Rob 1369 relay websocket authentication

[moshemorad]

Summary by CodeRabbit

• New Features

  • Added session token management with caching for improved authentication handling.
  • Introduced a method to retrieve robusta sinks for enhanced configuration options.

• Refactor

  • Updated receiver creation logic to ensure proper initialization after configuration updates.
  • Improved type annotations for better type safety and clarity.

• Style

  • Enhanced logging for missing configuration scenarios.

[coderabbitai]

Walkthrough

The changes introduce session token management in the Supabase data access layer, update the receiver to support token-based authentication, and enhance configuration handling to integrate these tokens. Type annotations and utility methods are improved for type safety and maintainability. Receiver instantiation is refactored to depend on available robusta sinks and their session tokens.

Changes

File(s)	Change Summary
src/robusta/core/sinks/robusta/dal/supabase_dal.py	Added session token management with caching and persistence; updated sign_in to return user ID.
src/robusta/integrations/receiver.py	Modified ActionRequestReceiver to accept and use an auth_token for WebSocket authentication.
src/robusta/model/config.py	Added get_robusta_sinks method; improved type annotations for receiver-related attributes and methods.
src/robusta/runner/config_loader.py	Refactored receiver creation to use session tokens from robusta sinks; deferred receiver reload timing.

Sequence Diagram(s)

sequenceDiagram
    participant ConfigLoader
    participant Registry
    participant SinksRegistry
    participant RobustaSink
    participant SupabaseDal
    participant ActionRequestReceiver

    ConfigLoader->>SinksRegistry: get_robusta_sinks()
    SinksRegistry->>RobustaSink: (iterate robusta sinks)
    RobustaSink->>SupabaseDal: get_session_token()
    SupabaseDal->>SupabaseDal: (check cache or create token)
    SupabaseDal-->>RobustaSink: session_token
    ConfigLoader->>ActionRequestReceiver: __init__(event_handler, auth_token=session_token)
    ConfigLoader->>Registry: set_receiver(ActionRequestReceiver)

Loading

sequenceDiagram
    participant ActionRequestReceiver
    participant WebSocketServer

    ActionRequestReceiver->>WebSocketServer: on_open (send auth payload with token)
    WebSocketServer-->>ActionRequestReceiver: (authenticate using provided token)

Loading

✨ Finishing Touches

• 📝 Generate Docstrings

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/robusta/core/sinks/robusta/dal/supabase_dal.py (1)

5-11: Clean import additions for session token functionality.

The new imports support the session token management features: threading for locks, cachetools for TTL caching, and uuid4 for token generation.

However, there's an unused import that should be removed:

-from typing import Any, Dict, List, Optional, Tuple
+from typing import Any, Dict, List, Optional

🧰 Tools

🪛 Ruff (0.11.9)

7-7: typing.Tuple imported but unused

Remove unused import: typing.Tuple

(F401)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d6bcac1 and b28c575.

📒 Files selected for processing (4)

• src/robusta/core/sinks/robusta/dal/supabase_dal.py (5 hunks)
• src/robusta/integrations/receiver.py (2 hunks)
• src/robusta/model/config.py (4 hunks)
• src/robusta/runner/config_loader.py (3 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (2)

src/robusta/integrations/receiver.py (3)

src/robusta/core/playbooks/playbooks_event_handler.py (2)

• PlaybooksEventHandler (11-83)
• get_global_config (50-52)

src/robusta/core/playbooks/playbooks_event_handler_impl.py (1)

• get_global_config (334-335)

src/robusta/utils/auth_provider.py (1)

• AuthProvider (11-54)

src/robusta/runner/config_loader.py (3)

src/robusta/model/config.py (3)

• get_sinks (196-197)
• get_robusta_sinks (40-41)
• set_receiver (205-206)

src/robusta/core/sinks/robusta/dal/supabase_dal.py (1)

• get_session_token (765-772)

src/robusta/integrations/receiver.py (1)

• ActionRequestReceiver (78-414)

🪛 Ruff (0.11.9)

src/robusta/core/sinks/robusta/dal/supabase_dal.py

7-7: typing.Tuple imported but unused

Remove unused import: typing.Tuple

(F401)

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: run_tests
• GitHub Check: run_tests
• GitHub Check: Deploy docs

🔇 Additional comments (13)

src/robusta/integrations/receiver.py (2)

79-79: LGTM! Clean integration of authentication token.

The constructor signature change and token storage are implemented correctly. The auth_token parameter is properly stored as an instance variable for use in WebSocket authentication.

Also applies to: 86-86

---

295-295: Excellent! Token correctly included in WebSocket authentication payload.

The auth_token is properly included in the authentication payload sent when the WebSocket connection opens, completing the authentication flow.

src/robusta/runner/config_loader.py (3)

89-89: Good refactoring to delegate receiver creation.

The extraction of receiver creation logic into a separate method improves code organization and maintainability.

Also applies to: 98-98

---

100-112: Excellent implementation of session token-based receiver creation.

The implementation correctly:

• Checks for robusta sinks availability before proceeding
• Gracefully handles the case when no robusta sinks are configured
• Retrieves the session token from the first available robusta sink
• Creates the receiver with proper authentication

The logic flow is sound and follows defensive programming practices.

---

264-264: Proper initialization order maintained.

Moving the receiver reload to after sinks, actions, and playbooks are configured ensures that all dependencies are properly initialized before the receiver attempts to use them.

src/robusta/model/config.py (3)

12-12: Import addition supports new functionality.

The RobustaSink import is correctly added to support the new filtering method.

---

40-41: Useful utility method for filtering robusta sinks.

This method provides a clean way to retrieve only robusta sinks from the registry, which is essential for the session token retrieval logic in the config loader.

---

166-166: Improved type safety with Optional annotation.

The type annotation correctly reflects that the receiver may be None, improving type safety and making the optional nature explicit in the interface.

Also applies to: 208-208

src/robusta/core/sinks/robusta/dal/supabase_dal.py (5)

56-56: Appropriate table constant for session tokens.

The SESSION_TOKENS_TABLE constant follows the existing naming convention and clearly identifies the database table for authentication tokens.

---

84-84: Excellent initialization of session token infrastructure.

The initialization properly:

• Stores the user ID from sign-in for token creation
• Sets up TTL cache with configurable timeout (23 hours default)
• Initializes threading lock for thread-safe token operations

The configurable TTL via environment variable is a good practice.

Also applies to: 89-91

---

542-542: Logical enhancement to return user ID from sign-in.

Modifying the sign_in method to return the user ID is a sensible change that supports the session token creation flow while maintaining backward compatibility.

Also applies to: 547-547

---

765-772: Excellent thread-safe session token caching implementation.

The get_session_token method implements proper thread safety with:

• Lock-protected cache access
• Cache-miss handling with automatic token creation
• Clean separation of concerns

This ensures thread-safe access to session tokens with efficient caching.

---

774-785: Robust session token creation and persistence.

The create_session_token method correctly:

• Generates a unique UUID for each token
• Persists the token to the database with proper metadata (account_id, user_id, type)
• Uses minimal return to optimize database response
• Returns the generated token for immediate use

The implementation ensures tokens are both cached and persisted for reliability.

[arikalon1]

nice work

Please remember to add to the release notes of this release, that Slack interactive buttons will stop working, without Robusta UI account