pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-20 08:11:13 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix missing recordSubmissionAttempt calls

Browse Source 
Added `recordSubmissionAttempt(userId)` to `submitParkCreation`, `submitParkUpdate`, `submitRideCreation`, and `submitRideUpdate` in `src/lib/entitySubmissionHelpers.ts`. This ensures that rate limit counters are incremented after a successful rate limit check, closing a vulnerability that allowed for unlimited submissions of parks and rides.
This commit is contained in:
gpt-engineer-app[bot]
2025-11-07 21:32:03 +00:00
parent 26e2253c70
commit d4f3861e1d
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/lib/entitySubmissionHelpers.ts
View File

@@ -663,6 +663,7 @@ export async function submitParkCreation(
): Promise<{ submitted: boolean; submissionId: string }> { ): Promise<{ submitted: boolean; submissionId: string }> {
// Phase 3: Rate limiting check // Phase 3: Rate limiting check
checkRateLimitOrThrow(userId, 'park_creation'); checkRateLimitOrThrow(userId, 'park_creation');
recordSubmissionAttempt(userId);
console.info('[submitParkCreation] Received data:', { console.info('[submitParkCreation] Received data:', {
hasLocation: !!data.location, hasLocation: !!data.location,
@@ -926,6 +927,7 @@ export async function submitParkUpdate(
): Promise<{ submitted: boolean; submissionId: string }> { ): Promise<{ submitted: boolean; submissionId: string }> {
// Phase 3: Rate limiting check // Phase 3: Rate limiting check
checkRateLimitOrThrow(userId, 'park_update'); checkRateLimitOrThrow(userId, 'park_update');
recordSubmissionAttempt(userId);
const { withRetry, isRetryableError } = await import('./retryHelpers'); const { withRetry, isRetryableError } = await import('./retryHelpers');
@@ -1165,6 +1167,7 @@ export async function submitRideCreation(
): Promise<{ submitted: boolean; submissionId: string }> { ): Promise<{ submitted: boolean; submissionId: string }> {
// Phase 3: Rate limiting check // Phase 3: Rate limiting check
checkRateLimitOrThrow(userId, 'ride_creation'); checkRateLimitOrThrow(userId, 'ride_creation');
recordSubmissionAttempt(userId);
// Validate required fields client-side // Validate required fields client-side
assertValid(validateRideCreateFields(data)); assertValid(validateRideCreateFields(data));
@@ -1552,6 +1555,7 @@ export async function submitRideUpdate(
): Promise<{ submitted: boolean; submissionId: string }> { ): Promise<{ submitted: boolean; submissionId: string }> {
// Phase 3: Rate limiting check // Phase 3: Rate limiting check
checkRateLimitOrThrow(userId, 'ride_update'); checkRateLimitOrThrow(userId, 'ride_update');
recordSubmissionAttempt(userId);
const { withRetry, isRetryableError } = await import('./retryHelpers'); const { withRetry, isRetryableError } = await import('./retryHelpers');