Lais v2.1 by gouravmore · Pull Request #117 · Sunbird-ALL/all-content-service

gouravmore · 2025-06-20T12:12:51Z

Summary by CodeRabbit

New Features
- Introduced JWT-based authentication, securing all content and collection endpoints.
- Added support for CEFR level filtering in content and collection management.
- Enhanced CORS configuration to restrict allowed origins based on environment settings.
- Implemented additional security headers for all HTTP responses.
Improvements
- Expanded and refined English content level configurations for more granular complexity filtering.
- Improved handling of reading complexity for Tamil language content.
- Enhanced content search and filtering capabilities, including better duplicate handling and more flexible queries.
- Improved Swagger API documentation formatting for better readability.
- Added CEFR level parameter support across multiple content service methods.
- Refined pagination and content retrieval methods with improved parameter handling and formatting.
Bug Fixes
- Enforced pagination limits to prevent out-of-range values.
Chores
- Updated dependencies to include authentication and security packages.
- Updated workflow to trigger deployments from a new branch.
Style
- Standardized formatting and indentation across multiple configuration and service files for consistency.

Release 1.3 vapt fixes 0.1

Release 1.3 vapt fixes

LAIS-v1.1

Fix :1.security policy added 2.Formating chnages done

Feat: 1.Session expired feature added

Feat: password added for the redis

Task : Change the complexity values with new Complexity for hi

Added new CEFR_level changes (for M4 to M9 content) #242170

Fix- Security policy added

Fix : cors origin added for the specific apis

Lais v2.0

coderabbitai · 2025-06-20T12:12:57Z

Walkthrough

This update introduces JWT-based authentication using NestJS modules and applies it to key controllers, adds new authentication dependencies, and enhances CORS and security headers. It expands language and complexity configurations, adds CEFR level support in schemas and services, and refines query logic for content and collections. Formatting improvements are applied throughout.

Changes

File(s)	Change Summary
.github/workflows/Dev.yml	Changed workflow trigger branch from "test" to "-v2.0" for push events.
package.json	Added dependencies for JWT, Passport, CORS, and related authentication/security packages.
src/app-cluster.service.ts, src/app.controller.ts	Reformatted code and improved indentation; no logic changes.
src/app.module.ts	Imported and integrated new `AuthModule` into the main application module.
src/auth/auth.guard.ts, src/auth/auth.module.ts	Added new JWT authentication guard and module, exporting guard and JWT service.
src/config/commonConfig.ts	Added `readingComplexity` property for Tamil reading complexity levels.
src/config/language/en.ts	Expanded and restructured English content level configuration with detailed syllable/word constraints per type/level.
src/config/language/hi.ts, src/config/language/kn.ts, src/config/language/ta.ts, src/config/language/te.ts	Reformatted code: changed quote style, added commas, adjusted indentation, added trailing newlines.
src/controllers/collection.controller.ts, src/controllers/content.controller.ts	Applied `@UseGuards(JwtAuthGuard)` for JWT protection; improved Swagger schema formatting; added CEFR level handling.
src/main.ts	Replaced CORS wildcard with environment-based origins using `cors` package; added security headers via response hook.
src/schemas/collection.schema.ts, src/schemas/content.schema.ts	Added optional `CEFR_level` property to `level_complexity` objects; improved formatting.
src/services/collection.service.ts	Refactored to support optional `CEFR_level` parameter in competency collection queries.
src/services/content.service.ts	Enhanced search/filter/mechanics methods to support CEFR level, improved query logic, and code formatting.

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant Controller
  participant JwtAuthGuard
  participant JwtService
  participant ExternalAuthAPI
  participant Service

  Client->>Controller: HTTP Request (with JWT)
  Controller->>JwtAuthGuard: Guard checks request
  JwtAuthGuard->>JwtService: Decrypts & verifies JWT
  JwtAuthGuard->>ExternalAuthAPI: Check user login status
  ExternalAuthAPI-->>JwtAuthGuard: Login status response
  JwtAuthGuard-->>Controller: Allow or deny request
  Controller->>Service: Proceeds with business logic (if allowed)
  Service-->>Controller: Response
  Controller-->>Client: HTTP Response

Possibly related PRs

Merge branch 'all-1.1-prod' #37: Modifies the GitHub Actions workflow trigger branch, similar to this PR's workflow trigger branch change.
Lais 1.0 #96: Also changes the workflow trigger branch in the same workflow file, indicating related CI/CD trigger configuration.
0.1 vapt fixes #94: Adds JWT authentication dependencies, modules, and guards, closely related to the authentication features introduced here.

Poem

In burrows deep, with code anew,
JWT guards now hop right through.
CORS is trimmed, and headers tight,
CEFR levels shine so bright.
With every hop, complexity grows,
Secure and swift, the service flows!
🐇✨

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

npm error Exit handler never called!
npm error This is an error with npm itself. Please report this error at:
npm error https://github.com/npm/cli/issues
npm error A complete log of this run can be found in: /.npm/_logs/2025-06-24T13_40_35_682Z-debug-0.log

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3e78f0c and a65d564.

📒 Files selected for processing (1)

src/main.ts (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

src/main.ts

✨ Finishing Touches

📝 Generate Docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Explain this complex logic.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai explain this code block.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read src/utils.ts and explain its main purpose.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai generate docstrings to generate docstrings for this PR.
@coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

Fix : redis removed

coderabbitai

Actionable comments posted: 8

🔭 Outside diff range comments (1)

src/services/content.service.ts (1)

325-1555: Consider refactoring the search method to reduce complexity.

The search method is over 1200 lines with deeply nested conditions and repeated patterns. This makes it difficult to maintain and test.

Consider breaking down the search logic into smaller, focused methods:

Extract token processing logic

Create separate methods for each fallback strategy

Consolidate duplicate aggregation pipeline patterns

Consider using a strategy pattern for language-specific search logic

This would improve readability, testability, and reduce the chance of bugs.

🧹 Nitpick comments (9)

package.json (2)
35-35: Move type definitions to devDependencies.

Type definitions should be placed in devDependencies rather than dependencies since they're only needed during development and build time.
-    "@types/passport-jwt": "^4.0.1",
Add to devDependencies section:
     "@types/express": "^4.17.17",
     "@types/jest": "^29.5.2",
     "@types/node": "^20.3.1",
+    "@types/passport-jwt": "^4.0.1",
     "@types/supertest": "^2.0.12",
44-45: Consider potential redundancy between JWT libraries.

Both jose and jsonwebtoken provide JWT functionality. Consider whether both are necessary or if one can be removed to reduce bundle size.
#!/bin/bash
# Description: Check usage of jose and jsonwebtoken libraries to determine if both are needed

# Search for jose usage
echo "=== JOSE usage ==="
rg -A 3 "import.*jose|require.*jose" 

# Search for jsonwebtoken usage  
echo "=== jsonwebtoken usage ==="
rg -A 3 "import.*jsonwebtoken|require.*jsonwebtoken"
src/controllers/collection.controller.ts (3)
164-164: Fix typo in method name.

The method name has a typo that affects code readability.
-  async fatchAll(@Res() response: FastifyReply) {
+  async fetchAll(@Res() response: FastifyReply) {
235-237: Fix typo in method name.

The method name has a typo that affects code readability.
-  async fatchByLanguage(
+  async fetchByLanguage(
151-151: Fix typos in API response descriptions.

Multiple instances of "retrive" should be "retrieve" in the API documentation.

Update all occurrences:

Line 151: "Error while retrieve the data from collection"

Line 221: "Error while retrieve the data from collection"

Line 289: "Error while retrieve the data from collection"

Line 374: "Error while retrieve the data from collection"

Also applies to: 221-221, 289-289, 374-374
src/main.ts (1)
38-38: Fix typos in comments.
-  // Cors aalowd for the specific url
+  // CORS allowed for specific URLs
-  // content-security-policys added
+  // Content Security Policy headers added
Also applies to: 53-53
src/auth/auth.guard.ts (1)
17-20: Remove unnecessary empty line in constructor.
 constructor(
   private jwtService: JwtService
- ) { }
+ ) {}
src/controllers/content.controller.ts (1)

1041-1116: Consider refactoring complex getContent logic for maintainability.

The nested conditionals and multiple service calls make this method difficult to follow. Consider extracting the story mode logic into a separate method.

The method has multiple responsibilities:

Handling story mode with competency collections

Fetching content with various filters

Processing mechanics data

Consider breaking this into smaller, focused methods like getStoryModeContent(), getFilteredContent(), and processMechanicsData() for better readability and testability.
src/services/content.service.ts (1)
676-676: Replace delete operator with undefined assignment for better performance.

The delete operator can impact performance in V8 engine.
-delete query.contentSourceData.$elemMatch['$or'];
+query.contentSourceData.$elemMatch['$or'] = undefined;

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bf5b86c and 54ea0e5.

⛔ Files ignored due to path filters (1)

package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (20)

.github/workflows/Dev.yml (1 hunks)
package.json (1 hunks)
src/app-cluster.service.ts (1 hunks)
src/app.controller.ts (1 hunks)
src/app.module.ts (2 hunks)
src/auth/auth.guard.ts (1 hunks)
src/auth/auth.module.ts (1 hunks)
src/config/commonConfig.ts (1 hunks)
src/config/language/en.ts (1 hunks)
src/config/language/hi.ts (1 hunks)
src/config/language/kn.ts (1 hunks)
src/config/language/ta.ts (1 hunks)
src/config/language/te.ts (1 hunks)
src/controllers/collection.controller.ts (15 hunks)
src/controllers/content.controller.ts (32 hunks)
src/main.ts (3 hunks)
src/schemas/collection.schema.ts (1 hunks)
src/schemas/content.schema.ts (9 hunks)
src/services/collection.service.ts (2 hunks)
src/services/content.service.ts (43 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (2)

src/auth/auth.module.ts (1)

src/app.module.ts (1)

Module (15-45)

src/schemas/content.schema.ts (1)

src/schemas/collection.schema.ts (1)

Schema (6-104)

🪛 Biome (1.9.4)

src/app-cluster.service.ts

[error] 9-9: Don't use 'Function' as a type.

Prefer explicitly define the function shape. This type accepts any function-like value, which can be a common source of bugs.

(lint/complexity/noBannedTypes)

src/services/content.service.ts

[error] 623-623: Do not access Object.prototype method 'hasOwnProperty' from target object.