-
Notifications
You must be signed in to change notification settings - Fork 0
Add core BBS routes and utilities, update docs #4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
PythonSmall-Q
wants to merge
73
commits into
main
Choose a base branch
from
rewrite
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
73 commits
Select commit
Hold shift + click to select a range
b81a8da
Add core BBS routes and utilities, update docs
PythonSmall-Q 76d9d04
Refactor loops and clean up unused variables in server code
PythonSmall-Q 97b5182
Remove unused Data property from auth middleware
PythonSmall-Q e213145
Update server/routes/GetAnalytics.ts
PythonSmall-Q f29515d
Refactor API result handling and error messages
PythonSmall-Q a8a0557
Add rate limiting, pagination, and refactor DB utils
PythonSmall-Q f23ead1
Optimize post fetching and improve auth/session logic
PythonSmall-Q 9a1ca19
Improve CI workflow and update dependencies
PythonSmall-Q 4af61da
Add HTML sanitization for user content
PythonSmall-Q 44fbbe2
Improve input validation and session handling
PythonSmall-Q 04058a7
Refactor param checking and improve image upload validation
PythonSmall-Q 3f7df15
Fix authentication in UploadImage route
github-actions[bot] 33cd426
Fix SQL injection risk in GetPosts.ts
github-actions[bot] 5a2b3b2
Add dependencies
PythonSmall-Q ffb5146
Fix security and code quality issues (#2, #3, #4, #6)
github-actions[bot] e6285bf
Refactor for stricter TypeScript and improved typings
PythonSmall-Q b362b0c
Add Vitest config and improve test compatibility
PythonSmall-Q 8451031
Remove unused variables and improve typings
PythonSmall-Q 4265537
Add unit tests for server route handlers
PythonSmall-Q 948d1b1
Add minimal DOM-like globals for test compatibility
PythonSmall-Q e88b8a3
Refactor test mocks and improve IP extraction in auth middleware
PythonSmall-Q 6dceba4
Update 1.auth.ts
PythonSmall-Q 611448b
Enhance OpenAPI spec and improve auth middleware
PythonSmall-Q 38d5533
Add explicit type checks for event.node access
PythonSmall-Q 26948e0
Refactor admin and silenced checks to async, add XSS sanitization
PythonSmall-Q 6ceabbc
Refactor admin and silenced checks to async, add XSS sanitization
PythonSmall-Q 773a25d
Refactor rich text sanitization and update imports
PythonSmall-Q 2c07f58
Fix typo in import path for CheckParams utility
PythonSmall-Q afb8af8
Update Cheerio import syntax in auth utils
PythonSmall-Q 4df58de
Typecast analytics response to Record<string, any>
PythonSmall-Q 9d5a11d
Update Cheerio import for compatibility
PythonSmall-Q 4256a23
Dynamically import cheerio to fix test environment issues
PythonSmall-Q 1c712e3
Initial plan
Copilot 711d5f7
Code review completed: Security and quality analysis
Copilot 1a98912
Merge pull request #6 from XMOJ-Script-dev/copilot/sub-pr-4
PythonSmall-Q 249c7c0
Initial plan
Copilot c822af0
Fix nitro config: Add compatibilityDate to resolve build warning
Copilot cac5d5f
Fix ESLint warning: Mark MAX_CACHE_ENTRIES as intentionally unused
Copilot fb1fbb6
Merge pull request #7 from XMOJ-Script-dev/copilot/sub-pr-4
PythonSmall-Q 5a73fd4
Initial plan
Copilot 1e595f6
Fix review comments: database tables, typo, analytics, AI check, rate…
Copilot 8aa17f7
Change error message for ProblemID check
PythonSmall-Q c9ec771
Merge pull request #8 from XMOJ-Script-dev/copilot/sub-pr-4
PythonSmall-Q 2c38616
Improve error handling and validation across routes
PythonSmall-Q 4e16dc1
Enhance security and validation in post and reply routes
PythonSmall-Q cf3da61
Add PowerShell test runner and improve test mocks
PythonSmall-Q 62c863b
Refactor rich text sanitization to use sanitize-html
PythonSmall-Q d77d1dc
Add new database columns and enhance link sanitization in rich text
PythonSmall-Q dc6b0e8
Add TypeScript type annotations for transformTags in sanitizeRichText
PythonSmall-Q 76c5af8
Add copyright headers and improve input validation in various routes …
PythonSmall-Q 7218aa8
Refactor rate limiting and authentication middleware; enhance CAPTCHA…
PythonSmall-Q f623927
Update .gitignore to include xmoj-script and add migration guide for …
PythonSmall-Q 5f9b983
Add client-side migration guide for xmoj-script; document breaking ch…
PythonSmall-Q bdc630f
Remove obsolete client-side migration guide and enhance session token…
PythonSmall-Q 25b884d
Refactor sanitizeRichText function to enhance XSS protection; remove …
PythonSmall-Q cb7c7fc
Enhance security and performance across multiple routes; implement SQ…
PythonSmall-Q 3923b2c
Fix error handling in DenyEditAsync and improve CheckToken regex fall…
PythonSmall-Q 26452f3
Fix SQL query result handling in GetBBSMentionList and update test mo…
PythonSmall-Q 769924a
Enhance input validation for session ID and username formats; validat…
PythonSmall-Q 1e38846
Refactor captcha handling across multiple routes; replace CaptchaSecr…
PythonSmall-Q e7416d7
Add polyfill for File API in Node.js test environment; improve fetch …
PythonSmall-Q fa840c2
Refactor rate limiting to throw errors for invalid requests; update a…
PythonSmall-Q 709a191
Refactor GetAnalytics to use context for Cloudflare environment varia…
PythonSmall-Q 6ac157f
Refactor GetAnalytics tests to provide Cloudflare environment variabl…
PythonSmall-Q a75195f
Enhance UploadStd to trigger fallback for empty StdCode or no std fou…
PythonSmall-Q 7f5f6ff
Implement notification system with Durable Objects; enhance mentions …
PythonSmall-Q d137173
Refactor mail mention handling: update database fields and implement …
PythonSmall-Q 653f1ab
Implement NotificationManager Durable Object and WebSocket notificati…
PythonSmall-Q 110faf8
Refactor export process for Durable Objects: use esbuild for TypeScri…
PythonSmall-Q 816f115
Add authentication checks to event handlers in post and reply routes
PythonSmall-Q 5433239
Fix PR bugs: copyright headers, scheduled.ts promise, add SetUserSett…
Copilot fe85996
Merge pull request #14 from XMOJ-Script-dev/copilot/fix-bugs-and-add-…
PythonSmall-Q 23fa463
Merge branch 'main' into rewrite
PythonSmall-Q File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| module.exports = { | ||
| root: true, | ||
| env: { node: true, es2022: true }, | ||
| parser: '@typescript-eslint/parser', | ||
| parserOptions: { sourceType: 'module' }, | ||
| plugins: ['@typescript-eslint'], | ||
| extends: [ | ||
| 'eslint:recommended', | ||
| 'plugin:@typescript-eslint/recommended', | ||
| ], | ||
| ignorePatterns: ['.output/**', 'node_modules/**'], | ||
| rules: { | ||
| '@typescript-eslint/no-explicit-any': 'off', | ||
| }, | ||
| }; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,84 @@ | ||
| name: CI | ||
|
|
||
| on: | ||
| push: | ||
| branches: [ main ] | ||
| pull_request: | ||
| branches: [ main ] | ||
|
|
||
| jobs: | ||
| build-and-test: | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| node: [18, 20, 22] | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: ${{ matrix.node }} | ||
| cache: 'npm' | ||
|
|
||
| - name: Install dependencies (strict) | ||
| run: npm ci | ||
| - name: Fallback install on lock mismatch | ||
| if: failure() | ||
| run: | | ||
| echo "npm ci failed; attempting fallback npm install to refresh lockfile" | ||
| npm install | ||
| - name: Upload refreshed lockfile artifact | ||
| if: failure() | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: refreshed-lockfile-${{ matrix.node }} | ||
| path: package-lock.json | ||
|
|
||
| - name: Audit dependencies | ||
| run: npm audit --production --audit-level=moderate | ||
| continue-on-error: true | ||
|
|
||
| - name: TypeScript compile check | ||
| run: | | ||
| npx tsc --noEmit | ||
|
|
||
| - name: Prepare Nitro (generate types) | ||
| run: npm run prepare | ||
|
|
||
| - name: Build | ||
| run: npm run build | ||
|
|
||
| - name: Run tests | ||
| run: npm run test -- --run | ||
|
|
||
| - name: Lint | ||
| run: npx eslint . --ext .ts | ||
|
|
||
| lint: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: '20' | ||
| cache: 'npm' | ||
| - name: Install dependencies (strict) | ||
| run: npm ci | ||
| - name: Fallback install on lock mismatch | ||
| if: failure() | ||
| run: | | ||
| echo "npm ci failed; attempting fallback npm install to refresh lockfile" | ||
| npm install | ||
| - name: Upload refreshed lockfile artifact | ||
| if: failure() | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: refreshed-lockfile-lint | ||
| path: package-lock.json | ||
| - name: OpenAPI validation (Redocly) | ||
| run: | | ||
| npx @redocly/cli@latest lint openapi.yaml --max-problems=0 | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| name: CodeQL | ||
|
|
||
| on: | ||
| push: | ||
| branches: [ rewrite, main ] | ||
| pull_request: | ||
| branches: [ main ] | ||
| schedule: | ||
| - cron: '0 3 * * 1' | ||
|
|
||
| jobs: | ||
| analyze: | ||
| name: Analyze (JavaScript/TypeScript) | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| actions: read | ||
| contents: read | ||
| security-events: write | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| language: [ 'javascript' ] | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
| - name: Initialize CodeQL | ||
| uses: github/codeql-action/init@v3 | ||
| with: | ||
| languages: ${{ matrix.language }} | ||
| - name: Autobuild | ||
| uses: github/codeql-action/autobuild@v3 | ||
| - name: Perform CodeQL Analysis | ||
| uses: github/codeql-action/analyze@v3 | ||
| with: | ||
| category: '/language:${{ matrix.language }}' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| name: Dependency Review | ||
|
|
||
| on: | ||
| pull_request: | ||
| branches: [ main ] | ||
|
|
||
| jobs: | ||
| review: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| pull-requests: write | ||
| contents: read | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
| - name: Dependency Review | ||
| uses: actions/dependency-review-action@v4 | ||
| with: | ||
| fail-on-severity: moderate |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -11,3 +11,7 @@ dist | |
| */.output | ||
| */node_modules | ||
| */.nitro | ||
| old | ||
| old/ | ||
| xmoj-script | ||
| xmoj-script/ | ||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We only need to support one version, currently 20.
https://github.com/XMOJ-Script-dev/XMOJ-bbs/actions/runs/22307076070/job/64528953025