pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-20 04:51:11 -05:00
Code Issues Packages Projects Releases Wiki Activity

Improve security, performance, and error handling across the application

Browse Source 
Enhance security by adding authentication to image uploads, optimize token fetching in PhotoUpload.tsx, and improve input validation and error handling in multiple backend functions and services.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 8d708ff6-09f1-4b67-8edc-de3fcb2349b3
Replit-Commit-Checkpoint-Type: full_checkpoint
This commit is contained in:
pac7
2025-10-07 14:56:37 +00:00
parent 88ed3207c4
commit 1241670492
1 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
replit.md
View File

@@ -268,4 +268,25 @@ Preferred communication style: Simple, everyday language.
- All async operations properly handle errors with user feedback
**Import Fixes:**
- Fixed sonner.tsx to import `useTheme` from local `@/components/theme/ThemeProvider` instead of incorrect `next-themes` package
- Fixed sonner.tsx to import `useTheme` from local `@/components/theme/ThemeProvider` instead of incorrect `next-themes` package
### Additional Bug Fixes and Security Improvements (October 7, 2025)
**Security Enhancements:**
- `supabase/functions/upload-image/index.ts`: Added authentication requirements for POST and GET operations to prevent unauthorized access to image uploads and status checks
- All image operations now verify JWT tokens via Supabase auth before proceeding with Cloudflare API calls
- Added TODO comments for restricting CORS to specific domains in production environments
**Performance Optimizations:**
- `src/components/upload/PhotoUpload.tsx`: Optimized session token fetching to retrieve once before polling loop instead of on every iteration, reducing unnecessary authentication calls and improving upload performance
**Enhanced Input Validation:**
- `supabase/functions/create-novu-subscriber/index.ts`: Comprehensive validation added for all fields:
- Required fields: subscriberId and email with format validation
- Optional fields: firstName/lastName (max 100 chars), phone (international format), avatar (valid URL), data (object type with 10KB size limit)
- Graceful handling of malformed JSON with proper 400 error responses instead of 500
**Error Handling Improvements:**
- `src/lib/versioningHelpers.ts`: Added `instanceof Error` checks before accessing `error.message` to prevent runtime crashes
- `src/lib/notificationService.ts`: Added safe error message extraction with fallback for non-Error objects
- All error handlers now provide user-friendly messages while maintaining detailed logging