pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-21 12:11:11 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add ban evasion reporting to edge function

Browse Source 
Added ban evasion reporting to the `upload-image` edge function for both DELETE and POST operations. This ensures that all ban evasion attempts, including those via direct API calls, are logged to `system_alerts` and visible on the `/admin/error-monitoring` dashboard.
This commit is contained in:
gpt-engineer-app[bot]
2025-11-08 00:58:00 +00:00
parent 714a1707ce
commit 576899cf25
1 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
supabase/functions/upload-image/index.ts
View File

@@ -70,6 +70,36 @@ const createAuthenticatedSupabaseClient = (authHeader: string) => {
}) })
} }
/**
* Report ban evasion attempts to system alerts
*/
async function reportBanEvasionToAlerts(
supabaseClient: any,
userId: string,
action: string,
requestId: string
): Promise<void> {
try {
await supabaseClient.rpc('create_system_alert', {
p_alert_type: 'ban_attempt',
p_severity: 'high',
p_message: `Banned user attempted image upload: ${action}`,
p_metadata: {
user_id: userId,
action,
request_id: requestId,
timestamp: new Date().toISOString()
}
});
} catch (error) {
// Non-blocking - log but don't fail the response
edgeLogger.warn('Failed to report ban evasion', {
error: error instanceof Error ? error.message : String(error),
requestId
});
}
}
// Apply strict rate limiting (5 requests/minute) to prevent abuse // Apply strict rate limiting (5 requests/minute) to prevent abuse
const uploadRateLimiter = rateLimiters.strict; const uploadRateLimiter = rateLimiters.strict;
@@ -164,7 +194,15 @@ serve(withRateLimit(async (req) => {
} }
if (profile.banned) { if (profile.banned) {
// Report ban evasion attempt (non-blocking)
await reportBanEvasionToAlerts(supabase, user.id, 'image_delete', tracking.requestId);
const duration = endRequest(tracking); const duration = endRequest(tracking);
edgeLogger.warn('Banned user blocked from image deletion', {
userId: user.id,
requestId: tracking.requestId
});
return new Response( return new Response(
JSON.stringify({ JSON.stringify({
error: 'Account suspended', error: 'Account suspended',
@@ -375,7 +413,15 @@ serve(withRateLimit(async (req) => {
} }
if (profile.banned) { if (profile.banned) {
// Report ban evasion attempt (non-blocking)
await reportBanEvasionToAlerts(supabase, user.id, 'image_upload', tracking.requestId);
const duration = endRequest(tracking); const duration = endRequest(tracking);
edgeLogger.warn('Banned user blocked from image upload', {
userId: user.id,
requestId: tracking.requestId
});
return new Response( return new Response(
JSON.stringify({ JSON.stringify({
error: 'Account suspended', error: 'Account suspended',