2927013a6d
- Updated `.env` and added `.env.test` for environment variables. - Introduced API documentation in `API_DOCUMENTATION.md`. - Added authentication setup guide in `AUTHENTICATION_SETUP.md`. - Implemented user authentication with JWT and email verification. - Created new routes for user management and form submissions. - Added middleware for API key authentication and error handling. - Set up Redis for rate limiting and notifications. - Removed obsolete files and configurations related to the previous Rust implementation.
49 lines
1.2 KiB
JavaScript
49 lines
1.2 KiB
JavaScript
const domainChecker = async (req, res, next) => {
|
|
const formUuid = req.params.formUuid;
|
|
const referer = req.headers.referer || req.headers.origin;
|
|
|
|
try {
|
|
const [rows] = await req.db.query(
|
|
"SELECT allowed_domains FROM forms WHERE uuid = ?",
|
|
[formUuid]
|
|
);
|
|
|
|
if (rows.length === 0) {
|
|
return res.status(404).json({ error: "Form not found" });
|
|
}
|
|
|
|
const form = rows[0];
|
|
|
|
// If no domains are specified or it's empty/null, allow all
|
|
if (!form.allowed_domains || form.allowed_domains.trim() === "") {
|
|
return next();
|
|
}
|
|
|
|
const allowedDomains = form.allowed_domains.split(",").map((d) => d.trim());
|
|
|
|
if (!referer) {
|
|
return res.status(403).json({ error: "Referer header is required" });
|
|
}
|
|
|
|
const refererUrl = new URL(referer);
|
|
const isAllowed = allowedDomains.some(
|
|
(domain) =>
|
|
refererUrl.hostname === domain ||
|
|
refererUrl.hostname.endsWith("." + domain)
|
|
);
|
|
|
|
if (!isAllowed) {
|
|
return res
|
|
.status(403)
|
|
.json({ error: "Submission not allowed from this domain" });
|
|
}
|
|
|
|
next();
|
|
} catch (error) {
|
|
console.error("Domain check error:", error);
|
|
res.status(500).json({ error: "Internal server error" });
|
|
}
|
|
};
|
|
|
|
module.exports = domainChecker;
|