jbrechtel/flipstone-radar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixes config.json exposure

Browse Source
This commit is contained in:
James Brechtel
2025-07-11 09:22:05 -04:00
parent 370c29a6fc
commit c20b9e98f8
4 changed files with 66 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
vite.config.ts
View File

@@ -1,8 +1,53 @@
import { defineConfig } from 'vite'
import react from '@vitejs/plugin-react'
// Security plugin to block sensitive files
const securityPlugin = () => {
return {
name: 'security-plugin',
configureServer(server: any) {
server.middlewares.use((req: any, res: any, next: any) => {
const url = req.url?.toLowerCase() || '';
// Only block the most critical sensitive files
const blockedFiles = [
'/config.json',
'/config.example.json',
'/.env'
];
// Block specific directory traversal attempts
const blockedPaths = [
'/server/',
'/.git/'
];
// Check for exact file matches
const isBlockedFile = blockedFiles.includes(url);
// Check for blocked directory access
const isBlockedPath = blockedPaths.some(path => url.startsWith(path));
if (isBlockedFile || isBlockedPath) {
console.warn(`🚫 Blocked access to sensitive file: ${req.url} from ${req.headers['x-forwarded-for'] || req.socket.remoteAddress}`);
res.statusCode = 403;
res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify({
error: 'Access denied',
message: 'This resource is not available'
}));
return;
}
next();
});
}
};
};
export default defineConfig({
plugins: [react()],
plugins: [react(), securityPlugin()],
publicDir: 'public',
server: {
host: '0.0.0.0',
port: 3000,
@@ -11,4 +56,13 @@ export default defineConfig({
'/api': 'http://localhost:3001'
}
},
build: {
rollupOptions: {
// These files should not be bundled into the build
external: (id) => {
// Only externalize if it's exactly these files
return id === 'config.json' || id === '.env' || id === 'config.example.json'
}
}
}
})