From da3461dd400663903b343fdbc0d3a7f32d407bb4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EA=B9=80=EC=9D=80=EC=86=94?= Date: Thu, 24 Jul 2025 08:28:17 +0900 Subject: [PATCH 1/3] [Autofic] Create package.json and CI workflow --- .github/workflows/pr_notify.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/pr_notify.yml diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml new file mode 100644 index 0000000..2b34036 --- /dev/null +++ b/.github/workflows/pr_notify.yml @@ -0,0 +1,20 @@ +name: PR Notifier + +on: + pull_request: + types: [opened, reopened, closed] + +jobs: + notify: + runs-on: ubuntu-latest + steps: + - name: Notify Discord + env: + DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} + run: | + curl -H "Content-Type: application/json" -d '{"content": "🔔 Pull Request [${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $DISCORD_WEBHOOK_URL + - name: Notify Slack + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + run: | + curl -H "Content-Type: application/json" -d '{"text": ":bell: Pull Request <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}> by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $SLACK_WEBHOOK_URL From a37c6b44f0f5973ceccaf91b136dceaad69948bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EA=B9=80=EC=9D=80=EC=86=94?= Date: Thu, 24 Jul 2025 08:28:19 +0900 Subject: [PATCH 2/3] [Autofic] 2 malicious code detected!! --- back-end/src/controllers/api/users.js | 4 +--- back-end/src/middlewares/init.js | 5 +++++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/back-end/src/controllers/api/users.js b/back-end/src/controllers/api/users.js index 9ece433..9c821d7 100644 --- a/back-end/src/controllers/api/users.js +++ b/back-end/src/controllers/api/users.js @@ -113,9 +113,7 @@ module.exports = { user: 'projectblogman@gmail.com', // generated ethereal user pass: 'girlscript2020', //account.pass }, - tls: { - rejectUnauthorized: false, - }, + // Removed the tls configuration to use default secure settings }); // setup email data with unicode symbols diff --git a/back-end/src/middlewares/init.js b/back-end/src/middlewares/init.js index 60d824e..d65ac19 100644 --- a/back-end/src/middlewares/init.js +++ b/back-end/src/middlewares/init.js @@ -15,6 +15,11 @@ module.exports = [ cookieSession({ name: 'session', keys: ['123'], + domain: 'example.com', // Set to your domain + expires: new Date(Date.now() + 60 * 60 * 1000), // 1 hour expiration + httpOnly: true, + path: '/', + secure: true, // Ensure cookies are sent over HTTPS }), cookieParser(), ]; From bc3eeea2afd8e83ea43bac82eb35884697ad342f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EA=B9=80=EC=9D=80=EC=86=94?= Date: Thu, 24 Jul 2025 08:28:34 +0900 Subject: [PATCH 3/3] chore: remove CI workflow before upstream PR --- .github/workflows/pr_notify.yml | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 .github/workflows/pr_notify.yml diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml deleted file mode 100644 index 2b34036..0000000 --- a/.github/workflows/pr_notify.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: PR Notifier - -on: - pull_request: - types: [opened, reopened, closed] - -jobs: - notify: - runs-on: ubuntu-latest - steps: - - name: Notify Discord - env: - DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} - run: | - curl -H "Content-Type: application/json" -d '{"content": "🔔 Pull Request [${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $DISCORD_WEBHOOK_URL - - name: Notify Slack - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - run: | - curl -H "Content-Type: application/json" -d '{"text": ":bell: Pull Request <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}> by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $SLACK_WEBHOOK_URL