From 56c810a6357a1fda89e0d1f239024e4e9119a313 Mon Sep 17 00:00:00 2001 From: Legion's <64915515+Dargon789@users.noreply.github.com> Date: Mon, 2 Dec 2024 01:27:30 +0700 Subject: [PATCH 1/8] Create SECURITY.md Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> --- SECURITY.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000000..034e8480320 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 5.1.x | :white_check_mark: | +| 5.0.x | :x: | +| 4.0.x | :white_check_mark: | +| < 4.0 | :x: | + +## Reporting a Vulnerability + +Use this section to tell people how to report a vulnerability. + +Tell them where to go, how often they can expect to get an update on a +reported vulnerability, what to expect if the vulnerability is accepted or +declined, etc. From 780a6758ca43506ee2b57e46d7e5147c12599b4e Mon Sep 17 00:00:00 2001 From: Legion's <64915515+Dargon789@users.noreply.github.com> Date: Mon, 2 Dec 2024 07:07:13 +0700 Subject: [PATCH 2/8] Create SECURITY.md Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> --- SECURITY.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000000..034e8480320 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 5.1.x | :white_check_mark: | +| 5.0.x | :x: | +| 4.0.x | :white_check_mark: | +| < 4.0 | :x: | + +## Reporting a Vulnerability + +Use this section to tell people how to report a vulnerability. + +Tell them where to go, how often they can expect to get an update on a +reported vulnerability, what to expect if the vulnerability is accepted or +declined, etc. From 6ebe379bbfd9dff1afad9b6076ede590eb9f9038 Mon Sep 17 00:00:00 2001 From: Legion's <64915515+Dargon789@users.noreply.github.com> Date: Mon, 2 Dec 2024 07:09:53 +0700 Subject: [PATCH 3/8] Fix code scanning alert no. 1: Incomplete URL substring sanitization Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Legion's <64915515+Dargon789@users.noreply.github.com> --- .../[contractAddress]/embed/embed-setup.tsx | 22 +++++++++++++------ 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/apps/dashboard/src/app/(dashboard)/(chain)/[chain_id]/[contractAddress]/embed/embed-setup.tsx b/apps/dashboard/src/app/(dashboard)/(chain)/[chain_id]/[contractAddress]/embed/embed-setup.tsx index d21b2d46eb9..8d0f8a4de12 100644 --- a/apps/dashboard/src/app/(dashboard)/(chain)/[chain_id]/[contractAddress]/embed/embed-setup.tsx +++ b/apps/dashboard/src/app/(dashboard)/(chain)/[chain_id]/[contractAddress]/embed/embed-setup.tsx @@ -209,16 +209,24 @@ export const EmbedSetup: React.FC = ({ const apiKeys = useApiKeys(); const createKeyMutation = useCreateApiKey(); - const validApiKey = (apiKeys.data || []).find( - (apiKey) => - (apiKey.domains.includes("*") || - apiKey.domains.includes("embed.ipfscdn.io") || - apiKey.domains.includes("*.ipfscdn.io")) && + const validApiKey = (apiKeys.data || []).find((apiKey) => { + const allowedHosts = ["embed.ipfscdn.io", "*.ipfscdn.io"]; + const isValidDomain = apiKey.domains.includes("*") || apiKey.domains.some((domain) => { + try { + const url = new URL(domain); + return allowedHosts.includes(url.host); + } catch (e) { + return false; + } + }); + return ( + isValidDomain && (apiKey.services || []) .find((service) => service.name === "storage") ?.actions.includes("read") && - !!(apiKey.services || []).find((service) => service.name === "rpc"), - ); + !!(apiKey.services || []).find((service) => service.name === "rpc") + ); + }); const chainId = contract.chain.id; const { idToChain } = useAllChainsData(); From 7e49fed9d163ad161980145ff028ce8160efca92 Mon Sep 17 00:00:00 2001 From: AU_019 <64915515+Dargon789@users.noreply.github.com> Date: Wed, 29 Jan 2025 23:22:10 +0700 Subject: [PATCH 4/8] Add .circleci/config.yml --- .circleci/config.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .circleci/config.yml diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 00000000000..62291703e26 --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,31 @@ +# Use the latest 2.1 version of CircleCI pipeline process engine. +# See: https://circleci.com/docs/configuration-reference +version: 2.1 + +# Define a job to be invoked later in a workflow. +# See: https://circleci.com/docs/jobs-steps/#jobs-overview & https://circleci.com/docs/configuration-reference/#jobs +jobs: + say-hello: + # Specify the execution environment. You can specify an image from Docker Hub or use one of our convenience images from CircleCI's Developer Hub. + # See: https://circleci.com/docs/executor-intro/ & https://circleci.com/docs/configuration-reference/#executor-job + docker: + # Specify the version you desire here + # See: https://circleci.com/developer/images/image/cimg/base + - image: cimg/base:current + + # Add steps to the job + # See: https://circleci.com/docs/jobs-steps/#steps-overview & https://circleci.com/docs/configuration-reference/#steps + steps: + # Checkout the code as the first step. + - checkout + - run: + name: "Say hello" + command: "echo Hello, World!" + +# Orchestrate jobs using workflows +# See: https://circleci.com/docs/workflows/ & https://circleci.com/docs/configuration-reference/#workflows +workflows: + say-hello-workflow: # This is the name of the workflow, feel free to change it to better match your workflow. + # Inside the workflow, you define the jobs you want to run. + jobs: + - say-hello \ No newline at end of file From 323634c1f2963825cbbfe79489bc43369838f1d3 Mon Sep 17 00:00:00 2001 From: AU_019 <64915515+Dargon789@users.noreply.github.com> Date: Wed, 29 Jan 2025 23:22:22 +0700 Subject: [PATCH 5/8] Add .circleci/config.yml From 9dd2027f525081f2b7831dc865a8bf748d84a34c Mon Sep 17 00:00:00 2001 From: AU_019 <64915515+Dargon789@users.noreply.github.com> Date: Mon, 3 Feb 2025 05:20:44 +0700 Subject: [PATCH 6/8] Create nextjs.yml Signed-off-by: AU_019 <64915515+Dargon789@users.noreply.github.com> --- .github/workflows/nextjs.yml | 93 ++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 .github/workflows/nextjs.yml diff --git a/.github/workflows/nextjs.yml b/.github/workflows/nextjs.yml new file mode 100644 index 00000000000..ed747367055 --- /dev/null +++ b/.github/workflows/nextjs.yml @@ -0,0 +1,93 @@ +# Sample workflow for building and deploying a Next.js site to GitHub Pages +# +# To get started with Next.js see: https://nextjs.org/docs/getting-started +# +name: Deploy Next.js site to Pages + +on: + # Runs on pushes targeting the default branch + push: + branches: ["main"] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages +permissions: + contents: read + pages: write + id-token: write + +# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. +# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. +concurrency: + group: "pages" + cancel-in-progress: false + +jobs: + # Build job + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Detect package manager + id: detect-package-manager + run: | + if [ -f "${{ github.workspace }}/yarn.lock" ]; then + echo "manager=yarn" >> $GITHUB_OUTPUT + echo "command=install" >> $GITHUB_OUTPUT + echo "runner=yarn" >> $GITHUB_OUTPUT + exit 0 + elif [ -f "${{ github.workspace }}/package.json" ]; then + echo "manager=npm" >> $GITHUB_OUTPUT + echo "command=ci" >> $GITHUB_OUTPUT + echo "runner=npx --no-install" >> $GITHUB_OUTPUT + exit 0 + else + echo "Unable to determine package manager" + exit 1 + fi + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: "20" + cache: ${{ steps.detect-package-manager.outputs.manager }} + - name: Setup Pages + uses: actions/configure-pages@v5 + with: + # Automatically inject basePath in your Next.js configuration file and disable + # server side image optimization (https://nextjs.org/docs/api-reference/next/image#unoptimized). + # + # You may remove this line if you want to manage the configuration yourself. + static_site_generator: next + - name: Restore cache + uses: actions/cache@v4 + with: + path: | + .next/cache + # Generate a new cache whenever packages or source files change. + key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}-${{ hashFiles('**.[jt]s', '**.[jt]sx') }} + # If source files changed but packages didn't, rebuild from a prior cache. + restore-keys: | + ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}- + - name: Install dependencies + run: ${{ steps.detect-package-manager.outputs.manager }} ${{ steps.detect-package-manager.outputs.command }} + - name: Build with Next.js + run: ${{ steps.detect-package-manager.outputs.runner }} next build + - name: Upload artifact + uses: actions/upload-pages-artifact@v3 + with: + path: ./out + + # Deployment job + deploy: + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + runs-on: ubuntu-latest + needs: build + steps: + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@v4 From 4d05e4bc4f7a2834e4e8d5a7ae3f38a0b414be60 Mon Sep 17 00:00:00 2001 From: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Date: Thu, 1 May 2025 11:16:20 +0700 Subject: [PATCH 7/8] Create late-pugs-stare.md (#158) Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> --- .changeset/late-pugs-stare.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/late-pugs-stare.md diff --git a/.changeset/late-pugs-stare.md b/.changeset/late-pugs-stare.md new file mode 100644 index 00000000000..874e1f04de7 --- /dev/null +++ b/.changeset/late-pugs-stare.md @@ -0,0 +1,5 @@ +--- +"thirdweb-dashboard": patch +--- + +Circleci project setup From e26d0fc89d2d8d319718015c7a21d3a4d98f64d6 Mon Sep 17 00:00:00 2001 From: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> Date: Thu, 1 May 2025 12:16:16 +0700 Subject: [PATCH 8/8] Create tough-buckets-know.md (#161) Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com> --- .changeset/tough-buckets-know.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/tough-buckets-know.md diff --git a/.changeset/tough-buckets-know.md b/.changeset/tough-buckets-know.md new file mode 100644 index 00000000000..874e1f04de7 --- /dev/null +++ b/.changeset/tough-buckets-know.md @@ -0,0 +1,5 @@ +--- +"thirdweb-dashboard": patch +--- + +Circleci project setup