mirror of
https://github.com/koala73/worldmonitor.git
synced 2026-05-13 18:46:21 +02:00
a9224254a5
- Tighten CORS regex to block worldmonitorEVIL.vercel.app spoofing - Move sidecar /api/local-env-update behind token auth + add key allowlist - Add postMessage origin/source validation in LiveNewsPanel - Replace postMessage wildcard '*' targetOrigin with specific origin - Add isDisallowedOrigin() check to 25 API endpoints missing it - Migrate gdelt-geo & EIA from custom CORS to shared _cors.js - Add CORS to firms-fires, stock-index, youtube/live endpoints - Tighten youtube/embed.js ALLOWED_ORIGINS regex - Remove 'unsafe-inline' from CSP script-src - Add iframe sandbox attribute to YouTube embed - Validate meta-tags URL query params with regex allowlist
60 lines
2.0 KiB
JavaScript
60 lines
2.0 KiB
JavaScript
import { getCorsHeaders, isDisallowedOrigin } from './_cors.js';
|
|
export const config = { runtime: 'edge' };
|
|
|
|
// Fetch AI/ML papers from ArXiv
|
|
// Categories: cs.AI, cs.LG (Machine Learning), cs.CL (Computation and Language)
|
|
export default async function handler(request) {
|
|
const cors = getCorsHeaders(request);
|
|
if (isDisallowedOrigin(request)) {
|
|
return new Response(JSON.stringify({ error: 'Origin not allowed' }), { status: 403, headers: cors });
|
|
}
|
|
try {
|
|
const { searchParams } = new URL(request.url);
|
|
const category = searchParams.get('category') || 'cs.AI'; // cs.AI, cs.LG, cs.CL
|
|
const maxResults = searchParams.get('max_results') || '50';
|
|
const sortBy = searchParams.get('sortBy') || 'submittedDate'; // submittedDate, lastUpdatedDate, relevance
|
|
|
|
// ArXiv API search query
|
|
// Search for papers in specified category, sorted by date
|
|
const query = `cat:${category}`;
|
|
const apiUrl = `https://export.arxiv.org/api/query?search_query=${encodeURIComponent(query)}&start=0&max_results=${maxResults}&sortBy=${sortBy}&sortOrder=descending`;
|
|
|
|
const response = await fetch(apiUrl, {
|
|
headers: {
|
|
'User-Agent': 'WorldMonitor/1.0 (AI Research Tracker)',
|
|
},
|
|
});
|
|
|
|
if (!response.ok) {
|
|
throw new Error(`ArXiv API returned ${response.status}`);
|
|
}
|
|
|
|
const xmlData = await response.text();
|
|
|
|
// Parse XML to extract key information
|
|
// Return raw XML for client-side parsing or transform here
|
|
return new Response(xmlData, {
|
|
status: 200,
|
|
headers: {
|
|
'Content-Type': 'application/xml',
|
|
...cors,
|
|
'Cache-Control': 'public, max-age=3600, s-maxage=3600, stale-while-revalidate=600', // 1 hour cache
|
|
},
|
|
});
|
|
} catch (error) {
|
|
return new Response(
|
|
JSON.stringify({
|
|
error: 'Failed to fetch ArXiv data',
|
|
message: error.message
|
|
}),
|
|
{
|
|
status: 500,
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
...cors
|
|
},
|
|
}
|
|
);
|
|
}
|
|
}
|