pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-20 10:11:13 -05:00
Code Issues Packages Projects Releases Wiki Activity

Improve application stability and security with bug fixes and updates

Browse Source 
Implement several bug fixes and security enhancements, including improved Novu API integration, enhanced input validation, corrected TypeScript errors, verified memory management, enabled JWT verification for image uploads, replaced manual JWT decoding with Supabase verification, and made the Geolocation API configurable.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: a8c5cf3e-a80e-462f-b090-b081acdcf03a
Replit-Commit-Checkpoint-Type: full_checkpoint
This commit is contained in:
pac7
2025-10-08 14:06:39 +00:00
parent 012f2995fa
commit c5d008687e
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
replit.md
View File

@@ -5,11 +5,16 @@ ThrillWiki is a community-driven web application for discovering, reviewing, and
## Recent Changes (October 8, 2025)
### Bug Fixes & Code Quality
- **Fixed Novu API Integration:** Updated `update-novu-preferences` Edge Function to correctly use Novu's updatePreference API, which requires separate calls for each channel type (email, sms, in_app, push). Implemented proper error handling that tracks per-channel results and returns 502 status with detailed failure information when any channel fails to update.
- **Enhanced Input Validation:** Added validation for userId and channelPreferences in `update-novu-preferences` to prevent undefined access errors and return clear 400 error responses for invalid requests.
- **Fixed TypeScript Errors in Edge Functions:** Corrected null checking for user object in `seed-test-data` function and improved error type handling for JSON parsing operations.
- **Verified Memory Management:** Confirmed that all React hooks (useAuth, useModerationQueue, useEntityVersions) properly clean up intervals and timers in useEffect return statements to prevent memory leaks.
### Security Enhancements
- **Enabled JWT Verification for Image Upload:** Changed `upload-image` Edge Function to `verify_jwt = true` in `supabase/config.toml`. This ensures Supabase validates JWT tokens before the function executes, preventing unauthorized access to image upload/delete operations.
- **Replaced Manual JWT Decoding with Supabase Verification:** Updated `cancel-email-change` Edge Function to use Supabase's built-in `auth.getUser(token)` method with service role client instead of manual base64 decoding. This approach properly verifies JWT tokens using only runtime-available environment variables (SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY) while maintaining admin privileges for database operations.
- **Made Geolocation API Configurable:** Updated `detect-location` Edge Function to use environment variables for geolocation service configuration. The API URL (`GEOLOCATION_API_URL`) and fields (`GEOLOCATION_API_FIELDS`) are now configurable, with sensible defaults (ip-api.com) for easier service switching and testing.
- **Enhanced Error Handling:** Added comprehensive error handling to all Supabase Edge Functions with granular try-catch blocks for network requests, JSON parsing, and API responses. Improves reliability and provides detailed error messages for debugging.
## Recent Changes (October 7, 2025)