Dekescordes/spacebar
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add method to NO_AUTHORIZATION_ROUTES

Browse Source
This commit is contained in:
TomatoCake 2024-08-24 08:43:22 +02:00
parent 2f0dabc8e9
commit 74f20898a3
4 changed files with 34 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
assets/openapi.json
View File

@ -10936,13 +10936,8 @@
] ]
} }
}, },
"/scheduled-maintenances/upcoming_json/scheduled-maintenances/upcoming.json": { "/scheduled-maintenances/upcoming.json/": {
"get": { "get": {
"security": [
{
"bearer": []
}
],
"responses": { "responses": {
"default": { "default": {
"description": "No description available" "description": "No description available"
@ -10950,12 +10945,6 @@
}, },
"tags": [ "tags": [
"scheduled-maintenances" "scheduled-maintenances"
],
"x-badges": [
{
"label": "Spacebar-only",
"color": "red"
}
] ]
} }
}, },
@ -11341,11 +11330,6 @@
}, },
"/invites/{code}": { "/invites/{code}": {
"get": { "get": {
"security": [
{
"bearer": []
}
],
"responses": { "responses": {
"200": { "200": {
"description": "", "description": "",

4
scripts/openapi.js
View File

@ -134,8 +134,8 @@ function apiRoutes(missingRoutes) {
if ( if (
!NO_AUTHORIZATION_ROUTES.some((x) => { !NO_AUTHORIZATION_ROUTES.some((x) => {
if (typeof x === "string") return path.startsWith(x); if (typeof x === "string") return (method.toUpperCase() + " " + path).startsWith(x);
return x.test(path); return x.test(method.toUpperCase() + " " + path);
}) })
) { ) {
obj.security = [{ bearer: [] }]; obj.security = [{ bearer: [] }];

55
src/api/middlewares/Authentication.ts
View File

@ -1,17 +1,17 @@
/* /*
Spacebar: A FOSS re-implementation and extension of the Discord.com backend. Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
Copyright (C) 2023 Spacebar and Spacebar Contributors Copyright (C) 2023 Spacebar and Spacebar Contributors
This program is free software: you can redistribute it and/or modify This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version. (at your option) any later version.
This program is distributed in the hope that it will be useful, This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details. GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>. along with this program. If not, see <https://www.gnu.org/licenses/>.
*/ */
@ -23,37 +23,37 @@ import { HTTPError } from "lambert-server";
export const NO_AUTHORIZATION_ROUTES = [ export const NO_AUTHORIZATION_ROUTES = [
// Authentication routes // Authentication routes
"/auth/login", "POST /auth/login",
"/auth/register", "POST /auth/register",
"/auth/location-metadata", "GET /auth/location-metadata",
"/auth/mfa/totp", "POST /auth/mfa/",
"/auth/mfa/webauthn", "POST /auth/verify",
"/auth/verify", "POST /auth/forgot",
"/auth/forgot", "POST /auth/reset",
"/auth/reset", "GET /invites/",
// Routes with a seperate auth system // Routes with a seperate auth system
/\/webhooks\/\d+\/\w+\/?/, // no token requires auth /POST \/webhooks\/\d+\/\w+\/?/, // no token requires auth
// Public information endpoints // Public information endpoints
"/ping", "GET /ping",
"/gateway", "GET /gateway",
"/experiments", "GET /experiments",
"/updates", "GET /updates",
"/download", "GET /download",
"/scheduled-maintenances/upcoming.json", "GET /scheduled-maintenances/upcoming.json",
// Public kubernetes integration // Public kubernetes integration
"/-/readyz", "GET /-/readyz",
"/-/healthz", "GET /-/healthz",
// Client analytics // Client analytics
"/science", "POST /science",
"/track", "POST /track",
// Public policy pages // Public policy pages
"/policies/instance", "GET /policies/instance/",
// Oauth callback // Oauth callback
"/oauth2/callback", "/oauth2/callback",
// Asset delivery // Asset delivery
/\/guilds\/\d+\/widget\.(json|png)/, /GET \/guilds\/\d+\/widget\.(json|png)/,
// Connections // Connections
/\/connections\/\w+\/callback/, /POST \/connections\/\w+\/callback/,
]; ];
export const API_PREFIX = /^\/api(\/v\d+)?/; export const API_PREFIX = /^\/api(\/v\d+)?/;
@ -78,11 +78,10 @@ export async function Authentication(
) { ) {
if (req.method === "OPTIONS") return res.sendStatus(204); if (req.method === "OPTIONS") return res.sendStatus(204);
const url = req.url.replace(API_PREFIX, ""); const url = req.url.replace(API_PREFIX, "");
if (url.startsWith("/invites") && req.method === "GET") return next();
if ( if (
NO_AUTHORIZATION_ROUTES.some((x) => { NO_AUTHORIZATION_ROUTES.some((x) => {
if (typeof x === "string") return url.startsWith(x); if (typeof x === "string") return (req.method + " " + url).startsWith(x);
return x.test(url); return x.test(req.method + " " + url);
}) })
) )
return next(); return next();

8
src/api/routes/scheduled-maintenances/upcoming_json.ts → src/api/routes/scheduled-maintenances/upcoming.json.ts
View File

@ -1,17 +1,17 @@
/* /*
Spacebar: A FOSS re-implementation and extension of the Discord.com backend. Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
Copyright (C) 2023 Spacebar and Spacebar Contributors Copyright (C) 2023 Spacebar and Spacebar Contributors
This program is free software: you can redistribute it and/or modify This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version. (at your option) any later version.
This program is distributed in the hope that it will be useful, This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details. GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>. along with this program. If not, see <https://www.gnu.org/licenses/>.
*/ */
@ -21,7 +21,7 @@ import { route } from "@spacebar/api";
const router = Router(); const router = Router();
router.get( router.get(
"/scheduled-maintenances/upcoming.json", "/",
route({}), route({}),
async (req: Request, res: Response) => { async (req: Request, res: Response) => {
res.json({ res.json({