Merge pull request #1197 from DEVTomatoCake/feat/improve-no-authorization-routes
Add method to NO_AUTHORIZATION_ROUTES
This commit is contained in:
Madeline
GitHub
commit
e3707e6a56
@ -10936,13 +10936,8 @@
|
|||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"/scheduled-maintenances/upcoming_json/scheduled-maintenances/upcoming.json": {
|
"/scheduled-maintenances/upcoming.json/": {
|
||||||
"get": {
|
"get": {
|
||||||
"security": [
|
|
||||||
{
|
|
||||||
"bearer": []
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"responses": {
|
"responses": {
|
||||||
"default": {
|
"default": {
|
||||||
"description": "No description available"
|
"description": "No description available"
|
||||||
@ -10950,12 +10945,6 @@
|
|||||||
},
|
},
|
||||||
"tags": [
|
"tags": [
|
||||||
"scheduled-maintenances"
|
"scheduled-maintenances"
|
||||||
],
|
|
||||||
"x-badges": [
|
|
||||||
{
|
|
||||||
"label": "Spacebar-only",
|
|
||||||
"color": "red"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
@ -11341,11 +11330,6 @@
|
|||||||
},
|
},
|
||||||
"/invites/{code}": {
|
"/invites/{code}": {
|
||||||
"get": {
|
"get": {
|
||||||
"security": [
|
|
||||||
{
|
|
||||||
"bearer": []
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"responses": {
|
"responses": {
|
||||||
"200": {
|
"200": {
|
||||||
"description": "",
|
"description": "",
|
||||||
|
|||||||
@ -134,8 +134,9 @@ function apiRoutes(missingRoutes) {
|
|||||||
|
|
||||||
if (
|
if (
|
||||||
!NO_AUTHORIZATION_ROUTES.some((x) => {
|
!NO_AUTHORIZATION_ROUTES.some((x) => {
|
||||||
if (typeof x === "string") return path.startsWith(x);
|
if (typeof x === "string")
|
||||||
return x.test(path);
|
return (method.toUpperCase() + " " + path).startsWith(x);
|
||||||
|
return x.test(method.toUpperCase() + " " + path);
|
||||||
})
|
})
|
||||||
) {
|
) {
|
||||||
obj.security = [{ bearer: [] }];
|
obj.security = [{ bearer: [] }];
|
||||||
|
|||||||
@ -23,37 +23,37 @@ import { HTTPError } from "lambert-server";
|
|||||||
|
|
||||||
export const NO_AUTHORIZATION_ROUTES = [
|
export const NO_AUTHORIZATION_ROUTES = [
|
||||||
// Authentication routes
|
// Authentication routes
|
||||||
"/auth/login",
|
"POST /auth/login",
|
||||||
"/auth/register",
|
"POST /auth/register",
|
||||||
"/auth/location-metadata",
|
"GET /auth/location-metadata",
|
||||||
"/auth/mfa/totp",
|
"POST /auth/mfa/",
|
||||||
"/auth/mfa/webauthn",
|
"POST /auth/verify",
|
||||||
"/auth/verify",
|
"POST /auth/forgot",
|
||||||
"/auth/forgot",
|
"POST /auth/reset",
|
||||||
"/auth/reset",
|
"GET /invites/",
|
||||||
// Routes with a seperate auth system
|
// Routes with a seperate auth system
|
||||||
/\/webhooks\/\d+\/\w+\/?/, // no token requires auth
|
/POST \/webhooks\/\d+\/\w+\/?/, // no token requires auth
|
||||||
// Public information endpoints
|
// Public information endpoints
|
||||||
"/ping",
|
"GET /ping",
|
||||||
"/gateway",
|
"GET /gateway",
|
||||||
"/experiments",
|
"GET /experiments",
|
||||||
"/updates",
|
"GET /updates",
|
||||||
"/download",
|
"GET /download",
|
||||||
"/scheduled-maintenances/upcoming.json",
|
"GET /scheduled-maintenances/upcoming.json",
|
||||||
// Public kubernetes integration
|
// Public kubernetes integration
|
||||||
"/-/readyz",
|
"GET /-/readyz",
|
||||||
"/-/healthz",
|
"GET /-/healthz",
|
||||||
// Client analytics
|
// Client analytics
|
||||||
"/science",
|
"POST /science",
|
||||||
"/track",
|
"POST /track",
|
||||||
// Public policy pages
|
// Public policy pages
|
||||||
"/policies/instance",
|
"GET /policies/instance/",
|
||||||
// Oauth callback
|
// Oauth callback
|
||||||
"/oauth2/callback",
|
"/oauth2/callback",
|
||||||
// Asset delivery
|
// Asset delivery
|
||||||
/\/guilds\/\d+\/widget\.(json|png)/,
|
/GET \/guilds\/\d+\/widget\.(json|png)/,
|
||||||
// Connections
|
// Connections
|
||||||
/\/connections\/\w+\/callback/,
|
/POST \/connections\/\w+\/callback/,
|
||||||
];
|
];
|
||||||
|
|
||||||
export const API_PREFIX = /^\/api(\/v\d+)?/;
|
export const API_PREFIX = /^\/api(\/v\d+)?/;
|
||||||
@ -78,11 +78,11 @@ export async function Authentication(
|
|||||||
) {
|
) {
|
||||||
if (req.method === "OPTIONS") return res.sendStatus(204);
|
if (req.method === "OPTIONS") return res.sendStatus(204);
|
||||||
const url = req.url.replace(API_PREFIX, "");
|
const url = req.url.replace(API_PREFIX, "");
|
||||||
if (url.startsWith("/invites") && req.method === "GET") return next();
|
|
||||||
if (
|
if (
|
||||||
NO_AUTHORIZATION_ROUTES.some((x) => {
|
NO_AUTHORIZATION_ROUTES.some((x) => {
|
||||||
if (typeof x === "string") return url.startsWith(x);
|
if (typeof x === "string")
|
||||||
return x.test(url);
|
return (req.method + " " + url).startsWith(x);
|
||||||
|
return x.test(req.method + " " + url);
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
return next();
|
return next();
|
||||||
|
|||||||
@ -20,15 +20,11 @@ import { Router, Request, Response } from "express";
|
|||||||
import { route } from "@spacebar/api";
|
import { route } from "@spacebar/api";
|
||||||
const router = Router();
|
const router = Router();
|
||||||
|
|
||||||
router.get(
|
router.get("/", route({}), async (req: Request, res: Response) => {
|
||||||
"/scheduled-maintenances/upcoming.json",
|
|
||||||
route({}),
|
|
||||||
async (req: Request, res: Response) => {
|
|
||||||
res.json({
|
res.json({
|
||||||
page: {},
|
page: {},
|
||||||
scheduled_maintenances: {},
|
scheduled_maintenances: {},
|
||||||
});
|
});
|
||||||
},
|
});
|
||||||
);
|
|
||||||
|
|
||||||
export default router;
|
export default router;
|
||||||
Loading…
x
Reference in New Issue
Block a user