nikitos-3000/AstralRinth
1
0
Fork 0
forked from didirus/AstralRinth
Code Pull Requests Activity

fix(labrinth): proper page view ingest URL origin filtering (#4344)

Browse Source
This commit is contained in:
Alejandro González
2025-09-11 01:38:27 +02:00
committed by GitHub
parent 58aac642a9
commit 9361acb78e
1 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
apps/labrinth/src/routes/analytics.rs
View File

@@ -69,17 +69,18 @@ pub async fn page_view_ingest(
let url = Url::parse(&url_input.url).map_err(|_| {
ApiError::InvalidInput("invalid page view URL specified!".to_string())
})?;
let domain = url.host_str().ok_or_else(|| {
ApiError::InvalidInput("invalid page view URL specified!".to_string())
})?;
let url_origin = url.origin().ascii_serialization();
let allowed_origins =
parse_strings_from_var("CORS_ALLOWED_ORIGINS").unwrap_or_default();
if !(domain.ends_with(".modrinth.com")
|| domain == "modrinth.com"
|| allowed_origins.contains(&"*".to_string()))
{
let is_valid_url_origin =
parse_strings_from_var("ANALYTICS_ALLOWED_ORIGINS")
.unwrap_or_default()
.iter()
.any(|origin| origin == "*" || url_origin == *origin);
if !is_valid_url_origin {
return Err(ApiError::InvalidInput(
"invalid page view URL specified!".to_string(),
));