Solution to the issue #1367

[dsmandato]

What type of PR is this?

(REQUIRED)

• bug

What this PR does / why we need it:

(REQUIRED)

The current search engine does not behave well when dealing with Greek characters (and I suspect with any other special character).
I solved this by editing the file "item_predicates.go".
What it does:

• In the input field (normalizedSearch) converts any special character defined in "accentReplacements" variable, to a Latin one.
• In the data fields converts any special character defined in "accentReplacements" variable, to a Latin one.
  So the comparison is compatible.
  This can be later applied to other languages too, like for example in Cyrillic alphabet, by updating only the "accentReplacements" variable.

Which issue(s) this PR fixes:

(REQUIRED)

Fixes #1367

Summary by CodeRabbit

• Chores
  • Enhanced Docker Compose configuration with support for multi-platform containerized deployment across additional system architectures.

[coderabbitai]

Walkthrough

Adds a homebox service to docker-compose.yml.back with configuration for building from local Dockerfile, specifying build arguments COMMIT=head and BUILD_TIME, setting multi-platform targets, configuring debug environment variables, and exposing port 3100 to container port 7745.

Changes

Cohort / File(s)	Summary
Docker Service Configuration docker-compose.yml.back	Added new homebox service with build configuration from local Dockerfile, multi-platform build targets (linux/amd64, linux/arm64, linux/arm), build arguments, debug environment variables (HBOX_DEBUG=true, HBOX_LOGGER_LEVEL=-1), and port mapping (3100:7745).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Security Recommendations

⚠️ Debug Mode in Shared/Production Environments: The configuration sets HBOX_DEBUG=true and HBOX_LOGGER_LEVEL=-1. Ensure these debug-level settings are only used in development environments. For production deployments, these should be disabled to avoid exposing sensitive information through verbose logging.

Poem

🐳 A container springs to life today,
Docker Compose shows the way,
Multi-platform builds take flight,
Debug mode shines, burning bright—
Just remember, don't ship the light! 💡

🚥 Pre-merge checks | ✅ 1 | ❌ 4

❌ Failed checks (3 warnings, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description identifies the wrong file (item_predicates.go) when the actual changes are in docker-compose.yml.back, creating a significant mismatch between PR intent and actual changes.	Update the description to accurately reflect that docker-compose.yml.back was modified to add a homebox service configuration, or clarify if this PR contains unintended changes.
Linked Issues check	⚠️ Warning	The PR description claims to fix issue #1367 by modifying item_predicates.go to handle Greek characters, but the actual changes only add docker-compose configuration with no search normalization code.	Either add the required item_predicates.go modifications with character normalization logic, or clarify if this PR addresses a different objective related to the Docker setup.
Out of Scope Changes check	⚠️ Warning	The changes to docker-compose.yml.back adding a homebox service appear unrelated to the stated objective of fixing Greek character search handling in issue #1367.	Remove unrelated docker-compose changes or provide documentation explaining how the homebox service configuration resolves the search character issue.
Title check	❓ Inconclusive	The title 'Solution to the issue #1367' is vague and generic, failing to describe the actual changes made to the codebase.	Revise the title to clearly describe the main change, e.g., 'Handle Greek characters in search by normalizing special characters in item predicates'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

You can disable the changed files summary in the walkthrough.

Disable the reviews.changed_files_summary setting to disable the changed files summary in the walkthrough.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

docker-compose.yml.back (1)

18-19: Port mapping is correct but consider documenting.

The port mapping 3100:7745 correctly maps to the container's exposed port (confirmed in Dockerfile line 89). However, port 3100 is non-standard for web services.

For better developer experience, consider adding a comment explaining the port choice:

     ports:
+      # Host port 3100 chosen to avoid conflicts with common development ports
       - 3100:7745

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docker-compose.yml.back` around lines 18 - 19, The ports mapping entry
"3100:7745" under the ports section currently maps host port 3100 to container
port 7745; add a short inline comment next to that mapping explaining why host
port 3100 was chosen (e.g., non-standard port to avoid conflicts and to match
Dockerfile exposed port at line 89), so future developers understand the intent
and can change it safely.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docker-compose.yml.back`:
- Around line 1-19: The committed file docker-compose.yml.back appears to be a
backup copy of your compose file; remove it from version control (git rm
--cached docker-compose.yml.back or delete and commit) or rename it to a
descriptive dev file (e.g., docker-compose.dev.yml) and update any tooling that
references it; if you intend to keep a backup locally, add
docker-compose.yml.back to .gitignore; ensure the canonical compose file
(serving the homebox service) remains named docker-compose.yml so references to
the homebox service and its ports/args remain correct.
- Around line 7-9: Replace the placeholder build args COMMIT=head and
BUILD_TIME=0001-01-01T00:00:00Z used in the docker-compose build args with real,
traceable values: change the build integration that sets these args to inject
the git commit SHA and an ISO UTC build timestamp at build time (or make them
empty defaults and require consumers to pass them). Update the docker-compose
build invocation documentation or CI pipeline to show how to supply
GIT_COMMIT=$(git rev-parse HEAD) and BUILD_TIME=$(date -u +%Y-%m-%dT%H:%M:%SZ)
when running docker-compose build so containers are traceable.
- Around line 15-17: This docker-compose snippet exposes dangerous dev settings:
HBOX_DEBUG=true and HBOX_LOGGER_LEVEL=-1; mark this file clearly as
development-only by adding a top-of-file comment stating "DEVELOPMENT ONLY — do
not use in production", and change the environment defaults to safe values
(e.g., HBOX_DEBUG=false and HBOX_LOGGER_LEVEL=info or a numeric level >=0) or
wrap them to be overridden by runtime env vars (keep HBOX_DEBUG and
HBOX_LOGGER_LEVEL as the referenced symbols) so production deployments must
explicitly opt in to debug/verbose logging.

---

Nitpick comments:
In `@docker-compose.yml.back`:
- Around line 18-19: The ports mapping entry "3100:7745" under the ports section
currently maps host port 3100 to container port 7745; add a short inline comment
next to that mapping explaining why host port 3100 was chosen (e.g.,
non-standard port to avoid conflicts and to match Dockerfile exposed port at
line 89), so future developers understand the intent and can change it safely.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 4b4c4517-0b56-42d2-addc-85d88b083879

📥 Commits

Reviewing files that changed from the base of the PR and between 4cc5046 and 50e66f5.

⛔ Files ignored due to path filters (1)

• backend/internal/data/ent/item_predicates.go is excluded by !backend/internal/data/ent/**

📒 Files selected for processing (1)

• docker-compose.yml.back

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Why is a backup file being added to version control?

The .back filename suffix suggests this is a backup copy of docker-compose.yml. Backup files typically shouldn't be committed to version control as they:

• Create confusion about which file is authoritative
• Clutter the repository
• Can lead to accidentally using the wrong configuration

Consider:

• If this is for testing/development, use a descriptive name like docker-compose.dev.yml or docker-compose.debug.yml
• If it's truly a backup, exclude it from version control via .gitignore
• If it's meant to replace the main compose file, rename it appropriately

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docker-compose.yml.back` around lines 1 - 19, The committed file
docker-compose.yml.back appears to be a backup copy of your compose file; remove
it from version control (git rm --cached docker-compose.yml.back or delete and
commit) or rename it to a descriptive dev file (e.g., docker-compose.dev.yml)
and update any tooling that references it; if you intend to keep a backup
locally, add docker-compose.yml.back to .gitignore; ensure the canonical compose
file (serving the homebox service) remains named docker-compose.yml so
references to the homebox service and its ports/args remain correct.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Placeholder build metadata makes images untraceable.

The build arguments use placeholder values that defeat their purpose:

• COMMIT=head is not a real commit SHA
• BUILD_TIME=0001-01-01T00:00:00Z is a zero timestamp

These make it impossible to:

• Trace which code version is running in the container
• Debug issues by correlating container behavior with source code
• Track when builds were created

🔧 Suggested fix

If this is for local development, dynamically inject real values:

       args:
-        - COMMIT=head
-        - BUILD_TIME=0001-01-01T00:00:00Z
+        - COMMIT=${GIT_COMMIT:-$(git rev-parse HEAD)}
+        - BUILD_TIME=${BUILD_TIME:-$(date -u +"%Y-%m-%dT%H:%M:%SZ")}

Or document that developers should override these at build time:

GIT_COMMIT=$(git rev-parse HEAD) BUILD_TIME=$(date -u +"%Y-%m-%dT%H:%M:%SZ") docker-compose build

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docker-compose.yml.back` around lines 7 - 9, Replace the placeholder build
args COMMIT=head and BUILD_TIME=0001-01-01T00:00:00Z used in the docker-compose
build args with real, traceable values: change the build integration that sets
these args to inject the git commit SHA and an ISO UTC build timestamp at build
time (or make them empty defaults and require consumers to pass them). Update
the docker-compose build invocation documentation or CI pipeline to show how to
supply GIT_COMMIT=$(git rev-parse HEAD) and BUILD_TIME=$(date -u
+%Y-%m-%dT%H:%M:%SZ) when running docker-compose build so containers are
traceable.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Security concern: Debug mode enabled.

The configuration enables debug mode (HBOX_DEBUG=true) and sets maximum verbosity logging (HBOX_LOGGER_LEVEL=-1). While appropriate for development, if this configuration is accidentally used in production:

Security risks:

• Debug output may expose sensitive information (credentials, API keys, PII, internal paths)
• Debug endpoints might bypass authentication/authorization checks
• Verbose logging can expose detailed application internals to attackers

Operational risks:

• Trace-level logging can rapidly fill disk space
• Performance degradation from excessive logging I/O

Since the filename suggests this might be a backup/alternative configuration, clearly document this is development-only to prevent accidental production use.

📋 Recommendation

Add a comment at the top of the file:

+# DEVELOPMENT ONLY - DO NOT USE IN PRODUCTION
+# Debug mode and verbose logging enabled for local testing
 services:
   homebox:

Or use environment variable overrides that default to safe values:

     environment:
-      - HBOX_DEBUG=true
-      - HBOX_LOGGER_LEVEL=-1
+      - HBOX_DEBUG=${HBOX_DEBUG:-false}
+      - HBOX_LOGGER_LEVEL=${HBOX_LOGGER_LEVEL:-0}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	environment:
	- HBOX_DEBUG=true
	- HBOX_LOGGER_LEVEL=-1
	environment:
	- HBOX_DEBUG=${HBOX_DEBUG:-false}
	- HBOX_LOGGER_LEVEL=${HBOX_LOGGER_LEVEL:-0}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docker-compose.yml.back` around lines 15 - 17, This docker-compose snippet
exposes dangerous dev settings: HBOX_DEBUG=true and HBOX_LOGGER_LEVEL=-1; mark
this file clearly as development-only by adding a top-of-file comment stating
"DEVELOPMENT ONLY — do not use in production", and change the environment
defaults to safe values (e.g., HBOX_DEBUG=false and HBOX_LOGGER_LEVEL=info or a
numeric level >=0) or wrap them to be overridden by runtime env vars (keep
HBOX_DEBUG and HBOX_LOGGER_LEVEL as the referenced symbols) so production
deployments must explicitly opt in to debug/verbose logging.