From 450de36336e1a000c4178545d42652d1cf1b5700 Mon Sep 17 00:00:00 2001
From: ChrisChrome <christophercookman@gmail.com>
Date: Mon, 5 Aug 2024 15:33:30 -0600
Subject: [PATCH] Any roblos url

---
 index.js | 35 ++++++++++++++++++++++++-----------
 1 file changed, 24 insertions(+), 11 deletions(-)

diff --git a/index.js b/index.js
index e65bd04..ce3dccb 100644
--- a/index.js
+++ b/index.js
@@ -1,6 +1,10 @@
 const express = require('express');
 const axios = require('axios');
 
+const allowedDomains = [
+	"roblox.com"
+]
+
 const app = express();
 
 const rateLimit = require("express-rate-limit");
@@ -11,18 +15,27 @@ app.use(rateLimit({
 	keyGenerator: (req) => req.headers["x-forwarded-for"] || req.connection.remoteAddress,
 }));
 
-app.get("/*", (req, res) => {
-	// get the full path with arguments and proxy it to https://api.roblox.com/
-	const path = req.path;
-	const url = `https://apis.roblox.com${path}`;
-	console.log(`Proxying request to ${url}`);
-	// get the response from the url and send it back to the client
-	axios.get(url).then((response) => {
-		res.send(response.data);
+app.get("/:domain/*", (req, res) => {
+	// get the domain and the rest of the path+args
+	const domain = req.params.domain;
+	const path = req.params[0];
+	const args = req.query;
+	// Check that domain is equal or subdomain of allowedDomains
+	if (!allowedDomains.some((allowedDomain) => domain.endsWith(allowedDomain))) {
+		res.status(403).send("Domain not allowed");
+		return;
+	}
+
+	// Make the request
+	axios.get(`https://${domain}/${path}`, {
+		params: args
+	}).then((response) => {
+		// Send the response back
+		res.status(response.status).send(response.data);
 	}).catch((error) => {
-		res.status(500).send(error);
-	})
-	
+		// Send the error back
+		res.status(error.response.status).send(error.response.data);
+	});	
 });
 
 const port = process.env.SERVER_PORT || 3000;