Skip to content

Enhance social image security and visual aesthetics#239

Merged
kargig merged 1 commit into
mainfrom
bug/403_error_media_urls
May 24, 2026
Merged

Enhance social image security and visual aesthetics#239
kargig merged 1 commit into
mainfrom
bug/403_error_media_urls

Conversation

@kargig
Copy link
Copy Markdown
Owner

@kargig kargig commented May 24, 2026

Implement critical security patches and advanced visual refinements for the social image overlay feature. This includes robust authorization via media IDs, top-tier SSRF protection, and high-end visualization features.

Backend:

  • Fix 403 Forbidden error for dive owners by implementing media_id based lookup, resolving mismatches between presigned URLs and stored paths.
  • Implement "Trusted Source" SSRF protection: outbound requests now use URLs retrieved from database records rather than raw user input.
  • Harden SSRF protection via URL canonicalization and by disabling HTTP redirects at the request sink.
  • Refactor profile visualization to use a transparent gradient fill clamped by a mask, allowing the background photo to remain visible.
  • Implement a vertical depth axis with overlaid labels (0m and Max Depth) integrated directly into the profile chart.
  • Optimize vertical positioning of the watermark URL and profile chart to prevent visual overlap and ensure a balanced composition.
  • Improve metadata rendering with drop shadows and icon-based metrics.

Frontend:

  • Update SocialShareModal and socialHelpers to pass media_id to the API.
  • Fix ESLint import order errors for a clean build.

Testing:

  • Expand automated test suite to 9 comprehensive cases covering all security, authorization, and data parsing scenarios.
  • Verify robust handling of numeric and complex string-based dive profile data.

@kargig
Enhance social image security and visual aesthetics
84cd741 
Implement critical security patches and advanced visual refinements for
the social image overlay feature. This includes robust authorization via
media IDs, top-tier SSRF protection, and high-end visualization
features.

Backend:
- Fix 403 Forbidden error for dive owners by implementing media_id based
  lookup, resolving mismatches between presigned URLs and stored paths.
- Implement "Trusted Source" SSRF protection: outbound requests now use
  URLs retrieved from database records rather than raw user input.
- Harden SSRF protection via URL canonicalization and by disabling HTTP
  redirects at the request sink.
- Refactor profile visualization to use a transparent gradient fill
  clamped by a mask, allowing the background photo to remain visible.
- Implement a vertical depth axis with overlaid labels (0m and Max Depth)
  integrated directly into the profile chart.
- Optimize vertical positioning of the watermark URL and profile chart
  to prevent visual overlap and ensure a balanced composition.
- Improve metadata rendering with drop shadows and icon-based metrics.

Frontend:
- Update SocialShareModal and socialHelpers to pass media_id to the API.
- Fix ESLint import order errors for a clean build.

Testing:
- Expand automated test suite to 9 comprehensive cases covering all
  security, authorization, and data parsing scenarios.
- Verify robust handling of numeric and complex string-based dive
  profile data.
@kargig kargig self-assigned this May 24, 2026
@kargig kargig merged commit 0e574d4 into main May 24, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@kargig kargig

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kargig