issues Search Results · language:Edge language:TypeScript language:JavaScript language:JavaScript language:C# linked:pr
Filter by
5.9M results
Summary
In apps/api/src/validators/auth.js, the registerSchema defines:
role: z.enum([ client , freelancer , admin ]).default( client )
This allows any user to register with role: admin in the request ...
XananasX7
Summary
apps/api/src/routes/adminRoutes.js applies authMiddleware to protect admin routes, but never checks req.user.role ===
admin . Any authenticated user — including regular clients and freelancers ...
App Name
ReBuzz Digital Audio Workstation
App URL (optional)
https://github.com/wasteddesign/ReBuzz
Description
ReBuzz is a modular digital audio workstation (DAW) built upon the foundation of Jeskola ...
submission
Klangfrevnd
Summary
In apps/api/src/services/authService.js, refreshToken() takes no parameters and hardcodes sub: usr_existing . The
endpoint in authController.js passes no argument. Any caller — authenticated or ...
Summary
In apps/api/src/services/authService.js, registerUser calls Date.now() twice — once for the user id and once inside
signAccessToken({ sub: \usr_${Date.now()}` }). Because these are two separate ...
Contexte
Après le déplacement de l identité dans l en-tête (#182, mergé), la barre d outils (topbar) accumulait trop d éléments
sur mobile (~393 px) : logo + nom + badge Niveau/XP + bouton Profil + Accueil ...
effort: medium
enhancement
priority: medium
ThibautDemare
Summary
POST /api/notifications in apps/api/src/routes/notificationRoutes.js has no authMiddleware. Any unauthenticated user can
create notifications.
Impact
- Anonymous notification injection / spam ...
Summary
POST /api/reviews in apps/api/src/routes/reviewRoutes.js has no authMiddleware. Any unauthenticated user can post
reviews.
Impact
- Anonymous fake reviews can be submitted
- No reviewer ...
Summary
POST /api/proposals in apps/api/src/routes/proposalRoutes.js has no authMiddleware. Any unauthenticated user can submit
proposals for jobs.
Impact
- Anonymous proposal spam
- No freelancer ...
Summary
POST /api/messages in apps/api/src/routes/messageRoutes.js has no authMiddleware. Any unauthenticated user can post
messages.
Impact
- Anonymous message spam
- No sender identity attached ...
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.