Untitled

mail@pastecode.io avatar
unknown
plain_text
a month ago
915 B
1
Indexable
Never
import { NextFunction, Request, Response } from 'express'
import { webUrl } from '@/common/config'
import { ResponseService } from '@/common/service/response'

const response = new ResponseService()

const isOriginValid = async (
  req: Request,
  res: Response,
  next: NextFunction
) => {
  const origin = req.headers['origin']
  const referer = req.headers['referer']
  const proxy = req.headers['x-forwarded-host']
  if ((origin && referer) || proxy) {
    const isValid = (String(referer).startsWith(webUrl) && origin === webUrl) || webUrl.includes(proxy as string)
    if (isValid) {
      next()
    } else {
      res.json(
        response.error({
          message: 'You are not authorized to perform this action',
        })
      )
    }
  } else {
    res.json(
      response.error({
        message: 'You are not authorized to perform this action',
      })
    )
  }
}

export default isOriginValid
Leave a Comment