summary refs log tree commit diff
diff options
context:
space:
mode:
authorFlam3rboy <34555296+Flam3rboy@users.noreply.github.com>2021-06-26 19:48:20 +0200
committerFlam3rboy <34555296+Flam3rboy@users.noreply.github.com>2021-06-26 19:48:20 +0200
commit9b59296af54be75536277290fd22cfc296f5ac4c (patch)
treea266342be4d4fc822d3ff6d1fd2ffa50b63f5523
parentMerge pull request #161 from fosscord/l10n_master (diff)
downloadserver-9b59296af54be75536277290fd22cfc296f5ac4c.tar.xz
:bug: fix CORS
Diffstat
-rw-r--r--src/middlewares/CORS.ts3


-rw-r--r--src/routes/auth/register.ts1


-rw-r--r--src/routes/users/@me/index.ts4


3 files changed, 5 insertions, 3 deletions
diff --git a/src/middlewares/CORS.ts b/src/middlewares/CORS.ts

index 88e90a4b..49470611 100644
--- a/src/middlewares/CORS.ts
+++ b/src/middlewares/CORS.ts
@@ -4,12 +4,13 @@ import { NextFunction, Request, Response } from "express";
 
 export function CORS(req: Request, res: Response, next: NextFunction) {
 	res.set("Access-Control-Allow-Origin", "*");
-	// TODO: use securer CSP policy
+	// TODO: use better CSP policy
 	res.set(
 		"Content-security-policy",
 		"default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';"
 	);
 	res.set("Access-Control-Allow-Headers", req.header("Access-Control-Request-Headers") || "*");
+	res.set("Access-Control-Allow-Methods", req.header("Access-Control-Request-Methods") || "*");
 
 	next();
 }
diff --git a/src/routes/auth/register.ts b/src/routes/auth/register.ts

index 50bac43a..49a3bd6c 100644
--- a/src/routes/auth/register.ts
+++ b/src/routes/auth/register.ts
@@ -34,6 +34,7 @@ router.post(
 			gift_code_sku_id, // ? what is this
 			captcha_key
 		} = req.body;
+		console.log("register", req.body.email, req.body.username, req.headers["cf-connecting-ip"]);
 		// TODO: automatically join invite
 		// TODO: gift_code_sku_id?
 		// TODO: check password strength
diff --git a/src/routes/users/@me/index.ts b/src/routes/users/@me/index.ts

index df477ef1..68196afe 100644
--- a/src/routes/users/@me/index.ts
+++ b/src/routes/users/@me/index.ts
@@ -1,5 +1,5 @@
 import { Router, Request, Response } from "express";
-import { UserModel, toObject } from "@fosscord/server-util";
+import { UserModel, toObject, PublicUserProjection } from "@fosscord/server-util";
 import { HTTPError } from "lambert-server";
 import { getPublicUser } from "../../../util/User";
 import { UserModifySchema } from "../../../schema/User";
@@ -28,7 +28,7 @@ router.patch("/", check(UserModifySchema), async (req: Request, res: Response) =
 		}
 	}
 
-	const user = await UserModel.findOneAndUpdate({ id: req.user_id }, body).exec();
+	const user = await UserModel.findOneAndUpdate({ id: req.user_id }, body, { projection: PublicUserProjection }).exec();
 	// TODO: dispatch user update event
 
 	res.json(toObject(user));

 

generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-07-20 03:43:46 +0000