gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix(donate): allow calls to the API without auth

Browse Source 
This is also dependent on 170e3dbf4f
This commit is contained in:
Mrugesh Mohapatra
2020-03-21 01:39:29 +05:30
committed by mrugesh
parent b561599614
commit ef39ab0e20
3 changed files with 31 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
api-server/server/middlewares/csurf.js
View File

@ -8,7 +8,12 @@ export default function() {
});
return function csrf(req, res, next) {
const { path } = req;
if (/^\/hooks\/update-paypal$|^\/hooks\/update-stripe$/.test(path)) {
if (
// eslint-disable-next-line max-len
/^\/hooks\/update-paypal$|^\/hooks\/update-stripe$|^\/donate\/charge-stripe$/.test(
path
)
) {
return next();
}
return protection(req, res, next);

6
api-server/server/middlewares/request-authorization.js
View File

@ -25,6 +25,9 @@ const unsubscribedRE = /^\/unsubscribed\//;
const unsubscribeRE = /^\/u\/|^\/unsubscribe\/|^\/ue\//;
const updateHooksRE = /^\/hooks\/update-paypal$|^\/hooks\/update-stripe$/;
// note: this would be replaced by webhooks later
const donateRE = /^\/donate\/charge-stripe$/;
const _whiteListREs = [
authRE,
confirmEmailRE,
@ -37,7 +40,8 @@ const _whiteListREs = [
statusRE,
unsubscribedRE,
unsubscribeRE,
updateHooksRE
updateHooksRE,
donateRE
];
export function isWhiteListedPath(path, whiteListREs = _whiteListREs) {