universo-platform-2d
73 строки · 1.8 Кб
1const ALLOW_ORIGIN = [2'https://affine.pro',3'https://app.affine.pro',4'https://insider.affine.pro',5'https://affine.fail',6];7function isString(s: any): boolean {9return typeof s === 'string' || s instanceof String;10}11function isOriginAllowed(13origin: string,14allowedOrigin: string | RegExp | Array<string | RegExp>15): boolean {16if (Array.isArray(allowedOrigin)) {17for (const allowed of allowedOrigin) {18if (isOriginAllowed(origin, allowed)) {19return true;20}21}22return false;23} else if (isString(allowedOrigin)) {24return origin === allowedOrigin;25} else if (allowedOrigin instanceof RegExp) {26return allowedOrigin.test(origin);27} else {28return !!allowedOrigin;29}30}31async function proxyImage(request: Request): Promise<Response> {33const url = new URL(request.url);34const imageURL = url.searchParams.get('url');35if (!imageURL) {37return new Response('Missing "url" parameter', { status: 400 });38}39const imageRequest = new Request(imageURL, {41method: 'GET',42headers: request.headers,43});44const response = await fetch(imageRequest);46const modifiedResponse = new Response(response.body);47modifiedResponse.headers.set(49'Access-Control-Allow-Origin',50request.headers.get('Origin') ?? 'null'51);52modifiedResponse.headers.set('Vary', 'Origin');53modifiedResponse.headers.set('Access-Control-Allow-Methods', 'GET');54return modifiedResponse;56}57const handler = {59async fetch(request: Request) {60if (!isOriginAllowed(request.headers.get('Origin') ?? '', ALLOW_ORIGIN)) {61return new Response('unauthorized', { status: 401 });62}63const url = new URL(request.url);65if (url.pathname.startsWith('/proxy/image')) {66return await proxyImage(request);67}68return new Response('not found', { status: 404 });70},71};72export default handler;74