Conversation
- Updated HomePage.js to call Function App API instead of returning placeholder - Changed Function App auth level from FUNCTION to ANONYMOUS (frontend auth via Google OAuth) - Added REACT_APP_FUNCTION_APP_URL environment variable support - Updated deployment workflow to inject Function App URL during build - Added .env.example with configuration documentation - Updated frontend README with environment variable documentation Co-authored-by: fpittelo <3135901+fpittelo@users.noreply.github.com>
- Removed unnecessary placeholder filter in conversation history - Sanitized error logging to avoid exposing sensitive information Co-authored-by: fpittelo <3135901+fpittelo@users.noreply.github.com>
Connect chat box to Azure OpenAI via Function App API
…ion App Co-authored-by: fpittelo <3135901+fpittelo@users.noreply.github.com>
Fix Azure Function App 404 by enabling remote build for Python dependencies
Co-authored-by: fpittelo <3135901+fpittelo@users.noreply.github.com>
Fix Azure Functions remote build by setting deployment flags in workflows
Co-authored-by: fpittelo <3135901+fpittelo@users.noreply.github.com>
…yment Fix Azure Functions deployment: use string values for build parameters
Summary of ChangesHello @fpittelo, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request establishes the core integration between the frontend chat application and the backend Azure Function App. It enables the frontend to communicate with the backend API for chat responses, configures the necessary environment variables for this connection, and adjusts the backend's authentication to facilitate this interaction. Additionally, it updates the infrastructure settings to support the build and deployment of the function app. Highlights
Ignored Files
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request integrates the frontend with the backend chat API, replacing the mock bot response with actual API calls. It also updates documentation and Terraform configuration for deployment. My review has identified a critical security vulnerability in the backend function's authentication level. Additionally, there are a couple of medium-severity issues in the frontend related to unique key generation for React components and error logging that could be improved for better robustness and easier debugging.
| ) | ||
|
|
||
| @app.route(route="chat", methods=["POST"], auth_level=func.AuthLevel.FUNCTION) | ||
| @app.route(route="chat", methods=["POST"], auth_level=func.AuthLevel.ANONYMOUS) |
There was a problem hiding this comment.
Changing the authentication level to ANONYMOUS exposes this function endpoint to the public internet without any authentication. This means anyone can call your chat API, which could lead to significant security risks and unexpected costs from the underlying Azure OpenAI service. The function should be secured. Consider using Azure App Service's built-in authentication (Easy Auth) on the Function App as well, or revert to AuthLevel.FUNCTION and securely provide the function key to the frontend application via its application settings.
| const botMessage = { | ||
| id: Date.now() + 1, | ||
| type: "bot", | ||
| text: "I'm a placeholder response. Integration with Azure OpenAI will be implemented in future tasks.", | ||
| text: data.response || "I apologize, but I couldn't generate a response.", | ||
| timestamp: new Date(), | ||
| }; | ||
| setMessages((prev) => [...prev, botMessage]); | ||
| } catch (error) { | ||
| // Log error without sensitive details | ||
| console.error("Error calling chat API"); | ||
| const errorMessage = { | ||
| id: Date.now() + 1, | ||
| type: "bot", | ||
| text: "I apologize, but I'm having trouble connecting to the service. Please try again later.", | ||
| timestamp: new Date(), | ||
| }; | ||
| setMessages((prev) => [...prev, errorMessage]); |
There was a problem hiding this comment.
Using Date.now() or Date.now() + 1 (lines 83 and 93) to generate unique ids for React components is not a robust approach. It's possible for multiple messages to be created within the same millisecond, which would lead to duplicate keys and cause rendering issues. This also applies to the user message ID created on line 39. A better approach is to use a more reliable source of unique identifiers, such as crypto.randomUUID() or a simple counter stored in a useRef.
| setMessages((prev) => [...prev, botMessage]); | ||
| } catch (error) { | ||
| // Log error without sensitive details | ||
| console.error("Error calling chat API"); |
There was a problem hiding this comment.
The catch block logs a generic error message but doesn't include the actual error object. This makes debugging difficult as the specific reason for the failure (e.g., network error, API error status) is lost. While the comment mentions avoiding sensitive details, the error from fetch or a thrown Error is generally safe to log in development environments and is very useful for debugging.
| console.error("Error calling chat API"); | |
| console.error("Error calling chat API:", error); |
Dev to qa