summary refs log tree commit diff
path: root/src/middlewares
diff options
context:
space:
mode:
authorUmimaso <git@umimaso.com>2021-06-19 14:50:11 +0100
committerUmimaso <git@umimaso.com>2021-06-19 14:50:11 +0100
commitf10df31f5c9b99300a54a1c45d45269a96a16a92 (patch)
tree339f2be44bf57142c46c7c706bfa50e1e0e0a41b /src/middlewares
parent:sparkles: Guild invites (diff)
downloadserver-f10df31f5c9b99300a54a1c45d45269a96a16a92.tar.xz
feat: add widget endpoints
Implemented the four widget related endpoints of the api. Partial user
object being returned as part of the widget.json endpoint [1] is an
intentional choice related to privacy [2].

The widget.json endpoint will require additional changes upon completion
of other work. Member details will need to return extra key/values for
connected users to voice channels. An additional avatar_url value will
hold an unique avatar url for the user + guild, fetched via a CDN
endpoint widget-avatars.

New dependencies `canvas` and `image-size`. Canvas is used to create the
widget.png endpoint image [3]. Image-size is used to set the canvas'
size to match the widget template images.

Use regex in determining if a NO_AUTHORIZATION_ROUTES is hit or not.

[1] https://discord.com/developers/docs/resources/guild#get-guild-widget
[2] https://github.com/discord/discord-api-docs/issues/1287
[3] https://discord.com/developers/docs/resources/guild#get-guild-widget-image

Closes: #9, #110
Diffstat (limited to 'src/middlewares')
-rw-r--r--src/middlewares/Authentication.ts13
1 files changed, 7 insertions, 6 deletions
diff --git a/src/middlewares/Authentication.ts b/src/middlewares/Authentication.ts

index 630a45ff..b53632a8 100644
--- a/src/middlewares/Authentication.ts
+++ b/src/middlewares/Authentication.ts
@@ -3,11 +3,12 @@ import { HTTPError } from "lambert-server";
 import { checkToken, Config } from "@fosscord/server-util";
 
 export const NO_AUTHORIZATION_ROUTES = [
-	"/api/v8/auth/login",
-	"/api/v8/auth/register",
-	"/api/v8/webhooks/",
-	"/api/v8/gateway",
-	"/api/v8/experiments"
+	/^\/api\/v8\/auth\/login/,
+	/^\/api\/v8\/auth\/register/,
+	/^\/api\/v8\/webhooks\//,
+	/^\/api\/v8\/gateway/,
+	/^\/api\/v8\/experiments/,
+	/^\/api(\/v\d+)?\/guilds\/\d+\/widget\.(json|png)/
 ];
 
 declare global {
@@ -22,7 +23,7 @@ declare global {
 export async function Authentication(req: Request, res: Response, next: NextFunction) {
 	if (!req.url.startsWith("/api")) return next();
 	if (req.url.startsWith("/api/v8/invites") && req.method === "GET") return next();
-	if (NO_AUTHORIZATION_ROUTES.some((x) => req.url.startsWith(x))) return next();
+	if (NO_AUTHORIZATION_ROUTES.some((x) => x.test(req.url))) return next();
 	if (!req.headers.authorization) return next(new HTTPError("Missing Authorization Header", 401));
 
 	try {
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-07-24 01:22:41 +0000