2025 10 working branch #72
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull Request Overview
This PR introduces significant infrastructure improvements and refactoring across the ReLab application stack:
Purpose: Add Redis caching support, improve email handling with MJML templates, enhance validation, update dependencies, and refactor database models for Pydantic 2.12+ compatibility.
Key Changes:
- Infrastructure: Added Redis cache service with health checks and persistence
- Email System: Migrated from plain text to MJML-compiled HTML templates with FastAPI-Mail integration
- Dependencies: Updated Expo/Metro/React ecosystem, upgraded Pydantic constraints, added Redis/MJML libraries
- Database: Fixed SQLModel relationship issues for Pydantic 2.12+ compatibility
- Validation: Improved frontend user/product validation with better error messages
Reviewed Changes
Copilot reviewed 87 out of 92 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| renovate.json | Formatting changes and added :preserveSemverRanges preset |
| frontend-web/package.json | Updated expo-image from ~2.3.0 to ~2.4.0 |
| frontend-web/package-lock.json | Dependency updates for Expo/Metro ecosystem and peer dependencies |
| frontend-app/package.json | Updated expo from 54.0.13 to 54.0.15 |
| frontend-app/package-lock.json | Updated Expo dependencies and added yaml package |
| frontend-app/src/services/api/validation/*.ts | New validation utilities with structured error messages |
| frontend-app/src/components/product/ProductComponents.tsx | Updated to use new validation functions |
| frontend-app/src/app/products/[id]/index.tsx | Added tooltip for validation errors and useMemo |
| frontend-app/src/app/(auth)/new-account.tsx | Complete refactor with real-time validation and improved UX |
| compose.yml | Added Redis service with health checks and updated image digests |
| compose.prod.yml | Added cache volume persistence and updated backup compression |
| compose.override.yml | Exposed Redis port 6379 for development |
| backend/pyproject.toml | Added Redis, FastAPI-Mail, MJML; upgraded Pydantic/SQLModel |
| backend/app/core/config.py | Added Redis settings and converted passwords to SecretStr |
| backend/app/core/redis.py | New Redis connection management with graceful degradation |
| backend/app/main.py | Added lifespan manager for Redis and email checker initialization |
| backend/app/templates/emails/src/*.mjml | New MJML email templates for all email types |
| backend/app/templates/emails/build/*.html | Compiled HTML email templates |
| backend/tests/conftest.py | Added email testing fixtures and mock utilities |
| backend/tests/tests/emails/*.py | New comprehensive email tests |
| backend/scripts/seed/migrations_entrypoint.sh | Improved environment variable handling with lowercase helper |
| backend/scripts/create_superuser.py | Fixed to use SecretStr.get_secret_value() |
| backend/scripts/compile_email_templates.py | New script to compile MJML templates |
| backend/scripts/backup/*.sh | New backup scripts for PostgreSQL and user uploads with rsync/rclone support |
| backend/app/api/*/models.py | Added explicit relationship kwargs for Pydantic 2.12+ compatibility |
Files not reviewed (2)
- frontend-app/package-lock.json: Language not supported
- frontend-web/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 87 out of 92 changed files in this pull request and generated 2 comments.
Files not reviewed (2)
- frontend-app/package-lock.json: Language not supported
- frontend-web/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 87 out of 92 changed files in this pull request and generated 3 comments.
Files not reviewed (2)
- frontend-app/package-lock.json: Language not supported
- frontend-web/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@mrvisscher I just added a basic circularity_properties model (7e614f5), I think we can start with implementing this in the frontend. |
… product get endpoint
…implify email setup
- Add CircularityPropertiesBase and CircularityProperties database models with fields for recyclability, repairability, and remanufacturability - Each property has observation (required), comment (optional), and reference (optional) fields - Add one-to-one relationship between Product and CircularityProperties - Create full CRUD operations for circularity properties - Add REST API endpoints (GET, POST, PATCH, DELETE) for managing circularity properties - Update product schemas to support circularity_properties in create/read/update operations - Update API documentation and examples to include circularity properties - Add alembic migration script for new circularity properties model
simonvanlierde
force-pushed
the
2025-10_working_branch
branch
from
69a7725 to
04715fe
Compare
…erties Frontend app circularity properties
…igrations Docker image
| except RequestError as e: | ||
| # Network-level errors (DNS, connection refused, timeouts). | ||
| logger = logging.getLogger(__name__) | ||
| logger.warning("Network error contacting camera %s%s: %s", camera.url, endpoint, e) |
Check failure
Code scanning / CodeQL
Log Injection High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 24 days ago
To fix the log injection vulnerability, we must ensure any user-provided input logged is sanitized. For text logs, this typically involves stripping line breaks and carriage returns from the logged representation. Thus, in utils.py inside fetch_from_camera_url, before logging the network error with the endpoint, we should sanitize endpoint by removing or replacing newline (\n) and carriage return (\r) characters. The fix requires changing line 80 so that the logged value for endpoint contains only a single line—i.e., replacing \r and \n with empty strings. We do this inline before logging. Only code inside backend/app/api/plugins/rpi_cam/routers/camera_interaction/utils.py needs to be updated, on line 80 of the function.
| @@ -77,7 +77,8 @@ | ||
| except RequestError as e: | ||
| # Network-level errors (DNS, connection refused, timeouts). | ||
| logger = logging.getLogger(__name__) | ||
| logger.warning("Network error contacting camera %s%s: %s", camera.url, endpoint, e) | ||
| safe_endpoint = endpoint.replace("\r", "").replace("\n", "") | ||
| logger.warning("Network error contacting camera %s%s: %s", camera.url, safe_endpoint, e) | ||
| raise HTTPException( | ||
| status_code=503, | ||
| detail={ |
…ed sqladmin interface
…s Patch update schema
Uh oh!
There was an error while loading. Please reload this page.