bug fix
This commit is contained in:
+57
-1
@@ -2,8 +2,64 @@ import { defineConfig } from 'vite'
|
||||
import react from '@vitejs/plugin-react'
|
||||
import tailwindcss from '@tailwindcss/vite'
|
||||
|
||||
const MAX_TEAM_NAME_LENGTH = 80
|
||||
|
||||
function isAllowedApiUrl(req) {
|
||||
if (req.method !== 'GET' && req.method !== 'HEAD') return false
|
||||
|
||||
const url = new URL(req.url, 'http://localhost')
|
||||
const params = url.searchParams
|
||||
|
||||
if (url.pathname === '/api/tss/leaderboard/teams') {
|
||||
const keys = [...params.keys()]
|
||||
const limit = Number(params.get('limit') || 100)
|
||||
return keys.every((key) => key === 'limit') && Number.isInteger(limit) && limit >= 1 && limit <= 100
|
||||
}
|
||||
|
||||
if (url.pathname === '/api/tss/teams/resolve') {
|
||||
const keys = [...params.keys()]
|
||||
const name = params.get('name') || ''
|
||||
return keys.every((key) => key === 'name') && name.length >= 2 && name.length <= MAX_TEAM_NAME_LENGTH
|
||||
}
|
||||
|
||||
if ([...params.keys()].length) return false
|
||||
|
||||
try {
|
||||
const match = url.pathname.match(/^\/api\/tss\/teams\/([^/]+)(?:\/(history|games))?$/)
|
||||
const teamName = match ? decodeURIComponent(match[1]) : ''
|
||||
return Boolean(teamName) && teamName.length <= MAX_TEAM_NAME_LENGTH
|
||||
} catch {
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
function apiGuard() {
|
||||
return {
|
||||
name: 'api-guard',
|
||||
configureServer(server) {
|
||||
server.middlewares.use((req, res, next) => {
|
||||
if (!req.url?.startsWith('/api/')) {
|
||||
next()
|
||||
return
|
||||
}
|
||||
|
||||
if (isAllowedApiUrl(req)) {
|
||||
next()
|
||||
return
|
||||
}
|
||||
|
||||
res.writeHead(404, {
|
||||
'content-type': 'application/json; charset=utf-8',
|
||||
'x-content-type-options': 'nosniff',
|
||||
})
|
||||
res.end(JSON.stringify({ error: 'API route not found' }))
|
||||
})
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
export default defineConfig({
|
||||
plugins: [react(), tailwindcss()],
|
||||
plugins: [apiGuard(), react(), tailwindcss()],
|
||||
server: {
|
||||
host: '0.0.0.0',
|
||||
port: 3001,
|
||||
|
||||
Reference in New Issue
Block a user