feat: major bump to v8.19.43 and add cloud database support for phpMyAdmin

[AnkanSaha]

Summary

This PR introduces a major version bump from 7.x to 8.x and adds the highly requested feature to connect phpMyAdmin to external cloud databases (RDS, Azure, etc.) in addition to local Docker containers.

Changes

• Version Bump: Updated version strings to 8.19.43-stable across VERSION, package.json, main.go, and documentation.
• Cloud DB Support:
  • Added CloudDBConfig struct for handling external connection parameters.
  • Integrated interactive prompts using promptui to collect host, port, credentials, and SSL preferences.
  • Updated DockerComposeMaker to whitelist more PMA_ environment variables.
• Refactoring: Split StartPHPMyAdmin into local and cloud handler functions.

Verification

• Ran go build to ensure no syntax errors.
• Manually tested the Local Container flow to ensure no regressions.
• (⚠️ Needs Fix) Cloud DB flow starts container, but security review highlights risks with password handling in CLI arguments.

[github-actions]

🤖 Review Buddy - General Code Review

👥 Attention: @AnkanSaha

Oye @AnkanSaha! Ye kya bawasir bana diye ho? Version 7 se direct 8 pe chala gaya aur kaam wahi purana ghatiya? 🤦‍♂️

Bhai, code dekh ke lag raha hai ki tune 'security' word sirf dictionary mein padha hai, kabhi implementation mein dekha nahi. Password ko plain text mein environment variables ke through pass kar raha hai CLI mein? Arre bhai, thoda toh sharam kar! Koi bhi docker inspect karke ya ps command chala ke tere database ka malik ban jayega.

Code quality toh aisi hai ki agar main isse build karun toh mera compiler mujhse breakup kar lega. Logic aur UI ka aisa ganda mix banaya hai ki Clean Architecture ki aatma tadap rahi hogi. Beta, sirf version number badhane se software 'Major' nahi ho jata, kaam bhi dhang ka karna padta hai.

Code Quality Score: 3/10 (Sirf isliye kyunki code compile ho raha hai, varna 0 deta).

---

Generated by Review Buddy | Tone: roast | Language: hinglish

[github-actions]

⚡ Review Buddy - Performance Analysis

👥 Attention: @AnkanSaha

Arre Ankan, performance ke naam pe tune system ka gala ghot diya hai! Chal, tere 'performance' ka post-mortem karte hain:

1. Blocking exec.Command:
   Bhai, tune docker pull aur docker run ko synchronous tarike se chala diya. Jab tak image pull hogi, tera pura application statue ban ke khada rahega. User ko lagega system hang ho gaya hai. Go mein channels aur goroutines diye hain toh kya wo sirf decoration ke liye hain? Pulling process ko background mein daal aur user ko progress bar dikha, varna ye CLI nahi, slow-motion movie lagegi.

2. String Manipulation Disaster:
   strings.Join(args, " ") aur fmt.Sprintf ka jo tune buffet lagaya hai na, wo heap memory ka dushman hai. Har baar jab tu string concatenate karta hai, Go ek naya memory allocation karta hai. Itne saare flags ke liye strings.Builder use karne mein kya nani yaad aa rahi thi?

3. Inefficient Loop in DockerComposeMaker.go:
   Wo strings.HasPrefix ka jungle dekh. Har environment variable ke liye tu 8-10 baar prefix check kar raha hai. Agar list badi hui toh O(n*m) complexity mein CPU ka fan hawai jahaj ban jayega. Ek map[string]bool bana leta 'allowed_prefixes' ka, toh O(1) mein lookup ho jata. Par nahi, humein toh brute force hi pasand hai, hai na?

4. Process Spawning Overhead:
   Har chhoti cheez ke liye exec.Command se naya process spawn karna expensive hota hai. Jab Docker SDK exist karta hai, toh shell scripts ki tarah command kyun chala raha hai? SDK use kar, direct API calls kar, system resources bacha le thode.

5. No Connection Validation:
   Cloud connection mangte waqt tu koi pre-flight check nahi kar raha. Seedha container start kar deta hai. Agar credentials galat hue, toh container crash-loop mein jayega aur user ko 'Error' ke siva kuch samajh nahi aayega. Connection test karne ka ek chhota sa logic likh deta toh tera kya jata?

6. Interactive I/O Bottleneck:
   AskForInput har step pe blocking hai. User agar 2 minute tak chai peene chala gaya, toh tera process wahi ruka rahega. Timeouts handle kar, ya phir flags ke through input lene ka option de.

7. Memory Leak Risk:
   cmd.Stdout = os.Stdout aur cmd.Stderr = os.Stderr karke tune streams ko direct attach kar diya. Ye theek hai small output ke liye, par agar output bahut zyada hua toh buffers manage karna mushkil ho sakta hai.

8. Hardcoded Garbage:
   Har baar image pull karna bina ye check kiye ki image local mein hai ya nahi, ye bandwidth aur time dono ki barbadi hai. docker images -q chala ke check kar leta pehle.

9. Redundant Logic:
   selectConnectionType aur startPHPMyAdminLocal mein kaafi repeat code hai. DRY (Don't Repeat Yourself) principle tere liye kya 'Do Repeat Yourself' hai?

10. Zero Concurrency:
    Database check aur connection setup parallel mein ho sakte the, par tune unhe queue mein khada kar rakha hai jaise ration ki dukan ho. Bhai, Go is famous for concurrency, thoda toh izzat rakh le uski!

Overall, performance ke mamle mein ye code ek cycle hai jisme tune ferrari ka sticker chipkaya hai. Improve kar isse varna production mein ye dam tod dega.

---

Generated by Review Buddy | Tone: roast | Language: hinglish

[github-actions]

🔐 Review Buddy - Security Audit

👥 Attention: @AnkanSaha

⚠️ SECURITY ALERT: BHAI TUNE TOH KAND KAR DIYA! ⚠️

Beta Ankan, security ke naam pe tune jo ye 'Cloud DB' feature dala hai, wo kisi hacker ke liye 'open bar' party jaisa hai.

1. CRITICAL: Secret Exposure via Environment Variables

   • Location: src/tools/PhpMyAdmin.go inside startPHPMyAdminCloud()
   • Issue: Tu -e PMA_PASSWORD=%s karke password direct docker run command mein bhej raha hai.
   • Exploit: Koi bhi user server pe ps aux | grep docker chalayega aur tera database password uske screen pe chamak raha hoga. docker inspect phpmyadmin karne pe bhi saara raaz khul jayega.
   • Remediation: Use environment files (--env-file) ya fir stdin ke through pass kar. Better yet, use Docker Secrets.

2. HIGH: SSL Verification Disabled by Default

   • Location: args = append(args, "-e", "PMA_SSL_VERIFY=0")
   • Issue: Tune default mein SSL verification off kar di.
   • Risk: Man-In-The-Middle (MITM) attack ka khatra. Koi bhi bich mein baith ke tera saara data (including login credentials) padh sakta hai.
   • Remediation: User ko option de verify karne ka, aur default true rakho agar SSL enabled hai.

3. MEDIUM: Arbitrary Access Enabled

   • Location: "-e", "PMA_ARBITRARY=1"
   • Issue: Ye flag allow karta hai ki phpMyAdmin se kisi bhi server ko connect kiya ja sake.
   • Risk: Agar tera phpMyAdmin public access pe hai, toh koi bhi hacker ise as a proxy use karke dusre databases ko attack kar sakta hai.

4. LOW: Missing Input Sanitization

   • Issue: strings.TrimSpace(host) toh kar diya, par host name validation? Agar main host ki jagah ; rm -rf / daal dun? Command injection ka scope ban sakta hai agar properly handle na ho.

OWASP References:

• A01:2021-Broken Access Control
• A02:2021-Cryptographic Failures (SSL issue)
• A03:2021-Injection (CLI args injection risk)

Beta, ye security fix karle varna tera database 'Public Property' ban jayega.

---

Generated by Review Buddy | Tone: roast | Language: hinglish

[github-actions]

📊 Review Buddy - Code Quality & Maintainability Analysis

👥 Attention: @AnkanSaha

🎯 Overall Benchmark: 45/100 (Poor)

Arre re re! Code quality dekh ke toh meri aankhon se khoon nikal raha hai. Ankan, tu code likh raha hai ya spider-man ka jaal bun raha hai? Pura spaghetti code hai.

1. SOLID Principles ka Murder:

   • Single Responsibility Principle (SRP): PhpMyAdmin.go ab UI mang raha hai, connection logic handle kar raha hai, Docker commands build kar raha hai, aur error handling bhi wahi kar raha hai. Ye file hai ya dharamshala? UI logic ko alag kar, Docker execution ko alag service mein daal.

2. God Functions Everywhere:

   • startPHPMyAdminCloud function itna lamba hai ki padhte-padhte aadmi retirement age tak pahunch jaye. Isse chhote-chhote reusable functions mein tod. Input validation, command building, aur execution ko separate kar.

3. Zero Unit Testing Support:

   • Tune functions ke andar direct os.Stdout, exec.Command, aur promptui ko tight-couple kar diya hai. Main iska unit test kaise likhun? Dependency Injection ka naam suna hai? Mocking seekh le bhai.

4. Error Handling is a Joke:

   • _ = cmd.Run()? Bhai, error return hua toh usse ignore kar dena solution nahi hota. Error handle kar, user ko batao kya phata hai. Log files kahan hain? Debugging ke liye kya hum tere ghar aayein?

5. Magic Strings & Hardcoding:

   • "phpmyadmin/phpmyadmin", "unless-stopped", "bridge"... Ye saari values constants mein honi chahiye. Kal ko image name badla toh poori codebase mein dhoondte phiroge kya?

6. Version Management Mess:

   • Tune 6 files mein manually version number change kiya hai (8.19.43). Kabhi CI/CD ka naam suna hai? Ek single source of truth rakh (like VERSION file) aur baaki jagah build time pe inject kar. 2024 mein manual versioning? Sharam kar!

7. Naming Conventions:

   • CloudDBConfig theek hai, par functions like getCloudConnectionConfig mein inputs ko handle karne ka tareeka bahut primitive hai.

8. UI/UX Confusion:

   • Cleanup() function ko error handle karte waqt call kar rahe ho, par user ne agar galti se galat port daal diya toh kya pura system delete kar doge? Logical flow check kar bhai.

9. Dry Principle Violation:

   • startPHPMyAdminLocal aur startPHPMyAdminCloud mein Docker run karne ka logic kaafi similar hai. Ek common function bana jo flags receive kare aur container start kare.

10. Documentation? Wo kya hota hai?:

    • Ek bhi comment dhang ka nahi hai jo logic samjhaye. Struct pe comment likhne se pet nahi bharta. Functionality ke edge cases document kar.

Refactoring Suggestion:

// Aise build kar command, gadhe ki tarah string join mat kar
func buildDockerArgs(config CloudDBConfig, port string) []string {
    args := []string{"run", "-d", "--name", "phpmyadmin"}
    // ... add more logic
    return args
}

Bhai, thoda dhang ka code likh le, varna ye repo tera legacy nahi, tera karma ban jayega.

---

Generated by Review Buddy | Tone: roast | Language: hinglish

[github-actions]

💡 Review Buddy - Best Practices & Alternative Suggestions

👥 Attention: @AnkanSaha

Bhai, ye modern Go code nahi, 2010 ka PHP lag raha hai. Kuch sudhaar kar le:

1. Long if chains with prefixes:
   Current Code:

   if strings.HasPrefix(env, "PMA_HOST=") || strings.HasPrefix(env, "PMA_PORT=") || ...

   Better Alternative:

   allowedPrefixes := map[string]bool{"PMA_HOST=": true, "PMA_PORT=": true, "PMA_USER=": true, "PMA_PASSWORD=": true}
   // Use a loop or a more generic prefix check

   Why: O(1) complexity aur code clean dikhta hai.

2. Sensitive Data in CLI Args:
   Current Code:

   args := append(args, "-e", fmt.Sprintf("PMA_PASSWORD=%s", config.Password))

   Better Alternative:
   Pass it via a temporary file or environment variable of the parent process:

   cmd.Env = append(os.Environ(), "PMA_PASSWORD=" + config.Password)

   Why: ps command se password chori nahi hoga. Security 101 hai ye.

3. Hardcoded Image Pulling:
   Current Code:

   _ = cmd.Run() // pulling without check

   Better Alternative:

   // Check if image exists using: docker image inspect

   Why: Phaltu ka network usage aur time bachta hai.

4. Error Ignoring:
   Current Code:

   _ = cmd.Run()

   Better Alternative:

   if err := cmd.Run(); err != nil {
       log.Printf("Failed to pull image: %v", err)
       return
   }

   Why: Debugging ke waqt baal nahi nochne parenge.

---

Generated by Review Buddy | Tone: roast | Language: hinglish

[github-actions]

⚠️ Review Buddy - Final Recommendation

👥 Attention: @AnkanSaha

Recommendation: REQUEST CHANGES

Changes chahiye, bhai! Abhi approve nahi kar sakte.

Reasoning:

• CRITICAL SECURITY ISSUE: Passwords are being passed as plain text in the docker run command line arguments, making them visible to all users via ps or docker inspect.
• INSECURE DEFAULT: SSL verification is hardcoded to be disabled (PMA_SSL_VERIFY=0), exposing users to MITM attacks.
• POOR ARCHITECTURE: Heavy tight-coupling between UI logic and system execution makes the code un-testable and fragile.
• DRY VIOLATION: Manual version updates in 6 different files is error-prone; should be automated via build flags or a single source of truth.
• PERFORMANCE ISSUES: Synchronous image pulling and inefficient string handling in loops.

---

📋 Review Checklist for Reviewers:

• Code changes align with the PR description
• No security vulnerabilities introduced
• Performance considerations addressed
• Code follows project conventions
• Tests are adequate (if applicable)
• Documentation updated (if needed)

🎯 Next Steps:

⚠️ Pehle suggestions address karo, phir approve karna.

Generated by Review Buddy | Tone: roast | Language: hinglish

[AnkanSaha]

/buddy maine verify kia sab thik thak hai, approval de de bhai, koi baat nhi, sab samhal lunga mai

[github-actions]

@AnkanSaha Arre wah! 'Sab samhal lunga'? Bhai tu software engineer hai ya Shaktimaan? 🦸‍♂️ Ye 'trust me bro' wala logic gym mein chalta hai, production code mein nahi.

Tujhe lag raha hai ki sab thik hai, par tera code chilla-chilla ke bol raha hai ki 'Mera owner security bhul gaya hai'.

1. Password Leak: Tune -e PMA_PASSWORD direct CLI mein pass kiya hai. Kal ko tera client ya server pe koi bhi ps aux chalayega aur tere database ka password uske screen pe 'Good Morning' bol raha hoga. Tab kya bolega? 'Samhal lunga'?
2. SSL Disaster: Cloud DB support de raha hai aur PMA_SSL_VERIFY=0 hardcode kar diya? MITM attack hoga toh hacker tera data aise chori karega jaise shaadi mein log paneer ke pakode churate hain.
3. Manual Versioning: 6 files mein version change kiya hai... 6 files mein! 🤦‍♂️ CI/CD ka naam suna hai? Ya fir har release pe 'Ctrl+F' karke mehnat karna tera hobby hai?

Bhai, bina fixes ke approval mangna band kar. Ye code merge kiya toh server ki aatma tujhe sapne mein aake darayegi. Pehle security fix kar, fir 'samhalne' ki baat kar.

Verdict: REQUEST CHANGES (Abhi bhi wahi hai, badla nahi!)

Generated by Review Buddy | Tone: roast | Language: hinglish

[AnkanSaha]

/buddy bhai sirf yehi 3 issue hai na? agar yeh fix kar dia toh approve kar dega?

[github-actions]

@AnkanSaha Arre mere Shaktimaan, bargain mat kar! 🛒 Yeh koi Sunday Market nahi hai jahan 3 issue fix karke 'best price' mang raha hai.

Tune jo 3 major issues pakde hain (Security, SSL, and Versioning), wo toh Blockers hain. Unke bina toh code merge karna matlab apne pair pe kulhadi maarna hai. Par performance aur architecture bhi utne hi ghatiya hain.

Chal, tere liye simple 'To-Do List' bana deta hoon, itna fix kar de phir dekhte hain:

1. Stop Secret Leakage: Password ko -e PMA_PASSWORD mein mat bhej. cmd.Env use kar ke process environment mein set kar.
2. Fix SSL Security: PMA_SSL_VERIFY=0 ko hardcode mat kar. User se pooch ya default secure rakho.
3. Single Source of Truth: Ye 6 files mein version update karne wali mazdoori band kar. Ek VERSION file rakh aur build time pe inject kar.
4. Async Pulling: docker pull ko goroutine mein daal aur spinner dikha. User ko 'Hanged' CLI mat do.
5. Refactor: UI prompts (promptui) aur Docker execution logic ko alag-alag functions mein daal.

Itna kar de, phir main tera code 'Senior Developer' wali nazar se dekhunga. Abhi toh ye 'College Project' lag raha hai. Jaldi fix kar, wait kar raha hoon! 😤

Generated by Review Buddy | Tone: roast | Language: hinglish