Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Medieteknik | v1.6 #318

Merged
merged 57 commits into from
Oct 29, 2024
Merged

Medieteknik | v1.6 #318

merged 57 commits into from
Oct 29, 2024

Conversation

BeastlyMC956
Copy link
Member

Major Version, v1.6

New

Albums

Link to the Album Page

  • Listed under the CHAPTER in the header navigation
  • A privileged user can upload images and videos, in addition they can create albums.
    • Max 10MB for images
    • Use of YouTube for videos so mostly infinite

Positions

Link to the Position Page

  • A collection of all available positions in the chapter
  • A way to quickly access your own committees in the dropdown by clicking your name in the header

Changes

  • Updated to Next.js v15 and React v19
  • You can now modify an image before uploading it to be your profile picture
  • Cookies have changed due to Next.js v15 changing how clients and servers interact with cookies, all previous cookies are now stored in local storage
  • More Translations have been added

Fixes

  • You can now end recruitments earlier
  • You can remove news articles via the post
  • You can upload cover images to news articles
  • "Styrelsen" can now pin documents via the dashboard
  • Small UI tweaks, mostly for mobile viewing
  • Bug fixes

Merge pull request #316 from medieteknik-kth/dev
* Bug fix for uploading files, which makes uploading public profile pictures work and is easier to maintain.
* Preloading the landing page image
* And rendering the chapter members is now done via SSR
* New display for events in the bulletin
* Small adjustments to tags and tooltips
* Fixed size for the calendar
* You now set the desired amount instead of incrementing.
* Also a comment for changing the API in development.
* New Page to describe the graphical identity of the chapter.
* Removed a few remaining `public/images` to switch over to cloud
* Added translations to the chapter page
# Backend
* Separated the public document routes from the item
* Added new search argument for the `GET` route for documents

# Frontend
* More responsive document page
* Added search bar with a detailed search button
* Improved separation and folder structure
* Small adjustments
* More documentation
Small UI tweaks to make it more responsive and cleaner.
* Couple of custom titles
* Also some bugfixes
* Updated Next.js to the latest version
* Renamed and adjusted the officials section
* Adjustments to the profile section of the profile area.
* Better naming for the `limit` function
* Some bug fixes when using the `to_dict()` methods
* It is now more stable, takes less space, and is more consistent.
* Added some translations
* Added more documentation
# Project
* Added VSCode settings to each folder

# Frontend
* Removed firebase files
* It will now redirect on failure instead of showing "Not found"
* Added more documentation
Main purpose for this column is to serve content from KTH, THS, "Datasektionen" on the website
* Fixed some dark mode problems with the navigation dropdown nav menu and the search function within documents page
* Adjusted size of elements in the officials sections of the chapter page
* Added the `hidden` column
* Added `Playwright` and `Jest` to the project for E2E and functionality testing of non React components. E2E testing for now is only done locally
* Added GitHub action to test on push and PR to master
* Updated Next.js to v14.2.15
* Removed firebase config
* Adjusted some UI elements to be better for E2E testing
* Changed the fallback language to English
* Added new `news` translation string
* Makes it so most text is confined to a paragraph tag, to reduce size in the database.
* Also improved documentation and removed some imports.
* Adjusted event upload dialog to specify max length of the description and title
* Better responsiveness
* Translations for both Swedish and English
* More documentation
* HTML Title
* Updated screenshots
* Added form-factor to screenshots
* Moved apple-icon.png
* Much easier to modify and cleaner JSX components
* You can search for a specific position or navigate between them in a grid display
* Changed from JSON to forms for uploading news articles
* Also enabled deletion of news articles
It will check if your cookies are outdated, if they are it will present you with the menu once again
* Added more documentation
* Changed some UI elements + more translations
* Removed `ServerProviders` as it is no longer needed.
Still not fully complete with the account page but it has better UX.

* Added URL title
* Modify profile picture before uploading
* More documentation
* More translations
* Removed unfinished components, inputs.
Updated Next.js to v15.0.1
As ESLint v9 is now supported for Next.js
* With this change I've reformatted and changed most files to fix linting issues.
I don't really know why.
* Reduce gunicorn workers
* Removed the init.sql for now.
Albums are back in a new form and are for media. New routes for the albums
* Small bug fixes
You can upload media (images, videos) and create albums to store those media in.
Also changed the way we authenticate it for now.
Added more translations for committee management, and small bug fixes. Also added more documentation
It will now always route back to where you were at previously, rather than to the homepage. Also it is now primarily a modal on press rather than it's own page thanks to intercepting routes with Next.js.
* Made it easier to navigate when you recently changed display language.
* Improved the sitemap.xml to be more accurate.
@BeastlyMC956 BeastlyMC956 added bug Something isn't working UI/UX Improve the user feel and experience frontend TypeScript, both SSR and CSR for Next.JS backend Flask/Python, server side issues enhancement General improvements can be made dependencies Pull requests that update a dependency file API Issues related to the RESTful API endpoints security Security problems, should be used alongside `high priority` performance Performance bottlenecks labels Oct 29, 2024
@BeastlyMC956 BeastlyMC956 added this to the 1.6 milestone Oct 29, 2024
if (file.size > MAX_FILE_SIZE) {
alert('File size is too large')
const img = new window.Image()
img.src = URL.createObjectURL(file)

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix AI 3 months ago

Copilot could not generate an autofix suggestion

Copilot could not generate an autofix suggestion for this alert. Try pushing a new commit or if the problem persists contact support.

image.addEventListener('load', () => resolve(image))
image.addEventListener('error', (error) => reject(error))
image.setAttribute('crossOrigin', 'anonymous') // needed to avoid cross-origin issues on CodeSandbox
image.src = url

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix AI 3 months ago

To fix the problem, we need to ensure that the url passed to the createImage function is safe and does not contain any malicious content. One way to achieve this is by validating the URL before using it. Since the URL is created using URL.createObjectURL, we can add a check to ensure it is a valid object URL.

  1. Add a function to validate the URL.
  2. Use this validation function before setting the src attribute of the Image object.
Suggested changeset 1
frontend/src/app/[language]/account/util/cropImage.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/frontend/src/app/[language]/account/util/cropImage.ts b/frontend/src/app/[language]/account/util/cropImage.ts
--- a/frontend/src/app/[language]/account/util/cropImage.ts
+++ b/frontend/src/app/[language]/account/util/cropImage.ts
@@ -1,3 +1,16 @@
+const isValidObjectURL = (url: string) => {
+  try {
+    const objUrl = new URL(url);
+    return objUrl.protocol === 'blob:';
+  } catch (e) {
+    return false;
+  }
+};
+
 export const createImage = (url: string) =>
   new Promise((resolve, reject) => {
+    if (!isValidObjectURL(url)) {
+      reject(new Error('Invalid URL'));
+      return;
+    }
     const image = new Image()
EOF
@@ -1,3 +1,16 @@
const isValidObjectURL = (url: string) => {
try {
const objUrl = new URL(url);
return objUrl.protocol === 'blob:';
} catch (e) {
return false;
}
};

export const createImage = (url: string) =>
new Promise((resolve, reject) => {
if (!isValidObjectURL(url)) {
reject(new Error('Invalid URL'));
return;
}
const image = new Image()
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
try:
token = oauth.kth.authorize_access_token()
except Exception as e:
return jsonify({"error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
flows to this location and may be exposed to an external user.

Copilot Autofix AI 3 months ago

To fix the problem, we need to ensure that detailed exception information is not exposed to the user. Instead, we should log the detailed error message on the server and return a generic error message to the user. This can be achieved by modifying the exception handling block to log the exception and return a generic error message.

  • Modify the exception handling block in the oidc_auth function to log the exception details and return a generic error message.
  • Add an import statement for the logging module if it is not already present.
Suggested changeset 1
backend/routes/__init__.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/backend/routes/__init__.py b/backend/routes/__init__.py
--- a/backend/routes/__init__.py
+++ b/backend/routes/__init__.py
@@ -12,2 +12,3 @@
 from flask import Flask, jsonify, make_response, request, session, url_for
+import logging
 from flask_jwt_extended import (
@@ -263,3 +264,4 @@
         except Exception as e:
-            return jsonify({"error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR
+            app.logger.error("OIDC authorization error: %s", str(e))
+            return jsonify({"error": "An internal error has occurred."}), HTTPStatus.INTERNAL_SERVER_ERROR
 
EOF
@@ -12,2 +12,3 @@
from flask import Flask, jsonify, make_response, request, session, url_for
import logging
from flask_jwt_extended import (
@@ -263,3 +264,4 @@
except Exception as e:
return jsonify({"error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR
app.logger.error("OIDC authorization error: %s", str(e))
return jsonify({"error": "An internal error has occurred."}), HTTPStatus.INTERNAL_SERVER_ERROR

Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
try:
delete_item(Event, event_id)
except NotImplementedError as e:
return jsonify({"error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
flows to this location and may be exposed to an external user.
Stack trace information
flows to this location and may be exposed to an external user.
Stack trace information
flows to this location and may be exposed to an external user.
Stack trace information
flows to this location and may be exposed to an external user.

Copilot Autofix AI 3 months ago

To fix the problem, we need to ensure that detailed exception messages are not exposed to the end user. Instead, we should log the detailed error message on the server and return a generic error message to the user. This can be achieved by modifying the exception handling code to log the exception and return a generic error message.

  • Modify the exception handling code in the delete_event function to log the exception details and return a generic error message.
  • Add necessary imports for logging if not already present.
  • Ensure that the logging mechanism is properly configured to capture and store the exception details.
Suggested changeset 1
backend/routes/event_routes.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/backend/routes/event_routes.py b/backend/routes/event_routes.py
--- a/backend/routes/event_routes.py
+++ b/backend/routes/event_routes.py
@@ -99,5 +99,7 @@
     except NotImplementedError as e:
-        return jsonify({"error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR
+        app.logger.error(f"NotImplementedError: {str(e)}")
+        return jsonify({"error": "An internal error has occurred!"}), HTTPStatus.INTERNAL_SERVER_ERROR
     except SQLAlchemyError as e:
-        return jsonify({"sql_error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR
+        app.logger.error(f"SQLAlchemyError: {str(e)}")
+        return jsonify({"error": "An internal error has occurred!"}), HTTPStatus.INTERNAL_SERVER_ERROR
 
EOF
@@ -99,5 +99,7 @@
except NotImplementedError as e:
return jsonify({"error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR
app.logger.error(f"NotImplementedError: {str(e)}")
return jsonify({"error": "An internal error has occurred!"}), HTTPStatus.INTERNAL_SERVER_ERROR
except SQLAlchemyError as e:
return jsonify({"sql_error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR
app.logger.error(f"SQLAlchemyError: {str(e)}")
return jsonify({"error": "An internal error has occurred!"}), HTTPStatus.INTERNAL_SERVER_ERROR

Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
except NotImplementedError as e:
return jsonify({"error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR
except SQLAlchemyError as e:
return jsonify({"sql_error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
flows to this location and may be exposed to an external user.
Stack trace information
flows to this location and may be exposed to an external user.
Stack trace information
flows to this location and may be exposed to an external user.
Stack trace information
flows to this location and may be exposed to an external user.

Copilot Autofix AI 3 months ago

To fix the problem, we need to ensure that detailed error messages, especially those containing stack traces or SQL error details, are not exposed to the end user. Instead, we should log these details on the server and return a generic error message to the client.

  • Modify the exception handling in the delete_event function to log the detailed error message and return a generic error message to the client.
  • Use Python's logging module to log the error details on the server side.
Suggested changeset 1
backend/routes/event_routes.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/backend/routes/event_routes.py b/backend/routes/event_routes.py
--- a/backend/routes/event_routes.py
+++ b/backend/routes/event_routes.py
@@ -99,5 +99,7 @@
     except NotImplementedError as e:
-        return jsonify({"error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR
+        app.logger.error(f"NotImplementedError: {str(e)}")
+        return jsonify({"error": "An internal error has occurred!"}), HTTPStatus.INTERNAL_SERVER_ERROR
     except SQLAlchemyError as e:
-        return jsonify({"sql_error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR
+        app.logger.error(f"SQLAlchemyError: {str(e)}")
+        return jsonify({"error": "An internal error has occurred!"}), HTTPStatus.INTERNAL_SERVER_ERROR
 
EOF
@@ -99,5 +99,7 @@
except NotImplementedError as e:
return jsonify({"error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR
app.logger.error(f"NotImplementedError: {str(e)}")
return jsonify({"error": "An internal error has occurred!"}), HTTPStatus.INTERNAL_SERVER_ERROR
except SQLAlchemyError as e:
return jsonify({"sql_error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR
app.logger.error(f"SQLAlchemyError: {str(e)}")
return jsonify({"error": "An internal error has occurred!"}), HTTPStatus.INTERNAL_SERVER_ERROR

Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
@BeastlyMC956 BeastlyMC956 merged commit 1c7411e into master Oct 29, 2024
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
API Issues related to the RESTful API endpoints backend Flask/Python, server side issues bug Something isn't working dependencies Pull requests that update a dependency file enhancement General improvements can be made frontend TypeScript, both SSR and CSR for Next.JS performance Performance bottlenecks security Security problems, should be used alongside `high priority` UI/UX Improve the user feel and experience
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant