Ling0925
/
buster
mirror of https://github.com/buster-so/buster.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #61 from buster-so/nate/security-remediation 

Nate/security remediation
This commit is contained in:
Nate Kelley 2025-01-23 15:38:12 -08:00 committed by GitHub
parent af7e969af8 02d0f9f2c4
commit e7f8f8b06d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 32 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
web/src/app/app/_components/Lists/FavoriteStar.tsx
View File

@ -68,7 +68,9 @@ export const FavoriteStar: React.FC<{
classNames={{ classNames={{
icon: '!text-inherit !mt-[-2px]' icon: '!text-inherit !mt-[-2px]'
}} }}
className={cx(className, 'flex', styles.icon, iconStyle, { 'is-favorited': isFavorited })} className={cx(className, 'flex', styles.icon, iconStyle, {
'is-favorited opacity-100': isFavorited
})}
onClick={onFavoriteClick} onClick={onFavoriteClick}
type="text" type="text"
icon={<AppMaterialIcons icon="star" fill={isFavorited} />} icon={<AppMaterialIcons icon="star" fill={isFavorited} />}

5
web/src/app/app/metrics/_ThreadListContainer/_ThreadItemsContainer.tsx
View File

@ -241,14 +241,13 @@ const TitleCell = React.memo<{ title: string; status: BusterVerificationStatus;
<StatusBadgeIndicator status={status} /> <StatusBadgeIndicator status={status} />
</div> </div>
<Text ellipsis={true}>{title}</Text> <Text ellipsis={true}>{title}</Text>
<div <div className="flex items-center" onClick={onFavoriteDivClick}>
className="flex items-center opacity-0 group-hover:opacity-100"
onClick={onFavoriteDivClick}>
<FavoriteStar <FavoriteStar
id={threadId} id={threadId}
type={BusterShareAssetType.THREAD} type={BusterShareAssetType.THREAD}
iconStyle="tertiary" iconStyle="tertiary"
name={title} name={title}
className="opacity-0 group-hover:opacity-100"
/> />
</div> </div>
</div> </div>

6
web/src/components/layout/AppSplitter/AppSplitter.tsx
View File

@ -3,7 +3,7 @@
import { useMemoizedFn } from 'ahooks'; import { useMemoizedFn } from 'ahooks';
import React, { useEffect, useMemo, useState, forwardRef, useImperativeHandle } from 'react'; import React, { useEffect, useMemo, useState, forwardRef, useImperativeHandle } from 'react';
import SplitPane, { Pane } from './SplitPane'; import SplitPane, { Pane } from './SplitPane';
import { createAutoSaveId } from './helper'; import { createAutoSaveId, setAppSplitterCookie } from './helper';
import Cookies from 'js-cookie'; import Cookies from 'js-cookie';
import { createStyles } from 'antd-style'; import { createStyles } from 'antd-style';
@ -101,7 +101,7 @@ export const AppSplitter = forwardRef<
setSizes(sizes); setSizes(sizes);
const key = createAutoSaveId(autoSaveId); const key = createAutoSaveId(autoSaveId);
const sizesString = preserveSide === 'left' ? [sizes[0], 'auto'] : ['auto', sizes[1]]; const sizesString = preserveSide === 'left' ? [sizes[0], 'auto'] : ['auto', sizes[1]];
Cookies.set(key, JSON.stringify(sizesString), { expires: 365 }); setAppSplitterCookie(key, sizesString);
}); });
const onPreserveSide = useMemoizedFn(() => { const onPreserveSide = useMemoizedFn(() => {
@ -130,7 +130,7 @@ export const AppSplitter = forwardRef<
const key = createAutoSaveId(autoSaveId); const key = createAutoSaveId(autoSaveId);
const sizesString = const sizesString =
preserveSide === 'left' ? [newSizes[0], 'auto'] : ['auto', newSizes[1]]; preserveSide === 'left' ? [newSizes[0], 'auto'] : ['auto', newSizes[1]];
Cookies.set(key, JSON.stringify(sizesString), { expires: 365 }); setAppSplitterCookie(key, sizesString);
} }
} }
})); }));

10
web/src/components/layout/AppSplitter/helper.ts
View File

@ -1 +1,11 @@
export const createAutoSaveId = (id: string) => `app-splitter-${id}`; export const createAutoSaveId = (id: string) => `app-splitter-${id}`;
import Cookies from 'js-cookie';
export const setAppSplitterCookie = (key: string, value: any) => {
Cookies.set(key, JSON.stringify(value), {
expires: 365,
secure: true,
sameSite: 'strict'
});
};

10
web/src/context/Supabase/server.ts
View File

@ -1,4 +1,4 @@
import { createServerClient, type CookieOptions } from '@supabase/ssr'; import { createServerClient } from '@supabase/ssr';
import { cookies } from 'next/headers'; import { cookies } from 'next/headers';
export async function createClient() { export async function createClient() {
@ -8,6 +8,14 @@ export async function createClient() {
process.env.NEXT_PUBLIC_SUPABASE_URL!, process.env.NEXT_PUBLIC_SUPABASE_URL!,
process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!, process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
{ {
cookieOptions: {
secure: true,
httpOnly: true
},
auth: {
autoRefreshToken: true,
persistSession: true
},
cookies: { cookies: {
getAll() { getAll() {
return cookieStore.getAll(); return cookieStore.getAll();

6
web/src/middleware.ts
View File

@ -9,7 +9,11 @@ export async function middleware(request: NextRequest) {
const performUserCheck = !isPublicPage(request); const performUserCheck = !isPublicPage(request);
supabaseResponse.headers.set('x-next-pathname', request.nextUrl.pathname); supabaseResponse.headers.set('x-next-pathname', request.nextUrl.pathname);
supabaseResponse.cookies.set('x-next-pathname', request.nextUrl.pathname); supabaseResponse.cookies.set('x-next-pathname', request.nextUrl.pathname, {
secure: true,
httpOnly: true,
sameSite: 'lax'
});
if (performUserCheck && !user && !request.nextUrl.pathname.includes('/test/')) { if (performUserCheck && !user && !request.nextUrl.pathname.includes('/test/')) {
return NextResponse.redirect( return NextResponse.redirect(