monizb / fireshort Goto Github PK
View Code? Open in Web Editor NEWA URL Shortener made using React.JS and Google Firestore
Home Page: https://fbls.ml
License: MIT License
A URL Shortener made using React.JS and Google Firestore
Home Page: https://fbls.ml
License: MIT License
Right now the app downloads about 300kb of data just to redirect to the link which reduces the speed of the app and hinders User's experience.So it would be a very good idea to implement Code Splitting using Lazy() to remove slow load times and make it nearly negligible.
Resources:
Hello there,
I can add a welcome bot config file having a proper message that will show up when any user will open up an issue or pull-request for the first time as a part of DWOC. Please assign me this issue.
For reference, kindly check out: https://github.com/apps/welcome
THANK YOU
gRPC Library for Node - pure JS implementation
Library home page: https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.1.7.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/@grpc/grpc-js/package.json
Dependency Hierarchy:
Found in HEAD commit: 01d2522e4209e107bda54c059ee7caae1a2713dc
Found in base branch: master
The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition.
Publish Date: 2020-11-11
URL: CVE-2020-7768
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7768
Release Date: 2020-11-11
Fix Resolution (@grpc/grpc-js): 1.1.8
Direct dependency fix Resolution (firebase): 7.22.1-202095155838
Step up your Open Source Security Game with Mend here
Add a new feature in each card/list where the user can check/uncheck the option to protect their link with a password, When this is enabled a password field should be presented to enter the password before redirecting to the destination link. It should track user information only if the password matches.
This will basically help first timers when someone makes a pr, or raise an issue or want to contribute to ur repo
Describe the bug
When any user tries to open the short url, the password gets logged into the console.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Should not be logged.
Describe the bug
Clicking Hits does nothing in list view.
Expected behavior
Clicking Hits should open dialog that shows tracking of the curl.
Describe the bug
When the short URL is accessed and the Fireshort Loader is presented, it disappears for a few seconds before redirecting to thr destination link
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Show the Loader until the page is redirected
Screenshots
If applicable, add screenshots to help explain your problem.
This issue has occurred after #46 was merged, @harshvats2000 please take a look at this if you are interested :)
A Node.js module for sending notifications on native Mac, Windows (post and pre 8) and Linux (or Growl as fallback)
Library home page: https://registry.npmjs.org/node-notifier/-/node-notifier-5.4.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-notifier/package.json
Dependency Hierarchy:
Found in HEAD commit: 01d2522e4209e107bda54c059ee7caae1a2713dc
Found in base branch: master
This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.
Publish Date: 2020-12-11
URL: CVE-2020-7789
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7789
Release Date: 2020-12-11
Fix Resolution (node-notifier): 5.4.4
Direct dependency fix Resolution (react-scripts): 3.4.4
Step up your Open Source Security Game with Mend here
After each link is created, right now it only creates a corresponding card related to it. Instead of this, it should show a Dialog with the created link, a button to copy the link, different ways to share the URL and a button to generate a QR code and share it as a jpg
Is your feature request related to a problem? Please describe.
Right now if you have to search for your created links, you have to manually search them.
Describe the solution you'd like
Add a good looking search bar on top which should filter the cards as the user types into them giving them only the results they want, also please add a cross mark to clear the query and return all the cards back
Describe the bug
I keep getting a sign up error when I attempt to create an account on the sign up page
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Desktop
Describe the bug
In List view, if admin clicks on "Open", link is opened through short link redirect, which also logs the tracking detail as well. But in Card view, it directly opens it without any tracking logs.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Both views should have the same behaviour.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Add any other context about the problem here.
Describe the bug
In card layout, the whole feature of password-protection is not implemented.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Lock/Unlock icon should be shown and Password should be prompted for password-protected links in Card View.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Add any other context about the problem here.
To comply fully with Github's community standards a well documented CONTRBUTING.md file is required to help first time contributors to contribute to this repository. You can use this guide here to write a good one
Feel free to start the discussion below and suggest what you would like to take up. The smallest of the contribution will be accepted and will count for one entry to your Hacktoberfest Progress
The app takes a minimum of 5 seconds to capture the User's IP Address When Redirecting to the destination link which is not at all ideal, It will be great if you can reduce this time drastically by using an alternative npm package or a free api. Right now it uses public-api
package from NPM
Let me know if this needs to be implemented
The initial version of Fireshort has an API which was developed by @JithinAntony4 in #67 which has not been merged yet to master due to the change in DB configurations and rules which were made to allow Fireshort to work as a stand alone application like many famous link shorteners out there. This issue addresses the following points:
Modifying the API to honour the most recent changes in the DB Rules. You can find the lates rules here
Adding a method to change the API Key generation: Right now in the linked PR the application creates a key if it doesn't exist yet. Instead the API should now properly only serve the data belonging to that particular user and create and store the API Key until the user decides to regenerate these keys again.
This issue can be further broken down into 2 individual issues based on the demand for it :)
Describe the bug
After an url is created, the password modal is in plain text while adding a password to an already created url.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The field should be a password field
Screenshots
Access deep object properties using a path
Library home page: https://registry.npmjs.org/object-path/-/object-path-0.11.4.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/object-path/package.json
Dependency Hierarchy:
Found in HEAD commit: 117c3d679afe737a69f8394c186c453fddc9cd28
Found in base branch: master
A prototype pollution vulnerability has been found in object-path
<= 0.11.4 affecting the set()
method. The vulnerability is limited to the includeInheritedProps
mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of object-path
and setting the option includeInheritedProps: true
, or by using the default withInheritedProps
instance. The default operating mode is not affected by the vulnerability if version >= 0.11.0 is used. Any usage of set()
in versions < 0.11.0 is vulnerable. The issue is fixed in object-path version 0.11.5 As a workaround, don't use the includeInheritedProps: true
options or the withInheritedProps
instance if using a version >= 0.11.0.
Publish Date: 2020-10-19
URL: CVE-2020-15256
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-cwx2-736x-mf6w
Release Date: 2020-10-19
Fix Resolution (object-path): 0.11.5
Direct dependency fix Resolution (react-scripts): 3.4.4
Step up your Open Source Security Game with Mend here
Revamp the design for the entire dashboard and make everything look pixel perfect and more clean. Requires basic knowledge of React and CSS.
@abhinavkrin that's not a problem, I'll keep the PR open so you can push all your commits and have one review and testing once you are ready. Thanks!
Hey @monizb, As I was working with the admin panel. I found out that the way the password is checked is insecure. The document has read access set to "public". And hence the password is exposed to the public. Also, once a password is set I could not find a way to remove the password.
Please look into the matter.
A solution would be to set a flag called "isProtected" set to true and storing the passwords in another collection.
Originally posted by @abhinavkrin in #79 (comment)
Describe the bug
Currently the search box for the links only works in the Card View where the cards are filtered out based on the input
To Reproduce
Steps to reproduce the behavior:
Expected behavior
List should be filtered to give out matching results
Right now the app tracks IPV4 address, IPV6 address and User-Agent. Add more tracking options like Country,date filters,Referrers etc. :)
Describe the bug
If a link is opened through Card layout, the link is directly opened instead of getting redirected from short url.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Associated short url should be opened first which should redirect itself to long url as happening in List View.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Add any other context about the problem here.
As mentioned in #145 the login screen is not at all Dynamic right now and does not add to a good UI. The following changes are required:
Please do comment here before being assigned the issue :)
Feel free to work on the signup part where multiple users can register and have their own separate Admin panels rather than having one main Admin Panel.
Tasks:
To implement these you need to know Firestore Database and React.
the bare-bones internationalization library used by yargs
Library home page: https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/y18n/package.json
Dependency Hierarchy:
Found in HEAD commit: 01d2522e4209e107bda54c059ee7caae1a2713dc
Found in base branch: master
The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.
Publish Date: 2020-11-17
URL: CVE-2020-7774
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1654
Release Date: 2020-11-17
Fix Resolution (y18n): 4.0.1
Direct dependency fix Resolution (react-scripts): 3.4.4
Step up your Open Source Security Game with Mend here
Revamp Login UI to address changes and add animations
Lightweight JavaScript-based user-agent string parser
Library home page: https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-0.7.22.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/ua-parser-js/package.json
Dependency Hierarchy:
Found in HEAD commit: 01d2522e4209e107bda54c059ee7caae1a2713dc
Found in base branch: master
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).
Publish Date: 2020-12-11
URL: CVE-2020-7793
Base Score Metrics:
Step up your Open Source Security Game with Mend here
Right now links can be protected only after creating them by clicking on the lock icon. It would be better If it could be added while creating the link itself under the activity tracking switch and if left blank it should not protect the link.
Developing API is important to get connect with other apps easily and securely.
Build minimal API for creating different links using an API key scheme (User)
Describe the bug
We are able to create the short links with spaces in it, but if we create that kind of short link and try to go to the link we shortened we get a console error
To Reproduce
Steps to reproduce the behavior:
Expected behavior
When creating the Custom URL, I'm not able to put any spaces
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Add any other context about the problem here.
Right now the App has no Front Page/ Home Page before the users login, it would be awesome to have a beautiful front page with illustrations, features and animations.Very good Feature Issue For contributors who love front end designing :)
Please feel free to use this issue to discuss about any of the issues, to suggest new feature/bug issues. Issues will be assgned on a first come basis. All the best!
webpack utilities used by Create React App
Library home page: https://registry.npmjs.org/react-dev-utils/-/react-dev-utils-10.2.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/react-dev-utils/package.json
Dependency Hierarchy:
Found in base branch: master
react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoked with user-provided values (ie: by custom code) is there the potential for command injection. If you're consuming it from react-scripts then this issue does not affect you.
Publish Date: 2021-03-09
URL: CVE-2021-24033
Base Score Metrics:
Type: Upgrade version
Origin: https://www.facebook.com/security/advisories/cve-2021-24033
Release Date: 2021-03-09
Fix Resolution (react-dev-utils): 11.0.4
Direct dependency fix Resolution (react-scripts): 4.0.0
Step up your Open Source Security Game with Mend here
The users if wanted can set an end date and time for their links so that the link automatically expires and does not let the user redirect to the destination link. The only logic needed here is that if(current timestamp < end date timestamp) -> redirect else don't and show appropriate errors accordingly
Is your feature request related to a problem? Please describe.
Right now the created links are deleted as soon as "Delete" is clicked, this is not ideal
Describe the solution you'd like
Add a confirmation dialog which first asks the user if they want to delete the link or not
Describe the bug
A clear and concise description of what the bug is.
when the site is accessed from an iphone, the login page is narrowed and parts are cut off
To Reproduce
Steps to reproduce the behavior:
Smartphone (please complete the following information):
Additional context
mobile experience is important to most.
Right now card view has a lot of features which list view doesn't, all you need to do is copy those features to list view and make the UI look better than it is right now.
I'm opening this issue to start developing the Analytics page as mentioned in the README of this project.
The page is already under development, and I'm using this issue to ask some questions
Here are some ideas I have in mind:
Any other ideas?
Here are a quick view of what I've already done
Is your feature request related to a problem? Please describe.
Right now when there are no links present on first login of the user, the page remains blank without any message being shown
Describe the solution you'd like
Add a message saying no links present with a good matching illustration indicating it and a swirly arrow pointing towards the add button on the bottom right
Revamp the entire Login Page to look much better and make it more intuitive, The only requirement is you need to know basic React and CSS.
A light-weight module that brings window.fetch to node.js and io.js
Library home page: https://registry.npmjs.org/node-fetch/-/node-fetch-1.7.3.tgz
Path to dependency file: FireShort/package.json
Path to vulnerable library: FireShort/node_modules/isomorphic-fetch/node_modules/node-fetch/package.json
Dependency Hierarchy:
Found in HEAD commit: 45013b4b5e1034a16c202c95b757387ea0d1ba21
Found in base branch: master
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing.
Publish Date: 2020-09-10
URL: CVE-2020-15168
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-w7rc-rwvf-8q5r
Release Date: 2020-07-21
Fix Resolution: 2.6.1,3.0.0-beta.9
Step up your Open Source Security Game with WhiteSource here
Is your feature request related to a problem? Please describe.
I see there's a login screen, but no signup page. How does a user sign ups to this platform?
Describe the solution you'd like
I'd like to create a signup page and persist user data on localStorage on both login and signup.
Describe the solution you'd like
Get a popup window like the one used for edit link but with dropdown calendar and time selection for the expiration date and time of the link.
_NOTE: This is specifically tailored for Firebase JS SDK usage, if you are not a member of the Firebase team, please avoid using this package_
Library home page: https://registry.npmjs.org/@firebase/util/-/util-0.3.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/@firebase/util/package.json
Dependency Hierarchy:
Found in HEAD commit: 01d2522e4209e107bda54c059ee7caae1a2713dc
Found in base branch: master
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
Publish Date: 2020-11-16
URL: CVE-2020-7765
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7765
Release Date: 2020-11-16
Fix Resolution (@firebase/util): 0.3.3-2020922203858
Direct dependency fix Resolution (firebase): 7.22.1-canary.0e308b623
Step up your Open Source Security Game with Mend here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.