mirror of
				https://codeberg.org/yeentown/barkey.git
				synced 2025-10-23 09:44:51 +00:00 
			
		
		
		
	validate more URLs in UrlPreviewService.ts
This commit is contained in:
		
							parent
							
								
									23267a3a96
								
							
						
					
					
						commit
						d6c2140821
					
				
					 2 changed files with 47 additions and 8 deletions
				
			
		|  | @ -176,4 +176,14 @@ export class UtilityService { | |||
| 		const host = this.extractDbHost(uri); | ||||
| 		return this.isFederationAllowedHost(host); | ||||
| 	} | ||||
| 
 | ||||
| 	@bindThis | ||||
| 	public getUrlScheme(url: string): string { | ||||
| 		try { | ||||
| 			// Returns in the format "https:" or an empty string
 | ||||
| 			return new URL(url).protocol; | ||||
| 		} catch { | ||||
| 			return ''; | ||||
| 		} | ||||
| 	} | ||||
| } | ||||
|  |  | |||
|  | @ -140,6 +140,8 @@ export class UrlPreviewService { | |||
| 				? await this.fetchSummaryFromProxy(url, this.meta, lang) | ||||
| 				: await this.fetchSummary(url, this.meta, lang); | ||||
| 
 | ||||
| 			this.validateUrls(summary); | ||||
| 
 | ||||
| 			// Repeat check, since redirects are allowed.
 | ||||
| 			if (this.utilityService.isBlockedHost(this.meta.blockedHosts, new URL(summary.url).host)) { | ||||
| 				reply.code(403); | ||||
|  | @ -154,14 +156,6 @@ export class UrlPreviewService { | |||
| 
 | ||||
| 			this.logger.info(`Got preview of ${url} in ${lang}: ${summary.title}`); | ||||
| 
 | ||||
| 			if (!(summary.url.startsWith('http://') || summary.url.startsWith('https://'))) { | ||||
| 				throw new Error('unsupported schema included'); | ||||
| 			} | ||||
| 
 | ||||
| 			if (summary.player.url && !(summary.player.url.startsWith('http://') || summary.player.url.startsWith('https://'))) { | ||||
| 				throw new Error('unsupported schema included'); | ||||
| 			} | ||||
| 
 | ||||
| 			summary.icon = this.wrap(summary.icon); | ||||
| 			summary.thumbnail = this.wrap(summary.thumbnail); | ||||
| 
 | ||||
|  | @ -228,6 +222,41 @@ export class UrlPreviewService { | |||
| 		return this.httpRequestService.getJson<LocalSummalyResult>(`${proxy}?${queryStr}`, 'application/json, */*', undefined, true); | ||||
| 	} | ||||
| 
 | ||||
| 	private validateUrls(summary: LocalSummalyResult) { | ||||
| 		const urlScheme = this.utilityService.getUrlScheme(summary.url); | ||||
| 		if (urlScheme !== 'http:' && urlScheme !== 'https:') { | ||||
| 			throw new Error(`unsupported scheme in preview URL: "${urlScheme}"`); | ||||
| 		} | ||||
| 
 | ||||
| 		if (summary.player.url) { | ||||
| 			const playerScheme = this.utilityService.getUrlScheme(summary.player.url); | ||||
| 			if (playerScheme !== 'http:' && playerScheme !== 'https:') { | ||||
| 				throw new Error(`unsupported scheme in player URL: "${playerScheme}"`); | ||||
| 			} | ||||
| 		} | ||||
| 
 | ||||
| 		if (summary.icon) { | ||||
| 			const iconScheme = this.utilityService.getUrlScheme(summary.icon); | ||||
| 			if (iconScheme !== 'http:' && iconScheme !== 'https:') { | ||||
| 				throw new Error(`unsupported scheme in icon URL: "${iconScheme}"`); | ||||
| 			} | ||||
| 		} | ||||
| 
 | ||||
| 		if (summary.thumbnail) { | ||||
| 			const thumbnailScheme = this.utilityService.getUrlScheme(summary.thumbnail); | ||||
| 			if (thumbnailScheme !== 'http:' && thumbnailScheme !== 'https:') { | ||||
| 				throw new Error(`unsupported scheme in thumbnail URL: "${thumbnailScheme}"`); | ||||
| 			} | ||||
| 		} | ||||
| 
 | ||||
| 		if (summary.activityPub) { | ||||
| 			const activityPubScheme = this.utilityService.getUrlScheme(summary.activityPub); | ||||
| 			if (activityPubScheme !== 'http:' && activityPubScheme !== 'https:') { | ||||
| 				throw new Error(`unsupported scheme in ActivityPub URL: "${activityPubScheme}"`); | ||||
| 			} | ||||
| 		} | ||||
| 	} | ||||
| 
 | ||||
| 	private async inferActivityPubLink(summary: LocalSummalyResult) { | ||||
| 		// Match canonical URI first.
 | ||||
| 		// This covers local and remote links.
 | ||||
|  |  | |||
		Loading…
	
	Add table
		
		Reference in a new issue