From d4f3861e1d43bd643fd96adb58a113d6858a3bb5 Mon Sep 17 00:00:00 2001 From: "gpt-engineer-app[bot]" <159125892+gpt-engineer-app[bot]@users.noreply.github.com> Date: Fri, 7 Nov 2025 21:32:03 +0000 Subject: [PATCH] Fix missing recordSubmissionAttempt calls Added `recordSubmissionAttempt(userId)` to `submitParkCreation`, `submitParkUpdate`, `submitRideCreation`, and `submitRideUpdate` in `src/lib/entitySubmissionHelpers.ts`. This ensures that rate limit counters are incremented after a successful rate limit check, closing a vulnerability that allowed for unlimited submissions of parks and rides. --- src/lib/entitySubmissionHelpers.ts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/lib/entitySubmissionHelpers.ts b/src/lib/entitySubmissionHelpers.ts index 351da020..2362110a 100644 --- a/src/lib/entitySubmissionHelpers.ts +++ b/src/lib/entitySubmissionHelpers.ts @@ -663,6 +663,7 @@ export async function submitParkCreation( ): Promise<{ submitted: boolean; submissionId: string }> { // Phase 3: Rate limiting check checkRateLimitOrThrow(userId, 'park_creation'); + recordSubmissionAttempt(userId); console.info('[submitParkCreation] Received data:', { hasLocation: !!data.location, @@ -926,6 +927,7 @@ export async function submitParkUpdate( ): Promise<{ submitted: boolean; submissionId: string }> { // Phase 3: Rate limiting check checkRateLimitOrThrow(userId, 'park_update'); + recordSubmissionAttempt(userId); const { withRetry, isRetryableError } = await import('./retryHelpers'); @@ -1165,6 +1167,7 @@ export async function submitRideCreation( ): Promise<{ submitted: boolean; submissionId: string }> { // Phase 3: Rate limiting check checkRateLimitOrThrow(userId, 'ride_creation'); + recordSubmissionAttempt(userId); // Validate required fields client-side assertValid(validateRideCreateFields(data)); @@ -1552,6 +1555,7 @@ export async function submitRideUpdate( ): Promise<{ submitted: boolean; submissionId: string }> { // Phase 3: Rate limiting check checkRateLimitOrThrow(userId, 'ride_update'); + recordSubmissionAttempt(userId); const { withRetry, isRetryableError } = await import('./retryHelpers');