Environment variables in admin panel (read only) - backend #9943
+1,687
−234
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
PR Summary
This PR implements a secure environment variables management system in the admin panel, allowing read-only access to configuration settings with proper grouping and sensitive data handling.
- Added
getEnvironmentVariablesGroupedGraphQL query with authentication guards and sensitivity control inadmin-panel.resolver.ts - Introduced
@EnvironmentVariablesMetadatadecorator inenvironment-variables-metadata.decorator.tsfor organizing variables with groups, descriptions, and sensitivity flags - Created hierarchical DTOs in
environment-variables.output.tsto structure variables into logical groups and subgroups - Added
getAllmethod inenvironment.service.tswith secure handling of sensitive values through masking - Organized environment variables into clear categories with
EnvironmentVariablesGroupandEnvironmentVariablesSubGroupenums
11 file(s) reviewed, 13 comment(s)
Edit PR Review Bot Settings | Greptile
packages/twenty-server/src/engine/core-modules/admin-panel/admin-panel.resolver.ts
Outdated
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/admin-panel/admin-panel.service.ts
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/admin-panel/admin-panel.service.ts
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/admin-panel/dtos/environment-variables.output.ts
Outdated
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/admin-panel/dtos/environment-variables.output.ts
Outdated
Show resolved
Hide resolved
...nty-server/src/engine/core-modules/environment/enums/environment-variables-sub-group.enum.ts
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/environment/environment-variables.ts
Outdated
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/environment/environment-variables.ts
Outdated
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/environment/environment-variables.ts
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/environment/environment.service.ts
Outdated
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/admin-panel/admin-panel.service.ts
Outdated
Show resolved
Hide resolved
...r/src/engine/core-modules/environment/decorators/environment-variables-metadata.decorator.ts
Outdated
Show resolved
Hide resolved
...r/src/engine/core-modules/environment/decorators/environment-variables-metadata.decorator.ts
Outdated
Show resolved
Hide resolved
...r/src/engine/core-modules/environment/decorators/environment-variables-metadata.decorator.ts
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
PR Summary
(updates since last review)
This PR continues the implementation of the environment variables management system in the admin panel. Here are the key new changes since the last review:
- Added frontend GraphQL types in
graphql.tsxfor environment variables querying and display - Integrated
useGetEnvironmentVariablesGroupedQueryhook inSettingsAdminContent.tsxfor fetching environment data - Implemented masking strategies in
environment-variable-mask-sensitive-data.util.tsfor secure handling of sensitive values - Added typed reflection support in
typed-reflect.tsfor environment variable metadata handling
A few important points to note:
- There's a debug
console.loginSettingsAdminContent.tsxthat should be removed before merging - The UI implementation for displaying the environment variables is not yet complete
- The validator in the environment variables metadata decorator always returns true without validation
The changes maintain the secure and organized approach established in the previous review while adding the necessary frontend infrastructure.
18 file(s) reviewed, 18 comment(s)
Edit PR Review Bot Settings | Greptile
packages/twenty-front/src/modules/settings/admin-panel/components/SettingsAdminContent.tsx
Outdated
Show resolved
Hide resolved
packages/twenty-front/src/modules/settings/admin-panel/components/SettingsAdminContent.tsx
Outdated
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/admin-panel/admin-panel.resolver.ts
Show resolved
Hide resolved
...nty-front/src/modules/settings/admin-panel/graphql/queries/getEnvironmentVariablesGrouped.ts
Outdated
Show resolved
Hide resolved
...nty-front/src/modules/settings/admin-panel/graphql/queries/getEnvironmentVariablesGrouped.ts
Outdated
Show resolved
Hide resolved
Comment on lines
41
to
45
| const allEnvVarNames = | ||
| Reflect.getMetadata( | ||
| ENVIRONMENT_VARIABLES_METADATA_DECORATOR_NAMES_KEY, | ||
| EnvironmentVariables, | ||
| ) || []; |
There was a problem hiding this comment.
style: Consider caching the metadata result since it won't change during runtime and reflection operations are expensive
Comment on lines
64
to
67
| const varMaskingConfig = | ||
| ENVIRONMENT_VARIABLES_MASKING_CONFIG[ | ||
| key as keyof typeof ENVIRONMENT_VARIABLES_MASKING_CONFIG | ||
| ]; |
There was a problem hiding this comment.
style: Add error handling for invalid masking config access. TypeScript casting doesn't guarantee runtime safety
...r/src/engine/core-modules/environment/utils/environment-variable-mask-sensitive-data.util.ts
Outdated
Show resolved
Hide resolved
...r/src/engine/core-modules/environment/utils/environment-variable-mask-sensitive-data.util.ts
Outdated
Show resolved
Hide resolved
Comment on lines
+19
to
+29
| const url = new URL(value); | ||
|
|
||
| if (url.password) { | ||
| url.password = '********'; | ||
| } | ||
| if (url.username) { | ||
| url.username = '********'; | ||
| } | ||
|
|
||
| return url.toString(); | ||
| } catch { |
There was a problem hiding this comment.
logic: URL parsing silently returns unmasked value on invalid URLs. This could expose sensitive data if the string contains credentials but isn't a valid URL. Consider additional validation.
martmull
reviewed
Jan 31, 2025
packages/twenty-server/src/engine/core-modules/admin-panel/admin-panel.service.ts
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/admin-panel/dtos/environment-variables.output.ts
Outdated
Show resolved
Hide resolved
...server/src/engine/core-modules/environment/constants/environment-variables-group-position.ts
Show resolved
Hide resolved
...server/src/engine/core-modules/environment/constants/environment-variables-masking-config.ts
Outdated
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/environment/environment.service.ts
Show resolved
Hide resolved
...r/src/engine/core-modules/environment/utils/environment-variable-mask-sensitive-data.util.ts
Show resolved
Hide resolved
...r/src/engine/core-modules/environment/utils/environment-variable-mask-sensitive-data.util.ts
Outdated
Show resolved
Hide resolved
| } | ||
|
|
||
| default: | ||
| return value; |
There was a problem hiding this comment.
It shouldn't in this case !? If that env var is not in maskConfig it will return its value
FelixMalfait
reviewed
Feb 2, 2025
FelixMalfait
reviewed
Feb 2, 2025
...nty-front/src/modules/settings/admin-panel/graphql/queries/getEnvironmentVariablesGrouped.ts
Outdated
Show resolved
Hide resolved
FelixMalfait
reviewed
Feb 2, 2025
.../twenty-server/src/engine/core-modules/environment/enums/environment-variables-group.enum.ts
Show resolved
Hide resolved
FelixMalfait
approved these changes
Feb 2, 2025
martmull
reviewed
Feb 3, 2025
packages/twenty-server/src/engine/core-modules/admin-panel/admin-panel.spec.ts
Show resolved
Hide resolved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backend for twentyhq/core-team-issues#293
POC - #9903