Conversation
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (9)
WalkthroughThe pull request adds two new drive actions—sign and verify—using the EU DSS (European Digital Signature Service) protocol. A new helper module ( Suggested labels
Suggested reviewers
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
BundleMonFiles updated (1)
Unchanged files (19)
Total files change +555B +0.03% Groups updated (1)
Unchanged groups (2)
Final result: ✅ View report in BundleMon website ➡️ |
| flag('drive.pdf-editor.enabled') | ||
| flag('sharing.auto-open-settings.enabled') | ||
| flag('sharing.generate-link-button.enabled') | ||
| flag('drive.sign.enabled') |
There was a problem hiding this comment.
to be removed. I think this file doesn't work well ATM.
| signWithEuDss, | ||
| verifyWithEuDss, |
There was a problem hiding this comment.
I'll not do a refactoring right now. But this file needs a cleanup for sure!
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/modules/actions/helpers/euDss.js`:
- Around line 37-63: The function containing the return statement at line 37
allows null to be returned when the shortcode is missing, which then gets passed
to buildCallbackUrl and serialized as token=null in the URL parameters, creating
an invalid deeplink. Instead of returning null in the shortcode extraction
logic, throw an error to fail immediately when the callback token cannot be
created. This ensures the null value never reaches buildCallbackUrl and allows
proper error handling in buildEuDssDeeplink.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 79a73f98-e765-48a2-9480-097260907627
📒 Files selected for processing (9)
src/lib/flags.jssrc/locales/en.jsonsrc/locales/fr.jsonsrc/modules/actions/helpers/euDss.jssrc/modules/actions/helpers/euDss.spec.jssrc/modules/actions/index.jssrc/modules/actions/signWithEuDss.jsxsrc/modules/actions/verifyWithEuDss.jsxsrc/modules/views/Drive/DriveFolderView.jsx
| return permission.attributes?.shortcodes?.code ?? null | ||
| } | ||
|
|
||
| // Files inside a shared drive live behind the /sharings/drives/<driveId> | ||
| // proxy, so writing the result back must target that route instead of the | ||
| // member's own VFS (which does not hold the document). | ||
| const getFilesApiPrefix = file => | ||
| file.driveId ? `/sharings/drives/${file.driveId}/files` : '/files' | ||
|
|
||
| // cozy-stack only authenticates via the Authorization header, never a query | ||
| // param. The token is passed in the URL by convention: the eu-dss desktop app | ||
| // reads it and replays it as a Bearer header on its POST to the callback. | ||
| const buildCallbackUrl = (client, file, operation, token) => { | ||
| const stackUri = client.getStackClient().uri | ||
| const params = new URLSearchParams({ | ||
| Type: 'file', | ||
| Name: getCallbackFileName(file, operation), | ||
| token | ||
| }) | ||
| return `${stackUri}${getFilesApiPrefix(file)}/${file.dir_id}?${params}` | ||
| } | ||
|
|
||
| export const buildEuDssDeeplink = async (client, file, operation) => { | ||
| const docUrl = await fetchPublicDownloadUrl(client, file) | ||
| const token = await fetchCallbackToken(client, file) | ||
| const callbackUrl = buildCallbackUrl(client, file, operation, token) | ||
|
|
There was a problem hiding this comment.
Fail fast when callback token creation does not return a shortcode.
Line 37 can return null, and then Line 54 serializes it as token=null, producing a deeplink that will fail later during the EU-DSS callback. Throwing here gives a deterministic failure path and lets the action fallback alert handle it cleanly.
Suggested fix
const fetchCallbackToken = async (client, file) => {
const { data: permission } = await client
.collection(DOCTYPE_PERMISSIONS)
.createSharingLink(
{ _id: file.dir_id, _type: DOCTYPE_FILES },
{ verbs: ['POST'], ttl: CALLBACK_PERMISSION_TTL }
)
- return permission.attributes?.shortcodes?.code ?? null
+ const code = permission.attributes?.shortcodes?.code
+ if (!code) {
+ throw new Error('Unable to create EU-DSS callback token')
+ }
+ return code
}🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/modules/actions/helpers/euDss.js` around lines 37 - 63, The function
containing the return statement at line 37 allows null to be returned when the
shortcode is missing, which then gets passed to buildCallbackUrl and serialized
as token=null in the URL parameters, creating an invalid deeplink. Instead of
returning null in the shortcode extraction logic, throw an error to fail
immediately when the callback token cannot be created. This ensures the null
value never reaches buildCallbackUrl and allows proper error handling in
buildEuDssDeeplink.
Add "Sign" and "Verify signature" entries to the file "..." menu, gated behind the drive.sign.enabled flag. Each builds an eudss:// deeplink with a short-lived public download link as doc_url and a cozy-stack write callback carrying a short-ttl permission token, then hands off to the EU-DSS desktop app.
A shared drive document is not in the member's own VFS, so the write callback must target /sharings/drives/<driveId>/files instead of /files.
There was a problem hiding this comment.
Gates Failed
Prevent hotspot decline
(1 hotspot with Complex Method)
Our agent can fix these. Install it.
Gates Passed
2 Quality Gates Passed
Reason for failure
| Prevent hotspot decline | Violations | Code Health Impact | |
|---|---|---|---|
| DriveFolderView.jsx | 1 rule in this hotspot | 9.08 → 9.07 | Suppress |
Quality Gate Profile: The Bare Minimum
Install CodeScene MCP: safeguard and uplift AI-generated code. Catch issues early with our IDE extension and CLI tool.
Summary
drive.sign.enabledflag.eudss://deeplink with a short-lived public download link asdoc_urland a cozy-stack write callback carrying a short-ttl permission token./sharings/drives/<driveId>/fileswhen the document belongs to a shared drive.Summary by CodeRabbit
New Features