Merged
Conversation
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…nt-side - Replace composables/states.ts with dedicated Pinia-style stores (session, artwork, home, ranking, search, following, user-artworks, user-profile) - Create src/api/pixiv-client.ts as centralized API client with built-in pximg URL replacement - Move pximg URL rewriting from server-side (api/utils.ts) to client-side (src/utils/pximg.ts) - Remove deprecated utility files (artworkActions.ts, userActions.ts, siteCache.ts) - Add .claude to .gitignore - Add DEV_NOTES/PIXIV_WEB_API.md for API reference Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
BREAKING CHANGE: Complete framework migration from Vue 3 SPA + Vite + Vercel serverless functions to Nuxt 4 with Nitro server routes. - Replace Vercel serverless functions (api/) with Nitro server routes and middleware (server/routes/, server/middleware/) - Adopt Nuxt 4 directory structure: app/ for frontend, server/ for backend, shared/ for cross-context types - Replace Vue Router manual config with Nuxt pages/ convention and route middleware for aliases/redirects - Integrate nuxtjs-naive-ui module with unplugin auto-import - Add @vueuse/nuxt, @pinia/nuxt, @nuxtjs/i18n modules - Convert pximg/API proxy from Vercel rewrites to Nitro middleware - Disable SSR (ssr: false) for Naive UI compatibility - Reorganize components with Nuxt-compatible naming convention (Artwork/, Comment/, SideNav/ with path dedup) - Rename LazyLoad → DeferLoad to avoid Nuxt reserved prefix - Fix v-for/v-if anti-pattern in ArtworkList causing __vnode errors - Replace defineAsyncComponent with direct imports for SiteHeader - Use onClickOutside (VueUse) for dropdown menu - Add page transition animations via NuxtPage transition prop - Use useHead for per-page body attributes (home navbar transparency) - Vendor-independent: deployable with `node .output/server/index.mjs` Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Use `type` import for ZipDownloaderOptions to prevent tree-shaking - Unwrap Pixiv API response envelope (data.body) in fetchMeta - Apply replacePximgInObject to ugoira meta URLs for proxy routing Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Use useEventListener (VueUse) for scroll handler in SiteHeader to prevent memory leak on unmount - Read UA blacklist from useRuntimeConfig() in pixiv-proxy middleware, falling back to process.env.UA_BLACKLIST for compatibility - Remove duplicate app/components/userData.ts, unify all callers to import from app/composables/userData.ts - Map legacy VITE_* and UA_BLACKLIST env vars to Nuxt runtimeConfig in nuxt.config.ts for backward compatibility Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Sorry @dragon-fish, your pull request is larger than the review limit of 150000 diff characters
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| */ | ||
| export function createPximgReplacer(baseUrlI: string, baseUrlS: string) { | ||
| function replacePximgUrl(str: string): string { | ||
| if (!str.includes('pximg.net')) return str |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 18 days ago
In general, the fix is to avoid checking for pximg.net using includes, and instead either (a) parse the URL and inspect its host, or (b) remove the substring check entirely and rely on precise replacements. In this specific function, the includes check is only an early-return optimization before two exact replaceAll calls; it does not change behavior, only performance. Therefore, the least intrusive, behavior-preserving fix is to remove the substring check and let replaceAll run unconditionally.
Concretely, in app/utils/pximg.ts, within createPximgReplacer, modify replacePximgUrl so that it no longer does if (!str.includes('pximg.net')) return str. Instead, always return str.replaceAll(PXIMG_I, baseUrlI).replaceAll(PXIMG_S, baseUrlS). This has the same logical effect when str contains no occurrences of the pximg prefixes (both replaceAll calls will simply return str unchanged), but it removes the substring-based URL check that CodeQL flags. No additional imports or helper functions are needed.
Suggested changeset
1
app/utils/pximg.ts
| @@ -9,7 +9,6 @@ | ||
| */ | ||
| export function createPximgReplacer(baseUrlI: string, baseUrlS: string) { | ||
| function replacePximgUrl(str: string): string { | ||
| if (!str.includes('pximg.net')) return str | ||
| return str | ||
| .replaceAll(PXIMG_I, baseUrlI) | ||
| .replaceAll(PXIMG_S, baseUrlS) |
Copilot is powered by AI and may make mistakes. Always verify output.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.