more path sanitization #21

Merged
yume merged 1 commit from develop into master 2024-11-17 12:58:52 -06:00

View file

@ -18,6 +18,42 @@ export function sanitizeRequestURI(uri: string): string {
return '[embed_vite]';
}
if (uri.startsWith('/emoji/')) {
return '/emoji/[emoji]';
}
if (uri.startsWith('/identicon/')) {
return '/identicon/[identicon]';
}
if (uri.startsWith('/tags/')) {
return '/tags/[tag]';
}
if (uri.startsWith('/user-tags/')) {
return '/user-tags/[tag]';
}
if (uri.startsWith('/page/')) {
return '/page/[page]';
}
if (uri.startsWith('/fluent-emoji/')) {
return '/fluent-emoji/[fluent-emoji]';
}
if (uri.startsWith('/twemoji/')) {
return '/twemoji/[twemoji]';
}
if (uri.startsWith('/twemoji-badge/')) {
return '/twemoji-badge/[twemoji-badge]';
}
if (!uri.startsWith('/api/')) {
return '[other]';
}
const uuid = /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/g;
const username_local = /\/@\w+(\/|$)/;
const username_remote = /\/@\w+@[a-zA-Z0-9-.]+\.[a-zA-Z]{2,4}(\/|$)/;
@ -26,12 +62,6 @@ export function sanitizeRequestURI(uri: string): string {
const aid = new RegExp(`/${aidRegExp.source.replace(/^\^/, '').replace(/\$$/, '')}(\/|$)`, 'g');
return uri
.replace(/\/tags\/[^/]+/g, '/tags/[tag]')
.replace(/\/user-tags\/[^/]+/g, '/user-tags/[tag]')
.replace(/\/page\/[\w-]+/g, '/page/[page]')
.replace(/\/fluent-emoji\/[^/]+/g, '/fluent-emoji/[fluent-emoji]')
.replace(/\/twemoji\/[^/]+/g, '/twemoji/[twemoji]')
.replace(/\/twemoji-badge\/[^/]+/g, '/twemoji-badge/[twemoji-badge]')
.replace(aidx, '/[aidx]/')
.replace(aid, '/[aid]/')
.replace(token, '=[token]')