summaryrefslogtreecommitdiff
path: root/backend/decky_loader/helpers.py
diff options
context:
space:
mode:
Diffstat (limited to 'backend/decky_loader/helpers.py')
-rw-r--r--backend/decky_loader/helpers.py16
1 files changed, 14 insertions, 2 deletions
diff --git a/backend/decky_loader/helpers.py b/backend/decky_loader/helpers.py
index 2d5eb6dd..f4005cc5 100644
--- a/backend/decky_loader/helpers.py
+++ b/backend/decky_loader/helpers.py
@@ -12,7 +12,7 @@ from aiohttp.web import Request, Response, middleware
from aiohttp.typedefs import Handler
from aiohttp import ClientSession
from .localplatform import localplatform
-from .customtypes import UserType
+from .enums import UserType
from logging import getLogger
from packaging.version import Version
@@ -23,6 +23,7 @@ csrf_token = str(uuid.uuid4())
ssl_ctx = ssl.create_default_context(cafile=certifi.where())
assets_regex = re.compile("^/plugins/.*/assets/.*")
+dist_regex = re.compile("^/plugins/.*/dist/.*")
frontend_regex = re.compile("^/frontend/.*")
logger = getLogger("Main")
@@ -34,7 +35,18 @@ def get_csrf_token():
@middleware
async def csrf_middleware(request: Request, handler: Handler):
- if str(request.method) == "OPTIONS" or request.headers.get('Authentication') == csrf_token or str(request.rel_url) == "/auth/token" or str(request.rel_url).startswith("/plugins/load_main/") or str(request.rel_url).startswith("/static/") or str(request.rel_url).startswith("/steam_resource/") or str(request.rel_url).startswith("/frontend/") or str(request.rel_url.path) == "/ws" or assets_regex.match(str(request.rel_url)) or frontend_regex.match(str(request.rel_url)):
+ if str(request.method) == "OPTIONS" or \
+ request.headers.get('Authentication') == csrf_token or \
+ str(request.rel_url) == "/auth/token" or \
+ str(request.rel_url).startswith("/plugins/load_main/") or \
+ str(request.rel_url).startswith("/static/") or \
+ str(request.rel_url).startswith("/steam_resource/") or \
+ str(request.rel_url).startswith("/frontend/") or \
+ str(request.rel_url.path) == "/ws" or \
+ assets_regex.match(str(request.rel_url)) or \
+ dist_regex.match(str(request.rel_url)) or \
+ frontend_regex.match(str(request.rel_url)):
+
return await handler(request)
return Response(text='Forbidden', status=403)
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-16 21:47:35 +0000