Conversation
![kiloconnect[bot]](https://avatars.githubusercontent.com/in/2193792?s=60&v=4){kind=small}
| const conditions = []; | ||
|
|
||
| if (requestId) { | ||
| conditions.push(eq(api_request_log.id, BigInt(requestId))); |
There was a problem hiding this comment.
WARNING: requestId parsing can throw at runtime
BigInt(requestId) will throw if the UI sends a non-integer string (e.g. whitespace, non-numeric, or out-of-range formatting), which would turn a bad filter input into a 500. Consider validating/coercing at the Zod layer (e.g. require ^\d+$), or safely parsing and returning a BAD_REQUEST TRPC error.
| } | ||
|
|
||
| if (input.fromDate) { | ||
| conditions.push(gte(api_request_log.created_at, input.fromDate)); |
There was a problem hiding this comment.
WARNING: Date filters accept arbitrary strings
fromDate/toDate are z.string().optional() but get passed into gte/lte against a timestamp column. If a client sends an invalid datetime string, Postgres can error. Consider using z.string().datetime() (or coercing to Date) so invalid inputs are rejected deterministically.
| provider: api_request_log.provider, | ||
| model: api_request_log.model, | ||
| status_code: api_request_log.status_code, | ||
| request: api_request_log.request, |
There was a problem hiding this comment.
WARNING: List endpoint returns full request/response payloads
Selecting request and response for every row can make the list query/network response very heavy (and may expose large/secret-bearing payloads to the UI unnecessarily). Consider returning only summary fields for the table, and add a getById endpoint (or includeBodies flag) for the detail dialog.
|
|
||
| if (filters.requestId) params.requestId = filters.requestId; | ||
| if (debouncedSearch) params.search = debouncedSearch; | ||
| if (filters.fromDate) params.fromDate = new Date(filters.fromDate).toISOString(); |
There was a problem hiding this comment.
WARNING: toISOString() can throw for invalid date input
new Date(filters.fromDate).toISOString() throws a RangeError if the value is not a valid date. While datetime-local usually produces valid values, it can still be cleared/edited into an invalid string; consider guarding with isNaN(date.getTime()) before calling toISOString().
Code Review SummaryStatus: 4 Issues Found | Recommendation: Address before merge Overview
Fix these issues in Kilo Cloud Issue Details (click to expand)WARNING
Other Observations (not in diff)Issues found in unchanged code that cannot receive inline comments:
Files Reviewed (5 files)
|
Summary
Adds a new admin page at
/admin/requestsfor searching and viewing API request logs from theapi_request_logtable.Features
@uiw/react-json-viewadminProcedureFiles Changed
src/routers/admin-router.ts— AddedrequestLogs.listtRPC proceduresrc/app/admin/api/requests/hooks.ts— Created tRPC query hooksrc/app/admin/components/RequestLogsTable.tsx— Created main table component with filters, sorting, pagination, and detail dialogsrc/app/admin/requests/page.tsx— Created page componentsrc/app/admin/components/AppSidebar.tsx— Added "Request Logs" nav itemBuilt for Marius Wichtner by Kilo for Slack