fix(console): add missing tls for queryParams in asset context

[mizhm]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the application's ability to manage and display TLS certificate information. It establishes a robust foundation on the backend with a new database view and a flexible API for querying TLS assets, supporting pagination, sorting, and various filters. On the frontend, it integrates these capabilities by adding a new 'TLS' tab to the assets page, complete with a faceted filter and a detailed table, providing users with a clear and interactive overview of their TLS certificates and their expiration statuses.

Highlights

• New TLS Assets Feature: Introduced a comprehensive feature for managing TLS assets, including a dedicated API endpoint, database view, and frontend components for display and filtering.
• Enhanced TLS Data Model: Expanded the GetTlsResponseDto with additional fields such as subject_cn, issuer_dn, tls_version, and cipher to provide more detailed certificate information.
• Faceted Filtering for TLS Hosts: Implemented a new TlsFacetedFilter component and integrated tlsHosts into the asset context, allowing users to filter assets based on TLS host information.
• Paginated TLS Assets API: Refactored the backend getManyTls service method to support pagination, sorting, and filtering of TLS certificates, moving away from a hard-coded 'expiring soon' logic.
• Dedicated TLS Assets View Entity: Created a TlsAssetsView TypeORM view entity to flatten and deduplicate TLS JSONB data from HTTP responses, optimizing it for efficient querying.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• console/src/pages/assets/components/faceted-filter.tsx
  • Imported useAssetsControllerGetTlsAssetsInfinite for fetching TLS assets.
  • Added a new TlsFacetedFilter component to enable filtering by TLS hosts.
• console/src/pages/assets/components/filter-form-infinite.tsx
  • Imported the new TlsFacetedFilter component.
  • Included 'tlsHosts' in the facets array to enable TLS host filtering.
  • Rendered the TlsFacetedFilter within the filter form.
• console/src/pages/assets/components/tls-assets-column.tsx
  • Added a new file to define the column structure for displaying TLS asset data.
  • Implemented an ExpiryBadge component to visually indicate certificate expiration status.
• console/src/pages/assets/components/tls-assets-tab.tsx
  • Added a new file to create the TlsAssetsTab component.
  • Integrated CollapsibleDataTable to display TLS assets using the new tlsAssetsColumn and useAssetsControllerGetTlsAssets hook.
• console/src/pages/assets/context/asset-context.tsx
  • Added tlsHosts property to AssetContextType and FilterParams interfaces.
  • Included tlsHosts in the queryParams and filterParams objects within the AssetProvider.
• console/src/pages/assets/list-assets.tsx
  • Imported the TlsAssetsTab component.
  • Added a new 'TLS' tab entry to the tabList for navigation.
• console/src/pages/dashboard/components/tls-expiration-table.tsx
  • Updated the useAssetsControllerGetTlsAssets hook call to pass an empty parameters object, aligning with the new API signature.
• console/src/services/apis/gen/queries.ts
  • Updated GetTlsResponseDto to include subject_cn, issuer_dn, tls_version, and cipher fields.
  • Defined AssetsControllerGetTlsAssetsParams for the new API query parameters.
  • Modified assetsControllerGetTlsAssets to accept query parameters.
  • Added useAssetsControllerGetTlsAssetsInfinite and associated query options/keys for infinite scrolling.
  • Updated useAssetsControllerGetTlsAssets to accept query parameters.
• core-api/src/modules/assets/assets.controller.ts
  • Imported GetTlsQueryDto for TLS asset queries.
  • Modified the getTlsAssets endpoint to accept GetTlsQueryDto as a query parameter.
  • Updated the API documentation description for getTlsAssets to reflect pagination and filtering support.
• core-api/src/modules/assets/assets.module.ts
  • Imported TlsAssetsView entity.
  • Added TlsAssetsView to the TypeOrmModule.forFeature array for database integration.
• core-api/src/modules/assets/assets.service.spec.ts
  • Imported TlsAssetsView for testing purposes.
  • Added a mock repository token for TlsAssetsView in the testing module configuration.
• core-api/src/modules/assets/assets.service.ts
  • Removed SortOrder import as it's no longer directly used in getManyTls.
  • Updated imports for GetTlsResponseDto and GetTlsQueryDto.
  • Imported TlsAssetsView entity.
  • Commented out old TlsRawData and TlsRawQueryItem interfaces.
  • Injected TlsAssetsView repository into the service constructor.
  • Added tlsHosts to the buildBaseQuery method and its whereBuilder for filtering.
  • Added a tlsAssets left join in buildBaseQuery to link with the new view.
  • Refactored getManyTls to utilize GetTlsQueryDto for dynamic pagination, sorting, and filtering.
  • Updated getManyTls to query the tls_assets_view and map the raw results to GetTlsResponseDto.
• core-api/src/modules/assets/dto/assets.dto.ts
  • Added an optional tlsHosts property to GetAssetsQueryDto for filtering.
• core-api/src/modules/assets/dto/get-faceted-data.dto.ts
  • Added a tlsHosts property to GetFacetedDataDTO.
• core-api/src/modules/assets/dto/tls.dto.ts
  • Updated GetTlsResponseDto with new properties: subject_cn, issuer_dn, tls_version, and cipher.
  • Extended GetTlsQueryDto with optional hosts and targetIds properties for filtering.
• core-api/src/modules/assets/entities/asset-services.entity.ts
  • Imported TlsAssetsView entity.
  • Added a OneToMany relationship for tlsAssets to AssetService.
• core-api/src/modules/assets/entities/tls-assets.entity.ts
  • Added a new file to define the TlsAssetsView TypeORM view entity.
  • Created a SQL expression for the view to flatten and deduplicate TLS data from http_responses.
  • Defined ViewColumn properties for various TLS certificate attributes.
  • Established a ManyToOne relationship with AssetService.
• worker/services/core-api/api.ts
  • Updated the GetTlsResponseDto interface to include new TLS certificate fields.
  • Modified the assetsControllerGetTlsAssets method to accept query parameters for filtering and pagination.

Activity

• The pull request introduces a new feature for managing TLS assets, requiring changes across multiple layers of the application.
• The backend API for TLS assets has been significantly refactored to support advanced querying capabilities.
• New frontend components have been developed to integrate the TLS asset data into the user interface, including a dedicated tab and filtering options.
• The data model for TLS certificates has been expanded to capture more detailed information.
• A new database view was created to optimize the retrieval and deduplication of TLS certificate data.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new feature for viewing and filtering TLS assets. It adds a new tab to the assets page, a faceted filter for TLS hosts, and the necessary backend support including a new API endpoint and a database view. While the new functionality is well-implemented, there are a few areas for improvement. The error handling in the new TLS assets tab is buggy. A significant performance regression has been introduced on the dashboard's TLS expiration table, which now fetches all assets and filters on the client. Additionally, navigation from the dashboard could be improved to leverage the new specific filters, and there's a minor naming inconsistency in a backend DTO that affects maintainability.

[gemini-code-assist]

This component now fetches all TLS assets and filters them on the client-side to find certificates that are expiring soon. This is a performance regression, as the previous API implementation handled this filtering on the backend. With a large number of TLS assets, this will be inefficient and could slow down the dashboard. The assetsControllerGetTlsAssets endpoint should be updated to support filtering by expiration date to resolve this.

[gemini-code-assist]

The error handling logic is incorrect. The condition !data && !isLoading will also be true for a successful response with an empty list of assets, causing an error message to be displayed to the user when it shouldn't. You should use the isError flag from the useAssetsControllerGetTlsAssets hook to correctly handle API errors.

  const { data, isLoading, isError } = useAssetsControllerGetTlsAssets(
    {
      page: queryParams.page,
      limit: queryParams.limit,
      sortBy: queryParams.sortBy,
      sortOrder: queryParams.sortOrder,
      search: queryParams.value,
      targetIds: queryParams.targetIds,
    },
    {
      query: {
        ...queryOptions.query,
        queryKey: ['tlsAssets', ...queryOptions.query.queryKey],
      },
    },
  );

  const tlsAssets = data?.data ?? [];
  const total = data?.total ?? 0;

  if (isError) return <div>Error loading TLS assets.</div>;

[gemini-code-assist]

The onRowClick handler navigates using a generic text filter. With the addition of TLS-specific filters, it would provide a better user experience to navigate directly to the TLS assets tab and apply the specific host filter. This will give the user a more focused view.

Suggested change

	onRowClick={(row) => navigate(`/assets?filter=${row.host}`)}
	onRowClick={(row) => navigate(`/assets?tab=tls&tlsHosts=${row.host}`)}

[gemini-code-assist]

For consistency and clarity, the hosts property in GetTlsQueryDto should be renamed to tlsHosts. This would align it with the naming in GetAssetsQueryDto and make its purpose of filtering TLS hosts more explicit. This change would also simplify the mapping logic in assets.service.ts.

Suggested change

	@IsOptional()
	@ApiProperty({ required: false, type: [String] })
	@IsArray()
	@IsString({ each: true })
	@Transform(({ value }): string[] =>
	Array.isArray(value) ? (value as string[]) : [value as string],
	)
	hosts?: string[];
	@IsOptional()
	@ApiProperty({ required: false, type: [String] })
	@IsArray()
	@IsString({ each: true })
	@Transform(({ value }): string[] =>
	Array.isArray(value) ? (value as string[]) : [value as string],
	)
	tlsHosts?: string[];

[Copilot]

Pull request overview

This PR expands TLS certificate support across the stack by introducing a TypeORM view for TLS assets, upgrading the /api/assets/tls endpoint to be paginated/filterable/sortable, and adding a new TLS tab + faceted filtering in the console assets UI.

Changes:

• Add tls_assets_view (TypeORM @ViewEntity) and wire it into AssetService relations and module registration.
• Replace the old “expiring soon” TLS endpoint behavior with a paginated, searchable, sortable TLS certificates listing.
• Add TLS tab + TLS host faceted filter in the console and update generated API clients/DTOs to include additional TLS fields.

Reviewed changes

Copilot reviewed 18 out of 18 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
worker/services/core-api/api.ts	Update worker-generated client types and TLS assets endpoint to accept query params.
core-api/src/modules/assets/entities/tls-assets.entity.ts	New TypeORM view entity flattening TLS JSONB into queryable columns.
core-api/src/modules/assets/entities/asset-services.entity.ts	Add tlsAssets relation from AssetService to the TLS view.
core-api/src/modules/assets/dto/tls.dto.ts	Expand TLS response shape; add TLS query DTO for filtering.
core-api/src/modules/assets/dto/get-faceted-data.dto.ts	Extend faceted DTO with tlsHosts.
core-api/src/modules/assets/dto/assets.dto.ts	Add tlsHosts filter to asset-service listing query DTO.
core-api/src/modules/assets/assets.service.ts	Join TLS view into base query and implement new paginated TLS listing logic.
core-api/src/modules/assets/assets.service.spec.ts	Update DI setup for the new TLS view repository.
core-api/src/modules/assets/assets.module.ts	Register TlsAssetsView in TypeORM module feature set.
core-api/src/modules/assets/assets.controller.ts	Accept TLS query params and forward to service.
console/src/services/apis/gen/queries.ts	Update console-generated client types/hooks for new TLS query params & response fields.
console/src/pages/dashboard/components/tls-expiration-table.tsx	Adapt dashboard TLS table to new query-enabled hook signature.
console/src/pages/assets/list-assets.tsx	Add a new “TLS” tab to the assets page.
console/src/pages/assets/context/asset-context.tsx	Add tlsHosts into shared assets filter context.
console/src/pages/assets/components/tls-assets-tab.tsx	New TLS assets tab that fetches and renders paginated TLS certificates.
console/src/pages/assets/components/tls-assets-column.tsx	Define TLS table columns and expiry badge rendering.
console/src/pages/assets/components/filter-form-infinite.tsx	Include TLS host facet in the filter form and “isFiltered” detection.
console/src/pages/assets/components/faceted-filter.tsx	Add TlsFacetedFilter using the TLS infinite query hook.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

TLS host filtering is applied twice: once via buildBaseQuery() (through tlsHosts) and again with the explicit andWhere on tlsAssets.host. Keeping both is redundant and makes it harder to reason about which params are actually in effect; it also risks diverging parameter names (:tlsHosts vs :tlsHostFilter). Consider relying on a single filter path.

Suggested change

	// Faceted host filter (query.hosts maps to tlsHosts in buildBaseQuery
	// via the whereBuilder, but GetTlsQueryDto uses `hosts` directly)
	if (query.hosts && query.hosts.length > 0) {
	qb.andWhere('"tlsAssets"."host" = ANY(:tlsHostFilter)', {
	tlsHostFilter: query.hosts,
	});
	}

[Copilot]

buildBaseQuery() now always left-joins asset_service.tlsAssets, which will affect all asset-service list queries even when TLS data isn't needed. Consider making this join conditional (only when query.tlsHosts is present or when building the TLS endpoint query) to avoid extra work and potential query-plan regressions on the main assets listing.

[Copilot]

There are large blocks of commented-out TypeScript interfaces left in the service. These add noise and can drift out of date; consider removing them entirely (or converting them to real types if they’re still needed).

[Copilot]

targetIds is validated as string[], but it is used to filter asset.targetId (UUIDs). To match the rest of the assets filters (e.g. GetAssetsQueryDto.targetIds), this should use @IsUUID(4, { each: true }) to prevent invalid IDs from reaching the query builder.

[Copilot]

The TLS assets request does not include the selected TLS-host facet (queryParams.tlsHosts). As a result, picking a “TLS Host” filter updates the URL/queryKey but won’t actually filter /api/assets/tls results. Consider mapping queryParams.tlsHosts into the API param (hosts as currently defined by GetTlsQueryDto, or rename the API to accept tlsHosts for consistency with the assets filters).

Suggested change

	targetIds: queryParams.targetIds,
	targetIds: queryParams.targetIds,
	hosts: queryParams.tlsHosts,

[Copilot]

The TLS host facet options are derived by mapping over certificate rows and can contain many duplicates (same host across multiple cert records/pages). Consider de-duplicating hosts in the select mapping (e.g., via a Set) so the faceted filter list is stable and doesn’t spam repeated options.

Suggested change

	return items
	.filter((e) => !!e.host)
	.map((e) => ({
	value: e.host?.toString() ?? '',
	label: e.host?.toString() ?? '',
	}));
	const seenHosts = new Set<string>();
	const options =
	items
	.filter((e) => !!e.host)
	.reduce<{ value: string; label: string }[]>((acc, e) => {
	const host = e.host?.toString() ?? '';
	if (!host || seenHosts.has(host)) {
	return acc;
	}
	seenHosts.add(host);
	acc.push({
	value: host,
	label: host,
	});
	return acc;
	}, []);
	return options;

[Copilot]

getManyTls() now has non-trivial behavior (workspace isolation via joins, pagination, sorting allowlist, text search, and deduplication). There are currently no unit/integration tests covering these behaviors, so regressions (e.g., incorrect filtering due to param name collisions) are easy to miss. Consider adding tests that assert filtering by targetIds/hosts/search and that pagination totals match the result set.

[Copilot]

baseQuery is built via { ...query, tlsHosts: query.hosts }, which also forwards hosts into buildBaseQuery() and unintentionally applies the asset service host filter (asset.value = ANY(:hosts)) in addition to the intended TLS-host filter. This can silently drop TLS rows when TLS host != asset service value. Consider omitting hosts from the forwarded object (or renaming the TLS query param to tlsHosts) and only setting tlsHosts when filtering TLS hosts.

Suggested change

	// Cast to GetAssetsQueryDto so we can forward targetIds / hosts filters.
	const baseQuery: GetAssetsQueryDto = { ...query, tlsHosts: query.hosts };
	// Cast to GetAssetsQueryDto so we can forward targetIds filters.
	const { hosts, ...restQuery } = query;
	const baseQuery: GetAssetsQueryDto = {
	...(restQuery as unknown as GetAssetsQueryDto),
	tlsHosts: hosts,
	};