Skip to content

Commit b18e8e6

Browse files
Uzlopakwolfy1339
Uzlopak
and
wolfy1339
authored
refine server regarding injecting payloads (#236)
Co-authored-by: wolfy1339 <4595477+wolfy1339@users.noreply.github.com>
1 parent 72d5964 commit b18e8e6

1 file changed

Lines changed: 49 additions & 6 deletions

File tree

lib/server.js

Lines changed: 49 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@ if (process.env.SENTRY_DSN) {
2525
}
2626

2727
const isProd = process.env.NODE_ENV === 'production'
28+
const port = parseInt(process.env.PORT, 10) || 3000
2829
const __dirname = new URL('.', import.meta.url).pathname
2930

3031
const [
@@ -53,10 +54,38 @@ const [
5354
Sentry.setupFastifyErrorHandler(fastify)
5455
}
5556

56-
await fastify.register(fastifySwagger)
57-
await fastify.register(fastifySwaggerUi)
58-
await fastify.register(fastifyCors)
59-
await fastify.register(fastifyHelmet)
57+
await fastify.register(fastifySwagger, {
58+
openapi: {
59+
openapi: '3.0.0',
60+
info: {
61+
title: 'smee.io',
62+
description: 'The smee.io REST-API',
63+
version: '0.0.0'
64+
},
65+
servers: [
66+
{
67+
url: `http://localhost:${port}`,
68+
description: 'Development server'
69+
},
70+
{
71+
url: 'https://smee.io',
72+
description: 'Production server'
73+
}
74+
]
75+
}
76+
})
77+
await fastify.register(fastifySwaggerUi, {
78+
logo: false,
79+
theme: {
80+
title: 'smee.io API',
81+
}
82+
})
83+
await fastify.register(fastifyCors, {
84+
origin: '*',
85+
})
86+
await fastify.register(fastifyHelmet, {
87+
contentSecurityPolicy: false
88+
})
6089

6190
if (process.env.FORCE_HTTPS) {
6291
await fastify.register(forceHttps)
@@ -265,6 +294,21 @@ const [
265294
}
266295
}
267296
},
297+
headers: {
298+
type: 'object',
299+
properties: {
300+
'x-github-event': { type: 'string' },
301+
'x-github-delivery': { type: 'string', format: 'uuid' },
302+
'x-hub-signature-256': {
303+
type: 'string',
304+
description: 'SHA256 HMAC hex digest of the body, using the webhook secret as the key, in the format sha256=...',
305+
pattern: '^sha256=[a-f0-9]{64}$'
306+
},
307+
},
308+
additionalProperties: {
309+
type: 'string'
310+
}
311+
},
268312
body: {
269313
type: 'object'
270314
}
@@ -278,7 +322,7 @@ const [
278322
body: req.body,
279323
query: req.query,
280324
timestamp: Date.now()
281-
})
325+
})
282326

283327
return reply.status(200).send()
284328
})
@@ -320,7 +364,6 @@ const [
320364
return reply.status(200).send()
321365
})
322366

323-
const port = parseInt(process.env.PORT, 10) || 3000
324367
fastify.listen({ port, host: '0.0.0.0' }, (err, address) => {
325368
if (err) {
326369
console.error(err)

0 commit comments

Comments
 (0)