fix(DIS-158): Add security fix for findByIdAndUpdate and sanitize verification update data#158
Open
Whiskey-Taste wants to merge 10 commits intomainfrom
Open
fix(DIS-158): Add security fix for findByIdAndUpdate and sanitize verification update data#158Whiskey-Taste wants to merge 10 commits intomainfrom
Whiskey-Taste wants to merge 10 commits intomainfrom
Conversation
…ification update data
- Update verification controller routes to match frontend API expectations - Add sendEmailVerification and sendSmsVerification endpoints - Add verifyEmail and verifySms endpoints with code support - Update verification service with stub implementations for code sending
- 创建接口抽象层 (IEmailVerificationService, ISmsVerificationService) - 提取可复用工具函数 (verification-code.util, phone-number.util, email-template.util) - 重构AWS SES和SNS服务实现接口 - 支持依赖注入,便于替换服务提供商 - 添加完整的README文档和使用示例 - 改进代码组织结构,遵循SOLID原则
- 移除不必要的 String() 类型转换 - 修复模板字符串中的 number 类型转换 - 修复不必要的转义字符 - 修复不必要的条件判断 - 移除未使用的导入
- 添加 moduleNameMapper 规则来解析 .js 扩展名 - 配置 Jest 支持 ESM 模块 - 修复测试中找不到模块的问题 - 所有单元测试和集成测试现在都能通过
- Fix findByIdAndUpdate in verification.service.ts: pass objectId directly instead of { _id: objectId }
- Fix TypeScript type error in call-processor.service.ts: use .toString() to convert ObjectId to string
- Resolves high-risk bug that prevented user data updates
- Resolves TypeScript compilation errors
- Resolve package.json conflicts: keep both @aws-sdk/client-ses (for legacy code) and @aws-sdk/client-sesv2/@aws-sdk/client-sns (for new verification features) - Remove unused 'ses' package - Regenerate pnpm-lock.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…ification update data## Changes
Security Fix
This PR addresses security vulnerabilities in the verification service by:
Files Changed: