From 860e636c6ede049297f465ee936abc122bb0f6f0 Mon Sep 17 00:00:00 2001
From: TomatoCake <60300461+DEVTomatoCake@users.noreply.github.com>
Date: Fri, 30 Aug 2024 14:49:27 +0200
Subject: [PATCH] Enforce RegEx no auth routes start

---
 src/api/middlewares/Authentication.ts | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/api/middlewares/Authentication.ts b/src/api/middlewares/Authentication.ts
index b7159b9d..b5204ffc 100644
--- a/src/api/middlewares/Authentication.ts
+++ b/src/api/middlewares/Authentication.ts
@@ -32,7 +32,7 @@ export const NO_AUTHORIZATION_ROUTES = [
 	"POST /auth/reset",
 	"GET /invites/",
 	// Routes with a seperate auth system
-	/(POST|HEAD) \/webhooks\/\d+\/\w+\/?/, // no token requires auth
+	/^(POST|HEAD) \/webhooks\/\d+\/\w+\/?/, // no token requires auth
 	// Public information endpoints
 	"GET /ping",
 	"GET /gateway",
@@ -51,11 +51,11 @@ export const NO_AUTHORIZATION_ROUTES = [
 	// Oauth callback
 	"/oauth2/callback",
 	// Asset delivery
-	/(GET|HEAD) \/guilds\/\d+\/widget\.(json|png)/,
+	/^(GET|HEAD) \/guilds\/\d+\/widget\.(json|png)/,
 	// Connections
-	/(POST|HEAD) \/connections\/\w+\/callback/,
+	/^(POST|HEAD) \/connections\/\w+\/callback/,
 	// Image proxy
-	/(GET|HEAD) \/imageproxy\/[A-Za-z0-9+/]\/\d+x\d+\/.+/,
+	/^(GET|HEAD) \/imageproxy\/[A-Za-z0-9+/]\/\d+x\d+\/.+/,
 ];
 
 export const API_PREFIX = /^\/api(\/v\d+)?/;