feat: integrate Job Boardly RSS feed with authentication-protected job borad #833
Conversation
…b board Add a complete job board integration that fetches jobs from Job Boardly's RSS feed and displays them behind authentication. Features: - RSS feed parser for Job Boardly jobs (title, company, location, type, salary, etc.) - Protected job listing page (/jobs) - requires GitHub OAuth login - Job detail page with full descriptions and apply links - Search and filter functionality (by keyword, category, job type) - VWC Alumni badge for users with course enrollments - Links to resume translator and courses for job seekers - API endpoint for fetching jobs programmatically - Dev access bypass for local testing without OAuth setup Navigation: - Added "Jobs" link to main menu (with "new" badge) - Added "Browse Jobs" to dashboard quick links Technical Changes: - Install rss-parser and xml2js packages - Create jobboardly utility library in src/lib/ - Server-side rendering with authentication checks via NextAuth - Fixed Next.js 15 webpack config compatibility issue (removed usedExports) - Dev-only bypass mode for testing without GitHub OAuth credentials Access Control: - Production: Only Vets-Who-Code GitHub org members + admin - Development: Any GitHub user (for testing) - Job board pages redirect to /login if unauthenticated
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
Pull request overview
This PR adds a complete job board integration that fetches and displays job listings from Job Boardly's RSS feed with GitHub OAuth authentication protection. The implementation includes job listing and detail pages with search/filter functionality, an API endpoint for programmatic access, and a development bypass mode for local testing without OAuth credentials.
Key changes:
- Added RSS feed parser utility for Job Boardly jobs with custom field extraction
- Created protected job listing page with search/filter capabilities and VWC Alumni badge
- Implemented job detail page with application resources and tips sidebar
- Added "Jobs" navigation link with "new" badge and dashboard quick link
Reviewed changes
Copilot reviewed 9 out of 12 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| src/pages/jobs/index.tsx | Main job listing page with search, filtering, and alumni badge display |
| src/pages/jobs/[id].tsx | Job detail page showing full descriptions, application resources, and share functionality |
| src/pages/dev-access.tsx | Development-only bypass page for testing without OAuth credentials |
| src/pages/dashboard.tsx | Added "Browse Jobs" quick link to dashboard sidebar |
| src/pages/api/jobs/index.ts | API endpoint for fetching jobs programmatically with authentication |
| src/pages/api/auth/dev-session.ts | Development-only endpoint for creating mock sessions |
| src/lib/jobboardly.ts | Utility library for parsing RSS feed and managing job data |
| src/data/menu.ts | Added "Jobs" link to main navigation menu |
| package.json | Added rss-parser and xml2js dependencies |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| } else { | ||
| // Fallback: copy to clipboard | ||
| navigator.clipboard.writeText(window.location.href); | ||
| alert('Link copied to clipboard!'); |
There was a problem hiding this comment.
[nitpick] Using alert() for user feedback is not a modern UX pattern. Consider using a toast notification component or inline message instead for better user experience.
| </h2> | ||
| <div | ||
| className="prose tw-max-w-none tw-text-gray-700" | ||
| dangerouslySetInnerHTML={{ __html: job.description }} |
There was a problem hiding this comment.
Using dangerouslySetInnerHTML with RSS feed content without sanitization creates an XSS vulnerability. The job descriptions from the external RSS feed should be sanitized using a library like DOMPurify before rendering.
| // Set session cookie | ||
| res.setHeader( | ||
| 'Set-Cookie', | ||
| `next-auth.session-token=${session.sessionToken}; Path=/; HttpOnly; SameSite=Lax; Max-Age=2592000` |
There was a problem hiding this comment.
The dev session cookie is missing the Secure flag. While this is a development-only feature, it's better practice to include the Secure flag even in dev mode to match production behavior and avoid potential security issues if this code is accidentally exposed.
| `next-auth.session-token=${session.sessionToken}; Path=/; HttpOnly; SameSite=Lax; Max-Age=2592000` | |
| `next-auth.session-token=${session.sessionToken}; Path=/; HttpOnly; SameSite=Lax; Max-Age=2592000; Secure` |
| } | ||
|
|
||
| const jobs: Job[] = feed.items.map((item, index) => { | ||
| const anyItem = item as any; |
There was a problem hiding this comment.
Using any type defeats TypeScript's type safety. Define a proper interface for the RSS feed item structure with the custom fields instead of using type assertion to any.
|
🔍 Code Quality Score Breakdown:
💡 Recommendations:
|
Add a complete job board integration that fetches jobs from Job Boardly's RSS feed and displays them behind authentication.
Features:
Navigation:
Technical Changes:
Access Control: