Showing AI reviews for bet-service
Project AI Score ?
62%
Quality Avg ?
63%
Security Avg ?
59%
Reviews ?
92

Review Result ?

solutionbowl/bet-service · 04f65412
The commit adds IP address extraction functions to two bet-related controllers to capture client IPs and uses them in multiple places. While this enhances traceability and potentially improves business value, the logic could be more robust in handling IP headers and security concerns (e.g., spoofing). The commit message is vague and does not adequately explain the changes or their purpose.
Quality ?
75%
Security ?
60%
Business Value ?
70%
Maintainability ?
73%
Issues & Suggested Fixes ?
1AI detects the issue
2Shows file, line, or evidence
3Suggests the fix to apply
Vague Commit Message
Where commit message
Issue / Evidence vague commit message
Suggested Fix improve message to clearly explain what is added or fixed
Duplicate Logic
Where src/controllers/bet.controller.js:13
Issue / Evidence duplicate getClientIp function in two files
Suggested Fix consider refactoring to share a single utility function to reduce code duplication
Potential Ip Spoofing Risk By Trusting X F...
Where src/controllers/bet.controller.js:14
Issue / Evidence potential IP spoofing risk by trusting x-forwarded-for header
Suggested Fix add validation or sanitization to the IP extraction logic to mitigate spoofing
Duplicate Logic
Where src/controllers/multiBet.controller.js:12
Issue / Evidence duplicate getClientIp function
Suggested Fix consolidate logic into a shared module
Improper Handling If X Forwarded For Heade...
Where src/controllers/bet.controller.js:15
Issue / Evidence improper handling if x-forwarded-for header is malformed
Suggested Fix add error handling or validation here
Code Change Preview · src/controllers/bet.controller.js ?
Removed / Before Commit
- diff --git a/src/controllers/bet.controller.js b/src/controllers/bet.controller.js
- index 8d63215..7f29b0f 100644
- const HorseRace = require("../models/HorseRace");
- const { getHierarchyIds } = require("../services/hierarchyService");
- 
- const ensureBettingAllowed = async (userId) => {
- const user = await User.findById(userId).lean();
- 
- market_name: market.marketType,
- return_amount: returnAmount,
- bet_status: "ACCEPTED",
-         ip_address: req.ip,
- });
- await bet.save();
- 
- market_name: market.marketType,
- return_amount: returnAmount,
- bet_status: "ACCEPTED",
Added / After Commit
+ diff --git a/src/controllers/bet.controller.js b/src/controllers/bet.controller.js
+ index 8d63215..7f29b0f 100644
+ const HorseRace = require("../models/HorseRace");
+ const { getHierarchyIds } = require("../services/hierarchyService");
+ 
+ const getClientIp = (req) => {
+   const forwardedFor = req.headers["x-forwarded-for"];
+   if (forwardedFor) return String(forwardedFor).split(",")[0].trim();
+ 
+   return req.headers["cf-connecting-ip"] ||
+     req.headers["x-real-ip"] ||
+     req.socket?.remoteAddress ||
+     req.ip ||
+     "";
+ };
+ 
+ const ensureBettingAllowed = async (userId) => {
+ const user = await User.findById(userId).lean();
Removed / Before Commit
- diff --git a/src/controllers/multiBet.controller.js b/src/controllers/multiBet.controller.js
- index 8c7f430..f49c6a7 100644
- const { emitBalanceUpdate } = require("../utils/socketClient");
- const { calculateMultiBetExposures, updateExposuresAfterLegWin, clearMultiBetExposures } = require("../utils/multiBetExposure");
- 
- const ensureBettingAllowed = async (userId) => {
- const user = await User.findById(userId).lean();
- 
- market_name: "MULTI",
- return_amount: potentialProfit,
- bet_status: "ACCEPTED",
-       ip_address: req.ip,
- 
- // Multi-bet specific fields
- is_multi_bet: true,
Added / After Commit
+ diff --git a/src/controllers/multiBet.controller.js b/src/controllers/multiBet.controller.js
+ index 8c7f430..f49c6a7 100644
+ const { emitBalanceUpdate } = require("../utils/socketClient");
+ const { calculateMultiBetExposures, updateExposuresAfterLegWin, clearMultiBetExposures } = require("../utils/multiBetExposure");
+ 
+ const getClientIp = (req) => {
+   const forwardedFor = req.headers["x-forwarded-for"];
+   if (forwardedFor) return String(forwardedFor).split(",")[0].trim();
+ 
+   return req.headers["cf-connecting-ip"] ||
+     req.headers["x-real-ip"] ||
+     req.socket?.remoteAddress ||
+     req.ip ||
+     "";
+ };
+ 
+ const ensureBettingAllowed = async (userId) => {
+ const user = await User.findById(userId).lean();