Bug
POST /api/jobs currently allows job creation without authentication because the route calls postJob directly.
Impact
Unauthenticated clients can create spam or malicious job listings.
Expected fix
Require authMiddleware on the job creation route while keeping GET /api/jobs public. Add regression tests that cover unauthenticated rejection and authenticated success.
Reference: #1776 and #743.
This issue is limited only to the creator of this issue. This means that only the issue author can attempt to solve this issue. If you would like to work on it, please create another issue with the same contents and refer to issue #743 for more information.
Bug
POST /api/jobscurrently allows job creation without authentication because the route callspostJobdirectly.Impact
Unauthenticated clients can create spam or malicious job listings.
Expected fix
Require
authMiddlewareon the job creation route while keepingGET /api/jobspublic. Add regression tests that cover unauthenticated rejection and authenticated success.Reference: #1776 and #743.
This issue is limited only to the creator of this issue. This means that only the issue author can attempt to solve this issue. If you would like to work on it, please create another issue with the same contents and refer to issue #743 for more information.