Added user location, resorting to IP if it can't get the location#167
Conversation
|
Warning Review limit reached
Next review available in: 39 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. 📝 WalkthroughWalkthroughSession creation now stores IP-derived region and country data, exposes it through active-session APIs, and displays it in the topbar. Database migrations add session fields and form-related tables. Toast styling, PostHog error suppression, and a late-night greeting are also updated. ChangesSession location flow
Form persistence schema
Application behavior adjustments
Estimated code review effort: 3 (Moderate) | ~20 minutes Sequence Diagram(s)sequenceDiagram
participant SessionCreation
participant Ipapi
participant Database
participant SessionsAPI
participant Topbar
SessionCreation->>Ipapi: Request IP geolocation
Ipapi-->>SessionCreation: Return country and region
SessionCreation->>Database: Persist session location
SessionsAPI->>Database: Query active sessions
Database-->>SessionsAPI: Return session location
SessionsAPI-->>Topbar: Return active sessions
Topbar->>Topbar: Render location or IP fallback
Possibly related PRs
Suggested reviewers: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 2
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
utils/session.ts (1)
117-137: 🩺 Stability & Availability | 🔴 Critical | ⚡ Quick winUnhandled external call to ipapi.co can block all logins.
The
axios.getcall has no try/catch and no timeout. If ipapi.co is down, rate-limited (free tier: 1,000 req/day), or slow, the rejection propagates andcreateSessionfails — users cannot log in. Geolocation is supplementary; it should never be a hard dependency of session creation.🔒 Proposed fix: wrap geolocation in try/catch with timeout
const rawToken = generateToken(); - const info = await axios.get<IpapiRes>('https://ipapi.co/json'); - + let country: string | undefined; + let region: string | undefined; + try { + const info = await axios.get<IpapiRes>('https://ipapi.co/json', { + timeout: 5000, + }); + country = info.data.country_name; + region = info.data.region; + } catch { + // Geolocation is optional; fall back to IP address display + } + const { browser, os, device } = parseUA(userAgent) const session = await prisma.authSession.create({ data: { id: crypto.randomUUID(), token: hashToken(rawToken), userId, expiresAt: new Date( Date.now() + 7 * 24 * 60 * 60 * 1000 ), ipAddress: encrypt(ipAddress), userAgent: encrypt(userAgent), browser, os, device, - country: info.data.country_name, - region: info.data.region + country, + region },🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@utils/session.ts` around lines 117 - 137, Update createSession around the axios.get geolocation request to use a bounded timeout and catch failures from ipapi.co. Treat geolocation as optional by falling back to unset country and region values, then continue creating the Prisma auth session even when the external request fails.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@components/topbar.tsx`:
- Line 351: Update the location display expression in the topbar session
rendering so it uses any available geolocation field, showing country and region
when both exist and the available field when only one exists; fall back to the
IP address only when neither country nor region is available.
In `@utils/session.ts`:
- Line 119: Update the axios request in createSession to query ipapi.co using
the received ipAddress rather than the server’s own location. If ipAddress is
absent, skip the geolocation lookup and preserve safe handling for country and
region values.
---
Outside diff comments:
In `@utils/session.ts`:
- Around line 117-137: Update createSession around the axios.get geolocation
request to use a bounded timeout and catch failures from ipapi.co. Treat
geolocation as optional by falling back to unset country and region values, then
continue creating the Prisma auth session even when the external request fails.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 99c07dee-8656-42c0-b75e-d8cd485963f3
📒 Files selected for processing (9)
components/topbar.tsxpages/_app.tsxpages/api/user/sessions/index.tsprisma/migrations/20260713091923_added_locations/migration.sqlprisma/migrations/20260713092345_changed_to_region/migration.sqlprisma/schema.prismautils/database.tsutils/randomText.tsutils/session.ts
| const rawToken = generateToken() | ||
| const rawToken = generateToken(); | ||
|
|
||
| const info = await axios.get<IpapiRes>('https://ipapi.co/json'); |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
git ls-files utils/session.tsRepository: PlanetaryOrbit/orbit
Length of output: 175
🏁 Script executed:
ast-grep outline utils/session.ts --view expandedRepository: PlanetaryOrbit/orbit
Length of output: 1099
🏁 Script executed:
cat -n utils/session.ts | sed -n '1,220p'Repository: PlanetaryOrbit/orbit
Length of output: 6195
🏁 Script executed:
rg -n "createSession\(" -S .Repository: PlanetaryOrbit/orbit
Length of output: 679
🏁 Script executed:
cat -n pages/api/auth/login.ts | sed -n '140,190p'Repository: PlanetaryOrbit/orbit
Length of output: 2125
🏁 Script executed:
cat -n pages/api/auth/discord/callback.ts | sed -n '145,175p'Repository: PlanetaryOrbit/orbit
Length of output: 1260
🏁 Script executed:
cat -n pages/api/auth/google/callback.ts | sed -n '155,185p'Repository: PlanetaryOrbit/orbit
Length of output: 1150
🏁 Script executed:
cat -n pages/api/auth/roblox/callback.ts | sed -n '145,175p'Repository: PlanetaryOrbit/orbit
Length of output: 1170
🏁 Script executed:
cat -n pages/api/auth/signup/finish.ts | sed -n '75,105p'Repository: PlanetaryOrbit/orbit
Length of output: 1241
🏁 Script executed:
cat -n pages/api/setupworkspace.ts | sed -n '115,135p'Repository: PlanetaryOrbit/orbit
Length of output: 1323
Use the request IP for the geolocation lookup
createSession already receives the client IP from its callers, but ipapi.co/json still geolocates the server. Pass ipAddress into the URL here (or skip the lookup when it’s missing) so country/region match the user instead of the datacenter.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@utils/session.ts` at line 119, Update the axios request in createSession to
query ipapi.co using the received ipAddress rather than the server’s own
location. If ipAddress is absent, skip the geolocation lookup and preserve safe
handling for country and region values.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Summary by CodeRabbit
New Features
UI Improvements
Bug Fixes