mirror of
https://github.com/GMWalletApp/epusdt.git
synced 2026-07-07 18:26:16 +00:00
fix(server): prevent SPA fallback from swallowing API routes
- add ShouldSkipSPAFallback() deny prefixes: /api, /admin/api, /payments, /pay - apply StaticWithConfig Skipper in both main http server and install server - add unit tests for fallback skip matching behavior
This commit is contained in:
@@ -6,6 +6,25 @@ import (
|
||||
"strings"
|
||||
)
|
||||
|
||||
var spaFallbackDenyPrefixes = []string{
|
||||
"/api",
|
||||
"/admin/api",
|
||||
"/payments",
|
||||
"/pay",
|
||||
}
|
||||
|
||||
// ShouldSkipSPAFallback reports whether a request path should bypass
|
||||
// server-side SPA fallback to index.html and continue normal backend routing.
|
||||
func ShouldSkipSPAFallback(requestPath string) bool {
|
||||
for _, prefix := range spaFallbackDenyPrefixes {
|
||||
if requestPath == prefix || strings.HasPrefix(requestPath, prefix+"/") {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
// ResolveSPAFilePath normalizes a wildcard SPA path and maps it under wwwRoot.
|
||||
// It strips any leading slash and blocks path traversal outside wwwRoot.
|
||||
// The second return value indicates whether the caller should try os.Stat
|
||||
|
||||
Reference in New Issue
Block a user