phasehq / console Goto Github PK

Is your feature request related to a problem?

When multiple tokens are created, particularly tokens with no expiry, its impossible to know which tokens are actually in use.

Describe the solution you'd like

• Add a last_used_at field to the Service Token model and update this value when it is used either by the CLI / SDK / API
• Show the "last used" date beside each token in App > Service Tokens. This is a timestamp for the last time the token was used to perform a CRUD action

This could be merged with #114 as some of the model and schema changes will overlap

Maintain sync between client and server in the apps screen.

Is your feature request related to a problem?

The created service tokens only show the user that created them, and the expiry. The selected environment scope of each token should also be displayed.

Describe the solution you'd like

Show the env scope

Additional context

Is your feature request related to a problem?

Currently, input masking is handled by the browser by leveraging the html input type="password" attribute. Which this handles masking well, it introduces a few problems

• The browser prompts the user to "Save this password" when editing secrets. (Browser specific workarounds to block this exist in some cases but are not ideal)
• The masking looks different on different browsers
• Masking very large, or multi line values is sub-optimal

Suggested approach

Use a password font such as this one to mask inputs.

Describe alternatives you've considered

Manually replacing masked characters with * or • symbols. While this masks characters, it creates several other issues such as managing the value vs displayValue of inputs, removing the ability to manually copy values, etc

Additional context

Alternative approaches are welcome

The title of the graph should indicate the selected time range. Instead of "n Events" it should say:

• "n Events in the last hour" (1H)
• "n Events today" (24H)
• "n Events this week" (1W)
• "n Events this month" (1M)
• "n Events this year" (1Y)

Is your feature request related to a problem?

Navigating to an app and environment requires several clicks.

Describe the solution you'd like

Add a tree list of apps and envs in the sidebar that the user has access to. Under the "Apps" item:

Apps
  |
  |--App 1
  |  |
  |  |-- Dev
  |  |-- Staging
  |
  |--App 2
  |  |-- Dev
  |
  |--App 3
  |  |
  |  |-- Dev
  |  |-- Staging
  |  |-- Production

• The list should be collapsible
• The current active App and Env should be highlighted
• Handle overflows, large number of apps etc

On slower systems it takes a while to unlock the keyring, would be helpful to have a indicator.

Is your feature request related to a problem?

In you replace-variable.sh you are string replacing every *.js file instead of matches with BAKED_.
Run the output of find through grep for a significant speed up.

Thank you for your post on build one run many post.

Describe the solution you'd like

Pipe the output of find through grep. This way you are running sed only on matching files

in

change:

find /app/public /app/.next -type f -name "*.js" |
while read file; do

to

find /app/public /app/.next -type f -name "*.js" | xargs grep -i -l "BAKED_" |
while read file; do

It would be great to introduce a new feature where the create secret API returns the ID of the newly created secret instead of the generic message "Created 1 secrets". Also the id also can be used to directly retrieve the secret data.

Is your feature request related to a problem?

Currently there is no way to filer audit logs.

Describe the solution you'd like

Add drop-down selection to application audit logs screen for the following potential filters:

• Event: Create, read, update, delete secret
• User: selection of all the members of an application
• Time range - start date end date
• Clear filter button

Mock UI

Steps are reproduce:

1. log in to an admin / owner level access account
2. remove a user who is already logged in
3. switch to the users account and refresh the console page

Describe the

Currently it is possible add a blank space while naming a key belonging to a secret. This can cause issues.

Expected behavior

Don't allow blank space ' ' characters. While the user is typing a key name automatically replace each space character ' ' with an underscore '_'.

Here's a generic regex expression that is in compliance with the dotenv convention:

^[A-Z][A-Z0-9_]*(_[A-Z0-9]+)*$

https://regex101.com/r/Z6hRKv/1

Is your feature request related to a problem?

Currently there is no meta image.

Describe the solution you'd like

Describe alternatives you've considered

Additional context

Uncover the secret's value by default when a new secret is being edited by the user:

Describe the bug

The Phase Console login screen UI is has scaling issues on mobile.

Expected behavior

Make sure the login screen is responsive on devices with smaller screens.

Screenshots

If applicable, add screenshots to help explain your problem.

Platform you are having the issue on:

Additional context

Add any other context about the problem here.

Describe the bug

When a secret's path is updated via the CLI / API / SDK, an update event is shown in the UI but the diff of the previous vs current path is not shown

To Reproduce

Steps to reproduce the behavior:

1. Create a secret
2. Update its path
3. View secret history in Console

Expected behavior

The difference between the previous and current path should be displayed

Screenshots

Is your feature request related to a problem?

The app card currently shows no information about any integrations that might exist for the given app

Describe the solution you'd like

Show a list of icons representing any thirdy party integrations that are set up for the app. The list can be truncated to 3-4 items with a +n for apps with several integrations

There could also be a small count tag against each icon to denote multiple syncs for a given service, for example gitlab (2), vault, nomad (3) etc

Is your feature request related to a problem?

Currently all log events created by Service Tokens are displayed as 🔑 Service token which makes it hard to trace access.

Describe the solution you'd like

1. Display the name of the actual Service Token used to access secrets in the logs
2. Provide a link to similar to View this secret to view the Service Token in the App > Service Tokens screen

Describe the bug

Overlapping icon

To Reproduce

Steps to reproduce the behavior:

1. Go to '/signup'
2. Get to the sudo password step
3. Type a sudo password
4. See that the browser draws an eye icon over the one in the UI

Expected behavior

Only one eye icon should be displayed

Screenshots

Platform you are having the issue on:

Browser - Windows Edge
OS - Windows

Describe the bug

Frontend container throws Axios ECONNREFUSED on login with GitHub (out of the box config)
AxiosError: connect ECONNREFUSED 127.0.0.1:443
I'm a new user trying out the platform on local.
I'm following the docker compose docs at https://docs.phase.dev/self-hosting/docker-compose.

Configured GitHub OAuth app with Authorization callback URL as https://localhost/api/auth/callback/github
Updated .env with auth keys, spun up with docker-compose -f docker-compose.yml up -d

Frontend container throws:
AxiosError: connect ECONNREFUSED 127.0.0.1:443
or
AxiosError: connect ECONNREFUSED 127.0.0.1:80 if I change the protocol to http

To Reproduce

Steps to reproduce the behavior:

1. Configure GitHub OAuth app with Auth callback URL as https://localhost/api/auth/callback/github
2. Spin up docker compose with docker-compose -f docker-compose.yml up -d
3. navigate to localhost
4. click on Login with Github
5. Loops back to login screen
6. Network tab logs: https://localhost/api/auth/error?error=Callback with 302 status
7. Network tab logs: https://localhost/api/auth/signin?error=Callback with 302 status
8. Network tab logs: https://localhost/login?callbackUrl=https%3A%2F%2Flocalhost%2F&error=Callback
   200 status
9. phasehq/frontend:latest container throws: AxiosError: connect ECONNREFUSED 127.0.0.1:443

Expected behavior

5. Should take you to homepage

Screenshots

Platform you are having the issue on:

docker-compose version 1.29.2, build 5becea4c
❯ docker version
Client:
Version: 20.10.16
API version: 1.41
Go version: go1.17.10
Git commit: aa7e414
OS/Arch: darwin/arm64
Server: Docker Desktop 4.9.1 (81317)
Engine:
Version: 20.10.16

Is your feature request related to a problem?

Add a button to uncover all values of secrets in a given environment.

Create a new nginx config that doesn't use https for local docker compose dev environment.

Describe the solution you'd like

• Add a button that users can click to gracefully back of the unlock keyring popup
  
• Add a badge indicator in the status bar on the top right of the screen to indicate weather the keyring is locked or not

Describe alternatives you've considered

Additional context

Describe the bug

Input fields allow users to input very lengthy strings, causing the UI of the application to break.

To Reproduce

Steps to reproduce the behavior:

1. Go to Home tab on the user dashboard
2. Click on create an app
3. Input 13+ zeros in the app name input field

Expected behavior

The input validation should restrict the number of characters I put in the input field.

Screenshots

Platform you are having the issue on:

User Dashboard

Additional context

Describe the bug

Setting a personal override values to a secret that created on the client but not yet deployed returns the Secret matching query does not exist error.

Make sure long strings wrap correctly.

Describe the bug

We've recently set up Phase alongside Google OAuth, but the initial login refuses to work. When I try to login, the app fails to redirect to the correct callback URL, causing "Secure Connection Failed". Here's the logs from the Frontend:

[next-auth][error][OAUTH_CALLBACK_ERROR] 
https://next-auth.js.org/errors#oauth_callback_error invalid_grant (Bad Request) {
  error: OPError: invalid_grant (Bad Request)
      at processResponse (/app/node_modules/openid-client/lib/helpers/process_response.js:38:13)
      at Client.grant (/app/node_modules/openid-client/lib/client.js:1327:22)
      at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
      at async Client.callback (/app/node_modules/openid-client/lib/client.js:476:24)
      at async oAuthCallback (/app/node_modules/next-auth/core/lib/oauth/callback.js:109:16)
      at async Object.callback (/app/node_modules/next-auth/core/routes/callback.js:52:11)
      at async AuthHandler (/app/node_modules/next-auth/core/index.js:208:28)
      at async NextAuthApiHandler (/app/node_modules/next-auth/next/index.js:22:19)
      at async K (/app/node_modules/next/dist/compiled/next-server/pages-api.runtime.prod.js:20:16545)
      at async U.render (/app/node_modules/next/dist/compiled/next-server/pages-api.runtime.prod.js:20:16981) {
    name: 'OAuthCallbackError',
    code: undefined
  },
  providerId: 'google',
  message: 'invalid_grant (Bad Request)'
}

While I can also see in the backend logs, after enabling debug mode, that the user data comes through just fine from Google. There's something failing at the frontend since I can confirm that the configuration is correct.

Environment:

NEXT_PUBLIC_BACKEND_API_BASE=https://phase.site.com/service
NEXTAUTH_URL=https://phase.site.com
NEXTAUTH_SECRET=areallylongsecret
NEXT_TELEMETRY_DISABLED=1
NEXT_PUBLIC_NEXTAUTH_PROVIDERS=google
OAUTH_REDIRECT_URI=https://phase.site.com

Do let me know if any more information is required.

To Reproduce

Steps to reproduce the behavior:

1. Set up Phase with Google OAuth
2. Try to login
3. Check frontend logs.

Expected behavior

The user is logged in.

Is your feature request related to a problem?

Currently tags can be created organisation wide, but cannot be edited or deleted.

Describe the solution you'd like

A screen that allows editing and deleting tags. UI inspiration:

Is your feature request related to a problem?

Secrets can be created with references to other secrets in the same or other environments.

For example:

PROFILE_API=${API_BASE_URL}/profile

or

HEALTH_ENDPOINT=${production.BASE_URL}/health

Creating these references are error prone since they are cases sensitive and a single character mistake can lead to a broken reference.

Describe the solution you'd like

An autocomplete dropdown that shows suggestions based on the characters entered after the ${ to start a reference. For example, if creating a secret with the value:
PROFILE_API=${AP

The dropdown should match and suggest completions:

PROFILE_API=${AP...
              API_BASE_URL
              API_TOKEN

This should ideally work across environments as well, however this comes with significant complexity as secrets in other environments must be fetched and decrypted for this to work, and access to other environments will depend on the logged in user and role.

Bonus

It would also be helpful to be able to highlight referenced secrets in the editor, so the user can visually confirm that the reference is correct.

PROFILE_API=${API_BASE_URL}/profile

Hovering a reference could also show the referenced value in a tooltip

Current behavior

After inputing a team name in step one, the user only discovers that this team name is not available after clicking the finish button in step 3. This user experience is a little poor, since the user will continuessly navigate between the first step and last step and will also have to wait for some time (depending on their network speed) in step 3 before getting that error.

Suggested Behavior

User should see team name availability as they type in the team name. Something similar to typing in a new repo name in Github

The images in Readme file are not rendering correctly.

Is your feature request related to a problem?

Importing secrets from an existing .env file is only possible via the Phase CLI currently.

Describe the solution you'd like

Add the ability to drag and drop / click to select a .env file to import secrets into Phase. When there are no secrets present, it should be the primary empty state:

Is your feature request related to a problem?

Making changes to secrets currently shows a "You have undeployed changes to this environment." warning banner and an amber highlight to affected secrets, but it can be difficult to determine what changes were made other than which secrets are affected.

Describe the solution you'd like

Clicking the warning banner should show a modal with details of secrets affected, with diffs of specific properties changed, such as tags, comments, etc. For example:

• Modified GOOGLE_CLIENT_ID
  • changed key
  • added tag
• AddedTEST
• Modified SESSION_COOKIE_DOMAIN
  • changed comment

Ideally, something inspired by VSCode's diffs would be great:

Fix the white background on the magnifying glass icon and "clear search" buttons in the input box. Make them match the background color of the input field.

Allow apps keys to be recovered once an app has been deleted.

Describe the bug

when a tag is added/updated in the secret an update event can be seen using the history dialog box.

When the same is done below UI problem is observed

To Reproduce

1. Create a secret
2. Add a Tag
3. View secret history

Expected behavior

There must be a proper symmetric UI with some descriptive text

Screenshots

Platform you are having the issue on:

OS: Linux (Debain)

Browser: Firefox

Additional context

N/A

Suggestions:

• Require sudo password for app deletion, don't solely rely on SSO authentication
• Change the color of the 'delete' button from green to red

Is your feature request related to a problem?

Add the ability to delete your team / organisation

For managing and deleting teams:

1. List the current team that you have switched context to and its metadata in the account section (Team name, creation date, role (owner, admin, developer))
2. Add a delete button, warn the user that deleting a team will cause all applications, secrets, logs, keys and members will be irrecoverably deleted. (ideally prompt the user for a sudo password and require a successful signature - to be discussed: @rohan-chaturvedi)

Please create a DB_USER when demo secret when the "Create example secrets" toggle is on.

Describe the bug

Clicking create a sync does nothing when no apps are available.

To Reproduce

Expected behavior

A user should be prompted to create a new application before a sync can be set up.

Is your feature request related to a problem?

Currently users need to manually visit /signup to create a new organisation if they are a member of an existing org.

Describe the solution you'd like

1. Make the organisation context switcher persistent (even when an account has a single organisation)
   

2. Add a 'Create new organisation' button at the bottom of the list that will send a user to /signup

The Email templates need several improvements

• Make sure logo is displayed
• Improve typography / spacing / layout

All email templates need a rework:
https://github.com/phasehq/console/tree/main/backend/api/templates/backend/api/email_templates

Current email look: