mirror of
https://github.com/Significant-Gravitas/AutoGPT.git
synced 2026-04-30 03:00:41 -04:00
3b1b2fe30cc4428f3ebf595c301a3193ef5edaa7
14 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Abhimanyu Yadav
|
103a62c9da |
feat(frontend/builder): add filters to blocks menu (#11654)
### Changes 🏗️ This PR adds filtering functionality to the new blocks menu, allowing users to filter search results by category and creator. **New Components:** - `BlockMenuFilters`: Main filter component displaying active filters and filter chips - `FilterSheet`: Slide-out panel for selecting filters with categories and creators - `BlockMenuSearchContent`: Refactored search results display component **Features Added:** - Filter by categories: Blocks, Integrations, Marketplace agents, My agents - Filter by creator: Shows all available creators from search results - Category counts: Display number of results per category - Interactive filter chips with animations (using framer-motion) - Hover states showing result counts on filter chips - "All filters" sheet with apply/clear functionality **State Management:** - Extended `blockMenuStore` with filter state management - Added `filters`, `creators`, `creators_list`, and `categoryCounts` to store - Integrated filters with search API (`filter` and `by_creator` parameters) **Refactoring:** - Moved search logic from `BlockMenuSearch` to `BlockMenuSearchContent` - Renamed `useBlockMenuSearch` to `useBlockMenuSearchContent` - Moved helper functions to `BlockMenuSearchContent` directory **API Changes:** - Updated `custom-mutator.ts` to properly handle query parameter encoding ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Search for blocks and verify filter chips appear - [x] Click "All filters" and verify filter sheet opens with categories - [x] Select/deselect category filters and verify results update accordingly - [x] Filter by creator and verify only blocks from that creator show - [x] Clear all filters and verify reset to default state - [x] Verify filter counts display correctly - [x] Test filter chip hover animations |
||
|
Reinier van der Leer
|
3dbc03e488 |
feat(platform): OAuth API & Single Sign-On (#11617)
We want to provide Single Sign-On for multiple AutoGPT apps that use the Platform as their backend. ### Changes 🏗️ Backend: - DB + logic + API for OAuth flow (w/ tests) - DB schema additions for OAuth apps, codes, and tokens - Token creation/validation/management logic - OAuth flow endpoints (app info, authorize, token exchange, introspect, revoke) - E2E OAuth API integration tests - Other OAuth-related endpoints (upload app logo, list owned apps, external `/me` endpoint) - App logo asset management - Adjust external API middleware to support auth with access token - Expired token clean-up job - Add `OAUTH_TOKEN_CLEANUP_INTERVAL_HOURS` setting (optional) - `poetry run oauth-tool`: dev tool to test the OAuth flows and register new OAuth apps - `poetry run export-api-schema`: dev tool to quickly export the OpenAPI schema (much quicker than spinning up the backend) Frontend: - Frontend UI for app authorization (`/auth/authorize`) - Re-redirect after login/signup - Frontend flow to batch-auth integrations on request of the client app (`/auth/integrations/setup-wizard`) - Debug `CredentialInputs` component - Add `/profile/oauth-apps` management page - Add `isOurProblem` flag to `ErrorCard` to hide action buttons when the error isn't our fault - Add `showTitle` flag to `CredentialsInput` to hide built-in title for layout reasons DX: - Add [API guide](https://github.com/Significant-Gravitas/AutoGPT/blob/pwuts/sso/docs/content/platform/integrating/api-guide.md) and [OAuth guide](https://github.com/Significant-Gravitas/AutoGPT/blob/pwuts/sso/docs/content/platform/integrating/oauth-guide.md) ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Manually verify test coverage of OAuth API tests - Test `/auth/authorize` using `poetry run oauth-tool test-server` - [x] Works - [x] Looks okay - Test `/auth/integrations/setup-wizard` using `poetry run oauth-tool test-server` - [x] Works - [x] Looks okay - Test `/profile/oauth-apps` page - [x] All owned OAuth apps show up - [x] Enabling/disabling apps works - [ ] ~~Uploading logos works~~ can only test this once deployed to dev #### For configuration changes: - [x] `.env.default` is updated or already compatible with my changes - [x] `docker-compose.yml` is updated or already compatible with my changes - [x] I have included a list of my configuration changes in the PR description (under **Changes**) |
||
|
Zamil Majdy
|
a78b08f5e7 |
feat(platform): implement admin user impersonation with header-based authentication (#11298)
## Summary Implement comprehensive admin user impersonation functionality to enable admins to act on behalf of any user for debugging and support purposes. ## 🔐 Security Features - **Admin Role Validation**: Only users with 'admin' role can impersonate others - **Header-Based Authentication**: Uses `X-Act-As-User-Id` header for impersonation requests - **Comprehensive Audit Logging**: All impersonation attempts logged with admin details - **Secure Error Handling**: Proper HTTP 403/401 responses for unauthorized access - **SSR Safety**: Client-side environment checks prevent server-side rendering issues ## 🏗️ Architecture ### Backend Implementation (`autogpt_libs/auth/dependencies.py`) - Enhanced `get_user_id` FastAPI dependency to process impersonation headers - Admin role verification using existing `verify_user()` function - Audit trail logging with admin email, user ID, and target user - Seamless integration with all existing routes using `get_user_id` dependency ### Frontend Implementation - **React Hook**: `useAdminImpersonation` for state management and API calls - **Security Banner**: Prominent warning when impersonation is active - **Admin Panel**: Control interface for starting/stopping impersonation - **Session Persistence**: Maintains impersonation state across page refreshes - **Full Page Refresh**: Ensures all data updates correctly on state changes ### API Integration - **Header Forwarding**: All API requests include impersonation header when active - **Proxy Support**: Next.js API proxy forwards headers to backend - **Generated Hooks**: Compatible with existing React Query API hooks - **Error Handling**: Graceful fallback for storage/authentication failures ## 🎯 User Experience ### For Admins 1. Navigate to `/admin/impersonation` 2. Enter target user ID (UUID format with validation) 3. System displays security banner during active impersonation 4. All API calls automatically use impersonated user context 5. Click "Stop Impersonation" to return to admin context ### Security Notice - **Audit Trail**: All impersonation logged with `logger.info()` including admin email - **Session Isolation**: Impersonation state stored in sessionStorage (not persistent) - **No Token Manipulation**: Uses header-based approach, preserving admin's JWT - **Role Enforcement**: Backend validates admin role on every impersonated request ## 🔧 Technical Details ### Constants & Configuration - `IMPERSONATION_HEADER_NAME = "X-Act-As-User-Id"` - `IMPERSONATION_STORAGE_KEY = "admin-impersonate-user-id"` - Centralized in `frontend/src/lib/constants.ts` and `autogpt_libs/auth/dependencies.py` ### Code Quality Improvements - **DRY Principle**: Eliminated duplicate header forwarding logic - **Icon Compliance**: Uses Phosphor Icons per coding guidelines - **Type Safety**: Proper TypeScript interfaces and error handling - **SSR Compatibility**: Environment checks for client-side only operations - **Error Consistency**: Uniform silent failure with logging approach ### Testing - Updated backend auth dependency tests for new function signatures - Added Mock Request objects for comprehensive test coverage - Maintained existing test functionality while extending capabilities ## 🚀 CodeRabbit Review Responses All CodeRabbit feedback has been addressed: 1. ✅ **DRY Principle**: Refactored duplicate header forwarding logic 2. ✅ **Icon Library**: Replaced lucide-react with Phosphor Icons 3. ✅ **SSR Safety**: Added environment checks for sessionStorage 4. ✅ **UI Improvements**: Synchronous initialization prevents flicker 5. ✅ **Error Handling**: Consistent silent failure with logging 6. ✅ **Backend Validation**: Confirmed comprehensive security implementation 7. ✅ **Type Safety**: Addressed TypeScript concerns 8. ✅ **Code Standards**: Followed all coding guidelines and best practices ## 🧪 Testing Instructions 1. **Login as Admin**: Ensure user has admin role 2. **Navigate to Panel**: Go to `/admin/impersonation` 3. **Test Impersonation**: Enter valid user UUID and start impersonation 4. **Verify Banner**: Security banner should appear at top of all pages 5. **Test API Calls**: Verify credits/graphs/etc show impersonated user's data 6. **Check Logging**: Backend logs should show impersonation audit trail 7. **Stop Impersonation**: Verify return to admin context works correctly ## 📝 Files Modified ### Backend - `autogpt_libs/auth/dependencies.py` - Core impersonation logic - `autogpt_libs/auth/dependencies_test.py` - Updated test signatures ### Frontend - `src/hooks/useAdminImpersonation.ts` - State management hook - `src/components/admin/AdminImpersonationBanner.tsx` - Security warning banner - `src/components/admin/AdminImpersonationPanel.tsx` - Admin control interface - `src/app/(platform)/admin/impersonation/page.tsx` - Admin page - `src/app/(platform)/admin/layout.tsx` - Navigation integration - `src/app/(platform)/layout.tsx` - Banner integration - `src/lib/autogpt-server-api/client.ts` - Header injection for API calls - `src/lib/autogpt-server-api/helpers.ts` - Header forwarding logic - `src/app/api/proxy/[...path]/route.ts` - Proxy header forwarding - `src/app/api/mutators/custom-mutator.ts` - Enhanced error handling - `src/lib/constants.ts` - Shared constants ## 🔒 Security Compliance - **Authorization**: Admin role required for impersonation access - **Authentication**: Uses existing JWT validation with additional role checks - **Audit Logging**: Comprehensive logging of all impersonation activities - **Error Handling**: Secure error responses without information leakage - **Session Management**: Temporary sessionStorage without persistent data - **Header Validation**: Proper sanitization and validation of impersonation headers This implementation provides a secure, auditable, and user-friendly admin impersonation system that integrates seamlessly with the existing AutoGPT Platform architecture. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Admin user impersonation to view the app as another user. * New "User Impersonation" admin page for entering target user IDs and managing sessions. * Sidebar link for quick access to the impersonation page. * Persistent impersonation state that updates app data (e.g., credits) and survives page reloads. * Top warning banner when impersonation is active with a Stop Impersonation control. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude <noreply@anthropic.com> |
||
|
Ubbe
|
063dc5cf65 |
refactor(frontend): standardise with environment service (#11209)
## Changes 🏗️ Standardize all the runtime environment checks on the Front-end and associated conditions to run against a single environment service where all the environment config is centralized and hence easier to manage. This helps prevent typos and bug when manually asserting against environment variables ( which are typed as `string` ), the helper functions are easier to read and re-use across the codebase. ## Checklist 📋 ### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Run the app and click around - [x] Everything is smooth - [x] Test on the CI and types are green ### For configuration changes: None 🙏🏽 |
||
|
Abhimanyu Yadav
|
63076a67e1 |
fix(frontend): fix client side error handling in custom mutator (#11160)
- depends on https://github.com/Significant-Gravitas/AutoGPT/pull/11159 Currently, we’re not throwing errors for client-side requests in the custom mutator. This way, we’re ignoring the client-side request error. If we do encounter an error, we send it as a normal response object. That’s why our onError callback on React Query mutation and hasError isn’t working in the query. To fix this, in this PR, we’re throwing the client-side error. ### Changes 🏗️ - We’re throwing errors for both server-side and client-side requests. - Why server-side? So the client cache isn’t hydrated with the error. ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] All end-to-end functionality is working properly. - [x] I’ve manually checked all the pages and they are all functioning correctly. |
||
|
Nicholas Tindle
|
dd84fb5c66 |
feat(platform): Add public share links for agent run results (#10938)
<!-- Clearly explain the need for these changes: --> This PR adds the ability for users to share their agent run results publicly via shareable links. Users can generate a public link that allows anyone to view the outputs of a specific agent execution without requiring authentication. This feature enables users to share their agent results with clients, colleagues, or the community. https://github.com/user-attachments/assets/5508f430-07d0-4cd3-87bc-301b0b005cce ### Changes 🏗️ #### Backend Changes - **Database Schema**: Added share tracking fields to `AgentGraphExecution` model in Prisma schema: - `isShared`: Boolean flag to track if execution is shared - `shareToken`: Unique token for the share URL - `sharedAt`: Timestamp when sharing was enabled - **API Endpoints**: Added three new REST endpoints in `/backend/backend/server/routers/v1.py`: - `POST /graphs/{graph_id}/executions/{graph_exec_id}/share`: Enable sharing for an execution - `DELETE /graphs/{graph_id}/executions/{graph_exec_id}/share`: Disable sharing - `GET /share/{share_token}`: Retrieve shared execution data (public endpoint) - **Data Models**: - Created `SharedExecutionResponse` model for public-safe execution data - Added `ShareRequest` and `ShareResponse` Pydantic models for type-safe API responses - Updated `GraphExecutionMeta` to include share status fields - **Security**: - All share management endpoints verify user ownership before allowing changes - Public endpoint only exposes OUTPUT block data, no intermediate execution details - Share tokens are UUIDs for security #### Frontend Changes - **ShareButton Component** (`/frontend/src/components/ShareButton.tsx`): - Modal dialog for managing share settings - Copy-to-clipboard functionality for share links - Clear warnings about public accessibility - Uses Orval-generated API hooks for enable/disable operations - **Share Page** (`/frontend/src/app/(no-navbar)/share/[token]/page.tsx`): - Clean, navigation-free page for viewing shared executions - Reuses existing `RunOutputs` component for consistent output rendering - Proper error handling for invalid/disabled share links - Loading states during data fetch - **API Integration**: - Fixed custom mutator to properly set Content-Type headers for POST requests with empty bodies - Generated TypeScript types via Orval for type-safe API calls ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: <!-- Test plan: --> - [x] Enable sharing for an agent execution and verify share link is generated - [x] Copy share link and verify it copies to clipboard - [x] Open share link in incognito/private browser and verify outputs are displayed - [x] Disable sharing and verify share link returns 404 - [x] Try to enable/disable sharing for another user's execution (should fail with 404) - [x] Verify share page shows proper loading and error states - [x] Test that only OUTPUT blocks are shown in shared view, no intermediate data = |
||
|
Reinier van der Leer
|
12cdd45551 |
refactor(backend): Improve auth setup & OpenAPI generation (#10720)
Our current auth setup (`autogpt_libs.auth` + its usage) is quite inconsistent and doesn't do all of its jobs properly. The 401 responses you get when unauthenticated are not included in the OpenAPI spec, causing these to be unaccounted for in the generated frontend API client. Usage of the FastAPI dependencies supplied by `autogpt_libs.auth.depends` aren't consistently used the same way, making maintenance on these hard to oversee. API tests use many different ways to get around the auth requirement, making this also hard to maintain and oversee. This pull request aims to fix all of this and give us a consistent, clean, and self-documenting API auth implementation. - Resolves #10715 ### Changes 🏗️ - Homogenize use of `autogpt_libs.auth` security dependencies throughout the backend - Fix OpenAPI schema generation for 401 responses - Handle possible 401 responses in frontend - Tighten validation and add warnings for weak settings in `autogpt_libs.auth.config` - Increase test coverage for `autogpt_libs.auth` to 100% - Standardize auth setup for API tests - Rename `APIKeyValidator` to `APIKeyAuthenticator` and move to its own module in `backend.server` ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] All tests for `autogpt_libs.auth` pass - [x] All tests for `backend.server` pass - [x] @ntindle does a security audit for these changes - [x] OpenAPI spec for authenticated routes is generated with the appropriate `401` response --------- Co-authored-by: Nicholas Tindle <nicholas.tindle@agpt.co> |
||
|
Reinier van der Leer
|
aa256f21cd |
feat(platform/library): Infinite scroll in Agent Runs list (#10709)
- Resolves #10645 ### Changes 🏗️ - Implement infinite scroll in the Agent Runs list (on `/library/agents/[id]`) - Add horizontal scroll support to `ScrollArea` and `InfiniteScroll` components - Fix `InfiniteScroll` triggering twice - Fix date handling by React Queries - Add response mutator to parse dates coming out of API - Make legacy `GraphExecutionMeta` compatible with generated type ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - Open `/library/agents/[id]` - [x] Agent runs list loads - Scroll agent runs list to the end - [x] More runs are loaded and appear in the list |
||
|
Zamil Majdy
|
4bfeddc03d |
feat(platform/docker): add frontend service to docker-compose with env config improvements (#10615)
## Summary This PR adds the frontend service to the Docker Compose configuration, enabling `docker compose up` to run the complete stack, including the frontend. It also implements comprehensive environment variable improvements, unified .env file support, and fixes Docker networking issues. ## Key Changes ### 🐳 Docker Compose Improvements - **Added frontend service** to `docker-compose.yml` and `docker-compose.platform.yml` - **Production build**: Uses `pnpm build + serve` instead of dev server for better stability and lower memory usage - **Service dependencies**: Frontend now waits for backend services (`rest_server`, `websocket_server`) to be ready - **YAML anchors**: Implemented DRY configuration to avoid duplicating environment values ### 📁 Unified .env File Support - **Frontend .env loading**: Automatically loads `.env` file during Docker build and runtime - **Backend .env loading**: Optional `.env` file support with fallback to sensible defaults in `settings.py` - **Single source of truth**: All `NEXT_PUBLIC_*` and API keys can be defined in respective `.env` files - **Docker integration**: Updated `.dockerignore` to include `.env` files in build context - **Git tracking**: Frontend and backend `.env` files are now trackable (removed from gitignore) ### 🔧 Environment Variable Architecture - **Dual environment strategy**: - Server-side code uses Docker service names (`http://rest_server:8006/api`) - Client-side code uses localhost URLs (`http://localhost:8006/api`) - **Comprehensive config**: Added build args and runtime environment variables - **Network compatibility**: Fixes connection issues between frontend and backend containers - **Shared backend variables**: Common environment variables (service hosts, auth settings) centralized using YAML anchors ### 🛠️ Code Improvements - **Centralized env-config helper** (`/frontend/src/lib/env-config.ts`) with server-side priority - **Updated all frontend code** to use shared environment helpers instead of direct `process.env` access - **Consistent API**: All environment variable access now goes through helper functions - **Settings.py improvements**: Better defaults for CORS origins and optional .env file loading ### 🔗 Files Changed - `docker-compose.yml` & `docker-compose.platform.yml` - Added frontend service and shared backend env vars - `frontend/Dockerfile` - Simplified build process to use .env files directly - `backend/settings.py` - Optional .env loading and better defaults - `frontend/src/lib/env-config.ts` - New centralized environment configuration - `.dockerignore` - Allow .env files in build context - `.gitignore` - Updated to allow frontend/backend .env files - Multiple frontend files - Updated to use env helpers - Updates to both auto installer scripts to work with the latest setup! ## Benefits - ✅ **Single command deployment**: `docker compose up` now runs everything - ✅ **Better reliability**: Production build reduces memory usage and crashes - ✅ **Network compatibility**: Proper container-to-container communication - ✅ **Maintainable config**: Centralized environment variable management with .env files - ✅ **Development friendly**: Works in both Docker and local development - ✅ **API key management**: Easy configuration through .env files for all services - ✅ **No more manual env vars**: Frontend and backend automatically load their respective .env files ## Testing - ✅ Verified Docker service communication works correctly - ✅ Frontend responds and serves content properly - ✅ Environment variables are correctly resolved in both server and client contexts - ✅ No connection errors after implementing service dependencies - ✅ .env file loading works correctly in both build and runtime phases - ✅ Backend services work with and without .env files present ### Checklist 📋 #### For configuration changes: - [x] `.env.default` is updated or already compatible with my changes - [x] `docker-compose.yml` is updated or already compatible with my changes - [x] I have included a list of my configuration changes in the PR description (under **Changes**) 🤖 Generated with [Claude Code](https://claude.ai/code) --------- Co-authored-by: Lluis Agusti <hi@llu.lu> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Nicholas Tindle <nicholas.tindle@agpt.co> Co-authored-by: Claude <claude@users.noreply.github.com> Co-authored-by: Bentlybro <Github@bentlybro.com> |
||
|
Ubbe
|
a135f09336 |
feat(frontend): update settings form (#10628)
## Changes 🏗️ <img width="800" height="687" alt="Screenshot 2025-08-12 at 15 52 41" src="https://github.com/user-attachments/assets/0d2d70b8-e727-428b-915e-d4c108ab7245" /> <img width="800" height="772" alt="Screenshot 2025-08-12 at 15 52 53" src="https://github.com/user-attachments/assets/b9790616-3754-455e-b8f6-58cd7f6b5a18" /> Update the Account Settings ( `profile/settings` ) form so that: - it uses the new Design System components - it is split into 2 forms ( update email & notifications ) - the change password inputs have been removed instead we link to the `/reset-password` page - uses a normal API route and client query to update the email This might fix as well an error we are seeing when updating email preferences on dev. My guess is it is failing because previously it was using a server action + supabase and it didn't have access to the cookies auth 🍪 ## Checklist 📋 ### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Navigate to `/profile/settings` - [x] Can update the email - [x] Can change notification preferences - [x] New E2E tests pass on the CI and make sense ### For configuration changes: None |
||
|
Abhimanyu Yadav
|
e043e4989b |
fix(frontend) : Update server-side mutator to bypass proxy (#10523)
This PR helps us bypass the proxy server in server-side requests, allowing us to directly send requests to the backend and reduce latency. ### Changes 🏗️ - Introduced server-side detection to dynamically set the base URL for API requests. - Added error handling for server-side requests to log failures and throw errors appropriately. - Updated header management to include authentication tokens when applicable. ### Checklist 📋 - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] All E2E tests are working. - [x] I have manually checked the server-side and client-side components, and both are working perfectly. |
||
|
Reinier van der Leer
|
b1f3122243 |
fix(frontend): Add fallback for NEXT_PUBLIC_FRONTEND_BASE_URL to API proxy (#10299)
- Resolves #10298 - Follow-up to #10270 ### Changes 🏗️ Amend two changes from #10270: - Add fallback for `NEXT_PUBLIC_FRONTEND_BASE_URL` in custom-mutator.ts - Revert rename of `FRONTEND_BASE_URL` to `NEXT_PUBLIC_FRONTEND_BASE_URL` in `backend/.env.example` ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - Don't set `NEXT_PUBLIC_FRONTEND_BASE_URL` - Run the platform locally - [x] -> `/library` loads normally #### For configuration changes: - [x] `.env.example` is updated or already compatible with my changes - [x] I have included a list of my configuration changes in the PR description (under **Changes**) |
||
|
Abhimanyu Yadav
|
4f6e66447f |
fix(frontend): fix custom mutator of orval (#10269)
This pull request includes updates to the environment configuration and API mutator logic in the `autogpt_platform/frontend` directory. The changes aim to improve flexibility by introducing dynamic base URLs through environment variables. Environment configuration updates: * [`autogpt_platform/frontend/.env.example`](diffhunk://#diff-72012a00359825421736dc064be74187011cb5b0462bea1ed3a3c5ca80bb3117R2): Added `NEXT_PUBLIC_FRONTEND_BASE_URL` to define the base URL for the frontend dynamically. API mutator logic updates: * [`autogpt_platform/frontend/src/app/api/mutators/custom-mutator.ts`](diffhunk://#diff-28c5af33c7bd0ecddc1793aa6a27bfd5b4f979b62c29990538aceea3320d8be9L1-R1): Updated `BASE_URL` to use the `NEXT_PUBLIC_FRONTEND_BASE_URL` environment variable, enabling dynamic configuration of the API proxy URL. ### Checklist - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] Tested manually and everything is working perfectly |
||
|
Abhimanyu Yadav
|
b5c7f381c1 |
feat(platform): centralize api calls in nextjs for token handling (#10222)
This PR helps to send all the React query requests through a Next.js server proxy. It works something like this: when a user sends a request, our custom mutator sends a request to the proxy server, where we add the auth token to the header and send it to the backend again. 🌐 Users can send a client-side request directly to the backend server because their browser does have access to auth tokens, so they need to go via the Next.js server. 🚀 ### Changes 🏗️ - Change the position of the generated client, mutator, and transfer inside `/src/app/api` - Update the mutator to send the request to the proxy server - Add a proxy server at `/api/proxy`, which handles the request using `makeAuthenticatedRequest` and `makeAuthenticatedFileUpload` helpers and sends the request to the backend - Remove `getSupabaseClient`, because we do not have access to the auth token on client side, hence no need 🔑 - Update Orval configs to generate the client at the new position - Added new backend updates to the auto-generated client. ### Checklist 📋 #### For code changes: - [x] I have clearly listed my changes in the PR description - [x] I have made a test plan - [x] I have tested my changes according to the test plan: - [x] The setting page is using React Query and is working fine. - [x] The mutator is sending requests to the proxy server correctly. - [x] The proxy server is handling requests correctly. - [x] The response handling is correct in both the proxy server and the custom mutator. |