feat: the good user management

[StanGirard]

Screen.Recording.2023-09-13.at.13.20.32.mp4

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Sep 13, 2023 11:17am
quivrapp	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Sep 13, 2023 11:17am

[github-actions]

Risk Level 2 - /home/runner/work/quivr/quivr/frontend/app/brains-management/[brainId]/components/BrainManagementTabs/components/SettingsTab/hooks/useSettingsTab.ts

The code seems to be well written and follows good practices. However, there are a few areas that could be improved for better readability and maintainability:

1. Avoid magic numbers: There's a setTimeout function with a delay of 50. It's not clear why this specific value is used. Consider storing such values in well-named constants to improve code readability.

const MODEL_UPDATE_DELAY = 50;
setTimeout(() => {
  if (brain.model !== undefined) {
    setValue(\"model\", brain.model);
  }
}, MODEL_UPDATE_DELAY);

2. Error handling: There are several places where errors are caught but not handled appropriately. It's important to handle these errors in a way that doesn't leave the system in an inconsistent state and provides enough information for debugging.

3. Use of any type: There's a @ts-expect-error comment indicating a bad type inference from TypeScript. Avoid using any type as it defeats the purpose of using TypeScript. Try to define a more specific type or refactor the code to avoid type issues.

---

Risk Level 5 - /home/runner/work/quivr/quivr/backend/routes/upload_routes.py

The openai_api_key is being used in plain text which is a high security risk. It should be encrypted and stored securely. Also, the openai_api_key is being passed around in multiple places which increases the risk of it being exposed. It would be better to centralize its usage.

userDailyUsage = UserUsage(
    id=current_user.id,
    email=current_user.email,
    openai_api_key=current_user.openai_api_key, # This should be encrypted and stored securely
)

if openai_api_key is None:
    openai_api_key = get_user_identity(current_user.id).openai_api_key # This should be encrypted and stored securely

message = await filter_file(
    file=file,
    enable_summarization=enable_summarization,
    brain_id=brain_id,
    openai_api_key=openai_api_key, # This should be encrypted and stored securely
)

---

Risk Level 5 - /home/runner/work/quivr/quivr/backend/routes/user_routes.py

The openai_api_key is being used in plain text which is a high security risk. It should be encrypted and stored securely.

userDailyUsage = UserUsage(
    id=current_user.id,
    email=current_user.email,
    openai_api_key=current_user.openai_api_key, # This should be encrypted and stored securely
)

---

📚🔒🚫

---

Powered by Code Review GPT

[mamadoudicko]

#1161