diff options
| author | Mohamed Bassem <me@mbassem.com> | 2025-11-02 17:19:28 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-11-02 17:19:28 +0000 |
| commit | b63a49fc3980296c6a6ea6ac0624142e8af94d52 (patch) | |
| tree | 1b1266f09f7821c0c59220895e9f28f406ebb841 /apps/workers/utils.ts | |
| parent | c6ebceb9f0b13da902edd6bf722cfc961d7eedc6 (diff) | |
| download | karakeep-b63a49fc3980296c6a6ea6ac0624142e8af94d52.tar.zst | |
fix: Stricter SSRF validation (#2082)
* fix: Stricter SSRF validation
* skip dns resolution if running in proxy context
* more fixes
* Add LRU cache
* change the env variable for internal hostnames
* make dns resolution timeout configerable
* upgrade ipaddr
* handle ipv6
* handle proxy bypass for request interceptor
Diffstat (limited to 'apps/workers/utils.ts')
| -rw-r--r-- | apps/workers/utils.ts | 61 |
1 files changed, 0 insertions, 61 deletions
diff --git a/apps/workers/utils.ts b/apps/workers/utils.ts index a82dd12d..2f56d3f0 100644 --- a/apps/workers/utils.ts +++ b/apps/workers/utils.ts @@ -1,9 +1,3 @@ -import { HttpProxyAgent } from "http-proxy-agent"; -import { HttpsProxyAgent } from "https-proxy-agent"; -import fetch from "node-fetch"; - -import serverConfig from "@karakeep/shared/config"; - export function withTimeout<T, Ret>( func: (param: T) => Promise<Ret>, timeoutSec: number, @@ -20,58 +14,3 @@ export function withTimeout<T, Ret>( ]); }; } - -export function getRandomProxy(proxyList: string[]): string { - return proxyList[Math.floor(Math.random() * proxyList.length)].trim(); -} - -function getProxyAgent(url: string) { - const { proxy } = serverConfig; - - if (!proxy.httpProxy && !proxy.httpsProxy) { - return undefined; - } - - const urlObj = new URL(url); - const protocol = urlObj.protocol; - - // Check if URL should bypass proxy - if (proxy.noProxy) { - const noProxyList = proxy.noProxy.split(",").map((host) => host.trim()); - const hostname = urlObj.hostname; - - for (const noProxyHost of noProxyList) { - if ( - noProxyHost === hostname || - (noProxyHost.startsWith(".") && hostname.endsWith(noProxyHost)) || - hostname.endsWith("." + noProxyHost) - ) { - return undefined; - } - } - } - - if (protocol === "https:" && proxy.httpsProxy) { - const selectedProxy = getRandomProxy(proxy.httpsProxy); - return new HttpsProxyAgent(selectedProxy); - } else if (protocol === "http:" && proxy.httpProxy) { - const selectedProxy = getRandomProxy(proxy.httpProxy); - return new HttpProxyAgent(selectedProxy); - } else if (proxy.httpProxy) { - const selectedProxy = getRandomProxy(proxy.httpProxy); - return new HttpProxyAgent(selectedProxy); - } - - return undefined; -} - -export const fetchWithProxy = ( - url: string, - options: Record<string, unknown> = {}, -) => { - const agent = getProxyAgent(url); - if (agent) { - options.agent = agent; - } - return fetch(url, options); -}; |