Draft
Conversation
cgivre
changed the title
cgivre
added
enhancement
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/SqlLabSpaServlet.java
Fixed
Show fixed
Hide fixed
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/SqlLabSpaServlet.java
Fixed
Show fixed
Hide fixed
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DashboardResources.java
Fixed
Show fixed
Hide fixed
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DashboardResources.java
Fixed
Show fixed
Hide fixed
exec/java-exec/src/main/resources/webapp/src/pages/DashboardViewPage.tsx
Fixed
Show fixed
Hide fixed
exec/java-exec/src/main/resources/webapp/src/pages/DashboardViewPage.tsx
Fixed
Show fixed
Hide fixed
exec/java-exec/src/main/resources/webapp/src/pages/DashboardViewPage.tsx
Fixed
Show fixed
Hide fixed
Comment on lines
+976
to
+981
| return Response.ok(imageFile, contentType) | ||
| .header("Cache-Control", "public, max-age=86400") | ||
| .header("Content-Disposition", "inline; filename=\"" + filename + "\"") | ||
| .header("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline'") | ||
| .header("X-Content-Type-Options", "nosniff") | ||
| .build(); |
Check warning
Code scanning / CodeQL
Cross-site scripting Medium
exec/java-exec/src/main/resources/webapp/src/components/results/ResultsGrid.tsx
Fixed
Show fixed
Hide fixed
Adds comprehensive query profile visualization with modern dashboard layout: **New Page (ProfileDetailPage.tsx):** - Header with back button, query ID, and action buttons (Run in SQL Lab, Download JSON) - Status bar with badge, user, foreman, and queue info - Stat cards: Status, Total Duration (with phase breakdown), Total Cost, Fragments - Two-column layout: - Left (2/3): Tabbed content with Overview, Plan, Fragments, Operators, Error Details - Right (1/3): AI Advisor panel with auto-loading analysis **Visualizations:** - Execution Waterfall: ECharts horizontal stacked bar (Planning|Queue|Execution) - Physical Plan Tree: Parses indented plan text into interactive tree chart - Fragment Gantt: Time-based chart showing fragment execution windows - Top Operators: Horizontal bar chart of slowest operators - Operator Metrics: Sortable/filterable table with timing, memory, record counts **AI Advisor Features:** - Auto-runs summary on page load (no user interaction needed) - Five prompt types: Summary, Bottlenecks, Optimize, Explain Plan, Explain Tab - Streaming responses with react-markdown rendering - Context-aware "Explain Tab" that changes based on active tab - Graceful UI when AI not configured **API Changes (queries.ts):** - Added DetailedQueryProfile interface with full execution details - Added DrillbitEndpoint, OperatorProfile, FragmentProfile hierarchies - Added getQueryProfileDetail(queryId) to fetch profile JSON **Router & Navigation:** - Added route: /profiles/:queryId → ProfileDetailPage - Updated ProfilesPage links to use React Router (no new tab) **Build:** TypeScript clean, production build successful (14.11s)
…ed metric cards - Add prominent SQL query display at top of page in collapsible card - Redesign stat cards with better spacing and responsive layout - Use full height cards with centered content for uniform appearance - Increase font sizes for better readability - Add responsive breakpoints (xs, sm, lg) for mobile compatibility - Improve visual hierarchy with better typography
- Move profile analysis context from ChatContext.resultSummary to user message body - ChatContext now only contains minimal metadata (currentSql, error) - Full profile context (plan, operators, timing) included in user message - Fixes backend deserialization error: ResultSummary cannot deserialize from String - Separates concerns: context metadata vs. analysis prompt content
Security enhancement: Automatically redact all credentials before sending profile data to the AI advisor. This prevents accidental exposure of: - API keys, tokens, and passwords in queries or filters - CredentialProvider objects and userCredentials from query plans - Connection strings, email addresses, IP addresses - Base64-encoded credentials and OAuth URLs Changes: - Add redactCredentials() helper function with comprehensive patterns - Apply redaction to query, plan, and error messages before AI submission - Add privacy notice in AI advisor panel explaining redaction - Specifically handle CredentialProvider objects from Drill execution plans The redaction is performed on client-side before any data is sent to external AI services.
Fixes reCAPTCHA verification errors on hosted versions: **Enhanced Token Detection:** - Check multiple meta tag locations (csrf-token, _csrf, csrf, X-CSRF-TOKEN) - Check multiple cookie names (drill.csrf.token, _csrf, XSRF-TOKEN, X-CSRF-TOKEN) - More robust token extraction to handle different deployment configurations **Better Error Messages:** - Specific handling for reCAPTCHA/CSRF errors (HTTP 403) - Clear guidance when token is missing or invalid - Distinguish between missing auth and reCAPTCHA failures - Add console warning when CSRF token cannot be found **Root Cause:** On hosted deployments (e.g., Digital Ocean), the CSRF token location or name may differ from default setup, causing requests to be rejected as suspicious. The enhanced detection handles these variations.
This reverts commit 45b2073.
cgivre
force-pushed
the
feature/sqllab-react-ui
branch
from
080ba0b to
36af30f
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
DRILL-XXXX: Refactor User Interface
Description
This PR refactors Drill's UI and refactors the Query view, adds visualizations and dashboards and in general makes Drill much more user friendly.
Documentation
(Please describe user-visible changes similar to what should appear in the Drill documentation.)
Testing
(Please describe how this PR has been tested.)