Merge pull request #1197 from DEVTomatoCake/feat/improve-no-authorization-routes

Add method to NO_AUTHORIZATION_ROUTES

assets/openapi.json

@@ -10936,13 +10936,8 @@
                 ]
             }
         },
-        "/scheduled-maintenances/upcoming_json/scheduled-maintenances/upcoming.json": {
+        "/scheduled-maintenances/upcoming.json/": {
             "get": {
-                "security": [
-                    {
-                        "bearer": []
-                    }
-                ],
                 "responses": {
                     "default": {
                         "description": "No description available"
@@ -10950,12 +10945,6 @@
                 },
                 "tags": [
                     "scheduled-maintenances"
-                ],
-                "x-badges": [
-                    {
-                        "label": "Spacebar-only",
-                        "color": "red"
-                    }
                 ]
             }
         },
@@ -11341,11 +11330,6 @@
         },
         "/invites/{code}": {
             "get": {
-                "security": [
-                    {
-                        "bearer": []
-                    }
-                ],
                 "responses": {
                     "200": {
                         "description": "",

scripts/openapi.js

@@ -134,8 +134,9 @@ function apiRoutes(missingRoutes) {
 
 		if (
 			!NO_AUTHORIZATION_ROUTES.some((x) => {
-				if (typeof x === "string") return path.startsWith(x);
+				if (typeof x === "string")
-				return x.test(path);
+					return (method.toUpperCase() + " " + path).startsWith(x);
+				return x.test(method.toUpperCase() + " " + path);
 			})
 		) {
 			obj.security = [{ bearer: [] }];

src/api/middlewares/Authentication.ts

@@ -1,17 +1,17 @@
 /*
 	Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
 	Copyright (C) 2023 Spacebar and Spacebar Contributors
-	
+
 	This program is free software: you can redistribute it and/or modify
 	it under the terms of the GNU Affero General Public License as published
 	by the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
-	
+
 	This program is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 	GNU Affero General Public License for more details.
-	
+
 	You should have received a copy of the GNU Affero General Public License
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
@@ -23,37 +23,37 @@ import { HTTPError } from "lambert-server";
 
 export const NO_AUTHORIZATION_ROUTES = [
 	// Authentication routes
-	"/auth/login",
+	"POST /auth/login",
-	"/auth/register",
+	"POST /auth/register",
-	"/auth/location-metadata",
+	"GET /auth/location-metadata",
-	"/auth/mfa/totp",
+	"POST /auth/mfa/",
-	"/auth/mfa/webauthn",
+	"POST /auth/verify",
-	"/auth/verify",
+	"POST /auth/forgot",
-	"/auth/forgot",
+	"POST /auth/reset",
-	"/auth/reset",
+	"GET /invites/",
 	// Routes with a seperate auth system
-	/\/webhooks\/\d+\/\w+\/?/, // no token requires auth
+	/POST \/webhooks\/\d+\/\w+\/?/, // no token requires auth
 	// Public information endpoints
-	"/ping",
+	"GET /ping",
-	"/gateway",
+	"GET /gateway",
-	"/experiments",
+	"GET /experiments",
-	"/updates",
+	"GET /updates",
-	"/download",
+	"GET /download",
-	"/scheduled-maintenances/upcoming.json",
+	"GET /scheduled-maintenances/upcoming.json",
 	// Public kubernetes integration
-	"/-/readyz",
+	"GET /-/readyz",
-	"/-/healthz",
+	"GET /-/healthz",
 	// Client analytics
-	"/science",
+	"POST /science",
-	"/track",
+	"POST /track",
 	// Public policy pages
-	"/policies/instance",
+	"GET /policies/instance/",
 	// Oauth callback
 	"/oauth2/callback",
 	// Asset delivery
-	/\/guilds\/\d+\/widget\.(json|png)/,
+	/GET \/guilds\/\d+\/widget\.(json|png)/,
 	// Connections
-	/\/connections\/\w+\/callback/,
+	/POST \/connections\/\w+\/callback/,
 ];
 
 export const API_PREFIX = /^\/api(\/v\d+)?/;
@@ -78,11 +78,11 @@ export async function Authentication(
 ) {
 	if (req.method === "OPTIONS") return res.sendStatus(204);
 	const url = req.url.replace(API_PREFIX, "");
-	if (url.startsWith("/invites") && req.method === "GET") return next();
 	if (
 		NO_AUTHORIZATION_ROUTES.some((x) => {
-			if (typeof x === "string") return url.startsWith(x);
+			if (typeof x === "string")
-			return x.test(url);
+				return (req.method + " " + url).startsWith(x);
+			return x.test(req.method + " " + url);
 		})
 	)
 		return next();

src/api/routes/scheduled-maintenances/upcoming.json.ts

@@ -1,17 +1,17 @@
 /*
 	Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
 	Copyright (C) 2023 Spacebar and Spacebar Contributors
-	
+
 	This program is free software: you can redistribute it and/or modify
 	it under the terms of the GNU Affero General Public License as published
 	by the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
-	
+
 	This program is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 	GNU Affero General Public License for more details.
-	
+
 	You should have received a copy of the GNU Affero General Public License
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
@@ -20,15 +20,11 @@ import { Router, Request, Response } from "express";
 import { route } from "@spacebar/api";
 const router = Router();
 
-router.get(
+router.get("/", route({}), async (req: Request, res: Response) => {
-	"/scheduled-maintenances/upcoming.json",
+	res.json({
-	route({}),
+		page: {},
-	async (req: Request, res: Response) => {
+		scheduled_maintenances: {},
-		res.json({
+	});
-			page: {},
+});
-			scheduled_maintenances: {},
-		});
-	},
-);
 
 export default router;