btwedutech/hoppscotch
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 6 Wiki Activity

fix: validateSMTPUrl check

Browse Source
This commit is contained in:
Mir Arif Hasan
2023-12-07 16:29:31 +06:00
parent 8035d1d592
commit 94ca981144
2 changed files with 12 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
packages/hoppscotch-backend/src/infra-config/infra-config.service.ts
View File

@@ -16,7 +16,7 @@ import {
INFRA_CONFIG_RESET_FAILED, INFRA_CONFIG_RESET_FAILED,
INFRA_CONFIG_UPDATE_FAILED, INFRA_CONFIG_UPDATE_FAILED,
} from 'src/errors'; } from 'src/errors';
import { throwErr, validateUrl } from 'src/utils'; import { throwErr, validateSMTPUrl } from 'src/utils';
import { ConfigService } from '@nestjs/config'; import { ConfigService } from '@nestjs/config';
import { AuthProviderStatus, stopApp } from './helper'; import { AuthProviderStatus, stopApp } from './helper';
import { EnableAndDisableSSOArgs, InfraConfigArgs } from './input-args'; import { EnableAndDisableSSOArgs, InfraConfigArgs } from './input-args';
@@ -302,7 +302,7 @@ export class InfraConfigService implements OnModuleInit {
) { ) {
for (let i = 0; i < infraConfigs.length; i++) { for (let i = 0; i < infraConfigs.length; i++) {
if (infraConfigs[i].name === InfraConfigEnumForClient.MAILER_SMTP_URL) { if (infraConfigs[i].name === InfraConfigEnumForClient.MAILER_SMTP_URL) {
const isValidUrl = validateUrl(infraConfigs[i].value); const isValidUrl = validateSMTPUrl(infraConfigs[i].value);
if (!isValidUrl) return E.left(INFRA_CONFIG_INVALID_INPUT); if (!isValidUrl) return E.left(INFRA_CONFIG_INVALID_INPUT);
} }
} }

35
packages/hoppscotch-backend/src/utils.ts
View File

@@ -136,33 +136,18 @@ export const validateEmail = (email: string) => {
* @param url The URL to validate * @param url The URL to validate
* @returns boolean * @returns boolean
*/ */
export const validateUrl = (url: string) => { export const validateSMTPUrl = (url: string) => {
/** // Possible valid formats
* RegExps. // smtp(s)://mail.example.com
* A URL must match #1 and then at least one of #2/#3. // smtp(s)://user:pass@mail.example.com
* Use two levels of REs to avoid REDOS. // smtp(s)://mail.example.com:587
*/ // smtp(s)://user:pass@mail.example.com:587
const protocolAndDomainRE = /^(?:\w+:)?\/\/(\S+)$/;
const localhostDomainRE = /^localhost[\:?\d]*(?:[^\:?\d]\S*)?$/;
const nonLocalhostDomainRE = /^[^\s\.]+\.\S{2,}$/;
const match = url.match(protocolAndDomainRE); if (!url || url.length === 0) return false;
if (!match) {
return false;
}
const everythingAfterProtocol = match[1];
if (!everythingAfterProtocol) {
return false;
}
if (
localhostDomainRE.test(everythingAfterProtocol) ||
nonLocalhostDomainRE.test(everythingAfterProtocol)
) {
return true;
}
const regex =
/^(smtp|smtps):\/\/(?:([^:]+):([^@]+)@)?((?!\.)[^:]+)(?::(\d+))?$/;
if (regex.test(url)) return true;
return false; return false;
}; };