From ef6957a92c8b18252f96f28c42f29602b9086876 Mon Sep 17 00:00:00 2001 From: fflorent Date: Tue, 26 Mar 2024 17:17:09 +0100 Subject: [PATCH] attempt to fix issue with duplicate doc --- app/common/UserAPI.ts | 3 ++- app/server/lib/AppEndpoint.ts | 7 +++++-- app/server/lib/FlexServer.ts | 5 +++-- app/server/lib/requestUtils.ts | 8 ++++++++ 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/app/common/UserAPI.ts b/app/common/UserAPI.ts index 28daa159..114d7150 100644 --- a/app/common/UserAPI.ts +++ b/app/common/UserAPI.ts @@ -1167,6 +1167,7 @@ export class DocAPIImpl extends BaseAPI implements DocAPI { */ export function getDocWorkerUrl(homeUrl: string, docWorkerInfo: { docWorkerUrl: string|null, + internalDocWorkerUrl: string|null, selfPrefix?: string, }): string { if (!docWorkerInfo.docWorkerUrl) { @@ -1178,5 +1179,5 @@ export function getDocWorkerUrl(homeUrl: string, docWorkerInfo: { url.pathname = docWorkerInfo.selfPrefix + url.pathname; return url.href; } - return docWorkerInfo.docWorkerUrl; + return docWorkerInfo.internalDocWorkerUrl || docWorkerInfo.docWorkerUrl; } diff --git a/app/server/lib/AppEndpoint.ts b/app/server/lib/AppEndpoint.ts index 05fd54e1..e3e912a1 100644 --- a/app/server/lib/AppEndpoint.ts +++ b/app/server/lib/AppEndpoint.ts @@ -59,7 +59,7 @@ export function attachAppEndpoint(options: AttachOptions): void { // Alternatives could be: have the client to send their base URL // in the request; or use headers commonly added by reverse proxies. const selfPrefix = "/dw/self/v/" + gristServer.getTag(); - res.json({docWorkerUrl: null, selfPrefix}); + res.json({docWorkerUrl: null, internalDocWorkerUrl: null, selfPrefix}); return; } if (!trustOrigin(req, res)) { throw new Error('Unrecognized origin'); } @@ -73,7 +73,10 @@ export function attachAppEndpoint(options: AttachOptions): void { if (!docStatus) { return res.status(500).json({error: 'no worker'}); } - res.json({docWorkerUrl: customizeDocWorkerUrl(docStatus.docWorker.publicUrl, req)}); + res.json({ + docWorkerUrl: customizeDocWorkerUrl(docStatus.docWorker.publicUrl, req), + internalDocWorkerUrl: docStatus.docWorker.internalUrl + }); })); // Handler for serving the document landing pages. Expects the following parameters: diff --git a/app/server/lib/FlexServer.ts b/app/server/lib/FlexServer.ts index 2896eb47..9236ccb5 100644 --- a/app/server/lib/FlexServer.ts +++ b/app/server/lib/FlexServer.ts @@ -319,8 +319,9 @@ export class FlexServer implements GristServer { /** * Same as getHomeUrl, but for requesting internally. */ - public getHomeInternalUrl(req: express.Request, relPath?: string): string { - return this.getHomeUrl(req, relPath, this.getDefaultHomeInternalUrl()); + public getHomeInternalUrl(req: express.Request, relPath: string = ''): string { + const homeUrl = new URL(relPath, this.getDefaultHomeInternalUrl()); + return homeUrl.href; } /** diff --git a/app/server/lib/requestUtils.ts b/app/server/lib/requestUtils.ts index 6424d6d9..3f0f5cf5 100644 --- a/app/server/lib/requestUtils.ts +++ b/app/server/lib/requestUtils.ts @@ -87,6 +87,14 @@ export function trustOrigin(req: IncomingMessage, resp?: Response): boolean { // Note that the request origin is undefined for non-CORS requests. const origin = req.headers.origin; if (!origin) { return true; } // Not a CORS request. + + if ( + (process.env.APP_HOME_INTERNAL_URL && req.hostname === new URL(process.env.APP_HOME_INTERNAL_URL).hostname) || + (process.env.APP_DOC_INTERNAL_URL && req.hostname === new URL(process.env.APP_DOC_INTERNAL_URL).hostname) + ) { + return true; + } + if (!allowHost(req, new URL(origin))) { return false; } if (resp) {