Skip to content

feat: add support for csrf #2604

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 23, 2025
Merged

feat: add support for csrf #2604

merged 2 commits into from
Jul 23, 2025

Conversation

Raubzeug
Copy link
Contributor

@Raubzeug Raubzeug commented Jul 23, 2025
edited by github-actions bot
Loading

CI Results

Test Status: ⚠️ FLAKY

📊 Full Report

Total Passed Failed Flaky Skipped
354 348 0 4 2
Test Changes Summary ⏭️2

⏭️ Skipped Tests (2)

  1. Scroll to row, get shareable link, navigate to URL and verify row is scrolled into view (tenant/diagnostics/tabs/queries.test.ts)
  2. Copy result button copies to clipboard (tenant/queryEditor/queryEditor.test.ts)

Bundle Size: ✅

Current: 85.21 MB | Main: 85.21 MB
Diff: +1.73 KB (0.00%)

✅ Bundle size unchanged.

ℹ️ CI Information
  • Test recordings for failed tests are available in the full report.
  • Bundle size is measured for the entire 'dist' directory.
  • 📊 indicates links to detailed reports.
  • 🔺 indicates increase, 🔽 decrease, and ✅ no change in bundle size.

@astandrik astandrik requested a review from Copilot July 23, 2025 11:19
@astandrik
Copy link
Collaborator

bugbot run

Copilot
Copilot AI reviewed Jul 23, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds CSRF protection support to the YdbEmbeddedAPI by introducing a configurable token getter function. The changes enable CSRF tokens to be set across all API service instances when a token is provided.

  • Adds csrfTokenGetter parameter to the YdbEmbeddedAPI constructor
  • Implements token distribution logic to set CSRF tokens on all API service instances
Comments suppressed due to low confidence (1)

src/services/api/index.ts:33

  • [nitpick] The parameter name 'csrfTokenGetter' could be more descriptive. Consider renaming to 'getCsrfToken' or 'csrfTokenProvider' to better indicate its purpose as a function that provides/retrieves the token.
        csrfTokenGetter = () => undefined,

src/services/api/index.ts Outdated
Comment on lines 57 to 67
this.auth.setCSRFToken(token);
this.meta?.setCSRFToken(token);
this.codeAssist?.setCSRFToken(token);
this.operation.setCSRFToken(token);
this.pdisk.setCSRFToken(token);
this.scheme.setCSRFToken(token);
this.storage.setCSRFToken(token);
this.streaming.setCSRFToken(token);
this.tablets.setCSRFToken(token);
this.vdisk.setCSRFToken(token);
this.viewer.setCSRFToken(token);
Copy link
Preview

Copilot AI Jul 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The repetitive manual token setting for each API service creates maintainability issues. Consider iterating over the API services or creating a helper method to reduce code duplication.

Suggested change
this.auth.setCSRFToken(token);
this.meta?.setCSRFToken(token);
this.codeAssist?.setCSRFToken(token);
this.operation.setCSRFToken(token);
this.pdisk.setCSRFToken(token);
this.scheme.setCSRFToken(token);
this.storage.setCSRFToken(token);
this.streaming.setCSRFToken(token);
this.tablets.setCSRFToken(token);
this.vdisk.setCSRFToken(token);
this.viewer.setCSRFToken(token);
const services = [
this.auth,
this.meta,
this.codeAssist,
this.operation,
this.pdisk,
this.scheme,
this.storage,
this.streaming,
this.tablets,
this.vdisk,
this.viewer,
];
services.forEach(service => service?.setCSRFToken(token));

Copilot uses AI. Check for mistakes.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

dont like

cursor[bot]
cursor bot reviewed Jul 23, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no bugs!

Bugbot free trial expires on July 29, 2025
Learn more in the Cursor dashboard.

Was this report helpful? Give feedback by reacting with 👍 or 👎

@Raubzeug @Copilot
Update src/services/api/index.ts
9707868 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@Raubzeug Raubzeug enabled auto-merge July 23, 2025 11:31
@Raubzeug Raubzeug added this pull request to the merge queue Jul 23, 2025
Merged via the queue into main with commit 7a4505f Jul 23, 2025
5 checks passed
@Raubzeug Raubzeug deleted the csrf-support branch July 23, 2025 11:36
@ydb-platform-bot ydb-platform-bot mentioned this pull request Jul 23, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@cursor cursor[bot] cursor[bot] left review comments

@astandrik astandrik astandrik approved these changes

@artemmufazalov artemmufazalov Awaiting requested review from artemmufazalov artemmufazalov is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Raubzeug @astandrik