mirror of
https://codeberg.org/keyoxide/doipjs.git
synced 2025-01-10 14:39:28 -07:00
Improve fetcher input validation
This commit is contained in:
parent
8e1ac82fde
commit
91a3ed1e96
6 changed files with 36 additions and 24 deletions
|
@ -27,14 +27,7 @@ module.exports = async (data, opts) => {
|
|||
|
||||
const fetchPromise = new Promise(async (resolve, reject) => {
|
||||
const urlUser = `https://${data.domain}/api/v4/users?username=${data.username}`
|
||||
let resUser
|
||||
try {
|
||||
resUser = await req(urlUser, null, { Accept: 'application/json' })
|
||||
} catch (e) {
|
||||
resUser = await req(utils.generateProxyURL('web', urlUser, opts), null, {
|
||||
Accept: 'application/json',
|
||||
})
|
||||
}
|
||||
const resUser = await req(urlUser, null, { Accept: 'application/json' })
|
||||
const jsonUser = await resUser.json()
|
||||
|
||||
const user = jsonUser.find((user) => user.username === match[2])
|
||||
|
@ -43,16 +36,7 @@ module.exports = async (data, opts) => {
|
|||
}
|
||||
|
||||
const urlProject = `https://${data.domain}/api/v4/users/${user.id}/projects`
|
||||
let resProject
|
||||
try {
|
||||
resProject = await req(urlProject, null, { Accept: 'application/json' })
|
||||
} catch (e) {
|
||||
resProject = await req(
|
||||
utils.generateProxyURL('web', urlProject, opts),
|
||||
null,
|
||||
{ Accept: 'application/json' }
|
||||
)
|
||||
}
|
||||
const resProject = await req(urlProject, null, { Accept: 'application/json' })
|
||||
const jsonProject = await resProject.json()
|
||||
|
||||
const project = jsonProject.find((proj) => proj.path === 'gitlab_proof')
|
||||
|
|
|
@ -15,6 +15,7 @@ limitations under the License.
|
|||
*/
|
||||
const bent = require('bent')
|
||||
const req = bent('GET')
|
||||
const E = require('../enums')
|
||||
|
||||
module.exports = async (data, opts) => {
|
||||
let timeoutHandle
|
||||
|
@ -31,11 +32,11 @@ module.exports = async (data, opts) => {
|
|||
return
|
||||
}
|
||||
|
||||
switch (format) {
|
||||
case 'json':
|
||||
switch (data.format) {
|
||||
case E.ProofFormat.JSON:
|
||||
req(data.url, null, {
|
||||
Accept: 'application/json',
|
||||
'User-Agent': `doipjs/${require('../package.json').version}`,
|
||||
'User-Agent': `doipjs/${require('../../package.json').version}`,
|
||||
})
|
||||
.then(async (res) => {
|
||||
return await res.json()
|
||||
|
@ -47,7 +48,7 @@ module.exports = async (data, opts) => {
|
|||
reject(e)
|
||||
})
|
||||
break
|
||||
case 'text':
|
||||
case E.ProofFormat.TEXT:
|
||||
req(data.url)
|
||||
.then(async (res) => {
|
||||
return await res.text()
|
||||
|
|
|
@ -25,6 +25,12 @@ module.exports = async (data, opts) => {
|
|||
})
|
||||
|
||||
const fetchPromise = new Promise((resolve, reject) => {
|
||||
try {
|
||||
validator.isAscii(opts.claims.irc.nick)
|
||||
} catch (err) {
|
||||
throw new Error(`IRC fetcher was not set up properly (${err.message})`)
|
||||
}
|
||||
|
||||
try {
|
||||
const client = new irc.Client(data.domain, opts.nick, {
|
||||
port: 6697,
|
||||
|
|
|
@ -15,6 +15,7 @@ limitations under the License.
|
|||
*/
|
||||
const bent = require('bent')
|
||||
const bentReq = bent('GET')
|
||||
const validator = require('validator')
|
||||
|
||||
module.exports = async (data, opts) => {
|
||||
let timeoutHandle
|
||||
|
@ -25,9 +26,15 @@ module.exports = async (data, opts) => {
|
|||
)
|
||||
})
|
||||
|
||||
const url = `https://${opts.instance}/_matrix/client/r0/rooms/${data.roomId}/event/${data.eventId}?access_token=${opts.accessToken}`
|
||||
|
||||
const fetchPromise = new Promise((resolve, reject) => {
|
||||
try {
|
||||
validator.isFQDN(opts.claims.matrix.instance)
|
||||
validator.isAscii(opts.claims.matrix.accessToken)
|
||||
} catch (err) {
|
||||
throw new Error(`Matrix fetcher was not set up properly (${err.message})`)
|
||||
}
|
||||
|
||||
const url = `https://${opts.claims.matrix.instance}/_matrix/client/r0/rooms/${data.roomId}/event/${data.eventId}?access_token=${opts.claims.matrix.accessToken}`
|
||||
bentReq(url, null, {
|
||||
Accept: 'application/json',
|
||||
})
|
||||
|
|
|
@ -26,6 +26,12 @@ module.exports = async (data, opts) => {
|
|||
})
|
||||
|
||||
const fetchPromise = new Promise((resolve, reject) => {
|
||||
try {
|
||||
validator.isAscii(opts.claims.twitter.bearerToken)
|
||||
} catch (err) {
|
||||
throw new Error(`Twitter fetcher was not set up properly (${err.message})`)
|
||||
}
|
||||
|
||||
bentReq(
|
||||
`https://api.twitter.com/1.1/statuses/show.json?id=${data.tweetId}&tweet_mode=extended`,
|
||||
null,
|
||||
|
|
|
@ -52,6 +52,14 @@ module.exports = async (data, opts) => {
|
|||
})
|
||||
|
||||
const fetchPromise = new Promise(async (resolve, reject) => {
|
||||
try {
|
||||
validator.isFQDN(opts.claims.xmpp.service)
|
||||
validator.isAscii(opts.claims.xmpp.username)
|
||||
validator.isAscii(opts.claims.xmpp.password)
|
||||
} catch (err) {
|
||||
throw new Error(`XMPP fetcher was not set up properly (${err.message})`)
|
||||
}
|
||||
|
||||
if (!xmpp) {
|
||||
const xmppStartRes = await xmppStart(
|
||||
opts.service,
|
||||
|
|
Loading…
Reference in a new issue