admin/Feeld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Block banned-country locations and align GraphQL ops

Browse Source 
Defense-in-depth banned-country gate covering every entry point that could
set a location Feeld's policy disallows (~60 countries from their support
article):

- New src/config/bannedCountries.ts — single source of truth (ISO codes + aliases)
- New src/utils/reverseGeocode.ts — Nominatim reverse lookup w/ localStorage cache
- New src/api/links/bannedCountryLink.ts — Apollo link chokepoint; intercepts
  every DeviceLocationUpdate mutation and refuses to forward if reverse-geocode
  resolves to a banned country. Catches Settings, Discover, Likes scanner, and
  ApiExplorer raw GraphQL alike.
- useLocation.tsx — setLocation throws BannedCountryError; saveLocation gate;
  sanitize banned entries on localStorage and server hydration
- Settings.tsx — block at search, saved-location pick, and save-current
- Likes.tsx — skip banned saved locations in scanForLikes and "Fuck It" scan
- server/index.js — PUT /api/saved-locations filters; readSavedLocations
  filters legacy banned entries so rotation cron is safe too
- nginx.conf — route additions for new backend endpoints

Plus the broader rc/realign-graphql-ops session work: GraphQL query/mutation
realignment after Feeld API changes, ApiExplorer updates, Profile/Discover/Likes
refinements, useFavorites hook, dataSync extensions, vite proxy adjustments.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Trey T
2026-06-01 18:30:37 -05:00
parent f84786e654
commit da2bab21e5
21 changed files with 1646 additions and 531 deletions
Download Patch File Download Diff File Expand all files Collapse all files
web/src/api/operations/experimental.ts
+22 -55
View File
@@ -1,62 +1,18 @@
import { gql } from '@apollo/client/core';
import {
DISCOVERY_ANALYTICS_METADATA_FRAGMENT,
LIKES_PROFILE_FRAGMENT,
PICTURE_FRAGMENT,
} from './queries';
// Real endpoints discovered in v8.11.0 - replaces old wrong guesses
// pastLikes / pastDislikes — shapes verbatim from live app v8.11.0.
// LikesProfileFragment lives in queries.ts (single source of truth, also used
// by FilteredWhoLikesMe / FilteredWhoPingsMe mutations).
export const LIKES_PROFILE_FRAGMENT = gql`
fragment LikesProfileFragment on Profile {
id
age
gender
status
lastSeen
desires
connectionGoals
isUplift
sexuality
isMajestic
dateOfBirth
streamUserId
imaginaryName
bio
hiddenBio
hasHiddenBio
allowPWM
interests
verificationStatus
interactionStatus {
message
mine
theirs
__typename
}
distance {
km
mi
__typename
}
photos {
id
pictureIsPrivate
pictureIsSafe
pictureStatus
pictureType
pictureUrl
pictureUrls {
small
medium
large
__typename
}
publicId
__typename
}
__typename
}
`;
// pastLikes - profiles you've liked (new in v8.11.0)
export const PAST_LIKES_QUERY = gql`
${LIKES_PROFILE_FRAGMENT}
${DISCOVERY_ANALYTICS_METADATA_FRAGMENT}
${PICTURE_FRAGMENT}
query pastLikes($cursor: String, $input: PastLikesQueryInput!, $limit: Int) {
pastLikes(cursor: $cursor, input: $input, limit: $limit) {
nodes {
@@ -64,6 +20,11 @@ export const PAST_LIKES_QUERY = gql`
interactionSentAt
profile {
...LikesProfileFragment
...DiscoveryAnalyticsMetadata
photos {
...GetPictureUrlFragment
__typename
}
__typename
}
__typename
@@ -80,15 +41,21 @@ export const PAST_LIKES_QUERY = gql`
}
`;
// pastDislikes - profiles you've passed (new in v8.11.0)
export const PAST_DISLIKES_QUERY = gql`
${LIKES_PROFILE_FRAGMENT}
${DISCOVERY_ANALYTICS_METADATA_FRAGMENT}
${PICTURE_FRAGMENT}
query pastDislikes($cursor: String, $input: PastDislikesQueryInput!, $limit: Int) {
pastDislikes(cursor: $cursor, input: $input, limit: $limit) {
nodes {
interactionSentAt
profile {
...LikesProfileFragment
...DiscoveryAnalyticsMetadata
photos {
...GetPictureUrlFragment
__typename
}
__typename
}
__typename