add a config for an api endpoint

to decide if `getotheruser` should be allowed to be called without a cookie
2022-06-21 23:21:58 +02:00 · 2022-06-21 23:21:58 +02:00 · 285c31d58b
commit 285c31d58b
parent 3cf533cc0a
2 changed files with 12 additions and 0 deletions
--- a/server.js
+++ b/server.js
@ -365,8 +365,19 @@ router.options("/api/post",async function(req,res,next) {
  res.status(200).send("")
 })

+router.options("/api/getotheruser",async function(req,res,next) {
+  res.set("Access-Control-Allow-Origin","*") //we'll allow it for now
+  res.set("Access-Control-Allow-Methods","GET")
+  res.set("Access-Control-Allow-Headers","Content-Type")
+  res.status(200).send("")
+})
+
 router.use("/api/*",async function(req,res,next) {
  res.set("Access-Control-Allow-Origin","*") //we'll allow it for now
+  if(config["allow_getotheruser_without_cookie"] && req.url == "/api/getotheruser") {
+    next()
+    return
+  }
  if(!increaseAPICall(req,res))return;
  let unsigned;
  if(req.body.user == undefined || req.body.pass == undefined) {
--- a/server_config.json
+++ b/server_config.json
@ -1,4 +1,5 @@
 {
+  "allow_getotheruser_without_cookie": true,
  "mysql": {
    "connections":1000,
    "host":"localhost",