Implement Certificates feature#67
Conversation
|
Warning Review limit reached
More reviews will be available in 43 minutes and 59 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Repository: alphaonelabs/coderabbit/.coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (3)
WalkthroughThis PR implements end-to-end certificate support: a database table for persistence, backend endpoints for generation (with auth and enrollment validation) and retrieval (with decryption), activity page UI to trigger generation, and a standalone certificate display page with QR codes, sharing, and print-to-PDF. ChangesCertificate Issuance and Display
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds certificate issuance and verification support for completed activity enrollments, including persistence, API endpoints, and UI for generating/downloading certificates.
Changes:
- Adds
certificatestable + related index via schema + migration + runtime bootstrap. - Adds API endpoints to generate a certificate for an enrollment and to fetch certificate details by UUID.
- Adds UI in activity details to generate certificates and a new certificate page with print/PDF and share features.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| src/worker.py | Creates certificates table/index at startup and adds certificate generate/fetch APIs + routing. |
| schema.sql | Adds certificates table and index to the base schema. |
| migrations/0005_add_certificates.sql | Introduces migration to create certificates table and index. |
| public/activity.html | Adds certificate section in activity UI and calls certificate generation endpoint. |
| public/certificate.html | Adds certificate viewer/print page that fetches certificate details and renders QR/share links. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@public/certificate.html`:
- Around line 101-103: The <button id="download-btn"> currently lacks an
explicit type which can cause unintended form submission; update the button
element with type="button" (i.e., add the type attribute to the element with id
"download-btn") so it’s explicitly a non-submit button and defensive against
future wrapping in a <form>.
- Around line 197-200: The showError function currently assigns HTML into
document.getElementById('status').innerHTML which risks XSS; change it to set
the element's textContent to the message and apply the styling classes directly
(e.g., set element.className or use classList.add with "text-red-600
dark:text-red-400 font-semibold") so the visible styling is preserved without
injecting HTML; update the showError function to get the status element, set
statusEl.textContent = message, and then set statusEl.className (or classList)
accordingly.
In `@src/worker.py`:
- Around line 1556-1607: Replace the direct use of uuid.uuid4() in
api_generate_certificate with the project's helper new_id() for consistent ID
generation: change the creation of cert_uuid (currently cert_uuid =
str(uuid.uuid4())) to call new_id() so the rest of the insertion and response
logic (INSERT INTO certificates and returned cert_uuid) continue to work
unchanged; ensure you import or reference new_id() the same way other modules do
if not already available in this file.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository: alphaonelabs/coderabbit/.coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: 50d78876-72e2-47f4-a2a7-9a7127d96a83
⛔ Files ignored due to path filters (1)
migrations/0005_add_certificates.sqlis excluded by!**/migrations/**
📒 Files selected for processing (4)
public/activity.htmlpublic/certificate.htmlschema.sqlsrc/worker.py
Summary
This PR implements the Certificates feature. Students who complete an activity can generate a shareable, printable certificate of completion.
Changes
Database Schema
API Endpoints (src/worker.py)
Certificate Page (public/certificate.html)
Activity Page (public/activity.html)
Notes
Certificates Feature Implementation
This PR introduces a complete certificates feature enabling students to generate, view, and share printable completion certificates for finished activities.
Key Changes
Database & API Backend (
src/worker.py,schema.sql)certificatestable with unique enrollment-based records and automatic cleanup on enrollment deletionPOST /api/certificates/generate/:enrollment_id: Authenticated endpoint to issue certificates with idempotent behavior (returns 409 if already issued); validates enrollment completion and permission checksGET /api/certificates/:uuid: Public endpoint returning decrypted student name, activity title, and issue date for verificationenrollment.idto support frontend certificate generationFrontend Certificate Display (
public/certificate.html)Activity Integration (
public/activity.html)Impact