btwedutech/hoppscotch
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 6 Wiki Activity

fix: validateSMTPUrl check

Browse Source
This commit is contained in:
Mir Arif Hasan
2023-12-07 16:29:31 +06:00
parent 8035d1d592
commit 94ca981144
2 changed files with 12 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
packages/hoppscotch-backend/src/infra-config/infra-config.service.ts
View File

@@ -16,7 +16,7 @@ import {
INFRA_CONFIG_RESET_FAILED,
INFRA_CONFIG_UPDATE_FAILED,
} from 'src/errors';
import { throwErr, validateUrl } from 'src/utils';
import { throwErr, validateSMTPUrl } from 'src/utils';
import { ConfigService } from '@nestjs/config';
import { AuthProviderStatus, stopApp } from './helper';
import { EnableAndDisableSSOArgs, InfraConfigArgs } from './input-args';
@@ -302,7 +302,7 @@ export class InfraConfigService implements OnModuleInit {
) {
for (let i = 0; i < infraConfigs.length; i++) {
if (infraConfigs[i].name === InfraConfigEnumForClient.MAILER_SMTP_URL) {
const isValidUrl = validateUrl(infraConfigs[i].value);
const isValidUrl = validateSMTPUrl(infraConfigs[i].value);
if (!isValidUrl) return E.left(INFRA_CONFIG_INVALID_INPUT);
}
}

35
packages/hoppscotch-backend/src/utils.ts
View File

@@ -136,33 +136,18 @@ export const validateEmail = (email: string) => {
* @param url The URL to validate
* @returns boolean
*/
export const validateUrl = (url: string) => {
/**
* RegExps.
* A URL must match #1 and then at least one of #2/#3.
* Use two levels of REs to avoid REDOS.
*/
const protocolAndDomainRE = /^(?:\w+:)?\/\/(\S+)$/;
const localhostDomainRE = /^localhost[\:?\d]*(?:[^\:?\d]\S*)?$/;
const nonLocalhostDomainRE = /^[^\s\.]+\.\S{2,}$/;
export const validateSMTPUrl = (url: string) => {
// Possible valid formats
// smtp(s)://mail.example.com
// smtp(s)://user:pass@mail.example.com
// smtp(s)://mail.example.com:587
// smtp(s)://user:pass@mail.example.com:587
const match = url.match(protocolAndDomainRE);
if (!match) {
return false;
}
const everythingAfterProtocol = match[1];
if (!everythingAfterProtocol) {
return false;
}
if (
localhostDomainRE.test(everythingAfterProtocol) ||
nonLocalhostDomainRE.test(everythingAfterProtocol)
) {
return true;
}
if (!url || url.length === 0) return false;
const regex =
/^(smtp|smtps):\/\/(?:([^:]+):([^@]+)@)?((?!\.)[^:]+)(?::(\d+))?$/;
if (regex.test(url)) return true;
return false;
};