Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add robot and anonymous display #1110

Merged
merged 8 commits into from
Nov 27, 2024
Merged

feat: add robot and anonymous display #1110

merged 8 commits into from
Nov 27, 2024

Conversation

tea-artist
Copy link
Contributor

No description provided.

@tea-artist tea-artist requested a review from boris-w November 26, 2024 14:35
tea-artist and others added 2 commits November 26, 2024 22:36
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Bieber <artist@teable.io>
@tea-artist tea-artist added the preview This issue is already ready for preview label Nov 27, 2024
Copy link

Deployment Status: ✅ Success
🔗 Preview URL: https://pr-1110.sealosgzg.site

Copy link

Deployment Status: ✅ Success
🔗 Preview URL: https://pr-1110.sealosgzg.site

Copy link

Deployment Status: ✅ Success
🔗 Preview URL: https://pr-1110.sealosgzg.site

window.location.href = redirect ? decodeURIComponent(redirect) : '/space';
}, [redirect]);
if (redirect && redirect.startsWith('/')) {
router.push(redirect);

Check warning

Code scanning / CodeQL

Client-side URL redirect Medium

Untrusted URL redirection depends on a
user-provided value
.

Copilot Autofix AI about 1 month ago

To fix the problem, we need to ensure that the redirect URL is validated against a list of authorized paths. This can be done by maintaining a list of allowed paths and checking if the redirect URL is in this list before performing the redirection. This approach ensures that only safe, predefined paths are used for redirection.

  1. Create a list of authorized paths.
  2. Check if the redirect URL is in the list of authorized paths.
  3. If the redirect URL is not in the list, redirect to a default safe path.
Suggested changeset 1
apps/nextjs-app/src/features/auth/pages/LoginPage.tsx

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/apps/nextjs-app/src/features/auth/pages/LoginPage.tsx b/apps/nextjs-app/src/features/auth/pages/LoginPage.tsx
--- a/apps/nextjs-app/src/features/auth/pages/LoginPage.tsx
+++ b/apps/nextjs-app/src/features/auth/pages/LoginPage.tsx
@@ -16,2 +16,3 @@
   const redirect = decodeURIComponent((router.query.redirect as string) || '');
+  const authorizedPaths = ['/space', '/profile', '/dashboard']; // Add authorized paths here
   const signType = router.pathname.endsWith('/signup') ? 'signup' : 'signin';
@@ -19,3 +20,3 @@
   const onSuccess = useCallback(() => {
-    if (redirect && redirect.startsWith('/')) {
+    if (redirect && authorizedPaths.includes(redirect)) {
       router.push(redirect);
EOF
@@ -16,2 +16,3 @@
const redirect = decodeURIComponent((router.query.redirect as string) || '');
const authorizedPaths = ['/space', '/profile', '/dashboard']; // Add authorized paths here
const signType = router.pathname.endsWith('/signup') ? 'signup' : 'signin';
@@ -19,3 +20,3 @@
const onSuccess = useCallback(() => {
if (redirect && redirect.startsWith('/')) {
if (redirect && authorizedPaths.includes(redirect)) {
router.push(redirect);
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Copy link

Deployment Status: ✅ Success
🔗 Preview URL: https://pr-1110.sealosgzg.site

Copy link

Deployment Status: ✅ Success
🔗 Preview URL: https://pr-1110.sealosgzg.site

@tea-artist tea-artist merged commit 5adcc8b into develop Nov 27, 2024
12 of 13 checks passed
@tea-artist tea-artist deleted the feat/system-user branch November 27, 2024 09:26
Copy link

🧹 Preview Environment Cleanup

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
preview This issue is already ready for preview
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant