forked from Mirrors/doipjs
Improve fetcher input validation
This commit is contained in:
parent
8e1ac82fde
commit
91a3ed1e96
6 changed files with 36 additions and 24 deletions
|
@ -27,14 +27,7 @@ module.exports = async (data, opts) => {
|
||||||
|
|
||||||
const fetchPromise = new Promise(async (resolve, reject) => {
|
const fetchPromise = new Promise(async (resolve, reject) => {
|
||||||
const urlUser = `https://${data.domain}/api/v4/users?username=${data.username}`
|
const urlUser = `https://${data.domain}/api/v4/users?username=${data.username}`
|
||||||
let resUser
|
const resUser = await req(urlUser, null, { Accept: 'application/json' })
|
||||||
try {
|
|
||||||
resUser = await req(urlUser, null, { Accept: 'application/json' })
|
|
||||||
} catch (e) {
|
|
||||||
resUser = await req(utils.generateProxyURL('web', urlUser, opts), null, {
|
|
||||||
Accept: 'application/json',
|
|
||||||
})
|
|
||||||
}
|
|
||||||
const jsonUser = await resUser.json()
|
const jsonUser = await resUser.json()
|
||||||
|
|
||||||
const user = jsonUser.find((user) => user.username === match[2])
|
const user = jsonUser.find((user) => user.username === match[2])
|
||||||
|
@ -43,16 +36,7 @@ module.exports = async (data, opts) => {
|
||||||
}
|
}
|
||||||
|
|
||||||
const urlProject = `https://${data.domain}/api/v4/users/${user.id}/projects`
|
const urlProject = `https://${data.domain}/api/v4/users/${user.id}/projects`
|
||||||
let resProject
|
const resProject = await req(urlProject, null, { Accept: 'application/json' })
|
||||||
try {
|
|
||||||
resProject = await req(urlProject, null, { Accept: 'application/json' })
|
|
||||||
} catch (e) {
|
|
||||||
resProject = await req(
|
|
||||||
utils.generateProxyURL('web', urlProject, opts),
|
|
||||||
null,
|
|
||||||
{ Accept: 'application/json' }
|
|
||||||
)
|
|
||||||
}
|
|
||||||
const jsonProject = await resProject.json()
|
const jsonProject = await resProject.json()
|
||||||
|
|
||||||
const project = jsonProject.find((proj) => proj.path === 'gitlab_proof')
|
const project = jsonProject.find((proj) => proj.path === 'gitlab_proof')
|
||||||
|
|
|
@ -15,6 +15,7 @@ limitations under the License.
|
||||||
*/
|
*/
|
||||||
const bent = require('bent')
|
const bent = require('bent')
|
||||||
const req = bent('GET')
|
const req = bent('GET')
|
||||||
|
const E = require('../enums')
|
||||||
|
|
||||||
module.exports = async (data, opts) => {
|
module.exports = async (data, opts) => {
|
||||||
let timeoutHandle
|
let timeoutHandle
|
||||||
|
@ -31,11 +32,11 @@ module.exports = async (data, opts) => {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
switch (format) {
|
switch (data.format) {
|
||||||
case 'json':
|
case E.ProofFormat.JSON:
|
||||||
req(data.url, null, {
|
req(data.url, null, {
|
||||||
Accept: 'application/json',
|
Accept: 'application/json',
|
||||||
'User-Agent': `doipjs/${require('../package.json').version}`,
|
'User-Agent': `doipjs/${require('../../package.json').version}`,
|
||||||
})
|
})
|
||||||
.then(async (res) => {
|
.then(async (res) => {
|
||||||
return await res.json()
|
return await res.json()
|
||||||
|
@ -47,7 +48,7 @@ module.exports = async (data, opts) => {
|
||||||
reject(e)
|
reject(e)
|
||||||
})
|
})
|
||||||
break
|
break
|
||||||
case 'text':
|
case E.ProofFormat.TEXT:
|
||||||
req(data.url)
|
req(data.url)
|
||||||
.then(async (res) => {
|
.then(async (res) => {
|
||||||
return await res.text()
|
return await res.text()
|
||||||
|
|
|
@ -25,6 +25,12 @@ module.exports = async (data, opts) => {
|
||||||
})
|
})
|
||||||
|
|
||||||
const fetchPromise = new Promise((resolve, reject) => {
|
const fetchPromise = new Promise((resolve, reject) => {
|
||||||
|
try {
|
||||||
|
validator.isAscii(opts.claims.irc.nick)
|
||||||
|
} catch (err) {
|
||||||
|
throw new Error(`IRC fetcher was not set up properly (${err.message})`)
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
const client = new irc.Client(data.domain, opts.nick, {
|
const client = new irc.Client(data.domain, opts.nick, {
|
||||||
port: 6697,
|
port: 6697,
|
||||||
|
|
|
@ -15,6 +15,7 @@ limitations under the License.
|
||||||
*/
|
*/
|
||||||
const bent = require('bent')
|
const bent = require('bent')
|
||||||
const bentReq = bent('GET')
|
const bentReq = bent('GET')
|
||||||
|
const validator = require('validator')
|
||||||
|
|
||||||
module.exports = async (data, opts) => {
|
module.exports = async (data, opts) => {
|
||||||
let timeoutHandle
|
let timeoutHandle
|
||||||
|
@ -25,9 +26,15 @@ module.exports = async (data, opts) => {
|
||||||
)
|
)
|
||||||
})
|
})
|
||||||
|
|
||||||
const url = `https://${opts.instance}/_matrix/client/r0/rooms/${data.roomId}/event/${data.eventId}?access_token=${opts.accessToken}`
|
|
||||||
|
|
||||||
const fetchPromise = new Promise((resolve, reject) => {
|
const fetchPromise = new Promise((resolve, reject) => {
|
||||||
|
try {
|
||||||
|
validator.isFQDN(opts.claims.matrix.instance)
|
||||||
|
validator.isAscii(opts.claims.matrix.accessToken)
|
||||||
|
} catch (err) {
|
||||||
|
throw new Error(`Matrix fetcher was not set up properly (${err.message})`)
|
||||||
|
}
|
||||||
|
|
||||||
|
const url = `https://${opts.claims.matrix.instance}/_matrix/client/r0/rooms/${data.roomId}/event/${data.eventId}?access_token=${opts.claims.matrix.accessToken}`
|
||||||
bentReq(url, null, {
|
bentReq(url, null, {
|
||||||
Accept: 'application/json',
|
Accept: 'application/json',
|
||||||
})
|
})
|
||||||
|
|
|
@ -26,6 +26,12 @@ module.exports = async (data, opts) => {
|
||||||
})
|
})
|
||||||
|
|
||||||
const fetchPromise = new Promise((resolve, reject) => {
|
const fetchPromise = new Promise((resolve, reject) => {
|
||||||
|
try {
|
||||||
|
validator.isAscii(opts.claims.twitter.bearerToken)
|
||||||
|
} catch (err) {
|
||||||
|
throw new Error(`Twitter fetcher was not set up properly (${err.message})`)
|
||||||
|
}
|
||||||
|
|
||||||
bentReq(
|
bentReq(
|
||||||
`https://api.twitter.com/1.1/statuses/show.json?id=${data.tweetId}&tweet_mode=extended`,
|
`https://api.twitter.com/1.1/statuses/show.json?id=${data.tweetId}&tweet_mode=extended`,
|
||||||
null,
|
null,
|
||||||
|
|
|
@ -52,6 +52,14 @@ module.exports = async (data, opts) => {
|
||||||
})
|
})
|
||||||
|
|
||||||
const fetchPromise = new Promise(async (resolve, reject) => {
|
const fetchPromise = new Promise(async (resolve, reject) => {
|
||||||
|
try {
|
||||||
|
validator.isFQDN(opts.claims.xmpp.service)
|
||||||
|
validator.isAscii(opts.claims.xmpp.username)
|
||||||
|
validator.isAscii(opts.claims.xmpp.password)
|
||||||
|
} catch (err) {
|
||||||
|
throw new Error(`XMPP fetcher was not set up properly (${err.message})`)
|
||||||
|
}
|
||||||
|
|
||||||
if (!xmpp) {
|
if (!xmpp) {
|
||||||
const xmppStartRes = await xmppStart(
|
const xmppStartRes = await xmppStart(
|
||||||
opts.service,
|
opts.service,
|
||||||
|
|
Loading…
Reference in a new issue