Skip to content

format project with biome#1589

Merged
Artuomka merged 4 commits into
mainfrom
backend_lint
Feb 11, 2026
Merged

format project with biome#1589
Artuomka merged 4 commits into
mainfrom
backend_lint

Conversation

@Artuomka

Copy link
Copy Markdown
Collaborator

No description provided.

Copilot AI review requested due to automatic review settings February 10, 2026 13:43
@Artuomka Artuomka enabled auto-merge February 10, 2026 13:43

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Formats the backend codebase using Biome to enforce consistent styling.

Changes:

  • Reformats TypeORM decorators and options objects into multi-line, consistently indented blocks.
  • Normalizes imports (multi-line import lists, quote style) and removes stray blank lines.
  • Minor formatting adjustments in modules, use-cases, and decorators for readability/consistency.

Reviewed changes

Copilot reviewed 35 out of 878 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
backend/src/entities/table-actions/table-action-rules-module/action-rules.entity.ts Reformats relation decorators for consistent indentation/line breaks
backend/src/entities/table-actions/table-action-events-module/action-event.entity.ts Reformats @ManyToOne decorator formatting
backend/src/entities/secret-access-log/secret-access-log.entity.ts Expands TypeORM import list + reformats relation decorators
backend/src/entities/s3-widget/use-cases/s3-use-cases.interface.ts Expands DS imports into multi-line import block
backend/src/entities/permission/permission.entity.ts Reformats @ManyToMany decorator into multi-line
backend/src/entities/group/use-cases/remove-user-from-group.use.case.ts Compacts delIndex assignment formatting
backend/src/entities/group/group.entity.ts Reformats relation decorators/options blocks
backend/src/entities/email/utils/escape-html.util.ts Removes trailing blank line at EOF
backend/src/entities/email/email/email.interface.ts Removes trailing blank line at EOF
backend/src/entities/email/email-verification.entity.ts Reformats @OneToOne decorator into multi-line
backend/src/entities/email/email-messages/email-message.ts Removes stray blank line inside class
backend/src/entities/custom-field/use-cases/create-custom-fields.use.case.ts Reformats long await call line wrapping
backend/src/entities/custom-field/custom-fields.entity.ts Reformats @ManyToOne decorator into multi-line
backend/src/entities/convention/use-cases/get-conversions.use.case.ts Normalizes object key quoting/indentation
backend/src/entities/connection-properties/use-cases/find-connection-properties-use.case.ts Reformats long await call line wrapping
backend/src/entities/connection-properties/use-cases/delete-connection-properties.use.case.ts Reformats long await call line wrapping
backend/src/entities/connection-properties/connection-properties.module.ts Reformats middleware application calls into chained style
backend/src/entities/connection-properties/connection-properties.entity.ts Reformats relation decorators/options blocks
backend/src/entities/company-tab-title/company-tab-title.entity.ts Reformats @OneToOne decorator/options block
backend/src/entities/company-logo/company-logo.entity.ts Reformats @OneToOne decorator/options block
backend/src/entities/company-info/invitation-in-company/invitation-in-company.entity.ts Reformats @ManyToOne decorator/options block
backend/src/entities/company-info/company-info.entity.ts Reformats multiple relation decorators/options blocks
backend/src/entities/company-favicon/company-favicon.entity.ts Reformats @OneToOne decorator/options block
backend/src/entities/api-key/api-key.entity.ts Reformats @ManyToOne decorator/options block
backend/src/entities/ai/use-cases/request-ai-settings-and-widgets-creation.use.case.ts Normalizes imports/quotes + compacts method signature/calls
backend/src/entities/ai/ai-use-cases.interface.ts Normalizes imports/quotes + compacts interface method formatting
backend/src/entities/ai/ai-data-entities/types/ai-module-types.ts Normalizes import quote style
backend/src/entities/ai/ai-data-entities/ai-reponses-to-user/ai-responses-to-user.entity.ts Reformats @ManyToOne decorator/options block
backend/src/entities/ai/ai-conversation-history/user-ai-chat/repository/user-ai-chat-repository.extension.ts Compacts query builder chain onto a single line
backend/src/entities/agent/repository/agent.repository.interface.ts Removes stray blank line in interface
backend/src/entities/agent/agent.entity.ts Removes leading blank line + reformats @OneToOne decorator
backend/src/decorators/slug-uuid.decorator.ts Adds trailing comma in array for consistent formatting
backend/src/decorators/gclid-decorator.ts Adjusts parentheses for clearer nullish coalescing expression
backend/src/ai-core/interfaces/ai-service.interface.ts Removes stray blank line in interface
backend/ava.config.mjs Removes stray blank line at file start

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.


@ManyToOne(
(_type) => ActionRulesEntity,
(rules) => rules.table_actions,

Copilot AI Feb 10, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The inverse side of the ActionRulesEntity relation for ActionEventsEntity appears incorrect: it points to rules.table_actions instead of the events collection (likely rules.action_events, which exists on ActionRulesEntity in this PR). This will mis-wire the relationship metadata in TypeORM. Update the inverse property to reference the events relation.

Suggested change
(rules) => rules.table_actions,
(rules) => rules.action_events,

Copilot uses AI. Check for mistakes.
);
}
const usersArray = groupToUpdate.users;
const delIndex = usersArray.map((e) => e.id).indexOf(foundUser.id);

Copilot AI Feb 10, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This does two passes over usersArray and allocates an intermediate array. Prefer a single-pass lookup with findIndex((u) => u.id === foundUser.id) to reduce overhead and simplify the intent.

Suggested change
const delIndex = usersArray.map((e) => e.id).indexOf(foundUser.id);
const delIndex = usersArray.findIndex((u) => u.id === foundUser.id);

Copilot uses AI. Check for mistakes.
Comment on lines +45 to +56
consumer
.apply(AuthMiddleware)
.forRoutes({ path: '/connection/properties/:connectionId', method: RequestMethod.GET });
consumer
.apply(AuthMiddleware)
.forRoutes({ path: '/connection/properties/:connectionId', method: RequestMethod.POST });
consumer
.apply(AuthMiddleware)
.forRoutes({ path: '/connection/properties/:connectionId', method: RequestMethod.PUT });
consumer
.apply(AuthMiddleware)
.forRoutes({ path: '/connection/properties/:connectionId', method: RequestMethod.DELETE });

Copilot AI Feb 10, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The middleware is applied four times to the same path with only the method changing. This can be made easier to maintain by calling .apply(AuthMiddleware).forRoutes(...) once with an array of route definitions (GET/POST/PUT/DELETE). That reduces duplication and makes future changes less error-prone.

Suggested change
consumer
.apply(AuthMiddleware)
.forRoutes({ path: '/connection/properties/:connectionId', method: RequestMethod.GET });
consumer
.apply(AuthMiddleware)
.forRoutes({ path: '/connection/properties/:connectionId', method: RequestMethod.POST });
consumer
.apply(AuthMiddleware)
.forRoutes({ path: '/connection/properties/:connectionId', method: RequestMethod.PUT });
consumer
.apply(AuthMiddleware)
.forRoutes({ path: '/connection/properties/:connectionId', method: RequestMethod.DELETE });
consumer.apply(AuthMiddleware).forRoutes(
{ path: '/connection/properties/:connectionId', method: RequestMethod.GET },
{ path: '/connection/properties/:connectionId', method: RequestMethod.POST },
{ path: '/connection/properties/:connectionId', method: RequestMethod.PUT },
{ path: '/connection/properties/:connectionId', method: RequestMethod.DELETE },
);

Copilot uses AI. Check for mistakes.
Comment on lines +35 to +36
];
if (!availableSlagParameters.includes(parameterName)) {

Copilot AI Feb 10, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The variable name availableSlagParameters looks like a typo (likely meant availableSlugParameters to match the decorator name SlugUuid). Consider renaming for clarity and consistency.

Copilot uses AI. Check for mistakes.
createConnectionData.connection_parameters.cert = await readSslCertificate();
return createConnectionData;
}
if (host.includes('amazonaws.com') && host.includes('ec2-') && host.endsWith('.compute.amazonaws.com')) {

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
amazonaws.com
' can be anywhere in the URL, and arbitrary hosts may come before or after it.

Copilot Autofix

AI 5 months ago

In general, to fix incomplete URL/host substring sanitization, you should avoid includes/indexOf on the entire host string and instead validate hosts via strict equality or well‑designed regular expressions that match only allowed domains (or subdomains) and nothing else. When URLs are involved, you parse them with a URL parser and then validate the host or hostname property against such a whitelist or regex.

For this specific code, we already have strong regex checks later (ec2HostRegex and rdsHostRegex) and we already require host.endsWith('.compute.amazonaws.com') in the EC2 branch. The unsafe / redundant part is the substring check host.includes('amazonaws.com') on line 17. The best low‑impact fix is to remove that includes condition while preserving the rest of the logic, relying on the more precise endsWith('.compute.amazonaws.com') combined with host.includes('ec2-') (and the regexes below) to identify AWS EC2 hosts. This avoids substring sanitization, keeps the existing behavior for valid EC2 hosts, and does not broaden the accepted set of hosts.

Concretely:

  • In backend/src/entities/connection/utils/process-aws-connection.util.ts, update the if condition starting at line 17 to drop the host.includes('amazonaws.com') && part.
  • No new methods or imports are needed; we are only simplifying an existing boolean expression.

Suggested changeset 1
backend/src/entities/connection/utils/process-aws-connection.util.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/backend/src/entities/connection/utils/process-aws-connection.util.ts b/backend/src/entities/connection/utils/process-aws-connection.util.ts
--- a/backend/src/entities/connection/utils/process-aws-connection.util.ts
+++ b/backend/src/entities/connection/utils/process-aws-connection.util.ts
@@ -14,7 +14,7 @@
 		return createConnectionData;
 	}
 
-	if (host.includes('amazonaws.com') && host.includes('ec2-') && host.endsWith('.compute.amazonaws.com')) {
+	if (host.includes('ec2-') && host.endsWith('.compute.amazonaws.com')) {
 		createConnectionData.connection_parameters.ssl = true;
 		createConnectionData.connection_parameters.cert = await readSslCertificate();
 		return createConnectionData;
EOF
@@ -14,7 +14,7 @@
return createConnectionData;
}

if (host.includes('amazonaws.com') && host.includes('ec2-') && host.endsWith('.compute.amazonaws.com')) {
if (host.includes('ec2-') && host.endsWith('.compute.amazonaws.com')) {
createConnectionData.connection_parameters.ssl = true;
createConnectionData.connection_parameters.cert = await readSslCertificate();
return createConnectionData;
Copilot is powered by AI and may make mistakes. Always verify output.
private isAWSConnection(): boolean {
const { host } = this.connection;

if (host.includes('cassandra') && host.includes('amazonaws.com')) {

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
amazonaws.com
' can be anywhere in the URL, and arbitrary hosts may come before or after it.

Copilot Autofix

AI 5 months ago

In general, to fix this kind of problem you should avoid substring checks on hostnames and instead perform explicit, structural matching: either compare against a whitelist of exact hostnames, or check that the host is exactly a known domain or a subdomain of it (by using suffix checks with a dot boundary, not generic includes). For AWS Cassandra-related hosts, that means recognizing only *.amazonaws.com (and possibly more specific patterns, such as *.compute.amazonaws.com or cassandra.*.amazonaws.com), ensuring that the domain suffix is correct and not followed by additional labels.

For this specific method, isAWSConnection, the best change with minimal impact is to replace the includes('amazonaws.com') checks with robust suffix checks that verify the host is either exactly amazonaws.com or ends with .amazonaws.com. We can do this with plain string logic and a small helper function inside the class, without changing imports. The existing ec2HostRegex remains valid, as it already matches a specific AWS EC2 hostname pattern. We will:

  • Add a private helper private hasDomainSuffix(host: string, domain: string): boolean in the class, implementing a safe suffix check with a dot boundary.
  • Replace both if (host.includes('cassandra') && host.includes('amazonaws.com')) and if (host.includes('amazonaws.com')) with versions that use hasDomainSuffix(host, 'amazonaws.com'), retaining the cassandra part of the first check.
  • Keep all other logic unchanged.

All changes will be within shared-code/src/data-access-layer/data-access-objects/data-access-object-cassandra.ts, inside the DataAccessObjectCassandra class and near the isAWSConnection method.

Suggested changeset 1
shared-code/src/data-access-layer/data-access-objects/data-access-object-cassandra.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/shared-code/src/data-access-layer/data-access-objects/data-access-object-cassandra.ts b/shared-code/src/data-access-layer/data-access-objects/data-access-object-cassandra.ts
--- a/shared-code/src/data-access-layer/data-access-objects/data-access-object-cassandra.ts
+++ b/shared-code/src/data-access-layer/data-access-objects/data-access-object-cassandra.ts
@@ -733,14 +733,26 @@
 		}
 	}
 
+	private hasDomainSuffix(host: string, domain: string): boolean {
+		if (!host) {
+			return false;
+		}
+
+		if (host === domain) {
+			return true;
+		}
+
+		return host.endsWith(`.${domain}`);
+	}
+
 	private isAWSConnection(): boolean {
 		const { host } = this.connection;
 
-		if (host.includes('cassandra') && host.includes('amazonaws.com')) {
+		if (host.includes('cassandra') && this.hasDomainSuffix(host, 'amazonaws.com')) {
 			return true;
 		}
 
-		if (host.includes('amazonaws.com')) {
+		if (this.hasDomainSuffix(host, 'amazonaws.com')) {
 			return true;
 		}
 
EOF
@@ -733,14 +733,26 @@
}
}

private hasDomainSuffix(host: string, domain: string): boolean {
if (!host) {
return false;
}

if (host === domain) {
return true;
}

return host.endsWith(`.${domain}`);
}

private isAWSConnection(): boolean {
const { host } = this.connection;

if (host.includes('cassandra') && host.includes('amazonaws.com')) {
if (host.includes('cassandra') && this.hasDomainSuffix(host, 'amazonaws.com')) {
return true;
}

if (host.includes('amazonaws.com')) {
if (this.hasDomainSuffix(host, 'amazonaws.com')) {
return true;
}

Copilot is powered by AI and may make mistakes. Always verify output.
return true;
}

if (host.includes('amazonaws.com')) {

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
amazonaws.com
' can be anywhere in the URL, and arbitrary hosts may come before or after it.

Copilot Autofix

AI 5 months ago

In general, incomplete URL/host validation based on substring checks should be replaced with checks based on a parsed hostname and explicit whitelisting of acceptable hosts or suffixes. For AWS detection, this means: (1) ensure we are looking at just the hostname (no scheme, port, path, or credentials), (2) compare it against exact matches or suffix matches that start at a label boundary (e.g., host === 'amazonaws.com' or host.endsWith('.amazonaws.com')), and (3) optionally retain any more specific regex checks (like the EC2 pattern) once the host is normalized.

In this file, the best way to fix the problem without changing higher‑level functionality is to (a) normalize this.connection.host into a proper hostname string using the built‑in URL parser, while handling inputs that might be missing a scheme, and then (b) replace the two includes('amazonaws.com') checks with label‑boundary checks on that normalized hostname. We should also reuse this normalized host when applying the EC2 regex. Concretely:

  • Change the start of isAWSConnection() so that it derives a local normalizedHost from this.connection.host:
    • If host already looks like a full URL (starts with http:// or https://), parse it with new URL(host) and take .hostname.
    • Otherwise, treat it as a bare hostname and use it as‑is (optionally, we can still run it through new URL('http://' + host) safely if desired).
    • Lower‑case it to make matching case‑insensitive.
  • Replace both existing host.includes('amazonaws.com') checks by a helper expression isAmazonawsHostname(normalizedHost) that returns true if normalizedHost === 'amazonaws.com' or normalizedHost.endsWith('.amazonaws.com').
  • Apply the existing ec2HostRegex to normalizedHost instead of the raw host.

No new imports are needed; TypeScript/Node already provide the URL class in the global scope, and we stay within the shown method. The only changes occur in isAWSConnection() in shared-code/src/data-access-layer/data-access-objects/data-access-object-cassandra.ts.

Suggested changeset 1
shared-code/src/data-access-layer/data-access-objects/data-access-object-cassandra.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/shared-code/src/data-access-layer/data-access-objects/data-access-object-cassandra.ts b/shared-code/src/data-access-layer/data-access-objects/data-access-object-cassandra.ts
--- a/shared-code/src/data-access-layer/data-access-objects/data-access-object-cassandra.ts
+++ b/shared-code/src/data-access-layer/data-access-objects/data-access-object-cassandra.ts
@@ -736,16 +736,32 @@
 	private isAWSConnection(): boolean {
 		const { host } = this.connection;
 
-		if (host.includes('cassandra') && host.includes('amazonaws.com')) {
+		// Normalize host to a bare hostname to avoid substring-based checks on arbitrary URLs.
+		let normalizedHost = host;
+		try {
+			// If host already includes a scheme, use it directly; otherwise, prefix with http:// for parsing.
+			const hasScheme = /^https?:\/\//i.test(host);
+			const url = new URL(hasScheme ? host : `http://${host}`);
+			normalizedHost = url.hostname;
+		} catch {
+			// If parsing fails, fall back to the original host value.
+			normalizedHost = host;
+		}
+
+		const lowerHost = normalizedHost.toLowerCase();
+		const isAmazonawsHost =
+			lowerHost === 'amazonaws.com' || lowerHost.endsWith('.amazonaws.com');
+
+		if (lowerHost.includes('cassandra') && isAmazonawsHost) {
 			return true;
 		}
 
-		if (host.includes('amazonaws.com')) {
+		if (isAmazonawsHost) {
 			return true;
 		}
 
 		const ec2HostRegex = /^(ec2-).*([.]compute[.]amazonaws[.]com)$/i;
-		if (ec2HostRegex.test(host)) {
+		if (ec2HostRegex.test(lowerHost)) {
 			return true;
 		}
 
EOF
@@ -736,16 +736,32 @@
private isAWSConnection(): boolean {
const { host } = this.connection;

if (host.includes('cassandra') && host.includes('amazonaws.com')) {
// Normalize host to a bare hostname to avoid substring-based checks on arbitrary URLs.
let normalizedHost = host;
try {
// If host already includes a scheme, use it directly; otherwise, prefix with http:// for parsing.
const hasScheme = /^https?:\/\//i.test(host);
const url = new URL(hasScheme ? host : `http://${host}`);
normalizedHost = url.hostname;
} catch {
// If parsing fails, fall back to the original host value.
normalizedHost = host;
}

const lowerHost = normalizedHost.toLowerCase();
const isAmazonawsHost =
lowerHost === 'amazonaws.com' || lowerHost.endsWith('.amazonaws.com');

if (lowerHost.includes('cassandra') && isAmazonawsHost) {
return true;
}

if (host.includes('amazonaws.com')) {
if (isAmazonawsHost) {
return true;
}

const ec2HostRegex = /^(ec2-).*([.]compute[.]amazonaws[.]com)$/i;
if (ec2HostRegex.test(host)) {
if (ec2HostRegex.test(lowerHost)) {
return true;
}

Copilot is powered by AI and may make mistakes. Always verify output.
@Artuomka Artuomka merged commit 2f27919 into main Feb 11, 2026
18 of 19 checks passed
@Artuomka Artuomka deleted the backend_lint branch February 11, 2026 12:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants