bito-code-review[bot] commented on code in PR #37973: URL: https://github.com/apache/superset/pull/37973#discussion_r2908319934
########## superset/migrations/versions/2026-02-14_12-00_f1a2b3c4d5e6_add_fab_api_key_table.py: ########## @@ -0,0 +1,73 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +"""add FAB api key table + +Revision ID: f1a2b3c4d5e6 +Revises: a1b2c3d4e5f6 +Create Date: 2026-02-14 12:00:00.000000 + +""" + +import sqlalchemy as sa +from alembic import op + +# revision identifiers, used by Alembic. +revision = "f1a2b3c4d5e6" +down_revision = "a1b2c3d4e5f6" + + +def upgrade() -> None: + """Create ab_api_key table for FAB API key authentication. + + This table is managed by FAB's SecurityManager. For fresh installs, + FAB's create_all() handles table creation. This migration ensures + existing Superset installs get the table on upgrade. + """ + conn = op.get_bind() + inspector = sa.inspect(conn) + if "ab_api_key" in inspector.get_table_names(): + return + + op.create_table( + "ab_api_key", + sa.Column("id", sa.Integer(), nullable=False), + sa.Column("uuid", sa.String(length=36), nullable=False), + sa.Column("name", sa.String(length=256), nullable=False), + sa.Column("key_hash", sa.String(length=256), nullable=False), + sa.Column("key_prefix", sa.String(length=16), nullable=False), + sa.Column("user_id", sa.Integer(), nullable=False), + sa.Column("scopes", sa.Text(), nullable=True), + sa.Column( + "active", sa.Boolean(), nullable=False, server_default=sa.text("true") Review Comment: <div> <div id="suggestion"> <div id="issue"><b>Incorrect Boolean Default</b></div> <div id="fix"> The server_default for the 'active' column uses sa.text("true"), which may not be correctly interpreted as a boolean true in all database dialects. Use sa.true() for portability across databases like PostgreSQL, MySQL, and SQLite. </div> <details> <summary> <b>Code suggestion</b> </summary> <blockquote>Check the AI-generated fix before applying</blockquote> <div id="code"> ````suggestion "active", sa.Boolean(), nullable=False, server_default=sa.true() ```` </div> </details> </div> <small><i>Code Review Run #482756</i></small> </div> --- Should Bito avoid suggestions like this for future reviews? (<a href=https://alpha.bito.ai/home/ai-agents/review-rules>Manage Rules</a>) - [ ] Yes, avoid them ########## requirements/development.txt: ########## @@ -262,7 +262,7 @@ flask==2.3.3 # flask-sqlalchemy # flask-testing # flask-wtf -flask-appbuilder==5.0.2 +flask-appbuilder @ git+https://github.com/aminghadersohi/Flask-AppBuilder@amin/ch99414/api-key-auth Review Comment: <div> <div id="suggestion"> <div id="issue"><b>Unpinned Git Dependency</b></div> <div id="fix"> The git dependency references a branch that can change, potentially causing non-reproducible builds. Pinning to the commit hash ensures consistent installations. </div> <details> <summary> <b>Code suggestion</b> </summary> <blockquote>Check the AI-generated fix before applying</blockquote> <div id="code"> ````suggestion flask-appbuilder @ git+https://github.com/aminghadersohi/Flask-AppBuilder@84e017b69e7d4984893a09b2776f814e42b65b82 ```` </div> </details> </div> <small><i>Code Review Run #d57b0d</i></small> </div><div> <div id="suggestion"> <div id="issue"><b>Breaking API Key Change</b></div> <div id="fix"> Updating FAB to this commit changes the API key lookup hash from BLAKE2b to scrypt, which will invalidate all existing API keys since the stored lookup_hash values won't match the new computation. This breaks authentication for any users relying on API keys. A migration is required to update the lookup_hash column for existing keys. </div> </div> <small><i>Code Review Run #b35d42</i></small> </div><div> <div id="suggestion"> <div id="issue"><b>Autogenerated file edit</b></div> <div id="fix"> The requirements/development.txt file is autogenerated by uv pip compile, as indicated by the header comment. Directly editing this file can lead to inconsistencies when the file is regenerated. Instead, update the source files (e.g., pyproject.toml or requirements/base.in) and regenerate the requirements. Additionally, the constraint file requirements/base-constraint.txt referenced in the autogeneration command does not exist, which would cause regeneration to fail. </div> </div> <small><i>Code Review Run #482756</i></small> </div> --- Should Bito avoid suggestions like this for future reviews? (<a href=https://alpha.bito.ai/home/ai-agents/review-rules>Manage Rules</a>) - [ ] Yes, avoid them -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
