Skip to content

draft: Integrate grist databases into docs (Panographix - HackDays 2025) #1053

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 104 commits into from
Closed

draft: Integrate grist databases into docs (Panographix - HackDays 2025) #1053

wants to merge 104 commits into from

Conversation

matts2cant
Copy link

@matts2cant matts2cant commented Jun 5, 2025
edited
Loading

⚠️ This PR is a draft and needs to be cleaned ⚠️

Purpose

Merge the HackDays 2025 “database & charts” prototype into the public Docs repository to kick-start native data-driven capabilities (tables, charts, embeds) for civil-servant users while preserving Docs’ friendly UX.

Proposal

This PR introduces three custom blocks developed during HackDays 2025:

  1. <DatabaseBlock> – lets authors create a new Grist table or pick an existing one directly from the editor, then display and edit the data inline.
  2. <EmbedBlock> – safely embeds third-party content (maps, videos, etc.) via an iframe wrapper.
  3. <ChartsBlock> – renders configurable charts (bar, line, pie…) based on a Grist view the user selects.

Behind the scenes we rely on Grist as a lightweight backend, but the UI hides the Grist complexity so that non-technical agents can stay focused on their documents.

Known limitations / next steps

  • General cleanup of the code
  • Authentication: today we pass a hard-coded Grist API token (env var GRIST_TOKEN). We aim to fetch it via OIDC (ProConnect) before merge.
  • The <ChartsBlock> currently supports only one simple series and lacks style options. We'll probably end-up merging only the database and embed blocks first, then do charts in another PR.
  • Accessibility review (ARIA roles, colour contrast) still pending.

Screenshot

anaisberg and others added 30 commits June 2, 2025 11:25
🚧 create block
e96f495
💄 text and icons
d349a51
💄
ff1d0e6
@Clemsazert
✨ base style option for database in WIP
2c2e34f
🌐 translate database
ae0502e
🌐 subtitle
4b42fc0
@Clemsazert
✨ add database suggestion in advanced group
3abdb87
@anaisberg
Merge pull request #1 from Theodo-GovTech/feat-create-database-block
0f9d487 
feat(database): create database block
@Clemsazert
✨ useGristTable hook
67e29ff
@Clemsazert
✨ connection to existing table
822e9ad
@Clemsazert
♻️ null args handling in grist hooks
a2399da
@anaisberg
Merge pull request #3 from Theodo-GovTech/feat-grist-connector
6f61fe0 
Feat grist connector
📦 install ag-grid
2accc71
✨ display hardcoded grid
b5324fd
✨ sort columns
8d16170
✨ filter columns
376dad2
✨ edit cells
6448241
💄 automatic height
b81d4b7
✨ always show unsort icon
5389982
✨ add column button
46f27b1
♻️ extract add column button component
09132a4
♻️ extract grid component
33379c4
✨ add column to table
bd2d1b7
🐛 fix add second column
8529e19
🐛 close dropdown when adding a column
a55efd0
🔧 add env variable
c76ac2a
♻️ move table data inside grid component
e00ba5a
✨ format grist data for grid
ff18d4b
@Clemsazert
♻️ fix ag-grid package registry
e4582a8
@Clemsazert
♻️ remove logs in datagrid component
34b760a
anaisberg and others added 14 commits June 3, 2025 15:25
@anaisberg
Merge pull request #11 from Theodo-GovTech/feat-push-new-row-to-grist
33d4af9 
feat(database): push new row to grist
✨ edit cell in grist
a71b33f
@anaisberg
Merge pull request #12 from Theodo-GovTech/feat-edit-cell-in-grist
3dd3f3a 
feat(database): edit cell in grist
@Clemsazert
💄 revamp db source selector
42f31cb
@Clemsazert
🐛 set db block to non editable
dca4f02
@Clemsazert
Merge pull request #13 from Theodo-GovTech/source-selection-revamped
e2a7353 
Source selection revamped
@Clemsazert
✨ allow hiding create db option
0fdc5b0
@Clemsazert
Merge pull request #14 from Theodo-GovTech/optional-allow-create-sour…
bda7731 
…ce-in-selector

✨ allow hiding create db option
🐛 pin add row to bottom
7afa93d
🔇 delete log
609e4ff
@anaisberg
Merge pull request #16 from Theodo-GovTech/fix-add-row-sort
1032c81 
fix(database): add row sort
✨ add grist keywork for database
a263835
🌐 translate graph bloc
3ca2b45
@anaisberg
Merge pull request #18 from Theodo-GovTech/feat-add-grist-keyword
45182e7 
feat(chart): add grist keyword
@gitguardian GitGuardian
Copy link

gitguardian bot commented Jun 5, 2025
edited
Loading

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

Since your pull request originates from a forked repository, GitGuardian is not able to associate the secrets uncovered with secret incidents on your GitGuardian dashboard.
Skipping this check run and merging your pull request will create secret incidents on your GitGuardian dashboard.

🔎 Detected hardcoded secret in your pull request
GitGuardian id GitGuardian status Secret Commit Filename
- - Bearer Token 67e29ff src/frontend/apps/impress/src/api/gristApi.ts View secret
🛠 Guidelines to remediate hardcoded secrets

  1. Revoke and rotate the secret.

  2. If possible, rewrite git history with git commit --amend and git push --force.

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

@matts2cant
Copy link
Author

matts2cant commented Jun 5, 2025
edited
Loading

FYI, the API token detected by gitguardian was from a local grist install, this will of course be removed :)

@matts2cant matts2cant marked this pull request as draft June 5, 2025 12:12
@matts2cant
Copy link
Author

@virgile-dev @sampaccoud

Hi there ! We've freed-up time from @SimonClo who will help me get this PR cleaned-up and merge-ready.
We have a lot of cleaning to do, but there is 2 blocking points we need to address :

  • Right now the custom block asks the user for a Grist API token the first time he creates the database (not great UX). Long-term, we’d like to make this seamless and fetch the API token via OIDC/ProConnect. What is your take on this ? Do you know if that’s possible ? Can you point me to the right person on the Grist team ?
  • We’ve run into some CORS issues when implementing the feature. We worked around it by running Grist locally, but that’s going to be a problem in production. I see two possible solutions for now: either change Grist’s CORS policy, or have the Django backend act as a proxy to the Grist API. What do you think?

@sampaccoud
Copy link
Member

Hi @matts2cant The product owner in DINUM for Grist is @vviers and @jonathanperret worked both on Grist and on OIDC resource server in ProConnect. He is probably the good person to add resource server to Grist so we can create a project and read from our projects with a resource server token.

Regarding the CORS issue, we should probably treat it the same way and set the CORS header in Grist responses when answering to a resource server request...?

@virgile-dev
Copy link
Collaborator

Nice ! Thank you for creating the PR. It would be awesome to see this merged into Docs.

@SimonClo
Copy link

Hi @vviers, hi @jonathanperret,

Hope you're both doing well. Just following up to see if you’ve had a chance to review the two blocking points we mentioned regarding our Grist integration, and to get your input on the best way forward.

1. OIDC/ProConnect token:
Do you think it would be possible to add Grist as an OIDC resource server, so it can accept and validate tokens issued by ProConnect? If so, what would be the prerequisites or next steps to set this up?

2. CORS issue:
We’ve identified two potential approaches:

  • Update Grist’s CORS policy to allow requests from our domain(s), ideally when a valid OIDC token is present.
  • Use our Django backend as a proxy to relay requests to the Grist API.

From your perspective, which approach would be cleaner or more secure in the long term?

Thanks again for your help!

@vviers
Copy link

vviers commented Jun 12, 2025
edited
Loading

  1. OIDC/ProConnect token:
    Do you think it would be possible to add Grist as an OIDC resource server, so it can accept and validate tokens issued by ProConnect? If so, what would be the prerequisites or next steps to set this up?

Yes, absolutely possible and desirable. The way forward is to implement this in grist-core (https://github.com/gristlabs/grist-core) and have this merged :)

This is quite a big, security-heavy project so it might take some time to review, but I think @jonathanperret should be able to start working on this soon-ish (though you are more than welcomed to give it a whirl if you want)

This was referenced Jun 18, 2025
Draft
Draft
@SimonClo
Copy link

SimonClo commented Jun 18, 2025
edited
Loading

Thanks @vviers for your answer ! Regarding the CORS issue would you have an opinion on the subject ?

By the way, we are closing this PR because we have split it into two new ones:

We've decided to leave aside for the moment the charts block, which still needed a lot of rework.

@matts2cant
Copy link
Author

Closing this PR because we split it in two :

@matts2cant matts2cant closed this Jun 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Hack Days 2025
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@matts2cant @sampaccoud @virgile-dev @SimonClo @vviers @AntoLC @Clemsazert @anaisberg @ThomasMetzger