DataHearth
/
tech-bot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases Activity

fix infinite loop on invalid origin

This commit is contained in:
DataHearth 2023-08-09 16:22:52 +02:00
parent 47e7baa4d5
commit 89f8133da4
No known key found for this signature in database
GPG Key ID: E88FD356ACC5F3C4
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
frontend/src/app.d.ts vendored
View File

@ -2,7 +2,11 @@
// for information about these interfaces // for information about these interfaces
declare global { declare global {
namespace App { namespace App {
// interface Error {} // interface Error {
// status: number;
// message: string;
// }
interface Locals { interface Locals {
session: boolean; session: boolean;
} }

6
frontend/src/hooks.server.ts
View File

@ -1,6 +1,6 @@
import { env } from '$env/dynamic/private'; import { env } from '$env/dynamic/private';
import type { OAuth2Response } from '$lib/types'; import type { OAuth2Response } from '$lib/types';
import { redirect, type Handle } from '@sveltejs/kit'; import { error, redirect, type Handle } from '@sveltejs/kit';
import { sequence } from '@sveltejs/kit/hooks'; import { sequence } from '@sveltejs/kit/hooks';
const protectedRoutes = ['/']; const protectedRoutes = ['/'];
@ -55,8 +55,8 @@ const handleAuth: Handle = async ({ resolve, event }) => {
} else if (event.locals.session) return await resolve(event); } else if (event.locals.session) return await resolve(event);
if (event.url.origin !== env.ORIGIN) { if (event.url.origin !== env.ORIGIN) {
console.error(`invalid origin: ${event.url.origin}`); console.error(`invalid origin. ${event.url.origin}`);
throw redirect(303, '/login'); throw error(403, 'invalid origin');
} }
if (event.url.pathname === '/auth/discord') { if (event.url.pathname === '/auth/discord') {