From 85d1db420d0377a7380da751a4c6600419860346 Mon Sep 17 00:00:00 2001 From: JungYunji Date: Thu, 24 Jul 2025 14:11:01 +0900 Subject: [PATCH 1/3] [Autofic] Create package.json and CI workflow --- .github/workflows/pr_notify.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/pr_notify.yml diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml new file mode 100644 index 0000000..2b34036 --- /dev/null +++ b/.github/workflows/pr_notify.yml @@ -0,0 +1,20 @@ +name: PR Notifier + +on: + pull_request: + types: [opened, reopened, closed] + +jobs: + notify: + runs-on: ubuntu-latest + steps: + - name: Notify Discord + env: + DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} + run: | + curl -H "Content-Type: application/json" -d '{"content": "🔔 Pull Request [${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $DISCORD_WEBHOOK_URL + - name: Notify Slack + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + run: | + curl -H "Content-Type: application/json" -d '{"text": ":bell: Pull Request <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}> by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $SLACK_WEBHOOK_URL From 402fb30c6e6d78c14aaa213b359bfba3bb34abc1 Mon Sep 17 00:00:00 2001 From: JungYunji Date: Thu, 24 Jul 2025 14:11:07 +0900 Subject: [PATCH 2/3] [Autofic] 2 malicious code detected!! --- models/account.js | 2 +- models/login.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/models/account.js b/models/account.js index fc68066..788c937 100644 --- a/models/account.js +++ b/models/account.js @@ -31,7 +31,7 @@ NEWSCHEMA('Account').make(function(schema) { builder.set(model); builder.rem('password'); builder.rem('ispassword'); - model.ispassword && builder.set('password', model.password.sha1()); + model.ispassword && builder.set('password', require('crypto').createHash('sha256').update(model.password).digest('hex')); builder.set('dateupdated', F.datetime); builder.inc('countupdates'); diff --git a/models/login.js b/models/login.js index 6575f6a..1c1b4c6 100644 --- a/models/login.js +++ b/models/login.js @@ -10,7 +10,7 @@ NEWSCHEMA('Login').make(function(schema) { sql.select('item', 'tbl_user').make(function(builder) { builder.fields('id', 'isactivated', 'isconfirmed'); builder.where('email', model.email); - builder.where('password', model.password.sha1()); + builder.where('password', model.password.sha256()); builder.where('isremoved', false); builder.first(); }); From d9f121b962ebaa34e7017f29d411fbac0113930b Mon Sep 17 00:00:00 2001 From: JungYunji Date: Thu, 24 Jul 2025 14:11:28 +0900 Subject: [PATCH 3/3] chore: remove CI workflow before upstream PR --- .github/workflows/pr_notify.yml | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 .github/workflows/pr_notify.yml diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml deleted file mode 100644 index 2b34036..0000000 --- a/.github/workflows/pr_notify.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: PR Notifier - -on: - pull_request: - types: [opened, reopened, closed] - -jobs: - notify: - runs-on: ubuntu-latest - steps: - - name: Notify Discord - env: - DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} - run: | - curl -H "Content-Type: application/json" -d '{"content": "🔔 Pull Request [${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $DISCORD_WEBHOOK_URL - - name: Notify Slack - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - run: | - curl -H "Content-Type: application/json" -d '{"text": ":bell: Pull Request <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}> by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}' $SLACK_WEBHOOK_URL