Staging#67

Merged

a3ryk merged 33 commits intoproductionfrom

May 26, 2025

Member

a3ryk commented May 22, 2025

No description provided.

a3ryk added 24 commits

February 23, 2025 13:47


          Quick fix

43fd1f5


          Removed the last push

b0923eb


          added notification modals, routes and middlewares

ee9815c


          added page routes, middlewares, modals and bumped version

faae097


          Ignored package-lock.json

a0828d8


          Added content to the schema

0f29048


          Updated stats schema to support new style


          Updated logger to support new style

aee3086


          Added username for user storing

e4c7021


          Added new routes for stats

4211dd1


          Added logger

d9c32ae


          Added a fix to identify url

6b4ba1c


          Updated _id from systemstats to system

d229b97


          Removed all logging from endpoints

2e3c753


          Fixed the endpoint

a12fedf


          Removed unnessary logging

b2faffb


          Added failed logger

281f45b


          Added auth

353d08c


          Added 401

eac06bd


          added some improments

55bddaa


          Added key

7204a18


          A quick fix

8fc73af


          Added message to services

e614634


          Logger to store token reset history [subject to change]

32e153d

github-advanced-security bot found potential problems

View reviewed changes

src/controllers/v4/internal/notification.js Fixed Show fixed Hide fixed

src/controllers/v4/internal/notification.js Fixed Show fixed Hide fixed

src/controllers/v4/internal/notification.js Fixed Show fixed Hide fixed

src/controllers/v4/internal/notification.js Fixed Show fixed Hide fixed

src/routes/v4/internal/notifications.js

+                 *
+                 * @apiSuccess {String} message Success message.
+                 */
+                .patch(markNotificationAsRead);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs

, but is not rate-limited.
This route handler performs

, but is not rate-limited.
This route handler performs

, but is not rate-limited.

Copilot Autofix

AI 10 months ago

To fix the issue, we will apply the createRateLimiter() middleware to the markNotificationAsRead route. This ensures that the route is protected against excessive requests, preventing potential DoS attacks. The createRateLimiter() function is already imported and used elsewhere in the file, so no additional imports or definitions are needed.

Suggested changeset 1

src/routes/v4/internal/notifications.js

@@ -56,3 +56,3 @@
                */
-              .patch(markNotificationAsRead);
+              .patch(createRateLimiter(), markNotificationAsRead);

Copilot is powered by AI and may make mistakes. Always verify output.

src/routes/v4/internal/pages.js

+                 * @apiError (404) NotFound Page not found.
+                 * @apiError (500) InternalServerError Unexpected error.
+                 */
+                .get(getPageStatus);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs

, but is not rate-limited.

Copilot Autofix

AI 10 months ago

To address the issue, we will apply a rate-limiting middleware to the getPageStatus route. The express-rate-limit package can be used to define a rate limiter, which will restrict the number of requests a client can make to the endpoint within a specified time window.

The createRateLimiter middleware, which is already imported, will be utilized. Assuming it is a pre-configured rate limiter, we will apply it to the getPageStatus route. This ensures that the route is protected against excessive requests, mitigating the risk of a DoS attack.

Suggested changeset 1

src/routes/v4/internal/pages.js

@@ -57,3 +57,3 @@
                */
-              .get(getPageStatus);
+              .get(createRateLimiter, getPageStatus);

Copilot is powered by AI and may make mistakes. Always verify output.

src/routes/v4/internal/pages.js

+                 * @apiError (404) NotFound Page not found.
+                 * @apiError (500) InternalServerError Unexpected error.
+                 */
+                .get(getPageMeta);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs

, but is not rate-limited.

Copilot Autofix

AI 10 months ago

To address the issue, we will apply a rate-limiting middleware to the getPageMeta route. The express-rate-limit package will be used to define a rate limiter that restricts the number of requests a client can make to this endpoint within a specified time window. This ensures that the application is protected against DoS attacks targeting this route.

Steps to fix:

Import the express-rate-limit package if not already imported.
Define a rate limiter with appropriate settings (e.g., maximum requests and time window).
Apply the rate limiter specifically to the getPageMeta route.

Suggested changeset 1

src/routes/v4/internal/pages.js

@@ -80,3 +80,3 @@
                */
-              .get(getPageMeta);
+              .get(createRateLimiter({ windowMs: 15 * 60 * 1000, max: 100 }), getPageMeta);

Copilot is powered by AI and may make mistakes. Always verify output.

src/routes/v4/internal/pages.js

+                 * @apiError (404) NotFound Page not found.
+                 * @apiError (500) InternalServerError Unexpected error.
+                 */
+                .get(checkPageAccess);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs

, but is not rate-limited.

Copilot Autofix

AI 10 months ago

To fix the issue, we will add a rate-limiting middleware to the checkPageAccess route. This will ensure that the number of requests to this endpoint is limited within a specified time window, mitigating the risk of DoS attacks. We will use the createRateLimiter function, which is already imported from ../../../middlewares/rateLimit.js, to define and apply a rate limiter specifically for this route.

Steps:

Define a rate limiter using the createRateLimiter function.
Apply the rate limiter to the checkPageAccess route using .get().

Suggested changeset 1

src/routes/v4/internal/pages.js

@@ -82,2 +82,7 @@
+            const checkPageAccessRateLimiter = createRateLimiter({
+              windowMs: 15 * 60 * 1000, // 15 minutes
+              max: 100, // max 100 requests per windowMs
+            });
             router
@@ -102,3 +107,3 @@
                */
-              .get(checkPageAccess);
+              .get(checkPageAccessRateLimiter, checkPageAccess);

Copilot is powered by AI and may make mistakes. Always verify output.

src/routes/v4/internal/pages.js

+                 * @apiError (404) NotFound Page not found.
+                 * @apiError (500) InternalServerError Unexpected error.
+                 */
+                .get(getPageInfo)

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs

, but is not rate-limited.

Copilot Autofix

AI 10 months ago

To address the issue, we will apply a rate-limiting middleware to the getPageInfo route. The express-rate-limit package will be used to define a rate limiter that restricts the number of requests a client can make to this endpoint within a specified time window. This will help prevent abuse and mitigate the risk of DoS attacks.

Steps to fix:

Ensure the createRateLimiter function imported from ../../../middlewares/rateLimit.js is used to create a rate limiter.
Apply the rate limiter specifically to the getPageInfo route using the .get() method of the router.

Suggested changeset 1

src/routes/v4/internal/pages.js

@@ -122,3 +122,3 @@
                */
-              .get(getPageInfo)
+              .get(createRateLimiter(), getPageInfo)
               /**

Copilot is powered by AI and may make mistakes. Always verify output.

src/routes/v4/internal/pages.js

+                 * @apiError (404) NotFound Page not found.
+                 * @apiError (500) InternalServerError Unexpected error.
+                 */
+                .patch(updatePage);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs

, but is not rate-limited.
This route handler performs

, but is not rate-limited.

Copilot Autofix

AI 10 months ago

To address the issue, we will apply a rate-limiting middleware to the updatePage route. This can be achieved using the express-rate-limit package, which is already imported as createRateLimiter. We will configure a rate limiter specifically for this route, setting an appropriate limit (e.g., 100 requests per 15 minutes) to balance security and usability. The middleware will be applied directly to the patch method of the /:id route.

Suggested changeset 1

src/routes/v4/internal/pages.js

@@ -144,3 +144,3 @@
                */
-              .patch(updatePage);
+              .patch(createRateLimiter({ windowMs: 15 * 60 * 1000, max: 100 }), updatePage);

Copilot is powered by AI and may make mistakes. Always verify output.

a3ryk added 5 commits

May 22, 2025 20:10


          Bug: Database query built from user-controlled sources

fd7db66


          feat(api): added greeting notification on account creation


          feat(api): added rewards route to get and post rewards

4784d8a


          feat(api): added schema for rewards

dea2bf7


          feat(api): added a enedpoint to redeem rewards

d6592a4

a3ryk added 4 commits

May 24, 2025 05:52


          refractor(api): fixed some bugs including uncommeting auth key check …

e3807c9

…and change the system id


          Updated sudo to system

8665ac7


          QUICK fix

c8b9285


          Bumped the version to v4.10.0

e88bbcf

a3ryk self-assigned this

a3ryk added the enhancement label

a3ryk added this to Waifu.it

a3ryk merged commit e0a34be into production

3 of 4 checks passed

github-project-automation bot moved this to Done in Waifu.it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels