steve
/
sunrise-cms
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

include record pages as safe redirects

deepsource-autofix-76c6eb20
Dan Gowans 2022-09-09 13:34:47 -04:00
parent bcddcdc689
commit 7e875920e0
2 changed files with 43 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
routes/login.js
View File

@ -3,21 +3,31 @@ import * as configFunctions from "../helpers/functions.config.js";
import * as authenticationFunctions from "../helpers/functions.authentication.js"; import * as authenticationFunctions from "../helpers/functions.authentication.js";
import { useTestDatabases } from "../data/databasePaths.js"; import { useTestDatabases } from "../data/databasePaths.js";
export const router = Router(); export const router = Router();
const safeRedirects = [
"/admin/fees",
"/admin/occupancytypes",
"/admin/tables",
"/lotoccupancies",
"/lotoccupancies/new",
"/lots",
"/lots/new",
"/maps",
"/maps/new",
"/workorders",
"/workorders/new",
"/reports"
];
const getSafeRedirectURL = (possibleRedirectURL = "") => { const getSafeRedirectURL = (possibleRedirectURL = "") => {
const urlPrefix = configFunctions.getProperty("reverseProxy.urlPrefix"); const urlPrefix = configFunctions.getProperty("reverseProxy.urlPrefix");
if (typeof possibleRedirectURL === "string") { if (typeof possibleRedirectURL === "string") {
const urlToCheck = (possibleRedirectURL.startsWith(urlPrefix) const urlToCheck = (possibleRedirectURL.startsWith(urlPrefix)
? possibleRedirectURL.slice(urlPrefix.length) ? possibleRedirectURL.slice(urlPrefix.length)
: possibleRedirectURL).toLowerCase(); : possibleRedirectURL).toLowerCase();
switch (urlToCheck) { if (safeRedirects.includes(urlToCheck) ||
case "/admin/fees": /^(\/maps\/)\d+(\/edit)?$/.test(urlToCheck) ||
case "/admin/occupancyTypes": /^(\/lots\/)\d+(\/edit)?$/.test(urlToCheck) ||
case "/admin/tables": /^(\/lotoccupancies\/)\d+(\/edit)?$/.test(urlToCheck) ||
case "/lotOccupancies": /^(\/workorders\/)\d+(\/edit)?$/.test(urlToCheck)) {
case "/lots":
case "/maps":
case "/workOrders":
case "/reports":
return urlPrefix + urlToCheck; return urlPrefix + urlToCheck;
} }
} }

31
routes/login.ts
View File

@ -10,6 +10,21 @@ import type * as recordTypes from "../types/recordTypes";
export const router = Router(); export const router = Router();
const safeRedirects = [
"/admin/fees",
"/admin/occupancytypes",
"/admin/tables",
"/lotoccupancies",
"/lotoccupancies/new",
"/lots",
"/lots/new",
"/maps",
"/maps/new",
"/workorders",
"/workorders/new",
"/reports"
];
const getSafeRedirectURL = (possibleRedirectURL = "") => { const getSafeRedirectURL = (possibleRedirectURL = "") => {
const urlPrefix = configFunctions.getProperty("reverseProxy.urlPrefix"); const urlPrefix = configFunctions.getProperty("reverseProxy.urlPrefix");
@ -20,15 +35,13 @@ const getSafeRedirectURL = (possibleRedirectURL = "") => {
: possibleRedirectURL : possibleRedirectURL
).toLowerCase(); ).toLowerCase();
switch (urlToCheck) { if (
case "/admin/fees": safeRedirects.includes(urlToCheck) ||
case "/admin/occupancyTypes": /^(\/maps\/)\d+(\/edit)?$/.test(urlToCheck) ||
case "/admin/tables": /^(\/lots\/)\d+(\/edit)?$/.test(urlToCheck) ||
case "/lotOccupancies": /^(\/lotoccupancies\/)\d+(\/edit)?$/.test(urlToCheck) ||
case "/lots": /^(\/workorders\/)\d+(\/edit)?$/.test(urlToCheck)
case "/maps": ) {
case "/workOrders":
case "/reports":
return urlPrefix + urlToCheck; return urlPrefix + urlToCheck;
} }
} }