k1nq/TREK
1
0
Fork 0
mirror of https://github.com/mauriceboe/TREK.git synced 2026-06-20 22:01:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(naver-import): address PR #495 review issues

Browse Source 
- SSRF: validate user-supplied URLs with checkSsrf() before fetch in
  both importNaverList and importGoogleList; upgrade naver.me substring
  check to exact hostname comparison to prevent bypass
- i18n: add missing places.importNaverList key to de.ts and es.ts
- migration: switch Naver addon seed to INSERT OR IGNORE to preserve
  admin customizations on re-runs; restore budget_category_order
  CREATE TABLE to its original formatting
- route: remove redundant cast after type-narrowing guard in naver-list handler
- component: hoist provider ternary above try/catch in handleListImport
- tests: add four new Naver import cases (502, empty list, no-coords,
  canonical URL skipping redirect fetch)
This commit is contained in:
jubnl
2026-04-15 04:48:39 +02:00
parent 4362406e74
commit 9789c51d4f
7 changed files with 125 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/src/routes/places.ts
+2 -4
View File
@@ -123,10 +123,8 @@ router.post('/import/naver-list', authenticate, requireTripAccess, async (req: R
return res.status(result.status).json({ error: result.error });
}
const successResult = result as { places: any[]; listName: string };
res.status(201).json({ places: successResult.places, count: successResult.places.length, listName: successResult.listName });
for (const place of successResult.places) {
res.status(201).json({ places: result.places, count: result.places.length, listName: result.listName });
for (const place of result.places) {
broadcast(tripId, 'place:created', { place }, req.headers['x-socket-id'] as string);
}
} catch (err: unknown) {