Feature/add connection token

[komyg]

Describe your changes

• Added a migration to add the connection_token column to the _nango_connections table.
• Added a migration to add the connection_token column to the _nango_oauth_sessions table.
• Created a new authentication method in the frontend SDK that does not require the connectionId and that returns the new connectionToken created by the backend.
• Deprecated the old auth method in the frontend SDK.
• Updated the create component to call the new authentication method, that does not require a connectionId if no connectionId is set by the user.
• Updated the oauth controller to create the connectionToken and save it.
• Updated the oauth controller to set the connectionToken as the default value for the connectionId.
• Updated the ConnectionService to save the connectionToken on the database.
• The HMAC generation no longer requires a connectionId.
• Updated the docs.

Issue ticket number and link

Checklist before requesting a review (skip if just adding/editing APIs & templates)

• I added tests, otherwise the reason is:
• I added observability, otherwise the reason is:
• I added analytics, otherwise the reason is:

Summary by CodeRabbit

• New Features

  • Introduced a new connection_token feature in the database schema for enhanced connection management.
  • Added a new authentication method to improve the clarity and structure of authentication results.
  • Enhanced connection handling in the OAuth flow with dynamic token generation.
  • Updated connection creation process to better manage connection states and user feedback.
  • Modified API functions to accept optional parameters, improving flexibility.
  • Renamed authentication method in the SDK for consistency and clarity.

• Bug Fixes

  • Improved error handling in the authentication process to provide clearer user messages.

• Documentation

  • Updated interfaces to include optional connectionToken properties for better flexibility in OAuth sessions.
  • Revised documentation to reflect changes in the authentication method and parameters for improved user guidance.

[coderabbitai]

Warning

Rate limit exceeded

@komyg has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 11 minutes and 28 seconds before requesting another review.

How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

Commits

Files that changed from the base of the PR and between 69ec8f3 and 5f009f1.

Walkthrough

The recent changes involve updates to the database schema, authentication processes, and connection management across multiple components. Key modifications include the addition of a connection_token to various interfaces and methods, adjustments to how connection IDs are handled, and enhancements to the authentication workflow. These updates improve flexibility and robustness in managing connections and authentication within the application.

Changes

Files	Change Summary
packages/database/lib/migrations/20240903153801_create_connection_token.cjs	Introduced a migration to add connection_token column and modify connection_id constraints in tables.
packages/frontend/lib/index.ts	Enhanced Nango class with new AuthenticationResult interface and authentication method, marking auth as deprecated.
packages/server/lib/controllers/environment.controller.ts	Removed conditional check for connectionId, allowing HMAC processing without it.
packages/server/lib/controllers/oauth.controller.ts	Modified connection handling to generate connectionToken if connection_id is missing.
packages/shared/lib/models/Auth.ts	Added optional connectionToken property to OAuthSession interface.
packages/shared/lib/models/Connection.ts	Introduced optional connection_token to BaseConnection, NangoConnection, and ConnectionList interfaces.
packages/shared/lib/services/connection.service.ts	Updated upsertConnection method to include optional connectionToken parameter.
packages/webapp/src/pages/Connection/Create.tsx	Changed connectionId state to nullable type and modified connection creation logic.
packages/webapp/src/utils/api.tsx	Altered useGetHmacAPI function to accept optional connectionId parameter.
packages/server/lib/clients/publisher.client.ts	Modified notifySuccess method to include optional connectionToken parameter.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Frontend
    participant OAuthController
    participant ConnectionService

    User->>Frontend: Initiate Connection Creation
    Frontend->>OAuthController: Request Authentication
    OAuthController->>ConnectionService: Check for connection_id
    alt connection_id exists
        ConnectionService-->>OAuthController: Use existing connection_id
    else connection_id missing
        ConnectionService-->>OAuthController: Generate connectionToken
    end
    OAuthController-->>Frontend: Return Authentication Result
    Frontend-->>User: Display Success/Error Message

Loading

🐰 "In the garden where connections bloom,
A token's dance dispels the gloom.
With every hop and every cheer,
New paths of trust now draw near.
So let us leap, both brave and spry,
For changes here will help us fly!" 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

Outside diff range, codebase verification and nitpick comments (1)

packages/shared/lib/services/connection.service.ts (1)

93-118: Potential Issue with connectionToken Handling

The current implementation correctly handles the absence of connectionToken by checking for existing connections and updating them. However, there is no evidence of logic to handle the case when connectionToken is provided, which suggests that the feature might not be fully implemented. Please review the code to ensure that new connections are inserted with connectionToken when it is provided.

• Ensure that there is logic outside the if (!connectionToken) block to handle the insertion of new connections with connectionToken.

Analysis chain

Verify the handling of connectionToken in the new conditional block.

Ensure that the new conditional block correctly handles the presence and absence of connectionToken:

• If connectionToken is not provided, the method should proceed with the existing logic to check if a connection exists and update or insert it accordingly.
• If connectionToken is provided, the method should skip the existing logic and directly insert a new connection with the connectionToken included in the encrypted connection object.

Run the following script to verify the handling of connectionToken:

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the handling of `connectionToken` in the `upsertConnection` method.

# Test 1: Search for the conditional block that checks the presence of `connectionToken`.
# Expect: The conditional block should be present.
ast-grep --lang typescript --pattern $'if (!connectionToken) {
  $$$
}'

# Test 2: Search for the existing logic to check if a connection exists and update or insert it accordingly within the conditional block.
# Expect: The existing logic should be present within the conditional block.
ast-grep --lang typescript --pattern $'if (!connectionToken) {
  $$$
  const storedConnection = await this.checkIfConnectionExists($$$);
  $$$
  if (storedConnection) {
    $$$
    const encryptedConnection = encryptionManager.encryptConnection({
      $$$
    });
    $$$
    const connection = await db.knex
      .from<StoredConnection>(\`_nango_connections\`)
      .where({ id: storedConnection.id!, deleted: false })
      .update(encryptedConnection)
      .returning(\'*\');
    $$$
  }
}'

# Test 3: Search for the logic to insert a new connection with `connectionToken` outside the conditional block.
# Expect: The logic to insert a new connection with `connectionToken` should be present outside the conditional block.
ast-grep --lang typescript --pattern $'const connection = await db.knex
  .from<StoredConnection>(\`_nango_connections\`)
  .insert(
    encryptionManager.encryptConnection({
      $$$
      connection_token: connectionToken,
      $$$
    })
  )
  .returning(\'*\');'

Length of output: 3614

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 2e119f3 and ce61ee1.

Files selected for processing (9)

• packages/database/lib/migrations/20240903153801_create_connection_token.cjs (1 hunks)
• packages/frontend/lib/index.ts (5 hunks)
• packages/server/lib/controllers/environment.controller.ts (1 hunks)
• packages/server/lib/controllers/oauth.controller.ts (8 hunks)
• packages/shared/lib/models/Auth.ts (1 hunks)
• packages/shared/lib/models/Connection.ts (3 hunks)
• packages/shared/lib/services/connection.service.ts (3 hunks)
• packages/webapp/src/pages/Connection/Create.tsx (3 hunks)
• packages/webapp/src/utils/api.tsx (1 hunks)

Additional comments not posted (24)

packages/database/lib/migrations/20240903153801_create_connection_token.cjs (1)

7-12: Verify the impact of making the connection_id column nullable and consider using Knex's schema builder methods.

Please consider the following:

1. Verify the impact of making the connection_id column nullable:
   • Ensure that the existing code handles nullable connection_id values correctly.
   • If the connection_id column is used as a foreign key in other tables, ensure that those tables allow null values for this column.

Run the following script to verify the impact:

2. Consider using Knex's schema builder methods for better portability across different databases. For example:

await knex.schema.alterTable('_nango_connections', (table) => {
  table.uuid(CONNECTION_TOKEN_COLUMN).unique();
  table.uuid(CONNECTION_ID_COLUMN).nullable().alter();
});

packages/shared/lib/models/Connection.ts (3)

12-12: LGTM!

The addition of the optional connection_token property to the BaseConnection interface looks good. It enhances the flexibility of the interface without breaking existing code.

---

68-68: LGTM!

The addition of the optional connection_token property to the NangoConnection interface looks good. It enhances the flexibility of the interface without breaking existing code.

---

83-83: LGTM!

The addition of the optional connection_token property to the ConnectionList interface looks good. It enhances the flexibility of the interface without breaking existing code.

packages/shared/lib/models/Auth.ts (1)

24-24: LGTM!

The addition of the optional connectionToken property to the OAuthSession interface is a valid change. The property is correctly marked as optional and its type is appropriately defined as string | undefined.

packages/server/lib/controllers/environment.controller.ts (1)

Line range hint 80-95: Verify the handling of undefined connectionId in the hmacService.digest method.

The conditional check for connectionId has been removed. Ensure that the hmacService.digest method handles the case when connectionId is undefined to avoid any potential issues.

Run the following script to verify the handling of undefined connectionId:

packages/webapp/src/utils/api.tsx (1)

665-669: LGTM!

The changes to the useGetHmacAPI function look good:

• Making the connectionId parameter optional allows for more flexible usage of the function.
• The updated URL construction logic correctly handles the presence or absence of connectionId, improving maintainability and reducing potential errors.

These modifications align with the alterations mentioned in the summary.

packages/frontend/lib/index.ts (6)

29-33: LGTM!

The new interface AuthenticationResult is well-defined and follows the existing coding conventions.

---

39-47: LGTM!

The new type AuthConfigOptions is correctly defined as a union type and includes all the relevant types.

---

128-149: LGTM!

The new method authentication is well-implemented and follows the existing coding conventions. The validation checks and URL construction are handled appropriately.

---

159-159: LGTM!

The changes to the auth method are minimal and do not affect its functionality. The deprecation notice is appropriate.

---

185-209: LGTM!

The changes to the callAuth method correctly handle both AuthResult and AuthenticationResult. The updated successHandler function and promise resolution logic are implemented appropriately.

---

484-488: LGTM!

Making the connectionId parameter optional in the toQueryString method is consistent with the changes made to the auth method and provides flexibility.

packages/server/lib/controllers/oauth.controller.ts (4)

56-60: LGTM!

The changes ensure that a valid connection identifier (connectionId) is always available by using the connection_id from the request query if it exists, otherwise falling back to a newly generated connectionToken.

---

109-112: LGTM!

The HMAC verification process is updated to conditionally include connectionId only if it was received from the request, allowing for a more flexible verification.

---

Line range hint 831-931: LGTM!

The connectionToken is now included in various logging statements, ensuring that it is consistently tracked throughout the OAuth flow. This may facilitate better debugging and monitoring of connection-related activities.

---

Line range hint 956-1065: LGTM!

The connectionToken is included in the logging statement after receiving the token response and passed to the connectionService.upsertConnection method, ensuring that it is consistently tracked and associated with the connection.

packages/webapp/src/pages/Connection/Create.tsx (4)

33-33: LGTM!

The changes to the connectionId state variable look good:

• Changing the type to string | null allows for cases where the connection ID may not be available immediately.
• Initializing it as null is a best practice when the initial value is unknown.

These changes enhance the component's flexibility in handling different connection states.

---

202-220: LGTM!

The added code block to handle missing connection_id looks good:

• It enhances the component's functionality by initiating the authentication process when connection_id is not provided.
• The nango.authentication method is called with the necessary parameters to handle the authentication flow.
• Showing success and error messages improves the user experience by providing appropriate feedback.
• Navigating to the connections page on successful authentication ensures a smooth user flow.

These changes make the component more robust in handling different scenarios during the connection creation process.

---

204-210: LGTM!

The parameters passed to the nango.authentication method look good:

• The integration_unique_key is correctly obtained from the form data.
• The user_scope is obtained from the selectedScopes state variable.
• The params are obtained from the connectionConfigParams state variable or an empty object.
• The authorization_params are obtained from the authorizationParams state variable or an empty object.
• The hmac is obtained from the hmacDigest state variable or an empty string.
• The credentials are obtained based on the authMode and the corresponding state variables.

These parameters ensure that the necessary data is passed to the authentication method for proper handling of the connection creation process.

---

211-219: LGTM!

The handling of success and error scenarios after the authentication process looks good:

• On successful authentication:
  • A success toast message is shown to provide visual feedback to the user.
  • An analytics event is tracked to monitor and analyze user actions.
  • The data is mutated to ensure the UI reflects the updated state.
  • The user is navigated to the connections page, providing a logical flow after the successful connection creation.
• If an error occurs during authentication:
  • An error message is set based on the error type to provide meaningful feedback to the user.

These changes ensure proper handling of the authentication outcome and enhance the user experience by providing appropriate feedback and navigation.

packages/shared/lib/services/connection.service.ts (3)

73-73: LGTM!

The new optional connectionToken parameter in the method signature looks good.

---

83-83: LGTM!

The new optional connectionToken parameter in the method signature looks good.

---

126-126: LGTM!

The inclusion of connectionToken in the encrypted connection object when inserting a new connection looks good.

[coderabbitai]

Consider using Knex's schema builder methods for better portability.

Similar to the up function, consider using Knex's schema builder methods for better portability across different databases. For example:

await knex.schema.alterTable('_nango_connections', (table) => {
  table.dropColumn(CONNECTION_TOKEN_COLUMN);
  table.uuid(CONNECTION_ID_COLUMN).notNullable().alter();
});

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between ce61ee1 and 6f30cca.

Files selected for processing (4)

• packages/frontend/lib/index.ts (8 hunks)
• packages/server/lib/clients/publisher.client.ts (1 hunks)
• packages/server/lib/controllers/oauth.controller.ts (9 hunks)
• packages/webapp/src/pages/Connection/Create.tsx (4 hunks)

Files skipped from review as they are similar to previous changes (3)

• packages/frontend/lib/index.ts
• packages/server/lib/controllers/oauth.controller.ts
• packages/webapp/src/pages/Connection/Create.tsx

Additional comments not posted (1)

packages/server/lib/clients/publisher.client.ts (1)

208-215: LGTM!

The code changes to the notifySuccess method are approved:

• The method signature has been correctly updated to include an optional connectionToken parameter.
• The connectionToken is correctly included in the JSON payload sent to the client.
• The changes are consistent with the AI-generated summary and do not introduce any issues or inconsistencies.

Also applies to: 221-221

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 6f30cca and f5b121e.

Files selected for processing (3)

• .vscode/launch.json (1 hunks)
• docker-compose.yaml (1 hunks)
• packages/shared/lib/services/connection.service.ts (4 hunks)

Files skipped from review due to trivial changes (2)

• .vscode/launch.json
• docker-compose.yaml

Files skipped from review as they are similar to previous changes (1)

• packages/shared/lib/services/connection.service.ts

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between f5b121e and 69ec8f3.

Files selected for processing (17)

• .vscode/launch.json (1 hunks)
• docker-compose.yaml (1 hunks)
• docs-v2/integrate/guides/advanced/secure-frontend-sdk.mdx (2 hunks)
• docs-v2/integrate/guides/authorize-an-api.mdx (1 hunks)
• docs-v2/integrate/overview.mdx (1 hunks)
• docs-v2/introduction.mdx (2 hunks)
• docs-v2/reference/sdks/frontend.mdx (4 hunks)
• packages/database/lib/migrations/20240903153801_create_connection_token.cjs (1 hunks)
• packages/frontend/lib/index.ts (8 hunks)
• packages/server/lib/clients/publisher.client.ts (1 hunks)
• packages/server/lib/controllers/environment.controller.ts (1 hunks)
• packages/server/lib/controllers/oauth.controller.ts (9 hunks)
• packages/shared/lib/models/Auth.ts (1 hunks)
• packages/shared/lib/models/Connection.ts (3 hunks)
• packages/shared/lib/services/connection.service.ts (4 hunks)
• packages/webapp/src/pages/Connection/Create.tsx (5 hunks)
• packages/webapp/src/utils/api.tsx (1 hunks)

Files skipped from review due to trivial changes (4)

• .vscode/launch.json
• docker-compose.yaml
• docs-v2/introduction.mdx
• packages/database/lib/migrations/20240903153801_create_connection_token.cjs

Files skipped from review as they are similar to previous changes (7)

• packages/server/lib/controllers/environment.controller.ts
• packages/server/lib/controllers/oauth.controller.ts
• packages/shared/lib/models/Auth.ts
• packages/shared/lib/models/Connection.ts
• packages/shared/lib/services/connection.service.ts
• packages/webapp/src/pages/Connection/Create.tsx
• packages/webapp/src/utils/api.tsx

Additional comments not posted (22)

docs-v2/integrate/overview.mdx (2)

23-23: LGTM!

The code change is consistent with the AI-generated summary. The connectionId variable is no longer being passed to the nango.auth function.

---

27-27: LGTM!

The code change is consistent with the AI-generated summary. The connectionToken obtained from the result of the authentication process is now being passed to the saveToDatabase function.

docs-v2/integrate/guides/advanced/secure-frontend-sdk.mdx (2)

11-11: LGTM!

The code changes are approved.

---

151-154: LGTM!

The code changes are approved.

docs-v2/integrate/guides/authorize-an-api.mdx (1)

82-82: LGTM!

The change in the method name from nango.auth() to nango.authentication() improves clarity and aligns with the alterations list.

packages/server/lib/clients/publisher.client.ts (1)

208-215: LGTM!

The code changes are approved for the following reasons:

• The notifySuccess method signature has been correctly updated to include an optional connectionToken parameter.
• The connectionToken is correctly included in the JSON payload.
• The control flow remains intact.
• The method now supports a broader range of use cases by accommodating the new parameter.

Also applies to: 221-221

docs-v2/reference/sdks/frontend.mdx (9)

27-27: LGTM!

The code segment is approved.

---

52-54: LGTM!

The code segment is approved.

---

59-63: LGTM!

The code segment is approved.

---

64-117: LGTM!

The code segment is approved.

---

119-148: LGTM!

The code segment is approved.

---

150-151: LGTM!

The code segment is approved.

---

208-208: LGTM!

The code segment is approved.

---

212-212: LGTM!

The code segment is approved.

---

271-271: LGTM!

The code segment is approved.

packages/frontend/lib/index.ts (7)

29-33: LGTM!

The new AuthenticationResult interface is well-defined and serves the purpose of encapsulating the results of the authentication process.

---

39-47: LGTM!

The new AuthConfigOptions type alias consolidates various credential types into a single type union, which improves code readability and maintainability.

---

128-149: LGTM!

The new authentication method is well-structured and handles the authentication process effectively. The validation checks ensure that only standard OAuth2 flows are supported, and the error handling is appropriate.

---

Line range hint 159-183: LGTM!

The changes to the auth method are consistent with the introduction of the new authentication method. The deprecation notice is helpful for guiding users towards the preferred authentication approach.

---

185-207: LGTM!

The changes to callAuth reflect the updates in the authentication flow and ensure compatibility with both AuthResult and AuthenticationResult. The modified success handler handles the presence of connectionToken appropriately.

---

Line range hint 486-537: LGTM!

Making the connectionId parameter optional in toQueryString allows for greater flexibility in generating query strings. The changes are consistent with the rest of the codebase.

---

Line range hint 666-697: LGTM!

The changes to the handleMessage method in the AuthorizationModal class are consistent with the updates in the authentication flow. The modified success handler signature aligns with the changes made in the Nango class.

[khaliqgant]

I think I would prefer a different nameauthenticate perhaps?