LUI/vite.config.js at main · Damarcreative/LUI · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
import { defineConfig } from 'vite';
import path from 'path';
import fs from 'fs';
import { appApiPlugin } from './vite-plugin-app-api.js';

export default defineConfig({
    plugins: [
        appApiPlugin(),
        {
            name: 'block-backend-files',
            configureServer(server) {
                server.middlewares.use((req, res, next) => {
                    const restricted = ['/api/', '/services/', '/node_modules/', '/package.json'];

                    if (req.url.includes('/src/apps/') && restricted.some(r => req.url.includes(r))) {
                        res.writeHead(302, { 'Location': `/error.html?code=403&path=${encodeURIComponent(req.url)}` });
                        res.end();
                        return;
                    }
                    next();
                });
            }
        },
        {

            name: 'serve-storage',
            configureServer(server) {
                const storageDir = path.resolve(__dirname, 'storage');

                server.middlewares.use((req, res, next) => {

                    if (req.url?.startsWith('/storage/')) {
                        const filePath = path.join(storageDir, req.url.replace('/storage/', ''));


                        if (!filePath.startsWith(storageDir)) {
                            res.statusCode = 403;
                            res.end('Forbidden');
                            return;
                        }

                        if (fs.existsSync(filePath) && fs.statSync(filePath).isFile()) {

                            const ext = path.extname(filePath).toLowerCase();
                            const mimeTypes = {
                                '.png': 'image/png',
                                '.jpg': 'image/jpeg',
                                '.jpeg': 'image/jpeg',
                                '.gif': 'image/gif',
                                '.webp': 'image/webp',
                                '.svg': 'image/svg+xml',
                                '.json': 'application/json'
                            };

                            res.setHeader('Content-Type', mimeTypes[ext] || 'application/octet-stream');
                            res.setHeader('Cache-Control', 'public, max-age=3600');
                            fs.createReadStream(filePath).pipe(res);
                            return;
                        }
                    }
                    next();
                });
            }
        }
    ],
    resolve: {
        alias: {
            '@': path.resolve(__dirname, './src'),
        },
    },
    server: {
        port: 3000,
        fs: {

            allow: [
                path.resolve(__dirname, './'),
                path.resolve(__dirname, './storage')
            ],

            deny: [
                '**/src/apps/**/api/**',
                '**/src/apps/**/services/**',
                '**/src/apps/**/node_modules/**',
                '**/src/apps/**/package.json'
            ]
        }
    }
});