Michelle/redlight
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 11 Wiki Activity

Refactor theme validation to dynamically import themes from the source directory
All checks were successful
Build & Push Docker Image / build (push) Successful in 6m20s
Details

Browse Source
This commit is contained in:
Michelle
2026-02-28 20:02:15 +01:00
parent 7466f3513d
commit 1fb999d73b
2 changed files with 4 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
server/routes/auth.js
View File

@@ -11,6 +11,7 @@ import { getDb } from '../config/database.js';
import redis from '../config/redis.js'; import redis from '../config/redis.js';
import { authenticateToken, generateToken } from '../middleware/auth.js'; import { authenticateToken, generateToken } from '../middleware/auth.js';
import { isMailerConfigured, sendVerificationEmail } from '../config/mailer.js'; import { isMailerConfigured, sendVerificationEmail } from '../config/mailer.js';
import { themes } from '../../src/themes/index.js';
if (!process.env.JWT_SECRET) { if (!process.env.JWT_SECRET) {
console.error('FATAL: JWT_SECRET environment variable is not set.'); console.error('FATAL: JWT_SECRET environment variable is not set.');
@@ -33,11 +34,7 @@ function makeRedisStore(prefix) {
// ── Validation helpers ───────────────────────────────────────────────────── // ── Validation helpers ─────────────────────────────────────────────────────
const EMAIL_RE = /^[^\s@]{1,64}@[^\s@]{1,253}\.[^\s@]{2,}$/; const EMAIL_RE = /^[^\s@]{1,64}@[^\s@]{1,253}\.[^\s@]{2,}$/;
const VALID_THEMES = new Set([ const VALID_THEMES = new Set(themes.map(t => t.id));
'light', 'dark', 'dracula', 'mocha', 'latte', 'nord', 'tokyo-night',
'gruvbox-dark', 'gruvbox-light', 'rose-pine', 'rose-pine-dawn',
'solarized-dark', 'solarized-light', 'one-dark', 'github-dark', 'scrunkly-cat',
]);
const VALID_LANGUAGES = new Set(['en', 'de']); const VALID_LANGUAGES = new Set(['en', 'de']);
// Allowlist for CSS color values only permits hsl(), hex (#rgb/#rrggbb) and plain names // Allowlist for CSS color values only permits hsl(), hex (#rgb/#rrggbb) and plain names

8
server/routes/branding.js
View File

@@ -5,18 +5,14 @@ import fs from 'fs';
import { fileURLToPath } from 'url'; import { fileURLToPath } from 'url';
import { getDb } from '../config/database.js'; import { getDb } from '../config/database.js';
import { authenticateToken, requireAdmin } from '../middleware/auth.js'; import { authenticateToken, requireAdmin } from '../middleware/auth.js';
import { themes } from '../../src/themes/index.js';
const __filename = fileURLToPath(import.meta.url); const __filename = fileURLToPath(import.meta.url);
const __dirname = path.dirname(__filename); const __dirname = path.dirname(__filename);
const router = Router(); const router = Router();
// Allowlist of valid theme IDs (keep in sync with src/themes/index.js) const VALID_THEMES = new Set(themes.map(t => t.id));
const VALID_THEMES = new Set([
'light', 'dark', 'dracula', 'mocha', 'latte', 'nord', 'tokyo-night',
'gruvbox-dark', 'gruvbox-light', 'rose-pine', 'rose-pine-dawn',
'solarized-dark', 'solarized-light', 'one-dark', 'github-dark', 'scrunkly-cat',
]);
// Ensure uploads/branding directory exists // Ensure uploads/branding directory exists
const brandingDir = path.join(__dirname, '..', '..', 'uploads', 'branding'); const brandingDir = path.join(__dirname, '..', '..', 'uploads', 'branding');