blitzwing/cobalt-7
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

api: move accept header check into handler, simplify error handling (#614)

Browse source
This commit is contained in:
dumbmoron 2024-07-24 17:27:26 +02:00 committed by GitHub
parent b516033f09
commit 85e376bffd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 15 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
src/core/api.js
View file

@ -26,7 +26,7 @@ const corsConfig = env.corsWildcard ? {} : {
export function runAPI(express, app, gitCommit, gitBranch, __dirname) { export function runAPI(express, app, gitCommit, gitBranch, __dirname) {
const startTime = new Date(); const startTime = new Date();
const startTimestamp = startTime.getTime(); const startTimestamp = startTime.getTime();
const serverInfo = { const serverInfo = {
version: version, version: version,
commit: gitCommit, commit: gitCommit,
@ -81,38 +81,23 @@ export function runAPI(express, app, gitCommit, gitBranch, __dirname) {
app.use((req, res, next) => { app.use((req, res, next) => {
try { try {
decodeURIComponent(req.path) decodeURIComponent(req.path)
} catch { } catch {
return res.redirect('/') return res.redirect('/')
} }
next(); next();
}) })
app.use('/api/json', express.json({ app.use('/api/json', express.json({ limit: 1024 }));
verify: (req, res, buf) => { app.use('/api/json', (err, _, res, next) => {
if (String(req.header('Accept')) === "application/json") { if (err) {
if (buf.length > 720) throw new Error();
JSON.parse(buf);
} else {
throw new Error();
}
}
}))
// handle express.json errors properly (https://github.com/expressjs/express/issues/4065)
app.use('/api/json', (err, req, res, next) => {
let errorText = "invalid json body";
const acceptHeader = String(req.header('Accept')) !== "application/json";
if (err || acceptHeader) {
if (acceptHeader) errorText = "invalid accept header";
return res.status(400).json({ return res.status(400).json({
status: "error", status: "error",
text: errorText text: "invalid json body"
}); });
} else {
next();
} }
})
next();
});
app.post('/api/json', async (req, res) => { app.post('/api/json', async (req, res) => {
const request = req.body; const request = req.body;
@ -123,6 +108,10 @@ export function runAPI(express, app, gitCommit, gitBranch, __dirname) {
res.status(status).json(body); res.status(status).json(body);
} }
if (!acceptRegex.test(req.header('Accept'))) {
return fail('ErrorInvalidAcceptHeader');
}
if (!acceptRegex.test(req.header('Content-Type'))) { if (!acceptRegex.test(req.header('Content-Type'))) {
return fail('ErrorInvalidContentType'); return fail('ErrorInvalidContentType');
} }

3
src/localization/languages/en.json
View file

@ -159,6 +159,7 @@
"UpdateOneMillion": "1 million users and blazing speed", "UpdateOneMillion": "1 million users and blazing speed",
"ErrorYTAgeRestrict": "this youtube video is age-restricted, so i can't see it. try another one!", "ErrorYTAgeRestrict": "this youtube video is age-restricted, so i can't see it. try another one!",
"ErrorYTLogin": "couldn't get this youtube video because it requires an account to view.\n\nthis limitation is done by google to seemingly stop scraping, affecting all 3rd party tools and even their own clients.\n\ntry again, but if issue persists, {ContactLink}.", "ErrorYTLogin": "couldn't get this youtube video because it requires an account to view.\n\nthis limitation is done by google to seemingly stop scraping, affecting all 3rd party tools and even their own clients.\n\ntry again, but if issue persists, {ContactLink}.",
"ErrorYTRateLimit": "i got rate limited by youtube. try again in a few seconds, but if issue persists, {ContactLink}." "ErrorYTRateLimit": "i got rate limited by youtube. try again in a few seconds, but if issue persists, {ContactLink}.",
"ErrorInvalidAcceptHeader": "invalid accept header"
} }
} }