This is a bug bounty issue for a GitHub repository, indicating a missing authentication middleware on a job creation endpoint. The task is to implement `authMiddleware` on the `POST /api/jobs` route to prevent unauthenticated users from creating job listings. The impact is medium due to potential spam or malicious postings.
A starter prompt for Claude Code, what you'll need, and how to reach them.
You are a highly skilled Node.js developer. The goal is to fix a missing authentication bug in a GitHub repository's job creation endpoint. I need you to fork `SecureBananaLabs/bug-bounty`, implement the fix, add a test, and prepare a pull request. The specific issue is that the `POST /api/jobs` endpoint in `apps/api/src/routes/jobRoutes.js` lacks authentication. It should require `authMiddleware` to ensure only authenticated users can create jobs. First, clone the forked repository. Then, locate `apps/api/src/routes/jobRoutes.js`. Assume an `authMiddleware` function already exists within the `apps/api/src/middleware/` directory or a similar common middleware location that can be imported and applied. Your task is to modify the `jobRoutes.post("/", postJob);` line to `jobRoutes.post("/", authMiddleware, postJob);` after importing `authMiddleware`. After applying this, create a simple integration test in a new file, `apps/api/src/tests/jobAuth.test.js`, that attempts to `POST /api/jobs` without authentication and asserts that it receives an unauthorized error (e.g., 401 or 403 status code). Also, add a test that ensures an authenticated request (mocking `authMiddleware` to pass) successfully creates a job. Finally, detail the steps for creating a pull request. Use Node.js for the backend and Jest for testing if no other test framework is immediately obvious. For the PR message, reference the original issue number #1776.Bounty (amount on the issue). ## Bug: Missing Authentication on Job Creation **Description:** The `POST /api/jobs` endpoint does not require authentication. Anyone can create job listings without being logged in. **File:** `apps/api/src/routes/jobRoutes.js` **Current code:** ```js jobRoutes.get("/", getJobs); jobRoutes.post("/", postJob); ``` **Expected behavior:** The POST route should require `authMiddleware` to ensure only authenticated users can create jobs. **Impact:** Medium — spam or malicious job postings could flood the platform. This issue is limited only to the creator of this issue. This means that only the issue author can attempt to solve this issue. If you would like to work on it, please create another issue with the same contents and refer to issue #743 for more information.
Standard for any GitHub-based development.
Standard development environment.
Required for cloning and managing repositories.
Core skill for backend development with Express.
Submit a Pull Request to the `SecureBananaLabs/bug-bounty` repository, referencing issue #1776 in the PR description, then notify the issue author, fennhelloworld, by commenting on the issue.
“I've implemented the `authMiddleware` for the `POST /api/jobs` endpoint as described in issue #1776, along with a test proving its effectiveness. Here's a link to my draft PR for your review.”
Open the original ↗