mirror/poke
1
0
Fork 0
mirror of https://codeberg.org/ashley/poke.git synced 2024-11-10 15:08:26 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: fixed several issues with proxy

Browse source 
- proxy no longer crashes with malformed input
- use URL whitelist instead of blindly proxying everything
- clean up code
This commit is contained in:
Lea 2022-12-19 18:22:43 +01:00
parent 7c8e99c604
commit 1e8090e661
1 changed files with 49 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
p/server.js
View file

@ -2,48 +2,75 @@ const fs = require("fs");
const express = require("express"); const express = require("express");
const fetch = require("node-fetch"); const fetch = require("node-fetch");
const htmlParser = require("node-html-parser"); const htmlParser = require("node-html-parser");
const { URL } = require("url");
// Array of hostnames that will be proxied
const URL_WHITELIST = [
'i.ytimg.com',
'yt3.googleusercontent.com',
'cdn.glitch.global',
'cdn.statically.io',
'site-assets.fontawesome.com',
'fonts.gstatic.com',
'yt3.ggpht.com',
'tube.kuylar.dev',
'lh3.googleusercontent.com',
'is4-ssl.mzstatic.com',
'twemoji.maxcdn.com',
'unpkg.com',
];
const app = express(); const app = express();
app.use(express.json()); // for parsing application/json app.use(express.json()); // for parsing application/json
app.use(express.urlencoded({ extended: true })); // for parsing application/x-www-form-urlencoded app.use(express.urlencoded({ extended: true })); // for parsing application/x-www-form-urlencoded
app.use(function (req, res, next) {
console.log(`=> ${req.method} ${req.originalUrl.slice(1)}`)
next();
});
app.use(function (req, res, next) { app.use(function (req, res, next) {
res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Origin", "*");
next(); next();
}); });
let Proxy = async (req, res) => {
const url = "https://" + req.originalUrl.slice(10);
let f = await fetch(url, { /**
method: req.method, * @param {express.Request} req
}); * @param {express.Response} res
if (false && f.headers.get("content-type").includes("html")) { */
const body = await f.text(); const proxy = async (req, res) => {
if (false && !htmlParser.valid(body)) { try {
console.warn(`[ERROR] Invalid HTML at ${url}`); let url;
f.body.pipe(res);
return; try {
url = new URL("https://" + req.originalUrl.slice(1));
} catch(e) {
console.log('==> Cannot parse URL: ' + e);
return res.status(400).send('Malformed URL');
} }
const root = htmlParser.parse(body);
let html = root.childNodes.filter(
(x) => x.tagName && x.tagName.toLowerCase() == "html"
)[0];
if (!html) { if (!URL_WHITELIST.includes(url.host)) {
console.warn(`[ERROR] No <html> at ${url}`); console.log(`==> Refusing to proxy host ${url.host}`);
res.send(body); res.status(401).send(`Hostname '${url.host}' is not permitted`);
return; return;
} }
res.send(html.toString()); console.log(`==> Proxying request`);
} else {
let f = await fetch(url, {
method: req.method,
});
f.body.pipe(res); f.body.pipe(res);
} catch(e) {
console.log(`==> Error: ${e}`);
res.status(500).send('Internal server error');
} }
}; };
const listener = (req, res) => { const listener = (req, res) => {
Proxy(req, res); proxy(req, res);
}; };
app.get("/", (req, res) => app.get("/", (req, res) =>
@ -52,4 +79,4 @@ app.get("/", (req, res) =>
app.all("/*", listener); app.all("/*", listener);
app.listen(3000, () => {}); app.listen(3000, () => console.log('Listening on 0.0.0.0:3000'));