Validate URIs before trying to proxify them
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
parent
7b9910f251
commit
98a219c7a9
|
@ -120,7 +120,8 @@ defmodule Mobilizon.Web.ReverseProxy do
|
||||||
opts
|
opts
|
||||||
end
|
end
|
||||||
|
|
||||||
with {:ok, code, headers, client} <- request(method, url, req_headers, hackney_opts),
|
with {:is_url, true} <- {:is_url, valid_uri?(url)},
|
||||||
|
{:ok, code, headers, client} <- request(method, url, req_headers, hackney_opts),
|
||||||
:ok <- header_length_constraint(headers, Keyword.get(opts, :max_body_length)) do
|
:ok <- header_length_constraint(headers, Keyword.get(opts, :max_body_length)) do
|
||||||
response(conn, client, url, code, headers, opts)
|
response(conn, client, url, code, headers, opts)
|
||||||
else
|
else
|
||||||
|
@ -129,6 +130,13 @@ defmodule Mobilizon.Web.ReverseProxy do
|
||||||
|> head_response(url, code, headers, opts)
|
|> head_response(url, code, headers, opts)
|
||||||
|> halt()
|
|> halt()
|
||||||
|
|
||||||
|
{:is_url, false} ->
|
||||||
|
Logger.warn("Tried to reverse proxy URL #{inspect(url)}")
|
||||||
|
|
||||||
|
conn
|
||||||
|
|> error_or_redirect(url, 500, "Request failed", opts)
|
||||||
|
|> halt()
|
||||||
|
|
||||||
{:error, {:invalid_http_response, code}} ->
|
{:error, {:invalid_http_response, code}} ->
|
||||||
Logger.error("#{__MODULE__}: request to #{inspect(url)} failed with HTTP status #{code}")
|
Logger.error("#{__MODULE__}: request to #{inspect(url)} failed with HTTP status #{code}")
|
||||||
|
|
||||||
|
@ -397,4 +405,10 @@ defmodule Mobilizon.Web.ReverseProxy do
|
||||||
def filename(url_or_path) do
|
def filename(url_or_path) do
|
||||||
if path = URI.parse(url_or_path).path, do: Path.basename(path)
|
if path = URI.parse(url_or_path).path, do: Path.basename(path)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@spec valid_uri?(String.t()) :: boolean()
|
||||||
|
defp valid_uri?(url) do
|
||||||
|
uri = URI.parse(url)
|
||||||
|
uri.scheme != nil && uri.host =~ "."
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue