mirror of
https://codeberg.org/ashley/poke.git
synced 2024-12-01 09:47:22 +01:00
fix: fixed several issues with proxy
- proxy no longer crashes with malformed input - use URL whitelist instead of blindly proxying everything - clean up code
This commit is contained in:
parent
7c8e99c604
commit
1e8090e661
1 changed files with 49 additions and 22 deletions
71
p/server.js
71
p/server.js
|
@ -2,48 +2,75 @@ const fs = require("fs");
|
||||||
const express = require("express");
|
const express = require("express");
|
||||||
const fetch = require("node-fetch");
|
const fetch = require("node-fetch");
|
||||||
const htmlParser = require("node-html-parser");
|
const htmlParser = require("node-html-parser");
|
||||||
|
const { URL } = require("url");
|
||||||
|
|
||||||
|
// Array of hostnames that will be proxied
|
||||||
|
const URL_WHITELIST = [
|
||||||
|
'i.ytimg.com',
|
||||||
|
'yt3.googleusercontent.com',
|
||||||
|
'cdn.glitch.global',
|
||||||
|
'cdn.statically.io',
|
||||||
|
'site-assets.fontawesome.com',
|
||||||
|
'fonts.gstatic.com',
|
||||||
|
'yt3.ggpht.com',
|
||||||
|
'tube.kuylar.dev',
|
||||||
|
'lh3.googleusercontent.com',
|
||||||
|
'is4-ssl.mzstatic.com',
|
||||||
|
'twemoji.maxcdn.com',
|
||||||
|
'unpkg.com',
|
||||||
|
];
|
||||||
|
|
||||||
const app = express();
|
const app = express();
|
||||||
|
|
||||||
app.use(express.json()); // for parsing application/json
|
app.use(express.json()); // for parsing application/json
|
||||||
app.use(express.urlencoded({ extended: true })); // for parsing application/x-www-form-urlencoded
|
app.use(express.urlencoded({ extended: true })); // for parsing application/x-www-form-urlencoded
|
||||||
|
|
||||||
|
app.use(function (req, res, next) {
|
||||||
|
console.log(`=> ${req.method} ${req.originalUrl.slice(1)}`)
|
||||||
|
next();
|
||||||
|
});
|
||||||
|
|
||||||
app.use(function (req, res, next) {
|
app.use(function (req, res, next) {
|
||||||
res.header("Access-Control-Allow-Origin", "*");
|
res.header("Access-Control-Allow-Origin", "*");
|
||||||
next();
|
next();
|
||||||
});
|
});
|
||||||
let Proxy = async (req, res) => {
|
|
||||||
const url = "https://" + req.originalUrl.slice(10);
|
|
||||||
|
|
||||||
let f = await fetch(url, {
|
/**
|
||||||
method: req.method,
|
* @param {express.Request} req
|
||||||
});
|
* @param {express.Response} res
|
||||||
if (false && f.headers.get("content-type").includes("html")) {
|
*/
|
||||||
const body = await f.text();
|
const proxy = async (req, res) => {
|
||||||
if (false && !htmlParser.valid(body)) {
|
try {
|
||||||
console.warn(`[ERROR] Invalid HTML at ${url}`);
|
let url;
|
||||||
f.body.pipe(res);
|
|
||||||
return;
|
try {
|
||||||
|
url = new URL("https://" + req.originalUrl.slice(1));
|
||||||
|
} catch(e) {
|
||||||
|
console.log('==> Cannot parse URL: ' + e);
|
||||||
|
return res.status(400).send('Malformed URL');
|
||||||
}
|
}
|
||||||
const root = htmlParser.parse(body);
|
|
||||||
let html = root.childNodes.filter(
|
|
||||||
(x) => x.tagName && x.tagName.toLowerCase() == "html"
|
|
||||||
)[0];
|
|
||||||
|
|
||||||
if (!html) {
|
if (!URL_WHITELIST.includes(url.host)) {
|
||||||
console.warn(`[ERROR] No <html> at ${url}`);
|
console.log(`==> Refusing to proxy host ${url.host}`);
|
||||||
res.send(body);
|
res.status(401).send(`Hostname '${url.host}' is not permitted`);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
res.send(html.toString());
|
console.log(`==> Proxying request`);
|
||||||
} else {
|
|
||||||
|
let f = await fetch(url, {
|
||||||
|
method: req.method,
|
||||||
|
});
|
||||||
|
|
||||||
f.body.pipe(res);
|
f.body.pipe(res);
|
||||||
|
} catch(e) {
|
||||||
|
console.log(`==> Error: ${e}`);
|
||||||
|
res.status(500).send('Internal server error');
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
const listener = (req, res) => {
|
const listener = (req, res) => {
|
||||||
Proxy(req, res);
|
proxy(req, res);
|
||||||
};
|
};
|
||||||
|
|
||||||
app.get("/", (req, res) =>
|
app.get("/", (req, res) =>
|
||||||
|
@ -52,4 +79,4 @@ app.get("/", (req, res) =>
|
||||||
|
|
||||||
app.all("/*", listener);
|
app.all("/*", listener);
|
||||||
|
|
||||||
app.listen(3000, () => {});
|
app.listen(3000, () => console.log('Listening on 0.0.0.0:3000'));
|
||||||
|
|
Loading…
Reference in a new issue