GitHub Bounties💵 paid workby mvmax-devbuilt with AIscored by google/gemini-2.5-flash

SecureBananaLabs/bug-bounty: fix: enforce authentication on job creation endpoint

Visit project ↗Discussion ↗

💵 Funded work— see “Deliver it” below for how to respond.

Opportunity

AI-buildable

Traction

Creativity

The take

effort: ~weekend

This is a bug bounty issue for SecureBananaLabs, requiring an authentication middleware to be enforced on the job creation POST endpoint. The task involves adding a line of code to apply existing authentication logic to prevent unauthenticated job postings. This is a clear, self-contained task with a defined monetary reward.

Demand & gap

Painkillerdemand 82

Demand

Will. to pay

Gap

Buyer

Developers

The gap in what exists: The gap is the open bounty itself, representing a direct need for a specific code fix that the project maintainers have funded.
Wedge to win: The immediate buyer is SecureBananaLabs, who have posted a bounty and require this specific security fix for their platform.
Reputation value (worth doing free for proof) — 50/100: Solving a security bug bounty for a public repository demonstrates practical security coding skills and attention to detail, which is valuable proof for dev-tool clients.
Likely monetization: bounty payment

Deliver it

A starter prompt for Claude Code, what you'll need, and how to reach them.

You are an expert full-stack developer. Your task is to implement an authentication enforcement fix for a job creation endpoint in a Node.js Express application. Fork the `SecureBananaLabs/bug-bounty` repository. Locate the file `apps/api/src/routes/jobRoutes.js`. Modify the line `jobRoutes.post("/", postJob);` to include an `authMiddleware`. Assume `authMiddleware` is already defined and imported in the file or easily accessible within the project's existing middleware setup (you may need to add an import if missing, looking for existing middleware definitions like `authMiddleware` or `verifyAuth`). After applying the fix, outline how to verify that unauthenticated POST requests to `/api/jobs` are correctly rejected. Focus on a minimal, correct change. The project uses Node.js and Express. Provide the exact modified line of code and the verification steps. Remember to add any necessary `import` or `require` statements for the middleware. If the middleware is not immediately obvious, suggest a sensible place where it would typically be defined or imported within a standard Express project structure (e.g., from a `middleware` directory).

Prerequisites — cost & what to learn

How you'd build it

1Fork the SecureBananaLabs/bug-bounty repository.
2Locate `apps/api/src/routes/jobRoutes.js` and identify the `jobRoutes.post("/", postJob);` line.
3Add the `authMiddleware` (presumed to exist elsewhere in the codebase, likely imported) to the `post` route, e.g., `jobRoutes.post("/", authMiddleware, postJob);`.
4Write a simple test to verify that unauthenticated POST requests to `/api/jobs` are rejected.
5Submit a pull request to the original repository with the fix and a description of the implemented authentication enforcement.
6Claim the bounty as per the project's instructions.

Risks & moats

The `authMiddleware` might not be immediately available or correctly implemented, requiring further investigation into the codebase.
Understanding the project's specific testing framework and setup might add minor overhead.
Another developer could claim the bounty first, as the issue explicitly allows other identical issues to be created.
The bounty payment process might be slower than expected or have unforeseen conditions.

Original context

Bounty (amount on the issue). ## Bug: Missing Authentication on Job Creation **Description:** The `POST /api/jobs` endpoint does not require authentication. Anyone can create job listings without being logged in. **File:** `apps/api/src/routes/jobRoutes.js` **Current code:** ```js jobRoutes.get("/", getJobs); jobRoutes.post("/", postJob); ``` **Expected behavior:** The POST route should require `authMiddleware` to ensure only authenticated users can create jobs. **Impact:** Medium — spam or malicious job postings could flood the platform. This issue is limited only to the creator of this issue. This means that only the issue author can attempt to solve this issue. If you would like to work on it, please create another issue with the same contents and refer to issue #743 for more information.