From c57972a5ce045813367aeff2b5d85fb5b9be0259 Mon Sep 17 00:00:00 2001 From: Konstantin Rybakov Date: Sun, 9 Jun 2024 14:55:30 +0300 Subject: [PATCH] rka-19: fix the security warning, added allowed hosts --- lib/db/queries.ts | 3 --- lib/hiring-platforms/base.ts | 2 ++ lib/hiring-platforms/greenhouse.ts | 4 +++- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/db/queries.ts b/lib/db/queries.ts index fe6b85d..bf3b2a7 100644 --- a/lib/db/queries.ts +++ b/lib/db/queries.ts @@ -1,7 +1,6 @@ // TODO: split this file import { and, eq, notInArray, sql } from 'drizzle-orm' -import { logger } from '../logger' import { db } from './db' import { type InsertCompany, type InsertJob, companies, jobs } from './schema' @@ -85,8 +84,6 @@ export const queryMarkJobsAsClosed = async ( companyId: number, openJobs: InsertJob[], ) => { - logger.debug(openJobs.map(({ url }) => url)) - const result = await db .update(jobs) .set({ status: 'closed' }) diff --git a/lib/hiring-platforms/base.ts b/lib/hiring-platforms/base.ts index 23f2fda..7ac23d5 100644 --- a/lib/hiring-platforms/base.ts +++ b/lib/hiring-platforms/base.ts @@ -3,6 +3,8 @@ import type { HiringPlatformName, SelectCompany } from '../db/schema' export abstract class HiringPlatform { constructor(protected url: URL) {} + abstract allowedHosts: string[] + abstract checkURL(): Promise abstract fetchJobs(companyId: SelectCompany['id']): Promise } diff --git a/lib/hiring-platforms/greenhouse.ts b/lib/hiring-platforms/greenhouse.ts index 1ffcacc..f7cb94c 100644 --- a/lib/hiring-platforms/greenhouse.ts +++ b/lib/hiring-platforms/greenhouse.ts @@ -17,8 +17,10 @@ type GreenhouseJob = { } export class Greenhouse extends HiringPlatform { + allowedHosts = ['boards.eu.greenhouse.io', 'boards.greenhouse.io'] + async checkURL(): Promise { - if (!this.url.hostname.endsWith('greenhouse.io')) { + if (!this.allowedHosts.includes(this.url.host)) { throw new Error('[Greenhouse] URL mismatch') }