import { config } from "../config";
import { RequestHandler } from "express";
const BLOCKED_REFERERS = config.blockedOrigins?.split(",") || [];
/** Disallow requests from blocked origins and referers. */
export const checkOrigin: RequestHandler = (req, res, next) => {
const msgToSend = `Your IP address is ${req.ip}. You have been reported for fraud.`;
const blocks = BLOCKED_REFERERS || [];
for (const block of blocks) {
if (
req.headers.origin?.includes(block) ||
req.headers.referer?.includes(block)
) {
req.log.warn(
{ origin: req.headers.origin, referer: req.headers.referer },
"Blocked request from origin or referer"
);
// VenusAI requests incorrectly say they accept HTML despite immediately
// trying to parse the response as JSON, so we check the body type instead
const hasJsonBody =
req.headers["content-type"]?.includes("application/json");
if (!req.accepts("html") || hasJsonBody) {
return res.status(403).json({
error: { type: "blocked_origin", message: msgToSend},
});
} else {
const destination = config.blockRedirect || "https://openai.com";
return res.status(403).send(
`
Redirecting
${msgToSend}
Please hold while you are redirected to a more suitable service.
`
);
}
}
}
next();
};