From 6cf1aaca5c67d5cb5738eac8bb5d0d5ae60db66c Mon Sep 17 00:00:00 2001 From: Grant Date: Mon, 15 Jul 2024 15:29:26 -0600 Subject: [PATCH] protect dangerous endpoints behind NODE_ENV --- packages/server/src/api/admin.ts | 29 ++++++++++------------------- 1 file changed, 10 insertions(+), 19 deletions(-) diff --git a/packages/server/src/api/admin.ts b/packages/server/src/api/admin.ts index 5287c6e..082bbe9 100644 --- a/packages/server/src/api/admin.ts +++ b/packages/server/src/api/admin.ts @@ -51,25 +51,6 @@ app.get("/check", (req, res) => { res.send({ success: true }); }); -// TODO: Delete before merge -app.get("/log", (req, res) => { - const user = "grant@grants.cafe"; - - for (let i = 0; i < 100; i++) { - LogMan.log("pixel_place", user, { x: 0, y: 0, hex: "ABC123" }); - LogMan.log("pixel_undo", user, { x: 0, y: 0, hex: "FFFFFF" }); - LogMan.log("mod_fill", user, { from: [0, 0], to: [1, 1], hex: "000000" }); - LogMan.log("mod_override", user, { x: 0, y: 0, hex: "111111" }); - LogMan.log("mod_rollback", user, { x: 0, y: 0, hex: "222222" }); - LogMan.log("mod_rollback_undo", user, { x: 0, y: 0, hex: "333333" }); - LogMan.log("canvas_size", { width: 100, height: 100 }); - LogMan.log("canvas_freeze", {}); - LogMan.log("canvas_unfreeze", {}); - } - - res.send("ok"); -}); - app.get("/canvas/size", async (req, res) => { const config = Canvas.getCanvasConfig(); @@ -198,6 +179,16 @@ app.get("/canvas/:x/:y", async (req, res) => { }); app.post("/canvas/stress", async (req, res) => { + if (process.env.NODE_ENV === "production") { + res + .status(500) + .json({ + success: false, + error: "this is terrible idea to execute this in production", + }); + return; + } + if ( typeof req.body?.width !== "number" || typeof req.body?.height !== "number"