feat(chat-deploy)#277
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
| "description" text, | ||
| "is_active" boolean DEFAULT true NOT NULL, | ||
| "customizations" json DEFAULT '{}', | ||
| "auth_type" text DEFAULT 'public' NOT NULL, |
There was a problem hiding this comment.
The auth_type column lacks a CHECK constraint to restrict values to only valid options
| --> statement-breakpoint | ||
| ALTER TABLE "chatbot" ADD CONSTRAINT "chatbot_workflow_id_workflow_id_fk" FOREIGN KEY ("workflow_id") REFERENCES "public"."workflow"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint | ||
| ALTER TABLE "chatbot" ADD CONSTRAINT "chatbot_user_id_user_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."user"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint | ||
| CREATE UNIQUE INDEX "subdomain_idx" ON "chatbot" USING btree ("subdomain"); No newline at end of file |
There was a problem hiding this comment.
Missing indexes on foreign keys workflow_id and user_id
| return | ||
| } | ||
|
|
||
| const checkChatbotDeployment = async () => { |
There was a problem hiding this comment.
API polling effect lacks cleanup that could lead to race conditions if component unmounts during API call
| } | ||
|
|
||
| // This endpoint returns information about the chatbot | ||
| export async function GET(request: NextRequest, { params }: { params: Promise<{ subdomain: string }> }) { |
There was a problem hiding this comment.
Incorrect parameter typing: params should not be a Promise in Next.js route handlers
| const apiKey = apiKeyResult[0].key | ||
|
|
||
| // Forward the message to the workflow execution endpoint | ||
| const response = await fetch(`${process.env.NEXT_PUBLIC_APP_URL}/api/workflows/${deployment.workflowId}/execute`, { |
There was a problem hiding this comment.
Using NEXT_PUBLIC_ environment variable on the server side
| } | ||
|
|
||
| // Handle OPTIONS requests for CORS preflight | ||
| export async function OPTIONS(request: NextRequest) { |
There was a problem hiding this comment.
Rule violated: Enforce Utility Function Placement by Usage Pattern
Utility function placed incorrectly - only used in one location
| } | ||
|
|
||
| // Validate authentication for chatbot access | ||
| export async function validateChatbotAuth( |
There was a problem hiding this comment.
Rule violated: Enforce Utility Function Placement by Usage Pattern
Utility function placed incorrectly - only used in one location
| "is_active" boolean DEFAULT true NOT NULL, | ||
| "customizations" json DEFAULT '{}', | ||
| "auth_type" text DEFAULT 'public' NOT NULL, | ||
| "password" text, |
There was a problem hiding this comment.
Rule violated: Prevent Default Empty Values for Required Security Parameters
Security-related password field implicitly defaults to NULL which could create authentication vulnerabilities
| request: NextRequest, | ||
| parsedBody?: any | ||
| ): Promise<{ authorized: boolean, error?: string }> { | ||
| const authType = deployment.authType || 'public' |
There was a problem hiding this comment.
Rule violated: Prevent Default Empty Values for Required Security Parameters
Authentication type defaults to 'public' when deployment.authType is undefined/null/empty, potentially allowing unauthorized access.
| welcomeMessage: z.string(), | ||
| }), | ||
| authType: z.enum(["public", "password", "email"]), | ||
| password: z.string().optional(), |
There was a problem hiding this comment.
Rule violated: Prevent Default Empty Values for Required Security Parameters
Password validation schema allows optional password when authType is 'password'
emir-karabeg
force-pushed
the
main
branch
4 times, most recently
from
df6ba40 to
02657ec
Compare
emir-karabeg
force-pushed
the
feat/chat-deploy
branch
from
0402ad4 to
0fc10a5
Compare
waleedlatif1
force-pushed
the
feat/chat-deploy
branch
from
c6531d9 to
bfec096
Compare
waleedlatif1
force-pushed
the
feat/chat-deploy
branch
from
8e4031f to
83c58e5
Compare
waleedlatif1
force-pushed
the
main
branch
2 times, most recently
from
d758819 to
185977b
Compare
waleedlatif1
force-pushed
the
main
branch
2 times, most recently
from
d77efe5 to
f2e5d67
Compare
…elpoy to subdomain of *.simstudio.ai
… access it at subdomain. still need to fix the actual chat request to match the same format as the chat in the panel
… a response from subdomain. need to fix UI + form submission of deploy modal but the core functionality works
…the ability to delete/view chat deployment, and test emails/email domain
emir-karabeg
force-pushed
the
feat/chat-deploy
branch
from
2407041 to
00227da
Compare
| @@ -0,0 +1,128 @@ | |||
| 'use client' | |||
|
|
|||
| import { useState } from 'react' | |||
There was a problem hiding this comment.
Unused import: 'useState' is imported but never used in the component
| 'use client' | ||
|
|
||
| import { useState } from 'react' | ||
| import { Info, Loader2 } from 'lucide-react' |
There was a problem hiding this comment.
Unused import: 'Info' icon is imported but never used in the component
| interface DeploymentInfoProps { | ||
| isLoading: boolean | ||
| deploymentInfo: { | ||
| isDeployed: boolean |
There was a problem hiding this comment.
Unused property: 'isDeployed' is defined in interface but not used
| </AlertDialogHeader> | ||
| <AlertDialogFooter> | ||
| <AlertDialogCancel>Cancel</AlertDialogCancel> | ||
| <AlertDialogAction |
There was a problem hiding this comment.
Missing loading state in dialog action button while parent button shows loading
| > | ||
| {showKey ? apiKey : maskApiKey(apiKey)} | ||
| </pre> | ||
| <CopyButton text={apiKey} /> |
There was a problem hiding this comment.
API key directly passed to CopyButton without security safeguards, exposing sensitive data in the DOM.
| }) | ||
|
|
||
| // Send OTP endpoint | ||
| export async function POST( |
There was a problem hiding this comment.
No rate limiting for OTP generation requests
| // ChatGPT-style message component | ||
| function ClientChatMessage({ message }: { message: ChatMessage }) { | ||
| // Check if content is a JSON object | ||
| const isJsonObject = useMemo(() => { |
There was a problem hiding this comment.
Type inconsistency: ChatMessage interface defines content as string, but this code checks if it's an object
| } | ||
|
|
||
| const responseData = await response.json() | ||
| console.log('Message response:', responseData) |
There was a problem hiding this comment.
Console.log statement should be removed from production code
| // Extract content from the response - could be in content or output | ||
| let messageContent = responseData.output | ||
|
|
||
| // Handle different response formats from API |
There was a problem hiding this comment.
Complex, nested conditional logic for handling API responses indicates an inconsistent API contract
| import { db } from '@/db' | ||
| import { chat, workflow } from '@/db/schema' | ||
| import { createErrorResponse, createSuccessResponse } from '@/app/api/workflows/utils' | ||
| import { addCorsHeaders, validateChatAuth, setChatAuthCookie, validateAuthToken, executeWorkflowForChat } from '../utils' |
There was a problem hiding this comment.
Rule violated: Enforce Utility Function Placement by Usage Pattern
Utility function 'executeWorkflowForChat' is only used in this file but is defined in a utils file
* added chatbot table with fk to workflows, added modal to deploy and delpoy to subdomain of *.simstudio.ai * fixed styling, added delete and edit routes for chatbot * use loading-agent animation for editing existing chatbot * add base_url so that we can delpoy in dev as well * fixed CORS issue, fixed password verification, can deploy chatbot and access it at subdomain. still need to fix the actual chat request to match the same format as the chat in the panel * fix: renamed chatbot to chat and changed chat to copilot * feat(chat-deploy): refactored api deploy flow * feat(chat-deploy): added chat to deploy flow * added output selector to chat deploy, deployment works and we can get a response from subdomain. need to fix UI + form submission of deploy modal but the core functionality works * add missing dependencies, fix build errors, remove old unused route * error disappeared for block output selection, need to update UI, add the ability to delete/view chat deployment, and test emails/email domain * added otp for email verification on chat deploy * feat(chat-deploy): ux improvements with chat-deploy modal * improvement(ui/ux): chat display improvement * improvement(ui/ux): deploy modal * added logging category for chat panel & chat deploy executions * improvement(ui/ux): finished chat-deploy flow * fix: deleted migrations --------- Co-authored-by: Waleed Latif <walif6@gmail.com>
2 participants
Description
Deploy a shareable chat.
Type of change
Please delete options that are not relevant.
How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration.
Checklist:
npm test)Security Considerations:
Additional Information:
Any additional information, configuration or data that might be necessary to reproduce the issue or use the feature.