From b781f33e4b697f079a673237004700e937320d14 Mon Sep 17 00:00:00 2001
From: Manav Rathi <manav@mrmr.io>
Date: Sun, 16 Jun 2024 09:57:44 +0530
Subject: [PATCH] ditto

---
 infra/workers/cast-albums/src/index.ts | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/infra/workers/cast-albums/src/index.ts b/infra/workers/cast-albums/src/index.ts
index 9f92fa9df6..921db01a54 100644
--- a/infra/workers/cast-albums/src/index.ts
+++ b/infra/workers/cast-albums/src/index.ts
@@ -28,12 +28,12 @@ const handleOPTIONS = (request: Request) => {
 };
 
 const isAllowedOrigin = (origin: string | null) => {
+    const allowed = ["cast.ente.io", "cast.ente.sh", "localhost"];
+
     if (!origin) return false;
     try {
         const url = new URL(origin);
-        return ["cast.ente.io", "cast.ente.sh", "localhost"].includes(
-            url.hostname
-        );
+        return allowed.includes(url.hostname);
     } catch {
         // origin is likely an invalid URL
         return false;
@@ -50,14 +50,18 @@ const handleGET = async (request: Request) => {
         return new Response(null, { status: 400 });
     }
 
-    const fileID = url.searchParams.get("fileID");
     const pathname = url.pathname;
+    const fileID = url.searchParams.get("fileID");
+    if (!fileID) {
+        console.error("No fileID provided");
+        return new Response(null, { status: 400 });
+    }
 
     const params = new URLSearchParams({ castToken });
+
     let response = await fetch(
         `https://api.ente.io/cast/files${pathname}${fileID}?${params.toString()}`
     );
-
     response = new Response(response.body, response);
     response.headers.set("Access-Control-Allow-Origin", "*");
     return response;