Conversation
Reordered tailwind class names across multiple components to maintain a consistent pattern. Updated PostCSS configuration to use the Tailwind CSS PostCSS plugin directly. Removed unnecessary ESLint configuration and migrated to a flat config format. Updated dependencies and dev scripts to use Turbopack for faster development builds.
… ignore patterns Add @parcel/watcher to the onlyBuiltDependencies list in package.json to ensure it is included in the build process. Additionally, update ESLint configuration to ignore common build and output directories, improving linting efficiency by excluding unnecessary files.
The pnpm overrides in package.json were removed as they are no longer needed. Additionally, a new pnpm-workspace.yaml file was added to specify onlyBuiltDependencies, ensuring that sharp and unrs-resolver are built correctly within the workspace.
- Replace `flex-grow` with `grow` in button components for consistency - Update shadow classes from `shadow` to `shadow-sm` or `shadow-xs` across multiple components - Remove `tailwind.config.ts` and migrate to inline Tailwind CSS configurations - Adjust class names for better readability and maintainability - Update global CSS to use `@import` for Tailwind and custom animations
…slot attributes Refactored various UI components from class-based to function components for better maintainability and readability. Added `data-slot` attributes to improve component identification and styling. Updated dependencies to include `@radix-ui/react-tabs` and `sonner`. Simplified component logic and improved consistency across the codebase.
- Add `eslint-plugin-jsx-a11y` for better accessibility linting - Update ESLint configuration to include accessibility rules - Replace `<a>` with `<Link>` in `LoginForm` for Next.js optimization - Add `role="button"` to password toggle for better accessibility - Clean up unused ESLint directives and improve code readability - Update `global-error.tsx` to include `lang="en"` for better HTML semantics
The button variant types in QuizDetails.tsx were updated to include "ghost" and "link" and to remove redundant "default". Additionally, the CoursePage and QuizPage components were refactored to improve type safety by awaiting the params object directly from the props.
- Rename `href` and `label` to `link` and `name` in NavBar for clarity - Change `dark:flex` to `dark:block` in Welcome component for correct display - Update ThemeToggle position from `absolute` to `fixed` in layout for better UI - Add `createdAt` and `updatedAt` fields to courseSchema for enhanced data tracking - Simplify contributors section in README for cleaner presentation
…ser menu - Added theme toggle functionality to switch between light and dark modes - Integrated a search bar for improved user experience - Enhanced user menu with avatar, dropdown, and navigation options - Updated mobile menu to include search, theme toggle, and auth buttons - Improved styling and responsiveness for better usability
Add axios as a dependency and create a new axios instance with request and response interceptors to handle token refresh and error management. This enables consistent API request handling and improves error recovery for authentication-related issues.
Implement logout action in authSlice to reset user state and update logout page to dispatch the logout action. This ensures consistent state management and proper user session cleanup.
- Remove unused `rememberMe` field from `LoginSchema` and related components - Remove unnecessary `console.dir` and `console.log` statements - Simplify form initialization in `useLogin` hook - Add `cursor-pointer` class to `Password` component for better UX - Update `axiosInstance` to handle status codes more effectively - Remove unused `ThemeToggle` component from layout - Refactor `Button` component to use `forwardRef` and simplify styles
- Replace mock blog fetching with `getBlog` action - Refactor `fetchBlogs` to support complex filters - Update `useBlogFilters` to handle input and category filters separately
…ayer This commit introduces a new service layer by consolidating API-related functions into dedicated service files (authService, courseService, userService). It removes deprecated API utilities (fetch.ts, api.ts, axios.ts) and replaces them with a streamlined API client (apiClient.ts). The changes improve maintainability, reduce code duplication, and provide a consistent interface for API interactions. Additionally, auth-related hooks and components have been reorganized for better structure and clarity.
Introduce OTP verification feature by adding a new `input-otp` component and a `/verify-otp` page. The `useSignUp` hook now redirects users to the OTP verification page after successful sign-up. This enhances security by requiring users to verify their identity via a one-time password.
Introduce OTP verification functionality including a reusable modal component, context for managing verification data, and hooks for OTP requests and verification. This enhances the authentication flow by providing a secure and user-friendly way to verify email addresses during signup. The implementation includes schema validation, session storage for persistence, and integration with existing auth services.
…e types - Refactor IApiResponse into success/failed interfaces for better type safety - Update auth services and hooks to use new response types - Improve OTP verification flow with proper redirects and error handling - Add SignUpResponse type for better type safety in signup flow - Consolidate dashboard layout into single component - Update logout page to use constants for cookie names - Improve Google sign-in with error handling and button styling
- Move IApiResponse type to shared types file and update all service imports - Remove redundant send-response.util and update apiClient to use new type - Add USER_ID cookie constant and save it during login - Clean up imports and remove unused code in various service files
- Remove loading.tsx as it's no longer needed - Move AuthProvider from dashboard layout to root layout for better auth handling - Update auth checks to use status instead of data presence - Add accessToken and userId props to AuthProvider for conditional fetching - Simplify AuthProvider component structure
- Remove AuthContext and replace with useSessionStorage hook - Add authFlowSlice for managing auth state with redux - Update OTP verification flow to use new session storage approach - Consolidate notification types and OTP schemas in constants - Improve type safety with new VerifyOTPSchema
- Add USER_ID cookie deletion in logout process - Introduce AuthToken type for better type safety - Improve OTP verification flow with token persistence - Update API client to handle token refresh for OTP endpoints - Refactor auth services for better token management - Fix OTP modal to properly handle token storage and resend
- Replace `div` with semantic `header` tag - Rename `scrolled` state to `isScrolled` for clarity - Remove unused imports and console log - Reorganize authenticated user section - Simplify mobile auth buttons logic
- Remove custom toast components and hooks in favor of sonner library - Update all toast usage across components to use sonner's API - Simplify toast calls and improve consistency in error/success messaging - Remove unused toast-related exports from ui index file
- Replace h1-h6, p, and span elements with Typography component across multiple files - Update Typography component to support span variant and improve styling - Standardize text rendering and improve consistency in UI - Update password component to use Lucide icons and better button implementation - Clean up unused imports and update dependencies
- Migrate next.config from mjs to ts with enhanced image patterns - Restructure home page components for better organization - Update image components with proper sizing and priority attributes - Improve auth pages typography and image handling - Enhance blog cards with better layout and typography - Update dependencies to latest versions
…h functionality - Add new dashboard layout components including header, main, and top navigation - Implement command menu with keyboard shortcut (Cmd+K) for quick navigation - Add search functionality with context provider - Include new UI components (command, scroll-area) and types - Update dependencies to support new features (cmdk, recharts, etc.) - Add sample dashboard overview with charts and statistics
- Add new Collapsible component using Radix UI primitives - Refactor sidebar structure to support collapsible navigation groups - Implement team switcher dropdown with team selection functionality - Add user profile dropdown in sidebar footer - Export new navigation types from types.ts - Update package dependencies for new components
refactor(types): improve type definitions for navigation and profile feat(ui): add calendar and popover components build: add date-fns and react-day-picker dependencies
…d components refactor(public): replace div with fragment in public page layout feat(protected): add dashboard with sidebar, navbar, and settings pages feat(users): implement user profile and list pages with error handling style(footer): simplify footer layout and improve responsiveness chore: update dependencies and add new ui components fix(login): remove duplicate navbar from auth pages feat(courses): add courses management with create, update, and delete functionality docs: update documentation and comments for new components test: add skeleton loaders and error boundaries for async components
…onent (#40) * feat(auth): add NavBar component to login and signup pages * feat(username): implement username availability check with input component * feat(auth): remove NavBar from login and signup pages, add it to AuthProvider, and update username availability check response structure * feat(layout): replace AuthNavBar with NavBar in PublicLayout and update import paths * feat(ui): enhance UsernameInput component with props for controlled behavior and availability check callback * feat(layout): replace NavBar with AuthNavBar in PublicLayout and clean up unnecessary fragments in layout components --------- Co-authored-by: Sanjay Kumar Sah <sanjay8797421521@gmail.com>
- Fix incorrect signup endpoint URL that was pointing to login - Add userId check to auth query enabled condition - Redirect to logout instead of login on failed auth status
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| const response = await fetch(url, { | ||
| method, | ||
| headers, | ||
| body: body ? JSON.stringify(body) : undefined, | ||
| ...fetchOptions, | ||
| }); |
Check failure
Code scanning / CodeQL
Server-side request forgery Critical
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 months ago
To fix this SSRF vulnerability, you should validate and enforce constraints on the courseId parameter in getCourse before using it to construct a URL. Specifically:
- Only permit course IDs that match the expected pattern—typically, a UUID or numeric/alphanumeric identifier.
- Reject course IDs containing path traversal (
..), slashes, or any special characters not expected in IDs. - Optionally, use an allow-list or a regular expression to enforce permitted formats.
Implement this input validation directly in the getCourse function (src/lib/services/courseService.ts) before interpolating courseId into the URL template. If validation fails, throw an error or return an appropriate response. This neutralizes SSRF vectors by ensuring only legitimate path segments are used for request URLs.
No changes to src/lib/apiClient.ts are needed; all validation should happen at the boundary where tainted data enters the system.
| @@ -16,5 +16,10 @@ | ||
| }; | ||
|
|
||
| export const getCourse = async (courseId: string): Promise<IApiResponse<{ course: Course }>> => { | ||
| // Only allow course IDs matching UUID (common) or restrict to alphanumeric/hyphen/underscore | ||
| const COURSE_ID_REGEX = /^[A-Za-z0-9-_]{1,64}$/; | ||
| if (!COURSE_ID_REGEX.test(courseId)) { | ||
| throw new Error("Invalid courseId"); | ||
| } | ||
| return GET<{ course: Course }>(`${COURSE_API_BASE_URL}/api/v1/courses/${courseId}`); | ||
| }; |
Summary of ChangesHello @sanjaysah101, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request represents a substantial overhaul of the project's foundational technologies and user interface. The primary goal was to modernize the application by upgrading key dependencies to their latest versions, enhancing the user experience with new and improved UI components, and streamlining the backend interaction through a centralized API client. This includes a complete refactoring of the authentication process, the introduction of a new OTP verification flow, and a significant redesign of the dashboard and user settings areas. The changes aim to improve performance, maintainability, and prepare the codebase for future feature development. Highlights
Ignored Files
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This is a massive and impressive pull request that upgrades major dependencies (Next.js, React, Tailwind CSS) and refactors large parts of the application architecture. The move to a dedicated service layer, modern ESLint configuration, and improved authentication flow are excellent architectural improvements. I've identified a few areas with placeholder code and opportunities for improved type safety that should be addressed, but overall, this is a high-quality contribution that significantly modernizes the codebase.
| <Link href="#" className="text-blue-500 hover:underline"> | ||
| Forget password? | ||
| </Link> |
There was a problem hiding this comment.
The "Forget password?" link currently points to href="#", which is a placeholder. This should be updated to point to the actual password reset page or removed if the functionality is not yet implemented.
src/app/(auth)/hooks/useUserInput.ts
Outdated
| import { checkUsernameAvailability } from "@/lib/services"; | ||
|
|
||
| const useUserInput = () => { | ||
| const { isPending, mutate, data, error } = useMutation<any, Error, any>({ |
There was a problem hiding this comment.
The useMutation hook is using any for its generic types. To improve type safety, these should be replaced with specific types. Based on the checkUsernameAvailability service, the types should be useMutation<IApiResponse<{ isAvailable: boolean }>, Error, { username: string }>.
| const { isPending, mutate, data, error } = useMutation<any, Error, any>({ | |
| const { isPending, mutate, data, error } = useMutation<IApiResponse<{ isAvailable: boolean }>, Error, { username: string }>({ | |
| const handleVerificationSuccess = (data: any) => { | ||
| // This callback is triggered when OTP is successfully verified via the modal | ||
| console.log("Verification successful, received data:", data); | ||
| router.replace("/dashboard"); | ||
| }; |
There was a problem hiding this comment.
The handleVerificationSuccess function contains a console.log and its data parameter is typed as any. The console.log should be removed for production code, and the parameter should be properly typed based on the expected API response for better type safety.
const handleVerificationSuccess = (data: { actionToken: AuthToken }) => {
// This callback is triggered when OTP is successfully verified via the modal
router.replace("/dashboard");
};
| return ( | ||
| <> | ||
| <DashboardPage /> | ||
| <Dashboard /> | ||
| </> | ||
| ); |
There was a problem hiding this comment.
This page currently renders two different dashboard components, <DashboardPage /> and <Dashboard />. This appears to be temporary code for development or comparison. Please clean this up to render only the single, intended dashboard component.
return (
<>
<Dashboard />
</>
);
| function onSubmit(data: AccountFormValues) { | ||
| // showSubmittedData(data); | ||
| console.log(data); | ||
| } |
There was a problem hiding this comment.
The onSubmit function for the account form currently only logs the data to the console. This placeholder logic should be replaced with the actual implementation for submitting the form data to the backend.
|
|
||
| return ( | ||
| <Form {...form}> | ||
| <form onSubmit={form.handleSubmit(console.log)} className="space-y-8"> |
There was a problem hiding this comment.
The onSubmit function for the profile form logs the form data to the console. This is placeholder logic and should be implemented to actually submit the data to the backend API.
| headers: { ...(res.headers as Record<string, string>) }, | ||
| }); | ||
| } catch (err: any) { | ||
| console.log({ err }); |
There was a problem hiding this comment.
A console.log is present in the error handling catch block. For production environments, this should be removed or replaced with a structured logging service to ensure that errors are tracked effectively without exposing sensitive information in logs.
| } = useForm<Course | CreateCourse>({ | ||
| resolver: zodResolver(CreateCourse), | ||
| defaultValues: { |
There was a problem hiding this comment.
The useForm hook is typed with Course | CreateCourse. For a creation form, it's cleaner to use only the CreateCourse type, as an id won't be present. Additionally, the onSubmit function is typed with data: Course, which is inconsistent. Aligning these types to consistently use CreateCourse will improve type safety.
| } = useForm<Course | CreateCourse>({ | |
| resolver: zodResolver(CreateCourse), | |
| defaultValues: { | |
| } = useForm<CreateCourse>({ | |
| resolver: zodResolver(CreateCourse), |
2 participants
What changes have been made?
shadcn/uiToast withsonner#36shadcn/uiComponents to Latest Version #35