misskey-dev/summaly
1
0
Fork 0
mirror of https://github.com/misskey-dev/summaly.git synced 2025-08-08 09:14:02 +09:00
Code Issues Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
syuilo
2021-12-17 13:59:25 +09:00
parent 6b918be692
commit bbc2e44526
3 changed files with 33 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/general.ts
View File

@ -74,8 +74,12 @@ export default async (url: URL.Url, lang: string = null): Promise<Summary> => {
const find = async (path: string) => { const find = async (path: string) => {
const target = URL.resolve(url.href, path); const target = URL.resolve(url.href, path);
const res = await head(target); try {
return res.statusCode === 200 ? target : null; await head(target);
return target;
} catch (e) {
return null;
}
}; };
// 相対的なURL (ex. test) を絶対的 (ex. /test) に変換 // 相対的なURL (ex. test) を絶対的 (ex. /test) に変換

11
src/utils/got.ts
View File

@ -1,5 +1,3 @@
import * as stream from 'stream';
import * as util from 'util';
import { version } from '../../package.json'; import { version } from '../../package.json';
import got, * as Got from 'got'; import got, * as Got from 'got';
import { StatusError } from './status-error'; import { StatusError } from './status-error';
@ -7,14 +5,12 @@ import { detectEncoding, toUtf8 } from './encoding';
import * as cheerio from 'cheerio'; import * as cheerio from 'cheerio';
const PrivateIp = require('private-ip'); const PrivateIp = require('private-ip');
const pipeline = util.promisify(stream.pipeline);
const RESPONSE_TIMEOUT = 20 * 1000; const RESPONSE_TIMEOUT = 20 * 1000;
const OPERATION_TIMEOUT = 60 * 1000; const OPERATION_TIMEOUT = 60 * 1000;
const MAX_RESPONSE_SIZE = 10 * 1024 * 1024; const MAX_RESPONSE_SIZE = 10 * 1024 * 1024;
const BOT_UA = `SummalyBot/${version}`; const BOT_UA = `SummalyBot/${version}`;
export async function scpaping(url: string, opts?: { lang?: string }) { export async function scpaping(url: string, opts?: { lang?: string; }) {
const response = await getResponse({ const response = await getResponse({
url, url,
method: 'GET', method: 'GET',
@ -26,7 +22,10 @@ export async function scpaping(url: string, opts?: { lang?: string }) {
typeFilter: /^text\/html/, typeFilter: /^text\/html/,
}); });
if (response.ip && PrivateIp(response.ip)) { // テスト用
const allowPrivateIp = process.env.SUMMALY_ALLOW_PRIVATE_IP === 'true';
if (!allowPrivateIp && response.ip && PrivateIp(response.ip)) {
throw new StatusError(`Private IP rejected ${response.ip}`, 400, 'Private IP Rejected'); throw new StatusError(`Private IP rejected ${response.ip}`, 400, 'Private IP Rejected');
} }

22
test/index.js
View File

@ -16,6 +16,7 @@ Error.stackTraceLimit = Infinity;
// During the test the env variable is set to test // During the test the env variable is set to test
process.env.NODE_ENV = 'test'; process.env.NODE_ENV = 'test';
process.env.SUMMALY_ALLOW_PRIVATE_IP = 'true';
// Display detail of unhandled promise rejection // Display detail of unhandled promise rejection
process.on('unhandledRejection', console.dir); process.on('unhandledRejection', console.dir);
@ -68,6 +69,27 @@ it('titleがcleanupされる', done => {
}); });
}); });
describe('Private IP blocking', () => {
before(() => {
process.env.SUMMALY_ALLOW_PRIVATE_IP = 'false';
});
it('private ipなサーバーの情報を取得できない', done => {
const app = express();
app.get('/', (req, res) => {
res.sendFile(__dirname + '/htmls/og-title.html');
});
server = app.listen(port, async () => {
await assert.rejects(async () => await summaly(host));
done();
});
});
after(() => {
process.env.SUMMALY_ALLOW_PRIVATE_IP = 'true';
});
});
describe('OGP', () => { describe('OGP', () => {
it('title', done => { it('title', done => {
const app = express(); const app = express();