-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WEB-2500] feat: Product updates modal (What's new in Plane) #5690
base: preview
Are you sure you want to change the base?
Changes from all commits
c455bbe
2b0f835
17f3603
84ca48e
dae6133
9c3f825
171a95f
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,6 +4,7 @@ FROM python:3.12.5-alpine AS backend | |
ENV PYTHONDONTWRITEBYTECODE 1 | ||
ENV PYTHONUNBUFFERED 1 | ||
ENV PIP_DISABLE_PIP_VERSION_CHECK=1 | ||
ENV INSTANCE_CHANGELOG_URL https://api.plane.so/api/public/anchor/8e1c2e4c7bc5493eb7731be3862f6960/pages/ | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 💡 Codebase verification Hardcoded The
Recommendations:
Analysis chainApprove with suggestions: Consider security and flexibility for The addition of the
These changes will enhance security and make the configuration more adaptable to different deployment scenarios. To ensure this URL isn't used elsewhere in the codebase, run: Scripts executedThe following scripts were executed for the analysis: Script: #!/bin/bash
# Search for hardcoded instances of the changelog URL
rg --type-not dockerfile "https://api.plane.so/api/public/anchor/8e1c2e4c7bc5493eb7731be3862f6960/pages/"
Length of output: 140 Script: #!/bin/bash
# Search for hardcoded instances of the changelog URL excluding Dockerfiles
rg --ignore-file Dockerfile "https://api.plane.so/api/public/anchor/8e1c2e4c7bc5493eb7731be3862f6960/pages/"
Length of output: 421 |
||
|
||
RUN apk --no-cache add \ | ||
"bash~=5.2" \ | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -18,3 +18,5 @@ | |
InstanceAdminSignOutEndpoint, | ||
InstanceAdminUserSessionEndpoint, | ||
) | ||
|
||
from .changelog import ChangeLogEndpoint | ||
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
# Python imports | ||
import requests | ||
|
||
# Django imports | ||
from django.conf import settings | ||
|
||
# Third party imports | ||
from rest_framework.response import Response | ||
from rest_framework import status | ||
from rest_framework.permissions import AllowAny | ||
|
||
# plane imports | ||
from .base import BaseAPIView | ||
|
||
|
||
class ChangeLogEndpoint(BaseAPIView): | ||
permission_classes = [ | ||
AllowAny, | ||
] | ||
|
||
def fetch_change_logs(self): | ||
response = requests.get(settings.INSTANCE_CHANGELOG_URL) | ||
Check warning on line 22 in apiserver/plane/license/api/views/changelog.py Codacy Production / Codacy Static Code Analysisapiserver/plane/license/api/views/changelog.py#L22
Check warning on line 22 in apiserver/plane/license/api/views/changelog.py Codacy Production / Codacy Static Code Analysisapiserver/plane/license/api/views/changelog.py#L22
|
||
response.raise_for_status() | ||
return response.json() | ||
Comment on lines
+21
to
+24
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🛠️ Refactor suggestion Add error handling and logging to fetch_change_logs method. While the method correctly raises an exception for HTTP errors, it lacks specific error handling and logging. This could make debugging issues more difficult in production. Consider adding try-except blocks to handle potential exceptions and log errors. Here's a suggested implementation: import logging
logger = logging.getLogger(__name__)
def fetch_change_logs(self):
try:
response = requests.get(settings.INSTANCE_CHANGELOG_URL)
response.raise_for_status()
return response.json()
except requests.RequestException as e:
logger.error(f"Error fetching changelog: {str(e)}")
raise This change will log any errors that occur during the request, making it easier to diagnose issues in production. |
||
|
||
def get(self, request): | ||
# Fetch the changelog | ||
if settings.INSTANCE_CHANGELOG_URL: | ||
data = self.fetch_change_logs() | ||
return Response(data, status=status.HTTP_200_OK) | ||
else: | ||
return Response( | ||
{"error": "could not fetch changelog please try again later"}, | ||
status=status.HTTP_400_BAD_REQUEST, | ||
) | ||
Comment on lines
+26
to
+35
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🛠️ Refactor suggestion Improve error handling and status codes in get method. The current implementation has a few areas that could be improved:
Consider the following improvements: from django.core.exceptions import ImproperlyConfigured
def get(self, request):
if not settings.INSTANCE_CHANGELOG_URL:
raise ImproperlyConfigured("INSTANCE_CHANGELOG_URL is not set in settings.")
try:
data = self.fetch_change_logs()
return Response(data, status=status.HTTP_200_OK)
except requests.RequestException as e:
return Response(
{"error": f"Failed to fetch changelog: {str(e)}"},
status=status.HTTP_503_SERVICE_UNAVAILABLE
) This implementation:
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,2 @@ | ||
export * from "./version-number"; | ||
export * from "./product-updates"; | ||
export * from "./product-updates-modal"; | ||
export * from "./product-updates-header"; |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
import { observer } from "mobx-react"; | ||
import Image from "next/image"; | ||
// helpers | ||
import { cn } from "@/helpers/common.helper"; | ||
// assets | ||
import PlaneLogo from "@/public/plane-logos/blue-without-text.png"; | ||
// package.json | ||
import packageJson from "package.json"; | ||
Comment on lines
+1
to
+8
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🛠️ Refactor suggestion Consider using an environment variable for the package version. The direct import of You could set up an environment variable in your build process and access it like this: const version = process.env.NEXT_PUBLIC_APP_VERSION || 'unknown'; Then use |
||
|
||
export const ProductUpdatesHeader = observer(() => ( | ||
<div className="flex gap-2 mx-6 my-4 items-center justify-between flex-shrink-0"> | ||
<div className="flex w-full items-center"> | ||
<div className="flex gap-2 text-xl font-medium">What's new</div> | ||
<div | ||
className={cn( | ||
"px-2 mx-2 py-0.5 text-center text-xs font-medium rounded-full bg-custom-primary-100/20 text-custom-primary-100" | ||
)} | ||
> | ||
Version: v{packageJson.version} | ||
</div> | ||
</div> | ||
<div className="flex flex-shrink-0 items-center gap-8"> | ||
<Image src={PlaneLogo} alt="Plane" width={24} height={24} /> | ||
</div> | ||
</div> | ||
)); |
This file was deleted.
This file was deleted.
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
export * from "./product-updates"; |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
import Image from "next/image"; | ||
// ui | ||
import { getButtonStyling } from "@plane/ui"; | ||
// helpers | ||
import { cn } from "@/helpers/common.helper"; | ||
// assets | ||
import PlaneLogo from "@/public/plane-logos/blue-without-text.png"; | ||
|
||
export const ProductUpdatesFooter = () => ( | ||
<div className="flex items-center justify-between flex-shrink-0 gap-4 m-6 mb-4"> | ||
<div className="flex items-center gap-2"> | ||
<a | ||
href="https://go.plane.so/p-docs" | ||
target="_blank" | ||
className="text-sm text-custom-text-200 hover:text-custom-text-100 hover:underline underline-offset-1 outline-none" | ||
> | ||
Docs | ||
</a> | ||
<svg viewBox="0 0 2 2" className="h-0.5 w-0.5 fill-current"> | ||
<circle cx={1} cy={1} r={1} /> | ||
</svg> | ||
<a | ||
href="https://go.plane.so/p-changelog" | ||
target="_blank" | ||
className="text-sm text-custom-text-200 hover:text-custom-text-100 hover:underline underline-offset-1 outline-none" | ||
> | ||
Full changelog | ||
</a> | ||
<svg viewBox="0 0 2 2" className="h-0.5 w-0.5 fill-current"> | ||
<circle cx={1} cy={1} r={1} /> | ||
</svg> | ||
<a | ||
href="mailto:support@plane.so" | ||
target="_blank" | ||
className="text-sm text-custom-text-200 hover:text-custom-text-100 hover:underline underline-offset-1 outline-none" | ||
> | ||
Support | ||
</a> | ||
<svg viewBox="0 0 2 2" className="h-0.5 w-0.5 fill-current"> | ||
<circle cx={1} cy={1} r={1} /> | ||
</svg> | ||
<a | ||
href="https://go.plane.so/p-discord" | ||
target="_blank" | ||
className="text-sm text-custom-text-200 hover:text-custom-text-100 hover:underline underline-offset-1 outline-none" | ||
> | ||
Discord | ||
</a> | ||
</div> | ||
<a | ||
href="https://plane.so/pages" | ||
target="_blank" | ||
className={cn( | ||
getButtonStyling("accent-primary", "sm"), | ||
"flex gap-1.5 items-center text-center font-medium hover:underline underline-offset-2 outline-none" | ||
)} | ||
> | ||
<Image src={PlaneLogo} alt="Plane" width={12} height={12} /> | ||
Powered by Plane Pages | ||
</a> | ||
</div> | ||
); |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
export * from "./modal"; | ||
export * from "./footer"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Codebase verification
Hardcoding
INSTANCE_CHANGELOG_URL
May Expose Sensitive InformationThe environment variable
INSTANCE_CHANGELOG_URL
is currently hardcoded in the Dockerfile with a URL containing an identifier (8e1c2e4c7bc5493eb7731be3862f6960
) that appears to be sensitive. To enhance security and flexibility, consider the following changes:Suggested Change:
Benefits:
Analysis chain
Consider using a placeholder for the
INSTANCE_CHANGELOG_URL
While adding this environment variable aligns with the PR objectives for implementing a product updates modal, hardcoding the full URL in the Dockerfile might pose a security risk, especially since it contains what appears to be an API key or identifier (
8e1c2e4c7bc5493eb7731be3862f6960
).Consider replacing the hardcoded URL with a placeholder and injecting the actual URL at runtime or during deployment. This approach enhances security and flexibility. Here's a suggested change:
This change allows you to:
To ensure this environment variable is used correctly in the application code, please run the following command:
This will help verify that the application is properly configured to use this new environment variable.
Scripts executed
The following scripts were executed for the analysis:
Script:
Length of output: 77
Script:
Length of output: 1986