rka-19: fix the security warning, added allowed hosts

konstrybakov · Jun 9, 2024 · c57972a · c57972a
1 parent 187c296
commit c57972a
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 4 deletions.
diff --git a/lib/db/queries.ts b/lib/db/queries.ts
@@ -1,7 +1,6 @@
 // TODO: split this file
 
 import { and, eq, notInArray, sql } from 'drizzle-orm'
-import { logger } from '../logger'
 import { db } from './db'
 import { type InsertCompany, type InsertJob, companies, jobs } from './schema'
 
@@ -85,8 +84,6 @@ export const queryMarkJobsAsClosed = async (
   companyId: number,
   openJobs: InsertJob[],
 ) => {
-  logger.debug(openJobs.map(({ url }) => url))
-
   const result = await db
     .update(jobs)
     .set({ status: 'closed' })

diff --git a/lib/hiring-platforms/base.ts b/lib/hiring-platforms/base.ts
@@ -3,6 +3,8 @@ import type { HiringPlatformName, SelectCompany } from '../db/schema'
 export abstract class HiringPlatform {
   constructor(protected url: URL) {}
 
+  abstract allowedHosts: string[]
+
   abstract checkURL(): Promise<HiringPlatformName>
   abstract fetchJobs(companyId: SelectCompany['id']): Promise<void>
 }
diff --git a/lib/hiring-platforms/greenhouse.ts b/lib/hiring-platforms/greenhouse.ts
@@ -17,8 +17,10 @@ type GreenhouseJob = {
 }
 
 export class Greenhouse extends HiringPlatform {
+  allowedHosts = ['boards.eu.greenhouse.io', 'boards.greenhouse.io']
+
   async checkURL(): Promise<HiringPlatformName> {
-    if (!this.url.hostname.endsWith('greenhouse.io')) {
+    if (!this.allowedHosts.includes(this.url.host)) {
       throw new Error('[Greenhouse] URL mismatch')
     }