Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

234 - Set default values on Server Settings if color is not set #235

Merged
merged 3 commits into from
Oct 3, 2024
Merged

234 - Set default values on Server Settings if color is not set #235

merged 3 commits into from
Oct 3, 2024

Conversation

jmsm412
Copy link
Collaborator

@jmsm412 jmsm412 commented Oct 2, 2024

Closes #234

@jmsm412 jmsm412 added the frontend (bug) relates to rair-front system label Oct 2, 2024
@jmsm412 jmsm412 self-assigned this Oct 2, 2024
@sarora180673
Copy link
Collaborator

Now getting "Settings updated " message on UI just by navigating to Server settings page.
Also, "Icon color" is still not populated by default value.

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 3, 2024
View reviewed changes
rair-node/bin/api/transactions/transactions.Controller.js
const router = Router();

router.post(
'/:network/:hash',
requireUserSession,
processUserTransaction
processUserTransaction,

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
a database access
Loading
, but is not rate-limited.

Copilot Autofix AI 2 months ago

To fix the problem, we need to introduce rate limiting to the route handler to prevent abuse. The express-rate-limit package is a well-known library for this purpose. We will:

  1. Install the express-rate-limit package.
  2. Set up a rate limiter with appropriate configuration.
  3. Apply the rate limiter to the specific route that handles user transactions.
Suggested changeset 2
rair-node/bin/api/transactions/transactions.Controller.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/rair-node/bin/api/transactions/transactions.Controller.js b/rair-node/bin/api/transactions/transactions.Controller.js
--- a/rair-node/bin/api/transactions/transactions.Controller.js
+++ b/rair-node/bin/api/transactions/transactions.Controller.js
@@ -3,2 +3,3 @@
 const { processUserTransaction } = require('./transactions.Service');
+const RateLimit = require('express-rate-limit');
 
@@ -6,4 +7,11 @@
 
+// set up rate limiter: maximum of 100 requests per 15 minutes
+const limiter = RateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 100, // max 100 requests per windowMs
+});
+
 router.post(
     '/:network/:hash',
+    limiter,
     requireUserSession,
EOF
@@ -3,2 +3,3 @@
const { processUserTransaction } = require('./transactions.Service');
const RateLimit = require('express-rate-limit');

@@ -6,4 +7,11 @@

// set up rate limiter: maximum of 100 requests per 15 minutes
const limiter = RateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // max 100 requests per windowMs
});

router.post(
'/:network/:hash',
limiter,
requireUserSession,
rair-node/package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/rair-node/package.json b/rair-node/package.json
--- a/rair-node/package.json
+++ b/rair-node/package.json
@@ -74,3 +74,4 @@
     "winston-transport": "^4.6.0",
-    "yoti": "^4.6.0"
+    "yoti": "^4.6.0",
+    "express-rate-limit": "^7.4.0"
   },
EOF
@@ -74,3 +74,4 @@
"winston-transport": "^4.6.0",
"yoti": "^4.6.0"
"yoti": "^4.6.0",
"express-rate-limit": "^7.4.0"
},
This fix introduces these dependencies
Package Version Security advisories
express-rate-limit (npm) 7.4.0 None
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
sarora180673
sarora180673 approved these changes Oct 3, 2024
View reviewed changes
Copy link
Collaborator

@sarora180673 sarora180673 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

QA Verified

@sarora180673 sarora180673 merged commit 20e932c into dev Oct 3, 2024
2 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sarora180673 sarora180673 sarora180673 approved these changes

@SeanM322 SeanM322 Awaiting requested review from SeanM322

Assignees

@jmsm412 jmsm412

Labels
frontend (bug) relates to rair-front system
Projects
@rairprotocol's rair-dapp
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jmsm412 @sarora180673