Cherry-picked axios changes from #3302

[ktsapo]

Summary by CodeRabbit

• New Features

  • Added support for dynamically generating HTTP request headers in the application, allowing for more flexible API interactions.
  • Introduced the ability to update global variables and register initialization actions within the application context.
  • Added a new environment-specific configuration file for enhanced application setup.

• Refactor

  • Improved formatting and code organization for better readability in provider and application context components.

[coderabbitai]

Walkthrough

A new environment-specific configuration file was added for the backend, while the ReactJS application context and hooks were refactored to support a dynamic function for building HTTP request headers. Several interfaces were updated to include this function, and related code was reformatted for clarity and consistency.

Changes

File(s)	Change Summary
shesha-core/src/Shesha.Web.Host/appsettings.Kudzai.json	Added new environment-specific JSON configuration file with connection strings, app settings, authentication, and logging.
shesha-reactjs/src/hooks/useAxiosRequestConfig.ts	Modified to use a dynamic buildHttpRequestHeaders function from context, merging its output with existing headers.
shesha-reactjs/src/providers/sheshaApplication/application.ts	Refactored application instance and interfaces to support dynamic HTTP header building, added/updated several methods, reformatted code.
shesha-reactjs/src/providers/sheshaApplication/index.tsx	Consolidated imports, added buildHttpRequestHeaders prop to provider interface, improved formatting, no logic changes.

Sequence Diagram(s)

sequenceDiagram
    participant Component
    participant SheshaProvider
    participant SheshaApplicationInstance

    Component->>SheshaProvider: Provide buildHttpRequestHeaders (optional)
    SheshaProvider->>SheshaApplicationInstance: Initialize with buildHttpRequestHeaders
    Component->>SheshaApplicationInstance: Request Axios config
    SheshaApplicationInstance->>SheshaApplicationInstance: Call buildHttpRequestHeaders (if exists)
    SheshaApplicationInstance-->>Component: Return config with merged headers

Loading

Possibly related PRs

• Added mechanism to allow http request configuration to be updated #3310: Both PRs modify application context and hooks to add and integrate the optional buildHttpRequestHeaders function for dynamic HTTP header construction in Shesha ReactJS.

Suggested reviewers

• IvanIlyichev

Poem

In the field where headers grow,
A rabbit hops, with code in tow.
Dynamic keys, a clever feat,
Merged together, oh so neat!
Settings bloom, configs arise,
With every hop, our app is wise.
🐇✨

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

shesha-core/src/Shesha.Web.Host/appsettings.Kudzai.json (1)

17-17: Fix typo in log folder path

There's a typo in the default log folder path - "jobss" should likely be "jobs".

-  "DefaultLogFolder": "~/App_Data/Logs/jobss"
+  "DefaultLogFolder": "~/App_Data/Logs/jobs"

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fdbbff1 and c888d0e.

📒 Files selected for processing (4)

• shesha-core/src/Shesha.Web.Host/appsettings.Kudzai.json (1 hunks)
• shesha-reactjs/src/hooks/useAxiosRequestConfig.ts (1 hunks)
• shesha-reactjs/src/providers/sheshaApplication/application.ts (1 hunks)
• shesha-reactjs/src/providers/sheshaApplication/index.tsx (5 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: build-attempt

🔇 Additional comments (7)

shesha-reactjs/src/hooks/useAxiosRequestConfig.ts (1)

11-21: Well-implemented dynamic header integration

The implementation correctly integrates the buildHttpRequestHeaders function with proper:

• Optional chaining to handle when the function is undefined
• Memoization with appropriate dependencies
• Header precedence where dynamic headers can override static ones

The logic is sound and follows React hooks best practices.

shesha-reactjs/src/providers/sheshaApplication/index.tsx (2)

68-68: Good interface extension for dynamic headers

The addition of the optional buildHttpRequestHeaders property to the interface is well-designed and maintains backward compatibility.

---

25-25: Improved code organization and readability

The formatting changes enhance code readability:

• Consolidated imports for better organization
• Multi-line JSX blocks for clarity
• Restructured export statements

These changes improve maintainability without affecting functionality.

Also applies to: 38-42, 72-72, 80-82, 134-153, 196-202

shesha-reactjs/src/providers/sheshaApplication/application.ts (4)

164-171: Well-designed header merging strategy

The header merging logic in setRequestHeaders follows a good precedence order:

1. Existing headers
2. Dynamic headers from buildHttpRequestHeaders
3. New headers parameter
4. Front-end app header (always preserved)

This ensures proper header precedence while maintaining the required app identifier.

---

142-162: Robust initialization implementation

The async initialization logic is well-implemented with:

• Proper state management and UI updates via #rerender()
• Comprehensive error handling and logging
• Sequential execution of initialization actions

---

181-186: Safe permission checking implementation

The permission checking logic correctly handles edge cases:

• Empty permissions array returns true (good default)
• Safe access to authorizer with optional chaining
• Proper null/undefined checks

---

188-197:

Details

❓ Verification inconclusive

Verify form designer component aggregation logic

The component registration and aggregation logic looks correct, but please verify that the hasOwnProperty check is necessary given the object spreading approach used elsewhere in the codebase.

---

🏁 Script executed:

#!/bin/bash
# Description: Check if hasOwnProperty is consistently used in similar object iteration patterns
# Expected: Find similar patterns to verify consistency

# Search for similar object iteration patterns in the codebase
rg -A 3 -B 1 "for.*in.*{" --type ts --type tsx

Length of output: 132

---

We’ll re-run with more precise patterns to find all use of hasOwnProperty and any for…in loops:

---

🏁 Script executed:

#!/bin/bash
# 1. List all occurrences of hasOwnProperty in TS/TSX
rg "hasOwnProperty" -n --type ts --type tsx

# 2. Find every for/in loop via AST to see how often this pattern is used
ast-grep --pattern $'for ( $_ in $_ ) { $$$ }'

Length of output: 119

---

Let’s retry with explicit glob patterns instead of --type:

---

🏁 Script executed:

#!/bin/bash
# 1. Find all hasOwnProperty uses in TS/TSX files
rg -n "hasOwnProperty" -g "*.ts" -g "*.tsx"

# 2. Locate all for…in loops in TS/TSX files
rg -n "for .* in .*{" -g "*.ts" -g "*.tsx"

Length of output: 327

---

Verify necessity of hasOwnProperty guard in registerFormDesignerComponents

The aggregation logic looks correct, but given that registrations is built via object spread from known keys, the hasOwnProperty check may be redundant. Please confirm whether any inherited properties could leak into registrations; if not, consider removing the check for clarity.

• File: shesha-reactjs/src/providers/sheshaApplication/application.ts
Lines 188–197

[coderabbitai]

🛠️ Refactor suggestion

Security Concern: Hardcoded database connection details

The connection string contains hardcoded server and database names. Consider using environment-specific variables or secure configuration providers for production deployments.

-    "Default": "Data Source=localhost\\MSSQLSERVER01; Initial Catalog=MembershipApp;MultipleActiveResultSets=True;Trusted_Connection=True;TrustServerCertificate=true;"
+    "Default": "${CONNECTION_STRING}"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"Default": "Data Source=localhost\\MSSQLSERVER01; Initial Catalog=MembershipApp;MultipleActiveResultSets=True;Trusted_Connection=True;TrustServerCertificate=true;"
	"Default": "${CONNECTION_STRING}"

🤖 Prompt for AI Agents

In shesha-core/src/Shesha.Web.Host/appsettings.Kudzai.json at line 3, the
database connection string is hardcoded with server and database names, which
poses a security risk. Replace these hardcoded values with environment variables
or use a secure configuration provider to inject these details at runtime,
ensuring sensitive information is not stored directly in the configuration file.

[coderabbitai]

⚠️ Potential issue

Critical Security Issue: Hardcoded JWT security key

The JWT security key is hardcoded in the configuration file, which poses a significant security risk. This key should be stored in a secure location such as environment variables, Azure Key Vault, or other secure configuration providers.

-      "SecurityKey": "SUUDE4LZ77PT729NV5BEPXDMAFRHFX7F",
+      "SecurityKey": "${JWT_SECURITY_KEY}",

Consider using environment variables or secure configuration providers to manage sensitive keys.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"SecurityKey": "SUUDE4LZ77PT729NV5BEPXDMAFRHFX7F",
	"SecurityKey": "${JWT_SECURITY_KEY}",

🤖 Prompt for AI Agents

In shesha-core/src/Shesha.Web.Host/appsettings.Kudzai.json at line 12, the JWT
security key is hardcoded, which is a critical security risk. Remove the
hardcoded key from this file and instead configure the application to read the
JWT security key from a secure source such as environment variables or a secure
configuration provider like Azure Key Vault. Update the application
configuration code to retrieve the key securely at runtime.