Add documentation to authenticate Ably client

[liberocks]

Frontend shouldn't expose API key. Alternatively, it should use token that is generated by the backend.

Summary by CodeRabbit

• New Features

  • Introduced a secure, dynamic token authentication mechanism that fetches tokens from a backend service, replacing the static API key and enhancing error handling.

• Documentation

  • Updated the guidelines to include best practices for token generation along with a reference link for further details.

[coderabbitai]

Walkthrough

The update introduces a new method for establishing a connection to Ably using an authCallback function, which fetches a token from a backend URL asynchronously. This replaces the previous implementation that used a hardcoded API key, enhancing security by preventing sensitive information exposure. The documentation in docs/react.md has been updated to reflect this change, including best practices for token generation and links to additional resources.

Changes

File	Change Summary
docs/react.md	- Introduced authCallback method for token fetching instead of hardcoded API key. - Enhanced documentation with best practices for secure token usage and reference links.

Sequence Diagram(s)

sequenceDiagram
    participant Client as Ably.Realtime Client
    participant Backend as Token Service

    Client->>+Backend: Invoke authCallback (fetch token)
    Backend-->>-Client: Return token or error
    alt Successful token retrieval
        Client->>Client: Establish connection with token
    else Error fetching token
        Client->>Client: Handle error
    end

Loading

Poem

I'm a rabbit, swift and neat,
Hopping through code on nimble feet.
Tokens fetched in a secure dance,
Giving keys a safer chance.
With a twitch of my nose, errors disappear—
A bunny's code is bright and clear!
🐇💻 Hop along with secure cheer!

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro (Legacy)

📥 Commits

Reviewing files that changed from the base of the PR and between 7611f03 and 2b35bce.

📒 Files selected for processing (1)

• docs/react.md (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• docs/react.md

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

docs/react.md (2)

54-54: Improve Explanatory Text Phrasing
Consider adding a comma after “Alternatively” for improved clarity. For example, “Alternatively, you can use the auth callback…” reads more naturally.

🧰 Tools

🪛 LanguageTool

[typographical] ~54-~54: Consider adding a comma after ‘Alternatively’ for more clarity.
Context: ...the client app isn't the best practice. Alternatively you can use the auth callback to provid...

(RB_LY_COMMA)

---

86-86: Enhance Documentation Grammar
On line 86, consider adding a comma after "token generation" to improve readability. For example: “More about token generation, please refer to this documentation.”

🧰 Tools

🪛 LanguageTool

[typographical] ~86-~86: Consider adding a comma here.
Context: ...er>, ); ``` More about token generation please refer to this [documentation](https://a...

(PLEASE_COMMA)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a7d8181 and a1aecd4.

📒 Files selected for processing (1)

• docs/react.md (1 hunks)

🧰 Additional context used

🪛 LanguageTool

docs/react.md

[typographical] ~54-~54: Consider adding a comma after ‘Alternatively’ for more clarity.
Context: ...the client app isn't the best practice. Alternatively you can use the auth callback to provid...

(RB_LY_COMMA)

---

[typographical] ~86-~86: Consider adding a comma here.
Context: ...er>, ); ``` More about token generation please refer to this [documentation](https://a...

(PLEASE_COMMA)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

docs/react.md (3)

54-54: Enhance Documentation Clarity

Consider adding a comma after "Alternatively" for improved readability. For example, changing the line to:
"However, exposing API key in the client app isn't the best practice. Alternatively, you can use the auth callback to provide the token needed to establish the connection."

🧰 Tools

🪛 LanguageTool

[typographical] ~54-~54: Consider adding a comma after ‘Alternatively’ for more clarity.
Context: ...the client app isn't the best practice. Alternatively you can use the auth callback to provid...

(RB_LY_COMMA)

---

55-84: Improve Auth Token Fetching in the Ably Client Configuration

The new auth callback implementation successfully removes the hardcoded API key and correctly uses asynchronous fetching with await response.json(). A couple of suggestions:

• HTTP Response Validation: Before parsing the JSON, consider checking whether the HTTP response was successful. This could prevent unexpected issues if the backend returns an error status. For example:

-      const response = await fetch(BACKEND_URL, {
-        method: "POST",
-      });
-      token = await response.json(); // adjust it based on your backend data structure
+      const response = await fetch(BACKEND_URL, {
+        method: "POST",
+      });
+      if (!response.ok) {
+        throw new Error(`Token fetch failed: ${response.statusText}`);
+      }
+      token = await response.json(); // adjust according to your backend data structure

• Error Handling: The callback in the catch block correctly passes the error message to the auth callback. Ensuring robust error handling here helps prevent the client from attempting to connect with an invalid or missing token.

Overall, the implementation clearly improves security by preventing direct exposure of the API key.

---

86-86: Refine Punctuation in the Documentation Link

Consider adding a comma to improve clarity in the sentence. For example, change:
"More about token generation please refer to this documentation"
to
"More about token generation, please refer to this documentation".

🧰 Tools

🪛 LanguageTool

[typographical] ~86-~86: Consider adding a comma here.
Context: ...er>, ); ``` More about token generation please refer to this [documentation](https://a...

(PLEASE_COMMA)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro (Legacy)

📥 Commits

Reviewing files that changed from the base of the PR and between a1aecd4 and 7611f03.

📒 Files selected for processing (1)

• docs/react.md (1 hunks)

🧰 Additional context used

🪛 LanguageTool

docs/react.md

[typographical] ~54-~54: Consider adding a comma after ‘Alternatively’ for more clarity.
Context: ...the client app isn't the best practice. Alternatively you can use the auth callback to provid...

(RB_LY_COMMA)

---

[typographical] ~86-~86: Consider adding a comma here.
Context: ...er>, ); ``` More about token generation please refer to this [documentation](https://a...

(PLEASE_COMMA)