fix: backend issue

This commit is contained in:
Mar0xy 2023-09-24 22:07:41 +02:00
parent 0758e38237
commit 95df69b06c
No known key found for this signature in database
GPG key ID: 56569BBE47D2C828

View file

@ -1,6 +1,5 @@
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import megalodon, { Entity, MegalodonInterface } from 'megalodon'; import megalodon, { Entity, MegalodonInterface } from 'megalodon';
import multipart from '@fastify/multipart';
import { IsNull } from 'typeorm'; import { IsNull } from 'typeorm';
import multer from 'fastify-multer'; import multer from 'fastify-multer';
import type { UsersRepository } from '@/models/_.js'; import type { UsersRepository } from '@/models/_.js';
@ -41,15 +40,20 @@ export class MastodonApiServerService {
}, },
}); });
fastify.register(multer.contentParser); fastify.addHook('onRequest', (request, reply, done) => {
reply.header('Content-Security-Policy', `default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline';
fastify.register(multipart, { script-src * data: blob: 'unsafe-inline' 'unsafe-eval';
limits: { connect-src * data: blob: 'unsafe-inline';
fileSize: this.config.maxFileSize ?? 262144000, img-src * data: blob: 'unsafe-inline';
files: 1, frame-src * data: blob: ;
}, style-src * data: blob: 'unsafe-inline';
font-src * data: blob: 'unsafe-inline';
frame-ancestors * data: blob: 'unsafe-inline';`);
done();
}); });
fastify.register(multer.contentParser);
fastify.get('/v1/custom_emojis', async (_request, reply) => { fastify.get('/v1/custom_emojis', async (_request, reply) => {
const BASE_URL = `${_request.protocol}://${_request.hostname}`; const BASE_URL = `${_request.protocol}://${_request.hostname}`;
const accessTokens = _request.headers.authorization; const accessTokens = _request.headers.authorization;