issues Search Results · language:Dune language:JavaScript language:Java language:Java language:JavaScript linked:pr
Filter by
3.2M results
Summary
In apps/api/src/controllers/searchController.js, the search handler passes req.query.q ?? directly to globalSearch()
with no length limit. An attacker can send arbitrarily large query strings, ...
XananasX7
Summary
In apps/api/src/validators/job.js, createJobSchema validates budgetMin and budgetMax individually as non-negative but
does NOT enforce budgetMin = budgetMax. A client can submit {budgetMin: 1000, ...
Summary
The errorHandler in apps/api/src/middleware/errorHandler.js does not check for ZodError instances. When schema.parse()
throws a ZodError (e.g. invalid request body), the handler falls through ...
Summary
In apps/api/src/validators/auth.js, the registerSchema defines:
role: z.enum([ client , freelancer , admin ]).default( client )
This allows any user to register with role: admin in the request ...
Summary
apps/api/src/routes/adminRoutes.js applies authMiddleware to protect admin routes, but never checks req.user.role ===
admin . Any authenticated user — including regular clients and freelancers ...
Parent
Follow-up under #1882.
Keeps #1882 open.
Context
The Scout live/KV/rate-limit track now has the following safe-gated documentation and contracts:
- #2584 / PR #2585: KV skeleton activation ...
documentation
skerishKang
Summary
In apps/api/src/services/authService.js, refreshToken() takes no parameters and hardcodes sub: usr_existing . The
endpoint in authController.js passes no argument. Any caller — authenticated or ...
Description
We should check if the SSF receiver client is enabled before dispatching new events to it.
Value Proposition
Ensures that we don t delivery events to disabled clients.
Goals
Respect client ...
area/ssf
kind/enhancement
status/triage
team/core-iam
thomasdarimont
Summary
In apps/api/src/services/authService.js, registerUser calls Date.now() twice — once for the user id and once inside
signAccessToken({ sub: \usr_${Date.now()}` }). Because these are two separate ...
Grundmiete und Stellplätze in den Vertrag verschieben
Status: Open
Story
Als privater Vermieter möchte ich die aktuell gültige Grundmiete sowie Anzahl und Preis der Stellplätze direkt im
Mietverhältnis ...
RLethmate
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.