feature: add collection management and related links functionality#443
feature: add collection management and related links functionality#443
Conversation
Summary of ChangesHello @robfrank, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly enhances the application by introducing robust collection management and a new related links discovery feature. Users can now organize their links into custom collections, including dynamic 'smart' collections, and easily find other links that are contextually similar based on shared domains or tags. These additions involve comprehensive changes across the application's layers, from new API endpoints and business logic to an expanded graph database schema. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
🧪 CI InsightsHere's what we observed from your CI run for d4ce047. 🟢 All jobs passed!But CI Insights is watching 👀 |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds collection management and related links functionality, which is a great enhancement. The code is generally well-structured and follows the existing hexagonal architecture. However, I've identified a few issues that need attention. There are several duplicate imports and some code duplication in the Application class. The new controllers contain redundant authentication checks that should be removed. Most importantly, there is a critical bug in the SQL query for fetching related links that will cause it to fail, and a high-severity issue with using an incorrect permission for creating collections. I've provided detailed comments and suggestions for each of these points.
src/main/java/it/robfrank/linklift/adapter/out/persitence/ArcadeLinkRepository.java
Show resolved
Hide resolved
| // Initialize Collection and Related Links components | ||
| ArcadeCollectionRepository collectionRepository = new ArcadeCollectionRepository(database); | ||
| CollectionPersistenceAdapter collectionPersistenceAdapter = new CollectionPersistenceAdapter(collectionRepository); | ||
| CreateCollectionUseCase createCollectionUseCase = new CreateCollectionService(collectionPersistenceAdapter); | ||
| GetRelatedLinksUseCase getRelatedLinksUseCase = new GetRelatedLinksService(linkPersistenceAdapter); | ||
|
|
||
| CollectionController collectionController = new CollectionController(createCollectionUseCase); | ||
| GetRelatedLinksController getRelatedLinksController = new GetRelatedLinksController(getRelatedLinksUseCase); | ||
|
|
There was a problem hiding this comment.
This block of initialization logic is duplicated in the start(int port) method (lines 292-300). This extends an existing code duplication issue in the Application class. To improve maintainability and reduce redundancy, consider refactoring the entire dependency injection setup into a private helper method that can be called from both main and start.
src/main/java/it/robfrank/linklift/adapter/in/web/CollectionController.java
Show resolved
Hide resolved
| if (userId == null) { | ||
| ctx.status(401).json(ErrorResponse.builder().status(401).message("Unauthorized").build()); | ||
| return; | ||
| } |
There was a problem hiding this comment.
This userId == null check is redundant. The RequireAuthentication handler is configured for this endpoint in WebBuilder, and it already ensures that an authenticated user exists. If userId were null, the RequireAuthentication handler would have already thrown an AuthenticationException, preventing this code from being reached. Removing this check will make the code cleaner and align better with the framework's security mechanisms.
src/main/java/it/robfrank/linklift/adapter/out/persitence/ArcadeLinkRepository.java
Outdated
Show resolved
Hide resolved
Coverage summary from CodacySee diff coverage on Codacy
Coverage variation details
Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: Diff coverage details
Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: See your quality gate settings Change summary preferencesFootnotes
|
[//]: # (dependabot-start)⚠️ \*\*Dependabot is rebasing this PR\*\*⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps the github-actions group with 3 updates: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action), [github/codeql-action](https://github.com/github/codeql-action) and [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `docker/setup-buildx-action` from 3.11.1 to 3.12.0 Release notes *Sourced from [docker/setup-buildx-action's releases](https://github.com/docker/setup-buildx-action/releases).* > v3.12.0 > ------- > > * Deprecate `install` input by [`@crazy-max`](https://github.com/crazy-max) in [docker/setup-buildx-action#455](https://github.com/docker/setup-buildx-action/pull/455) > * Bump `@docker/actions-toolkit` from 0.62.1 to 0.63.0 in [docker/setup-buildx-action#434](https://github.com/docker/setup-buildx-action/pull/434) > * Bump brace-expansion from 1.1.11 to 1.1.12 in [docker/setup-buildx-action#436](https://github.com/docker/setup-buildx-action/pull/436) > * Bump form-data from 2.5.1 to 2.5.5 in [docker/setup-buildx-action#432](https://github.com/docker/setup-buildx-action/pull/432) > * Bump undici from 5.28.4 to 5.29.0 in [docker/setup-buildx-action#435](https://github.com/docker/setup-buildx-action/pull/435) > > **Full Changelog**: <docker/setup-buildx-action@v3.11.1...v3.12.0> Commits * [`8d2750c`](docker/setup-buildx-action@8d2750c) Merge pull request [#455](https://github.com/docker/setup-buildx-action/issues/455) from crazy-max/install-deprecated * [`e81846b`](docker/setup-buildx-action@e81846b) deprecate install input * [`65d18f8`](docker/setup-buildx-action@65d18f8) Merge pull request [#454](https://github.com/docker/setup-buildx-action/issues/454) from docker/dependabot/github\_actions/actions/checkout-6 * [`000d75d`](docker/setup-buildx-action@000d75d) build(deps): bump actions/checkout from 5 to 6 * [`1583c0f`](docker/setup-buildx-action@1583c0f) Merge pull request [#443](https://github.com/docker/setup-buildx-action/issues/443) from nicolasleger/patch-1 * [`ed158e7`](docker/setup-buildx-action@ed158e7) doc: bump actions/checkout from 4 to 5 * [`4cc794f`](docker/setup-buildx-action@4cc794f) Merge pull request [#441](https://github.com/docker/setup-buildx-action/issues/441) from docker/dependabot/github\_actions/actions/checkout-5 * [`4dfc3d6`](docker/setup-buildx-action@4dfc3d6) build(deps): bump actions/checkout from 4 to 5 * [`af1b253`](docker/setup-buildx-action@af1b253) Merge pull request [#440](https://github.com/docker/setup-buildx-action/issues/440) from crazy-max/k3s-build * [`3c6ab92`](docker/setup-buildx-action@3c6ab92) ci: k3s test with latest buildx * Additional commits viewable in [compare view](docker/setup-buildx-action@e468171...8d2750c) Updates `github/codeql-action` from 4.31.8 to 4.31.9 Release notes *Sourced from [github/codeql-action's releases](https://github.com/github/codeql-action/releases).* > v4.31.9 > ------- > > CodeQL Action Changelog > ======================= > > See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. > > 4.31.9 - 16 Dec 2025 > -------------------- > > No user facing changes. > > See the full [CHANGELOG.md](https://github.com/github/codeql-action/blob/v4.31.9/CHANGELOG.md) for more information. Changelog *Sourced from [github/codeql-action's changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md).* > CodeQL Action Changelog > ======================= > > See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. > > [UNRELEASED] > ------------ > > No user facing changes. > > 4.31.9 - 16 Dec 2025 > -------------------- > > No user facing changes. > > 4.31.8 - 11 Dec 2025 > -------------------- > > * Update default CodeQL bundle version to 2.23.8. [#3354](https://github.com/github/codeql-action/pull/3354) > > 4.31.7 - 05 Dec 2025 > -------------------- > > * Update default CodeQL bundle version to 2.23.7. [#3343](https://github.com/github/codeql-action/pull/3343) > > 4.31.6 - 01 Dec 2025 > -------------------- > > No user facing changes. > > 4.31.5 - 24 Nov 2025 > -------------------- > > * Update default CodeQL bundle version to 2.23.6. [#3321](https://github.com/github/codeql-action/pull/3321) > > 4.31.4 - 18 Nov 2025 > -------------------- > > No user facing changes. > > 4.31.3 - 13 Nov 2025 > -------------------- > > * CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see [Upcoming deprecation of CodeQL Action v3](https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/). > * Update default CodeQL bundle version to 2.23.5. [#3288](https://github.com/github/codeql-action/pull/3288) > > 4.31.2 - 30 Oct 2025 > -------------------- > > No user facing changes. > > 4.31.1 - 30 Oct 2025 > -------------------- > > * The `add-snippets` input has been removed from the `analyze` action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced. > > 4.31.0 - 24 Oct 2025 > -------------------- > > * Bump minimum CodeQL bundle version to 2.17.6. [#3223](https://github.com/github/codeql-action/pull/3223) > * When SARIF files are uploaded by the `analyze` or `upload-sarif` actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the `upload-sarif` action. For `analyze`, this may affect Advanced Setup for CodeQL users who specify a value other than `always` for the `upload` input. [#3222](https://github.com/github/codeql-action/pull/3222) ... (truncated) Commits * [`5d4e8d1`](github/codeql-action@5d4e8d1) Merge pull request [#3371](https://github.com/github/codeql-action/issues/3371) from github/update-v4.31.9-998798e34 * [`1dc115f`](github/codeql-action@1dc115f) Update changelog for v4.31.9 * [`998798e`](github/codeql-action@998798e) Merge pull request [#3352](https://github.com/github/codeql-action/issues/3352) from github/nickrolfe/jar-min-ff-cleanup * [`5eb7519`](github/codeql-action@5eb7519) Merge pull request [#3358](https://github.com/github/codeql-action/issues/3358) from github/henrymercer/database-upload-telemetry * [`d29eddb`](github/codeql-action@d29eddb) Extract version number to constant * [`e962687`](github/codeql-action@e962687) Merge branch 'main' into henrymercer/database-upload-telemetry * [`19c7f96`](github/codeql-action@19c7f96) Rename `isOverlayBase` * [`ae5de9a`](github/codeql-action@ae5de9a) Use `getErrorMessage` in log too * [`0cb8633`](github/codeql-action@0cb8633) Prefer `performance.now()` * [`c07cc0d`](github/codeql-action@c07cc0d) Merge pull request [#3351](https://github.com/github/codeql-action/issues/3351) from github/henrymercer/ghec-dr-determine-tools-vers... * Additional commits viewable in [compare view](github/codeql-action@1b168cd...5d4e8d1) Updates `ruby/setup-ruby` from 1.270.0 to 1.275.0 Release notes *Sourced from [ruby/setup-ruby's releases](https://github.com/ruby/setup-ruby/releases).* > v1.275.0 > -------- > > What's Changed > -------------- > > * Skip saving cache for merge\_group event by [`@ntkme`](https://github.com/ntkme) in [ruby/setup-ruby#812](https://github.com/ruby/setup-ruby/pull/812) > > **Full Changelog**: <ruby/setup-ruby@v1.274.0...v1.275.0> > > v1.274.0 > -------- > > What's Changed > -------------- > > * Fix rubyinstaller2 urls for latest release by [`@zenspider`](https://github.com/zenspider) in [ruby/setup-ruby#842](https://github.com/ruby/setup-ruby/pull/842) > > New Contributors > ---------------- > > * [`@zenspider`](https://github.com/zenspider) made their first contribution in [ruby/setup-ruby#842](https://github.com/ruby/setup-ruby/pull/842) > > **Full Changelog**: <ruby/setup-ruby@v1.273.0...v1.274.0> > > v1.273.0 > -------- > > What's Changed > -------------- > > * Update CRuby releases on Windows by [`@ruby-builder-bot`](https://github.com/ruby-builder-bot) in [ruby/setup-ruby#840](https://github.com/ruby/setup-ruby/pull/840) > > **Full Changelog**: <ruby/setup-ruby@v1.272.0...v1.273.0> > > v1.272.0 > -------- > > What's Changed > -------------- > > * Add ruby-4.0.0-preview3 by [`@ruby-builder-bot`](https://github.com/ruby-builder-bot) in [ruby/setup-ruby#839](https://github.com/ruby/setup-ruby/pull/839) > > **Full Changelog**: <ruby/setup-ruby@v1.271.0...v1.272.0> > > v1.271.0 > -------- > > What's Changed > -------------- > > * Add ruby-3.4.8 by [`@ruby-builder-bot`](https://github.com/ruby-builder-bot) in [ruby/setup-ruby#838](https://github.com/ruby/setup-ruby/pull/838) > > **Full Changelog**: <ruby/setup-ruby@v1.270.0...v1.271.0> Commits * [`d354de1`](ruby/setup-ruby@d354de1) Skip saving cache for merge\_group event * [`ed55d55`](ruby/setup-ruby@ed55d55) Fix rubyinstaller2 urls for latest release * [`a25f1e4`](ruby/setup-ruby@a25f1e4) Update CRuby releases on Windows * [`211ffaa`](ruby/setup-ruby@211ffaa) Add ruby-4.0.0-preview3 * [`f8d7259`](ruby/setup-ruby@f8d7259) Add ruby-3.4.8 * See full diff in [compare view](ruby/setup-ruby@ac793fd...d354de1) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
1 participant
No description provided.