ekzyis
/
stacker.news
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enforce HTTPS for LNbits (#809) 

* Enforce HTTPS for LNbits

* Use URL constructor
This commit is contained in:
ekzyis 2024-02-12 00:39:06 +01:00 committed by GitHub
parent 6355d7eabc
commit 8238d4d5be
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
lib/validate.js
View File

@ -44,6 +44,20 @@ addMethod(string, 'or', function (schemas, msg) {
})
})
addMethod(string, 'https', function () {
return this.test({
name: 'https',
message: 'https required',
test: (url) => {
try {
return new URL(url).protocol === 'https:'
} catch {
return false
}
}
})
})
const titleValidator = string().required('required').trim().max(
MAX_TITLE_LENGTH,
({ max, value }) => `-${Math.abs(max - value.length)} characters remaining`
@ -424,10 +438,10 @@ export const lnAddrSchema = ({ payerData, min, max, commentAllowed } = {}) =>
export const lnbitsSchema = object({
url: process.env.NODE_ENV === 'development'
? string().or(
[string().matches(/^(http:\/\/)?localhost:\d+$/), string().url()],
'invalid url').required('required').trim()
: string().url().required('required').trim(),
? string()
.or([string().matches(/^(http:\/\/)?localhost:\d+$/), string().url()], 'invalid url')
.required('required').trim().https()
: string().url().required('required').trim().https(),
adminKey: string().length(32)
})