Code Room
Code reviewMediumcr-g026
Subject SsrfLevel Mid–Senior~25 minCommon in Code quality & review interviewsIndustries Software development

Question

Review this Node.js (Express) image-proxy used to thumbnail remote images.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjs
app.get('/thumb', async (req, res) => {  const src = req.query.src;  // only allow our CDN to avoid abuse  if (!src.startsWith('https://cdn.example.com')) {    return res.status(400).send('bad source');  }  const upstream = await fetch(src);  const buf = Buffer.from(await upstream.arrayBuffer());  const png = await sharp(buf).resize(200).png().toBuffer();  res.type('png').send(png);});
Run or narrate your approach, then ask the coach.