mirror of
https://github.com/misskey-dev/summaly.git
synced 2025-08-03 06:46:34 +09:00
fix
This commit is contained in:
@ -74,8 +74,12 @@ export default async (url: URL.Url, lang: string = null): Promise<Summary> => {
|
||||
|
||||
const find = async (path: string) => {
|
||||
const target = URL.resolve(url.href, path);
|
||||
const res = await head(target);
|
||||
return res.statusCode === 200 ? target : null;
|
||||
try {
|
||||
await head(target);
|
||||
return target;
|
||||
} catch (e) {
|
||||
return null;
|
||||
}
|
||||
};
|
||||
|
||||
// 相対的なURL (ex. test) を絶対的 (ex. /test) に変換
|
||||
|
@ -1,5 +1,3 @@
|
||||
import * as stream from 'stream';
|
||||
import * as util from 'util';
|
||||
import { version } from '../../package.json';
|
||||
import got, * as Got from 'got';
|
||||
import { StatusError } from './status-error';
|
||||
@ -7,14 +5,12 @@ import { detectEncoding, toUtf8 } from './encoding';
|
||||
import * as cheerio from 'cheerio';
|
||||
const PrivateIp = require('private-ip');
|
||||
|
||||
const pipeline = util.promisify(stream.pipeline);
|
||||
|
||||
const RESPONSE_TIMEOUT = 20 * 1000;
|
||||
const OPERATION_TIMEOUT = 60 * 1000;
|
||||
const MAX_RESPONSE_SIZE = 10 * 1024 * 1024;
|
||||
const BOT_UA = `SummalyBot/${version}`;
|
||||
|
||||
export async function scpaping(url: string, opts?: { lang?: string }) {
|
||||
export async function scpaping(url: string, opts?: { lang?: string; }) {
|
||||
const response = await getResponse({
|
||||
url,
|
||||
method: 'GET',
|
||||
@ -26,7 +22,10 @@ export async function scpaping(url: string, opts?: { lang?: string }) {
|
||||
typeFilter: /^text\/html/,
|
||||
});
|
||||
|
||||
if (response.ip && PrivateIp(response.ip)) {
|
||||
// テスト用
|
||||
const allowPrivateIp = process.env.SUMMALY_ALLOW_PRIVATE_IP === 'true';
|
||||
|
||||
if (!allowPrivateIp && response.ip && PrivateIp(response.ip)) {
|
||||
throw new StatusError(`Private IP rejected ${response.ip}`, 400, 'Private IP Rejected');
|
||||
}
|
||||
|
||||
|
@ -16,6 +16,7 @@ Error.stackTraceLimit = Infinity;
|
||||
|
||||
// During the test the env variable is set to test
|
||||
process.env.NODE_ENV = 'test';
|
||||
process.env.SUMMALY_ALLOW_PRIVATE_IP = 'true';
|
||||
|
||||
// Display detail of unhandled promise rejection
|
||||
process.on('unhandledRejection', console.dir);
|
||||
@ -68,6 +69,27 @@ it('titleがcleanupされる', done => {
|
||||
});
|
||||
});
|
||||
|
||||
describe('Private IP blocking', () => {
|
||||
before(() => {
|
||||
process.env.SUMMALY_ALLOW_PRIVATE_IP = 'false';
|
||||
});
|
||||
|
||||
it('private ipなサーバーの情報を取得できない', done => {
|
||||
const app = express();
|
||||
app.get('/', (req, res) => {
|
||||
res.sendFile(__dirname + '/htmls/og-title.html');
|
||||
});
|
||||
server = app.listen(port, async () => {
|
||||
await assert.rejects(async () => await summaly(host));
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
after(() => {
|
||||
process.env.SUMMALY_ALLOW_PRIVATE_IP = 'true';
|
||||
});
|
||||
});
|
||||
|
||||
describe('OGP', () => {
|
||||
it('title', done => {
|
||||
const app = express();
|
||||
|
Reference in New Issue
Block a user