81 lines
2.2 KiB
JavaScript
81 lines
2.2 KiB
JavaScript
import { defineConfig } from 'vite'
|
|
import react from '@vitejs/plugin-react'
|
|
import tailwindcss from '@tailwindcss/vite'
|
|
|
|
const MAX_TEAM_NAME_LENGTH = 80
|
|
|
|
function isAllowedApiUrl(req) {
|
|
const url = new URL(req.url, 'http://localhost')
|
|
const params = url.searchParams
|
|
|
|
if (url.pathname === '/api/viewers' && (req.method === 'GET' || req.method === 'HEAD')) return true
|
|
if (url.pathname === '/api/viewers/event' && req.method === 'POST') return true
|
|
|
|
if (req.method !== 'GET' && req.method !== 'HEAD') return false
|
|
|
|
if (url.pathname === '/api/tss/leaderboard/teams') {
|
|
const keys = [...params.keys()]
|
|
const limit = Number(params.get('limit') || 100)
|
|
return keys.every((key) => key === 'limit') && Number.isInteger(limit) && limit >= 1 && limit <= 100
|
|
}
|
|
|
|
if (url.pathname === '/api/tss/teams/resolve') {
|
|
const keys = [...params.keys()]
|
|
const name = params.get('name') || ''
|
|
return keys.every((key) => key === 'name') && name.length >= 2 && name.length <= MAX_TEAM_NAME_LENGTH
|
|
}
|
|
|
|
if ([...params.keys()].length) return false
|
|
|
|
try {
|
|
const match = url.pathname.match(/^\/api\/tss\/teams\/([^/]+)(?:\/(history|games))?$/)
|
|
const teamName = match ? decodeURIComponent(match[1]) : ''
|
|
return Boolean(teamName) && teamName.length <= MAX_TEAM_NAME_LENGTH
|
|
} catch {
|
|
return false
|
|
}
|
|
}
|
|
|
|
function apiGuard() {
|
|
return {
|
|
name: 'api-guard',
|
|
configureServer(server) {
|
|
server.middlewares.use((req, res, next) => {
|
|
if (!req.url?.startsWith('/api/')) {
|
|
next()
|
|
return
|
|
}
|
|
|
|
if (isAllowedApiUrl(req)) {
|
|
next()
|
|
return
|
|
}
|
|
|
|
res.writeHead(404, {
|
|
'content-type': 'application/json; charset=utf-8',
|
|
'x-content-type-options': 'nosniff',
|
|
})
|
|
res.end(JSON.stringify({ error: 'API route not found' }))
|
|
})
|
|
},
|
|
}
|
|
}
|
|
|
|
export default defineConfig({
|
|
plugins: [apiGuard(), react(), tailwindcss()],
|
|
server: {
|
|
host: '0.0.0.0',
|
|
port: 3001,
|
|
proxy: {
|
|
'/api': {
|
|
target: process.env.VITE_API_TARGET ?? 'http://localhost:6000',
|
|
changeOrigin: true,
|
|
},
|
|
'/health': {
|
|
target: process.env.VITE_API_TARGET ?? 'http://localhost:6000',
|
|
changeOrigin: true,
|
|
},
|
|
},
|
|
},
|
|
})
|