api: fix accept & content-type validation when not using authentication
This commit is contained in:
parent
baddb13470
commit
29f967a3ec
1 changed files with 12 additions and 8 deletions
|
@ -105,6 +105,18 @@ export const runAPI = (express, app, __dirname) => {
|
|||
app.post('/', apiLimiter);
|
||||
app.use('/tunnel', apiLimiterStream);
|
||||
|
||||
app.post('/', (req, res, next) => {
|
||||
if (!acceptRegex.test(req.header('Accept'))) {
|
||||
return fail(res, "error.api.header.accept");
|
||||
}
|
||||
|
||||
if (!acceptRegex.test(req.header('Content-Type'))) {
|
||||
return fail(res, "error.api.header.content_type");
|
||||
}
|
||||
|
||||
next();
|
||||
});
|
||||
|
||||
app.post('/', (req, res, next) => {
|
||||
if (!env.turnstileSecret || !env.jwtSecret) {
|
||||
return next();
|
||||
|
@ -128,14 +140,6 @@ export const runAPI = (express, app, __dirname) => {
|
|||
return fail(res, "error.api.auth.jwt.invalid");
|
||||
}
|
||||
|
||||
if (!acceptRegex.test(req.header('Accept'))) {
|
||||
return fail(res, "error.api.header.accept");
|
||||
}
|
||||
|
||||
if (!acceptRegex.test(req.header('Content-Type'))) {
|
||||
return fail(res, "error.api.header.content_type");
|
||||
}
|
||||
|
||||
req.authorized = true;
|
||||
} catch {
|
||||
return fail(res, "error.api.generic");
|
||||
|
|
Loading…
Reference in a new issue