Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Medieteknik | v1.6 #318

Merged
merged 57 commits into from
Oct 29, 2024
Merged

Medieteknik | v1.6 #318

merged 57 commits into from
Oct 29, 2024

Conversation

BeastlyMC956
Copy link
Member

Major Version, v1.6

New

Albums

Link to the Album Page

  • Listed under the CHAPTER in the header navigation
  • A privileged user can upload images and videos, in addition they can create albums.
    • Max 10MB for images
    • Use of YouTube for videos so mostly infinite

Positions

Link to the Position Page

  • A collection of all available positions in the chapter
  • A way to quickly access your own committees in the dropdown by clicking your name in the header

Changes

  • Updated to Next.js v15 and React v19
  • You can now modify an image before uploading it to be your profile picture
  • Cookies have changed due to Next.js v15 changing how clients and servers interact with cookies, all previous cookies are now stored in local storage
  • More Translations have been added

Fixes

  • You can now end recruitments earlier
  • You can remove news articles via the post
  • You can upload cover images to news articles
  • "Styrelsen" can now pin documents via the dashboard
  • Small UI tweaks, mostly for mobile viewing
  • Bug fixes

@BeastlyMC956
Merge pull request #317 from medieteknik-kth/master
6727f1d 
Merge pull request #316 from medieteknik-kth/dev
@BeastlyMC956
[backend] Can delete events
a53108f 
* Bug fix for uploading files, which makes uploading public profile pictures work and is easier to maintain.
@BeastlyMC956
[frontend] Moved to Vercel for hosting.
23bb487
@BeastlyMC956
[frontend] Improved Performance
996834b 
* Preloading the landing page image
* And rendering the chapter members is now done via SSR
@BeastlyMC956
[frontend] UI Adjustments
fe8663a 
* New display for events in the bulletin
* Small adjustments to tags and tooltips
* Fixed size for the calendar
@BeastlyMC956
[frontend] Improved Provider
e3de1c3 
* You now set the desired amount instead of incrementing.
* Also a comment for changing the API in development.
@BeastlyMC956
[frontend] New Graphical Identity Page
fe4bb8a 
* New Page to describe the graphical identity of the chapter.
* Removed a few remaining `public/images` to switch over to cloud
@BeastlyMC956
[frontend] Renamed Head to HeadComponent
f8fb2a4 
* Added translations to the chapter page
@BeastlyMC956
[project] Search function for documents
2af6f52 
# Backend
* Separated the public document routes from the item
* Added new search argument for the `GET` route for documents

# Frontend
* More responsive document page
* Added search bar with a detailed search button
* Improved separation and folder structure
* Small adjustments
* More documentation
@BeastlyMC956
[frontend] UI Adjustments
b4e3116 
Small UI tweaks to make it more responsive and cleaner.
@BeastlyMC956
[frontend] Separated forms for Accounts
86e9a45
@BeastlyMC956
[frontend] Custom titles
af13c90 
* Couple of custom titles
* Also some bugfixes
@BeastlyMC956
[frontend] Adjustments
182ef2d 
* Updated Next.js to the latest version
* Renamed and adjusted the officials section
* Adjustments to the profile section of the profile area.
* Better naming for the `limit` function
@BeastlyMC956
[backend] Student Profiles
52d1014 
* Some bug fixes when using the `to_dict()` methods
@BeastlyMC956
[frontend] Improvements to Article Creation
39d8f9a 
* It is now more stable, takes less space, and is more consistent.
* Added some translations
* Added more documentation
@BeastlyMC956
[project] Removing files and added settings.json
8888eec 
# Project
* Added VSCode settings to each folder

# Frontend
* Removed firebase files
@BeastlyMC956
[frontend] Changed how the news slug URL
a465b67 
* It will now redirect on failure instead of showing "Not found"
* Added more documentation
@BeastlyMC956
[backend] Added hidden column to committees
4272e83 
Main purpose for this column is to serve content from KTH, THS, "Datasektionen" on the website
@BeastlyMC956
[frontend] UI Adjustments
7c62f72 
* Fixed some dark mode problems with the navigation dropdown nav menu and the search function within documents page
* Adjusted size of elements in the officials sections of the chapter page
@BeastlyMC956
[frontend] Updated Committee Model
86280d6 
* Added the `hidden` column
@BeastlyMC956
[frontend] Adjusted Config files
2373cc6 
* Added `Playwright` and `Jest` to the project for E2E and functionality testing of non React components. E2E testing for now is only done locally
* Added GitHub action to test on push and PR to master
* Updated Next.js to v14.2.15
* Removed firebase config
@BeastlyMC956
[frontend] Initial tests
92cb8ed 
* Adjusted some UI elements to be better for E2E testing
@BeastlyMC956
[frontend] I18n changes
46facf7 
* Changed the fallback language to English
* Added new `news` translation string
@BeastlyMC956
[frontend] More improvements to Articles
5876bae 
* Makes it so most text is confined to a paragraph tag, to reduce size in the database.
* Also improved documentation and removed some imports.
@BeastlyMC956
[frontend] Profiles now work
72c57ac 
* Adjusted event upload dialog to specify max length of the description and title
@BeastlyMC956
[frontend] Improved Login Page
c356868 
* Better responsiveness
* Translations for both Swedish and English
* More documentation
* HTML Title
@BeastlyMC956
[frontend] Up-to-date manifest
dc385ee 
* Updated screenshots
* Added form-factor to screenshots
* Moved apple-icon.png
@BeastlyMC956
[frontend] Separate zod schemas
12c0d8f 
* Much easier to modify and cleaner JSX components
@BeastlyMC956
[project] New positions page
5525105 
* You can search for a specific position or navigate between them in a grid display
@BeastlyMC956
[backend] Upload and Delete News
bfb6eb2 
* Changed from JSON to forms for uploading news articles
* Also enabled deletion of news articles
@BeastlyMC956
[frontend] Changes to cookie UI
75e9e18 
It will check if your cookies are outdated, if they are it will present you with the menu once again
* Added more documentation
* Changed some UI elements + more translations
* Removed `ServerProviders` as it is no longer needed.
@BeastlyMC956
[frontend] Improved Account Page
c90ff65 
Still not fully complete with the account page but it has better UX.

* Added URL title
* Modify profile picture before uploading
* More documentation
* More translations
* Removed unfinished components, inputs.
@BeastlyMC956
[frontend] Added Translations to legal
93b0675 
Updated Next.js to v15.0.1
@BeastlyMC956
[frontend] Added ESLint v9 back
89644ad 
As ESLint v9 is now supported for Next.js
* With this change I've reformatted and changed most files to fix linting issues.
@BeastlyMC956
[backend] Had to fallback to port 8080
d061847 
I don't really know why.
* Reduce gunicorn workers
* Removed the init.sql for now.
@BeastlyMC956
[backend] Albums!
0bd01a8 
Albums are back in a new form and are for media. New routes for the albums
* Small bug fixes
@BeastlyMC956
[project] Fully functioning Media page
db9509d 
You can upload media (images, videos) and create albums to store those media in.
@BeastlyMC956
[backend] New Document routes
93631e1 
Also changed the way we authenticate it for now.
@BeastlyMC956
[frontend] More Translations and bug fixes
899ed85 
Added more translations for committee management, and small bug fixes. Also added more documentation
@BeastlyMC956
[backend] Removed some dependencies
5f12f62
@BeastlyMC956
[project] Intercepting modal login page
cb6e654 
It will now always route back to where you were at previously, rather than to the homepage. Also it is now primarily a modal on press rather than it's own page thanks to intercepting routes with Next.js.
@BeastlyMC956
[frontend] UI/UX adjustments
51000f1 
* Made it easier to navigate when you recently changed display language.
* Improved the sitemap.xml to be more accurate.
@BeastlyMC956
[backend] Can delete recruitments
e502699
@BeastlyMC956
[frontend] UI and delete recruitment
a8dee65
@BeastlyMC956
[backend] Small Adjustments
2fc1bba
@BeastlyMC956
[frontend] Minor adjustments for many files
c3f9c01
@BeastlyMC956
[project] Small fixes
0642ce9
@BeastlyMC956 BeastlyMC956 added bug Something isn't working UI/UX Improve the user feel and experience frontend TypeScript, both SSR and CSR for Next.JS backend Flask/Python, server side issues enhancement General improvements can be made dependencies Pull requests that update a dependency file API Issues related to the RESTful API endpoints security Security problems, should be used alongside `high priority` performance Performance bottlenecks labels Oct 29, 2024
@BeastlyMC956 BeastlyMC956 added this to the 1.6 milestone Oct 29, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 29, 2024
View reviewed changes
frontend/src/app/[language]/account/pages/account/accountForm.tsx
if (file.size > MAX_FILE_SIZE) {
alert('File size is too large')
const img = new window.Image()
img.src = URL.createObjectURL(file)

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix AI about 1 month ago

Copilot could not generate an autofix suggestion

Copilot could not generate an autofix suggestion for this alert. Try pushing a new commit or if the problem persists contact support.

frontend/src/app/[language]/account/util/cropImage.ts
image.addEventListener('load', () => resolve(image))
image.addEventListener('error', (error) => reject(error))
image.setAttribute('crossOrigin', 'anonymous') // needed to avoid cross-origin issues on CodeSandbox
image.src = url

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix AI about 1 month ago

To fix the problem, we need to ensure that the url passed to the createImage function is safe and does not contain any malicious content. One way to achieve this is by validating the URL before using it. Since the URL is created using URL.createObjectURL, we can add a check to ensure it is a valid object URL.

  1. Add a function to validate the URL.
  2. Use this validation function before setting the src attribute of the Image object.
Suggested changeset 1
frontend/src/app/[language]/account/util/cropImage.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/frontend/src/app/[language]/account/util/cropImage.ts b/frontend/src/app/[language]/account/util/cropImage.ts
--- a/frontend/src/app/[language]/account/util/cropImage.ts
+++ b/frontend/src/app/[language]/account/util/cropImage.ts
@@ -1,3 +1,16 @@
+const isValidObjectURL = (url: string) => {
+  try {
+    const objUrl = new URL(url);
+    return objUrl.protocol === 'blob:';
+  } catch (e) {
+    return false;
+  }
+};
+
 export const createImage = (url: string) =>
   new Promise((resolve, reject) => {
+    if (!isValidObjectURL(url)) {
+      reject(new Error('Invalid URL'));
+      return;
+    }
     const image = new Image()
EOF
@@ -1,3 +1,16 @@
const isValidObjectURL = (url: string) => {
try {
const objUrl = new URL(url);
return objUrl.protocol === 'blob:';
} catch (e) {
return false;
}
};

export const createImage = (url: string) =>
new Promise((resolve, reject) => {
if (!isValidObjectURL(url)) {
reject(new Error('Invalid URL'));
return;
}
const image = new Image()
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 29, 2024
View reviewed changes
backend/routes/__init__.py
try:
token = oauth.kth.authorize_access_token()
except Exception as e:
return jsonify({"error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.

Copilot Autofix AI about 1 month ago

To fix the problem, we need to ensure that detailed exception information is not exposed to the user. Instead, we should log the detailed error message on the server and return a generic error message to the user. This can be achieved by modifying the exception handling block to log the exception and return a generic error message.

  • Modify the exception handling block in the oidc_auth function to log the exception details and return a generic error message.
  • Add an import statement for the logging module if it is not already present.
Suggested changeset 1
backend/routes/__init__.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/backend/routes/__init__.py b/backend/routes/__init__.py
--- a/backend/routes/__init__.py
+++ b/backend/routes/__init__.py
@@ -12,2 +12,3 @@
 from flask import Flask, jsonify, make_response, request, session, url_for
+import logging
 from flask_jwt_extended import (
@@ -263,3 +264,4 @@
         except Exception as e:
-            return jsonify({"error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR
+            app.logger.error("OIDC authorization error: %s", str(e))
+            return jsonify({"error": "An internal error has occurred."}), HTTPStatus.INTERNAL_SERVER_ERROR
 
EOF
@@ -12,2 +12,3 @@
from flask import Flask, jsonify, make_response, request, session, url_for
import logging
from flask_jwt_extended import (
@@ -263,3 +264,4 @@
except Exception as e:
return jsonify({"error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR
app.logger.error("OIDC authorization error: %s", str(e))
return jsonify({"error": "An internal error has occurred."}), HTTPStatus.INTERNAL_SERVER_ERROR

Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
backend/routes/event_routes.py
try:
delete_item(Event, event_id)
except NotImplementedError as e:
return jsonify({"error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.
Stack trace information
Loading
flows to this location and may be exposed to an external user.
Stack trace information
Loading
flows to this location and may be exposed to an external user.
Stack trace information
Loading
flows to this location and may be exposed to an external user.

Copilot Autofix AI about 1 month ago

To fix the problem, we need to ensure that detailed exception messages are not exposed to the end user. Instead, we should log the detailed error message on the server and return a generic error message to the user. This can be achieved by modifying the exception handling code to log the exception and return a generic error message.

  • Modify the exception handling code in the delete_event function to log the exception details and return a generic error message.
  • Add necessary imports for logging if not already present.
  • Ensure that the logging mechanism is properly configured to capture and store the exception details.
Suggested changeset 1
backend/routes/event_routes.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/backend/routes/event_routes.py b/backend/routes/event_routes.py
--- a/backend/routes/event_routes.py
+++ b/backend/routes/event_routes.py
@@ -99,5 +99,7 @@
     except NotImplementedError as e:
-        return jsonify({"error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR
+        app.logger.error(f"NotImplementedError: {str(e)}")
+        return jsonify({"error": "An internal error has occurred!"}), HTTPStatus.INTERNAL_SERVER_ERROR
     except SQLAlchemyError as e:
-        return jsonify({"sql_error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR
+        app.logger.error(f"SQLAlchemyError: {str(e)}")
+        return jsonify({"error": "An internal error has occurred!"}), HTTPStatus.INTERNAL_SERVER_ERROR
 
EOF
@@ -99,5 +99,7 @@
except NotImplementedError as e:
return jsonify({"error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR
app.logger.error(f"NotImplementedError: {str(e)}")
return jsonify({"error": "An internal error has occurred!"}), HTTPStatus.INTERNAL_SERVER_ERROR
except SQLAlchemyError as e:
return jsonify({"sql_error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR
app.logger.error(f"SQLAlchemyError: {str(e)}")
return jsonify({"error": "An internal error has occurred!"}), HTTPStatus.INTERNAL_SERVER_ERROR

Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
backend/routes/event_routes.py
except NotImplementedError as e:
return jsonify({"error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR
except SQLAlchemyError as e:
return jsonify({"sql_error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.
Stack trace information
Loading
flows to this location and may be exposed to an external user.
Stack trace information
Loading
flows to this location and may be exposed to an external user.
Stack trace information
Loading
flows to this location and may be exposed to an external user.

Copilot Autofix AI about 1 month ago

To fix the problem, we need to ensure that detailed error messages, especially those containing stack traces or SQL error details, are not exposed to the end user. Instead, we should log these details on the server and return a generic error message to the client.

  • Modify the exception handling in the delete_event function to log the detailed error message and return a generic error message to the client.
  • Use Python's logging module to log the error details on the server side.
Suggested changeset 1
backend/routes/event_routes.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/backend/routes/event_routes.py b/backend/routes/event_routes.py
--- a/backend/routes/event_routes.py
+++ b/backend/routes/event_routes.py
@@ -99,5 +99,7 @@
     except NotImplementedError as e:
-        return jsonify({"error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR
+        app.logger.error(f"NotImplementedError: {str(e)}")
+        return jsonify({"error": "An internal error has occurred!"}), HTTPStatus.INTERNAL_SERVER_ERROR
     except SQLAlchemyError as e:
-        return jsonify({"sql_error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR
+        app.logger.error(f"SQLAlchemyError: {str(e)}")
+        return jsonify({"error": "An internal error has occurred!"}), HTTPStatus.INTERNAL_SERVER_ERROR
 
EOF
@@ -99,5 +99,7 @@
except NotImplementedError as e:
return jsonify({"error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR
app.logger.error(f"NotImplementedError: {str(e)}")
return jsonify({"error": "An internal error has occurred!"}), HTTPStatus.INTERNAL_SERVER_ERROR
except SQLAlchemyError as e:
return jsonify({"sql_error": str(e)}), HTTPStatus.INTERNAL_SERVER_ERROR
app.logger.error(f"SQLAlchemyError: {str(e)}")
return jsonify({"error": "An internal error has occurred!"}), HTTPStatus.INTERNAL_SERVER_ERROR

Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
@BeastlyMC956 BeastlyMC956 merged commit 1c7411e into master Oct 29, 2024
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
API Issues related to the RESTful API endpoints backend Flask/Python, server side issues bug Something isn't working dependencies Pull requests that update a dependency file enhancement General improvements can be made frontend TypeScript, both SSR and CSR for Next.JS performance Performance bottlenecks security Security problems, should be used alongside `high priority` UI/UX Improve the user feel and experience
Projects
None yet
Milestone
1.6
Development

Successfully merging this pull request may close these issues.
1 participant
@BeastlyMC956