Skip to content

Commit

Permalink
chore(dcellar-web-ui): just for test
Browse files Browse the repository at this point in the history
  • Loading branch information
devinxl committed Apr 10, 2024
1 parent 847b10d commit e965df8
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 0 deletions.
2 changes: 2 additions & 0 deletions apps/dcellar-web-ui/src/pages/api/bill_monthly/[[...slug]].ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ import { NextApiRequest, NextApiResponse } from 'next';
import qs from 'query-string';

const handler = async (req: NextApiRequest, res: NextApiResponse) => {
console.error('req.headers.referer', req.headers.referer);
console.error('ALLOWED_DOMAINS', ALLOWED_DOMAINS);
if (!isRefererAllowed(req.headers.referer || '', ALLOWED_DOMAINS)) {
res.status(403).json({ message: 'Forbidden' });
}
Expand Down
8 changes: 8 additions & 0 deletions apps/dcellar-web-ui/src/utils/req.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
const validLocalhostDomains: readonly string[] = ['localhost', '127.0.0.1', '::1'];

export function isRefererAllowed(referrerURL: string, allowedDomainList: string): boolean {
console.log('referrerURL:', referrerURL);
if (!referrerURL) {
return false;
}
Expand All @@ -11,5 +12,12 @@ export function isRefererAllowed(referrerURL: string, allowedDomainList: string)
.map((domain) => domain.trim())
.concat(validLocalhostDomains);

console.error('domain:', domain);
console.error('domains:', domains);
console.error(
'domains.some:',
domains.some((allowedDomain) => domain.endsWith(allowedDomain)),
);

return domains.some((allowedDomain) => domain.endsWith(allowedDomain));
}

0 comments on commit e965df8

Please sign in to comment.