AI Review Center
Commit Review Workspace ?
Select a commit on the left to inspect quality, security, business value, findings, and suggested code changes.
Project AI Score
?
62%
Quality Avg
?
63%
Security Avg
?
59%
Reviews
?
92
Review Result ?
solutionbowl/bet-service · 04f65412
The commit adds IP address extraction functions to two bet-related controllers to capture client IPs and uses them in multiple places. While this enhances traceability and potentially improves business value, the logic could be more robust in handling IP headers and security concerns (e.g., spoofing). The commit message is vague and does not adequately explain the changes or their purpose.
Quality
?
75%
Security
?
60%
Business Value
?
70%
Maintainability
?
73%
Issues & Suggested Fixes
?
1AI detects the issue
2Shows file, line, or evidence
3Suggests the fix to apply
Vague Commit Message
Where
commit message
Issue / Evidence
vague commit message
Suggested Fix
improve message to clearly explain what is added or fixed
Duplicate Logic
Where
src/controllers/bet.controller.js:13
Issue / Evidence
duplicate getClientIp function in two files
Suggested Fix
consider refactoring to share a single utility function to reduce code duplication
Potential Ip Spoofing Risk By Trusting X F...
Where
src/controllers/bet.controller.js:14
Issue / Evidence
potential IP spoofing risk by trusting x-forwarded-for header
Suggested Fix
add validation or sanitization to the IP extraction logic to mitigate spoofing
Duplicate Logic
Where
src/controllers/multiBet.controller.js:12
Issue / Evidence
duplicate getClientIp function
Suggested Fix
consolidate logic into a shared module
Improper Handling If X Forwarded For Heade...
Where
src/controllers/bet.controller.js:15
Issue / Evidence
improper handling if x-forwarded-for header is malformed
Suggested Fix
add error handling or validation here
Code Change Preview · src/controllers/bet.controller.js
?
Removed / Before Commit
- diff --git a/src/controllers/bet.controller.js b/src/controllers/bet.controller.js - index 8d63215..7f29b0f 100644 - const HorseRace = require("../models/HorseRace"); - const { getHierarchyIds } = require("../services/hierarchyService"); - - const ensureBettingAllowed = async (userId) => { - const user = await User.findById(userId).lean(); - - market_name: market.marketType, - return_amount: returnAmount, - bet_status: "ACCEPTED", - ip_address: req.ip, - }); - await bet.save(); - - market_name: market.marketType, - return_amount: returnAmount, - bet_status: "ACCEPTED",
Added / After Commit
+ diff --git a/src/controllers/bet.controller.js b/src/controllers/bet.controller.js + index 8d63215..7f29b0f 100644 + const HorseRace = require("../models/HorseRace"); + const { getHierarchyIds } = require("../services/hierarchyService"); + + const getClientIp = (req) => { + const forwardedFor = req.headers["x-forwarded-for"]; + if (forwardedFor) return String(forwardedFor).split(",")[0].trim(); + + return req.headers["cf-connecting-ip"] || + req.headers["x-real-ip"] || + req.socket?.remoteAddress || + req.ip || + ""; + }; + + const ensureBettingAllowed = async (userId) => { + const user = await User.findById(userId).lean();
Removed / Before Commit
- diff --git a/src/controllers/multiBet.controller.js b/src/controllers/multiBet.controller.js - index 8c7f430..f49c6a7 100644 - const { emitBalanceUpdate } = require("../utils/socketClient"); - const { calculateMultiBetExposures, updateExposuresAfterLegWin, clearMultiBetExposures } = require("../utils/multiBetExposure"); - - const ensureBettingAllowed = async (userId) => { - const user = await User.findById(userId).lean(); - - market_name: "MULTI", - return_amount: potentialProfit, - bet_status: "ACCEPTED", - ip_address: req.ip, - - // Multi-bet specific fields - is_multi_bet: true,
Added / After Commit
+ diff --git a/src/controllers/multiBet.controller.js b/src/controllers/multiBet.controller.js + index 8c7f430..f49c6a7 100644 + const { emitBalanceUpdate } = require("../utils/socketClient"); + const { calculateMultiBetExposures, updateExposuresAfterLegWin, clearMultiBetExposures } = require("../utils/multiBetExposure"); + + const getClientIp = (req) => { + const forwardedFor = req.headers["x-forwarded-for"]; + if (forwardedFor) return String(forwardedFor).split(",")[0].trim(); + + return req.headers["cf-connecting-ip"] || + req.headers["x-real-ip"] || + req.socket?.remoteAddress || + req.ip || + ""; + }; + + const ensureBettingAllowed = async (userId) => { + const user = await User.findById(userId).lean();