feat: client and server logic to manage announcements (#3)

### Explanation

_No response_

### Issue

_No response_

### Attestations

- [x] I have read and agree to the [Code of Conduct](https://docs.nhcarrigan.com/community/coc/)
- [x] I have read and agree to the [Community Guidelines](https://docs.nhcarrigan.com/community/guide/).
- [x] My contribution complies with the [Contributor Covenant](https://docs.nhcarrigan.com/dev/covenant/).

### Dependencies

- [x] I have pinned the dependencies to a specific patch version.

### Style

- [x] I have run the linter and resolved any errors.
- [x] My pull request uses an appropriate title, matching the conventional commit standards.
- [x] My scope of feat/fix/chore/etc. correctly matches the nature of changes in my pull request.

### Tests

- [ ] My contribution adds new code, and I have added tests to cover it.
- [ ] My contribution modifies existing code, and I have updated the tests to reflect these changes.
- [ ] All new and existing tests pass locally with my changes.
- [ ] Code coverage remains at or above the configured threshold.

### Documentation

_No response_

### Versioning

_No response_

Reviewed-on: #3
Co-authored-by: Naomi Carrigan <commits@nhcarrigan.com>
Co-committed-by: Naomi Carrigan <commits@nhcarrigan.com>

server/src/hooks/cors.ts

@@ -0,0 +1,42 @@
+/**
+ * @copyright nhcarrigan
+ * @license Naomi's Public License
+ * @author Naomi Carrigan
+ */
+
+import { routesWithoutCors } from "../config/routesWithoutCors.js";
+import type { onRequestHookHandler } from "fastify";
+
+const isValidOrigin = (origin: string | undefined): boolean => {
+  if (origin === undefined) {
+    // We do not allow server-to-server requests.
+    return false;
+  }
+  if (process.env.NODE_ENV === "dev" && origin === "http://localhost:4200") {
+    // We allow the client to access the server when both are running locally.
+    return true;
+  }
+  // Otherwise, we only allow requests from our web application.
+  return origin === "https://hikari.nhcarrigan.com";
+};
+
+/**
+ * Ensures that form submissions only come from our web application.
+ * @param request - The request payload from the server.
+ * @param response - The reply handler from Fastify.
+ * @returns A Fastify reply if the request is invalid, otherwise undefined.
+ */
+// eslint-disable-next-line @typescript-eslint/no-misused-promises -- For reasons I cannot comprehend, Fastify seems to require us to return a request?
+export const corsHook: onRequestHookHandler = async(request, response) => {
+  if (routesWithoutCors.includes(request.url)) {
+    return undefined;
+  }
+  if (!isValidOrigin(request.headers.origin)) {
+    return await response.status(403).send({
+      error:
+        // eslint-disable-next-line stylistic/max-len -- This is a long error message.
+        "This route is only accessible from our dashboard at https://hikari.nhcarrigan.com.",
+    });
+  }
+  return undefined;
+};

server/src/hooks/ips.ts

@@ -0,0 +1,36 @@
+/**
+ * @copyright nhcarrigan
+ * @license Naomi's Public License
+ * @author Naomi Carrigan
+ */
+
+import { blockedIps } from "../cache/blockedIps.js";
+import { getIpFromRequest } from "../modules/getIpFromRequest.js";
+import type { onRequestHookHandler } from "fastify";
+
+/**
+ * Ensures that form submissions only come from our web application.
+ * @param request - The request payload from the server.
+ * @param response - The reply handler from Fastify.
+ * @returns A Fastify reply if the request is invalid, otherwise undefined.
+ */
+// eslint-disable-next-line @typescript-eslint/no-misused-promises -- For reasons I cannot comprehend, Fastify seems to require us to return a request?
+export const ipHook: onRequestHookHandler = async(request, response) => {
+  const ip = getIpFromRequest(request);
+  const ipRecord = blockedIps.find(
+    (record) => {
+      return record.ip === ip && record.ttl > new Date();
+    },
+  );
+  if (ipRecord && ipRecord.ttl > new Date()) {
+    return await response.
+      status(403).
+      send({
+        error: `Your IP address (${ipRecord.ip}) has been blocked until ${ipRecord.ttl.toISOString()}, to protect our API against brute-force attacks.`,
+      });
+  }
+  if (ipRecord && ipRecord.ttl <= new Date()) {
+    blockedIps.splice(blockedIps.indexOf(ipRecord), 1);
+  }
+  return undefined;
+};