Enable full-text search keyword extraction, match counting, and contextual highlighting in log components

[uzzor713]

Summary by Sourcery

Enable full-text search keyword extraction, match counting, and contextual highlighting in log components; update query editor theming and development proxy; simplify auth routing and add scheduler dependency.

New Features:

• Extract SQL-like full-text search keywords from log queries to drive content matching
• Highlight matching keywords in log content, key-value entries, and tags based on current query
• Display a match-count indicator banner for full-text searches within each log item

Enhancements:

• Refactor LogKeyTagValue, LogValueTag, and LogTagDropdown to support conditional highlighting
• Adjust CodeMirror search editor styles and switch between 'material-darker' and 'base16-light' themes
• Bypass the auth route guard to always render wrapped components

Build:

• Add an /api proxy in Vite development server configuration
• Add scheduler as a project dependency

[sourcery-ai]

Reviewer's Guide

This PR implements full-text search highlighting across log entries by parsing the current query to extract keywords, counting matches in content and tags, and injecting highlighted HTML based on the theme. It also propagates highlight state to dropdown tag components, refines editor theming and styles, updates proxy configuration, removes the auth guard, and adds a scheduler dependency.

Sequence diagram for full-text search highlighting in log rendering

sequenceDiagram
  participant User
  participant LogItem
  participant LogKeyTagValue
  participant LogsContext
  participant UI

  User->>LogItem: View log entry
  LogItem->>LogsContext: Get current query
  LogItem->>LogKeyTagValue: Pass log content and query
  LogKeyTagValue->>LogsContext: Extract keywords from query
  LogKeyTagValue->>LogKeyTagValue: Count matches in content
  LogKeyTagValue->>UI: Render content with highlighted keywords
  UI->>User: Display highlighted log entry

Loading

Class diagram for updated log tag and value highlighting components

classDiagram
  class LogTagDropDown {
    +objKey
    +value
    +children
    +trigger
    +isFieldInQuery(query, objKey, value)
    +isHighlighted
  }
  class LogKeyTagValue {
    +title
    +description
    +isHighlighted
    +extractFullTextSearchKeywords(query)
    +countMatches(text, keywords)
    +highlightText(text, keywords, theme)
  }
  class KeyTagValueWithHighlight {
    +title
    +description
    +isHighlighted
  }
  class TagWithHighlight {
    +objKey
    +value
    +isHighlighted
    +getHighlightStyle()
  }
  LogTagDropDown o-- LogKeyTagValue
  LogKeyTagValue <|-- KeyTagValueWithHighlight
  LogTagDropDown o-- TagWithHighlight

Loading

File-Level Changes

Change	Details	Files
Add full-text search extraction and highlighting in log value rendering	Imported useLogsContext to access current query Defined utilities to extract LIKE keywords, count matches, and perform theme-aware text highlighting Injected useEffect to recalculate match counts and state when value or query changes Switched to dangerouslySetInnerHTML in longString and string cases to render highlighted HTML	LogKeyTagValue.jsx
Show full-text search summary in each log item	Used useLogsContext and useMemo to parse keywords and count matches in log.content Rendered a styled info banner with match count and keyword list under each LogItem header	LogItem/index.jsx
Propagate highlight state to key/value tag dropdowns	Added isFieldInQuery helper to detect exact and LIKE matches in the query Passed isHighlighted prop through LogTagDropdown and cloned children to apply style Refactored LogValueTag and LogKeyTag to wrap content in a highlight-aware Tag component	LogTagDropdown.jsx LogValueTag.jsx LogKeyTag.jsx
Refine CodeMirror editor theming and styles	Updated LESS to simplify border, background, and placeholder styling Switched editor theme dynamically based on setting and added key prop for re-render Ensured transparent backgrounds and removed redundant styles	CodeMirrorSearch/index.less CodeMirrorSearch/index.jsx
Update project config and dependencies	Added /api proxy target in vite.config.mjs Removed permission check in AuthRouter to always render wrapped component Added scheduler dependency in package.json	vite.config.mjs AuthRouter.tsx package.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey there - I've reviewed your changes and found some issues that need to be addressed.

Blocking issues:

• Detection of dangerouslySetInnerHTML from non-constant definition. This can inadvertently expose users to cross-site scripting (XSS) attacks if this comes from user-provided input. If you have to use dangerouslySetInnerHTML, consider using a sanitization library such as DOMPurify to sanitize your HTML. (link)
• Detection of dangerouslySetInnerHTML from non-constant definition. This can inadvertently expose users to cross-site scripting (XSS) attacks if this comes from user-provided input. If you have to use dangerouslySetInnerHTML, consider using a sanitization library such as DOMPurify to sanitize your HTML. (link)
• Detection of dangerouslySetInnerHTML from non-constant definition. This can inadvertently expose users to cross-site scripting (XSS) attacks if this comes from user-provided input. If you have to use dangerouslySetInnerHTML, consider using a sanitization library such as DOMPurify to sanitize your HTML. (link)
• Directly injecting HTML for highlighting may introduce XSS risks. (link)
• Authorization check is bypassed, which may expose protected routes. (link)

General comments:

• There’s duplicated logic for extracting and matching full-text keywords across components—extract these into a shared hook or util to DRY up the code.
• Highlighting via dangerouslySetInnerHTML could introduce XSS risks—consider sanitizing the HTML or using a safer React text-highlighting library.
• The AuthRouter override currently bypasses all authorization checks—please re-enable or clearly document the intended auth flow.

Prompt for AI Agents

Please address the comments from this code review:
## Overall Comments
- There’s duplicated logic for extracting and matching full-text keywords across components—extract these into a shared hook or util to DRY up the code.
- Highlighting via dangerouslySetInnerHTML could introduce XSS risks—consider sanitizing the HTML or using a safer React text-highlighting library.
- The AuthRouter override currently bypasses all authorization checks—please re-enable or clearly document the intended auth flow.

## Individual Comments

### Comment 1
<location> `frontend/src/oss/views/logs/component/FullLogs/component/LogQueryResult/QueryList/LogItem/component/LogKeyTagValue.jsx:121` </location>
<code_context>
+  keywords.forEach(keyword => {
+    if (keyword && keyword.trim()) {
+      const regex = new RegExp(`(${keyword.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')})`, 'gi')
+      highlightedText = highlightedText.replace(regex, `<span style="color: ${highlightColor}; font-weight: bold;">$1</span>`)
+    }
+  })
</code_context>

<issue_to_address>
Directly injecting HTML for highlighting may introduce XSS risks.

If log content includes user data, sanitize input or use a safer highlighting method to prevent XSS.
</issue_to_address>

### Comment 2
<location> `frontend/src/core/components/AuthRouter.tsx:40` </location>
<code_context>
       )
     }

-    return isAllowed ? <WrappedComponent {...props} /> : <FallbackPage errorInfo={t('routeError')} />
+    // return isAllowed ? <WrappedComponent {...props} /> : <FallbackPage errorInfo={t('routeError')} />
+    return <WrappedComponent {...props} />
</code_context>

<issue_to_address>
Authorization check is bypassed, which may expose protected routes.

Disabling the isAllowed check removes route protection and may allow unauthorized access. Please confirm this change is intentional and restore the check before production if needed.
</issue_to_address>

## Security Issues

### Issue 1
<location> `frontend/src/oss/views/logs/component/FullLogs/component/LogQueryResult/QueryList/LogItem/component/LogKeyTagValue.jsx:211` </location>

<issue_to_address>
**security (typescript.react.security.audit.react-dangerouslysetinnerhtml):** Detection of dangerouslySetInnerHTML from non-constant definition. This can inadvertently expose users to cross-site scripting (XSS) attacks if this comes from user-provided input. If you have to use dangerouslySetInnerHTML, consider using a sanitization library such as DOMPurify to sanitize your HTML.

*Source: opengrep*
</issue_to_address>

### Issue 2
<location> `frontend/src/oss/views/logs/component/FullLogs/component/LogQueryResult/QueryList/LogItem/component/LogKeyTagValue.jsx:221` </location>

<issue_to_address>
**security (typescript.react.security.audit.react-dangerouslysetinnerhtml):** Detection of dangerouslySetInnerHTML from non-constant definition. This can inadvertently expose users to cross-site scripting (XSS) attacks if this comes from user-provided input. If you have to use dangerouslySetInnerHTML, consider using a sanitization library such as DOMPurify to sanitize your HTML.

*Source: opengrep*
</issue_to_address>

### Issue 3
<location> `frontend/src/oss/views/logs/component/FullLogs/component/LogQueryResult/QueryList/LogItem/component/LogKeyTagValue.jsx:256` </location>

<issue_to_address>
**security (typescript.react.security.audit.react-dangerouslysetinnerhtml):** Detection of dangerouslySetInnerHTML from non-constant definition. This can inadvertently expose users to cross-site scripting (XSS) attacks if this comes from user-provided input. If you have to use dangerouslySetInnerHTML, consider using a sanitization library such as DOMPurify to sanitize your HTML.

*Source: opengrep*
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

🚨 issue (security): Directly injecting HTML for highlighting may introduce XSS risks.

If log content includes user data, sanitize input or use a safer highlighting method to prevent XSS.

[sourcery-ai]

🚨 issue (security): Authorization check is bypassed, which may expose protected routes.

Disabling the isAllowed check removes route protection and may allow unauthorized access. Please confirm this change is intentional and restore the check before production if needed.

[sourcery-ai]

security (typescript.react.security.audit.react-dangerouslysetinnerhtml): Detection of dangerouslySetInnerHTML from non-constant definition. This can inadvertently expose users to cross-site scripting (XSS) attacks if this comes from user-provided input. If you have to use dangerouslySetInnerHTML, consider using a sanitization library such as DOMPurify to sanitize your HTML.

Source: opengrep

[sourcery-ai]

security (typescript.react.security.audit.react-dangerouslysetinnerhtml): Detection of dangerouslySetInnerHTML from non-constant definition. This can inadvertently expose users to cross-site scripting (XSS) attacks if this comes from user-provided input. If you have to use dangerouslySetInnerHTML, consider using a sanitization library such as DOMPurify to sanitize your HTML.

Source: opengrep

[sourcery-ai]

security (typescript.react.security.audit.react-dangerouslysetinnerhtml): Detection of dangerouslySetInnerHTML from non-constant definition. This can inadvertently expose users to cross-site scripting (XSS) attacks if this comes from user-provided input. If you have to use dangerouslySetInnerHTML, consider using a sanitization library such as DOMPurify to sanitize your HTML.

Source: opengrep