diff options
| author | AAGaming <aagaming@riseup.net> | 2024-02-21 01:08:25 -0500 |
|---|---|---|
| committer | AAGaming <aagaming@riseup.net> | 2024-02-21 01:08:25 -0500 |
| commit | 6d2e9365c0fb1bea804743245d79a5b97e3af108 (patch) | |
| tree | d34d09b7406d065edc79ff4a6c694f5caee923f0 /backend/decky_loader/helpers.py | |
| parent | 61cf80f8a2d472e9cbc7d401c7cd24075d5bcf28 (diff) | |
| download | decky-loader-6d2e9365c0fb1bea804743245d79a5b97e3af108.tar.gz decky-loader-6d2e9365c0fb1bea804743245d79a5b97e3af108.zip | |
more major websocket progress
Diffstat (limited to 'backend/decky_loader/helpers.py')
| -rw-r--r-- | backend/decky_loader/helpers.py | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/backend/decky_loader/helpers.py b/backend/decky_loader/helpers.py index 2d5eb6dd..f4005cc5 100644 --- a/backend/decky_loader/helpers.py +++ b/backend/decky_loader/helpers.py @@ -12,7 +12,7 @@ from aiohttp.web import Request, Response, middleware from aiohttp.typedefs import Handler from aiohttp import ClientSession from .localplatform import localplatform -from .customtypes import UserType +from .enums import UserType from logging import getLogger from packaging.version import Version @@ -23,6 +23,7 @@ csrf_token = str(uuid.uuid4()) ssl_ctx = ssl.create_default_context(cafile=certifi.where()) assets_regex = re.compile("^/plugins/.*/assets/.*") +dist_regex = re.compile("^/plugins/.*/dist/.*") frontend_regex = re.compile("^/frontend/.*") logger = getLogger("Main") @@ -34,7 +35,18 @@ def get_csrf_token(): @middleware async def csrf_middleware(request: Request, handler: Handler): - if str(request.method) == "OPTIONS" or request.headers.get('Authentication') == csrf_token or str(request.rel_url) == "/auth/token" or str(request.rel_url).startswith("/plugins/load_main/") or str(request.rel_url).startswith("/static/") or str(request.rel_url).startswith("/steam_resource/") or str(request.rel_url).startswith("/frontend/") or str(request.rel_url.path) == "/ws" or assets_regex.match(str(request.rel_url)) or frontend_regex.match(str(request.rel_url)): + if str(request.method) == "OPTIONS" or \ + request.headers.get('Authentication') == csrf_token or \ + str(request.rel_url) == "/auth/token" or \ + str(request.rel_url).startswith("/plugins/load_main/") or \ + str(request.rel_url).startswith("/static/") or \ + str(request.rel_url).startswith("/steam_resource/") or \ + str(request.rel_url).startswith("/frontend/") or \ + str(request.rel_url.path) == "/ws" or \ + assets_regex.match(str(request.rel_url)) or \ + dist_regex.match(str(request.rel_url)) or \ + frontend_regex.match(str(request.rel_url)): + return await handler(request) return Response(text='Forbidden', status=403) |