Skip to content

Passthru max UID #743

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
abnegate merged 4 commits into from
Oct 20, 2025
Merged

Passthru max UID #743

abnegate merged 4 commits into from
Oct 20, 2025

Conversation

@abnegate
Copy link
Member

@abnegate abnegate commented Oct 20, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Bug Fixes

    • Enforced consistent UID length validation across database operations (find, count, sum, update, delete).
    • Reduced the default maximum UID/identifier length from 255 to 36 characters.

  • Chores

    • Applied the new UID length constraint uniformly across validators and initialization points.

  • Tests

    • Updated unit tests and error messages to reflect the 36-character UID/identifier limit.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Oct 20, 2025
edited
Loading

Walkthrough

Propagates adapter-derived max UID length into document query validators and constructors; introduces public Database::MAX_UID_DEFAULT_LENGTH = 36; updates UID/Key/Label/Cursor defaults to use the constant and refactors Key to use PHP 8 promoted readonly constructor properties.

Changes

Cohort / File(s) Summary
Database entrypoint
src/Database/Database.php		 Adds public MAX_UID_DEFAULT_LENGTH = 36; passes $this->adapter->getMaxUIDLength() into DocumentsValidator initializations (updateDocuments, deleteDocuments, find, count, sum).
Documents query validator
src/Database/Validator/Queries/Documents.php		 Adds int $maxUIDLength = Database::MAX_UID_DEFAULT_LENGTH parameter to constructor and forwards it to Cursor validator; updates docblocks and exception type.
Cursor query validator
src/Database/Validator/Query/Cursor.php		 Adds constructor private readonly int $maxLength = Database::MAX_UID_DEFAULT_LENGTH; uses $this->maxLength when creating UID validator and validating cursors.
UID validator
src/Database/Validator/UID.php		 Changes default constructor param to Database::MAX_UID_DEFAULT_LENGTH (was 255); imports Utopia\Database\Database.
Key/Label validators
src/Database/Validator/Key.php, src/Database/Validator/Label.php		 Key refactored to use PHP 8 promoted protected readonly properties for $allowInternal and $maxLength; both Key and Label default maxLength to Database::MAX_UID_DEFAULT_LENGTH (was 255).
Tests
tests/unit/Validator/PermissionsTest.php, tests/unit/Validator/KeyTest.php, tests/unit/Validator/LabelTest.php		 Updated test inputs and expected error messages to reflect 36-char max length instead of 255 across identifier/key/label/dimension validations.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant DB as Database
    participant Adapter as Adapter
    participant DV as DocumentsValidator
    participant CV as CursorValidator
    participant UV as UIDValidator

    DB->>Adapter: getMaxUIDLength()
    Adapter-->>DB: maxUIDLength
    DB->>DV: new DocumentsValidator(..., maxUIDLength)
    DV->>CV: new Cursor(maxUIDLength)
    CV->>UV: new UID(maxLength)
    CV->>UV: validate(cursorId)
    note right of UV #DFF2E1: UID validation uses maxLength (36 by default)
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

Suggested reviewers

  • ArnabChatterjee20k
  • fogelito

Poem

🐇 I hopped through code with careful cheer,
Thirty-six hops now keep IDs clear,
Promoted props snug, validators tight,
Small bounds, firm checks — I twitched with delight,
🥕✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The title "Passthru max UID" is directly related to the main change in the changeset. The pull request's primary objective is to propagate a max UID length parameter through the validator chain, from the Database class through multiple validator constructors (Key, UID, Label, Cursor, and Documents). The term "passthru" accurately describes this parameter passing behavior. The title is concise, specific, and clearly communicates the core change without unnecessary details or vague terminology. A developer reviewing the repository history would understand that this PR involves propagating UID length constraints through the system.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch feat-mongodb

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Oct 20, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
src/Database/Validator/UID.php (1)

24-24: Fix the property access violation flagged by PHPStan.

The $maxLength property in the parent Key class is now private readonly, which prevents access from child classes. Line 24 attempts to access $this->maxLength, causing the PHPStan error reported in the pipeline.

Solution: Change the property visibility in Key.php from private to protected:

In src/Database/Validator/Key.php, apply this diff:

 public function __construct(
     private readonly bool $allowInternal = false,
-    private readonly int $maxLength = 36,
+    protected readonly int $maxLength = 36,
 ) {
📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d41fd56 and 9be8e29.

📒 Files selected for processing (5)
  • src/Database/Database.php (5 hunks)
  • src/Database/Validator/Key.php (3 hunks)
  • src/Database/Validator/Queries/Documents.php (2 hunks)
  • src/Database/Validator/Query/Cursor.php (2 hunks)
  • src/Database/Validator/UID.php (1 hunks)
🧰 Additional context used
🧬 Code graph analysis (5)
src/Database/Validator/UID.php (3)
src/Database/Validator/Key.php (1)
  • __construct (26-31)
src/Database/Validator/Queries/Documents.php (1)
  • __construct (27-79)
src/Database/Validator/Query/Cursor.php (1)
  • __construct (11-13)
src/Database/Validator/Queries/Documents.php (4)
src/Database/Validator/Query/Cursor.php (2)
  • __construct (11-13)
  • Cursor (9-55)
src/Database/Validator/UID.php (1)
  • __construct (10-13)
src/Database/Validator/Index.php (1)
  • __construct (33-54)
src/Database/Validator/Query/Filter.php (1)
  • __construct (28-39)
src/Database/Database.php (4)
src/Database/Adapter/SQL.php (1)
  • getMaxUIDLength (1888-1891)
src/Database/Adapter.php (1)
  • getMaxUIDLength (883-883)
src/Database/Adapter/Pool.php (1)
  • getMaxUIDLength (313-316)
src/Database/Adapter/Mongo.php (1)
  • getMaxUIDLength (3100-3103)
src/Database/Validator/Query/Cursor.php (3)
src/Database/Validator/Key.php (1)
  • __construct (26-31)
src/Database/Validator/Queries/Documents.php (1)
  • __construct (27-79)
src/Database/Validator/UID.php (2)
  • __construct (10-13)
  • UID (5-26)
src/Database/Validator/Key.php (4)
src/Database/Validator/Queries/Documents.php (1)
  • __construct (27-79)
src/Database/Validator/Query/Cursor.php (1)
  • __construct (11-13)
src/Database/Validator/UID.php (1)
  • __construct (10-13)
src/Database/Validator/Index.php (1)
  • __construct (33-54)
🪛 GitHub Actions: CodeQL
src/Database/Validator/UID.php

[error] 24-24: PHPStan: Access to private property $maxLength of parent class Utopia\Database\Validator\Key.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Setup & Build Docker Image
🔇 Additional comments (11)
src/Database/Validator/Query/Cursor.php (2)

11-13: LGTM! Clean use of promoted constructor properties.

The constructor properly uses PHP 8.0+ promoted properties with readonly modifier, ensuring immutability and reducing boilerplate. The default maxLength of 36 aligns with the other validators in this PR.

40-40: LGTM! Properly propagates maxLength to UID validator.

The change correctly passes the configured maxLength to the UID validator, enabling dynamic UID length constraints as intended by this PR.

src/Database/Validator/UID.php (1)

10-10: No breaking change impact detected in codebase.

The only UID instantiation (Cursor.php:40) explicitly passes $this->maxLength, so the default parameter change has no actual impact on existing code. The Cursor validator and parent Key class both default to 36, indicating the change is already aligned with the codebase design. Database and client code concerns cannot be verified within the repository.

Likely an incorrect or invalid review comment.

src/Database/Database.php (5)

5149-5158: Propagating adapter max UID length in bulk updates is spot on.

Thanks for threading the adapter-specific max UID limit through to DocumentsValidator; it lines up with the updated signature and keeps update validation consistent.

6708-6717: Max UID length now reaches deleteDocuments as expected.

Good call ensuring bulk deletes share the same adapter-driven UID limit, keeping validation in sync with the validator’s new contract.

6911-6919: find pipelines the new max UID limit correctly.

This keeps read-query validation aligned with adapter capabilities and the revised validator expectations.

7141-7149: Count validation now respects the adapter’s UID length.

Passing the adapter-derived limit here matches the validator update and avoids divergent constraints between read paths.

7204-7212: Sum queries also benefit from the adapter-aware UID cap.

Nice to see the validator parameter updated here too—ensures aggregation runs under the same guardrails.

src/Database/Validator/Queries/Documents.php (3)

21-25: Documentation looks good.

The docblock properly documents the new $maxUIDLength parameter, and the exception type is more specific than before.

32-32: Parameter addition is well-designed.

The $maxUIDLength parameter with a default of 36 maintains backward compatibility while enabling configurable max UID length validation. The default aligns with UUID format.

65-65: Correct propagation of max UID length.

The Cursor validator instantiation properly passes the configured $maxUIDLength, ensuring consistent UID validation across the query pipeline.

coderabbitai[bot]
coderabbitai bot reviewed Oct 20, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
tests/unit/Validator/PermissionsTest.php (1)

265-269: Consider using 37 characters for the boundary test.

While the current test with 256 characters is functionally correct, using 37 characters (just one over the limit) would make the boundary test clearer and more targeted.

Apply this diff to improve the boundary test:

-        $this->assertFalse($object->isValid([Permission::read(Role::user(ID::custom(str_repeat('a', 256))))]));
+        $this->assertFalse($object->isValid([Permission::read(Role::user(ID::custom(str_repeat('a', 37))))]));
📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e487b55 and ffdc2b3.

📒 Files selected for processing (1)
  • tests/unit/Validator/PermissionsTest.php (3 hunks)
🧰 Additional context used
🧬 Code graph analysis (1)
tests/unit/Validator/PermissionsTest.php (1)
src/Database/Validator/Label.php (1)
  • isValid (26-38)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)
  • GitHub Check: Adapter Tests (Pool)
  • GitHub Check: Adapter Tests (SharedTables/SQLite)
  • GitHub Check: Adapter Tests (SharedTables/MongoDB)
  • GitHub Check: Adapter Tests (SharedTables/MySQL)
  • GitHub Check: Adapter Tests (Schemaless/MongoDB)
  • GitHub Check: Adapter Tests (MySQL)
  • GitHub Check: Adapter Tests (SharedTables/MariaDB)
  • GitHub Check: Adapter Tests (MariaDB)
  • GitHub Check: Adapter Tests (MongoDB)
  • GitHub Check: Adapter Tests (Mirror)
  • GitHub Check: Adapter Tests (Postgres)
🔇 Additional comments (3)
tests/unit/Validator/PermissionsTest.php (3)

251-263: LGTM! Error messages consistently updated.

The error messages have been correctly updated to reflect the new 36-character limit for role identifiers across user, team, and member roles.

281-293: LGTM! Team permission error messages correctly updated.

The error messages for team identifier and dimension validation have been properly updated to reflect the 36-character limit.

265-269: This review comment is incorrect and should be disregarded.

The breaking change (255 → 36 characters) already exists in the codebase. This PR does not introduce that change; it only updates test assertions to match the current implementation. The constant MAX_UID_DEFAULT_LENGTH = 36 is already set in src/Database/Database.php, and this PR makes no modifications to it.

The test changes simply correct outdated assertions that were still referencing the old 255-character limit. Migration guidance and breaking change documentation, if needed, would apply to whichever earlier commit actually introduced the MAX_UID_DEFAULT_LENGTH = 36 change—not this one.

Likely an incorrect or invalid review comment.

coderabbitai[bot]
coderabbitai bot reviewed Oct 20, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ffdc2b3 and 4a0aea1.

📒 Files selected for processing (2)
  • tests/unit/Validator/KeyTest.php (1 hunks)
  • tests/unit/Validator/LabelTest.php (1 hunks)
🧰 Additional context used
🧬 Code graph analysis (1)
tests/unit/Validator/LabelTest.php (1)
src/Database/Validator/Label.php (1)
  • isValid (26-38)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)
  • GitHub Check: Adapter Tests (SharedTables/SQLite)
  • GitHub Check: Adapter Tests (Mirror)
  • GitHub Check: Adapter Tests (SharedTables/MongoDB)
  • GitHub Check: Adapter Tests (Pool)
  • GitHub Check: Adapter Tests (MySQL)
  • GitHub Check: Adapter Tests (Schemaless/MongoDB)
  • GitHub Check: Adapter Tests (MariaDB)
  • GitHub Check: Adapter Tests (SQLite)
  • GitHub Check: Adapter Tests (MongoDB)
  • GitHub Check: Unit Test

@abnegate abnegate merged commit da0d583 into main Oct 20, 2025
43 of 48 checks passed
@abnegate abnegate deleted the feat-mongodb branch October 20, 2025 13:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@abnegate