WIP: Open Source Telemetry

[MatanYadaev]

PR Type

enhancement

---

Description

• Integrated Supabase client for telemetry to track user logins in local-auth.guard.ts.
• Added new environment variables to manage telemetry features.
• Updated pnpm-lock.yaml and package.json to include necessary Supabase packages.

---

Changes walkthrough 📝

	Relevant files
Enhancement	local-auth.guard.ts Integrate Supabase for Telemetry Tracking on Logins            services/workflows-service/src/auth/local/local-auth.guard.ts Added telemetry tracking for user logins using Supabase. Conditionally logs login URLs if telemetry is enabled. +15/-0
Configuration changes	env.ts Add Telemetry Configuration Environment Variables                services/workflows-service/src/env.ts Added environment variables for telemetry configuration. +7/-0
Dependencies	pnpm-lock.yaml Update Dependencies for Supabase Integration                          pnpm-lock.yaml Added dependencies related to Supabase for telemetry features. +72/-2    package.json Add Supabase JS SDK to Package Dependencies                            services/workflows-service/package.json Added @supabase/supabase-js to package dependencies. +1/-0

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

Summary by CodeRabbit

• New Features
  • Enhanced telemetry capabilities: Users can now enable or disable telemetry which logs login events for improved service monitoring and analytics.
• Documentation
  • Updated configuration settings related to telemetry, ensuring users can customize their telemetry preferences.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 4d21e90

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

The recent updates involve enhancing the workflows service with telemetry capabilities, enabling the logging of login events to a Supabase database. This includes new environmental configurations for telemetry settings and the incorporation of the Supabase client within the codebase.

Changes

File Path	Change Summary
services/workflows-service/package.json	Added @supabase/supabase-js dependency.
services/workflows-service/src/auth/local/local-auth.guard.ts	Added Supabase logging and telemetry imports.
services/workflows-service/src/env.ts	Introduced telemetry configurations and validations.

🐇✨
In the code's woven nest,
A new feature finds its quest.
With a hop and a skip, logs are kept,
In Supabase's embrace, securely slept.
Cheers to changes, big and small,
May our data journey never stall!
🌟🐾

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

PR Description updated to latest commit (e6d8242)

[github-actions]

PR Review 🔍

⏱️ Estimated effort to review [1-5]	3, because the PR involves integrating a new external service (Supabase) for telemetry, which requires careful review of security, configuration, and proper usage of the API. The changes are moderate in size but high in impact, especially concerning data handling and environment configuration.
🧪 Relevant tests	No
⚡ Possible issues	Possible Bug: The code does not handle potential exceptions from the Supabase client operations, which could lead to unhandled promise rejections if the network request fails or if there's a configuration error.
	Security Concern: Storing and transmitting API keys and URLs in environment variables without clear documentation on securing these can lead to security vulnerabilities.
🔒 Security concerns	No explicit vulnerabilities are introduced in the code changes themselves, but the use of environment variables for sensitive information like API keys necessitates ensuring that these are securely managed.

Code feedback:

---

relevant file	services/workflows-service/src/auth/local/local-auth.guard.ts
suggestion	Consider wrapping the Supabase client operations in a try-catch block to handle potential errors gracefully. This will prevent the application from crashing due to unhandled exceptions. [important]
relevant line	await SupabaseClient.schema('public')

---

relevant file	services/workflows-service/src/auth/local/local-auth.guard.ts
suggestion	It's a good practice to abstract the telemetry logic into a separate service or module. This would improve modularity and make the code easier to manage and test. [important]
relevant line	const SupabaseClient = createClient(

---

relevant file	services/workflows-service/src/env.ts
suggestion	Ensure that the environment variables related to telemetry (API keys, URLs) are documented on how to secure them, possibly using secrets management tools. [important]
relevant line	TELEMETRY_SUPABASE_API_KEY: z.string().optional().describe('Supabase API key for telemetry'),

---

relevant file	services/workflows-service/src/auth/local/local-auth.guard.ts
suggestion	To enhance security, validate the fullUrl constructed from the request to ensure it does not expose sensitive information or is manipulated in a harmful way. [medium]
relevant line	const fullUrl = `${request.protocol}://${request.get('Host')}${request.originalUrl}`;

---

[github-actions]

PR Code Suggestions ✨

Category	Suggestions
Performance	Move the Supabase client creation to a separate service to improve performance. Consider moving the creation of the Supabase client to a separate service or module to avoid creating a new instance on every request. This will improve performance by reusing the client and reduce the overhead of establishing new connections frequently. services/workflows-service/src/auth/local/local-auth.guard.ts [15-17] -const SupabaseClient = createClient( - env.TELEMETRY_SUPABASE_URL, - env.TELEMETRY_SUPABASE_API_KEY, -); +// SupabaseClient is now initialized in a dedicated service module +const SupabaseClient = supabaseService.getClient();
Best practice	Add error handling for the Supabase insert operation. Add error handling for the Supabase insert operation to manage potential failures gracefully, such as logging the error or retrying the operation. services/workflows-service/src/auth/local/local-auth.guard.ts [22-24] -await SupabaseClient.schema('public') - .from('logins') - .insert([{ url: fullUrl }]); +try { + await SupabaseClient.schema('public') + .from('logins') + .insert([{ url: fullUrl }]); +} catch (error) { + console.error('Failed to log telemetry data:', error); +}
	Destructure environment variables for clarity and reduced redundancy. Use environment variable destructuring at the beginning of the function to improve code clarity and reduce repeated access to the env object. services/workflows-service/src/auth/local/local-auth.guard.ts [14-17] -if (env.TELEMETRY_ENABLED && env.TELEMETRY_SUPABASE_URL && env.TELEMETRY_SUPABASE_API_KEY) { +const { TELEMETRY_ENABLED, TELEMETRY_SUPABASE_URL, TELEMETRY_SUPABASE_API_KEY } = env; +if (TELEMETRY_ENABLED && TELEMETRY_SUPABASE_URL && TELEMETRY_SUPABASE_API_KEY) { const SupabaseClient = createClient( - env.TELEMETRY_SUPABASE_URL, - env.TELEMETRY_SUPABASE_API_KEY, + TELEMETRY_SUPABASE_URL, + TELEMETRY_SUPABASE_API_KEY, );
Maintainability	Extract URL construction into a utility function. Extract the URL construction logic into a separate utility function to improve code readability and reusability. services/workflows-service/src/auth/local/local-auth.guard.ts [20] -const fullUrl = `${request.protocol}://${request.get('Host')}${request.originalUrl}`; +const fullUrl = getRequestFullUrl(request);
Enhancement	Simplify the TELEMETRY_ENABLED environment variable handling by using a boolean type. Consider using a boolean type directly for the TELEMETRY_ENABLED environment variable instead of using an enum with a transform, to simplify the configuration. services/workflows-service/src/env.ts [81-84] -TELEMETRY_ENABLED: z - .enum(['true', 'false']) - .default('true') - .transform(value => value === 'true') +TELEMETRY_ENABLED: z.boolean().default(true)

[coderabbitai]

Actionable comments posted: 1

Review Details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 64ac06c and e6d8242.

Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !pnpm-lock.yaml

Files selected for processing (3)

• services/workflows-service/package.json (1 hunks)
• services/workflows-service/src/auth/local/local-auth.guard.ts (2 hunks)
• services/workflows-service/src/env.ts (1 hunks)

Files skipped from review due to trivial changes (1)

• services/workflows-service/package.json

Additional comments not posted (3)

services/workflows-service/src/auth/local/local-auth.guard.ts (2)

4-5: Ensure that the imports from @supabase/supabase-js and '@/env' are used appropriately in the file.

---

26-26: The return statement correctly passes the result from the parent canActivate method. Good use of explicit type casting to boolean.

services/workflows-service/src/env.ts (1)

81-87: The new telemetry-related environment variables are well-defined with appropriate validations and descriptions. Ensure that these variables are documented in the project's environment configuration guide.

[coderabbitai]

The telemetry logging logic is well-implemented with checks for necessary conditions. However, consider adding error handling around the Supabase client operations to manage potential failures gracefully.

+ try {
      const SupabaseClient = createClient(
        env.TELEMETRY_SUPABASE_URL,
        env.TELEMETRY_SUPABASE_API_KEY,
      );

      const fullUrl = `${request.protocol}://${request.get('Host')}${request.originalUrl}`;

      await SupabaseClient.schema('public')
        .from('logins')
        .insert([{ url: fullUrl }]);
+ } catch (error) {
+     console.error('Failed to log telemetry data:', error);
+ }

---

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	if (env.TELEMETRY_ENABLED && env.TELEMETRY_SUPABASE_URL && env.TELEMETRY_SUPABASE_API_KEY) {
	const SupabaseClient = createClient(
	env.TELEMETRY_SUPABASE_URL,
	env.TELEMETRY_SUPABASE_API_KEY,
	);
	const fullUrl = `${request.protocol}://${request.get('Host')}${request.originalUrl}`;
	await SupabaseClient.schema('public')
	.from('logins')
	.insert([{ url: fullUrl }]);
	}
	if (env.TELEMETRY_ENABLED && env.TELEMETRY_SUPABASE_URL && env.TELEMETRY_SUPABASE_API_KEY) {
	try {
	const SupabaseClient = createClient(
	env.TELEMETRY_SUPABASE_URL,
	env.TELEMETRY_SUPABASE_API_KEY,
	);
	const fullUrl = `${request.protocol}://${request.get('Host')}${request.originalUrl}`;
	await SupabaseClient.schema('public')
	.from('logins')
	.insert([{ url: fullUrl }]);
	} catch (error) {
	console.error('Failed to log telemetry data:', error);
	}
	}

[coderabbitai]

Actionable comments posted: 0

Review Details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between e6d8242 and 4d21e90.

Files selected for processing (1)

• services/workflows-service/src/auth/local/local-auth.guard.ts (2 hunks)

Files skipped from review as they are similar to previous changes (1)

• services/workflows-service/src/auth/local/local-auth.guard.ts