universo-platform-2d
73 строки · 1.8 Кб
1const ALLOW_ORIGIN = [
2'https://affine.pro',
3'https://app.affine.pro',
4'https://insider.affine.pro',
5'https://affine.fail',
6];
7
8function isString(s: any): boolean {
9return typeof s === 'string' || s instanceof String;
10}
11
12function isOriginAllowed(
13origin: string,
14allowedOrigin: string | RegExp | Array<string | RegExp>
15): boolean {
16if (Array.isArray(allowedOrigin)) {
17for (const allowed of allowedOrigin) {
18if (isOriginAllowed(origin, allowed)) {
19return true;
20}
21}
22return false;
23} else if (isString(allowedOrigin)) {
24return origin === allowedOrigin;
25} else if (allowedOrigin instanceof RegExp) {
26return allowedOrigin.test(origin);
27} else {
28return !!allowedOrigin;
29}
30}
31
32async function proxyImage(request: Request): Promise<Response> {
33const url = new URL(request.url);
34const imageURL = url.searchParams.get('url');
35
36if (!imageURL) {
37return new Response('Missing "url" parameter', { status: 400 });
38}
39
40const imageRequest = new Request(imageURL, {
41method: 'GET',
42headers: request.headers,
43});
44
45const response = await fetch(imageRequest);
46const modifiedResponse = new Response(response.body);
47
48modifiedResponse.headers.set(
49'Access-Control-Allow-Origin',
50request.headers.get('Origin') ?? 'null'
51);
52modifiedResponse.headers.set('Vary', 'Origin');
53modifiedResponse.headers.set('Access-Control-Allow-Methods', 'GET');
54
55return modifiedResponse;
56}
57
58const handler = {
59async fetch(request: Request) {
60if (!isOriginAllowed(request.headers.get('Origin') ?? '', ALLOW_ORIGIN)) {
61return new Response('unauthorized', { status: 401 });
62}
63
64const url = new URL(request.url);
65if (url.pathname.startsWith('/proxy/image')) {
66return await proxyImage(request);
67}
68
69return new Response('not found', { status: 404 });
70},
71};
72
73export default handler;
74