Add Oauth Login #279

uvulpos · 2024-08-03T13:43:33Z

Todos:

Summary by CodeRabbit

New Features
- Introduced OAuth support for user authentication, enabling integration with various OAuth providers.
- Added new environment variables to manage OAuth configurations securely.
- Implemented a secure logout functionality for users.
- Created a robust system for managing user identities linked to different identity providers.
- Enhanced the theme management system with automatic theme detection based on user preferences.
- Enhanced error handling for user permission validation and authentication processes.
- Improved user interface clarity through updated localization files.
Bug Fixes
- Enhanced validation checks during OAuth callback handling to ensure session integrity.
Documentation
- Updated configuration documentation to reflect new environment variables and usage scenarios.
Chores
- Improved the development environment setup by adding additional services for testing authentication workflows.

coderabbitai · 2024-08-03T13:43:50Z

Note

Reviews paused

Use the following commands to manage reviews:

@coderabbitai resume to resume automatic reviews.
@coderabbitai review to trigger a single review.

Walkthrough

The recent updates introduce a structured OAuth approach to enhance the application's authentication and authorization capabilities. This includes new environment variables for OAuth, improvements to development environment configurations, and a comprehensive update to the database schema for user management. Additionally, new services and handlers streamline the OAuth flow and improve JWT handling.

Changes

Files	Change Summary
`.env`, `services/backend/src/configuration/variables.go`, `services/backend/src/migrator/migration-files/2_add_user.up.sql`	Added new OAuth-related environment variables and updated `WEBSERVER_PORT` to 443 for HTTPS. Introduced a new database schema for managing user identities and relationships.
`Makefile`, `docker-compose.dev.yaml`	Updated `Makefile` to include new authentication services in the development environment and enabled the inclusion of external Docker configurations.
`services/backend/src/resources/auth/http/*.go`	Introduced new handler files for OAuth callbacks, logout functionality, and redirect management, enhancing modularity in user authentication flows.
`services/backend/src/resources/auth/service/*.go`	Added services for managing authentication logic, including callback handling, JWT creation, and user information management, with new data models and methods for user identities and tokens.
`services/go_app_modules/authentication-api/go.mod`, `services/go_app_modules/authentication-api/resources/auth/service/*.go`	Established user service and storage abstractions to decouple user data management from implementation specifics, facilitating easier maintenance and testing.
`services/go_app_modules/basic-utils/configuration/util-functions.go`	Added a utility function for retrieving environment variables as string arrays, improving configuration handling.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant AuthHandler
    participant AuthService
    participant JwtService

    User->>AuthHandler: Initiates OAuth login
    AuthHandler->>AuthService: Redirects to OAuth provider
    AuthService->>User: Redirects to provider's login page
    User->>AuthService: Returns with authorization code
    AuthService->>AuthHandler: Handles callback with code
    AuthHandler->>AuthService: Validates state and retrieves user info
    AuthService->>JwtService: Creates JWT for user
    JwtService-->>AuthService: Returns JWT
    AuthHandler-->>User: Sets cookie and redirects to app

sequenceDiagram
    participant User
    participant AuthHandler
    participant AuthService
    participant JwtStorage

    User->>AuthHandler: Requests logout
    AuthHandler->>AuthService: Calls logout function
    AuthService->>JwtStorage: Removes user session
    JwtStorage-->>AuthService: Confirms logout
    AuthService-->>AuthHandler: Returns logout success
    AuthHandler-->>User: Redirects to login page

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
-- I pushed a fix in commit <commit_id>, please review it.
-- Generate unit testing code for this file.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
-- @coderabbitai generate unit testing code for this file.
-- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
-- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
-- @coderabbitai read src/utils.ts and generate unit testing code.
-- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
-- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

coderabbitai

Actionable comments posted: 5

Outside diff range, codebase verification and nitpick comments (5)

services/backend/src/resources/auth/http/redirect.go (1)
27-27: Is there a specific reason for using http.StatusFound?

Would fiber.StatusFound be more consistent with the rest of the Fiber framework usage?
-  c.Redirect(redirectUrl, http.StatusFound)
+  c.Redirect(redirectUrl, fiber.StatusFound)
services/backend/src/resources/auth/service/callback.go (2)
9-13: Could you clarify if the error message provides enough context?

Would it be helpful to include more details in the error message to aid debugging?
-  fmt.Println("CALLBACK ERROR")
+  fmt.Println("CALLBACK ERROR:", oauthUserErr)
20-22: Could you clarify if the error message provides enough context?

Would it be helpful to include more details in the error message to aid debugging?
-  fmt.Println("JWT ERROR")
+  fmt.Println("JWT ERROR:", jwtErr)
services/backend/src/resources/auth/http/callback.go (1)
26-27: Would you consider improving the error logging?

Using fmt.Println for logging errors might not be sufficient. Would you consider using a structured logging library to provide more context?
-  fmt.Println("#ERROR JWT / CALLBACK", err)
+  h.logger.Errorf("JWT Callback error: %v", err)
services/go_app_modules/authentication-api/ressources/jwt/service/verify_jwt.go (1)
9-11: Could you please update the function call in services/backend/src/web-app/middlewares/authentication.go to match the new VerifyJWT signature?

The current call uses two arguments, but the new signature only accepts one.

services/backend/src/web-app/middlewares/authentication.go (line with jwtService.VerifyJWT)

Analysis chain

Could you please verify the function usage?

This function acts as a wrapper for another VerifyJWT function. Is there a specific reason for this design choice? Please ensure that all calls to this function are consistent with the new signature.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify all function calls to `VerifyJWT` match the new signature.

# Test: Search for the function usage. Expect: Only occurrences of the new signature.
rg --type go -A 5 $'VerifyJWT'
Length of output: 1814

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between aaed4cd and 51f2820.

Files ignored due to path filters (5)

services/backend/src/assets/swagger-css/gopher-coffee.gif is excluded by !**/*.gif
services/go.work is excluded by !**/*.work
services/go.work.sum is excluded by !**/*.sum
services/go_app_modules/authentication-api/go.sum is excluded by !**/*.sum
services/go_app_modules/user-api/go.sum is excluded by !**/*.sum

Files selected for processing (37)

.env (1 hunks)
Makefile (1 hunks)
docker-compose.dev.yaml (1 hunks)
services/backend/src/assets/assets.go (1 hunks)
services/backend/src/configuration/variables.go (1 hunks)
services/backend/src/migrator/migration-files/1_add_extensions.up.sql (1 hunks)
services/backend/src/resources/auth/http/callback.go (1 hunks)
services/backend/src/resources/auth/http/handler.go (1 hunks)
services/backend/src/resources/auth/http/logout.go (1 hunks)
services/backend/src/resources/auth/http/redirect.go (1 hunks)
services/backend/src/resources/auth/service/callback.go (1 hunks)
services/backend/src/resources/auth/service/handler.go (1 hunks)
services/backend/src/resources/auth/service/logout.go (1 hunks)
services/backend/src/resources/auth/service/redirect.go (1 hunks)
services/backend/src/resources/general/http/asset_gopher_coffee.go (1 hunks)
services/backend/src/web-app/app.go (3 hunks)
services/backend/src/web-app/handler.go (1 hunks)
services/backend/src/web-app/middlewares/authentication.go (1 hunks)
services/backend/src/web-app/routes.go (3 hunks)
services/frontend/src/lib/components/SidebarAccount/sidebar-account.svelte (2 hunks)
services/frontend/src/lib/components/SidebarNavigation/navigation.svelte (2 hunks)
services/frontend/src/routes/(app)/+layout.svelte (2 hunks)
services/go_app_modules/authentication-api/go.mod (1 hunks)
services/go_app_modules/authentication-api/ressources/auth/service/callback.go (1 hunks)
services/go_app_modules/authentication-api/ressources/auth/service/handler.go (1 hunks)
services/go_app_modules/authentication-api/ressources/auth/service/logout.go (1 hunks)
services/go_app_modules/authentication-api/ressources/auth/service/redirect.go (1 hunks)
services/go_app_modules/authentication-api/ressources/auth/service/userinfo_model.go (1 hunks)
services/go_app_modules/authentication-api/ressources/jwt/service/create_jwt.go (1 hunks)
services/go_app_modules/authentication-api/ressources/jwt/service/handler.go (1 hunks)
services/go_app_modules/authentication-api/ressources/jwt/service/model.go (1 hunks)
services/go_app_modules/authentication-api/ressources/jwt/service/verify_jwt.go (1 hunks)
services/go_app_modules/authentication-api/ressources/jwt/storage/handler.go (1 hunks)
services/go_app_modules/basic-utils/configuration/util-functions.go (2 hunks)
services/go_app_modules/user-api/go.mod (1 hunks)
services/go_app_modules/user-api/ressources/user/service/handler.go (1 hunks)
services/go_app_modules/user-api/ressources/user/storage/handler.go (1 hunks)

Files skipped from review due to trivial changes (4)

services/backend/src/assets/assets.go
services/go_app_modules/authentication-api/ressources/jwt/service/model.go
services/go_app_modules/authentication-api/ressources/jwt/storage/handler.go
services/go_app_modules/user-api/go.mod

Additional context used

Gitleaks

.env

17-17: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

18-18: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

Additional comments not posted (80)

services/backend/src/resources/auth/service/logout.go (1)

3-5: Can you clarify how s.auth.Logout handles errors?

It would be helpful to understand the error handling mechanism of s.auth.Logout() to ensure robustness.

services/backend/src/resources/auth/service/redirect.go (1)

3-5: Can you clarify how s.auth.CreateRedirect handles the state parameter?

It would be helpful to understand how s.auth.CreateRedirect(state) processes the state parameter to ensure it is handled securely.

services/go_app_modules/authentication-api/ressources/auth/service/logout.go (1)

5-7: Is it necessary to log oauthLogoutEP?

Logging sensitive information like oauthLogoutEP could be a security concern. Would it be possible to remove this log statement if it's not essential?

services/go_app_modules/authentication-api/ressources/auth/service/redirect.go (1)

5-7: Is s.config properly initialized before calling CreateRedirect? This ensures that the AuthCodeURL method works correctly.

Could you verify how the state parameter is generated and ensure it is securely handled to prevent CSRF attacks?

services/go_app_modules/authentication-api/go.mod (3)

6-6: Is github.com/go-sqlx/sqlx being used effectively in the codebase? This dependency is for SQL database interaction.

7-7: Is github.com/golang-jwt/jwt being used effectively in the codebase? This dependency is for handling JSON Web Tokens.

8-8: Is golang.org/x/oauth2 being used effectively in the codebase? This dependency is for OAuth 2.0 authentication flows.

services/go_app_modules/user-api/ressources/user/storage/handler.go (2)

5-7: Is the db field in AuthStorage being correctly utilized and initialized? This ensures proper database interaction.

9-13: Is the db parameter passed to NewAuthStorage valid and correctly initialized? This ensures proper database interaction.

services/go_app_modules/user-api/ressources/user/service/handler.go (3)

3-5: Is the UserService struct correctly defined?

The UserService struct looks good. Is there any specific reason for not including additional fields or methods at this stage?

7-11: Is the NewUserService function correctly defined?

The NewUserService function looks good. Is there any specific reason for not including additional initialization logic at this stage?

13-14: Is the UserStore interface intentionally left empty?

The UserStore interface is currently empty. Is this intentional for future expansion, or are there methods that need to be defined here?

services/backend/src/resources/general/http/asset_gopher_coffee.go (1)

8-11: Is the AssetGopherCoffee function correctly defined?

The AssetGopherCoffee function looks good. Is there any specific reason for sending the asset as a string instead of a byte slice?

services/backend/src/resources/auth/http/handler.go (2)

7-9: Is the AuthHandler struct correctly defined?

The AuthHandler struct looks good. Is there any specific reason for not including additional fields or methods at this stage?

11-15: Is the NewAuthHandler function correctly defined?

The NewAuthHandler function looks good. Is there any specific reason for not including additional initialization logic at this stage?

services/backend/src/web-app/handler.go (2)

5-9: This looks good to me!

The AuthHandler interface is well-defined and aligns with the typical responsibilities of an authentication handler.

14-14: This looks good to me!

The addition of the AssetGopherCoffee method aligns with the existing methods in the GeneralHandler interface.

services/go_app_modules/authentication-api/ressources/jwt/service/handler.go (1)

15-16: Could you provide more details on the methods intended for this interface?

The JwtStorage interface is currently empty. It would be helpful to know the methods that are intended to be part of this interface.

services/go_app_modules/authentication-api/ressources/auth/service/userinfo_model.go (5)

3-12: Could you clarify the purpose of each field in the struct?

The struct AuthentikUserInfo has several fields. Are all these fields necessary for the OAuth implementation? For example, Nickname and Groups might not be required in all cases.

4-4: Is the ID field secure?

The ID field is a string representing the user's unique identifier. Is this field securely generated and unique across different providers?

5-6: Are there any concerns with storing email information?

The Email and EmailVerified fields store email information. Are there any privacy concerns or regulations that need to be considered when storing this information?

7-10: Can you explain the difference between Name, DisplayName, and PreferredUsername?

The struct contains fields for Name, DisplayName, and PreferredUsername. Could you provide more details on how these fields are used differently?

11-11: What is the purpose of the Groups field?

The Groups field is a slice of strings. Could you explain how this field is used and whether it is necessary for the OAuth implementation?

services/backend/src/migrator/migration-files/1_add_extensions.up.sql (4)

1-1: Is the uuid-ossp extension necessary?

The uuid-ossp extension is used for generating UUIDs. Are there any specific reasons for choosing this extension over other UUID generation methods?

3-3: Is the identity_provider ENUM type extensible?

The ENUM type identity_provider currently has a single value 'Authentik'. Are there plans to add more identity providers in the future? How will this ENUM type be updated?

5-8: Is the username column length sufficient?

The username column is defined as VARCHAR(255). Is this length sufficient for all possible usernames? Are there any constraints on the format of usernames?

10-17: Can you explain the composite primary key choice?

The user_identities table uses a composite primary key of provider and provider_user_id. Could you explain the reasoning behind this choice and its impact on performance?

services/go_app_modules/authentication-api/ressources/jwt/service/create_jwt.go (3)

10-15: Are the JWT claims sufficient?

The JWT claims include user-uuid, exp, and authorized. Are these claims sufficient for the application's requirements? Are there any additional claims needed?

17-17: Is the signing method secure?

The JWT is signed using HS256. Is this signing method secure enough for the application's requirements? Have other signing methods been considered?

19-23: Is the error handling sufficient?

The error handling prints an error message and returns an empty string and the error. Is this error handling sufficient? Should the error be logged more comprehensively?

services/backend/src/resources/auth/http/redirect.go (1)

19-19: Could you clarify if CreateRedirect handles invalid states?

What happens if the state is invalid or the redirect URL is not properly formed?

services/backend/src/resources/auth/service/handler.go (1)

9-13: Is the user field intentionally left uninitialized in the constructor?

Should the user field be initialized in the NewAuthService constructor for consistency?

services/backend/src/resources/auth/service/callback.go (1)

16-18: Is the UserUuid field the only required field for JWT creation?

Are there any additional fields that should be included in the JwtDataModel for better security or functionality?

services/go_app_modules/authentication-api/ressources/auth/service/handler.go (2)

13-33: Are you handling sensitive information securely?

The OAuthKey and OAuthSecret are passed as plain strings. Are these values securely stored and retrieved (e.g., from environment variables or a secrets manager)?

13-33: LGTM!

The function correctly initializes the OAuth configuration and returns an AuthService instance.

services/backend/src/web-app/middlewares/authentication.go (3)

12-16: Could the extraction logic for the Authorization header be improved?

The current logic assumes that the Authorization header is always present if the cookie is not. Should we add a check to ensure the header is properly formatted and contains a token?

18-22: LGTM!

The error handling for JWT verification is clear and robust.

25-25: Is storing jwt-token in the request context secure?

Storing jwt-token in the request context is a good practice. Are there any additional security measures in place to protect this data?

services/go_app_modules/authentication-api/ressources/auth/service/callback.go (4)

10-16: Should we enhance error logging?

The error logging for the token exchange is minimal. Would it be beneficial to log more details for debugging purposes?

18-22: LGTM!

The function correctly fetches user info using the OAuth token.

25-28: Is the error handling for reading response body sufficient?

The error handling for reading the response body is good. Are there any additional steps we should consider to handle edge cases?

30-33: LGTM!

The JSON unmarshalling and error handling are correctly implemented.

services/backend/src/resources/auth/http/callback.go (3)

16-18: Could you verify the state validation logic?

The state validation is crucial for security. Can you ensure that the oauthstate cookie is securely set and handled?

25-28: Can you confirm the JWT token handling?

If the jwtToken is empty or an error occurs, it should be handled more explicitly. Would you consider providing a more detailed error message to the user?

11-38: LGTM!

The code changes are approved.

services/frontend/src/lib/components/SidebarNavigation/navigation.svelte (3)

9-16: Could you verify the URLs of the new navigation links?

The new navigation links for "Swagger," "Oauth," and "Logout" look good. Can you ensure that these URLs are correct and functional?

9-16: LGTM!

The code changes are approved.

35-36: LGTM!

The styling changes are approved.

services/backend/src/web-app/routes.go (4)

24-26: Could you verify the new OAuth routes and handlers?

The new routes for OAuth redirect, callback, and logout look good. Can you ensure that the corresponding handlers are correctly implemented and functional?

24-26: LGTM!

The code changes are approved.

28-30: Could you verify the middleware functionality?

The authentication middleware looks good. Can you ensure that it correctly protects the new routes?

43-47: LGTM!

The code changes are approved.

services/go_app_modules/authentication-api/ressources/jwt/service/verify_jwt.go (4)

13-24: Is the signing key handling secure?

The signing key is returned as a byte slice. Could you confirm that this approach is secure and follows best practices for key management?

30-33: Could you ensure the claims are handled securely?

The claims are cast to jwt.MapClaims and checked for validity. Are there any additional checks or sanitization steps needed to ensure the claims are secure and trustworthy?

37-39: Could you confirm the handling of the authorized claim?

The function checks if the authorized claim is true. Is this sufficient for your authorization logic? Are there any additional checks or context needed here?

41-43: Could you confirm the type assertion for user-uuid?

The user-uuid claim is cast to a string. Is it guaranteed that this claim will always be a string? Are there any edge cases that need to be handled?

.env (9)

15-15: Could you confirm the variable name change?

The variable APP_SECURITY_JWT_SECRET has been replaced with APP_AUTHORIZATION_JWT_SECRET. Is this change consistent with the updated focus on authorization throughout the codebase?

17-17: Could you ensure the OAuth client key is securely managed?

The OAuth client key is stored in an environment variable. Are there any additional security measures in place to protect this key from exposure?

Tools

Gitleaks

17-17: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

18-18: Could you ensure the OAuth client secret is securely managed?

The OAuth client secret is stored in an environment variable. Are there any additional security measures in place to protect this secret from exposure?

Tools

Gitleaks

18-18: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

19-19: Could you confirm the OAuth authorization URL configuration?

The OAuth authorization URL is set to http://localhost:9000/application/o/authorize/. Is this URL correctly configured and accessible in your environment?

20-20: Could you confirm the OAuth token URL configuration?

The OAuth token URL is set to http://authentik-server:9000/application/o/token/. Is this URL correctly configured and accessible in your environment?

21-21: Could you confirm the OAuth redirect URL configuration?

The OAuth redirect URL is set to http://web.localhost/api/v1/oauth/callback. Is this URL correctly configured and accessible in your environment?

22-22: Could you confirm the OAuth user info URL configuration?

The OAuth user info URL is set to http://authentik-server:9000/application/o/userinfo/. Is this URL correctly configured and accessible in your environment?

23-23: Could you confirm the OAuth logout URL configuration?

The OAuth logout URL is set to http://localhost:9000/application/o/gosvelte/end-session/. Is this URL correctly configured and accessible in your environment?

24-24: Could you confirm the OAuth scopes configuration?

The OAuth scopes are set to email openid profile. Are these scopes correctly configured and aligned with your application's requirements?

services/go_app_modules/basic-utils/configuration/util-functions.go (1)

17-31: Could you confirm the function logic?

The function retrieves an environment variable as a slice of strings. Is the logic for splitting and trimming the values correct and efficient? Are there any edge cases that need to be handled?

services/frontend/src/lib/components/SidebarAccount/sidebar-account.svelte (4)

7-7: Is the class name update intended to improve specificity?

The class name for the main content element has been updated to sidebar-account-content-element. Could you confirm if this change is aimed at improving CSS specificity and styling?

12-12: Is the additional class attribute for targeted styling?

The Menu component now includes an additional class="menu" attribute. Is this change intended to allow for more targeted CSS styling?

20-24: Is the logout functionality now API-driven?

The logout link's href attribute has been altered from a relative path (/logout) to an absolute API endpoint (/api/v1/oauth/logout). Does this change indicate a shift towards an API-driven logout functionality?

54-57: Are the styling updates aimed at improving user interaction?

Styling updates have been introduced, including hover effects for buttons within the menu and global styles for button hover states and SVG colors. Are these changes aimed at enhancing user interaction feedback and visual consistency?

Makefile (1)

6-6: Are the new services added to enhance the development environment?

The dev target now includes authentik-server and authentik-worker services. Is this change intended to enhance the development environment by including authentication services?

services/frontend/src/routes/(app)/+layout.svelte (2)

Line range hint 41-43:
Is the global context for body styles intended for consistent application?

The body selector has been changed from a direct definition to a global context using :global(body). Is this change intended to ensure consistent application of background and font colors globally?

Line range hint 45-45:
Is the streamlined sidebar background color rule for clarity?

The sidebar's background color rule has been streamlined by eliminating unnecessary conflict markers. Is this change intended to result in a cleaner declaration and ensure proper application of styles across the application?

services/backend/src/configuration/variables.go (3)

11-11: Is SSL/TLS configuration in place?

The WEBSERVER_PORT has been changed to 443, which is typically used for HTTPS. Do you have SSL/TLS configuration set up to support this change?

25-32: Are OAuth variables used securely?

New OAuth-related variables have been added. Are these variables used consistently and securely across the codebase? Specifically, how is the AUTHORIZATION_OAUTH_SECRET managed to ensure it is not exposed?

35-42: How are certificate-related variables managed?

New certificate-related variables have been added. Are these variables used consistently and securely across the codebase? How is the certificate management handled to ensure security?

services/backend/src/web-app/app.go (3)

34-34: Is AuthHandler correctly initialized and used?

A new AuthHandler field has been added to the App struct. Can you confirm that it is correctly initialized and used within the application?

49-65: Are new services correctly initialized and integrated?

The NewApp function has been updated to initialize several new services related to authentication and JWT. Are these services correctly initialized and integrated? How is sensitive information managed to ensure security?

119-126: Are new configuration variables correctly used?

The RunApp function has been updated to use the new configuration variables. Can you confirm that these variables are correctly used and that errors are handled appropriately?

docker-compose.dev.yaml (1)

1-3: Is the external configuration file correctly included?

The change enables the inclusion of the docker-compose.authentik.yaml file. Can you confirm that this file is correctly included and used? Are there any potential issues with the environment setup?

services/backend/src/resources/auth/http/logout.go

services/backend/src/resources/auth/http/redirect.go

services/go_app_modules/authentication-api/ressources/jwt/service/handler.go

services/backend/src/resources/auth/service/handler.go

coderabbitai

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 51f2820 and ad8b079.

Files ignored due to path filters (1)

services/backend/go.sum is excluded by !**/*.sum

Files selected for processing (10)

services/backend/go.mod (3 hunks)
services/backend/src/resources/auth/service/handler.go (1 hunks)
services/frontend/src/lib/components/SidebarAccount/sidebar-account.svelte (2 hunks)
services/frontend/src/lib/i18n/de.json (1 hunks)
services/frontend/src/lib/i18n/en.json (1 hunks)
services/frontend/src/lib/stores/darkmode.ts (3 hunks)
services/frontend/src/lib/theme/general.sass (1 hunks)
services/frontend/src/lib/theme/variables.scss (3 hunks)
services/frontend/src/routes/(app)/+layout.svelte (4 hunks)
services/frontend/src/routes/(app)/settings/+page.svelte (2 hunks)

Files skipped from review due to trivial changes (1)

services/frontend/src/lib/i18n/en.json

Files skipped from review as they are similar to previous changes (3)

services/backend/src/resources/auth/service/handler.go
services/frontend/src/lib/components/SidebarAccount/sidebar-account.svelte
services/frontend/src/routes/(app)/+layout.svelte

Additional comments not posted (16)

services/frontend/src/lib/theme/general.sass (3)

15-17: Looks good!

The use of CSS variables for background and border color enhances maintainability and consistency. Did you ensure that these variables are defined and used correctly across the project?

18-21: Nice improvement!

The hover effect and color styling enhance user interaction feedback. Are these changes consistent with the overall theme of the application?

22-26: Looks great!

The emphasis on the red color and bold font weight, along with the hover effect, provides a clear visual emphasis. Did you verify the visual consistency across different components?

services/frontend/src/lib/i18n/de.json (2)

27-27: Great addition!

The new entry for device_description enhances clarity regarding device-specific settings. Did you ensure the translation is accurate and consistent with the rest of the file?

35-35: Is the removal of the description field intentional?

The removal of the description field under the theme section may streamline user interaction. Did you verify that this removal does not negatively impact user understanding?

services/frontend/src/lib/theme/variables.scss (3)

7-8: Nice addition!

The new CSS custom properties for color management enhance the flexibility of the theme. Did you ensure these variables are used correctly throughout the project?

30-31: Good consistency!

The new CSS custom properties for dark mode ensure visual consistency across different themes. Did you verify that these changes are consistent with the light mode properties?

21-23: Great enhancement!

The new CSS custom properties for sidebar styling provide more options for customization. Did you ensure these changes are consistent across both light and dark modes?

Also applies to: 44-46

services/frontend/src/lib/stores/darkmode.ts (2)

38-49: Is window always available in all contexts?

Could there be any contexts where window might not be available, such as during server-side rendering or in environments without a window object? How do you plan to handle such cases?

38-49: The logic for theme detection looks good!

The method isThemeSetOrAutoDetect correctly checks for the theme cookie and uses window.matchMedia to determine the user's preferred color scheme if the cookie is absent.

services/frontend/src/routes/(app)/settings/+page.svelte (2)

32-32: The addition of the  element looks good!

The  element displaying the device description enhances the user interface by providing more context to the user regarding device settings.

61-65: The style adjustments look good!

The styles for the  element and the .menu class improve the layout and visibility of the elements.

services/backend/go.mod (4)

10-10: The addition of github.com/uvulpos/go-svelte/authentication-api looks good!

The addition of this dependency indicates the inclusion of an authentication API, which is essential for OAuth login. The replacement with a local path suggests local development or testing.

Also applies to: 16-16

29-29: The addition of github.com/golang-jwt/jwt looks good!

The addition of this dependency suggests the use of JWT for handling authentication tokens, which is a common practice in OAuth implementations.

50-50: The addition of golang.org/x/oauth2 looks good!

The addition of this dependency indicates the use of the OAuth2 library for handling OAuth flows, which is essential for the implementation of OAuth login.

10-10: The overall changes to the go.mod file look good!

The new dependencies are added correctly, and the overall structure of the go.mod file remains intact.

Also applies to: 16-16, 29-29, 50-50

uvulpos · 2024-08-14T22:53:57Z

fyi: I pause pr reviews to spare energy and efforts for a non ready pr. This pr is still an epic and will take some work in progress commits to be finished. And also it annoys me at this stage to have a cluttered log

uvulpos · 2024-08-27T19:37:47Z

@coderabbitai full review

coderabbitai · 2024-08-27T19:37:51Z

Actions performed

Full review triggered.

services/frontend/src/lib/api/user/get-permissions.ts

services/frontend/src/lib/api/user/get-self_information.ts

uvulpos · 2024-08-27T20:02:40Z

.env

use better jwt secret / certificate

services/backend/src/configuration/variables.go

services/backend/src/migrator/migration-files/2_add_user.down.sql

services/frontend/src/lib/api/user/models/UserPermissions.ts

…template into feat/add-oauth

coderabbitai

Actionable comments posted: 38

Outside diff range, codebase verification and nitpick comments (5)

services/go_app_modules/basic-utils/customerrors/interface.go (1)

17-21: Could you add comments for each method?

The ErrorInterface is well-defined. Would you consider adding comments for each method to improve readability and maintainability?

services/backend/src/resources/user/http/http-models/self_information.go (1)

7-13: Would you consider adding validation tags?

The SelfInformationModel type is well-defined. Would you consider adding validation tags to ensure data integrity?

services/backend/src/resources/user/http/self_information.go (1)

31-31: Have you considered adding a success log?

It might be useful to log a success message when the user information is successfully retrieved. Would you agree?

services/backend/src/resources/user/http/self_permission.go (1)

31-31: Have you considered adding a success log?

It might be useful to log a success message when the user permissions are successfully retrieved. Would you agree?

services/backend/src/resources/auth/storage/create_login_session.go (1)

30-30: Would you consider adding a log statement for database errors?

It might be useful to log database errors for better traceability. What do you think?

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 6425ebb and 12bb9f6.

Files ignored due to path filters (10)

services/backend/go.sum is excluded by !**/*.sum
services/backend/src/assets/swagger-css/gopher-coffee.gif is excluded by !**/*.gif
services/backend/src/assets/swagger-css/logo-branding.png is excluded by !**/*.png
services/backend/src/assets/swagger-css/logo.png is excluded by !**/*.png
services/frontend/package-lock.json is excluded by !**/package-lock.json
services/go.work is excluded by !**/*.work
services/go.work.sum is excluded by !**/*.sum
services/go_app_modules/authentication-api/go.sum is excluded by !**/*.sum
services/go_app_modules/basic-utils/go.sum is excluded by !**/*.sum
services/go_app_modules/user-api/go.sum is excluded by !**/*.sum

Files selected for processing (99)

.env (1 hunks)
Makefile (1 hunks)
devops/docker-compose/dev-dependencies/docker-compose.authentik.yaml (2 hunks)
docker-compose.dev.yaml (1 hunks)
services/backend/go.mod (3 hunks)
services/backend/modd.conf (1 hunks)
services/backend/src/assets/assets.go (1 hunks)
services/backend/src/configuration/variables.go (1 hunks)
services/backend/src/migrator/migration-files/2_add_user.down.sql (1 hunks)
services/backend/src/migrator/migration-files/2_add_user.up.sql (1 hunks)
services/backend/src/migrator/migration-files/3_add_permissions.up.sql (1 hunks)
services/backend/src/resources/auth/http/callback.go (1 hunks)
services/backend/src/resources/auth/http/handler.go (1 hunks)
services/backend/src/resources/auth/http/logout.go (1 hunks)
services/backend/src/resources/auth/http/redirect.go (1 hunks)
services/backend/src/resources/auth/service/callback.go (1 hunks)
services/backend/src/resources/auth/service/handler.go (1 hunks)
services/backend/src/resources/auth/service/logout.go (1 hunks)
services/backend/src/resources/auth/service/redirect.go (1 hunks)
services/backend/src/resources/auth/storage/create_login_session.go (1 hunks)
services/backend/src/resources/auth/storage/handler.go (1 hunks)
services/backend/src/resources/general/http/asset_gopher_coffee.go (1 hunks)
services/backend/src/resources/general/http/asset_logo.go (1 hunks)
services/backend/src/resources/general/http/asset_logo_branding.go (1 hunks)
services/backend/src/resources/general/http/ping_everything.go (1 hunks)
services/backend/src/resources/user/http/handler.go (1 hunks)
services/backend/src/resources/user/http/http-models/self_information.go (1 hunks)
services/backend/src/resources/user/http/http-models/self_permission.go (1 hunks)
services/backend/src/resources/user/http/self_information.go (1 hunks)
services/backend/src/resources/user/http/self_permission.go (1 hunks)
services/backend/src/resources/user/service/get_user_permissions_by_id.go (1 hunks)
services/backend/src/resources/user/service/get_user_self_information_by_id.go (1 hunks)
services/backend/src/resources/user/service/handler.go (1 hunks)
services/backend/src/resources/user/service/models/model_self_information.go (1 hunks)
services/backend/src/resources/user/service/models/model_user.go (1 hunks)
services/backend/src/resources/user/service/models/model_user_permissions.go (1 hunks)
services/backend/src/resources/user/storage/get_user_by_id.go (1 hunks)
services/backend/src/resources/user/storage/get_user_permissions_by_id.go (1 hunks)
services/backend/src/resources/user/storage/handler.go (1 hunks)
services/backend/src/resources/user/storage/models/mode_user.go (1 hunks)
services/backend/src/web-app/app.go (3 hunks)
services/backend/src/web-app/handler.go (1 hunks)
services/backend/src/web-app/middlewares/authentication.go (1 hunks)
services/backend/src/web-app/routes.go (3 hunks)
services/frontend/package.json (1 hunks)
services/frontend/src/lib/api/user/get-permissions.ts (1 hunks)
services/frontend/src/lib/api/user/get-self_information.ts (1 hunks)
services/frontend/src/lib/api/user/models/SelfInformation.ts (1 hunks)
services/frontend/src/lib/api/user/models/UserPermissions.ts (1 hunks)
services/frontend/src/lib/components/Sidebar/sidebar.svelte (2 hunks)
services/frontend/src/lib/components/SidebarAccount/sidebar-account.svelte (2 hunks)
services/frontend/src/lib/components/SidebarNavigation/navigation.svelte (1 hunks)
services/frontend/src/lib/functions/permissions/check-user-permission-middleware.ts (1 hunks)
services/frontend/src/lib/i18n/de.json (1 hunks)
services/frontend/src/lib/i18n/en.json (1 hunks)
services/frontend/src/lib/stores/darkmode.ts (2 hunks)
services/frontend/src/lib/theme/general.sass (1 hunks)
services/frontend/src/lib/theme/variables.scss (1 hunks)
services/frontend/src/routes/(app)/+error.svelte (1 hunks)
services/frontend/src/routes/(app)/+layout.server.ts (1 hunks)
services/frontend/src/routes/(app)/+layout.svelte (5 hunks)
services/frontend/src/routes/(app)/legal/+layout.svelte (1 hunks)
services/frontend/src/routes/(app)/legal/imprint/+page.md (1 hunks)
services/frontend/src/routes/(app)/secret/+layout.server.ts (1 hunks)
services/frontend/src/routes/(app)/secret/+layout.svelte (1 hunks)
services/frontend/src/routes/(app)/secret/+page.svelte (1 hunks)
services/frontend/src/routes/(app)/settings/+page.svelte (2 hunks)
services/frontend/src/routes/+error.svelte (1 hunks)
services/go_app_modules/authentication-api/go.mod (1 hunks)
services/go_app_modules/authentication-api/ressources/auth/service/callback_authentik.go (1 hunks)
services/go_app_modules/authentication-api/ressources/auth/service/handler.go (1 hunks)
services/go_app_modules/authentication-api/ressources/auth/service/logout.go (1 hunks)
services/go_app_modules/authentication-api/ressources/auth/service/provider/provider.go (1 hunks)
services/go_app_modules/authentication-api/ressources/auth/service/redirect.go (1 hunks)
services/go_app_modules/authentication-api/ressources/auth/service/userinfo_model.go (1 hunks)
services/go_app_modules/authentication-api/ressources/auth/storage/create_user.go (1 hunks)
services/go_app_modules/authentication-api/ressources/auth/storage/create_user_login_identity.go (1 hunks)
services/go_app_modules/authentication-api/ressources/auth/storage/get_userid_by_login.go (1 hunks)
services/go_app_modules/authentication-api/ressources/auth/storage/handler.go (1 hunks)
services/go_app_modules/authentication-api/ressources/jwt/service/create_jwt.go (1 hunks)
services/go_app_modules/authentication-api/ressources/jwt/service/handler.go (1 hunks)
services/go_app_modules/authentication-api/ressources/jwt/service/model.go (1 hunks)
services/go_app_modules/authentication-api/ressources/jwt/service/verify_jwt.go (1 hunks)
services/go_app_modules/authentication-api/ressources/jwt/storage/handler.go (1 hunks)
services/go_app_modules/basic-utils/configuration/util-functions.go (2 hunks)
services/go_app_modules/basic-utils/customerrors/custom-error-const/error_identifier.go (1 hunks)
services/go_app_modules/basic-utils/customerrors/custom-error-const/error_user_messages.go (1 hunks)
services/go_app_modules/basic-utils/customerrors/err_database.go (1 hunks)
services/go_app_modules/basic-utils/customerrors/err_database_not_found.go (1 hunks)
services/go_app_modules/basic-utils/customerrors/err_database_transaction_begin_failed.go (1 hunks)
services/go_app_modules/basic-utils/customerrors/err_database_transaction_commit_failed.go (1 hunks)
services/go_app_modules/basic-utils/customerrors/err_internal_server.go (1 hunks)
services/go_app_modules/basic-utils/customerrors/err_test.go (1 hunks)
services/go_app_modules/basic-utils/customerrors/error_handler.go (1 hunks)
services/go_app_modules/basic-utils/customerrors/interface.go (1 hunks)
services/go_app_modules/basic-utils/go.mod (1 hunks)
services/go_app_modules/user-api/go.mod (1 hunks)
services/go_app_modules/user-api/ressources/user/service/handler.go (1 hunks)
services/go_app_modules/user-api/ressources/user/storage/handler.go (1 hunks)

Additional context used

Gitleaks

.env

17-17: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

18-18: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

Additional comments not posted (279)

services/frontend/src/routes/(app)/secret/+page.svelte (1)

1-1: Is this file a placeholder?

The file contains only one line of content. Is this intended to be a placeholder or is there more content to be added later?

Could you please confirm the purpose of this file?

services/go_app_modules/user-api/go.mod (3)

1-1: Is this module name correct?

Is github.com/uvulpos/go-svelte/user the intended module name for this project?

Could you please confirm if this module name aligns with the project structure and naming conventions?

3-3: Is this the required Go version?

Is Go version 1.22.4 the required version for this project?

Could you please confirm if this is the correct Go version to use for this module?

5-5: Is this the correct dependency version?

Is v1.3.8 the required version for github.com/go-sqlx/sqlx?

Could you please confirm if this is the correct version of the dependency to use for this module?

services/go_app_modules/authentication-api/ressources/auth/service/provider/provider.go (2)

3-3: Is this type definition necessary?

Is AuthProvider intended to be used elsewhere in the codebase?

Could you please confirm if this type definition is necessary and will be used in other parts of the code?

5-7: Is this the only provider?

Is Authentik the only authentication provider that will be supported?

Could you please confirm if there are plans to support additional authentication providers in the future?

services/backend/src/resources/auth/service/redirect.go (1)

3-5: Is this method tested?

Is there a test case for the CreateRedirect method?

Could you please confirm if there is a test case for this method to ensure it works as expected?

services/frontend/src/routes/(app)/+error.svelte (2)

1-3: Looks good!

The import statement for the page store is correct.

5-6: Nice improvement!

The dynamic error display using the $page store enhances user experience and the use of optional chaining ensures robustness.

services/frontend/src/lib/api/user/models/UserPermissions.ts (2)

1-5: Well-defined interface!

The UserPermissions interface includes necessary properties for user permissions.

7-7: Useful constant!

The USER_PERMISSION_ADMIN constant is correctly defined and useful for permission checks.

services/go_app_modules/authentication-api/ressources/auth/service/logout.go (1)

1-4: Correct package and import!

The package and import statements are correctly defined.

services/go_app_modules/authentication-api/go.mod (3)

6-6: Have you considered the implications of adding github.com/go-sqlx/sqlx?

This package simplifies database operations, but it also introduces additional dependencies. Is this the best choice for your use case?

Could you please confirm if this package is necessary for your implementation?

7-7: Have you considered the security implications of using github.com/golang-jwt/jwt?

This package is crucial for secure authentication mechanisms. Are there any specific security measures you plan to implement with this package?

Could you please confirm if this package meets your security requirements?

8-8: Have you considered the compatibility of golang.org/x/oauth2 with your existing authentication system?

This package is necessary for implementing OAuth login functionality. Are there any compatibility issues you foresee with your current system?

Could you please confirm if this package integrates well with your existing authentication system?

services/go_app_modules/authentication-api/ressources/auth/service/redirect.go (1)

5-6: Have you ensured the proper initialization of authentikConfig?

The function creates a redirect URL for OAuth authentication. Is the authentikConfig properly initialized to avoid runtime errors?

Could you please confirm if the authentikConfig is correctly set up before calling this function?

services/go_app_modules/basic-utils/go.mod (3)

6-6: Have you considered the implications of adding github.com/google/uuid?

This package improves UUID generation, but it also introduces additional dependencies. Is this the best choice for your use case?

Could you please confirm if this package is necessary for your implementation?

7-7: Have you considered the implications of adding gotest.tools/v3?

This package enhances testing capabilities, but it also introduces additional dependencies. Is this the best choice for your use case?

Could you please confirm if this package is necessary for your implementation?

10-10: Have you considered the implications of adding github.com/google/go-cmp?

This package improves comparison operations, but it also introduces additional dependencies. Is this the best choice for your use case?

Could you please confirm if this package is necessary for your implementation?

services/frontend/src/lib/api/user/models/SelfInformation.ts (6)

3-3: Looks good!

Is the id always a string in your database schema?

The code changes are approved.

4-4: Looks good!

Is there any specific reason for choosing username as a string?

The code changes are approved.

5-5: Looks good!

Is display_name always a string in your database schema?

The code changes are approved.

6-6: Looks good!

Is email always a string in your database schema?

The code changes are approved.

7-7: Looks good!

Is profile_picture always a string in your database schema?

The code changes are approved.

8-8: Looks good!

Is permissions always an array of strings in your database schema?

The code changes are approved.

services/go_app_modules/authentication-api/ressources/jwt/storage/handler.go (2)

5-7: Looks good!

Is the db field always a pointer to sqlx.DB in your database schema?

The code changes are approved.

9-13: Looks good!

Is the db parameter always a pointer to sqlx.DB in your database schema?

The code changes are approved.

services/go_app_modules/user-api/ressources/user/storage/handler.go (2)

5-7: Looks good!

Is the db field always a pointer to sqlx.DB in your database schema?

The code changes are approved.

9-13: Looks good!

Is the db parameter always a pointer to sqlx.DB in your database schema?

The code changes are approved.

services/go_app_modules/user-api/ressources/user/service/handler.go (3)

1-1: Is the package name appropriate?

The package is declared as service. Is this the correct package name for this file?

The code changes are approved.

3-11: Is the UserService struct and constructor correct?

The UserService struct has a storage field of type UserStore, and the NewUserService function initializes a UserService with the given UserStore. Is this the correct implementation?

The code changes are approved.

13-14: Is the UserStore interface intentionally empty?

The UserStore interface is defined but does not contain any methods. Are there methods to be added later, or is this intentional?

Please verify if the interface is complete.

services/go_app_modules/basic-utils/customerrors/custom-error-const/error_user_messages.go (2)

1-1: Is the package name appropriate?

The package is declared as customerrorconst. Is this the correct package name for this file?

The code changes are approved.

3-6: Are the error message constants correct?

The file defines constants for error messages: DATABASE_NOT_FOUND_ERROR_MESSAGE and INTERNAL_SERVER_ERROR_MESSAGE. Are these the correct error messages?

The code changes are approved.

services/backend/modd.conf (1)

3-3: Is the path specification update correct?

The path specifications are updated to include /app/go_app_modules/**/*. Is this the correct update to facilitate better integration of modules or components?

The code changes are approved.

services/backend/src/resources/user/service/get_user_permissions_by_id.go (1)

7-9: Is nil a valid argument for the first parameter of GetUserPermissionsByID?

Could you please confirm if passing nil as the first argument is intentional and valid in this context?

services/backend/src/resources/user/http/http-models/self_permission.go (2)

3-5: LGTM!

The struct SelfPermissionsModel is correctly defined with appropriate JSON tags.

7-11: LGTM!

The constructor function NewSelfPermissionsModel is correctly implemented.

services/go_app_modules/authentication-api/ressources/jwt/service/model.go (2)

3-6: LGTM!

The struct JwtDataModel is correctly defined with appropriate JSON tags.

8-13: LGTM!

The constructor function NewJwtDataModel is correctly implemented.

services/backend/src/resources/auth/http/handler.go (3)

1-1: Is the package declaration appropriate?

The package is declared as http. Is this the correct package for this handler?

The code changes are approved.

3-5: Are the imports necessary?

The file imports the service package. Is this import necessary for the AuthHandler to use the AuthService?

The code changes are approved.

7-15: Is the struct and constructor function correctly implemented?

The AuthHandler struct has a single field service, and the NewAuthHandler function initializes the AuthHandler with the provided AuthService. Is this implementation correct?

The code changes are approved.

services/backend/src/resources/user/http/handler.go (3)

1-1: Is the package declaration appropriate?

The package is declared as http. Is this the correct package for this handler?

The code changes are approved.

3-5: Are the imports necessary?

The file imports the service package. Is this import necessary for the UserHandler to use the UserService?

The code changes are approved.

7-15: Is the struct and constructor function correctly implemented?

The UserHandler struct has a single field service, and the NewUserHandler function initializes the UserHandler with the provided UserService. Is this implementation correct?

The code changes are approved.

services/frontend/src/routes/(app)/legal/+layout.svelte (1)

11-12: Does the style rule improve readability?

The file adds a global style rule for paragraph elements to set the line-height to 1.5. Does this improve readability?

The code changes are approved.

services/frontend/src/lib/api/user/get-permissions.ts (6)

1-1: Is the ky library the best choice for HTTP requests?

The import statement is correct. Have you considered using other libraries or native fetch for HTTP requests?

2-2: Is the UserPermissions type used correctly?

The import statement is correct. Is the UserPermissions type defined properly in ./models/UserPermissions?

3-3: Is the empty line necessary for readability?

The empty line improves readability. Do you think it is necessary here?

4-4: Is the function signature appropriate?

The function signature is correct. Is there any specific reason for choosing Promise<string[]> as the return type?

5-5: Is the HTTP request and response handling correct?

The HTTP request and response handling are correct. Have you considered handling potential errors or exceptions that might occur during the request?

6-6: Is the empty line necessary for readability?

The empty line improves readability. Do you think it is necessary here?

services/backend/src/resources/user/service/models/model_self_information.go (5)

1-1: Is the package declaration appropriate?

The package declaration is correct. Is there any specific reason for choosing the models package?

2-2: Is the empty line necessary for readability?

The empty line improves readability. Do you think it is necessary here?

3-6: Is the struct definition appropriate?

The struct definition is correct. Is there any specific reason for choosing these fields?

7-7: Is the empty line necessary for readability?

The empty line improves readability. Do you think it is necessary here?

8-13: Is the constructor function appropriate?

The constructor function is correct. Is there any specific reason for choosing this implementation?

services/frontend/src/routes/(app)/secret/+layout.svelte (5)

1-1: Is the script block declaration appropriate?

The script block declaration is correct. Is there any specific reason for choosing TypeScript?

2-2: Is the import statement appropriate?

The import statement is correct. Is there any specific reason for choosing PageData?

3-3: Is the export statement appropriate?

The export statement is correct. Is there any specific reason for choosing data?

4-4: Is the empty line necessary for readability?

The empty line improves readability. Do you think it is necessary here?

6-14: Is the conditional block appropriate?

The conditional block is correct. Is there any specific reason for choosing data.status?

services/backend/src/assets/assets.go (3)

11-12: Is this embedding correct?

The GopherCoffee variable is embedding an image file correctly. Could you confirm if this image is used somewhere in the application?

The code changes are approved.

14-15: Is this embedding correct?

The Logo variable is embedding an image file correctly. Could you confirm if this image is used somewhere in the application?

The code changes are approved.

17-18: Is this embedding correct?

The LogoBranding variable is embedding an image file correctly. Could you confirm if this image is used somewhere in the application?

The code changes are approved.

services/backend/src/migrator/migration-files/2_add_user.down.sql (6)

1-1: Is this constraint removal necessary?

The statement to drop the constraint created_ip_addr_not_empty_string seems correct. Could you confirm if this constraint is no longer needed?

The code changes are approved.

2-2: Is this constraint removal necessary?

The statement to drop the constraint last_jwt_refresh_ip_addr_not_empty_string seems correct. Could you confirm if this constraint is no longer needed?

The code changes are approved.

4-4: Is this table removal necessary?

The statement to drop the table user_sessions seems correct. Could you confirm if this table is no longer needed?

The code changes are approved.

5-5: Is this table removal necessary?

The statement to drop the table user_identities seems correct. Could you confirm if this table is no longer needed?

The code changes are approved.

6-6: Is this table removal necessary?

The statement to drop the table users seems correct. Could you confirm if this table is no longer needed?

The code changes are approved.

8-8: Is this type removal necessary?

The statement to drop the type identity_provider seems correct. Could you confirm if this type is no longer needed?

The code changes are approved.
services/go_app_modules/authentication-api/ressources/jwt/service/handler.go (2)
3-6: Could you add input validation in the constructor?

It might be helpful to validate the jwtCertificate and storage inputs in the NewJwtService constructor to ensure they are not nil or empty. Would you consider adding this?
func NewJwtService(storage JwtStorage, jwtCertificate string) *JwtService {
+ if storage == nil {
+ panic("storage cannot be nil")
+ }
+ if jwtCertificate == "" {
+ panic("jwtCertificate cannot be empty")
+ }
 return &JwtService{
 JWT_CERTIFICATE: jwtCertificate,
 storage: storage,
 }
}
15-16: Is this interface intended to be empty?

The JwtStorage interface is currently empty. Is this intentional, or are there methods that should be defined here?

The code changes are approved.
services/frontend/src/routes/(app)/legal/imprint/+page.md (4)

Line range hint 1-5: Looks good!

Is there a reason why the variable header is not declared with let or const?

The code changes look good.

6-6: Looks good!

Is there a reason why the variable linefirst is not declared with let or const?

The code changes look good.

7-7: Looks good!

Is there a reason why the variable linesecond is not declared with let or const?

The code changes look good.

8-8: Looks good!

Is there a reason why the variable github is not declared with let or const?

The code changes look good.

services/go_app_modules/basic-utils/customerrors/error_handler.go (2)

9-11: Looks good!

Is there any specific reason for not including error handling within this function?

The code changes look good.

13-15: Looks good!

Is there any specific reason for not including error handling within this function?

The code changes look good.
services/frontend/src/lib/functions/permissions/check-user-permission-middleware.ts (1)
3-11: Consider adding error handling and logging.

Would it be beneficial to add error handling for the getUserPermissions call and logging for permission checks?

For example, you could add a try-catch block:
 export async function checkUserPermissionMiddleware(jwt: string, permissions: string[]): Promise<boolean> {
- const userPermissions = await getUserPermissions(jwt)
+ let userPermissions;
+ try {
+ userPermissions = await getUserPermissions(jwt);
+ } catch (error) {
+ console.error("Failed to get user permissions:", error);
+ return false;
+ }

 for (const permission of permissions) {
 if (!userPermissions.includes(permission)) {
 return false;
 }
 }
 return true
}
services/go_app_modules/authentication-api/ressources/auth/service/userinfo_model.go (1)

3-12: Is the JSON key mapping correct?

The AuthentikUserInfo struct maps fields to JSON keys. Are these mappings verified against the expected JSON structure from the OAuth provider?

services/backend/src/resources/user/service/models/model_user.go (1)

3-9: Is the field naming consistent?

The field names in UserModel are consistent with common naming conventions. Are these names aligned with other models in the codebase?

services/go_app_modules/basic-utils/customerrors/custom-error-const/error_identifier.go (2)

5-10: Are the error identifiers comprehensive?

The constants define various error identifiers. Are these identifiers comprehensive enough to cover all potential error scenarios?

5-10: Is the naming consistent?

The naming of the error identifiers is consistent. Are these names aligned with other error identifiers in the codebase?
services/backend/src/resources/auth/http/logout.go (1)
10-22: Could you provide more context in the error handling and set the cookie expiration date to a past date?

Currently, the error is returned directly. It might be helpful to provide more context or log the error for better debugging. Also, setting the cookie expiration date to a past date ensures it is deleted.
func (h *AuthHandler) Logout(c *fiber.Ctx) error {
	c.Cookie(&fiber.Cookie{
		Name: "jwt",
		Path: "/",
		Value: "",
		HTTPOnly: true,
-		Expires: time.Now(),
+		Expires: time.Now().Add(-time.Hour),
	})
	logoutURL, logoutErr := h.service.Logout()
	if logoutErr != nil {
-		return logoutErr
+		c.Status(http.StatusInternalServerError)
+		return c.JSON(fiber.Map{
+			"error": "Failed to log out",
+			"details": logoutErr.Error(),
+		})
	}
	return c.Redirect(logoutURL, http.StatusMovedPermanently)
}
services/backend/src/resources/auth/storage/handler.go (2)

12-15: Looks good!

The function correctly initializes a new AuthStore with a database connection.

The code changes are approved.

18-23: Looks good!

The function correctly starts a new database transaction and handles errors appropriately.

The code changes are approved.

services/backend/src/web-app/handler.go (3)

5-9: Looks good!

The interface is well-defined and promotes a structured approach to managing authentication flows.

The code changes are approved.

10-17: Looks good!

The interface is well-defined and enhances the general handling capabilities of the application.

The code changes are approved.

19-21: Looks good!

The interface is well-defined and enhances the application's ability to manage user-specific interactions.

The code changes are approved.

services/backend/src/resources/user/storage/models/mode_user.go (2)

5-11: Are the field types and tags appropriate?

Could you confirm if the field types and tags are appropriate for the database schema?

13-21: Is the conversion logic accurate?

Could you confirm if the conversion logic accurately reflects the intended mapping between the storage model and the service model?

services/go_app_modules/authentication-api/ressources/auth/storage/handler.go (2)

8-10: Is the field type appropriate?

Could you confirm if the field type for the database connection is appropriate?

18-23: Is the error handling appropriate?

Could you confirm if the error handling in the StartTransaction method is appropriate and follows best practices?

services/backend/src/resources/general/http/asset_logo.go (1)

17-19: Is the logo correctly encoded and sent?

Could you confirm if the logo is correctly encoded and sent as a string?

services/backend/src/resources/general/http/asset_logo_branding.go (1)

17-19: Is assets.LogoBranding a valid PNG image?

Could you please confirm if assets.LogoBranding is a valid PNG image? How is it being ensured?

services/go_app_modules/authentication-api/ressources/jwt/service/create_jwt.go (1)

20-20: Is s.JWT_CERTIFICATE securely managed?

Could you please confirm if s.JWT_CERTIFICATE is securely managed and stored? How is it being protected?

services/frontend/src/routes/(app)/secret/+layout.server.ts (2)

5-26: Is there proper error handling for the fetch call?

Could you please confirm if there is proper error handling for the fetch call? What happens if the fetch fails?

7-9: Is the JWT validation secure?

Is the JWT validation secure? How is it being ensured that the JWT is not tampered with?

services/backend/src/resources/general/http/asset_gopher_coffee.go (1)

18-20: Is assets.GopherCoffee valid GIF data?

Could you please confirm that assets.GopherCoffee contains valid GIF data? If it is a file path, would it be better to use SendFile instead of SendString?

services/go_app_modules/basic-utils/customerrors/interface.go (2)

15-15: Is this type alias necessary?

The SqlData type alias seems straightforward. Is there a specific reason for defining this alias instead of using map[string]interface{} directly?

11-13: Looks good to me!

The SetDebugMode function is correctly implemented.

services/backend/src/resources/user/http/http-models/self_information.go (1)

15-22: Looks good to me!

The NewSelfInformationModel function is correctly implemented.

services/backend/src/resources/user/service/handler.go (3)

1-8: Are these imports necessary?

The imports seem appropriate for the functionality provided. Could you confirm if all of them are being used?

Would you like me to check for unused imports?

10-18: Is this struct and constructor sufficient?

The UserService struct and its constructor seem correctly implemented. Do you think any additional fields or methods are needed?

The code changes are approved.

20-24: Does this interface cover all necessary methods?

The AuthStorageInterface interface methods seem appropriate for user authentication and authorization. Do you think any additional methods are needed?

The code changes are approved.

services/backend/src/resources/general/http/ping_everything.go (1)

9-9: Is this change necessary?

The change from "System Health-Check" to "System health-check" seems to be a stylistic choice to standardize the terminology. Do you think this improves clarity?

The code changes are approved.

services/backend/src/resources/user/service/get_user_self_information_by_id.go (1)

1-6: Are these imports necessary?

The imports seem appropriate for the functionality provided. Could you confirm if all of them are being used?

Would you like me to check for unused imports?

services/frontend/src/routes/(app)/+layout.server.ts (7)

1-2: Why is the redirect function imported from @sveltejs/kit?

Is this the standard way to handle redirections in your project?

Could you confirm if this is the recommended approach for handling redirects in SvelteKit?

6-7: How are cookies being managed?

Could you provide more context on how cookies are being managed in your application?

Is there a specific library or middleware handling cookies?

9-11: Why is a redirect to /login performed when the JWT is missing or empty?

Is there a specific reason for choosing a 301 status code for the redirect?

Would a 302 status code be more appropriate for temporary redirects?

13-14: How is getSelfInformation handling the fetch and JWT token?

Could you provide more details on the getSelfInformation function and its error handling?

Is there a possibility of improving error handling for the fetch request?

15-17: Why is a redirect to /login performed when self is undefined or null?

Is there a specific reason for choosing a 301 status code for the redirect?

Would a 302 status code be more appropriate for temporary redirects?

19-19: Why is the profile picture URL hardcoded?

Is there a plan to make the profile picture URL configurable or dynamic?

Would it be better to fetch the profile picture URL from the user data or a configuration file?

21-26: Could you explain the structure of the returned object?

Is there a specific reason for structuring the returned object this way?

Would it be beneficial to include additional user information in the returned object?

services/go_app_modules/authentication-api/ressources/auth/storage/create_user_login_identity.go (5)

8-8: Why is the function accepting a transaction as a parameter?

Is there a specific reason for using a transaction in this function?

Would it be beneficial to provide an option to execute the function without a transaction?

9-9: Could you explain the structure of the user_identities table?

Is there a specific reason for choosing these column names and types?

Would it be beneficial to include additional columns for storing user identity information?

11-11: How is the SQL query being executed?

Could you provide more details on the tx.Exec function and its error handling?

Is there a possibility of improving error handling for the SQL query execution?

13-19: Why is a custom error being returned for SQL errors?

Is there a specific reason for using custom errors in this function?

Would it be beneficial to use standard error handling for SQL errors?

21-21: Could you explain the return value of the function?

Is there a specific reason for returning nil when the function succeeds?

Would it be beneficial to return additional information or a success message?

services/frontend/src/lib/api/user/get-self_information.ts (6)

1-2: Why is the SelfInformation type imported from ./models/SelfInformation?

Is there a specific reason for defining the SelfInformation type in a separate file?

Would it be beneficial to include the type definition in this file for better readability?

3-3: Could you explain the parameters of the getSelfInformation function?

Is there a specific reason for accepting a fetch function and a jwt string as parameters?

Would it be beneficial to include additional parameters for better flexibility?

7-13: How is the fetch request being constructed?

Could you provide more details on the API endpoint and the request headers?

Is there a possibility of improving the fetch request construction for better readability?

15-17: Why is an error being thrown when the network response is not ok?

Is there a specific reason for handling network errors this way?

Would it be beneficial to include additional error handling for different types of network errors?

19-21: How is the response being parsed and handled?

Could you provide more details on the response parsing and error handling?

Is there a possibility of improving the response parsing for better readability?

24-24: Could you explain the return value of the function?

Is there a specific reason for returning the parsed response or null?

Would it be beneficial to include additional information in the return value for better flexibility?

services/go_app_modules/authentication-api/ressources/auth/storage/get_userid_by_login.go (5)

1-7: Is the package declaration and imports appropriate?

The package declaration and imports look good to me. Do you agree?

9-10: Is the function signature and variable declaration appropriate?

The function signature and variable declaration look good to me. Do you agree?

11-13: Is the SQL query and execution appropriate?

The SQL query and execution look good to me. Do you agree?

14-28: Is the error handling and custom error creation appropriate?

The error handling and custom error creation look good to me. Do you agree?

29-32: Is the return statement appropriate?

The return statement looks good to me. Do you agree?

services/backend/src/resources/auth/http/redirect.go (6)

1-11: Is the package declaration and imports appropriate?

The package declaration and imports look good to me. Do you agree?

13-15: Is the function signature and variable declaration appropriate?

The function signature and variable declaration look good to me. Do you agree?

16-21: Is the random byte generation and error handling appropriate?

The random byte generation and error handling look good to me. Do you agree?

23-25: Is the state generation and redirect URL creation appropriate?

The state generation and redirect URL creation look good to me. Do you agree?

26-31: Is the cookie creation and setting appropriate?

The cookie creation and setting look good to me. Do you agree?

33-34: Is the redirect response appropriate?

The redirect response looks good to me. Do you agree?

services/frontend/src/routes/+error.svelte (4)

1-3: Is the script tag and imports appropriate?

The script tag and imports look good to me. Do you agree?

5-10: Is the onMount function and JWT check appropriate?

The onMount function and JWT check look good to me. Do you agree?

13-16: Is the HTML structure appropriate?

The HTML structure looks good to me. Do you agree?

18-43: Are the CSS styles appropriate?

The CSS styles look good to me. Do you agree?

services/backend/src/web-app/middlewares/authentication.go (5)

4-8: Is the new import statement for jwtService necessary for the JWT verification logic?

The import statement seems appropriate for the new functionality.

The code changes are approved.

17-19: Is the error handling logic for missing JWT token appropriate?

The logic seems correct as it returns a 401 Unauthorized response if the JWT token is not found.

The code changes are approved.

28-28: Is storing the user's UUID in the request context appropriate?

The logic seems correct as it provides more relevant user information.

The code changes are approved.

30-30: Is calling c.Next() to proceed to the next middleware or handler appropriate?

The logic seems correct as it ensures the request proceeds to the next middleware or handler.

The code changes are approved.

21-25: Does jwtService.VerifyJWT handle all necessary checks for JWT verification?

The verification logic seems appropriate. Please ensure that jwtService.VerifyJWT handles all necessary checks.

The code changes are approved.

Run the following script to verify the jwtService.VerifyJWT function:

services/backend/src/resources/auth/service/handler.go (4)

3-8: Are the new import statements necessary for the new functionality?

The import statements seem appropriate.

The code changes are approved.

10-15: Is the AuthService struct definition appropriate for the new functionality?

The struct definition seems correct.

The code changes are approved.

17-23: Would it be beneficial to initialize the user field in the constructor?

Is there a reason for not initializing the user field in the NewAuthService constructor as suggested in the previous review comment?

25-28: Is the AuthStorageInterface definition appropriate for the new functionality?

The interface definition seems correct.

The code changes are approved.

services/go_app_modules/authentication-api/ressources/auth/storage/create_user.go (5)

3-8: Are the new import statements necessary for the new functionality?

The import statements seem appropriate.

The code changes are approved.

10-14: Is the CreateUser function definition appropriate for the new functionality?

The function definition seems correct.

The code changes are approved.

17-22: Is the SqlData struct definition appropriate for the new functionality?

The struct definition seems correct.

The code changes are approved.

26-28: Is the error handling logic for sql.ErrNoRows appropriate?

The logic seems correct as it returns a custom error for sql.ErrNoRows.

The code changes are approved.

34-34: Is the function return logic appropriate?

The logic seems correct as it returns the user ID if no errors occur.

The code changes are approved.

services/backend/src/resources/user/http/self_information.go (1)

22-22: Could you please ensure type safety here?

The type assertion c.Locals("user-uuid").(string) could panic if the type is incorrect. Would you consider using a type check to avoid potential panics?

services/backend/src/resources/user/http/self_permission.go (1)

22-22: Could you please ensure type safety here?

The type assertion c.Locals("user-uuid").(string) could panic if the type is incorrect. Would you consider using a type check to avoid potential panics?

services/frontend/src/lib/theme/general.sass (3)

15-19: Great enhancement to the menu interface!

The new styles for .svelteui-Menu-body improve the visual appeal and ensure compatibility across different browsers.

20-23: Nice usability improvement!

The new styles for .svelteui-MenuItem-root provide visual feedback during user interaction, enhancing usability.

24-28: Good emphasis on important buttons!

The new styles for div.red-button > button.svelteui-MenuItem-root make these buttons more visually distinct, emphasizing their importance in the UI.

services/backend/src/resources/user/storage/get_user_by_id.go (2)

1-10: Imports look good!

The imported packages are appropriate for the functionality provided in the file.

14-14: SQL query looks secure!

The parameterized query prevents SQL injection and is appropriate for retrieving a user by ID.

services/go_app_modules/authentication-api/ressources/jwt/service/verify_jwt.go (1)

1-7: Imports look good!

The imported packages are appropriate for the functionality provided in the file.
.env (6)
19-19: Could you please verify the URL?

The variable APP_AUTHORIZATION_OAUTH_AUTHORIZATION_URL provides the URL for OAuth authorization. Ensure the URL is correct and accessible.

20-20: Could you please verify the URL?

The variable APP_AUTHORIZATION_OAUTH_TOKEN_URL provides the URL for OAuth token retrieval. Ensure the URL is correct and accessible.

21-21: Could you please verify the URL?

The variable APP_AUTHORIZATION_OAUTH_REDIRECT_URL provides the URL for OAuth redirection. Ensure the URL is correct and accessible.

22-22: Could you please verify the URL?

The variable APP_AUTHORIZATION_OAUTH_USERINFO_URL provides the URL for OAuth user information retrieval. Ensure the URL is correct and accessible.

23-23: Could you please verify the URL?

The variable APP_AUTHORIZATION_OAUTH_LOGOUT_URL provides the URL for OAuth logout. Ensure the URL is correct and accessible.

15-15: Could you please verify all references to the renamed variable?

The variable APP_SECURITY_JWT_SECRET has been renamed to APP_AUTHORIZATION_JWT_SECRET. Make sure all references to the old variable name are updated throughout the codebase.

Run the following script to verify the usage of the renamed variable:

Verification successful

Renaming Verified Successfully

It looks like all references to APP_SECURITY_JWT_SECRET have been updated to APP_AUTHORIZATION_JWT_SECRET throughout the codebase. Everything seems to be in order!
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify all references to the renamed variable.

# Test: Search for the old variable name. Expect: No occurrences.
rg --type env 'APP_SECURITY_JWT_SECRET'
Length of output: 67

Script:
#!/bin/bash
# Description: Verify all references to the renamed variable across the entire codebase.

# Test: Search for the old variable name in all files. Expect: No occurrences.
rg 'APP_SECURITY_JWT_SECRET'
Length of output: 28
services/go_app_modules/basic-utils/customerrors/err_test.go (2)

12-26: Could you please ensure all edge cases are covered?

The function TestHttpDatabaseErrorHandling is well-implemented and covers the expected behavior. Ensure all edge cases are covered.

28-40: Could you please ensure all edge cases are covered?

The function TestHttpInternalServerErrorHandling is well-implemented and covers the expected behavior. Ensure all edge cases are covered.

services/frontend/src/lib/components/Sidebar/sidebar.svelte (4)

1-6: Great choice using TypeScript!

Using TypeScript enhances type safety and developer experience. Importing SelfInformation ensures that the user prop is correctly typed.

The code changes are approved.

7-7: Nice addition of the user prop!

Exporting the user prop allows it to be passed to child components, enhancing the functionality of the Sidebar component.

The code changes are approved.

15-16: Great enhancement to SidebarAccount!

Passing the user prop to SidebarAccount enhances its capability to display user-related information dynamically.

The code changes are approved.

38-39: Nice addition of CSS classes!

Adding these CSS classes improves the layout and styling of the sidebar, providing a more consistent user interface.

The code changes are approved.

services/frontend/package.json (1)

36-36: Good choice adding ky!

Adding ky as a dependency suggests an intention to improve HTTP request handling. It offers features like better error handling, request cancellation, and a streamlined API.

The code changes are approved.

services/backend/src/web-app/routes.go (4)

7-7: Good addition of middleware import!

Importing middlewares suggests that they are used for route protection or other purposes.

The code changes are approved.

20-22: Nice addition of asset routes!

Adding these routes allows the application to serve static content or images.

The code changes are approved.

26-31: Great enhancement of OAuth routes and middleware usage!

Adding these routes enhances the authentication flow, allowing for user redirection, callback handling, and logout functionality. Using middleware ensures that all subsequent routes within the group require authentication.

The code changes are approved.

47-51: Nice addition of the TestEP function!

The TestEP function returns a simple JSON response, indicating that the application is functioning correctly.

The code changes are approved.

services/backend/src/resources/user/storage/handler.go (4)

12-14: Looks good!

The UserStore type and its constructor function are correctly implemented. Is there any specific reason for not including any other fields in UserStore?

The code changes are approved.

Also applies to: 16-20

30-35: Looks good!

The Scan function for the Permission type is correctly implemented. Is there any specific reason for not handling other types of values?

The code changes are approved.

38-41: Looks good!

The ToServiceModel function is correctly implemented. Is there any specific reason for not including other fields in the conversion?

The code changes are approved.

44-51: Looks good!

The PermissionsToStringArray function is correctly implemented. Is there any specific reason for not handling empty slices differently?

The code changes are approved.

services/backend/src/resources/user/storage/get_user_permissions_by_id.go (1)

11-15: Looks good!

The Permission and UserPermissions types are correctly implemented. Is there any specific reason for not including other fields in UserPermissions?

The code changes are approved.

services/go_app_modules/authentication-api/ressources/auth/service/handler.go (2)

17-38: Should we validate the parameters?

Would it be beneficial to add validation for the parameters being passed to NewAuthService to ensure they are not empty or invalid?

Could you please confirm if parameter validation is handled elsewhere or if it should be added here?

41-46: Is error handling consistent?

Are there any guidelines or best practices for ensuring consistent error handling across different implementations of AuthStorageInterface?

Could you please confirm if there are any specific error handling practices to follow for this interface?

services/backend/src/migrator/migration-files/2_add_user.up.sql (5)

1-1: Should we define ENUM values?

Is it necessary to define the ENUM values for identity_provider type here, or are they defined elsewhere?

Could you please confirm if the ENUM values are defined in a different part of the codebase?

2-2: Could there be conflicts with existing values?

Is there a risk of conflict with existing values when adding Authentik to the enum_type?

Could you please confirm if there are any existing values that might conflict with Authentik?

4-10: Are the column constraints appropriate?

Are the constraints defined for the columns in the users table appropriate for ensuring data integrity?

Could you please confirm if the constraints are sufficient for maintaining data integrity?

12-19: Is the foreign key constraint appropriate?

Is the foreign key constraint defined for the user_identities table appropriate for ensuring referential integrity?

Could you please confirm if the foreign key constraint is sufficient for maintaining referential integrity?

21-41: Are the constraints appropriate?

Are the constraints defined for the user_sessions table appropriate for ensuring data integrity and preventing session hijacking?

Could you please confirm if the constraints are sufficient for maintaining data integrity and preventing session hijacking?

services/frontend/src/lib/i18n/en.json (4)

28-28: Is the description clear and accurate?

Does the description for device_description accurately convey the information about local device settings stored via cookies?

Could you please confirm if the description is clear and accurate?

42-42: Is the information accurate and up-to-date?

Does the entry for this-website-template provide accurate and relevant information about the website template?

Could you please confirm if the information is accurate and up-to-date?

43-43: Is the information clear and legally accurate?

Does the entry for using-template-liable provide clear and legally accurate information about the liability of using the template?

Could you please confirm if the information is clear and legally accurate?

44-44: Is the information accurate and up-to-date?

Does the entry for project-on-github provide accurate and relevant information about the project on GitHub?

Could you please confirm if the information is accurate and up-to-date?

services/go_app_modules/basic-utils/customerrors/err_database_transaction_begin_failed.go (6)

24-35: Is the error context data handled correctly?

The method initializes a new DatabaseTransactionBeginError with relevant details. Could you confirm that the error context data is properly handled throughout the application?

The code changes are approved.

38-39: Is the error message sufficient?

The method returns the error message. Is the error message sufficient for debugging purposes?

The code changes are approved.

42-43: Is the error identifier sufficient?

The method returns the error identifier. Is the error identifier sufficient for categorizing the error?

The code changes are approved.

46-51: Is the debugMode flag properly managed?

The method returns the HTTP error details and uses a debugMode flag to determine the level of detail in the error message. Could you confirm that the debugMode flag is properly managed and that sensitive information is not exposed in production?

The code changes are approved.

54-55: Is the logging format consistent?

The method returns the error details for logging purposes. Could you confirm that the logging format is consistent with the rest of the application?

The code changes are approved.

1-56: Is the overall structure well-organized?

The file defines a custom error type with relevant methods for error handling, HTTP error responses, and logging. Is the overall structure well-organized and consistent with best practices?

The code changes are approved.

services/go_app_modules/basic-utils/customerrors/err_database_transaction_commit_failed.go (6)

24-35: Is the error context data handled correctly?

The method initializes a new DatabaseTransactionCommitError with relevant details. Could you confirm that the error context data is properly handled throughout the application?

The code changes are approved.

38-39: Is the error message sufficient?

The method returns the error message. Is the error message sufficient for debugging purposes?

The code changes are approved.

42-43: Is the error identifier sufficient?

The method returns the error identifier. Is the error identifier sufficient for categorizing the error?

The code changes are approved.

46-51: Is the debugMode flag properly managed?

The method returns the HTTP error details and uses a debugMode flag to determine the level of detail in the error message. Could you confirm that the debugMode flag is properly managed and that sensitive information is not exposed in production?

The code changes are approved.

54-55: Is the logging format consistent?

The method returns the error details for logging purposes. Could you confirm that the logging format is consistent with the rest of the application?

The code changes are approved.

1-56: Is the overall structure well-organized?

The file defines a custom error type with relevant methods for error handling, HTTP error responses, and logging. Is the overall structure well-organized and consistent with best practices?

The code changes are approved.

services/frontend/src/lib/stores/darkmode.ts (5)

37-48: Does the method handle edge cases?

The method checks for a theme cookie and uses the browser's media query to determine the user's preferred color scheme if the cookie is absent or null. Does the method handle edge cases, such as invalid cookie values or unsupported media queries?

The code changes are approved.

49-51: Is the method implementation sufficient?

The method sets the theme cookie to light mode and updates the theme store. Is the method implementation sufficient for setting the light mode?

The code changes are approved.

Line range hint 52-54: Is the method implementation sufficient?

The method sets the theme cookie to dark mode and updates the theme store. Is the method implementation sufficient for setting the dark mode?

The code changes are approved.

Line range hint 17-23: Does the method handle edge cases?

The method toggles the theme between light mode and dark mode based on the current theme cookie value. Does the method handle edge cases, such as invalid cookie values?

The code changes are approved.

Line range hint 1-54: Is the overall structure well-organized?

The file defines a ThemeStore class with methods for managing theme settings. The autoChangeTheme function has been commented out. Is the overall structure well-organized and consistent with best practices?

The code changes are approved.

services/frontend/src/lib/i18n/de.json (2)

27-27: Could you clarify the persistence of settings?

The new entry provides clarity regarding the persistence of settings, emphasizing that these preferences will be stored as cookies specific to the device being used. Is this the intended behavior?

The code changes are approved.

41-43: Are these legal entries sufficient for transparency?

The new entries enhance legal transparency, informing users about the template's origin, the licensing implications, and where to find the project on GitHub. Do you think these entries are sufficient for legal transparency?

The code changes are approved.

services/go_app_modules/basic-utils/customerrors/err_internal_server.go (4)

46-48: Is the error message returned correctly?

The method returns the error message. Is this the intended behavior?

The code changes are approved.

50-52: Is the error identifier returned correctly?

The method returns the error identifier. Is this the intended behavior?

The code changes are approved.

54-60: Does the method handle debug mode correctly?

The method correctly handles debug mode and non-debug mode scenarios. Is this the intended behavior?

The code changes are approved.

62-64: Is the detailed error information returned correctly?

The method returns detailed error information for logging. Is this the intended behavior?

The code changes are approved.

services/frontend/src/routes/(app)/settings/+page.svelte (3)

32-32: Does the new  element provide clarity?

The new  element provides additional context to the user regarding device-specific settings. Is this the intended behavior?

The code changes are approved.

Line range hint 43-43: Is the removal of the description property intentional?

The removal of the description property suggests a design decision to streamline the interface. Is this the intended behavior?

The code changes are approved.

61-63: Do the new CSS rules enhance readability?

The new CSS rules ensure that the description is visually distinct and properly spaced from the header. Is this the intended behavior?

The code changes are approved.

services/go_app_modules/basic-utils/customerrors/err_database_not_found.go (6)

12-25: Are all fields necessary and used correctly?

The struct DatabaseNotFoundError has several fields. Are all of them necessary and used correctly in the code?

27-41: Is the sqlData parameter type defined and used correctly?

The function NewDatabaseNotFoundError initializes a new DatabaseNotFoundError. Is the sqlData parameter type defined and used correctly in the code?

44-46: Is the error message returned correctly?

The function Error returns the error message. Is this the intended behavior?

48-50: Is the error identifier returned correctly?

The function ErrorType returns the error identifier. Is this the intended behavior?

52-57: Is the debugMode variable defined and used correctly?

The function HttpError returns the HTTP error details. Is the debugMode variable defined and used correctly in the code?

60-67: Are the error details for logging returned correctly?

The function LoggerError returns the error details for logging. Is this the intended behavior?

services/go_app_modules/basic-utils/customerrors/err_database.go (6)

12-25: Are all fields necessary and used correctly?

The struct DatabaseError has several fields. Are all of them necessary and used correctly in the code?

28-43: Is the sqlData parameter type defined and used correctly?

The function NewDatabaseError initializes a new DatabaseError. Is the sqlData parameter type defined and used correctly in the code?

46-48: Is the error message returned correctly?

The function Error returns the error message. Is this the intended behavior?

50-52: Is the error identifier returned correctly?

The function ErrorType returns the error identifier. Is this the intended behavior?

54-59: Is the debugMode variable defined and used correctly?

The function HttpError returns the HTTP error details. Is the debugMode variable defined and used correctly in the code?

62-70: Are the error details for logging returned correctly?

The function LoggerError returns the error details for logging. Is this the intended behavior?

Makefile (1)

6-6: Are the additional services necessary and configured correctly?

The dev target has been modified to include two additional services: authentik-server and authentik-worker. Are these services necessary and configured correctly in the development environment?

services/frontend/src/lib/theme/variables.scss (6)

7-8: Can you confirm the usage of these new color variables?

The new color variables for red shades look good. Are they being used in other parts of the codebase?

10-10: What prompted the change in the background color?

The adjustment from #ebebeb to #efefef looks good. Was this change made to improve visual contrast?

17-28: Can you provide more context on the new sidebar color variables?

The new and modified sidebar color variables look good. Could you provide more context on how these changes improve the sidebar design?

35-36: Is there a specific reason for retaining the red color variables in dark mode?

The retention of the same red color variables in dark mode ensures consistency. Is there a specific reason for this decision?

45-48: How do these changes impact the sidebar's visibility in dark mode?

The new sidebar color variables in dark mode look good. How do these changes impact the sidebar's visibility and aesthetic?

57-66: Are the old sidebar color variables still needed?

The old sidebar color variables have been commented out. Are they still needed for reference, or can they be removed?

services/frontend/src/lib/components/SidebarAccount/sidebar-account.svelte (3)

2-7: Can you confirm the source of SelfInformation?

The import of SelfInformation and the new user prop look good. Can you confirm that SelfInformation is correctly defined and imported?

10-33: Can you verify the dynamic rendering of user-specific data?

The modifications to the HTML structure to incorporate the user prop look good. Can you verify that the dynamic rendering of user-specific data works as expected?

58-76: Can you confirm the responsiveness of the new CSS rules?

The new CSS rules for the account name section look good. Can you confirm that these changes ensure clear and responsive presentation of the display name and username?

services/backend/src/migrator/migration-files/3_add_permissions.up.sql (5)

1-7: Can you explain the CHECK constraint on inherit_from?

The creation of the roles table looks good. Can you explain the purpose of the CHECK constraint on inherit_from?

9-15: Can you explain the CHECK constraint on identifier?

The creation of the permissions table looks good. Can you explain the purpose of the CHECK constraint on identifier?

17-23: Can you confirm the foreign key relationships?

The creation of the role_permissions table looks good. Can you confirm that the foreign key relationships are correctly defined?

25-31: Can you confirm the foreign key relationships?

The creation of the user_roles table looks good. Can you confirm that the foreign key relationships are correctly defined?

33-62: Can you explain the recursive query in the function?

The creation of the get_user_permissions function looks good. Can you explain the purpose and logic of the recursive query in the function?

services/backend/src/resources/auth/http/callback.go (1)

81-87: Looks good to me!

The function is correctly implemented.

The code changes are approved.

services/frontend/src/lib/components/SidebarNavigation/navigation.svelte (6)

1-1: Looks good to me!

The change to TypeScript improves type safety and maintainability.

The code changes are approved.

2-2: Looks good to me!

The import of the page store is necessary for reactive updates based on the current page.

The code changes are approved.

3-3: Looks good to me!

The import of the type definition improves type inference and maintainability.

The code changes are approved.

4-4: Looks good to me!

The import of the _ function is necessary for internationalization.

The code changes are approved.

5-5: Looks good to me!

The import of the slide transition enhances the user experience by animating the appearance of sub-elements.

The code changes are approved.

28-30: Looks good to me!

The function correctly determines the active navigation element.

The code changes are approved.

services/backend/go.mod (4)

10-10: Has the integration been tested?

The new dependency github.com/uvulpos/go-svelte/authentication-api has been added. Have you tested its integration to ensure it works as expected?

16-16: Is the local path verified?

The replace directive for github.com/uvulpos/go-svelte/authentication-api points to a local path. Have you verified that this path is correct and accessible?

29-29: Has the integration been tested?

The new dependency github.com/golang-jwt/jwt has been added. Have you tested its integration to ensure it works as expected?

50-50: Has the integration been tested?

The new dependency golang.org/x/oauth2 has been added. Have you tested its integration to ensure it works as expected?

services/frontend/src/routes/(app)/+layout.svelte (4)

8-8: Has the data variable been tested?

The data variable has been added to hold page-specific data. Have you tested its integration within the component?

51-51: Has the theme detection been tested?

The themeStore.isThemeSetOrAutoDetect(window) call has been added to the onMount function. Have you tested its functionality to ensure it correctly sets or detects the theme?

53-58: Has the URL cleanup logic been tested?

The URL cleanup logic has been added to remove the refresh-hash parameter. Have you tested its functionality to ensure it works as expected?

65-65: Has the selfInformation reactive statement been tested?

The selfInformation reactive statement has been added to extract user information from the data prop. Have you tested its functionality to ensure it works as expected?

devops/docker-compose/dev-dependencies/docker-compose.authentik.yaml (2)

58-58: Has the AUTHENTIK_BOOTSTRAP_EMAIL variable been tested?

The AUTHENTIK_BOOTSTRAP_EMAIL environment variable has been added. Have you tested its integration within the Authentik service?

59-60: Have the AUTHENTIK_BOOTSTRAP_PASSWORD and AUTHENTIK_BOOTSTRAP_TOKEN variables been tested?

The AUTHENTIK_BOOTSTRAP_PASSWORD and AUTHENTIK_BOOTSTRAP_TOKEN environment variables have been added. Have you tested their integration within the Authentik service?

Also applies to: 96-97

services/backend/src/configuration/variables.go (4)

11-11: Is the change to port 443 for HTTPS?

Changing the port to 443 indicates a shift towards HTTPS. This is a good practice for secure communication. Have you ensured that the necessary certificates are in place?

16-16: Is the commented-out line for local development?

The commented-out line suggests a potential default value for local development. This can be useful for developers. Is this the intended purpose?

24-32: Are the new OAuth variables for integrating OAuth authentication?

The new variables are essential for integrating OAuth authentication. They provide the necessary keys and URLs for client authentication and user information retrieval. Have you tested the OAuth flow with these variables?

34-42: Are the new certificate variables for managing identity information?

The new variables are designed to hold identity information for certificates. This is critical for establishing secure connections and ensuring trust in the application’s identity. Have you ensured that these variables are correctly set in the environment?

docker-compose.dev.yaml (1)

1-3: Is the uncommented inclusion of the external YAML file for authentication services?

Uncommenting the inclusion of the external YAML file indicates that authentication-related services are now being utilized in the development environment. This change is crucial for testing OAuth login functionality. Have you verified that the services defined in the external YAML file are correctly configured?

services/backend/src/web-app/app.go (7)

20-36: Are the new import statements for modularizing authentication and user management?

The new imports indicate a shift towards a more modular architecture that separates concerns related to authentication and user management from general services. Have you ensured that these modules are correctly integrated and tested?

40-42: Are the new fields in the App struct for handling authentication and user requests?

The addition of AuthHandler and UserHandler enhances the application's ability to handle authentication and user-related requests. Have you ensured that these handlers are correctly initialized and used?

56-83: Is the NewApp function updated to instantiate new handlers?

The NewApp function now creates instances of authService and userService, which are initialized with their respective storage components. This ensures that the new handlers are correctly set up. Have you tested the initialization process to ensure it works as expected?

134-141: Is the commented-out code in RunApp for future TLS implementation?

The commented-out code suggests a consideration for future security enhancements. This indicates a forward-thinking approach to improving the application's security. Have you planned when to implement this feature?

91-92: Is the version change from 1.0 to 0.1 intentional?

The change in version number might indicate a rollback or a reversion to an earlier stage of development. Could you please clarify the reason for this change?

Line range hint 144-166: Is the ReturnAppInE2EMode method for end-to-end testing?

The new method appears to set up the application in a mode suitable for end-to-end testing. Have you tested this method to ensure it works as expected?

Line range hint 109-109: Is the createRoutes method call for setting up routes?

Calling createRoutes ensures that the application's routes are set up correctly in both modes. Have you verified that all necessary routes are included?

Also applies to: 156-156

services/backend/src/resources/user/service/models/model_user_permissions.go

services/backend/src/resources/auth/service/logout.go

services/go_app_modules/authentication-api/ressources/auth/service/logout.go

services/backend/src/resources/user/service/get_user_permissions_by_id.go

services/go_app_modules/authentication-api/ressources/auth/service/userinfo_model.go

services/go_app_modules/authentication-api/ressources/auth/service/callback_authentik.go

uvulpos · 2024-08-27T21:19:11Z

@coderabbitai review

coderabbitai · 2024-08-27T21:19:16Z

Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

coderabbitai

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 12bb9f6 and 269609f.

Files selected for processing (4)

services/backend/src/resources/auth/http/logout.go (1 hunks)
services/frontend/src/lib/components/SidebarNavigation/navigation.svelte (1 hunks)
services/frontend/src/lib/theme/variables.scss (1 hunks)
services/frontend/src/routes/(authentication)/logout/+page.server.ts (1 hunks)

Files skipped from review as they are similar to previous changes (3)

services/backend/src/resources/auth/http/logout.go
services/frontend/src/lib/components/SidebarNavigation/navigation.svelte
services/frontend/src/lib/theme/variables.scss

Additional comments not posted (4)

services/frontend/src/routes/(authentication)/logout/+page.server.ts (4)

1-1: Is the import statement correct?

The import statement for redirect from @sveltejs/kit looks good to me. Is this the intended module for handling redirects in your application?

3-3: Is the type import correct?

The type import for LayoutServerLoad seems appropriate. Is this the correct type for the load function in your application?

4-6: Is the commented-out line intentional?

I noticed that the line for deleting the "jwt" cookie is commented out. Is this intentional for debugging purposes, or should it be removed or uncommented for production?

4-6: Is the redirect implementation correct?

The redirect to the OAuth logout endpoint looks good. Is this the intended behavior for handling logouts in your application?

uvulpos · 2024-08-28T13:14:31Z

services/backend/src/migrator/migration-files/3_add_permissions.up.sql

+    id UUID DEFAULT uuid_generate_v4() PRIMARY KEY,
+    name VARCHAR UNIQUE NOT NULL,
+    inherit_from UUID,
+    FOREIGN KEY (inherit_from) REFERENCES roles(id) ON DELETE SET NULL,


could be also an array, to inherit from multiple roles (like an admin)

uvulpos · 2024-08-28T14:30:25Z

@coderabbitai full review

coderabbitai · 2024-08-28T14:30:31Z

Actions performed

Full review triggered.

uvulpos · 2024-08-29T09:26:46Z

JWT is now only 10 Minutes valid. After that a refresh token must be used. This increases the load of the server, but improves security and fasten permission changes

uvulpos · 2024-08-30T23:01:44Z

@coderabbitai generate interesting stats about this repository and render them as a table.

coderabbitai · 2024-08-30T23:03:01Z

Tip

For best results, initiate chat on the files or code changes.

@uvulpos, here are the interesting statistics about the repository:

Metric                  Value
-----------------------------------
Number of Authors       3
Total Lines of Code     11,898
Number of Commits       183
Number of Files         256
TODO Comments           2

Let me know if you need any further analysis!

Analysis chain

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Count the number of authors in the repository.
authors=$(git shortlog -sn --all | wc -l)

# Count the total number of lines of code in the repository.
lines_of_code=$(tokei --output json | jq '.total.code')

# Count the number of commits in the repository.
commits=$(git rev-list --all --count)

# Count the number of files in the repository.
files=$(git ls-files | wc -l)

# Count the number of TODO comments in the codebase.
todos=$(rg -i 'TODO' | wc -l)

# Output the results as a table.
echo -e "Metric\t\t\tValue"
echo -e "-----------------------------------"
echo -e "Number of Authors\t$authors"
echo -e "Lines of Code\t\t$lines_of_code"
echo -e "Number of Commits\t$commits"
echo -e "Number of Files\t\t$files"
echo -e "TODO Comments\t\t$todos"

Length of output: 617

Script:

#!/bin/bash
# Output the raw tokei JSON data for inspection.
tokei --output json

Length of output: 55497

Script:

#!/bin/bash
# Sum the total lines of code across all languages in the tokei JSON output.
lines_of_code=$(tokei --output json | jq 'reduce .[] as $item (0; . + $item.code)')

# Output the results as a table.
echo -e "Metric\t\t\tValue"
echo -e "-----------------------------------"
echo -e "Total Lines of Code\t$lines_of_code"

Length of output: 284

uvulpos · 2024-08-30T23:06:11Z

@coderabbitai read the files in this pr and generate test cases for this pr and document them in Markdown

coderabbitai · 2024-08-30T23:07:19Z

Tip

For best results, initiate chat on the files or code changes.

Test Cases for OAuth Login PR

Backend Authentication and OAuth Handling

File: services/backend/src/resources/auth/http/callback.go
- Test Case 1: Verify that the CallbackHandler correctly processes a valid OAuth callback and sets the JWT cookie.
- Test Case 2: Test the behavior when the OAuth state does not match the expected value (e.g., possible CSRF attack).
- Test Case 3: Ensure that the handler returns an error when the authorization code is invalid or expired.
- Test Case 4: Validate that the user is redirected to the correct URL after successful authentication.
File: services/backend/src/resources/auth/http/logout.go
- Test Case 1: Verify that the Logout method correctly clears the JWT cookie and redirects the user to the logout URL.
- Test Case 2: Test the behavior when the logout service call fails (e.g., network issues).
File: services/backend/src/resources/auth/service/callback.go
- Test Case 1: Ensure that the AuthentikCallbackFunction correctly exchanges the authorization code for an access token.
- Test Case 2: Verify that the function handles the creation of a new user when the user does not exist in the database.
- Test Case 3: Test the behavior when the user information retrieval fails (e.g., invalid token).
File: services/backend/src/resources/auth/service/redirect.go
- Test Case 1: Verify that the CreateRedirect function generates the correct OAuth authorization URL with the provided state.

JWT Handling

File: services/backend/src/resources/identity-provider/jwt/service/create_jwt.go
- Test Case 1: Verify that the JWT is created with the correct claims and expiration time (10 minutes).
- Test Case 2: Test the behavior when the JWT creation fails due to invalid input.
File: services/backend/src/resources/identity-provider/jwt/service/verify_jwt.go
- Test Case 1: Ensure that the JWT verification correctly identifies valid and expired tokens.
- Test Case 2: Test the behavior when the JWT signature is invalid.

User Management

File: services/backend/src/resources/user/service/get_user_permissions_by_id.go
- Test Case 1: Verify that the correct permissions are retrieved for a given user ID.
- Test Case 2: Test the behavior when the user ID does not exist in the database.
File: services/backend/src/resources/user/service/get_user_self_information_by_id.go
- Test Case 1: Ensure that the correct user information is retrieved for a given user ID.
- Test Case 2: Test the behavior when the user information retrieval fails.

Frontend Components

File: services/frontend/src/lib/api/user/get-permissions.ts
- Test Case 1: Verify that the getUserPermissions function correctly retrieves permissions using a valid JWT.
- Test Case 2: Test the behavior when the JWT is invalid or expired.
File: services/frontend/src/lib/components/Sidebar/sidebar.svelte
- Test Case 1: Ensure that the sidebar correctly displays the logged-in user's information.
- Test Case 2: Test the behavior when the user information is not available (e.g., not logged in).

Configuration and Environment Setup

File: .env
- Test Case 1: Verify that the application correctly loads the OAuth-related environment variables.
- Test Case 2: Test the behavior when required environment variables are missing or invalid.
File: docker-compose.dev.yaml
- Test Case 1: Ensure that the authentik-server and authentik-worker services are correctly started and integrated with the application.
- Test Case 2: Test the behavior when the authentik-server service fails to start.

These test cases cover the critical areas of the OAuth login functionality, JWT handling, user management, frontend components, and configuration setup. They are designed to ensure that the new features work as expected and handle edge cases gracefully.

Analysis chain

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# List all the files that have been modified or added in this PR.
git diff --name-only origin/main

Length of output: 7030

sonarcloud · 2024-09-23T18:06:48Z

Quality Gate failed

Failed conditions
C Reliability Rating on New Code (required ≥ A)

See analysis details on SonarCloud

Catch issues before they fail your Quality Gate with our IDE extension SonarLint

feat: add oauth

51f2820

coderabbitai bot reviewed Aug 3, 2024

View reviewed changes

uvulpos and others added 3 commits August 3, 2024 16:37

resolve issues

27624ce

Merge branch 'main' into feat/add-oauth

b556ca8

fix styling issues

ad8b079

coderabbitai bot reviewed Aug 3, 2024

View reviewed changes

.

3bd236c

Repository owner deleted a comment from coderabbitai bot Aug 14, 2024

uvulpos and others added 10 commits August 15, 2024 20:34

.

d863557

.

66582a0

update git assets

561e2d7

.

d808fbb

Merge remote-tracking branch 'origin/main' into feat/add-oauth

6404e89

.

d7275bb

.

b43c6e3

.

063b894

.

4dd6b2a

Merge branch 'main' into feat/add-oauth

12bb9f6