[Task] New Hubble 2.0 version

[imbajin]

No description provided.

[github-actions]

@codecov-ai-reviewer review

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch hubble2

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR introduces Hubble 2.0, a major architectural update that removes database-backed graph connections in favor of direct authentication tokens, adds multi-tenant graphspace support, and introduces new user management and algorithm service features.

Key Changes

• Replaces database-stored connection management with token-based authentication using HugeClientPoolService
• Adds graphspace-level organization and multi-tenancy capabilities
• Introduces new algorithm service endpoints for OLTP/OLAP graph analytics
• Implements user service with role-based access control and space administration

Reviewed changes

Copilot reviewed 205 out of 957 changed files in this pull request and generated 15 comments.

Show a summary per file

File	Description
GraphsService.java	New service for multi-graph management within graphspaces including statistics and built-in data loading
GraphService.java	Updated to use HugeClient directly instead of connection IDs with new element operations
WhiteIpListService.java	New service for IP whitelist management
UserService.java	New comprehensive user management service with authentication and authorization
OltpAlgoService.java	Major expansion adding 20+ graph traversal algorithm implementations
HugeClientPoolService.java	Complete rewrite to support token-based client creation with URL discovery
GraphConnectionService.java	Removed - functionality replaced by client pool service
HubbleOptions.java	Added configuration options for PD cluster, dashboard, and monitoring services
CustomInterceptor.java	Updated to inject HugeClient into requests based on graphspace/graph context
ExecuteHistory.java	Updated schema from conn_id to graphspace/graph identifiers

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Missing space after comma in method call argument

Suggested change

	client.graphs().clearGraph(graph,"I'm sure to delete all data");
	client.graphs().clearGraph(graph, "I'm sure to delete all data");

[Copilot]

Missing space after comma in method call argument

Suggested change

	client.graphs().dropGraph(graph,confirmMessage);
	client.graphs().dropGraph(graph, confirmMessage);

[Copilot]

Inconsistent naming - key uses PascalCase "NullableProps" while other keys use camelCase. Should be "nullableProps" for consistency

[Copilot]

Inconsistent naming - key uses PascalCase "NullableProps" while other keys use camelCase. Should be "nullableProps" for consistency

[Copilot]

Error message key "common.param.must-be-null" is incorrect - should be "cannot-be-null" since the condition checks for null values

Suggested change

	"common.param.must-be-null", "source_id");
	Ex.check(entity.getTargetId() != null,
	"common.param.must-be-null", "target_id");
	"common.param.cannot-be-null", "source_id");
	Ex.check(entity.getTargetId() != null,
	"common.param.cannot-be-null", "target_id");

[Copilot]

String comparison using == operator instead of isEmpty() or equals(). Should use ids.isEmpty() or ids.equals("")

Suggested change

	if (ids == ""){
	if (StringUtils.isEmpty(ids)){

[Copilot]

String comparison using == operator instead of isEmpty() or equals(). Should use ids.isEmpty() or ids.equals("")

Suggested change

	if (ids == ""){
	if (ids.isEmpty()){

[Copilot]

Parameter name uses snake_case 'job_id' instead of camelCase 'jobId' which is Java convention

Suggested change

	JobManagerItem computeSizeDuration(@Param("job_id") int job_id);
	JobManagerItem computeSizeDuration(@Param("job_id") int jobId);

[Copilot]

TODO comment indicates uncertainty about requirement - should be clarified or resolved

Suggested change

	if ("check".equals(uri) || "/api/v1.3/bill/cron".equals(uri)) { // TODO C rmv required?
	// Allow unauthenticated access to "check" and "/api/v1.3/bill/cron" endpoints (e.g., for health checks or scheduled jobs)
	if ("check".equals(uri) || "/api/v1.3/bill/cron".equals(uri)) {

[Copilot]

Property name misspelled as "graphe" instead of "graph"

Suggested change

	@JsonProperty("graphe")
	@JsonProperty("graph")

[gemini-code-assist]

Summary of Changes

Hello @imbajin, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a new major version of Hubble, version 2.0, marking a significant evolution in its architecture and feature set. The changes move away from direct graph connection management towards a more robust and scalable model centered around 'graphspaces' and 'graphs'. This upgrade brings a wealth of new functionalities, including advanced graph algorithms, comprehensive authentication and authorization, improved monitoring and logging, and cutting-edge AI integration for natural language querying. The underlying build system and dependencies have also been thoroughly modernized to support these new capabilities.

Highlights

• Architectural Shift to Graphspace/Graph Model: The core change involves a significant architectural shift from managing direct GraphConnection instances to a more flexible graphspace and graph model. This is evident in the removal of GraphConnectionController and GraphConnectionService, and the update of numerous API endpoints and internal services to use graphspace and graph path variables.
• Major Dependency and Build Tool Updates: The pom.xml has undergone extensive changes, including upgrading Node.js requirements to 18.20.8, updating various Spring Boot, Elasticsearch, Jersey, and other core dependencies. New Maven plugins for compilation, cleaning, and testing have also been introduced.
• Enhanced Authentication and Authorization: New controllers and services have been added for comprehensive authentication and authorization management, including user login/logout, user and role management, access control, IP whitelisting, and integration with superadmin and graph space admin roles.
• Expanded Graph Algorithm Capabilities: Numerous new OLTP and OLAP graph algorithms have been integrated, including shortest path variations, rings, k-out/k-neighbor, Jaccard similarity, personal/neighbor rank, fusiform similarity, Adamic-Adar, resource allocation, and egonet. Dedicated controllers for OLAP and Vermeer algorithms are now present.
• New Monitoring, Logging, and AI Integrations: Hubble now includes new features for monitoring (Prometheus, Dashboard), centralized logging (ES integration), and AI capabilities via LangChain for natural language to Gremlin/Cypher query generation. Proxy servlet configurations are also introduced for ingestion.
• Schema and Graph Management Enhancements: New endpoints for managing schema templates, importing graph data from JSON, and detailed graph metrics (schema and element counts, growth rates) have been added. The schema definition now supports Groovy scripts for more flexible management.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/hubble-ci.yml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a significant refactoring for Hubble 2.0, including a more RESTful API structure, improved client management, and new features like LangChain integration. The changes are extensive and move in a good direction. However, the pull request contains several issues that indicate it might be a work-in-progress, such as commented-out critical code (like authentication checks), numerous TODO comments, debug statements, and potential bugs (like a copy-paste error in an enum). These issues, especially the critical ones, should be addressed before this PR is merged to ensure the stability and correctness of the application.

[gemini-code-assist]

There seems to be a copy-paste error here. The enum AppType is trying to register AppName.class with SerialEnum. This should be AppType.class instead. This could lead to incorrect serialization behavior.

Suggested change

	SerialEnum.register(AppName.class);
	SerialEnum.register(AppType.class);

[gemini-code-assist]

The authentication check in this interceptor is commented out. This effectively disables authentication for the intercepted API endpoints, which is a major security risk. If authentication is intended, this check must be enabled.

[gemini-code-assist]

This empty catch block swallows exceptions silently. This is a dangerous practice as it can hide underlying problems. At a minimum, the exception should be logged. The original logging statement was removed in this change.

[gemini-code-assist]

When the user is not authenticated (username == null), the servlet returns an HTTP 200 OK response with a JSON body {"status": 401}. The more standard and correct approach is to return an HTTP 401 Unauthorized status code directly. This makes the API behavior more predictable for clients.

Suggested change

	HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1,
	Constant.STATUS_OK,
	"{\"status\": 401}");
	HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1,
	401,
	"Unauthorized");

[gemini-code-assist]

Setting the default timezone for the entire JVM with TimeZone.setDefault() is generally discouraged as it can have unintended side effects on other parts of the application and its dependencies that rely on the system's default timezone. It's better to handle timezones explicitly where needed, for example, when formatting dates.

[gemini-code-assist]

There is a TODO fix import comment here, along with commented-out imports. This indicates incomplete work that should be resolved before merging.

[gemini-code-assist]

This entire file is commented out. If this feature is not ready, it should not be included in the pull request. Commented-out code reduces readability and should be removed from the codebase.

[gemini-code-assist]

Using e.printStackTrace() is discouraged in production code. It's better to use a structured logger (like SLF4J) to log the exception with appropriate context. This provides better control over log levels and output formats.

Suggested change

	e.printStackTrace();
	logger.error("Failed to delete super admin role for user {}", id, e);

[gemini-code-assist]

This TODO comment indicates that there's an issue to be fixed with this dependency. Such comments should be resolved, or converted into proper issues in a tracking system, before merging the pull request to ensure code quality and maintainability. There are several other TODO comments in this file that should also be addressed.

[gemini-code-assist]

These AFS-related options are commented out with a TODO REMOVED comment. This should be cleaned up by either removing the commented-out code block entirely or clarifying the status of this feature.

The best way to fix this problem is to ensure that the pythonPath value (the Python interpreter executable) is not arbitrarily provided by the user but instead restricted to a trusted set of installed interpreters. This can be achieved in several ways:

• Preferably, maintain a hardcoded list of allowed interpreter paths, or only allow pythonPath to take on values like "python3", "python", or other known safe paths.
• Alternatively, validate the provided pythonPath against a list of allowed values (either via direct comparison or regex matching for allowed paths, and reject anything containing unsafe characters).
• If absolute paths must be supported (for multi-interpreter deployments), sanitize the input to allow only well-formed paths, ensuring no shell metacharacters can be injected.

Changes needed:

• Implement a private method to validate pythonPath (e.g., validatePythonInterpreterPath). This method should reject any path containing potentially dangerous characters (such as ;, &, |, backticks, or whitespace), or only allow paths within a known set.
• Call this validation method before constructing the command line in langchainNoSchema or within excutePythonByProcessBuilder.
• Throw an exception if the validation fails, preventing any uncontrolled execution.

No external dependencies are required; standard Java utilities (such as regex or simple string checks) suffice.

The best way to fix this vulnerability is to only allow a fixed, hard-coded list of safe executables (Python interpreters) to be launched, instead of allowing the client to provide an arbitrary pythonPath. For instance, the server could maintain a whitelist such as just "python3", or /usr/bin/python3, and completely ignore/disallow the pythonPath input from the user, or only accept a whitelisted value/alias (for example, "python3" or "python3.10", mapping those to real paths). Similarly, it's important to check that other arguments do not permit command injection, but the main vector here is the user input for executable.

Specific steps:

• In excutePythonRuntime(...) and associated API paths, do not use pythonPath from user input directly.
• Instead, maintain a hard-coded list of allowed interpreter paths (could be one path, like "python3").
• In the handler, either always use the default, or if you want to allow selection, only allow a field like pythonVersion: "python3"/"python3.10" and map that to hard-coded safe paths, not using raw user input.
• You will likely need to update the getExcuteArgs method and where it's called, passing a safe path instead of a user value.

Regions to change:

• The definition of excutePythonRuntime and calls to it in your controller, to remove user control of the executable path.
• Optional: If there's a reason to allow multiple versions, accept only an enumerated, mapped value.
• Remove or replace pythonPath wherever it comes from an untrusted source.

---

The best fix is to sanitize the user-provided graphSpace and graph variables before writing them into the Content-Disposition header. As recommended in the background section, this should be done by either escaping or filtering out CR (\r), LF (\n), and other special characters that could prematurely end the header or inject new headers. The simplest safe approach is to remove any characters except a limited safe subset (such as alphanumerics, dashes, underscores), or to replace dangerous characters with safe alternatives.

Implement a helper method (for example, sanitizeForHeader) that replaces or removes any characters that are not part of a safe set (such as [A-Za-z0-9-_]) from the input. Call this function on both graphSpace and graph before constructing fileName. Place the sanitization function in this class (since that's all the code provided). Apply the sanitized values to construct fileName. No new external dependencies are required.

All edits take place inside hugegraph-hubble/hubble-be/src/main/java/org/apache/hugegraph/controller/schema/SchemaController.java. Add the helper method for sanitization (above or near usage), and invoke it in the schemaGroovyExport() method on both graphSpace and graph arguments.

[github-actions]

Due to the lack of activity, the current pr is marked as stale and will be closed after 180 days, any update will remove the stale label