Release 1.83 [to release] (#2409)

* Merge pull request #2402 from opengovsg/feat/add-safebrowsing-expiry

feat: add safeBrowsingExpiry column to urls table

* feat: check for malicious link just before redirect (#2403)

* feat: check for malicious link just before redirect

* fix: do not update as JSON object yet

* fix: update method signature

* 1.83.0

Author: dcshzj

CHANGELOG.md

@@ -4,8 +4,16 @@ All notable changes to this project will be documented in this file. Dates are d
 
 Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog).
 
+#### [v1.83.0](https://github.com/opengovsg/GoGovSG/compare/v1.82.0...v1.83.0)
+
+- feat: check for malicious link just before redirect [`#2403`](https://github.com/opengovsg/GoGovSG/pull/2403)
+- feat: add safeBrowsingExpiry column to urls table [`#2402`](https://github.com/opengovsg/GoGovSG/pull/2402)
+- Release 1.82.0 [to develop] [`#2405`](https://github.com/opengovsg/GoGovSG/pull/2405)
+
 #### [v1.82.0](https://github.com/opengovsg/GoGovSG/compare/v1.81.0...v1.82.0)
 
+> 31 July 2025
+
 #### [v1.81.0](https://github.com/opengovsg/GoGovSG/compare/v1.80.0...v1.81.0)
 
 > 24 July 2025

migrations/20250804092620-add-urls-safebrowsing-expiry.js

@@ -0,0 +1,26 @@
+/** @type {import('sequelize-cli').Migration} */
+module.exports = {
+  async up(queryInterface, Sequelize) {
+    /**
+     * Add altering commands here.
+     *
+     * Example:
+     * await queryInterface.createTable('users', { id: Sequelize.INTEGER });.
+     */
+    await queryInterface.addColumn('urls', 'safeBrowsingExpiry', {
+      type: Sequelize.DATE,
+      allowNull: true,
+      defaultValue: null,
+    })
+  },
+
+  async down(queryInterface) {
+    /**
+     * Add reverting commands here.
+     *
+     * Example:
+     * await queryInterface.dropTable('users');.
+     */
+    await queryInterface.removeColumn('urls', 'safeBrowsingExpiry')
+  },
+}

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "GoGovSG",
-  "version": "1.82.0",
+  "version": "1.83.0",
   "description": "Link shortener for Singapore government.",
   "main": "src/server/index.js",
   "scripts": {

package.json

@@ -32,6 +32,7 @@ export class UrlMapper implements Mapper<StorableUrl, UrlType> {
       contactEmail: urlType.contactEmail,
       source: urlType.source,
       tagStrings: urlType.tagStrings,
+      safeBrowsingExpiry: urlType.safeBrowsingExpiry,
     }
   }
 }

src/server/mappers/UrlMapper.ts

@@ -8,6 +8,7 @@ import { UrlClicks } from './statistics/clicks'
 import { syncFunctions } from './functions'
 import { Tag } from './tag'
 import { Job, JobItem } from './job'
+import { DEV_ENV } from '../config'
 
 // One user can create many urls but each url can only be mapped to one user.
 User.hasMany(Url, { as: 'Urls', foreignKey: { allowNull: false } })
@@ -45,6 +46,8 @@ UrlClicks.belongsTo(Url, { foreignKey: 'shortUrl' })
  * Initialise the database table.
  */
 export default async () => {
-  await sequelize.sync()
+  if (DEV_ENV) {
+    await sequelize.sync()
+  }
   await syncFunctions()
 }

src/server/models/index.ts

@@ -24,6 +24,7 @@ export interface UrlBaseType extends IdType {
   readonly description: string
   readonly source: StorableUrlSource
   readonly tagStrings: string
+  readonly safeBrowsingExpiry: string | null
 }
 
 export interface UrlType extends IdType, UrlBaseType, Sequelize.Model {
@@ -229,6 +230,10 @@ export const Url = <UrlTypeStatic>sequelize.define(
       allowNull: false,
       defaultValue: '',
     },
+    safeBrowsingExpiry: {
+      type: Sequelize.DATE,
+      allowNull: true,
+    },
   },
   {
     hooks: {

src/server/models/url.ts

@@ -12,6 +12,7 @@ const urlManagementService = {
   changeOwnership: jest.fn(),
   getUrlsWithConditions: jest.fn(),
   bulkCreate: jest.fn(),
+  deactivateMaliciousShortUrl: jest.fn(),
 }
 
 const userRepository = {

src/server/modules/api/admin-v1/__tests__/AdminApiV1Controller.test.ts

@@ -16,6 +16,7 @@ const urlManagementService = {
   changeOwnership: jest.fn(),
   getUrlsWithConditions: jest.fn(),
   bulkCreate: jest.fn(),
+  deactivateMaliciousShortUrl: jest.fn(),
 }
 
 const urlV1Mapper = new UrlV1Mapper()

src/server/modules/api/external-v1/__tests__/ApiV1Controller.test.ts

@@ -115,6 +115,7 @@ describe('LoginController', () => {
     const initMailer = jest.fn()
     const mailJobFailure = jest.fn()
     const mailJobSuccess = jest.fn()
+    const mailDeactivatedMaliciousShortUrl = jest.fn()
 
     const deleteOtpByEmail = jest.fn()
     const setOtpForEmail = jest.fn()
@@ -123,7 +124,13 @@ describe('LoginController', () => {
     const urlMapper = new UrlMapper()
     const authService = new AuthService(
       { hash, compare },
-      { mailOTP, initMailer, mailJobFailure, mailJobSuccess },
+      {
+        mailOTP,
+        initMailer,
+        mailJobFailure,
+        mailJobSuccess,
+        mailDeactivatedMaliciousShortUrl,
+      },
       { deleteOtpByEmail, setOtpForEmail, getOtpForEmail },
       new UserRepository(new UserMapper(urlMapper), urlMapper),
     )
@@ -200,6 +207,7 @@ describe('LoginController', () => {
     const initMailer = jest.fn()
     const mailJobFailure = jest.fn()
     const mailJobSuccess = jest.fn()
+    const mailDeactivatedMaliciousShortUrl = jest.fn()
 
     const deleteOtpByEmail = jest.fn()
     const setOtpForEmail = jest.fn()
@@ -218,7 +226,13 @@ describe('LoginController', () => {
 
     const authService = new AuthService(
       { hash, compare },
-      { mailOTP, initMailer, mailJobFailure, mailJobSuccess },
+      {
+        mailOTP,
+        initMailer,
+        mailJobFailure,
+        mailJobSuccess,
+        mailDeactivatedMaliciousShortUrl,
+      },
       { deleteOtpByEmail, setOtpForEmail, getOtpForEmail },
       userRepository,
     )
@@ -405,6 +419,7 @@ describe('LoginController', () => {
     const initMailer = jest.fn()
     const mailJobFailure = jest.fn()
     const mailJobSuccess = jest.fn()
+    const mailDeactivatedMaliciousShortUrl = jest.fn()
     const deleteOtpByEmail = jest.fn()
     const setOtpForEmail = jest.fn()
     const getOtpForEmail = jest.fn()
@@ -421,7 +436,13 @@ describe('LoginController', () => {
 
     const authService = new AuthService(
       { hash, compare },
-      { mailOTP, initMailer, mailJobFailure, mailJobSuccess },
+      {
+        mailOTP,
+        initMailer,
+        mailJobFailure,
+        mailJobSuccess,
+        mailDeactivatedMaliciousShortUrl,
+      },
       { deleteOtpByEmail, setOtpForEmail, getOtpForEmail },
       userRepository,
     )