This commit is contained in:
2026-05-14 16:05:44 +01:00
parent a4931d3bbc
commit 91eb95520e
+57 -1
View File
@@ -2,8 +2,64 @@ import { defineConfig } from 'vite'
import react from '@vitejs/plugin-react'
import tailwindcss from '@tailwindcss/vite'
const MAX_TEAM_NAME_LENGTH = 80
function isAllowedApiUrl(req) {
if (req.method !== 'GET' && req.method !== 'HEAD') return false
const url = new URL(req.url, 'http://localhost')
const params = url.searchParams
if (url.pathname === '/api/tss/leaderboard/teams') {
const keys = [...params.keys()]
const limit = Number(params.get('limit') || 100)
return keys.every((key) => key === 'limit') && Number.isInteger(limit) && limit >= 1 && limit <= 100
}
if (url.pathname === '/api/tss/teams/resolve') {
const keys = [...params.keys()]
const name = params.get('name') || ''
return keys.every((key) => key === 'name') && name.length >= 2 && name.length <= MAX_TEAM_NAME_LENGTH
}
if ([...params.keys()].length) return false
try {
const match = url.pathname.match(/^\/api\/tss\/teams\/([^/]+)(?:\/(history|games))?$/)
const teamName = match ? decodeURIComponent(match[1]) : ''
return Boolean(teamName) && teamName.length <= MAX_TEAM_NAME_LENGTH
} catch {
return false
}
}
function apiGuard() {
return {
name: 'api-guard',
configureServer(server) {
server.middlewares.use((req, res, next) => {
if (!req.url?.startsWith('/api/')) {
next()
return
}
if (isAllowedApiUrl(req)) {
next()
return
}
res.writeHead(404, {
'content-type': 'application/json; charset=utf-8',
'x-content-type-options': 'nosniff',
})
res.end(JSON.stringify({ error: 'API route not found' }))
})
},
}
}
export default defineConfig({
plugins: [react(), tailwindcss()],
plugins: [apiGuard(), react(), tailwindcss()],
server: {
host: '0.0.0.0',
port: 3001,