mirror
/
wildebeest
kopia lustrzana https://github.com/cloudflare/wildebeest
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Return validation fails as errors w/ CORS headers

fix-missing-apps-verify_credentials-endpoint
Jorge Caballero (DataDrivenMD) 2023-02-21 13:46:19 -08:00
rodzic cf15dcc56e
commit 9392e2595c
1 zmienionych plików z 17 dodań i 16 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

33
functions/api/v1/apps.ts
Wyświetl plik

@ -1,5 +1,6 @@
import { ContextData } from 'wildebeest/backend/src/types/context'
import { cors } from 'wildebeest/backend/src/utils/cors'
import * as errors from 'wildebeest/backend/src/errors'
import type { JWK } from 'wildebeest/backend/src/webpush/jwk'
import type { Env } from 'wildebeest/backend/src/types/env'
import { createClient } from 'wildebeest/backend/src/mastodon/client'
@ -25,22 +26,22 @@ export async function handleRequest(db: D1Database, request: Request, vapidKeys:
const body: AppsPost = await readBody<AppsPost>(request)
// Parameter validation according to https://github.com/mastodon/mastodon/blob/main/app/lib/application_extension.rb
if ((body.client_name === undefined) || (body.client_name?.trim() === '')) {
return new Response('Unprocessable entity: client_name cannot be an empty string', { status: 422 })
} else if ((body.client_name?.length > 60)) {
return new Response('Unprocessable entity: client_name cannot exceed 60 characters', { status: 422 })
} else if ((body.redirect_uris === undefined) || (body.redirect_uris?.trim() === '')) {
return new Response('Unprocessable entity: redirect_uris cannot be an empty string', { status: 422 })
} else if ((body.redirect_uris?.length > 2000)) {
return new Response('Unprocessable entity: redirect_uris cannot exceed 2000 characters', { status: 422 })
} else if (body.redirect_uris !== 'urn:ietf:wg:oauth:2.0:oob') {
try {
new URL("", body.redirect_uris);
} catch {
return new Response('Unprocessable entity: redirect_uris must be a valid URI', { status: 422 })
}
}
// Parameter validation according to https://github.com/mastodon/mastodon/blob/main/app/lib/application_extension.rb
if (body.client_name === undefined || body.client_name?.trim() === '') {
return errors.unprocessableEntity('client_name cannot be an empty string')
} else if (body.client_name?.length > 60) {
return errors.unprocessableEntity('client_name cannot exceed 60 characters')
} else if (body.redirect_uris === undefined || body.redirect_uris?.trim() === '') {
return errors.unprocessableEntity('redirect_uris cannot be an empty string')
} else if (body.redirect_uris?.length > 2000) {
return errors.unprocessableEntity('redirect_uris cannot exceed 2000 characters')
} else if (body.redirect_uris !== 'urn:ietf:wg:oauth:2.0:oob') {
try {
new URL('', body.redirect_uris)
} catch {
return errors.unprocessableEntity('redirect_uris must be a valid URI')
}
}
const client = await createClient(db, body.client_name, body.redirect_uris, body.website, body.scopes)
const vapidKey = VAPIDPublicKey(vapidKeys)