generated from nhcarrigan/template
feat: client and server logic to manage announcements #3
@ -6,7 +6,7 @@
|
|||||||
"type": "module",
|
"type": "module",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
"lint": "eslint ./src --max-warnings 0",
|
"lint": "eslint ./src --max-warnings 0",
|
||||||
"dev": "op run --env-file=./dev.env -- tsx watch ./src/index.ts",
|
"dev": "NODE_ENV=dev op run --env-file=./dev.env -- tsx watch ./src/index.ts",
|
||||||
"build": "tsc",
|
"build": "tsc",
|
||||||
"start": "op run --env-file=./prod.env -- node ./prod/index.js",
|
"start": "op run --env-file=./prod.env -- node ./prod/index.js",
|
||||||
"test": "echo 'No tests yet' && exit 0"
|
"test": "echo 'No tests yet' && exit 0"
|
||||||
|
@ -6,6 +6,19 @@
|
|||||||
|
|
||||||
import type { onRequestHookHandler } from "fastify";
|
import type { onRequestHookHandler } from "fastify";
|
||||||
|
|
||||||
|
const isValidOrigin = (origin: string | undefined): boolean => {
|
||||||
|
if (origin === undefined) {
|
||||||
|
// We do not allow server-to-server requests.
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
if (process.env.NODE_ENV === "dev" && origin === "http://localhost:4200") {
|
||||||
|
// We allow the client to access the server when both are running locally.
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
// Otherwise, we only allow requests from our web application.
|
||||||
|
return origin === "https://hikari.nhcarrigan.com";
|
||||||
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Ensures that form submissions only come from our web application.
|
* Ensures that form submissions only come from our web application.
|
||||||
* @param request - The request payload from the server.
|
* @param request - The request payload from the server.
|
||||||
@ -17,13 +30,11 @@ export const corsHook: onRequestHookHandler = async(request, response) => {
|
|||||||
if (!request.url.startsWith("/submit")) {
|
if (!request.url.startsWith("/submit")) {
|
||||||
return undefined;
|
return undefined;
|
||||||
}
|
}
|
||||||
if (request.headers.origin !== "http://localhost:4200"
|
if (!isValidOrigin(request.headers.origin)) {
|
||||||
&& request.headers.origin !== "https://hikari.nhcarrigan.com") {
|
return await response.status(403).send({
|
||||||
console.log(request);
|
error:
|
||||||
return await response.
|
// eslint-disable-next-line stylistic/max-len -- This is a long error message.
|
||||||
status(403).
|
"This route is only accessible from our dashboard at https://hikari.nhcarrigan.com.",
|
||||||
send({
|
|
||||||
error: "This route is only accessible from our dashboard at https://hikari.nhcarrigan.com.",
|
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
return undefined;
|
return undefined;
|
||||||
|
Reference in New Issue
Block a user