From b278e94fe4ab9d3c48c0064183fb3d2b4c55d348 Mon Sep 17 00:00:00 2001 From: Henry Date: Thu, 23 May 2024 15:32:42 +0100 Subject: [PATCH] add regex check for auth middleware --- packages/server/src/index.ts | 4 ++-- packages/server/src/utils/logger.ts | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/server/src/index.ts b/packages/server/src/index.ts index 36bfd3d1f06..7cbe5968674 100644 --- a/packages/server/src/index.ts +++ b/packages/server/src/index.ts @@ -140,8 +140,8 @@ export class App { '/api/v1/ip' ] this.app.use((req, res, next) => { - if (req.url.includes('/api/v1/')) { - whitelistURLs.some((url) => req.url.includes(url)) ? next() : basicAuthMiddleware(req, res, next) + if (/\/api\/v1\//i.test(req.url)) { + whitelistURLs.some((url) => new RegExp(url, 'i').test(req.url)) ? next() : basicAuthMiddleware(req, res, next) } else next() }) } diff --git a/packages/server/src/utils/logger.ts b/packages/server/src/utils/logger.ts index 839f1ad74f8..c9d8cc72806 100644 --- a/packages/server/src/utils/logger.ts +++ b/packages/server/src/utils/logger.ts @@ -57,8 +57,8 @@ const logger = createLogger({ * this.app.use(expressRequestLogger) */ export function expressRequestLogger(req: Request, res: Response, next: NextFunction): void { - const unwantedLogURLs = ['/api/v1/node-icon/'] - if (req.url.includes('/api/v1/') && !unwantedLogURLs.some((url) => req.url.includes(url))) { + const unwantedLogURLs = ['/api/v1/node-icon/', '/api/v1/components-credentials-icon/'] + if (/\/api\/v1\//i.test(req.url) && !unwantedLogURLs.some((url) => new RegExp(url, 'i').test(req.url))) { const fileLogger = createLogger({ format: combine(timestamp({ format: 'YYYY-MM-DD HH:mm:ss' }), format.json(), errors({ stack: true })), defaultMeta: {