@j0hanz/superfetch 1.0.6 → 1.1.1

package/dist/utils/url-validator.js

@@ -1,115 +1,46 @@
-import dns from 'dns/promises';
 import { config } from '../config/index.js';
-import { UrlValidationError, ValidationError } from '../errors/app-error.js';
-const BLOCKED_HOSTS = new Set([
-    'localhost',
-    '127.0.0.1',
-    '0.0.0.0',
-    '::1',
-    '169.254.169.254',
-    'metadata.google.internal',
-    'metadata.azure.com',
-    '100.100.100.200',
-    'instance-data',
-]);
-const BLOCKED_IP_PATTERNS = [
-    /^10\./,
-    /^172\.(1[6-9]|2\d|3[01])\./,
-    /^192\.168\./,
-    /^127\./,
-    /^0\./,
-    /^169\.254\./,
-    /^fc00:/i,
-    /^fe80:/i,
-    /^::ffff:127\./,
-    /^::ffff:10\./,
-    /^::ffff:172\.(1[6-9]|2\d|3[01])\./,
-    /^::ffff:192\.168\./,
-];
 /**
  * Check if an IP address is in a blocked private range
  */
 export function isBlockedIp(ip) {
-    return BLOCKED_IP_PATTERNS.some((pattern) => pattern.test(ip));
-}
-/**
- * Validate resolved IP addresses to prevent DNS rebinding attacks.
- * This should be called after DNS resolution to ensure the resolved
- * IPs are not in blocked private ranges.
- */
-export async function validateResolvedIps(hostname) {
-    // Skip validation for direct IP addresses (already validated in validateAndNormalizeUrl)
-    if (/^[\d.]+$/.test(hostname) || hostname.includes(':')) {
-        return;
-    }
-    try {
-        // Resolve IPv4 addresses
-        const ipv4Addresses = await dns.resolve4(hostname).catch(() => []);
-        for (const ip of ipv4Addresses) {
-            if (isBlockedIp(ip) || BLOCKED_HOSTS.has(ip)) {
-                throw new UrlValidationError(`DNS rebinding detected: ${hostname} resolves to blocked IP ${ip}`, hostname);
-            }
-        }
-        // Resolve IPv6 addresses
-        const ipv6Addresses = await dns.resolve6(hostname).catch(() => []);
-        for (const ip of ipv6Addresses) {
-            if (isBlockedIp(ip) || BLOCKED_HOSTS.has(ip)) {
-                throw new UrlValidationError(`DNS rebinding detected: ${hostname} resolves to blocked IP ${ip}`, hostname);
-            }
-        }
-    }
-    catch (error) {
-        // Re-throw UrlValidationError, ignore DNS resolution errors
-        if (error instanceof UrlValidationError) {
-            throw error;
-        }
-        // DNS resolution failed - let the actual request handle the error
-    }
+    return config.security.blockedIpPatterns.some((pattern) => pattern.test(ip));
 }
 export function validateAndNormalizeUrl(urlString) {
-    // Check for empty or whitespace-only input
     if (!urlString || typeof urlString !== 'string') {
-        throw new ValidationError('URL is required');
+        throw new Error('URL is required');
     }
     const trimmedUrl = urlString.trim();
     if (!trimmedUrl) {
-        throw new ValidationError('URL cannot be empty');
+        throw new Error('URL cannot be empty');
     }
-    // Check URL length to prevent DoS
     if (trimmedUrl.length > config.constants.maxUrlLength) {
-        throw new ValidationError(`URL exceeds maximum length of ${config.constants.maxUrlLength} characters`, { length: trimmedUrl.length, maxLength: config.constants.maxUrlLength });
+        throw new Error(`URL exceeds maximum length of ${config.constants.maxUrlLength} characters`);
     }
     let url;
     try {
         url = new URL(trimmedUrl);
     }
     catch {
-        throw new UrlValidationError(`Invalid URL format`, trimmedUrl);
+        throw new Error('Invalid URL format');
     }
-    // Only allow HTTP(S) protocols
     if (url.protocol !== 'http:' && url.protocol !== 'https:') {
-        throw new UrlValidationError(`Invalid protocol: ${url.protocol}. Only http: and https: are allowed`, trimmedUrl);
+        throw new Error(`Invalid protocol: ${url.protocol}. Only http: and https: are allowed`);
     }
-    // Block URLs with credentials (user:pass@host)
     if (url.username || url.password) {
-        throw new UrlValidationError('URLs with embedded credentials are not allowed', trimmedUrl);
+        throw new Error('URLs with embedded credentials are not allowed');
     }
     const hostname = url.hostname.toLowerCase();
-    // Block empty hostname
     if (!hostname) {
-        throw new UrlValidationError('URL must have a valid hostname', trimmedUrl);
+        throw new Error('URL must have a valid hostname');
     }
-    // Block known internal/metadata hosts
-    if (BLOCKED_HOSTS.has(hostname)) {
-        throw new UrlValidationError(`Blocked host: ${hostname}. Internal hosts are not allowed`, trimmedUrl);
+    if (config.security.blockedHosts.has(hostname)) {
+        throw new Error(`Blocked host: ${hostname}. Internal hosts are not allowed`);
     }
-    // Block private IP ranges
     if (isBlockedIp(hostname)) {
-        throw new UrlValidationError(`Blocked IP range: ${hostname}. Private IPs are not allowed`, trimmedUrl);
+        throw new Error(`Blocked IP range: ${hostname}. Private IPs are not allowed`);
     }
-    // Block hostnames that look like they might resolve to internal addresses
     if (hostname.endsWith('.local') || hostname.endsWith('.internal')) {
-        throw new UrlValidationError(`Blocked hostname pattern: ${hostname}. Internal domain suffixes are not allowed`, trimmedUrl);
+        throw new Error(`Blocked hostname pattern: ${hostname}. Internal domain suffixes are not allowed`);
     }
     return url.href;
 }

package/dist/utils/url-validator.js.map

@@ -1 +1 @@
-{"version":3,"file":"url-validator.js","sourceRoot":"","sources":["../../src/utils/url-validator.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,MAAM,cAAc,CAAC;AAE/B,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAE7E,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC;IAC5B,WAAW;IACX,WAAW;IACX,SAAS;IACT,KAAK;IACL,iBAAiB;IACjB,0BAA0B;IAC1B,oBAAoB;IACpB,iBAAiB;IACjB,eAAe;CAChB,CAAC,CAAC;AAEH,MAAM,mBAAmB,GAAsB;IAC7C,OAAO;IACP,4BAA4B;IAC5B,aAAa;IACb,QAAQ;IACR,MAAM;IACN,aAAa;IACb,SAAS;IACT,SAAS;IACT,eAAe;IACf,cAAc;IACd,mCAAmC;IACnC,oBAAoB;CACrB,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,EAAU;IACpC,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;AACjE,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,QAAgB;IACxD,yFAAyF;IACzF,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACxD,OAAO;IACT,CAAC;IAED,IAAI,CAAC;QACH,yBAAyB;QACzB,MAAM,aAAa,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QACnE,KAAK,MAAM,EAAE,IAAI,aAAa,EAAE,CAAC;YAC/B,IAAI,WAAW,CAAC,EAAE,CAAC,IAAI,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC7C,MAAM,IAAI,kBAAkB,CAC1B,2BAA2B,QAAQ,2BAA2B,EAAE,EAAE,EAClE,QAAQ,CACT,CAAC;YACJ,CAAC;QACH,CAAC;QAED,yBAAyB;QACzB,MAAM,aAAa,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QACnE,KAAK,MAAM,EAAE,IAAI,aAAa,EAAE,CAAC;YAC/B,IAAI,WAAW,CAAC,EAAE,CAAC,IAAI,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC7C,MAAM,IAAI,kBAAkB,CAC1B,2BAA2B,QAAQ,2BAA2B,EAAE,EAAE,EAClE,QAAQ,CACT,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,4DAA4D;QAC5D,IAAI,KAAK,YAAY,kBAAkB,EAAE,CAAC;YACxC,MAAM,KAAK,CAAC;QACd,CAAC;QACD,kEAAkE;IACpE,CAAC;AACH,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,SAAiB;IACvD,2CAA2C;IAC3C,IAAI,CAAC,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QAChD,MAAM,IAAI,eAAe,CAAC,iBAAiB,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;IACpC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,eAAe,CAAC,qBAAqB,CAAC,CAAC;IACnD,CAAC;IAED,kCAAkC;IAClC,IAAI,UAAU,CAAC,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC;QACtD,MAAM,IAAI,eAAe,CACvB,iCAAiC,MAAM,CAAC,SAAS,CAAC,YAAY,aAAa,EAC3E,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,YAAY,EAAE,CACxE,CAAC;IACJ,CAAC;IAED,IAAI,GAAQ,CAAC;IAEb,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,kBAAkB,CAAC,oBAAoB,EAAE,UAAU,CAAC,CAAC;IACjE,CAAC;IAED,+BAA+B;IAC/B,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1D,MAAM,IAAI,kBAAkB,CAC1B,qBAAqB,GAAG,CAAC,QAAQ,qCAAqC,EACtE,UAAU,CACX,CAAC;IACJ,CAAC;IAED,+CAA+C;IAC/C,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QACjC,MAAM,IAAI,kBAAkB,CAC1B,gDAAgD,EAChD,UAAU,CACX,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IAE5C,uBAAuB;IACvB,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,kBAAkB,CAAC,gCAAgC,EAAE,UAAU,CAAC,CAAC;IAC7E,CAAC;IAED,sCAAsC;IACtC,IAAI,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,kBAAkB,CAC1B,iBAAiB,QAAQ,kCAAkC,EAC3D,UAAU,CACX,CAAC;IACJ,CAAC;IAED,0BAA0B;IAC1B,IAAI,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,kBAAkB,CAC1B,qBAAqB,QAAQ,+BAA+B,EAC5D,UAAU,CACX,CAAC;IACJ,CAAC;IAED,0EAA0E;IAC1E,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAClE,MAAM,IAAI,kBAAkB,CAC1B,6BAA6B,QAAQ,4CAA4C,EACjF,UAAU,CACX,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,CAAC,IAAI,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,GAAW,EAAE,OAAe;IACxD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QACrC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QACpC,OAAO,MAAM,CAAC,QAAQ,KAAK,UAAU,CAAC,QAAQ,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}
+{"version":3,"file":"url-validator.js","sourceRoot":"","sources":["../../src/utils/url-validator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,EAAU;IACpC,OAAO,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;AAC/E,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,SAAiB;IACvD,IAAI,CAAC,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACrC,CAAC;IAED,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;IACpC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CACb,iCAAiC,MAAM,CAAC,SAAS,CAAC,YAAY,aAAa,CAC5E,CAAC;IACJ,CAAC;IAED,IAAI,GAAQ,CAAC;IAEb,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CACb,qBAAqB,GAAG,CAAC,QAAQ,qCAAqC,CACvE,CAAC;IACJ,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IAE5C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACpD,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CACb,iBAAiB,QAAQ,kCAAkC,CAC5D,CAAC;IACJ,CAAC;IAED,IAAI,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CACb,qBAAqB,QAAQ,+BAA+B,CAC7D,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAClE,MAAM,IAAI,KAAK,CACb,6BAA6B,QAAQ,4CAA4C,CAClF,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,CAAC,IAAI,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,GAAW,EAAE,OAAe;IACxD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QACrC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QACpC,OAAO,MAAM,CAAC,QAAQ,KAAK,UAAU,CAAC,QAAQ,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@j0hanz/superfetch",
-  "version": "1.0.6",
+  "version": "1.1.1",
   "mcpName": "io.github.j0hanz/superfetch",
   "description": "Intelligent web content fetcher MCP server that converts HTML to clean, AI-readable JSONL format",
   "type": "module",
@@ -50,27 +50,26 @@
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.25.1",
     "@mozilla/readability": "^0.6.0",
-    "axios": "^1.13.2",
+    "axios": "^1.7.9",
     "cheerio": "^1.1.2",
     "domhandler": "^5.0.3",
     "express": "^5.2.1",
     "jsdom": "^27.3.0",
     "node-cache": "^5.1.2",
     "turndown": "^7.2.2",
-    "winston": "^3.19.0",
-    "zod": "^3.25.76"
+    "zod": "^3.24.1"
   },
   "devDependencies": {
     "@eslint/js": "^9.39.2",
     "@trivago/prettier-plugin-sort-imports": "^6.0.0",
     "@types/express": "^5.0.6",
     "@types/jsdom": "^27.0.0",
-    "@types/node": "^22.10.0",
+    "@types/node": "^22.19.3",
     "@types/turndown": "^5.0.6",
     "eslint": "^9.23.2",
     "eslint-config-prettier": "^10.1.8",
     "eslint-plugin-unused-imports": "^4.3.0",
-    "knip": "^5.74.0",
+    "knip": "^5.75.1",
     "prettier": "^3.7.4",
     "shx": "^0.4.0",
     "tsx": "^4.21.0",