Skip to content

BREAKING CHANGE(hubble): introduce new version V2#632

Merged
imbajin merged 68 commits into
apache:masterfrom
FrostyHec:hubble2.0
Jul 12, 2026
Merged

BREAKING CHANGE(hubble): introduce new version V2#632
imbajin merged 68 commits into
apache:masterfrom
FrostyHec:hubble2.0

Conversation

@FrostyHec

@FrostyHec FrostyHec commented Oct 20, 2024

Copy link
Copy Markdown
Collaborator

📌 Background & Motivation

Apache HugeGraph Hubble 2.0 is a major platform evolution aimed at modernizing the web UI, streamlining backend services, aligning core client drivers, and establishing robust continuous integration gates.

This PR consolidates 370+ fragmented historic commits into a linear sequence of 47 clean, Conventional-compliant commits. It purges legacy modules, introduces React + TS foundations, stabilizes E2E automation pipelines, and enforces license and quality metrics.


🛠️ Key Architectural Changes

The integration flow of Hubble 2.0 components can be represented below:

graph TD
    subgraph "Hubble 2.0 Web UI (hubble-fe)"
        FE_Pages["React + TS UI Components <br>(i18n / canvas / scheduler)"]
    end

    subgraph "Hubble 2.0 Backend (hubble-be)"
        BE_Controller["MVC Controllers <br>(auth / algorithm / task)"]
        BE_Service["GraphsService / SchemaService"]
        BE_H2["Metadata Database (H2)"]
    end

    subgraph "Client Layer (hugegraph-client)"
        HG_Client["HugeClient (BuilderFacade)"]
    end

    subgraph "Core Graph Engine"
        HG_Server["HugeGraph Server"]
    end

    %% Flow Relationships
    FE_Pages -- "Rest API Requests" --> BE_Controller
    BE_Controller -- "Persist State" --> BE_H2
    BE_Controller -- "Manage & Coordinate" --> BE_Service
    BE_Service -- "Interact" --> HG_Client
    HG_Client -- "Gremlin / Schema API" --> HG_Server
Loading

📝 Major Change Dimensions

1. Frontend Retirement & Modernization (hubble-fe)

  • Legacy Cleanups: Purged the obsolete hubble-fe-old directories (~50k lines of legacy code retired) to reduce package sizes and maintenance overhead.
  • i18n & Localization: Standardized internationalization properties (zh-CN / en-US) across core workspaces (Olap components, import scheduler, vertex/edge modals, task panels).
  • UI Stabilization: Refactored topological canvas controls, fixed double-triggering modal state resets during datasource creation, and localized canvas tooltips.

2. Backend Restructuring & API Alignment (hubble-be)

  • Facade Simplification: Re-aligned GraphsService interface signatures to rely strictly on the standard HugeClient API instead of outdated custom wrappers.
  • Security & Auth: Hardened role-authorization configurations to guard protected endpoints, supporting SaaS integrations, LangChain orchestration parameters, and Operator environments.
  • Data Safety: Implemented strict, explicit confirmation gates for all destructive graph operations (such as graph clears and async drop tasks).

3. CI/CD Pipeline & Quality Gates

  • Checkstyle Enforced: Re-enabled strict style compliance gates (tools/checkstyle.xml) to prevent format regressions on backend source files.
  • License Audit: Restored complete license header compliance audits for all build targets.
  • Automated E2E Testing: Established fully automated Playwright browser smoke tests running against local test containers.

🚀 Execution Logic: Local E2E Smoke Testing Workflow

The diagram below outlines the automated validation pipeline executed before release packaging:

[GitHub CI / Local JDK11]
           │
           ▼ (mvn package -P unit-test)
┌────────────────────────────────────────┐
│      1. Compile & Checkstyle Audit      │
└────────────────────────────────────────┘
           │
           ▼ (Install Playwright Chromium)
┌────────────────────────────────────────┐
│      2. Start Hubble Server & H2       │ ◄── [Set active session to 48h]
└────────────────────────────────────────┘
           │
           ▼
┌────────────────────────────────────────┐
│   3. Spin up HugeGraph Server (Auth)   │
└────────────────────────────────────────┘
           │
           ▼ (Inject Mock Graphs)
┌────────────────────────────────────────┐
│   4. Run Playwright E2E Test Suite     │
│      - Create connection               │
│      - Execute Gremlin shortest-path   │
│      - Verify UI graph topology canvas │
└────────────────────────────────────────┘
           │
           ▼ (Teardown)
[Clean System Containers]

🔍 Verification & Evidence Reference

  • Compiles Successfully: Checked local build consistency:
    mvn clean install -DskipTests -Dmaven.javadoc.skip=true -ntp
  • Contract Tests: Verified SessionTimeoutConfigTest for session token expiration and SchemaServiceViewTest for schema controller assertions:
    mvn test -P unit-test -pl hugegraph-hubble/hubble-be -ntp
  • Git Tree Cleanliness: Verified no codebase divergence against current hubble2 branch:
    git diff hubble2 github-desktop-FrostyHec/hubble2.0
    (Returned empty diff, confirming complete parity)

@dosubot dosubot Bot added the size:XXL This PR changes 1000+ lines, ignoring generated files. label Oct 20, 2024
@github-actions github-actions Bot added the hubble hugegraph-hubble label Oct 20, 2024
@dosubot dosubot Bot added dependencies Pull requests that update a dependency file hubble-be labels Oct 20, 2024
@imbajin imbajin changed the title [WIP] feat(hubble): Upgrading Hubble to new version BREAKING CHANGE(hubble): upgrade to new version 2.0 [WIP] Oct 20, 2024
@github-actions

Copy link
Copy Markdown

Due to the lack of activity, the current pr is marked as stale and will be closed after 180 days, any update will remove the stale label

@github-actions

github-actions Bot commented Jan 1, 2025

Copy link
Copy Markdown

Due to the lack of activity, the current pr is marked as stale and will be closed after 180 days, any update will remove the stale label

public class HugeGraphHubble extends SpringBootServletInitializer {

public static void main(String[] args) {
System.out.println("user.dir ==> " + System.getProperty("user.dir"));

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

log replace system.out

public static void main(String[] args) {
System.out.println("user.dir ==> " + System.getProperty("user.dir"));
initEnv();
TimeZone.setDefault(TimeZone.getTimeZone(ZoneOffset.of("+8")));

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the zone default +8 should set by config, because the repo not only use in china

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some. infra cant auto transform zone, so maybe wo shouldn't set default zone

HttpServletResponse servletResponse,
HttpRequest proxyRequest) throws IOException {
String username =
(String) servletRequest.getSession().getAttribute("username");

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

magic

@PostMapping("/login")
public Object login(@RequestBody Login login) {
// Set Expire: 1 Month
login.expire(60 * 60 * 24 * 30);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the expire time should been configed

//
//@RestController
//@RequestMapping(Constant.API_VERSION + "audits")
//public class AuditController extends BaseController {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

delete the file

@GetMapping
public Object monitor() {
String monitorURL = null;
// Get monitor.url from system.env

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. first env
  2. config file

@github-actions github-actions Bot removed the inactive label Mar 17, 2025
@imbajin imbajin requested a review from Copilot March 30, 2025 11:49

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR upgrades Hubble to a new major version with breaking changes and configuration updates while streamlining several controllers and configurations. Key changes include adding a new Olap algorithm controller, removal of GraphConnectionController, and various configuration and constant updates (such as the API version and controller package).

Reviewed Changes

Copilot reviewed 943 out of 944 changed files in this pull request and generated no comments.

Show a summary per file
File Description
hugegraph-hubble/hubble-be/src/main/java/org/apache/hugegraph/controller/algorithm/OlapAlgoController.java New controller added for OLAP algorithms.
hugegraph-hubble/hubble-be/src/main/java/org/apache/hugegraph/controller/SettingController.java Minor import adjustments.
hugegraph-hubble/hubble-be/src/main/java/org/apache/hugegraph/controller/GraphConnectionController.java Entire file removed – potential impact on connection handling.
hugegraph-hubble/hubble-be/src/main/java/org/apache/hugegraph/controller/BaseController.java New session and authentication helper methods added.
hugegraph-hubble/hubble-be/src/main/java/org/apache/hugegraph/controller/AboutController.java Updated version and commented-out legacy license code.
hugegraph-hubble/hubble-be/src/main/java/org/apache/hugegraph/config/* Various configuration and proxy servlet improvements.
hugegraph-hubble/hubble-be/src/main/java/org/apache/hugegraph/common/Constant.java Controller package and API version updated.
hugegraph-hubble/hubble-be/src/main/java/org/apache/hugegraph/HugeGraphHubble.java Environment initialization updates (e.g., default timezone).
Files not reviewed (1)
  • hugegraph-hubble/hubble-be/pom.xml: Language not supported
Comments suppressed due to low confidence (3)

hugegraph-hubble/hubble-be/src/main/java/org/apache/hugegraph/config/IngestionProxyServlet.java:59

  • The unauthorized response returns HTTP 200 with a JSON body indicating a 401 status. To clearly signal unauthorized access, consider setting the HTTP status code to 401 (e.g., using HttpServletResponse.SC_UNAUTHORIZED).
HttpResponse response =  new BasicHttpResponse(HttpVersion.HTTP_1_1, Constant.STATUS_OK, "{\"status\": 401}");

hugegraph-hubble/hubble-be/src/main/java/org/apache/hugegraph/common/Constant.java:41

  • The controller package has been changed from 'org.apache.hugegraph.controller' to 'com.baidu.hugegraph.controller'. Please verify that this change is intentional and does not break existing client integrations.
public static final String CONTROLLER_PACKAGE = "com.baidu.hugegraph.controller";

hugegraph-hubble/hubble-be/src/main/java/org/apache/hugegraph/controller/GraphConnectionController.java:1

  • GraphConnectionController has been removed entirely; please confirm that this removal is intentional and that any functionality dependent on this controller has been appropriately addressed.
/* File removal */

@github-actions

Copy link
Copy Markdown

Due to the lack of activity, the current pr is marked as stale and will be closed after 180 days, any update will remove the stale label

@akeyz

akeyz commented Jul 7, 2025

Copy link
Copy Markdown

你好,请问新版本上线了吗?这个问题得到修复了嘛?

@imbajin

imbajin commented Jul 7, 2025

Copy link
Copy Markdown
Member

你好,请问新版本上线了吗?这个问题得到修复了嘛?

还没有, 我们尽快推进恢复这个 PR, 已经 90% 进度了 (也有一个可直接运行的二进制包)

@github-actions github-actions Bot removed the inactive label Jul 7, 2025
@akeyz

akeyz commented Jul 8, 2025

Copy link
Copy Markdown

你好,请问新版本上线了吗?这个问题得到修复了嘛?

还没有, 我们尽快推进恢复这个 PR, 已经 90% 进度了 (也有一个可直接运行的二进制包)

你好,这个可运行的二进制包在哪边可以下载到?方便给一下链接么?谢谢。

@imbajin

imbajin commented Jul 11, 2025

Copy link
Copy Markdown
Member

你好,请问新版本上线了吗?这个问题得到修复了嘛?

还没有, 我们尽快推进恢复这个 PR, 已经 90% 进度了 (也有一个可直接运行的二进制包)

你好,这个可运行的二进制包在哪边可以下载到?方便给一下链接么?谢谢。

@akeyz (遵循 ASF 规范, 非正式发版不能公开二进制) 这个只能在内测渠道获取, 可以加公众号管理员联系 ~

@dosubot dosubot Bot added the size:L This PR changes 100-499 lines, ignoring generated files. label Jul 11, 2026
}
deepMerge(target[key], value);
} else {
target[key] = value;

Check warning

Code scanning / CodeQL

Prototype-polluting function Medium

Properties are copied from
source
to
target
without guarding against prototype pollution.
@imbajin imbajin changed the title BREAKING CHANGE(hubble): upgrade to new version 2.0 [WIP] BREAKING CHANGE(hubble): introduce new version V2 Jul 11, 2026
Ex.check(StringUtils.isNotBlank(format),
"load.upload.file.format.unsupported");
List<String> formatWhiteList = this.config.get(
HubbleOptions.UPLOAD_FILE_FORMAT_LIST);

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
.
This path depends on a
user-provided value
.
List<String> formatWhiteList = this.config.get(
HubbleOptions.UPLOAD_FILE_FORMAT_LIST);
String normalizedFormat = format.toLowerCase(Locale.ROOT);
boolean supported = formatWhiteList != null &&

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
.
This path depends on a
user-provided value
.
}
return "success";
} finally {
if (!file.delete()) {

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
.
This path depends on a
user-provided value
.
return file;
} catch (Exception e) {
log.error("Failed to create a temporary file for user import", e);
if (file != null && file.exists() && !file.delete()) {

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
.
This path depends on a
user-provided value
.
This path depends on a
user-provided value
.
return file;
} catch (Exception e) {
log.error("Failed to create a temporary file for user import", e);
if (file != null && file.exists() && !file.delete()) {

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
.
This path depends on a
user-provided value
.
This path depends on a
user-provided value
.
imbajin added 17 commits July 12, 2026 04:00
- disable Kubernetes token endpoints\n- validate pagination and close request clients\n- secure CORS and sanitize exception logging\n- clean up graph listeners and loading state\n- add backend security regression coverage
- add configurable exponential backoff after repeated failures
- return HTTP 429 with Retry-After and backend warnings
- serialize concurrent attempts per principal and client address
- show a deduplicated frontend warning and cover regressions
- bind loader entities to graphspace, graph, and job scopes
- protect upload, batch, mutation, and deletion paths
- add scoped access regression coverage
- remove unused secondary request wrapper
- use default Node and Yarn download sources
- align Kotlin runtime dependency versions
- reduce expected parser log noise and mark date migration
Files were using a short-form license header that fails the license-eye
check. Replace with the full standard Apache 2.0 header consistent
with the rest of the project.

Also fix all remaining Checkstyle violations in toolchain modules
including line length, indentation, operator wrapping, and support for
SuppressWarnings filter.

Files fixed (License):
- hubble-be/.../exception/LoginThrottledException.java
- hubble-be/.../service/auth/LoginAttemptGuard.java
- hubble-be/.../unit/LoaderScopeControllerTest.java
- hubble-be/.../unit/LoginAttemptGuardTest.java
- hubble-be/.../unit/PriorityFixTest.java
- hubble-fe/src/api/throttleWarning.js
- hubble-fe/src/components/RouteErrorBoundary/index.js

Files fixed (Checkstyle):
- tools/checkstyle.xml
- hugegraph-client/.../driver/HugeClientBuilder.java
- hugegraph-loader/.../loader/HugeGraphLoader.java
- hugegraph-loader/.../loader/task/TaskManager.java
- hugegraph-loader/.../loader/executor/LoadOptions.java
- forward only rc-collapse control props across wrappers
- normalize rejected algorithm requests for form recovery
- preserve success, business-error, and auth contracts
- cover all algorithm panels and shared API boundaries
- serialize large graph ids as exact decimal strings
- remove the JSON blob BOM and verify parse round trips
- expose export actions through keyboard-operable menu items
- make the export button open its dropdown on click
- preserve Ant Design keyboard-enabled menu item actions
- verify the explicit trigger contract with targeted tests
- keep option loading failures visible with scoped retries
- clear stale graph and source-field form values
- ignore late responses after context changes
- localize recovery states and cover dual-mode contracts
- scope clear copy and symbols to graph data
- gate incompatible clone actions with accessible reasons
- preserve destructive confirmation and refresh behavior
- lock API and action contracts with regression tests
- rebuild Groovy from structured Schema responses
- preserve nested userdata and quoted separators
- keep legacy Server output unchanged
- verify real PD export and replay
- add compatibility regression coverage
- project BigInt and JSONbig values safely for JSON display
- render table cells without lossy quoting or precision changes
- prevent hidden graph fitting and duplicate layout registration
- persist a controlled reason for synchronous Cypher failures
- keep async submission and execution failure semantics distinct
- close favorite popovers when switching query languages
- cover sync, async, and tab-transition regression paths
- expose graph schema export with identity-safe recovery
- distinguish Meta loading, empty and failure states
- recover vertex and edge detail requests without stale writes
- clarify optional template application during graph creation
- make graph creation and card actions keyboard accessible
- preserve loading, failure and retry contracts across system pages
- prevent stale profile, task and metadata responses from leaking
- replace click-only controls with keyboard-accessible actions
- localize login, recovery and unknown-route semantics
- add focused accessibility and race regression coverage
- add a peer natural-language query tab
- block all placeholder execution and network paths
- recover rejected query and async task requests
- cover zero-call and failure contracts with tests

@imbajin imbajin left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Merge it first, then enhance UI/UX/CI later, congrats:)

@dosubot dosubot Bot added the lgtm This PR has been approved by a maintainer label Jul 12, 2026
@imbajin imbajin merged commit 7bbd573 into apache:master Jul 12, 2026
11 of 16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

client hugegraph-client dependencies Pull requests that update a dependency file hubble hugegraph-hubble hubble-be lgtm This PR has been approved by a maintainer loader hugegraph-loader size:L This PR changes 100-499 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants