wisecolt/imgPub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

API güvenliği sağlandı

Browse Source
This commit is contained in:
sbilketay
2025-11-17 19:29:33 +03:00
parent b581df0774
commit 1949aefdf0
4 changed files with 60 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
server/index.js
View File

@@ -27,7 +27,32 @@ const __dirname = dirname(fileURLToPath(import.meta.url));
const app = express();
const PORT = process.env.PORT || 4000;
const ORIGIN = process.env.CLIENT_ORIGIN || 'http://localhost:5173';
const allowedOrigins = ORIGIN.split(',').map((origin) => origin.trim());
const allowedOrigins = ORIGIN.split(',').map((origin) => origin.trim()).filter(Boolean);
const normalizeOrigin = (value = '') => {
try {
return new URL(value).origin;
} catch (error) {
return value.replace(/\/$/, '');
}
};
const trustedOrigins = allowedOrigins.map(normalizeOrigin).filter(Boolean);
const enforceClientOrigin = (req, res, next) => {
if (!trustedOrigins.length) {
return next();
}
const header = req.get('origin') || req.get('referer');
if (!header) {
return res.status(403).json({ message: 'Bu istemciye izin verilmiyor.' });
}
const requestOrigin = normalizeOrigin(header);
if (!requestOrigin || !trustedOrigins.includes(requestOrigin)) {
return res.status(403).json({ message: 'Bu istemciye izin verilmiyor.' });
}
return next();
};
const USERS_TABLE = process.env.SUPABASE_USERS_TABLE || 'users';
const JWT_SECRET = process.env.JWT_SECRET;
@@ -85,6 +110,7 @@ const authMiddleware = (req, res, next) => {
};
const authRouter = express.Router();
authRouter.use(enforceClientOrigin);
authRouter.post('/register', async (req, res) => {
const { name, email, password } = req.body || {};
@@ -256,7 +282,7 @@ authRouter.post('/forgot-password', async (req, res) => {
app.use('/auth', authRouter);
app.post('/translate', async (req, res) => {
app.post('/translate', authMiddleware, async (req, res) => {
const { text } = req.body || {};
if (!text || !text.trim()) {
return res.status(400).json({ message: 'Çevrilecek metin bulunamadı.' });
@@ -273,7 +299,7 @@ app.post('/translate', async (req, res) => {
}
});
app.post('/generate-epub', async (req, res) => {
app.post('/generate-epub', authMiddleware, async (req, res) => {
const { text, meta, cover } = req.body || {};
if (!text || !text.trim()) {
return res.status(400).json({ message: 'text is required' });