From f10df31f5c9b99300a54a1c45d45269a96a16a92 Mon Sep 17 00:00:00 2001 From: Umimaso Date: Sat, 19 Jun 2021 14:50:11 +0100 Subject: feat: add widget endpoints Implemented the four widget related endpoints of the api. Partial user object being returned as part of the widget.json endpoint [1] is an intentional choice related to privacy [2]. The widget.json endpoint will require additional changes upon completion of other work. Member details will need to return extra key/values for connected users to voice channels. An additional avatar_url value will hold an unique avatar url for the user + guild, fetched via a CDN endpoint widget-avatars. New dependencies `canvas` and `image-size`. Canvas is used to create the widget.png endpoint image [3]. Image-size is used to set the canvas' size to match the widget template images. Use regex in determining if a NO_AUTHORIZATION_ROUTES is hit or not. [1] https://discord.com/developers/docs/resources/guild#get-guild-widget [2] https://github.com/discord/discord-api-docs/issues/1287 [3] https://discord.com/developers/docs/resources/guild#get-guild-widget-image Closes: #9, #110 --- src/middlewares/Authentication.ts | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'src/middlewares/Authentication.ts') diff --git a/src/middlewares/Authentication.ts b/src/middlewares/Authentication.ts index 630a45ff..b53632a8 100644 --- a/src/middlewares/Authentication.ts +++ b/src/middlewares/Authentication.ts @@ -3,11 +3,12 @@ import { HTTPError } from "lambert-server"; import { checkToken, Config } from "@fosscord/server-util"; export const NO_AUTHORIZATION_ROUTES = [ - "/api/v8/auth/login", - "/api/v8/auth/register", - "/api/v8/webhooks/", - "/api/v8/gateway", - "/api/v8/experiments" + /^\/api\/v8\/auth\/login/, + /^\/api\/v8\/auth\/register/, + /^\/api\/v8\/webhooks\//, + /^\/api\/v8\/gateway/, + /^\/api\/v8\/experiments/, + /^\/api(\/v\d+)?\/guilds\/\d+\/widget\.(json|png)/ ]; declare global { @@ -22,7 +23,7 @@ declare global { export async function Authentication(req: Request, res: Response, next: NextFunction) { if (!req.url.startsWith("/api")) return next(); if (req.url.startsWith("/api/v8/invites") && req.method === "GET") return next(); - if (NO_AUTHORIZATION_ROUTES.some((x) => req.url.startsWith(x))) return next(); + if (NO_AUTHORIZATION_ROUTES.some((x) => x.test(req.url))) return next(); if (!req.headers.authorization) return next(new HTTPError("Missing Authorization Header", 401)); try { -- cgit 1.5.1