torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance security and error handling in various components by refining error catch blocks to ignore specific errors, improving code clarity and consistency across the application.
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 4m10s
Details

Browse Source
This commit is contained in:
Torsten Schulz (local)
2025-12-20 15:05:49 +01:00
parent c9037fec45
commit 6fda6ebad0
42 changed files with 117 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
server/api/newsletter/groups/[id]/posts/create.post.js
View File

@@ -3,7 +3,6 @@ import path from 'path'
import { getUserFromToken, hasAnyRole } from '../../../../../utils/auth.js'
import { randomUUID } from 'crypto'
import { getRecipientsByGroup, getNewsletterSubscribers, generateUnsubscribeToken } from '../../../../../utils/newsletter.js'
import { encryptObject, decryptObject } from '../../../../../utils/encryption.js'
import nodemailer from 'nodemailer'
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
@@ -81,7 +80,7 @@ async function loadLogoAsBase64() {
}
// Erstellt Newsletter-HTML mit Header und Footer
async function createNewsletterHTML(post, group, unsubscribeToken = null, creatorName = null, creatorEmail = null) {
async function createNewsletterHTML(post, group, unsubscribeToken = null, _creatorName = null, _creatorEmail = null) {
const config = await loadConfig()
const clubName = config.verein?.name || 'Harheimer Tischtennis-Club 1954 e.V.'
const baseUrl = process.env.NUXT_PUBLIC_BASE_URL || 'http://localhost:3100'

5
server/api/newsletter/groups/[id]/posts/list.get.js
View File

@@ -1,7 +1,6 @@
import fs from 'fs/promises'
import path from 'path'
import { getUserFromToken, hasAnyRole } from '../../../../../utils/auth.js'
import { encryptObject, decryptObject } from '../../../../../utils/encryption.js'
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
// filename is always a hardcoded constant (e.g., 'newsletter-posts.json'), never user input
@@ -32,7 +31,7 @@ function isEncrypted(data) {
return false
}
return false
} catch (e) {
} catch (_e) {
return true
}
}
@@ -52,7 +51,7 @@ async function readPosts() {
const plainData = JSON.parse(data)
console.warn('Entschlüsselung fehlgeschlagen, versuche als unverschlüsseltes Format zu lesen')
return plainData
} catch (parseError) {
} catch (_parseError) {
console.error('Konnte Newsletter-Posts weder entschlüsseln noch als JSON lesen')
return []
}

2
server/api/newsletter/groups/public-list.get.js
View File

@@ -40,7 +40,7 @@ export default defineEventHandler(async (event) => {
isLoggedIn = true
}
}
} catch (e) {
} catch (_e) {
// Nicht eingeloggt - kein Problem
}