import path from 'node:path' import { execSync } from 'node:child_process' import { defineConfig } from 'vite' import react from '@vitejs/plugin-react' import tailwindcss from '@tailwindcss/vite' const MAX_TEAM_NAME_LENGTH = 80 function siteVersion() { try { const count = execSync('git rev-list --count HEAD', { cwd: __dirname, encoding: 'utf8', stdio: ['ignore', 'pipe', 'ignore'], }).trim() return `1.0.${Number(count) || 0}` } catch { return '1.0.0' } } function isAllowedApiUrl(req) { const url = new URL(req.url, 'http://localhost') const params = url.searchParams if (url.pathname === '/api/viewers' && (req.method === 'GET' || req.method === 'HEAD')) return true if (url.pathname === '/api/viewers/event' && req.method === 'POST') return true if (req.method !== 'GET' && req.method !== 'HEAD') return false if (url.pathname === '/api/tss/tournaments') return true if (/^\/api\/tss\/tournaments\/[^/]+$/.test(url.pathname)) return true if (url.pathname === '/api/tss/leaderboard/teams') { const keys = [...params.keys()] const limit = Number(params.get('limit') || 100) return keys.every((key) => key === 'limit') && Number.isInteger(limit) && limit >= 1 && limit <= 100 } if (url.pathname === '/api/tss/leaderboard/players') { const keys = [...params.keys()] const limit = Number(params.get('limit') || 100) return keys.every((key) => key === 'limit') && Number.isInteger(limit) && limit >= 1 && limit <= 100 } if (url.pathname === '/api/tss/games/recent') { const keys = [...params.keys()] const limit = Number(params.get('limit') || 50) return keys.every((key) => key === 'limit') && Number.isInteger(limit) && limit >= 1 && limit <= 100 } if (/^\/api\/tss\/games\/[A-Za-z0-9_-]{1,96}$/.test(url.pathname)) { const keys = [...params.keys()] const lang = params.get('lang') || 'en' return keys.every((key) => key === 'lang') && /^[A-Za-z-]{2,8}$/.test(lang) } if (/^\/api\/tss\/games\/[A-Za-z0-9_-]{1,96}\/logs$/.test(url.pathname)) { return [...params.keys()].length === 0 } if (url.pathname === '/api/tss/teams/resolve') { const keys = [...params.keys()] const name = params.get('name') || '' return keys.every((key) => key === 'name') && name.length >= 2 && name.length <= MAX_TEAM_NAME_LENGTH } if (url.pathname === '/api/tss/teams/search') { const keys = [...params.keys()] const query = params.get('q') || params.get('name') || '' const limit = Number(params.get('limit') || 10) return ( keys.every((key) => ['q', 'name', 'limit'].includes(key)) && query.length >= 2 && query.length <= MAX_TEAM_NAME_LENGTH && Number.isInteger(limit) && limit >= 1 && limit <= 20 ) } if (url.pathname === '/api/tss/players/search') { const keys = [...params.keys()] const query = params.get('q') || params.get('name') || '' const limit = Number(params.get('limit') || 25) return ( keys.every((key) => ['q', 'name', 'limit'].includes(key)) && query.length >= 2 && query.length <= MAX_TEAM_NAME_LENGTH && Number.isInteger(limit) && limit >= 1 && limit <= 25 ) } if (/^\/api\/tss\/player\/[0-9]{1,32}$/.test(url.pathname)) { return [...params.keys()].length === 0 } if ([...params.keys()].length) return false try { const match = url.pathname.match(/^\/api\/tss\/teams\/([^/]+)(?:\/(history|games))?$/) const teamName = match ? decodeURIComponent(match[1]) : '' return Boolean(teamName) && teamName.length <= MAX_TEAM_NAME_LENGTH } catch { return false } } function apiGuard() { return { name: 'api-guard', configureServer(server) { server.middlewares.use(async (req, res, next) => { if (!req.url?.startsWith('/api/')) { next() return } if (isAllowedApiUrl(req)) { next() return } res.writeHead(404, { 'content-type': 'application/json; charset=utf-8', 'x-content-type-options': 'nosniff', }) res.end(JSON.stringify({ error: 'API route not found' })) }) }, } } export default defineConfig(() => { return { root: path.resolve(__dirname, 'frontend'), publicDir: path.resolve(__dirname, 'frontend/public'), plugins: [apiGuard(), react(), tailwindcss()], define: { 'import.meta.env.VITE_SITE_VERSION': JSON.stringify(siteVersion()), }, build: { outDir: path.resolve(__dirname, 'dist'), emptyOutDir: true, }, server: { host: '0.0.0.0', port: 3001, proxy: { '/api': { target: process.env.VITE_API_TARGET ?? 'http://localhost:6000', changeOrigin: true, }, '/health': { target: process.env.VITE_API_TARGET ?? 'http://localhost:6000', changeOrigin: true, }, }, }, } })