Closed RobinHeidenis closed 1 year ago
When trying to log in to the site on a preview deployment, Discord says we have provided an invalid redirect URI. We can't possibly add every preview deployment as a valid redirect URI, and so we would like a simple username/password or just a simple sign in button for preview deployments. Alternatively we could mock the discord provider. ALTERNATIVELY we could implement clerk
The latest updates on your projects. Learn more about Vercel for Git ↗︎
Name | Status | Preview | Comments | Updated (UTC) |
---|---|---|---|---|
bucketlist | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | Jun 19, 2023 8:33pm |
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎
To accept the risk, merge this PR and you will not be notified again.
Issue | Package | Version | Note | Source |
---|---|---|---|---|
Network access | node-fetch | 2.6.11 |
|
pnpm-lock.yaml via svix@1.4.12 |
Network access | svix | 1.4.12 |
|
package.json , pnpm-lock.yaml |
Network access | svix-fetch | 3.0.0 |
|
pnpm-lock.yaml via svix@1.4.12 |
Network access | whatwg-fetch | 3.6.2 |
|
pnpm-lock.yaml via svix@1.4.12 |
Network access | raw-body | 2.4.1 |
|
pnpm-lock.yaml via micro@10.0.1 |
Network access | micro | 10.0.1 |
|
package.json , pnpm-lock.yaml |
This module accesses the network.
Packages should remove all network access that isn't functionally unnecessary. Consumers should audit network access to ensure legitimate use.
Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.
If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.
To ignore an alert, reply with a comment starting with @SocketSecurity ignore
followed by a space separated list of package-name@version
specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@*
or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore node-fetch@2.6.11
@SocketSecurity ignore svix@1.4.12
@SocketSecurity ignore svix-fetch@3.0.0
@SocketSecurity ignore whatwg-fetch@3.6.2
@SocketSecurity ignore raw-body@2.4.1
@SocketSecurity ignore micro@10.0.1
New and updated dependency changes detected. Learn more about Socket for GitHub ↗︎
Packages | Version | New capabilities | Transitives^1 | Size | Publisher | |
---|---|---|---|---|---|---|
micro | 🆕 | 10.0.1 | eval, network, filesystem, environment | +12 |
548 kB | leerobinson |
svix | 🆕 | 1.4.12 | network | +12 |
2.29 MB | tasn |
date-fns | ⬆️ | 2.29.3...2.30.0 | None | +0/-0 |
6.69 MB | kossnocorp |
prisma | ⬆️ | 4.12.0...4.15.0 | filesystem | +1/-1 |
17.5 MB | prismabot |
typescript | ⬆️ | 5.0.3...5.1.3 | None | +0/-0 |
40.1 MB | typescript-bot |
@types/prettier | ⬆️ | 2.7.2...2.7.3 | None | +0/-0 |
49.8 kB | types |
postcss | ⬆️ | 8.4.21...8.4.24 | None | +1/-1 |
215 kB | ai |
tailwindcss | ⬆️ | 3.3.1...3.3.2 | None | +15/-18 |
7.6 MB | adamwathan |
prettier | ⬆️ | 2.8.7...2.8.8 | None | +0/-0 |
11.2 MB | prettier-bot |
@trpc/server | ⬆️ | 10.18.0...10.31.0 | None | +0/-0 |
675 kB | katt |
🚮 Removed packages: @ebay/nice-modal-react@1.2.9, @heroicons/react@2.0.17, @mantine/form@6.0.5, @mantine/hooks@6.0.5, @next-auth/prisma-adapter@1.0.5, @prisma/client@4.12.0, @tailwindcss/typography@0.5.9, @tanstack/react-query@4.28.0, @trpc/client@10.18.0, @trpc/next@10.18.0, @trpc/react-query@10.18.0, @types/eslint@8.37.0, @types/node@18.15.11, @types/react@18.0.31, @types/react-dom@18.0.11, @typescript-eslint/eslint-plugin@5.57.0, @typescript-eslint/parser@5.57.0, autoprefixer@10.4.14, daisyui@2.51.5, eslint@8.37.0, eslint-config-next@13.2.4, next@13.2.4, next-auth@4.20.1, prettier-plugin-tailwindcss@0.2.6, react-dom@18.2.0, react-hot-toast@2.4.0, react-render-if-visible@2.1.1
Switched from NextAuth to Clerk for authentication Removed NextAuth related code and added Clerk dependencies and hooks for better authentication management.
Enabled "img.clerk.com" domain in configuration Allowed Clerk's image domain to be used for images in the application.
Simplified database schema Removed unnecessary models from the schema giving a cleaner, more maintainable structure.
Implemented middleware for restricted paths Added a middleware configuration to manage access to restricted paths based on user authentication.
Added a webhook to create a user in the database A new webhook handler creates a user in the database when a user is created in Clerk.
Updated title and description Changed the title and description of the main page for better context.
Added sign-in and sign-up pages using Clerk Implemented new sign-in and sign-up pages using Clerk's authentication.
Refactor code to use Clerk's authentication Various updates across the codebase for a consistent implementation of Clerk's authentication system, replacing NextAuth usage.
Miscellaneous dependency and package changes General updates to dependencies and packages to maintain compatibility.
Integrated Clerk for Authentication
Added Clerk dependencies and used Clerk's useAuth
hook for authentication instead of using useSession
. Removed unnecessary models in the database schema.
Simplified and Updated Environment Variables
Cleaned up env.mjs
file to remove unnecessary environment variables and added Clerk's environment variables.
Replaced SessionProvider with ClerkProvider
Updated _app.tsx
to use Clerk's ClerkProvider
for managing user sessions.
Added Webhook for User Creation
Created api/webhooks/createUser.ts
file for handling user creation webhook from Clerk.
Sign-in and Sign-up Pages with Clerk Created separate pages for Clerk-based sign-in and sign-up functionalities.
Updated Auth Access and Data Retrieval
Refactored and updated invite.ts
and lists.ts
files in src/server/api/routers
to use Clerk for authentication, user access control, and data retrieval.
✅ Closes: BUC-11