account.svelte (4)
7-7
: Is the class name update intended to improve specificity?The class name for the main content element has been updated to
sidebar-account-content-element
. Could you confirm if this change is aimed at improving CSS specificity and styling?
12-12
: Is the additional class attribute for targeted styling?The
Menu
component now includes an additionalclass="menu"
attribute. Is this change intended to allow for more targeted CSS styling?
20-24
: Is the logout functionality now API-driven?The logout link's
href
attribute has been altered from a relative path (/logout
) to an absolute API endpoint (/api/v1/oauth/logout
). Does this change indicate a shift towards an API-driven logout functionality?
54-57
: Are the styling updates aimed at improving user interaction?Styling updates have been introduced, including hover effects for buttons within the menu and global styles for button hover states and SVG colors. Are these changes aimed at enhancing user interaction feedback and visual consistency?
Makefile (1)
6-6
: Are the new services added to enhance the development environment?The
dev
target now includesauthentik-server
andauthentik-worker
services. Is this change intended to enhance the development environment by including authentication services?services/frontend/src/routes/(app)/+layout.svelte (2)
Line range hint
41-43
:
Is the global context for body styles intended for consistent application?The
body
selector has been changed from a direct definition to a global context using:global(body)
. Is this change intended to ensure consistent application of background and font colors globally?
Line range hint
45-45
:
Is the streamlined sidebar background color rule for clarity?The sidebar's background color rule has been streamlined by eliminating unnecessary conflict markers. Is this change intended to result in a cleaner declaration and ensure proper application of styles across the application?
services/backend/src/configuration/variables.go (3)
11-11
: Is SSL/TLS configuration in place?The
WEBSERVER_PORT
has been changed to 443, which is typically used for HTTPS. Do you have SSL/TLS configuration set up to support this change?
25-32
: Are OAuth variables used securely?New OAuth-related variables have been added. Are these variables used consistently and securely across the codebase? Specifically, how is the
AUTHORIZATION_OAUTH_SECRET
managed to ensure it is not exposed?
35-42
: How are certificate-related variables managed?New certificate-related variables have been added. Are these variables used consistently and securely across the codebase? How is the certificate management handled to ensure security?
services/backend/src/web-app/app.go (3)
34-34
: IsAuthHandler
correctly initialized and used?A new
AuthHandler
field has been added to theApp
struct. Can you confirm that it is correctly initialized and used within the application?
49-65
: Are new services correctly initialized and integrated?The
NewApp
function has been updated to initialize several new services related to authentication and JWT. Are these services correctly initialized and integrated? How is sensitive information managed to ensure security?
119-126
: Are new configuration variables correctly used?The
RunApp
function has been updated to use the new configuration variables. Can you confirm that these variables are correctly used and that errors are handled appropriately?docker-compose.dev.yaml (1)
1-3
: Is the external configuration file correctly included?The change enables the inclusion of the
docker-compose.authentik.yaml
file. Can you confirm that this file is correctly included and used? Are there any potential issues with the environment setup?
services/go_app_modules/authentication-api/ressources/jwt/service/handler.go
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files ignored due to path filters (1)
services/backend/go.sum
is excluded by!**/*.sum
Files selected for processing (10)
- services/backend/go.mod (3 hunks)
- services/backend/src/resources/auth/service/handler.go (1 hunks)
- services/frontend/src/lib/components/SidebarAccount/sidebar-account.svelte (2 hunks)
- services/frontend/src/lib/i18n/de.json (1 hunks)
- services/frontend/src/lib/i18n/en.json (1 hunks)
- services/frontend/src/lib/stores/darkmode.ts (3 hunks)
- services/frontend/src/lib/theme/general.sass (1 hunks)
- services/frontend/src/lib/theme/variables.scss (3 hunks)
- services/frontend/src/routes/(app)/+layout.svelte (4 hunks)
- services/frontend/src/routes/(app)/settings/+page.svelte (2 hunks)
Files skipped from review due to trivial changes (1)
- services/frontend/src/lib/i18n/en.json
Files skipped from review as they are similar to previous changes (3)
- services/backend/src/resources/auth/service/handler.go
- services/frontend/src/lib/components/SidebarAccount/sidebar-account.svelte
- services/frontend/src/routes/(app)/+layout.svelte
Additional comments not posted (16)
services/frontend/src/lib/theme/general.sass (3)
15-17
: Looks good!The use of CSS variables for background and border color enhances maintainability and consistency. Did you ensure that these variables are defined and used correctly across the project?
18-21
: Nice improvement!The hover effect and color styling enhance user interaction feedback. Are these changes consistent with the overall theme of the application?
22-26
: Looks great!The emphasis on the red color and bold font weight, along with the hover effect, provides a clear visual emphasis. Did you verify the visual consistency across different components?
services/frontend/src/lib/i18n/de.json (2)
27-27
: Great addition!The new entry for
device_description
enhances clarity regarding device-specific settings. Did you ensure the translation is accurate and consistent with the rest of the file?
35-35
: Is the removal of the description field intentional?The removal of the
description
field under thetheme
section may streamline user interaction. Did you verify that this removal does not negatively impact user understanding?services/frontend/src/lib/theme/variables.scss (3)
7-8
: Nice addition!The new CSS custom properties for color management enhance the flexibility of the theme. Did you ensure these variables are used correctly throughout the project?
30-31
: Good consistency!The new CSS custom properties for dark mode ensure visual consistency across different themes. Did you verify that these changes are consistent with the light mode properties?
21-23
: Great enhancement!The new CSS custom properties for sidebar styling provide more options for customization. Did you ensure these changes are consistent across both light and dark modes?
Also applies to: 44-46
services/frontend/src/lib/stores/darkmode.ts (2)
38-49
: Iswindow
always available in all contexts?Could there be any contexts where
window
might not be available, such as during server-side rendering or in environments without a window object? How do you plan to handle such cases?
38-49
: The logic for theme detection looks good!The method
isThemeSetOrAutoDetect
correctly checks for the theme cookie and useswindow.matchMedia
to determine the user's preferred color scheme if the cookie is absent.services/frontend/src/routes/(app)/settings/+page.svelte (2)
32-32
: The addition of the<span>
element looks good!The
<span>
element displaying the device description enhances the user interface by providing more context to the user regarding device settings.
61-65
: The style adjustments look good!The styles for the
<span>
element and the.menu
class improve the layout and visibility of the elements.services/backend/go.mod (4)
10-10
: The addition ofgithub.com/uvulpos/go-svelte/authentication-api
looks good!The addition of this dependency indicates the inclusion of an authentication API, which is essential for OAuth login. The replacement with a local path suggests local development or testing.
Also applies to: 16-16
29-29
: The addition ofgithub.com/golang-jwt/jwt
looks good!The addition of this dependency suggests the use of JWT for handling authentication tokens, which is a common practice in OAuth implementations.
50-50
: The addition ofgolang.org/x/oauth2
looks good!The addition of this dependency indicates the use of the OAuth2 library for handling OAuth flows, which is essential for the implementation of OAuth login.
10-10
: The overall changes to thego.mod
file look good!The new dependencies are added correctly, and the overall structure of the
go.mod
file remains intact.Also applies to: 16-16, 29-29, 50-50
fyi: I pause pr reviews to spare energy and efforts for a non ready pr. This pr is still an epic and will take some work in progress commits to be finished. And also it annoys me at this stage to have a cluttered log |
@coderabbitai full review |
Actions performedFull review triggered. |
services/backend/src/migrator/migration-files/2_add_user.down.sql
Outdated
Show resolved
Hide resolved
…template into feat/add-oauth
|
CREATE TYPE app_language IF NOT EXISTS AS ENUM (); | ||
ALTER TYPE app_language ADD VALUE 'en'; | ||
ALTER TYPE app_language ADD VALUE 'de'; | ||
|
||
CREATE TYPE app_theme IF NOT EXISTS AS ENUM (); | ||
ALTER TYPE app_theme ADD VALUE 'lightmode'; | ||
ALTER TYPE app_theme ADD VALUE 'darkmode'; | ||
|
||
CREATE TABLE user_settings ( | ||
id UUID PRIMARY KEY DEFAULT gen_random_uuid(), | ||
user_id UUID NOT NULL, | ||
app_language identity_provider NOT NULL DEFAULT 'en', | ||
app_theme app_theme NOT NULL DEFAULT 'lightmode', | ||
FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE, | ||
UNIQUE (id, user_id) | ||
); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not used, maybe delete or introduce later
CREATE OR REPLACE FUNCTION get_user_permissions(p_user_id UUID) | ||
RETURNS JSONB AS $$ | ||
BEGIN | ||
RETURN ( | ||
WITH RECURSIVE role_hierarchy AS ( | ||
-- Base case: Get all roles directly assigned to the user | ||
SELECT | ||
ur.user_id, | ||
r.id AS role_id | ||
FROM user_roles ur | ||
JOIN roles r ON ur.role_id = r.id | ||
WHERE ur.user_id = p_user_id | ||
UNION | ||
|
||
-- Recursive case: Get all roles that are inherited from other roles | ||
SELECT | ||
rh.user_id, | ||
r2.id AS role_id | ||
FROM role_hierarchy rh | ||
JOIN roles r1 ON rh.role_id = r1.id | ||
JOIN roles r2 ON r1.inherit_from = r2.id | ||
) | ||
SELECT | ||
jsonb_agg(DISTINCT p.identifier) AS permissions | ||
FROM role_hierarchy rh | ||
JOIN role_permissions rp ON rh.role_id = rp.role_id | ||
JOIN permissions p ON rp.permission_id = p.id | ||
); | ||
END; | ||
$$ LANGUAGE plpgsql; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have to refactor sql structure. Roles should be inherit from multiple roles instead of just one
Todos:
Summary by CodeRabbit
Summary by CodeRabbit
New Features
Bug Fixes
Documentation
Chores