From 2fe40fa5f81c7b9e3eda86cf6252d1672da75e1f Mon Sep 17 00:00:00 2001
From: seoonju <tjswn9477@gmail.com>
Date: Wed, 23 Jul 2025 14:40:56 +0900
Subject: [PATCH 1/3] [Autofic] Create package.json and CI workflow

---
 .github/workflows/pr_notify.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 .github/workflows/pr_notify.yml

diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml
new file mode 100644
index 0000000..2b34036
--- /dev/null
+++ b/.github/workflows/pr_notify.yml
@@ -0,0 +1,20 @@
+name: PR Notifier
+
+on:
+  pull_request:
+    types: [opened, reopened, closed]
+
+jobs:
+  notify:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Notify Discord
+        env:
+          DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }}
+        run: |
+          curl -H "Content-Type: application/json"           -d '{"content": "🔔 Pull Request [${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}'           $DISCORD_WEBHOOK_URL
+      - name: Notify Slack
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+        run: |
+          curl -H "Content-Type: application/json"           -d '{"text": ":bell: Pull Request <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}> by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}'           $SLACK_WEBHOOK_URL

From de185f4aad93840418441e611d0ae8a03a7731e9 Mon Sep 17 00:00:00 2001
From: seoonju <tjswn9477@gmail.com>
Date: Wed, 23 Jul 2025 14:40:59 +0900
Subject: [PATCH 2/3] [Autofic] 1 malicious code detected!!

---
 server.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/server.js b/server.js
index d65b06b..ec65ee6 100644
--- a/server.js
+++ b/server.js
@@ -16,6 +16,7 @@ var taskDispatcher = require('./dispatcher/taskDispatcher');
 var loginDispatcher = require('./dispatcher/loginDispatcher');
 var path = require('path');
 var session = require('client-sessions');
+var helmet = require('helmet');
 
 // some common utilities
 var respLogger = require('./common/responseLogger');
@@ -39,10 +40,13 @@ app.set('options', options);
 // Register the static html folder. Browser can load html pages under this folder. 
 app.use(express.static(path.join(__dirname, 'public')));
 
+// Use Helmet to help secure the app by setting various HTTP headers
+app.use(helmet());
+
 // Register the session. Secret can be an arbitrary string.
 app.use(session({
     cookieName: 'session',
-    secret: 'af*asdf+_)))==asdf afcmnoadfadf',
+    secret: process.env.SESSION_SECRET || 'defaultSecret',
     duration: 30 * 60 * 1000,
     activeDuration: 5 * 60 * 1000,
 }));
@@ -66,4 +70,4 @@ app.use(router);
 
 // Finally starts the server.
 app.listen(options.port);
-console.log("Server listening on: http://localhost:%s", options.port);
+console.log("Server listening on: http://localhost:%s", options.port);
\ No newline at end of file

From 3dad84f7500356ad245d139f308021b272720e71 Mon Sep 17 00:00:00 2001
From: seoonju <tjswn9477@gmail.com>
Date: Wed, 23 Jul 2025 14:41:15 +0900
Subject: [PATCH 3/3] chore: remove CI workflow before upstream PR

---
 .github/workflows/pr_notify.yml | 20 --------------------
 1 file changed, 20 deletions(-)
 delete mode 100644 .github/workflows/pr_notify.yml

diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml
deleted file mode 100644
index 2b34036..0000000
--- a/.github/workflows/pr_notify.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-name: PR Notifier
-
-on:
-  pull_request:
-    types: [opened, reopened, closed]
-
-jobs:
-  notify:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Notify Discord
-        env:
-          DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }}
-        run: |
-          curl -H "Content-Type: application/json"           -d '{"content": "🔔 Pull Request [${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}'           $DISCORD_WEBHOOK_URL
-      - name: Notify Slack
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
-        run: |
-          curl -H "Content-Type: application/json"           -d '{"text": ":bell: Pull Request <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}> by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}'           $SLACK_WEBHOOK_URL