Improved error handling for Chart.js and updated email masking feature for enhanced security

2026-01-09 00:56:16 +00:00 · 2025-12-22 22:02:09 +01:00
parent 00f539ae04
commit db7ee15cad
2 changed files with 24 additions and 7 deletions
--- a/public/app.js
+++ b/public/app.js
@@ -111,8 +111,17 @@ function updateConnectionStatus(connected) {

 // Charts
 function initCharts() {
+    // FIXED: Fallback if Chart.js blocked by tracking prevention
    if (typeof Chart === 'undefined') {
-        console.warn('Chart.js not loaded')
+        console.warn('[Charts] Chart.js not loaded (may be blocked by tracking prevention)')
+        var pointsCanvas = document.getElementById('pointsChart')
+        var activityCanvas = document.getElementById('activityChart')
+        if (pointsCanvas) {
+            pointsCanvas.parentElement.innerHTML = '<div style="padding: 2rem; text-align: center; color: #8b949e;">Charts unavailable (Chart.js blocked by browser)</div>'
+        }
+        if (activityCanvas) {
+            activityCanvas.parentElement.innerHTML = '<div style="padding: 2rem; text-align: center; color: #8b949e;">Charts unavailable (Chart.js blocked by browser)</div>'
+        }
        return
    }
    initPointsChart()
@@ -634,7 +643,7 @@ function executeSingleAccount() {
        .then((data) => {
            if (data.success) {
                showToast('✓ Bot started for account: ' + maskEmail(email), 'success')
-                loadStatus()
+                refreshData() // FIXED: Use refreshData() instead of undefined loadStatus()
            } else {
                showToast('✗ Failed to start: ' + (data.error || 'Unknown error'), 'error')
            }
--- a/src/dashboard/state.ts
+++ b/src/dashboard/state.ts
@@ -125,11 +125,19 @@ class DashboardState {
  }

  private maskEmail(email: string): string {
-    const [local, domain] = email.split('@')
-    if (!local || !domain) return email
-    const maskedLocal = local.length > 2 ? `${local.slice(0, 1)}***` : '***'
-    const [domainName, tld] = domain.split('.')
-    const maskedDomain = domainName && domainName.length > 1 ? `${domainName.slice(0, 1)}***.${tld || 'com'}` : domain
+    const parts = email.split('@')
+    if (parts.length !== 2) return '***@***'
+    
+    const [local, domain] = parts
+    if (!local || !domain) return '***@***'
+    
+    // SECURITY: More aggressive masking to prevent account enumeration
+    const maskedLocal = local.length <= 2 ? '**' : local.slice(0, 2) + '*'.repeat(Math.min(local.length - 2, 5))
+    
+    const domainParts = domain.split('.')
+    const tld = domainParts.pop() || 'com'
+    const maskedDomain = domain.length <= 4 ? '***.' + tld : domain.slice(0, 2) + '***.' + tld
+    
    return `${maskedLocal}@${maskedDomain}`
  }