gitadmin/freeCodeCamp
1
0
Fork 0
mirror of https://github.com/freeCodeCamp/freeCodeCamp.git synced 2026-05-28 18:26:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(api): use reject user-agents early (#55491)

Browse Source
This commit is contained in:
Oliver Eyton-Williams
2024-07-12 18:03:30 +02:00
committed by GitHub
parent ca60b5e81d
commit b45a88d6db
2 changed files with 26 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api/src/routes/user.test.ts
+11
View File
@@ -1227,6 +1227,17 @@ Thanks and regards,
});
describe('GET', () => {
test('returns 400 status code if the user agent is blocked', async () => {
const response = await superGet(
'/api/users/get-public-profile?username=public-user'
).set('User-Agent', 'curl');
expect(response.text).toBe(
'This endpoint is no longer available outside of the freeCodeCamp ecosystem'
);
expect(response.statusCode).toBe(400);
});
test('returns 400 status code if the username param is missing', async () => {
const res = await superGet('/api/users/get-public-profile');
// TODO(Post-MVP): return something more informative
api/src/routes/user.ts
+15 -13
View File
@@ -653,21 +653,23 @@ export const userPublicGetRoutes: FastifyPluginCallbackTypebox = (
fastify.get(
'/api/users/get-public-profile',
{
schema: schemas.getPublicProfile
schema: schemas.getPublicProfile,
onRequest: (req, reply, done) => {
const userAgent = req.headers['user-agent'];
if (
userAgent &&
blockedUserAgentParts.some(ua => userAgent.toLowerCase().includes(ua))
) {
void reply.code(400);
void reply.send(
'This endpoint is no longer available outside of the freeCodeCamp ecosystem'
);
}
done();
}
},
async (req, reply) => {
const userAgent = req.headers['user-agent'];
if (
userAgent &&
blockedUserAgentParts.some(ua => userAgent.toLowerCase().includes(ua))
) {
void reply.code(400);
return reply.send(
'This endpoint is no longer available outside of the freeCodeCamp ecosystem'
);
}
// TODO(Post-MVP): look for duplicates unless we can make username unique in the db.
const user = await fastify.prisma.user.findFirst({
where: { username: req.query.username }