Dev to Main Sync #2553
Merged
Dev to Main Sync #2553
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* feat: add nudge application functionality - Introduced a new endpoint to nudge applications, allowing users to send reminders. - Implemented logic to prevent nudging if the last nudge was less than 24 hours ago, with appropriate error messages. - Updated application constants to include new API response and error messages related to the nudge feature. - Enhanced the applications controller to handle nudge requests and update application nudge counts accordingly. * refactor: enhance nudge application logic * feat: add error handling for nudge application when status is not pending * fix: correct last nudge timestamp logic in nudgeApplication function * refactor: improve nudge application logic and update response messages - Enhanced the nudgeApplication function to streamline error handling and improve readability. - Updated API response and error messages for nudging applications to provide clearer feedback. - Removed redundant checks and utilized a transaction for better performance and consistency in the nudge process. * refactor: add NUDGE_APPLICATION_STATUS constants * test: add comprehensive tests for nudge application functionality (#2543) * test: add comprehensive tests for nudge application functionality * chore: add logger utility to discordService and logService for improved logging * test: enhance nudge application tests to cover pending status validation * refactor: remove duplicate logger import and unused config in discordService * nit: remove unused logger import * refactor: update nudge application logic and messages - Changed the success message for nudging an application to "Nudge sent successfully". - Updated error messages for nudging to be more user-friendly. - Refactored the nudgeApplication function to streamline logic and improve readability. - Adjusted integration and unit tests to reflect the updated messages and logic. * refactor: nudge model try and catch block --------- Co-authored-by: Amit Prakash <[email protected]>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| applicationValidator.validateApplicationUpdateData, | ||
| applications.updateApplication | ||
| ); | ||
| router.patch("/:applicationId/nudge", authenticate, applications.nudgeApplication); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 18 days ago
In general terms, the safest fix is to introduce a standard rate-limiting middleware (for example, via express-rate-limit) and apply it to the sensitive route(s) that perform authorization and likely interact with external resources. This ensures that even if an attacker is authenticated, they cannot spam the endpoint at a rate that could cause resource exhaustion.
For this specific file, the minimal-impact fix is to:
- Import
express-rate-limitat the top ofroutes/applications.ts. - Configure a limiter instance appropriate for this route (e.g., limit how many “nudge” actions a client can perform in a fixed window).
- Insert this limiter into the middleware chain for the
router.patch("/:applicationId/nudge", ...)route, betweenauthenticateand the handler (or before/after as appropriate). This leaves all existing authentication, authorization, and validation behavior unchanged.
Concretely:
- At the top of
routes/applications.ts, addconst rateLimit = require("express-rate-limit");. - Define a limiter, e.g.,
const nudgeLimiter = rateLimit({ windowMs: 15 * 60 * 1000, max: 100 });(or a stricter limit if desired). - Update the
router.patch("/:applicationId/nudge", ...)declaration so that it becomesrouter.patch("/:applicationId/nudge", authenticate, nudgeLimiter, applications.nudgeApplication);.
Suggested changeset
2
routes/applications.ts
| @@ -5,9 +5,15 @@ | ||
| const applications = require("../controllers/applications"); | ||
| const { authorizeOwnOrSuperUser } = require("../middlewares/authorizeOwnOrSuperUser"); | ||
| const applicationValidator = require("../middlewares/validators/application"); | ||
| const rateLimit = require("express-rate-limit"); | ||
|
|
||
| const router = express.Router(); | ||
|
|
||
| const nudgeLimiter = rateLimit({ | ||
| windowMs: 15 * 60 * 1000, // 15 minutes | ||
| max: 100, // limit each IP to 100 nudge requests per windowMs | ||
| }); | ||
|
|
||
| router.get( | ||
| "/", | ||
| authenticate, | ||
| @@ -24,6 +27,6 @@ | ||
| applicationValidator.validateApplicationUpdateData, | ||
| applications.updateApplication | ||
| ); | ||
| router.patch("/:applicationId/nudge", authenticate, applications.nudgeApplication); | ||
| router.patch("/:applicationId/nudge", authenticate, nudgeLimiter, applications.nudgeApplication); | ||
|
|
||
| module.exports = router; |
package.json
Outside changed files
| @@ -42,7 +42,8 @@ | ||
| "passport-github2": "0.1.12", | ||
| "passport-google-oauth20": "^2.0.0", | ||
| "rate-limiter-flexible": "5.0.3", | ||
| "winston": "3.13.0" | ||
| "winston": "3.13.0", | ||
| "express-rate-limit": "^8.2.1" | ||
| }, | ||
| "devDependencies": { | ||
| "@types/chai": "4.3.16", |
This fix introduces these dependencies
| Package | Version | Security advisories |
| express-rate-limit (npm) | 8.2.1 | None |
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
iamitprakash
approved these changes
Jan 17, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Date: 17 Jan 2026
Developer Name: @AnujChhikara
Issue Ticket Number
PRs going for sync
Description
Documentation Updated?
Under Feature Flag
Database Changes
Breaking Changes
Development Tested?
Screenshots
Screenshot 1
Screen.Recording.2026-01-17.at.11.50.20.PM.mov