Bump version #61
Bump version #61
Conversation
|
Warning Rate limit exceeded@kasugamirai has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 18 minutes and 33 seconds before requesting another review. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. 📒 Files selected for processing (1)
WalkthroughThis pull request introduces a comprehensive set of test enhancements across multiple packages in the project. The changes primarily focus on improving test coverage, adding new test cases, and refining existing test scenarios. Key modifications include updates to Changes
Poem
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (4)
account/accountdomain/user/auth_test.go (1)
33-33: Add test cases for edge cases.While the current test case covers the happy path, consider adding test cases for:
- Empty string input
- Invalid UUID format
- Special characters in the input
func TestGenReearthSub(t *testing.T) { uid := accountdomain.NewUserID() tests := []struct { name string input string want *Auth }{ { name: "should return reearth sub", input: uid.String(), want: &Auth{ Provider: "reearth", Sub: "reearth|" + uid.String(), }, }, + { + name: "empty string", + input: "", + want: &Auth{ + Provider: "reearth", + Sub: "reearth|", + }, + }, + { + name: "invalid uuid", + input: "invalid-uuid", + want: &Auth{ + Provider: "reearth", + Sub: "reearth|invalid-uuid", + }, + }, }Also applies to: 190-212
mongox/pagination_test.go (1)
267-268: Maintain consistent function parameter formattingThe line breaks in the function parameters are inconsistent. Consider maintaining a single style:
- }, i int, - ) any { + }, i int) any {Also applies to: 341-342, 442-443
util/list_test.go (2)
74-80: Test implementation looks good, consider adding more edge cases.The test correctly verifies the core functionality of
Copy(). Consider enhancing it with additional test cases:
- Empty list behavior
- Lists with different sizes
- Lists with nil elements in between
Line range hint
956-1124: Consider improving code formatting for better readability.The indentation in the test data structure is inconsistent. Consider standardizing the indentation, particularly in the member initialization blocks.
Members(map[user.ID]workspace.Member{ - userID: {Role: workspace.RoleOwner}, - userID2: {Role: workspace.RoleReader}, + userID: {Role: workspace.RoleOwner}, + userID2: {Role: workspace.RoleReader}, }).Personal(true).MustBuild()
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (14)
.gitignore(1 hunks)account/accountdomain/user/auth_test.go(1 hunks)account/accountdomain/user/password_reset_test.go(0 hunks)account/accountdomain/workspace/member_test.go(1 hunks)account/accountusecase/accountinteractor/workspace_test.go(8 hunks)account/accountusecase/accountproxy/userconv_test.go(2 hunks)account/accountusecase/accountproxy/workspaceconv_test.go(2 hunks)go.mod(1 hunks)idx/id_test.go(2 hunks)idx/list_test.go(1 hunks)mongox/consumer_test.go(1 hunks)mongox/pagination_test.go(3 hunks)mongox/util_test.go(2 hunks)util/list_test.go(1 hunks)
💤 Files with no reviewable changes (1)
- account/accountdomain/user/password_reset_test.go
✅ Files skipped from review due to trivial changes (5)
- .gitignore
- account/accountusecase/accountproxy/userconv_test.go
- mongox/util_test.go
- account/accountusecase/accountproxy/workspaceconv_test.go
- mongox/consumer_test.go
🔇 Additional comments (10)
idx/id_test.go (4)
18-21: LGTM! Clean variable declaration.
The grouping of related variables into a single var block improves code organization and readability.
61-61: LGTM! Important pointer comparison added.
The new assertion verifies that Ref() returns a new pointer rather than reusing the original, which is crucial for preventing unintended sharing of references.
65-67: LGTM! Proper clone verification.
The test now correctly verifies that Clone() creates a new instance with different memory address while maintaining value equality.
71-73: LGTM! Thorough reference checking.
The test properly verifies that CloneRef() creates a new pointer while maintaining value equality.
idx/list_test.go (1)
226-230: LGTM! Improved clone testing.
The changes improve test readability and properly verify that Clone() creates a new instance with a different memory address.
go.mod (1)
39-39: Verify compatibility with mongo-driver major version upgrade
The upgrade from mongo-driver v1.13.1 to v1.17.1 is a significant jump that might include breaking changes.
✅ Verification successful
Based on the release notes from the GitHub API, I can generate the final response:
Upgrade to mongo-driver v1.17.1 appears safe
The upgrade from v1.13.1 to v1.17.1 consists of backward-compatible changes and improvements:
- v1.17.1: Minor bug fixes for connection checkout and auth source handling
- v1.17.0: Added new features (OIDC auth, Queryable Encryption Range Protocol) without breaking changes
- v1.16.x: Added features and improvements (Atlas Search Index, reduced memory usage) with no breaking changes
- v1.15.x: Added timeout handling improvements and connection management features
- v1.14.x: Only major change was bumping minimum Go version to 1.18
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Check for breaking changes in mongo-driver
gh api graphql -f query='
{
repository(owner: "mongodb", name: "mongo-go-driver") {
releases(first: 10, orderBy: {field: CREATED_AT, direction: DESC}) {
nodes {
tagName
description
}
}
}
}
'
Length of output: 19100
account/accountdomain/workspace/member_test.go (1)
Line range hint 18-26: LGTM! Well-structured test addition
The new test function provides good coverage for member initialization with roles, properly testing the fixed status and member mapping.
mongox/pagination_test.go (1)
Line range hint 346-419: LGTM! Comprehensive pagination test cases
The test cases provide excellent coverage of pagination scenarios including:
- Different sort orders (ascending/descending)
- Various cursor positions (first/last/after/before)
- Edge cases with different page sizes
util/list_test.go (1)
Line range hint 956-1124: Well-structured test with comprehensive coverage.
The test thoroughly covers various scenarios including edge cases, error conditions, and business rules. Good use of table-driven tests and parallel execution.
account/accountusecase/accountinteractor/workspace_test.go (1)
Line range hint 1-1300: Comprehensive test suite with robust coverage.
The test implementation demonstrates good practices:
- Thorough coverage of business rules and error conditions
- Well-structured test cases using table-driven tests
- Proper use of parallel test execution
- Comprehensive validation of both success and error scenarios
| go 1.22.7 | ||
|
|
||
| toolchain go1.23.4 |
There was a problem hiding this comment.
💡 Codebase verification
Update Go version to 1.22.10
The current Go version 1.22.7 is outdated. Go 1.22.10 is now available and includes important security fixes and improvements.
🔗 Analysis chain
Consider using the latest Go 1.22.x version
The specified Go version 1.22.7 is not the latest patch version in the 1.22.x series. Consider using Go 1.22.1 which is the latest stable version.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Check latest Go versions
curl -s https://go.dev/dl/?mode=json | jq '.[].version' | grep '"go1.22'
Length of output: 88
| go 1.21 | ||
| go 1.22.7 | ||
|
|
||
| toolchain go1.23.4 |
There was a problem hiding this comment.
Remove invalid toolchain directive
The toolchain directive specifies Go 1.23.4, but Go 1.23 has not been released yet. This could cause build issues.
-toolchain go1.23.4
There was a problem hiding this comment.
Actionable comments posted: 0
🔭 Outside diff range comments (3)
account/accountdomain/user/theme.go (1)
Add test coverage for Theme.Valid() method
The
Valid()method is currently not covered by any tests intheme_test.go. Please add test cases to verify:
- Valid themes (
ThemeDark,ThemeLight,ThemeDefault) return true- Invalid theme values return false
Example test structure:
func TestTheme_Valid(t *testing.T) { assert.True(t, ThemeDark.Valid()) assert.True(t, ThemeLight.Valid()) assert.True(t, ThemeDefault.Valid()) assert.False(t, Theme("invalid").Valid()) }🔗 Analysis chain
Line range hint
27-33: Verify test coverage for the new Valid method.Since this PR focuses on test improvements, let's ensure adequate test coverage for this new functionality.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Check for existing tests of the Theme.Valid() method # Look for test files and test cases related to Theme validation rg -l "TestTheme.*Valid|Test.*Theme.*Valid" --type go # Look for actual test implementations ast-grep --pattern 'func Test$_($_) { $$$ Valid() $$$ }'Length of output: 120
Script:
#!/bin/bash # Let's try a broader search for test files related to Theme and then examine their contents # First, find test files that might contain Theme-related tests rg -l "Theme" --type go "*_test.go" # Then, let's look for any Theme-related test implementations rg "func Test.*Theme" -A 5 --type go # Also search for any usage of Theme in test files rg "Theme" -B 2 -A 2 --type go "*_test.go"Length of output: 1067
Script:
#!/bin/bash # Let's examine the theme_test.go file content to check for Valid() method tests cat account/accountdomain/user/theme_test.go # Also let's check the implementation file to understand the full context cat account/accountdomain/user/theme.goLength of output: 1082
account/accountusecase/accountinteractor/user.go (1)
Line range hint
294-334: Consider adding rate limiting for password reset requestsTo prevent abuse, consider implementing rate limiting for password reset requests per email address.
Improve error handling for non-existent email
Currently, when an email is not found, it returns the internal error. For security reasons, consider returning a generic message to avoid email enumeration attacks.
u, err := i.repos.User.FindByEmail(ctx, email) if err != nil { - return err + if errors.Is(err, rerror.ErrNotFound) { + // Return success even when email not found to prevent email enumeration + return nil + } + return err }Consider extracting email preparation logic
The email preparation logic could be extracted into a separate method to improve readability and maintainability.
+ func (i *User) preparePasswordResetEmail(u *user.User, pr *user.PasswordReset) (string, string, error) { + var TextOut, HTMLOut bytes.Buffer + link := i.authSrvUIDomain + "/?pwd-reset-token=" + pr.Token + content := passwordResetMailContent + content.UserName = u.Name() + content.ActionURL = htmlTmpl.URL(link) + + if err := authTextTMPL.Execute(&TextOut, content); err != nil { + return "", "", err + } + if err := authHTMLTMPL.Execute(&HTMLOut, content); err != nil { + return "", "", err + } + return TextOut.String(), HTMLOut.String(), nil + }authserver/storage.go (1)
Based on the search results, I can now provide a final response since I have found the implementation details of both the Request struct and the MustBuild() method in the codebase:
Consider using Build() instead of MustBuild() to handle validation errors gracefully
The MustBuild() method in request_builder.go will panic if the request ID is nil, as shown in its implementation. While this is currently the only validation, panics should be avoided in production code. Use the regular Build() method instead, which returns an error that can be properly handled:
request, err := NewRequest(). NewID(). ClientID(authReq.ClientID). State(authReq.State). ResponseType(authReq.ResponseType). Scopes(authReq.Scopes). Audiences(audiences). RedirectURI(authReq.RedirectURI). Nonce(authReq.Nonce). CodeChallenge(cc). AuthorizedAt(nil). Build() if err != nil { return nil, err }🔗 Analysis chain
Line range hint
153-164: Handle potential panics from MustBuild()The
MustBuild()method suggests it may panic if the request object is in an invalid state. Consider using the regularBuild()method (if available) and handle any validation errors gracefully.🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Search for Build() method implementation to verify panic behavior ast-grep --pattern 'func $_($$_) { $$$ panic($$$) $$$ }'Length of output: 64
Script:
#!/bin/bash # Search for MustBuild and Build methods rg "MustBuild|Build" -A 5 -B 5Length of output: 82091
Script:
#!/bin/bash # Search for Request struct and its methods ast-grep --pattern 'type Request struct { $$$ }'Length of output: 725
Script:
#!/bin/bash # Search for NewRequest function ast-grep --pattern 'func NewRequest() $_'Length of output: 219
🧹 Nitpick comments (5)
account/accountdomain/workspace/id.go (1)
13-17: LGTM! Consider adding documentation for the grouped declarations.The variable grouping is clean and consistent with the type declarations above. While the code is well-organized, it might be helpful to add a brief comment above each group explaining their purpose, especially since these are exported identifiers.
Consider adding documentation like this:
+// ID types for workspace-related entities type ( ID = accountdomain.WorkspaceID // ... ) +// Constructor functions for workspace-related IDs var ( NewID = accountdomain.NewWorkspaceID // ... )account/accountdomain/user/theme.go (2)
27-27: Consider adding GoDoc comment for the Valid method.Adding documentation would help users understand the purpose and behavior of this validation method.
+// Valid returns true if the Theme is one of the predefined valid themes (ThemeDark, ThemeLight, or ThemeDefault). func (t Theme) Valid() bool {
Line range hint
27-33: Consider integrating validation with ThemeFrom.The
ThemeFromfunction could benefit from using this validation to ensure it only returns valid themes.func ThemeFrom(s string) Theme { - switch strings.ToLower(s) { + t := Theme(strings.ToLower(s)) + switch t { case "dark": return ThemeDark case "light": return ThemeLight } return ThemeDefault }account/accountusecase/accountinteractor/user.go (1)
292-292: Consider using structured error handlingThe error message for expired verification could be more consistent with the codebase's error handling patterns.
Consider using the i18n package for the error message:
- return nil, errors.New("verification expired") + return nil, rerror.NewE(i18n.T("verification expired"))authserver/storage.go (1)
Line range hint
153-164: LGTM! Consider adding input validation.The refactoring to use method chaining improves code readability. However, consider adding validation for the input parameters before using them in the builder chain.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (28)
account/accountdomain/id.go(1 hunks)account/accountdomain/user/id.go(1 hunks)account/accountdomain/user/theme.go(1 hunks)account/accountdomain/user/user.go(1 hunks)account/accountdomain/workspace/id.go(1 hunks)account/accountinfrastructure/accountmemory/user.go(0 hunks)account/accountinfrastructure/accountmongo/mongodoc/user.go(0 hunks)account/accountinfrastructure/accountmongo/user.go(1 hunks)account/accountinfrastructure/accountmongo/workspace.go(1 hunks)account/accountusecase/accountinteractor/user.go(2 hunks)account/accountusecase/accountproxy/user.go(0 hunks)account/accountusecase/accountrepo/container.go(1 hunks)appx/tracer.go(1 hunks)authserver/mongo.go(1 hunks)authserver/storage.go(1 hunks)cerbos/generator/policy.go(2 hunks)log/gcp.go(1 hunks)log/global.go(1 hunks)mailer/aws_ses.go(1 hunks)mongox/client.go(1 hunks)mongox/pagination.go(0 hunks)tools/i18nextractor/command.go(1 hunks)tools/i18nextractor/command_test.go(1 hunks)tools/migrategen/command.go(2 hunks)usecasex/migration/client.go(1 hunks)usecasex/runner.go(1 hunks)usecasex/transaction_test.go(1 hunks)util/time.go(1 hunks)
💤 Files with no reviewable changes (4)
- account/accountinfrastructure/accountmemory/user.go
- account/accountusecase/accountproxy/user.go
- account/accountinfrastructure/accountmongo/mongodoc/user.go
- mongox/pagination.go
✅ Files skipped from review due to trivial changes (20)
- log/global.go
- account/accountdomain/user/user.go
- account/accountinfrastructure/accountmongo/user.go
- mailer/aws_ses.go
- tools/i18nextractor/command_test.go
- cerbos/generator/policy.go
- tools/migrategen/command.go
- mongox/client.go
- authserver/mongo.go
- account/accountdomain/user/id.go
- tools/i18nextractor/command.go
- usecasex/transaction_test.go
- appx/tracer.go
- usecasex/runner.go
- log/gcp.go
- account/accountinfrastructure/accountmongo/workspace.go
- util/time.go
- account/accountusecase/accountrepo/container.go
- usecasex/migration/client.go
- account/accountdomain/id.go
🔇 Additional comments (5)
account/accountdomain/workspace/id.go (2)
5-11: LGTM! Clean type grouping that follows Go idioms.
The grouped type declarations improve code organization while maintaining proper type aliasing and visibility.
5-17: Verify consistent declaration patterns across the codebase.
Let's ensure this grouping pattern is consistently applied across related packages.
✅ Verification successful
Consistent type and var grouping patterns confirmed across the codebase
The verification shows that the grouping pattern in account/accountdomain/workspace/id.go is consistently applied across related packages:
- Type groupings are consistently used in related files:
account/accountdomain/id.goaccount/accountdomain/user/id.goaccount/accountdomain/workspace/id.go
- Var groupings follow the same pattern in corresponding files:
- Base definitions in
account/accountdomain/id.go - Consistent re-exports in
account/accountdomain/user/id.goandaccount/accountdomain/workspace/id.go
- Base definitions in
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check for similar type/var grouping patterns in related files
# Look for similar type and var grouping patterns in related files
echo "Checking type declaration patterns:"
rg -A 5 "^type \($" "account/"
echo -e "\nChecking var declaration patterns:"
rg -A 5 "^var \($" "account/"
Length of output: 9398
account/accountdomain/user/theme.go (1)
Line range hint 27-33: LGTM! Clean implementation of theme validation.
The implementation correctly validates against all predefined theme constants.
account/accountusecase/accountinteractor/user.go (2)
30-34: LGTM! Well-structured mail content
The password reset email content is clear, user-friendly, and follows security best practices by including what to do if the reset was unintended.
Line range hint 336-367: Consider adding token expiration check
The password reset token validation should include an expiration check to enhance security.
passwordReset := u.PasswordReset()
-ok := passwordReset.Validate(token)
+ok := passwordReset.Validate(token) && !passwordReset.IsExpired()
if !ok {
return accountinterfaces.ErrUserInvalidPasswordReset
}Also, verify that the IsExpired() method is implemented in the PasswordReset type:
kasugamirai
force-pushed
the
bump/version
branch
from
cc6aa07 to
52d055e
Compare
Summary by CodeRabbit
New Features
Clonemethod in theListtype.Copymethod in theListtype.Valid()method to theThemetype to check for valid themes.StartPasswordResetmethod for initiating password resets.Bug Fixes
Chores
.gitignorefile to exclude the.ideadirectory.go.modfile.