KCA/Proxy
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Add more protections

Browse source
This commit is contained in:
Christopher Cookman 2024-08-05 15:43:41 -06:00
parent 450de36336
commit aad45b338e
Signed by: ChrisChrome
GPG key ID: A023A26E42C33A42
1 changed files with 17 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
index.js
View file

@ -20,12 +20,17 @@ app.get("/:domain/*", (req, res) => {
const domain = req.params.domain;
const path = req.params[0];
const args = req.query;
// Check that domain is equal or subdomain of allowedDomains
if (!allowedDomains.some((allowedDomain) => domain.endsWith(allowedDomain))) {
res.status(403).send("Domain not allowed");
return;
// If domain has any characters that arent alphanumeric, a period, or -, return 400
if (!/^[a-zA-Z0-9.-]+$/.test(domain)) {
return res.status(400).send("Invalid domain");
}
// Check if domain is valid subdomain of allowedDomains
if (!allowedDomains.some((allowedDomain) => domain.endsWith(allowedDomain))) {
return res.status(400).send("Invalid domain");
}
// Make the request
axios.get(`https://${domain}/${path}`, {
params: args
@ -34,10 +39,18 @@ app.get("/:domain/*", (req, res) => {
res.status(response.status).send(response.data);
}).catch((error) => {
// Send the error back
if (!error.response) {
return res.status(500).send("An error occurred");
}
res.status(error.response.status).send(error.response.data);
});
});
app.get("/:domain", (req, res) => {
// redirect them to /:domain/
res.redirect(`/${req.params.domain}/`);
})
const port = process.env.SERVER_PORT || 3000;
app.listen(port, () => {
console.log(`Server is running on port ${port}`);