eliott/worldmonitor
1
0
Fork 0
mirror of https://github.com/koala73/worldmonitor.git synced 2026-04-25 17:14:57 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
02f3fe77a9ebfd0ee60514d1e4405ecec67ff236
worldmonitor/api
History
Pranav Garg b793a61c87 fix(api): harden IP extraction, input validation, redirect SSRF check, and origin-pattern parity (#1013) 
- register-interest.js: coerce source/appVersion to string with a 100-char cap
  before forwarding to Convex. Non-string values (objects, arrays) are truthy so
  the previous || 'unknown' guard passed them through, causing Convex to throw
  a type-validation error and surface a 500 to the caller. Also fixes unbounded
  metadata strings filling the registrations table cheaply.

- rss-proxy.js: apply the same www-normalization used by the initial domain check
  to the 301-redirect hostname check. The old bare ALLOWED_DOMAINS.includes(hostname)
  call rejected canonical redirects (e.g. bbc.co.uk -> www.bbc.co.uk) even when
  one form is allowlisted, breaking several feeds silently.

- _api-key.js: align BROWSER_ORIGIN_PATTERNS Vercel-preview regex with the
  narrower pattern already enforced by _cors.js (worldmonitor-*-elie-*.vercel.app).
  The broader worldmonitor-*.vercel.app pattern was dead code because _cors.js
  rejects those origins before _api-key.js is reached.
2026-03-05 07:18:59 +04:00
..
aviation/v1
perf(api): split monolithic edge function into per-domain functions (#753)
2026-03-02 14:13:34 +04:00
climate/v1
perf(api): split monolithic edge function into per-domain functions (#753)
2026-03-02 14:13:34 +04:00
conflict/v1
perf(api): split monolithic edge function into per-domain functions (#753)
2026-03-02 14:13:34 +04:00
cyber/v1
perf(api): split monolithic edge function into per-domain functions (#753)
2026-03-02 14:13:34 +04:00
data
Proto-first API rebuild: sebuf contracts, handlers, gateway, and generated docs (#106)
2026-02-21 03:39:56 +04:00
displacement/v1
perf(api): split monolithic edge function into per-domain functions (#753)
2026-03-02 14:13:34 +04:00
economic/v1
perf(api): split monolithic edge function into per-domain functions (#753)
2026-03-02 14:13:34 +04:00
eia
fix: security hardening — CORS, auth bypass, origin validation & bump v2.2.7
2026-02-15 20:33:20 +04:00
enrichment
feat(api): add company enrichment and signal discovery edge functions (#960)
2026-03-04 08:16:35 +04:00
giving/v1
perf(api): split monolithic edge function into per-domain functions (#753)
2026-03-02 14:13:34 +04:00
infrastructure/v1
perf(api): split monolithic edge function into per-domain functions (#753)
2026-03-02 14:13:34 +04:00
intelligence/v1
perf(api): split monolithic edge function into per-domain functions (#753)
2026-03-02 14:13:34 +04:00
maritime/v1
perf(api): split monolithic edge function into per-domain functions (#753)
2026-03-02 14:13:34 +04:00
market/v1
perf(api): split monolithic edge function into per-domain functions (#753)
2026-03-02 14:13:34 +04:00
military/v1
perf(api): split monolithic edge function into per-domain functions (#753)
2026-03-02 14:13:34 +04:00
natural/v1
feat: move EONET/GDACS to server-side with Redis caching (#983)
2026-03-04 15:02:03 +04:00
news/v1
perf(api): split monolithic edge function into per-domain functions (#753)
2026-03-02 14:13:34 +04:00
positive-events/v1
perf(api): split monolithic edge function into per-domain functions (#753)
2026-03-02 14:13:34 +04:00
prediction/v1
perf(api): split monolithic edge function into per-domain functions (#753)
2026-03-02 14:13:34 +04:00
research/v1
perf(api): split monolithic edge function into per-domain functions (#753)
2026-03-02 14:13:34 +04:00
seismology/v1
perf(api): split monolithic edge function into per-domain functions (#753)
2026-03-02 14:13:34 +04:00
supply-chain/v1
perf(api): split monolithic edge function into per-domain functions (#753)
2026-03-02 14:13:34 +04:00
trade/v1
perf(api): split monolithic edge function into per-domain functions (#753)
2026-03-02 14:13:34 +04:00
unrest/v1
perf(api): split monolithic edge function into per-domain functions (#753)
2026-03-02 14:13:34 +04:00
wildfire/v1
perf(api): split monolithic edge function into per-domain functions (#753)
2026-03-02 14:13:34 +04:00
youtube
perf(cache): bump CDN cache TTLs for oref-alerts and youtube/live (#791)
2026-03-02 21:29:14 +04:00
_api-key.js
fix(api): harden IP extraction, input validation, redirect SSRF check, and origin-pattern parity (#1013)
2026-03-05 07:18:59 +04:00
_cors.js
feat: API key gating for desktop cloud fallback + registration (#215)
2026-02-21 10:36:23 +00:00
_cors.test.mjs
Fix Tauri desktop runtime reliability and settings UX
2026-02-13 23:05:51 +04:00
_rate-limit.js
fix(prod): CORS fallback, rate-limit bump, RSS proxy allowlist (#814)
2026-03-03 00:25:09 +04:00
_relay.js
refactor(api): extract shared relay helper into _relay.js (#782)
2026-03-02 19:28:31 +04:00
_rss-allowed-domains.js
feat: aviation monitoring layer with flight tracking, airline intel panel, and news feeds (#907)
2026-03-04 21:09:37 +04:00
ais-snapshot.js
refactor(api): extract shared relay helper into _relay.js (#782)
2026-03-02 19:28:31 +04:00
bootstrap.js
feat: aviation monitoring layer with flight tracking, airline intel panel, and news feeds (#907)
2026-03-04 21:09:37 +04:00
cache-purge.js
feat(conflict): wire UCDP (#760)
2026-03-02 16:17:17 +04:00
download.js
perf(api): increase CDN cache TTLs and add stale-if-error across edge functions (#777)
2026-03-02 18:18:43 +04:00
fwdstart.js
Proto-first API rebuild: sebuf contracts, handlers, gateway, and generated docs (#106)
2026-02-21 03:39:56 +04:00
geo.js
fix(runtime): route all /api/* calls through CDN edge instead of direct Vercel (#780)
2026-03-02 19:04:07 +04:00
gpsjam.js
perf(api): increase CDN cache TTLs and add stale-if-error across edge functions (#777)
2026-03-02 18:18:43 +04:00
loaders-xml-wms-regression.test.mjs
Build/runtime hardening and dependency security updates (#286)
2026-02-24 08:21:03 +00:00
og-story.js
fix(api): sanitize og-story level input (#219)
2026-02-22 03:19:01 +04:00
og-story.test.mjs
fix(api): sanitize og-story level input (#219)
2026-02-22 03:19:01 +04:00
opensky.js
refactor(api): extract shared relay helper into _relay.js (#782)
2026-03-02 19:28:31 +04:00
oref-alerts.js
perf(cache): bump CDN cache TTLs for oref-alerts and youtube/live (#791)
2026-03-02 21:29:14 +04:00
polymarket.js
refactor(api): extract shared relay helper into _relay.js (#782)
2026-03-02 19:28:31 +04:00
register-interest.js
fix(api): harden IP extraction, input validation, redirect SSRF check, and origin-pattern parity (#1013)
2026-03-05 07:18:59 +04:00
rss-proxy.js
fix(api): harden IP extraction, input validation, redirect SSRF check, and origin-pattern parity (#1013)
2026-03-05 07:18:59 +04:00
seed-health.js
feat: add seed-first pattern to 15 RPC handlers with Railway seed scripts (#989)
2026-03-04 17:37:15 +04:00
story.js
Proto-first API rebuild: sebuf contracts, handlers, gateway, and generated docs (#106)
2026-02-21 03:39:56 +04:00
telegram-feed.js
fix(hydration): guard all bootstrap consumers against empty CDN-cached data (#1015)
2026-03-04 22:35:22 +04:00
version.js
perf(api): increase CDN cache TTLs and add stale-if-error across edge functions (#777)
2026-03-02 18:18:43 +04:00