diff --git a/src/middlewares/Authentication.ts b/src/middlewares/Authentication.ts
index 050c427f..630a45ff 100644
--- a/src/middlewares/Authentication.ts
+++ b/src/middlewares/Authentication.ts
@@ -1,14 +1,13 @@
import { NextFunction, Request, Response } from "express";
import { HTTPError } from "lambert-server";
-import { checkToken } from "@fosscord/server-util";
-import * as Config from "../util/Config"
+import { checkToken, Config } from "@fosscord/server-util";
export const NO_AUTHORIZATION_ROUTES = [
"/api/v8/auth/login",
"/api/v8/auth/register",
"/api/v8/webhooks/",
"/api/v8/gateway",
- "/api/v8/experiments",
+ "/api/v8/experiments"
];
declare global {
@@ -25,11 +24,9 @@ export async function Authentication(req: Request, res: Response, next: NextFunc
if (req.url.startsWith("/api/v8/invites") && req.method === "GET") return next();
if (NO_AUTHORIZATION_ROUTES.some((x) => req.url.startsWith(x))) return next();
if (!req.headers.authorization) return next(new HTTPError("Missing Authorization Header", 401));
- // TODO: check if user is banned/token expired
try {
-
- const { jwtSecret } = Config.apiConfig.getAll().security;
+ const { jwtSecret } = Config.get().security;
const decoded: any = await checkToken(req.headers.authorization, jwtSecret);
diff --git a/src/middlewares/CORS.ts b/src/middlewares/CORS.ts
index e6cc5544..88e90a4b 100644
--- a/src/middlewares/CORS.ts
+++ b/src/middlewares/CORS.ts
@@ -9,7 +9,7 @@ export function CORS(req: Request, res: Response, next: NextFunction) {
"Content-security-policy",
"default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';"
);
- res.set("Access-Control-Allow-Headers", req.header("Access-Control-Request-Headers"));
+ res.set("Access-Control-Allow-Headers", req.header("Access-Control-Request-Headers") || "*");
next();
}
diff --git a/src/middlewares/GlobalRateLimit.ts b/src/middlewares/GlobalRateLimit.ts
index 38098981..7260d1a2 100644
--- a/src/middlewares/GlobalRateLimit.ts
+++ b/src/middlewares/GlobalRateLimit.ts
@@ -1,6 +1,5 @@
import { NextFunction, Request, Response } from "express";
-import * as Config from '../util/Config'
-import crypto from "crypto";
+import { Config } from "@fosscord/server-util";
// TODO: use mongodb ttl index
// TODO: increment count on serverside
@@ -44,7 +43,7 @@ export async function GlobalRateLimit(req: Request, res: Response, next: NextFun
}
export function getIpAdress(req: Request): string {
- const { forwadedFor } = Config.apiConfig.getAll().security;
+ const { forwadedFor } = Config.get().security;
const ip = forwadedFor ? <string>req.headers[forwadedFor] : req.ip;
return ip.replaceAll(".", "_").replaceAll(":", "_");
}
|
