fix: fix the geoip localhost hack

Signed-off-by: deslokitty <deslokitty@desloratadyna.net>
chore: replace amy's localhost hack
2026-01-08 15:21:15 +01:00 · 2026-01-08 12:58:56 +01:00 · 2026-01-08 13:19:55 +02:00 · 2026-01-08 13:18:03 +02:00
1 changed files with 3 additions and 1 deletions
--- a/index.js
+++ b/index.js
@@ -53,7 +53,7 @@ function verifyToken(token) {
 	return split[0];
 }
 function sanitiseStringHTML(str) {
-	return str.replaceAll(">", "&gt;").replaceAll("<", "&lt;");
+	return str.replaceAll("&", "&amp;").replaceAll(">", "&gt;").replaceAll("<", "&lt;");
 }

 app.use(express.urlencoded());
@@ -75,6 +75,8 @@ app.use((req, res, next) => {
 });
 app.use((req, res, next) => {
 	req.userId = verifyToken(req.cookies.token);
+	if (!req.headers['x-forwarded-for']) return next();
+
 	const geo = geoip.lookup(req.headers['x-forwarded-for']);
 	console.log(geo);
Author	SHA256	Message	Date
deslokitty	38ed485bd8	fix: fix the geoip localhost hack Signed-off-by: deslokitty <deslokitty@desloratadyna.net>	2026-01-08 15:21:15 +01:00
deslokitty	a64cb5b4de	chore: replace amy's localhost hack ya so basically it is either reverse proxy or everyone gets access granted in shit yourself if you dont use a reverse proxy Signed-off-by: deslokitty <deslokitty@desloratadyna.net>	2026-01-08 12:58:56 +01:00
WlodekM	490c1cc724	fix error when accessing from localhost	2026-01-08 13:19:55 +02:00
WlodekM	ef9f6ba9c7	satanize ampersand	2026-01-08 13:18:03 +02:00