import { defineConfig } from 'vite' import react from '@vitejs/plugin-react' import tailwindcss from '@tailwindcss/vite' const MAX_TEAM_NAME_LENGTH = 80 function isAllowedApiUrl(req) { const url = new URL(req.url, 'http://localhost') const params = url.searchParams if (url.pathname === '/api/viewers' && (req.method === 'GET' || req.method === 'HEAD')) return true if (url.pathname === '/api/viewers/event' && req.method === 'POST') return true if (req.method !== 'GET' && req.method !== 'HEAD') return false if (url.pathname === '/api/tss/leaderboard/teams') { const keys = [...params.keys()] const limit = Number(params.get('limit') || 100) return keys.every((key) => key === 'limit') && Number.isInteger(limit) && limit >= 1 && limit <= 100 } if (url.pathname === '/api/tss/teams/resolve') { const keys = [...params.keys()] const name = params.get('name') || '' return keys.every((key) => key === 'name') && name.length >= 2 && name.length <= MAX_TEAM_NAME_LENGTH } if ([...params.keys()].length) return false try { const match = url.pathname.match(/^\/api\/tss\/teams\/([^/]+)(?:\/(history|games))?$/) const teamName = match ? decodeURIComponent(match[1]) : '' return Boolean(teamName) && teamName.length <= MAX_TEAM_NAME_LENGTH } catch { return false } } function apiGuard() { return { name: 'api-guard', configureServer(server) { server.middlewares.use((req, res, next) => { if (!req.url?.startsWith('/api/')) { next() return } if (isAllowedApiUrl(req)) { next() return } res.writeHead(404, { 'content-type': 'application/json; charset=utf-8', 'x-content-type-options': 'nosniff', }) res.end(JSON.stringify({ error: 'API route not found' })) }) }, } } export default defineConfig({ plugins: [apiGuard(), react(), tailwindcss()], server: { host: '0.0.0.0', port: 3001, proxy: { '/api': { target: process.env.VITE_API_TARGET ?? 'http://localhost:6000', changeOrigin: true, }, '/health': { target: process.env.VITE_API_TARGET ?? 'http://localhost:6000', changeOrigin: true, }, }, }, })