pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-20 06:51:12 -05:00
Code Issues Packages Projects Releases Wiki Activity

Improve security and code quality with authorization fixes and updates

Browse Source 
Update Edge Functions for JWT verification and banned user checks, add React Router v7 compatibility flags, and simplify the moderation API by removing client-supplied userId.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 6d6e48da-5b1b-47f9-a65c-9fa4a352936a
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/7cdf4e95-3f41-4180-b8e3-8ef56d032c0e/6d6e48da-5b1b-47f9-a65c-9fa4a352936a/u05utRo
This commit is contained in:
pac7
2025-10-07 20:13:17 +00:00
parent b8787ee6de
commit 6c59f150e8
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
replit.md
View File

@@ -3,6 +3,18 @@
## Overview
ThrillWiki is a community-driven web application for discovering, reviewing, and tracking theme parks, rides, and related entities globally. Its core purpose is to provide a centralized platform for enthusiasts to research attractions and contribute to a collaborative knowledge base through user contributions and reviews, offering a comprehensive encyclopedia for the theme park world.
## Recent Changes (October 7, 2025)
### Security Enhancements
- **Fixed Critical Authorization Vulnerability:** Updated `process-selective-approval` Edge Function to properly verify JWT tokens using Supabase's auth verification instead of manual decoding. Now correctly enforces moderator/admin role requirements before allowing content approvals.
- **Enhanced Image Upload Security:** Added banned user checks to `upload-image` Edge Function for both upload (POST) and delete (DELETE) operations to prevent suspended users from managing images.
### Code Quality Improvements
- **React Router v7 Compatibility:** Added future flags (`v7_startTransition`, `v7_relativeSplatPath`) to BrowserRouter to prepare for React Router v7 and eliminate deprecation warnings.
### Architecture Changes
- **Moderation API Update:** Simplified moderation approval API by removing client-supplied `userId` parameter. The authenticated user's ID is now extracted from the verified JWT token on the backend for improved security.
## User Preferences
Preferred communication style: Simple, everyday language.