Ling0925
/
buster
mirror of https://github.com/buster-so/buster.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #61 from buster-so/nate/security-remediation 

Nate/security remediation
This commit is contained in:
Nate Kelley 2025-01-23 15:38:12 -08:00 committed by GitHub
parent af7e969af8 02d0f9f2c4
commit e7f8f8b06d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 32 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
web/src/app/app/_components/Lists/FavoriteStar.tsx
View File

@ -68,7 +68,9 @@ export const FavoriteStar: React.FC<{
classNames={{
icon: '!text-inherit !mt-[-2px]'
}}
className={cx(className, 'flex', styles.icon, iconStyle, { 'is-favorited': isFavorited })}
className={cx(className, 'flex', styles.icon, iconStyle, {
'is-favorited opacity-100': isFavorited
})}
onClick={onFavoriteClick}
type="text"
icon={<AppMaterialIcons icon="star" fill={isFavorited} />}

5
web/src/app/app/metrics/_ThreadListContainer/_ThreadItemsContainer.tsx
View File

@ -241,14 +241,13 @@ const TitleCell = React.memo<{ title: string; status: BusterVerificationStatus;
<StatusBadgeIndicator status={status} />
</div>
<Text ellipsis={true}>{title}</Text>
<div
className="flex items-center opacity-0 group-hover:opacity-100"
onClick={onFavoriteDivClick}>
<div className="flex items-center" onClick={onFavoriteDivClick}>
<FavoriteStar
id={threadId}
type={BusterShareAssetType.THREAD}
iconStyle="tertiary"
name={title}
className="opacity-0 group-hover:opacity-100"
/>
</div>
</div>

6
web/src/components/layout/AppSplitter/AppSplitter.tsx
View File

@ -3,7 +3,7 @@
import { useMemoizedFn } from 'ahooks';
import React, { useEffect, useMemo, useState, forwardRef, useImperativeHandle } from 'react';
import SplitPane, { Pane } from './SplitPane';
import { createAutoSaveId } from './helper';
import { createAutoSaveId, setAppSplitterCookie } from './helper';
import Cookies from 'js-cookie';
import { createStyles } from 'antd-style';
@ -101,7 +101,7 @@ export const AppSplitter = forwardRef<
setSizes(sizes);
const key = createAutoSaveId(autoSaveId);
const sizesString = preserveSide === 'left' ? [sizes[0], 'auto'] : ['auto', sizes[1]];
Cookies.set(key, JSON.stringify(sizesString), { expires: 365 });
setAppSplitterCookie(key, sizesString);
});
const onPreserveSide = useMemoizedFn(() => {
@ -130,7 +130,7 @@ export const AppSplitter = forwardRef<
const key = createAutoSaveId(autoSaveId);
const sizesString =
preserveSide === 'left' ? [newSizes[0], 'auto'] : ['auto', newSizes[1]];
Cookies.set(key, JSON.stringify(sizesString), { expires: 365 });
setAppSplitterCookie(key, sizesString);
}
}
}));

10
web/src/components/layout/AppSplitter/helper.ts
View File

@ -1 +1,11 @@
export const createAutoSaveId = (id: string) => `app-splitter-${id}`;
import Cookies from 'js-cookie';
export const setAppSplitterCookie = (key: string, value: any) => {
Cookies.set(key, JSON.stringify(value), {
expires: 365,
secure: true,
sameSite: 'strict'
});
};

10
web/src/context/Supabase/server.ts
View File

@ -1,4 +1,4 @@
import { createServerClient, type CookieOptions } from '@supabase/ssr';
import { createServerClient } from '@supabase/ssr';
import { cookies } from 'next/headers';
export async function createClient() {
@ -8,6 +8,14 @@ export async function createClient() {
process.env.NEXT_PUBLIC_SUPABASE_URL!,
process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
{
cookieOptions: {
secure: true,
httpOnly: true
},
auth: {
autoRefreshToken: true,
persistSession: true
},
cookies: {
getAll() {
return cookieStore.getAll();

6
web/src/middleware.ts
View File

@ -9,7 +9,11 @@ export async function middleware(request: NextRequest) {
const performUserCheck = !isPublicPage(request);
supabaseResponse.headers.set('x-next-pathname', request.nextUrl.pathname);
supabaseResponse.cookies.set('x-next-pathname', request.nextUrl.pathname);
supabaseResponse.cookies.set('x-next-pathname', request.nextUrl.pathname, {
secure: true,
httpOnly: true,
sameSite: 'lax'
});
if (performUserCheck && !user && !request.nextUrl.pathname.includes('/test/')) {
return NextResponse.redirect(