api: fix accept & content-type validation when not using authentication
This commit is contained in:
parent
baddb13470
commit
29f967a3ec
1 changed files with 12 additions and 8 deletions
|
@ -105,6 +105,18 @@ export const runAPI = (express, app, __dirname) => {
|
||||||
app.post('/', apiLimiter);
|
app.post('/', apiLimiter);
|
||||||
app.use('/tunnel', apiLimiterStream);
|
app.use('/tunnel', apiLimiterStream);
|
||||||
|
|
||||||
|
app.post('/', (req, res, next) => {
|
||||||
|
if (!acceptRegex.test(req.header('Accept'))) {
|
||||||
|
return fail(res, "error.api.header.accept");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!acceptRegex.test(req.header('Content-Type'))) {
|
||||||
|
return fail(res, "error.api.header.content_type");
|
||||||
|
}
|
||||||
|
|
||||||
|
next();
|
||||||
|
});
|
||||||
|
|
||||||
app.post('/', (req, res, next) => {
|
app.post('/', (req, res, next) => {
|
||||||
if (!env.turnstileSecret || !env.jwtSecret) {
|
if (!env.turnstileSecret || !env.jwtSecret) {
|
||||||
return next();
|
return next();
|
||||||
|
@ -128,14 +140,6 @@ export const runAPI = (express, app, __dirname) => {
|
||||||
return fail(res, "error.api.auth.jwt.invalid");
|
return fail(res, "error.api.auth.jwt.invalid");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!acceptRegex.test(req.header('Accept'))) {
|
|
||||||
return fail(res, "error.api.header.accept");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!acceptRegex.test(req.header('Content-Type'))) {
|
|
||||||
return fail(res, "error.api.header.content_type");
|
|
||||||
}
|
|
||||||
|
|
||||||
req.authorized = true;
|
req.authorized = true;
|
||||||
} catch {
|
} catch {
|
||||||
return fail(res, "error.api.generic");
|
return fail(res, "error.api.generic");
|
||||||
|
|
Loading…
Reference in a new issue