Configuration
Recogito Config Tool is a web-based configuration management application for administering and customizing Recogito platform deployments.
Core Stack
Section titled “Core Stack”- Vite - Build tool and dev server
- React (v18.2) - UI framework
- TypeScript - Type safety
- Material UI (MUI) - Component library and design system
- TanStack Query (React Query) - Data fetching and state management
- Supabase JS Client - Database integration
- AJV - JSON schema validation
Purpose
Section titled “Purpose”The Config Tool provides a graphical interface for managing platform-wide configuration that controls:
- Access control policies
- User role definitions
- Default group structures
- Platform branding
- Authentication methods
- Multi-language content
- Administrative settings
Architecture
Section titled “Architecture”Application Structure
Section titled “Application Structure”src/├── components/ # UI components│ ├── Admin/ # Admin settings management│ ├── Authentication/ # Auth method configuration│ ├── Branding/ # Visual customization│ ├── DynamicText/ # Multi-language text│ ├── Groups/ # Default group management│ ├── Main/ # Main app layout with tabs│ ├── Policies/ # Policy management│ └── Roles/ # Role definition├── config/ # App configuration├── providers/ # React context providers├── supabase/ # Database queries├── types/ # TypeScript definitions└── utilities/ # Helper functionsConfiguration File Structure
Section titled “Configuration File Structure”The tool manages a comprehensive JSON configuration file:
{ project_name: string; author: string; version: string; created_at: string; updated_at: string; supported_languages: string[]; default_language: string; policies: PolicyDefinition[]; roles: RoleDefinition[]; org_groups: GroupDefinition[]; project_groups: GroupDefinition[]; layer_groups: GroupDefinition[]; branding: Branding; dynamic_text: DynamicText; admin: { admin_email: string; admin_groups: string[]; }; authentication: { methods: AuthenticationMethod[]; };}Key Components
Section titled “Key Components”1. Policies
Section titled “1. Policies”Purpose: Define database-level access control rules
Structure:
id- Unique policy identifier (UUID)table_name- Database table nameoperation- CRUD operation (SELECT, INSERT, UPDATE, DELETE)
Data Source: Loaded from Supabase policies table
Functionality:
- View all available policies
- Grid-based display
- Read from database at startup
- Foundation for role-based access control
2. Roles
Section titled “2. Roles”Purpose: Group policies into reusable permission sets
Structure:
id- Unique role identifiername- Role namedescription- Role descriptionpolicies- Array of policy IDs
Functionality:
- Create new roles
- Assign policies to roles
- Edit role definitions
- Delete roles
- Validation against available policies
3. Groups
Section titled “3. Groups”Purpose: Define default group templates for organizations, projects, and layers
Types:
- Organization Groups - Tenant-level groups
- Project Groups - Project-specific groups
- Layer Groups - Annotation layer groups
Structure:
id- Unique identifiername- Group namedescription- Group descriptionrole_id- Associated roleis_admin- Admin privileges flagis_default- Default group flagis_read_only- Read-only restriction
Functionality:
- Create groups for each type
- Assign roles to groups
- Set admin and default flags
- Configure read-only access
4. Branding
Section titled “4. Branding”Purpose: Customize platform visual identity
Configuration:
platform_name- Platform display namesite_name- Site-specific namewelcome_blurb- Welcome messagesite_color- Primary colorhome_banner- Banner image URLbackground_color- Background colorcontrast_color- Text/contrast colorbottom_logos_enabled- Footer logo togglefooter_message- Footer texttop_logos_enabled- Header logo togglelogin_logo_enabled- Login page logo togglefavicon- Favicon path
Functionality:
- Visual customization
- Color scheme configuration
- Logo and image management
- Welcome messaging
5. Authentication
Section titled “5. Authentication”Purpose: Configure authentication methods
Supported Methods:
username_password- Traditional loginsaml- SAML/SSO integrationoauth- OAuth providersmagic_link- Passwordless email linkskeycloak- Keycloak integration
Structure:
name- Display nametype- Authentication typedomain- Domain restriction (optional)
Functionality:
- Enable/disable auth methods
- Configure multiple methods
- Domain-based restrictions
6. Dynamic Text
Section titled “6. Dynamic Text”Purpose: Manage multi-language platform text
Structure:
{ public_document_warning: [ { language: 'en', text: 'English text' }, { language: 'de', text: 'German text' } ]}Functionality:
- Multi-language support
- Translatable UI text
- Language-specific content
7. Admin Settings
Section titled “7. Admin Settings”Purpose: Configure platform administrators
Configuration:
admin_email- Primary admin emailadmin_groups- Admin group IDs
Functionality:
- Define admin access
- Group-based admin rights
Data Flow
Section titled “Data Flow”Loading Configuration
Section titled “Loading Configuration”- Connect to Supabase - Local instance at
localhost:54321 - Fetch Policies - Query
policiestable via React Query - Load Config File - Upload existing JSON config
- Merge Data - Combine database policies with file configuration
- Display in UI - Render in tabbed interface
Editing Configuration
Section titled “Editing Configuration”- Select Tab - Navigate to configuration section
- Modify Settings - Use form inputs and dialogs
- Update State - Changes stored in React context
- Validation - Validate against schemas and constraints
Saving Configuration
Section titled “Saving Configuration”- Update Version - Increment version, update metadata
- Serialize Config - Convert state to JSON
- Download File - Save as JSON to local filesystem
- Manual Deployment - Admin deploys to target environments
State Management
Section titled “State Management”ConfigToolProvider
Section titled “ConfigToolProvider”React Context provider managing:
- Loaded configuration file
- Policy data from database
- Role definitions
- Group configurations
- Branding settings
- Authentication methods
- Dynamic text
Operations
Section titled “Operations”setConfigFile()- Load configurationsetFileName()- Set active filenamegetRole()- Retrieve role by IDaddRole()/removeRole()/saveRole()- Role CRUDaddGroup()/removeGroup()- Group managementsaveAdmin()- Admin settingssaveVersion()- Version metadatasaveBranding()- Branding configsaveDynamicText()- Multi-language textaddAuthMethod()/removeAuthMethod()- Auth methodsonSaveConfig()- Export configuration
Database Integration
Section titled “Database Integration”Supabase Queries
Section titled “Supabase Queries”Policy Query:
supabase.from('policies').select('id, table_name, operation')Roles Query:
supabase.from('roles').select('*')Connection
Section titled “Connection”- Local Development:
http://localhost:54321 - Authentication: Service key via
VITE_SERVICE_KEYenvironment variable - Read-Only: Queries database but doesn’t write back
- One-Way Sync: Policies loaded from DB, exported to JSON config
User Interface
Section titled “User Interface”Main Layout
Section titled “Main Layout”App Bar:
- Application title
- Current config filename display
- Load/Save config buttons
Tabs:
- Policies - Always accessible (database view)
- Roles - Enabled after config load
- Default Groups - Enabled after config load
- Admin - Enabled after config load
- Branding - Enabled after config load
- Dynamic Text - Enabled after config load
- Authentication - Enabled after config load
Dialogs
Section titled “Dialogs”- LoadConfigDialog - Upload existing config file
- UpdateVersionDialog - Update metadata before save
- CreateGroupDialog - Create new group
- CreateAuthenticationMethodDialog - Add auth method
Data Grids
Section titled “Data Grids”Material UI Data Grid for:
- Policy listing
- Role management
- Group overview
Workflow
Section titled “Workflow”Initial Setup
Section titled “Initial Setup”- Start Supabase local development environment
- Run config tool with
npm run dev - Tool connects to
localhost:54321 - Policies auto-load from database
Creating Configuration
Section titled “Creating Configuration”- Click “Load Config” to upload existing config or start fresh
- Navigate through tabs to configure each section:
- Define roles from available policies
- Create default groups (org/project/layer)
- Configure admin settings
- Customize branding
- Set authentication methods
- Add multi-language text
- Click “Save Config” to export
- Enter metadata (project name, author, version)
- Download JSON file
Deploying Configuration
Section titled “Deploying Configuration”Configuration files are deployed manually:
- Client: Place in
src/config.json - Server: Place in
config.jsonat root - Both applications read config on startup
Development
Section titled “Development”Environment Variables
Section titled “Environment Variables”VITE_SERVICE_KEY=<supabase_service_key>Running Locally
Section titled “Running Locally”npm installnpm run dev # Starts on port 5173 by defaultBuilding
Section titled “Building”npm run build # TypeScript compile + Vite buildnpm run preview # Preview production buildDocker Deployment
Section titled “Docker Deployment”FROM node:alpineWORKDIR /appCOPY package*.json ./RUN npm installCOPY . .RUN npm run buildEXPOSE 8080Validation
Section titled “Validation”JSON Schema Validation
Section titled “JSON Schema Validation”Uses AJV for:
- Configuration file structure validation
- Type checking
- Required field enforcement
Business Logic Validation
Section titled “Business Logic Validation”- Role must reference existing policies
- Groups must reference existing roles
- No duplicate IDs
- Valid color formats for branding
- Valid authentication types
Integration with Platform
Section titled “Integration with Platform”Client Integration
Section titled “Client Integration”Client application (recogito-client) reads:
- Branding configuration for UI customization
- Authentication methods for login options
- Dynamic text for multi-language support
Server Integration
Section titled “Server Integration”Server application (recogito-server) uses:
- Policies for RLS policy seeding
- Roles for permission checking
- Default groups for initial setup
- Admin configuration for access control
Configuration Flow
Section titled “Configuration Flow”- Admin creates config using Config Tool
- Export JSON with all settings
- Deploy to client and server repositories
- Applications read on startup and apply settings
- Database seeded with policies and groups
File Management
Section titled “File Management”Default Configuration
Section titled “Default Configuration”dafault-config.json - Template configuration with:
- Standard policies for all tables
- Common roles (admin, professor, student, etc.)
- Default group structures
- Sample branding
Export Format
Section titled “Export Format”Compact JSON with:
- No formatting for production
- All configuration in single file
- Timestamp metadata
- Version tracking
Import/Export Utilities
Section titled “Import/Export Utilities”// Download configurationdownload(data, filename)
// Deep copy objectscopyObject(object)Security Considerations
Section titled “Security Considerations”- Service Key Required - Admin-level database access
- Local Only - Designed for local development use
- Manual Deployment - No automated config push
- Validation - Schema checking prevents invalid configs
- Audit Trail - Version and author tracking
Limitations
Section titled “Limitations”- No Real-Time Sync - Changes not pushed to database
- Manual Export - No automated deployment
- Local Supabase Only - Hardcoded to localhost:54321
- No Collaboration - Single-user tool
- File-Based - Configuration stored as JSON files