Introduce isOwnInternalUrlHost for more clarity

This commit is contained in:
fflorent 2024-03-28 21:38:19 +01:00
parent c061e49216
commit afa7aa2e6b
2 changed files with 22 additions and 20 deletions

View File

@ -185,18 +185,24 @@ export interface OrgUrlInfo {
orgInPath?: string; // If /o/{orgInPath} should be used to access the requested org. orgInPath?: string; // If /o/{orgInPath} should be used to access the requested org.
} }
function isInternalUrl(host: string, envValue?: string) { export function hostMatchesUrl(host?: string, url?: string) {
if (!envValue) { return false; } return host !== undefined && url !== undefined && new URL(url).host === host;
const internalUrl = new URL('/', envValue);
return internalUrl.host === host;
} }
function isDocInternalUrl(host: string) { /**
return isInternalUrl(host, process.env.APP_DOC_INTERNAL_URL); * Returns true if:
} * - the server is a home worker and the host matches APP_HOME_INTERNAL_URL;
* - or the server is a doc worker and the host matches APP_DOC_INTERNAL_URL;
function isHomeInternalUrl(host: string) { *
return isInternalUrl(host, process.env.APP_HOME_INTERNAL_URL); * @param {string?} host The host to check
*/
export function isOwnInternalUrlHost(host?: string) {
if (process.env.APP_HOME_INTERNAL_URL) {
return hostMatchesUrl(host, process.env.APP_HOME_INTERNAL_URL);
} else if (process.env.APP_DOC_INTERNAL_URL) {
return hostMatchesUrl(host, process.env.APP_DOC_INTERNAL_URL);
}
return false;
} }
/** /**
@ -218,9 +224,8 @@ export function getHostType(host: string, options: {
if (!options.baseDomain) { return 'native'; } if (!options.baseDomain) { return 'native'; }
if ( if (
hostname === 'localhost' || hostname === 'localhost' ||
isDocInternalUrl(host) || isOwnInternalUrlHost(host) ||
hostname.endsWith(options.baseDomain) || hostname.endsWith(options.baseDomain)
isHomeInternalUrl(host)
) { ) {
return 'native'; return 'native';
} }

View File

@ -1,5 +1,7 @@
import {ApiError} from 'app/common/ApiError'; import {ApiError} from 'app/common/ApiError';
import {DEFAULT_HOME_SUBDOMAIN, isOrgInPathOnly, parseSubdomain, sanitizePathTail} from 'app/common/gristUrls'; import {
DEFAULT_HOME_SUBDOMAIN, isOrgInPathOnly, isOwnInternalUrlHost, parseSubdomain, sanitizePathTail
} from 'app/common/gristUrls';
import * as gutil from 'app/common/gutil'; import * as gutil from 'app/common/gutil';
import {DocScope, QueryResult, Scope} from 'app/gen-server/lib/HomeDBManager'; import {DocScope, QueryResult, Scope} from 'app/gen-server/lib/HomeDBManager';
import {getUserId, RequestWithLogin} from 'app/server/lib/Authorizer'; import {getUserId, RequestWithLogin} from 'app/server/lib/Authorizer';
@ -88,12 +90,7 @@ export function trustOrigin(req: IncomingMessage, resp?: Response): boolean {
const origin = req.headers.origin; const origin = req.headers.origin;
if (!origin) { return true; } // Not a CORS request. if (!origin) { return true; } // Not a CORS request.
if ( if (isOwnInternalUrlHost(req.get('Host'))) { return true; }
(process.env.APP_HOME_INTERNAL_URL && req.hostname === new URL(process.env.APP_HOME_INTERNAL_URL).hostname) ||
(process.env.APP_DOC_INTERNAL_URL && req.hostname === new URL(process.env.APP_DOC_INTERNAL_URL).hostname)
) {
return true;
}
if (!allowHost(req, new URL(origin))) { return false; } if (!allowHost(req, new URL(origin))) { return false; }