codeflash-ai/codeflash-internal
1
0
Fork 0
Code Issues Pull requests 39 Projects Releases Packages Wiki Activity Actions 2.0k
codeflash-internal/js/cf-api/types.d.ts
HeshamHM28 a805f4cfbf revert: rollback PR #2601 and dependent fixes to ec39cd51 
Reverts the following commits from main:
- d7a8b8f2 perf: fix CI build + lazy-load heavy libs + parallelize DB queries (#2601)
- 48b5e2b4 fix: make tree-sitter WASM build failure non-fatal when cache exists (#2602)
- c372b6bc Merge pull request #2603 from codeflash-ai/fix/deploy-build-common
- b656bb1d fix: cf-api deploy broken by pnpm workspace migration
- c1b0076c fix: align TypeScript versions to deduplicate @prisma/client in pnpm
- 09ed4d4b fix: use redirect instead of throw for auth failures during prerender
- 71127055 fix: redirect remaining auth throws that crash prerendering

PR #2601 introduced 18 bugs including 5 authorization bypass vulnerabilities:
- Cross-org data access via forged currentOrganizationId cookie
- Cross-repo/cross-org member role escalation and deletion (unscoped lookups)
- Missing replayTests/concolicTests in approval flow
- repository_id filter silently broken for personal accounts
- Tests mocking wrong Prisma method ($queryRawUnsafe vs $queryRaw)

The subsequent PRs (#2602, #2603, and follow-up commits) were dependent
fixes for issues caused by #2601 and are reverted together.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 18:59:11 +00:00

55 lines
1.8 KiB
TypeScript
Raw Blame History

import { Request } from "express"
// Permissive Octokit type
export type AnyOctokit = any
// PR response type
export type PullRequestCreationResponse = any
// Subscription info attached by track-usage middleware
export interface SubscriptionInfo {
userId: string
tier: string
used: number
limit: number
}
// Extended Request with userId and organizationId
export interface AuthorizedUserReq extends Request {
userId?: string
organizationId?: string | null
user?: {
id: string
email?: string
}
subscriptionInfo?: SubscriptionInfo
}
// PR database interface
export interface PullRequestDB {
pull_request: {
dependent_pr_url?: string
review_suggestion_pr_url?: string
[key: string]: any
}
}
// Complete AsyncExpressApp interface
export interface AsyncExpressApp {
post(path: string, handler: any): AsyncExpressApp
post(path: string, middleware: any, handler: any): AsyncExpressApp
post(path: string, ...handlers: any[]): AsyncExpressApp
// Async methods
postAsync: (path: string, handler: (req: any, res: any, next?: any) => Promise<any>) => void
getAsync: (path: string, handler: (req: any, res: any, next?: any) => Promise<any>) => void
// Standard Express methods
use: (pathOrMiddleware: any, middleware?: any) => AsyncExpressApp
get: (path: string, handler: (req: any, res: any, next?: any) => any) => AsyncExpressApp
post: (path: string, handler: (req: any, res: any, next?: any) => any) => AsyncExpressApp
put: (path: string, handler: (req: any, res: any, next?: any) => any) => AsyncExpressApp
delete: (path: string, handler: (req: any, res: any, next?: any) => any) => AsyncExpressApp
patch: (path: string, handler: (req: any, res: any, next?: any) => any) => AsyncExpressApp
listen: (port: number, callback?: () => void) => any
}
Reference in a new issue View git blame Copy permalink