Skip to content

Lab#6

Open
Rickank wants to merge 10 commits intomainfrom
LAB
Open

Lab#6
Rickank wants to merge 10 commits intomainfrom
LAB

Conversation

@Rickank
Copy link

@Rickank Rickank commented Dec 9, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • New Features

    • Interactive login and menu-driven interface to list moon missions, view mission details by ID, count missions by year, and create/update/delete user accounts.

  • Documentation

    • Added a “Review Assignment Due Date” badge to the README.

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link

coderabbitai bot commented Dec 9, 2025
edited
Loading

Walkthrough

Adds a README badge and implements a public run() method in Main that resolves DB config, tests DB connectivity, performs login validation, and provides a console menu with CRUD/query operations for moon missions and accounts.

Changes

Cohort / File(s) Summary
Documentation
README.md		 Inserted a "Review Assignment Due Date" badge as the first line of the README.
Core application entry point
src/main/java/com/example/Main.java		 Added public void run() implementing DB config resolution (env/props), pre-connection test, login validation (validateLogin()), and a console menu loop with operations: listMoonMissions(), getMissionById(), countMissionsByYear(), createAccount(), updateAccountPassword(), deleteAccount(). Replaced fine-grained JDBC imports with import java.sql.*, added Scanner for console I/O, and introduced user-facing SQL/error handling and input parsing messages. Public API: new run() method.

Sequence Diagram

sequenceDiagram
    actor User
    participant Main
    participant Database
    User->>Main: invoke run()
    Main->>Main: resolve DB config (env / props)
    Main->>Database: open/test connection
    Database-->>Main: OK / error
    Main->>User: prompt username/password
    User->>Main: submit credentials
    Main->>Database: validateLogin() SELECT account
    Database-->>Main: credentials match / no match
    alt Login success
        Main->>User: show menu
        loop Menu interaction
            User->>Main: select operation
            Main->>Database: perform SELECT/INSERT/UPDATE/DELETE
            Database-->>Main: result / confirmation
            Main->>User: display outcome
        end
    else Login failed
        Main->>User: report failure and exit
    end
Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

  • Review SQL parameterization and prevention of concatenated queries.
  • Verify resource closure: Connection, PreparedStatement/Statement, ResultSet in all paths.
  • Check login validation edge cases and error handling around DB connectivity and input parsing.

Poem

🐰 I hopped into code with a curious grin,
I found a DB gate and a menu to spin,
Missions and accounts in tidy rows,
I nibbled on SQL where the data grows,
Hop, run, connect — the rabbit shows!

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)
Check name Status Explanation Resolution
Title check ❓ Inconclusive The title 'Lab' is too vague and generic. It does not convey meaningful information about the specific changes made to the codebase. Use a more descriptive title that summarizes the main changes, such as 'Add interactive menu-driven database operations and login authentication' or 'Implement CRUD operations for moon missions and account management'.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage ✅ Passed Docstring coverage is 90.91% which is sufficient. The required threshold is 80.00%.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Dec 9, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (2)
src/main/java/com/example/Main.java (2)

3-3: Consider explicit imports instead of wildcard.

Wildcard imports (java.sql.*) reduce code clarity and can lead to ambiguity. Consider importing only the classes used: Connection, DriverManager, PreparedStatement, ResultSet, SQLException.

31-35: Empty connection test block loses diagnostic context.

The empty try block tests connectivity, but the exception wrap loses the original message context. Consider adding a descriptive error message.

         // Test connection
         try (Connection connection = DriverManager.getConnection(jdbcUrl, dbUser, dbPass)) {
+            // Connection successful
         } catch (SQLException e) {
-            throw new RuntimeException(e);
+            throw new RuntimeException("Failed to connect to database: " + e.getMessage(), e);
         }
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e629e94 and 0b38e92.

📒 Files selected for processing (2)
  • README.md (1 hunks)
  • src/main/java/com/example/Main.java (3 hunks)
🔇 Additional comments (6)
README.md (1)

1-1: LGTM!

Standard GitHub Classroom badge addition for assignment tracking.

src/main/java/com/example/Main.java (5)

103-117: LGTM!

Proper use of try-with-resources ensures resources are closed. PreparedStatement usage is consistent with other methods.

153-178: LGTM!

Proper parameterized query usage and error handling.

299-313: LGTM!

Configuration resolution logic is clean with clear precedence: system property → environment variable.

196-204: [Unable to verify - repository access failed]

279-297: Potential column mismatch: validateLogin queries name column, but createAccount's column usage needs verification.

validateLogin queries the account table's name column, while the review suggests createAccount only sets first_name and last_name. If newly created accounts don't have a name value populated, they cannot log in. Verify the account table schema and confirm how the name column is populated during account creation—whether it's explicitly set, auto-generated from other columns, or if there's an unrelated schema mismatch.

coderabbitai[bot]
coderabbitai bot reviewed Dec 9, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
src/main/java/com/example/Main.java (1)

102-116: Consider extracting connection creation to reduce duplication.

Each method creates its own Connection via DriverManager.getConnection(...). For a lab exercise this is fine, but for larger applications consider:

  • Storing credentials in instance fields after validation in run()
  • Using a helper method or connection pool

Example helper:

private Connection getConnection() throws SQLException {
    return DriverManager.getConnection(this.jdbcUrl, this.dbUser, this.dbPass);
}
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0b38e92 and aed701e.

📒 Files selected for processing (1)
  • src/main/java/com/example/Main.java (4 hunks)
🔇 Additional comments (7)
src/main/java/com/example/Main.java (7)

19-97: Well-structured entry point with proper resource handling.

The run() method follows a clear flow: config validation, connection test, login, then menu loop. Scanner is properly closed on all exit paths.

102-116: LGTM!

Proper use of try-with-resources for connection, statement, and result set. Query is static and safely executed.

134-142: Past feedback addressed - mission not found now reports appropriately.

The else branch at lines 139-141 provides clear feedback when no mission matches the given ID.

154-179: LGTM!

Parameterized query prevents SQL injection. The YEAR() function is MySQL-specific but appropriate given the project context.

237-242: Past feedback addressed - user not found now reports appropriately.

The else branch at lines 240-242 provides clear feedback when no account matches the given user_id.

267-272: Past feedback addressed - account not found now reports appropriately.

The else branch at lines 270-272 provides clear feedback when no account matches the given user_id.

284-292: Schema mismatch concern requires verification.

The validateLogin method at lines 284-292 queries name = ?, but without access to the actual account table schema and the createAccount method implementation, I cannot confirm whether this column exists or whether it's populated correctly.

Review the account table schema definition and the createAccount method to confirm:

  • Does the account table have a name column?
  • What columns does createAccount actually insert into?
  • If name doesn't exist, update the login query to use the correct existing column.

src/main/java/com/example/Main.java Outdated
Comment on lines +191 to +205
System.out.print("SSN: ");
String ssn = scanner.nextLine().trim();

System.out.print("Password: ");
String password = scanner.nextLine().trim();

String sql = "INSERT INTO account (first_name, last_name, ssn, password) VALUES (?, ?, ?, ?)";

try (Connection conn = DriverManager.getConnection(jdbcUrl, dbUser, dbPass);
PreparedStatement stmt = conn.prepareStatement(sql)) {

stmt.setString(1, firstName);
stmt.setString(2, lastName);
stmt.setString(3, ssn);
stmt.setString(4, password);
Copy link

@coderabbitai coderabbitai bot Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Security: Plaintext password and SSN storage.

Passwords should be hashed (e.g., bcrypt, Argon2) before storage. SSN is sensitive PII that should be encrypted at rest. While acceptable for a lab exercise, these practices would be critical security and compliance violations in production.

Consider at minimum for production code:

// Password hashing example (requires bcrypt library)
String hashedPassword = BCrypt.hashpw(password, BCrypt.gensalt());
stmt.setString(4, hashedPassword);
🤖 Prompt for AI Agents 
In src/main/java/com/example/Main.java around lines 191 to 205, the code stores
plaintext passwords and raw SSNs which is insecure; change the flow so the
password is hashed (e.g., bcrypt or Argon2 via a vetted library) before calling
stmt.setString(4, ...), and encrypt the SSN at rest (using a field-level
encryption library or an AEAD scheme with secure key management) before calling
stmt.setString(3, ...); ensure you never log plaintext values, use proper
salt/iterations provided by the hashing library, manage encryption keys via a
secrets manager, and update the DB schema/migrations to store hashed password
and encrypted ssn (and handle verification by hashing the login password and
decrypting/validating SSN only when necessary).

coderabbitai[bot]
coderabbitai bot reviewed Dec 9, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

♻️ Duplicate comments (4)
src/main/java/com/example/Main.java (4)

135-141: Add feedback when no mission is found for the given ID

If the query returns no rows, the user gets no output at all. Add an else branch after rs.next() to print a clear “mission not found” message so the user knows the ID didn’t match anything.

-                try (ResultSet rs = stmt.executeQuery()) {
-                    if (rs.next()) {
-                        System.out.println("Mission ID: " + rs.getLong("mission_id"));
-                        System.out.println("Spacecraft: " + rs.getString("spacecraft"));
-                        System.out.println("Launch Date: " + rs.getDate("launch_date"));
-                    }
-                }
+                try (ResultSet rs = stmt.executeQuery()) {
+                    if (rs.next()) {
+                        System.out.println("Mission ID: " + rs.getLong("mission_id"));
+                        System.out.println("Spacecraft: " + rs.getString("spacecraft"));
+                        System.out.println("Launch Date: " + rs.getDate("launch_date"));
+                    } else {
+                        System.out.println("No mission found with mission_id " + missionId);
+                    }
+                }

183-218: Security & UX in account creation (plaintext secrets and hidden username)

Two things to consider here:

  1. Security (major in real systems)

    • SSN and password are both stored as plaintext (ssn and password columns).
    • validateLogin later compares the password directly in SQL.
      For production‑style code, passwords should be hashed (bcrypt/Argon2, etc.) and SSN encrypted at rest; never log or store them in clear text. I realize this is a lab, but it’s good to at least mention this and possibly structure the code so swapping in a hasher/encrypter later is easy.

  2. UX: user doesn’t see the generated username
    You compute a username from first/last name but only print “Account created successfully”. The user has no direct confirmation of what username to use at login. Consider printing the username on successful creation, e.g.:

-            int rowsAffected = stmt.executeUpdate();
-            if (rowsAffected > 0) {
-                System.out.println("Account created successfully");
-            }
+            int rowsAffected = stmt.executeUpdate();
+            if (rowsAffected > 0) {
+                System.out.println("Account created successfully");
+                System.out.println("Your username is: " + username);
+            }

Also optional but helpful: validate that first/last name are non‑empty before generating the username to avoid empty or odd usernames.

240-244: Provide feedback when no account is updated (user_id not found)

If rowsAffected is 0, the user gets no message and can’t tell whether the user_id existed. Add an else branch to inform them that no account was found for the given ID.

-                int rowsAffected = stmt.executeUpdate();
-                if (rowsAffected > 0) {
-                    System.out.println("Password updated successfully");
-                }
+                int rowsAffected = stmt.executeUpdate();
+                if (rowsAffected > 0) {
+                    System.out.println("Password updated successfully");
+                } else {
+                    System.out.println("No account found with user_id " + userId);
+                }

268-271: Provide feedback when no account is deleted (user_id not found)

Same pattern as password update: when rowsAffected is 0 the user gets no confirmation that nothing was deleted. Add an else to indicate that the account was not found.

-                int rowsAffected = stmt.executeUpdate();
-                if (rowsAffected > 0) {
-                    System.out.println("Account deleted successfully");
-                }
+                int rowsAffected = stmt.executeUpdate();
+                if (rowsAffected > 0) {
+                    System.out.println("Account deleted successfully");
+                } else {
+                    System.out.println("No account found with user_id " + userId);
+                }
🧹 Nitpick comments (2)
src/main/java/com/example/Main.java (2)

9-14: Consider making main public for JVM entry point compatibility

If you intend to run this class directly with java com.example.Main, the main method must be declared public static void main(String[] args). Right now it’s package‑private, which the JVM won’t recognize as an entry point. If main is only called by some other framework/launcher, this can be left as is, but it’s worth double‑checking your run configuration.

39-52: Login failure UX: message suggests a choice but input is ignored

On invalid login, the code prints "0) Exit" then calls scanner.nextLine() and immediately returns, discarding the user input. This is misleading because typing any value produces the same result.

Either implement the suggested choice (e.g., loop to retry login vs exit) or change the message to "Press Enter to exit" to match the actual behavior.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between aed701e and 5d5f51f.

📒 Files selected for processing (1)
  • src/main/java/com/example/Main.java (5 hunks)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

At least 0 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Rickank