myxelium/Toju
1
0
Fork 0
Code Issues 14 Pull Requests Actions Packages Projects 2 Releases 36 Wiki Activity

feat: Security

Browse Source
This commit is contained in:
SocksOnHead
2026-06-05 18:34:01 +02:00
parent ee293d7daf
commit 45675192a5
134 changed files with 4128 additions and 446 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
server/src/config/variables.ts
View File

@@ -23,6 +23,7 @@ export interface ServerVariablesConfig {
serverProtocol: ServerHttpProtocol;
serverHost: string;
serverTag: string;
corsAllowlist: string[];
linkPreview: LinkPreviewConfig;
openApiDocs: OpenApiDocsConfig;
}
@@ -113,6 +114,17 @@ function normalizeLinkPreviewConfig(value: unknown): LinkPreviewConfig {
return { enabled, cacheTtlMinutes: cacheTtl, maxCacheSizeMb: maxSize };
}
function normalizeCorsAllowlist(value: unknown): string[] {
if (!Array.isArray(value)) {
return [];
}
return value
.filter((entry): entry is string => typeof entry === 'string')
.map((entry) => entry.trim())
.filter((entry) => entry.length > 0);
}
function normalizeOpenApiDocsConfig(value: unknown): OpenApiDocsConfig {
const raw = (value && typeof value === 'object' && !Array.isArray(value))
? value as Record<string, unknown>
@@ -169,6 +181,7 @@ export function ensureVariablesConfig(): ServerVariablesConfig {
serverProtocol: normalizeServerProtocol(remainingParsed.serverProtocol),
serverHost: normalizeServerHost(remainingParsed.serverHost ?? legacyServerIpAddress),
serverTag: normalizeServerTag(remainingParsed.serverTag),
corsAllowlist: normalizeCorsAllowlist(remainingParsed.corsAllowlist),
linkPreview: normalizeLinkPreviewConfig(remainingParsed.linkPreview),
openApiDocs: normalizeOpenApiDocsConfig(remainingParsed.openApiDocs)
};
@@ -186,11 +199,23 @@ export function ensureVariablesConfig(): ServerVariablesConfig {
serverProtocol: normalized.serverProtocol,
serverHost: normalized.serverHost,
serverTag: normalized.serverTag,
corsAllowlist: normalized.corsAllowlist,
linkPreview: normalized.linkPreview,
openApiDocs: normalized.openApiDocs
};
}
export function getCorsAllowlist(): string[] {
if (hasEnvironmentOverride(process.env.CORS_ALLOWLIST)) {
return (process.env.CORS_ALLOWLIST ?? '')
.split(',')
.map((entry) => entry.trim())
.filter((entry) => entry.length > 0);
}
return getVariablesConfig().corsAllowlist;
}
export function getVariablesConfig(): ServerVariablesConfig {
return ensureVariablesConfig();
}