Add activity feed API

[alon-f]

No description provided.

[reviewable-StarkWare]

This change is 

[alon-f]

• Add activity feed API #988 👈 (View in Graphite)
• dev

This stack of pull requests is managed by Graphite. Learn more about stacking.

[semgrep-code-starkware-libs]

Semgrep identified an issue in your code:

A CSRF middleware was not detected in your express application. Ensure you are either using one such as csurf or csrf (see rule references) and/or you are properly doing CSRF validation in your routes with a token or cookies.

To resolve this comment:

✨ Commit Assistant fix suggestion

Suggested change

	const app = express();
	const express = require('express');
	const csurf = require('csurf'); // Import csurf for CSRF protection
	const cookieParser = require('cookie-parser'); // Import cookie-parser to use with csurf
	const app = express();
	const port = 3000;
	// Use cookie-parser middleware
	app.use(cookieParser());
	// Use csurf middleware for CSRF protection
	app.use(csurf({ cookie: true }));
	// Fake data for the activity feed
	const activityFeed = [
	{
	id: 1000,
	title: 'New Photo Uploaded',
	body: 'Alice uploaded a new photo to her album.'
	},
	{
	id: 2000,
	title: 'Comment on Post',
	body: "Bob commented on Charlie's post."
	},
	{
	id: 13,
	title: 'Status Update',
	body: 'Charlie updated their status: "Excited about the new project!"'
	}
	];
	app.get('/feed', (req, res) => {
	// Include CSRF token in the response
	res.json({ activityFeed, csrfToken: req.csrfToken() });
	});
	app.listen(port, () => {
	console.log(`Server running on port ${port}`);
	});

View step-by-step instructions

1. Install the csurf middleware by running the command: $ npm install csurf.
2. Import csurf at the top of your file with const csurf = require('csurf');.
3. Add the csurf middleware to your Express app. You can do this by adding app.use(csurf()); after initializing your Express app with const app = express();.
4. Ensure that your application is using a session middleware or cookie parser, as csurf requires either to store the CSRF tokens. If not already included, install and configure one, such as express-session or cookie-parser.
5. Update your routes to handle CSRF tokens. For example, in your /feed route, you can include the CSRF token in the response by adding res.json({ activityFeed, csrfToken: req.csrfToken() });.

This setup will help protect your application from CSRF attacks by ensuring that requests include a valid CSRF token.

💬 Ignore this finding

Reply with Semgrep commands to ignore this finding.

• /fp <comment> for false positive
• /ar <comment> for acceptable risk
• /other <comment> for all other reasons

Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by express-check-csurf-middleware-usage.

_{You can view more details about this finding in the Semgrep AppSec Platform.}

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.30%. Comparing base (f55a84a) to head (f59849d).

Additional details and impacted files

@@           Coverage Diff           @@
##              dev     #988   +/-   ##
=======================================
  Coverage   92.30%   92.30%           
=======================================
  Files         105      105           
  Lines       14284    14284           
  Branches    14284    14284           
=======================================
  Hits        13185    13185           
  Misses       1026     1026           
  Partials       73       73           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.