From 30a538e85e1aa94ef65e5d04bfb4b4885626f258 Mon Sep 17 00:00:00 2001
From: AAGaming <aa@mail.catvibers.me>
Date: Sat, 13 Aug 2022 23:58:57 -0400
Subject: FINALLY fix the multiple injections bug

---
 backend/helpers.py     | 5 ++++-
 backend/main.py        | 1 -
 frontend/src/index.tsx | 1 -
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/backend/helpers.py b/backend/helpers.py
index b7f9fba4..8d329560 100644
--- a/backend/helpers.py
+++ b/backend/helpers.py
@@ -1,6 +1,7 @@
 import certifi
 import ssl
 import uuid
+import re
 
 from aiohttp.web import middleware, Response
 from subprocess import check_output
@@ -12,6 +13,8 @@ ssl_ctx = ssl.create_default_context(cafile=certifi.where())
 user = None
 group = None
 
+assets_regex = re.compile("^/plugins/.*/assets/.*")
+
 def get_ssl_context():
     return ssl_ctx
 
@@ -20,7 +23,7 @@ def get_csrf_token():
 
 @middleware
 async def csrf_middleware(request, handler):
-    if str(request.method) == "OPTIONS" or request.headers.get('Authentication') == csrf_token or str(request.rel_url) == "/auth/token" or str(request.rel_url).startswith("/plugins/load_main/") or str(request.rel_url).startswith("/static/") or str(request.rel_url).startswith("/legacy/") or str(request.rel_url).startswith("/steam_resource/"):
+    if str(request.method) == "OPTIONS" or request.headers.get('Authentication') == csrf_token or str(request.rel_url) == "/auth/token" or str(request.rel_url).startswith("/plugins/load_main/") or str(request.rel_url).startswith("/static/") or str(request.rel_url).startswith("/legacy/") or str(request.rel_url).startswith("/steam_resource/") or assets_regex.match(str(request.rel_url)):
         return await handler(request)
     return Response(text='Forbidden', status='403')
 
diff --git a/backend/main.py b/backend/main.py
index b6af4b8f..21d4f5a0 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -62,7 +62,6 @@ class PluginManager:
         self.updater = Updater(self)
 
         jinja_setup(self.web_app)
-        self.web_app.on_startup.append(self.inject_javascript)
         if CONFIG["chown_plugin_path"] == True:
             self.web_app.on_startup.append(chown_plugin_dir)
         self.loop.create_task(self.loader_reinjector())
diff --git a/frontend/src/index.tsx b/frontend/src/index.tsx
index 0347388c..694ac667 100644
--- a/frontend/src/index.tsx
+++ b/frontend/src/index.tsx
@@ -15,7 +15,6 @@ declare global {
 }
 (async () => {
   window.deckyHasLoaded = true;
-  await sleep(1000);
   window.deckyAuthToken = await fetch('http://127.0.0.1:1337/auth/token').then((r) => r.text());
 
   window.DeckyPluginLoader?.dismountAll();
-- 
cgit v1.2.3