trafficlunar/tomodachi-share
1
0
Fork 0
mirror of https://github.com/trafficlunar/tomodachi-share.git synced 2026-05-13 21:27:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: prevent people from going to login and submit without sufficient session

Browse source 
also fix build errors for the 1000th time
This commit is contained in:
trafficlunar 2026-04-17 18:34:56 +01:00
parent 3e87d263da
commit 9795849830
3 changed files with 17 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
frontend/src/pages/login.tsx
View file

@ -1,13 +1,11 @@
import { Icon } from "@iconify/react"; import { Icon } from "@iconify/react";
import { useStore } from "@nanostores/react"; import { useStore } from "@nanostores/react";
import { Link, useNavigate } from "react-router"; import { Link, Navigate } from "react-router";
import { session } from "../session"; import { session } from "../session";
export default function LoginPage() { export default function LoginPage() {
const navigate = useNavigate();
const $session = useStore(session); const $session = useStore(session);
if ($session) return <Navigate to="/" replace />;
if ($session) navigate("/");
const API_URL = import.meta.env.VITE_API_URL; const API_URL = import.meta.env.VITE_API_URL;

17
frontend/src/pages/out.tsx
View file

@ -6,20 +6,29 @@ export default function LinkOutPage() {
const [searchParams] = useSearchParams(); const [searchParams] = useSearchParams();
const url = searchParams.get("url"); const url = searchParams.get("url");
if (!url || Array.isArray(url)) navigate("/"); if (!url) {
navigate("/");
return null;
}
let parsed: URL; let parsed: URL;
try { try {
parsed = new URL(url); parsed = new URL(url);
} catch { } catch {
navigate("/"); // redirect if URL is invalid navigate("/"); // redirect if URL is invalid
return null;
} }
// Next.js doesn't allow attacks like these but you can never be too safe if (!["http:", "https:"].includes(parsed.protocol)) {
if (!["http:", "https:"].includes(parsed.protocol)) navigate("/"); navigate("/");
return null;
}
const isSafe = Array.from(SAFE_LINKS).some((domain) => parsed.hostname === domain || parsed.hostname.endsWith(`.${domain}`)); const isSafe = Array.from(SAFE_LINKS).some((domain) => parsed.hostname === domain || parsed.hostname.endsWith(`.${domain}`));
if (isSafe) navigate(url); if (isSafe) {
navigate(url);
return null;
}
return ( return (
<div className="grow flex items-center justify-center"> <div className="grow flex items-center justify-center">

6
frontend/src/pages/submit.tsx
View file

@ -1,12 +1,10 @@
import { useStore } from "@nanostores/react"; import { useStore } from "@nanostores/react";
import SubmitForm from "../components/submit-form"; import SubmitForm from "../components/submit-form";
import { session } from "../session"; import { session } from "../session";
import { useNavigate } from "react-router"; import { Navigate } from "react-router";
export default function SubmitPage() { export default function SubmitPage() {
const navigate = useNavigate();
const $session = useStore(session); const $session = useStore(session);
if (!$session) return <Navigate to="/login" replace />;
if (!$session) navigate("/login");
return <SubmitForm />; return <SubmitForm />;
} }