bunqueue 2.6.58 → 2.6.61
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/application/webhookManager.d.ts +5 -1
- package/dist/application/webhookManager.d.ts.map +1 -1
- package/dist/application/webhookManager.js +12 -1
- package/dist/application/webhookManager.js.map +1 -1
- package/dist/infrastructure/cloud/config.d.ts.map +1 -1
- package/dist/infrastructure/cloud/config.js +0 -7
- package/dist/infrastructure/cloud/config.js.map +1 -1
- package/dist/infrastructure/server/protocol.d.ts +2 -2
- package/dist/infrastructure/server/protocol.d.ts.map +1 -1
- package/dist/infrastructure/server/protocol.js +2 -60
- package/dist/infrastructure/server/protocol.js.map +1 -1
- package/dist/shared/webhookValidation.d.ts +7 -0
- package/dist/shared/webhookValidation.d.ts.map +1 -0
- package/dist/shared/webhookValidation.js +65 -0
- package/dist/shared/webhookValidation.js.map +1 -0
- package/package.json +1 -1
|
@@ -10,12 +10,16 @@ export declare class WebhookManager {
|
|
|
10
10
|
private readonly webhooks;
|
|
11
11
|
private readonly maxRetries;
|
|
12
12
|
private readonly retryDelay;
|
|
13
|
+
private readonly validateUrls;
|
|
13
14
|
private dashboardEmit;
|
|
14
15
|
/** Running counter for enabled webhooks - avoids O(n) filter in getStats */
|
|
15
16
|
private enabledCount;
|
|
17
|
+
constructor(options?: {
|
|
18
|
+
validateUrls?: boolean;
|
|
19
|
+
});
|
|
16
20
|
/** Set the dashboard event emitter callback */
|
|
17
21
|
setDashboardEmit(callback: (event: string, data: Record<string, unknown>) => void): void;
|
|
18
|
-
/** Add a webhook */
|
|
22
|
+
/** Add a webhook (validates URL to prevent SSRF) */
|
|
19
23
|
add(url: string, events: string[], queue?: string, secret?: string): Webhook;
|
|
20
24
|
/** Remove a webhook */
|
|
21
25
|
remove(id: WebhookId): boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webhookManager.d.ts","sourceRoot":"","sources":["../../src/application/webhookManager.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,SAAS,EACd,KAAK,YAAY,EAGlB,MAAM,yBAAyB,CAAC;
|
|
1
|
+
{"version":3,"file":"webhookManager.d.ts","sourceRoot":"","sources":["../../src/application/webhookManager.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,SAAS,EACd,KAAK,YAAY,EAGlB,MAAM,yBAAyB,CAAC;AAiBjC;;GAEG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAiC;IAC1D,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAuB;IAClD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAA0B;IACrD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAU;IACvC,OAAO,CAAC,aAAa,CAAyE;IAE9F,4EAA4E;IAC5E,OAAO,CAAC,YAAY,CAAK;gBAEb,OAAO,CAAC,EAAE;QAAE,YAAY,CAAC,EAAE,OAAO,CAAA;KAAE;IAIhD,+CAA+C;IAC/C,gBAAgB,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,GAAG,IAAI;IAIxF,oDAAoD;IACpD,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,KAAK,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO;IAgB5E,uBAAuB;IACvB,MAAM,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO;IAQ9B,wBAAwB;IACxB,GAAG,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,GAAG,SAAS;IAIvC,qEAAqE;IACrE,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,GAAG,OAAO;IAYpD,wBAAwB;IACxB,IAAI,IAAI,OAAO,EAAE;IAIjB,oCAAoC;IAC9B,OAAO,CACX,KAAK,EAAE,YAAY,EACnB,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,EACb,KAAK,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,GAC5D,OAAO,CAAC,IAAI,CAAC;IAqBhB,gCAAgC;YAClB,WAAW;IAuDzB,qDAAqD;IACrD,kBAAkB,IAAI,OAAO;IAI7B,6CAA6C;IAC7C,QAAQ;;;;CAMT"}
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
* Manages webhooks and sends HTTP callbacks
|
|
4
4
|
*/
|
|
5
5
|
import { createWebhook, } from '../domain/types/webhook';
|
|
6
|
+
import { validateWebhookUrl } from '../shared/webhookValidation';
|
|
6
7
|
import { webhookLog } from '../shared/logger';
|
|
7
8
|
/** Maximum webhook delivery retries (configurable via WEBHOOK_MAX_RETRIES env var) */
|
|
8
9
|
const WEBHOOK_MAX_RETRIES = parseInt(Bun.env.WEBHOOK_MAX_RETRIES ?? '3', 10);
|
|
@@ -21,15 +22,25 @@ export class WebhookManager {
|
|
|
21
22
|
webhooks = new Map();
|
|
22
23
|
maxRetries = WEBHOOK_MAX_RETRIES;
|
|
23
24
|
retryDelay = WEBHOOK_RETRY_DELAY_MS;
|
|
25
|
+
validateUrls;
|
|
24
26
|
dashboardEmit = null;
|
|
25
27
|
/** Running counter for enabled webhooks - avoids O(n) filter in getStats */
|
|
26
28
|
enabledCount = 0;
|
|
29
|
+
constructor(options) {
|
|
30
|
+
this.validateUrls = options?.validateUrls !== false;
|
|
31
|
+
}
|
|
27
32
|
/** Set the dashboard event emitter callback */
|
|
28
33
|
setDashboardEmit(callback) {
|
|
29
34
|
this.dashboardEmit = callback;
|
|
30
35
|
}
|
|
31
|
-
/** Add a webhook */
|
|
36
|
+
/** Add a webhook (validates URL to prevent SSRF) */
|
|
32
37
|
add(url, events, queue, secret) {
|
|
38
|
+
if (this.validateUrls) {
|
|
39
|
+
const urlError = validateWebhookUrl(url);
|
|
40
|
+
if (urlError) {
|
|
41
|
+
throw new Error(urlError);
|
|
42
|
+
}
|
|
43
|
+
}
|
|
33
44
|
const webhook = createWebhook(url, events, queue, secret);
|
|
34
45
|
this.webhooks.set(webhook.id, webhook);
|
|
35
46
|
if (webhook.enabled) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webhookManager.js","sourceRoot":"","sources":["../../src/application/webhookManager.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAKL,aAAa,GACd,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,sFAAsF;AACtF,MAAM,mBAAmB,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,mBAAmB,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;AAE7E,4FAA4F;AAC5F,MAAM,sBAAsB,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,sBAAsB,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;AAEtF,uFAAuF;AACvF,SAAS,WAAW,CAAC,OAAe,EAAE,MAAc;IAClD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACtD,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACvB,OAAO,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,cAAc;IACR,QAAQ,GAAG,IAAI,GAAG,EAAsB,CAAC;IACzC,UAAU,GAAG,mBAAmB,CAAC;IACjC,UAAU,GAAG,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"webhookManager.js","sourceRoot":"","sources":["../../src/application/webhookManager.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAKL,aAAa,GACd,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,sFAAsF;AACtF,MAAM,mBAAmB,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,mBAAmB,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;AAE7E,4FAA4F;AAC5F,MAAM,sBAAsB,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,sBAAsB,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;AAEtF,uFAAuF;AACvF,SAAS,WAAW,CAAC,OAAe,EAAE,MAAc;IAClD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACtD,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACvB,OAAO,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,cAAc;IACR,QAAQ,GAAG,IAAI,GAAG,EAAsB,CAAC;IACzC,UAAU,GAAG,mBAAmB,CAAC;IACjC,UAAU,GAAG,sBAAsB,CAAC;IACpC,YAAY,CAAU;IAC/B,aAAa,GAAoE,IAAI,CAAC;IAE9F,4EAA4E;IACpE,YAAY,GAAG,CAAC,CAAC;IAEzB,YAAY,OAAoC;QAC9C,IAAI,CAAC,YAAY,GAAG,OAAO,EAAE,YAAY,KAAK,KAAK,CAAC;IACtD,CAAC;IAED,+CAA+C;IAC/C,gBAAgB,CAAC,QAAgE;QAC/E,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC;IAChC,CAAC;IAED,oDAAoD;IACpD,GAAG,CAAC,GAAW,EAAE,MAAgB,EAAE,KAAc,EAAE,MAAe;QAChE,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,MAAM,QAAQ,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;YACzC,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QACvC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,uBAAuB;IACvB,MAAM,CAAC,EAAa;QAClB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACtC,IAAI,OAAO,EAAE,OAAO,EAAE,CAAC;YACrB,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAClC,CAAC;IAED,wBAAwB;IACxB,GAAG,CAAC,EAAa;QACf,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC/B,CAAC;IAED,qEAAqE;IACrE,UAAU,CAAC,EAAa,EAAE,OAAgB;QACxC,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACtC,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAE3B,IAAI,OAAO,CAAC,OAAO,KAAK,OAAO,EAAE,CAAC;YAChC,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;YAC1B,IAAI,CAAC,YAAY,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACtC,IAAI,CAAC,aAAa,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,kBAAkB,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC,CAAC;QAC5F,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,wBAAwB;IACxB,IAAI;QACF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,oCAAoC;IACpC,KAAK,CAAC,OAAO,CACX,KAAmB,EACnB,KAAa,EACb,KAAa,EACb,KAA6D;QAE7D,MAAM,OAAO,GAAmB;YAC9B,KAAK;YACL,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK;YACL,KAAK;YACL,GAAG,KAAK;SACT,CAAC;QAEF,MAAM,gBAAgB,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAChE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,KAAK,IAAI,IAAI,EAAE,CAAC,KAAK,KAAK,KAAK,CAAC,CAC7F,CAAC;QAEF,gCAAgC;QAChC,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;YACvC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;gBACxD,UAAU,CAAC,KAAK,CAAC,wBAAwB,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACvF,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,gCAAgC;IACxB,KAAK,CAAC,WAAW,CAAC,OAAgB,EAAE,OAAuB;QACjE,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,kBAAkB;YAClC,iBAAiB,EAAE,OAAO,CAAC,KAAK;YAChC,qBAAqB,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC;SACjD,CAAC;QAEF,iCAAiC;QACjC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,OAAO,CAAC,qBAAqB,CAAC,GAAG,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC;QAED,IAAI,SAAS,GAAiB,IAAI,CAAC;QACnC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,EAAE,CAAC;YAC3D,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE;oBACxC,MAAM,EAAE,MAAM;oBACd,OAAO;oBACP,IAAI;oBACJ,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;iBACnC,CAAC,CAAC;gBAEH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;oBAChB,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;oBACnC,OAAO,CAAC,YAAY,EAAE,CAAC;oBACvB,IAAI,CAAC,aAAa,EAAE,CAAC,eAAe,EAAE;wBACpC,SAAS,EAAE,OAAO,CAAC,EAAE;wBACrB,GAAG,EAAE,OAAO,CAAC,GAAG;wBAChB,KAAK,EAAE,OAAO,CAAC,KAAK;qBACrB,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBAED,SAAS,GAAG,IAAI,KAAK,CAAC,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YACnD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,SAAS,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAClE,CAAC;YAED,oBAAoB;YACpB,IAAI,OAAO,GAAG,IAAI,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC;gBAClC,MAAM,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,GAAG,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;QAED,OAAO,CAAC,YAAY,EAAE,CAAC;QACvB,IAAI,CAAC,aAAa,EAAE,CAAC,gBAAgB,EAAE;YACrC,SAAS,EAAE,OAAO,CAAC,EAAE;YACrB,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,KAAK,EAAE,SAAS,EAAE,OAAO,IAAI,2CAA2C;SACzE,CAAC,CAAC;QACH,MAAM,SAAS,IAAI,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC5E,CAAC;IAED,qDAAqD;IACrD,kBAAkB;QAChB,OAAO,IAAI,CAAC,YAAY,GAAG,CAAC,CAAC;IAC/B,CAAC;IAED,6CAA6C;IAC7C,QAAQ;QACN,OAAO;YACL,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;YACzB,OAAO,EAAE,IAAI,CAAC,YAAY;SAC3B,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/cloud/config.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAG3C,4EAA4E;AAC5E,wBAAgB,eAAe,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/cloud/config.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAG3C,4EAA4E;AAC5E,wBAAgB,eAAe,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAwBrE"}
|
|
@@ -10,13 +10,6 @@ export function loadCloudConfig(dataPath) {
|
|
|
10
10
|
// Both URL and API key required to enable
|
|
11
11
|
if (!url || !apiKey)
|
|
12
12
|
return null;
|
|
13
|
-
// Only cloud.bunqueue.io is accepted
|
|
14
|
-
const ALLOWED_URL = 'https://cloud.bunqueue.io';
|
|
15
|
-
const normalized = url.replace(/\/+$/, '').toLowerCase();
|
|
16
|
-
if (normalized !== ALLOWED_URL) {
|
|
17
|
-
console.warn(`[Cloud] Rejected BUNQUEUE_CLOUD_URL="${url}" — only ${ALLOWED_URL} is supported`);
|
|
18
|
-
return null;
|
|
19
|
-
}
|
|
20
13
|
return {
|
|
21
14
|
url: url.replace(/\/+$/, ''), // Strip trailing slashes
|
|
22
15
|
apiKey,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/infrastructure/cloud/config.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AAE9B,4EAA4E;AAC5E,MAAM,UAAU,eAAe,CAAC,QAAiB;IAC/C,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,kBAAkB,CAAC;IACvC,MAAM,MAAM,GAAG,GAAG,CAAC,GAAG,CAAC,sBAAsB,CAAC;IAE9C,0CAA0C;IAC1C,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEjC,
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/infrastructure/cloud/config.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AAE9B,4EAA4E;AAC5E,MAAM,UAAU,eAAe,CAAC,QAAiB;IAC/C,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,kBAAkB,CAAC;IACvC,MAAM,MAAM,GAAG,GAAG,CAAC,GAAG,CAAC,sBAAsB,CAAC;IAE9C,0CAA0C;IAC1C,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEjC,OAAO;QACL,GAAG,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,yBAAyB;QACvD,MAAM;QACN,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,6BAA6B,IAAI,IAAI;QAC5D,YAAY,EAAE,GAAG,CAAC,GAAG,CAAC,4BAA4B,IAAI,QAAQ,EAAE;QAChE,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,0BAA0B,IAAI,OAAO,EAAE,EAAE,CAAC;QACvE,cAAc,EAAE,GAAG,CAAC,GAAG,CAAC,+BAA+B,KAAK,MAAM;QAClE,YAAY,EAAE,GAAG,CAAC,GAAG,CAAC,4BAA4B,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE;QACpF,WAAW,EAAE,GAAG,CAAC,GAAG,CAAC,qBAAqB,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE;QAC5E,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,0BAA0B,IAAI,KAAK,EAAE,EAAE,CAAC;QACrE,uBAAuB,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,wCAAwC,IAAI,GAAG,EAAE,EAAE,CAAC;QAC9F,qBAAqB,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,uCAAuC,IAAI,OAAO,EAAE,EAAE,CAAC;QAC/F,YAAY,EAAE,GAAG,CAAC,GAAG,CAAC,4BAA4B,KAAK,OAAO;QAC9D,OAAO,EAAE,GAAG,CAAC,GAAG,CAAC,uBAAuB,KAAK,OAAO;QACpD,QAAQ,EAAE,QAAQ,IAAI,IAAI;QAC1B,cAAc,EAAE,GAAG,CAAC,GAAG,CAAC,8BAA8B,KAAK,MAAM;KAClE,CAAC;AACJ,CAAC"}
|
|
@@ -22,8 +22,8 @@ export declare function validateNumericField(value: unknown, name: string, optio
|
|
|
22
22
|
}): string | null;
|
|
23
23
|
/** Validate job options numeric fields */
|
|
24
24
|
export declare function validateJobOptions(options: Record<string, unknown>): string | null;
|
|
25
|
-
/**
|
|
26
|
-
export
|
|
25
|
+
/** Re-export from shared module for backward compatibility */
|
|
26
|
+
export { validateWebhookUrl } from '../../shared/webhookValidation';
|
|
27
27
|
/** Connection state */
|
|
28
28
|
export interface ConnectionState {
|
|
29
29
|
authenticated: boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"protocol.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/server/protocol.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,KAAK,QAAQ,EAAS,MAAM,6BAA6B,CAAC;AAEnE,uCAAuC;AACvC,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,IAAI,CAUzD;AAED,wCAAwC;AACxC,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,QAAQ,GAAG,MAAM,CAE5D;AAED,0DAA0D;AAC1D,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,EAAE,CAYrD;AAED,0BAA0B;AAC1B,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAW7D;AAED,6BAA6B;AAC7B,wBAAgB,eAAe,CAAC,IAAI,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAM5D;AAED,qDAAqD;AACrD,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,OAAO,EACd,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,OAAO,CAAA;CAAO,GAC/D,MAAM,GAAG,IAAI,CA+Bf;AAED,0CAA0C;AAC1C,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,GAAG,IAAI,CAmBlF;AAED,
|
|
1
|
+
{"version":3,"file":"protocol.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/server/protocol.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,KAAK,QAAQ,EAAS,MAAM,6BAA6B,CAAC;AAEnE,uCAAuC;AACvC,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,IAAI,CAUzD;AAED,wCAAwC;AACxC,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,QAAQ,GAAG,MAAM,CAE5D;AAED,0DAA0D;AAC1D,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,EAAE,CAYrD;AAED,0BAA0B;AAC1B,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAW7D;AAED,6BAA6B;AAC7B,wBAAgB,eAAe,CAAC,IAAI,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAM5D;AAED,qDAAqD;AACrD,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,OAAO,EACd,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,OAAO,CAAA;CAAO,GAC/D,MAAM,GAAG,IAAI,CA+Bf;AAED,0CAA0C;AAC1C,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,GAAG,IAAI,CAmBlF;AAED,8DAA8D;AAC9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AAEpE,uBAAuB;AACvB,MAAM,WAAW,eAAe;IAC9B,aAAa,EAAE,OAAO,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,sCAAsC;AACtC,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,eAAe,CAKvE;AAED,4BAA4B;AAC5B,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,CAErE;AAED,sCAAsC;AACtC,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAM;IAEpB,oDAAoD;IACpD,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE;IAgB/B,mCAAmC;IACnC,YAAY,IAAI,MAAM;IAItB,mBAAmB;IACnB,KAAK,IAAI,IAAI;CAGd;AAED,yEAAyE;AACzE,eAAO,MAAM,cAAc,QAAmB,CAAC;AAE/C,mDAAmD;AACnD,qBAAa,cAAe,SAAQ,KAAK;aAErB,aAAa,EAAE,MAAM;aACrB,OAAO,EAAE,MAAM;gBADf,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM;CAKlC;AAED,mCAAmC;AACnC,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAAiC;IAC/C,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;gBAE1B,YAAY,GAAE,MAAuB;IAIjD;;OAEG;IACH,OAAO,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU,EAAE;IAuCvC,gCAAgC;IAChC,KAAK,IAAI,IAAI;IAIb,8BAA8B;IAC9B,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU;CAU3C"}
|
|
@@ -97,66 +97,8 @@ export function validateJobOptions(options) {
|
|
|
97
97
|
}
|
|
98
98
|
return null;
|
|
99
99
|
}
|
|
100
|
-
/**
|
|
101
|
-
export
|
|
102
|
-
if (!url || url.length === 0) {
|
|
103
|
-
return 'Webhook URL is required';
|
|
104
|
-
}
|
|
105
|
-
if (url.length > 2048) {
|
|
106
|
-
return 'Webhook URL too long (max 2048 characters)';
|
|
107
|
-
}
|
|
108
|
-
let parsed;
|
|
109
|
-
try {
|
|
110
|
-
parsed = new URL(url);
|
|
111
|
-
}
|
|
112
|
-
catch {
|
|
113
|
-
return 'Invalid URL format';
|
|
114
|
-
}
|
|
115
|
-
// Only allow http and https
|
|
116
|
-
if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
|
|
117
|
-
return 'Webhook URL must use http or https protocol';
|
|
118
|
-
}
|
|
119
|
-
// Block localhost and private IPs (SSRF prevention)
|
|
120
|
-
const hostname = parsed.hostname.toLowerCase();
|
|
121
|
-
// Block localhost variations
|
|
122
|
-
if (hostname === 'localhost' ||
|
|
123
|
-
hostname === '127.0.0.1' ||
|
|
124
|
-
hostname === '::1' ||
|
|
125
|
-
hostname === '[::1]' ||
|
|
126
|
-
hostname.endsWith('.localhost')) {
|
|
127
|
-
return 'Webhook URL cannot point to localhost';
|
|
128
|
-
}
|
|
129
|
-
// Block private IP ranges
|
|
130
|
-
const ipv4Match = hostname.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
|
|
131
|
-
if (ipv4Match) {
|
|
132
|
-
const [, a, b] = ipv4Match.map(Number);
|
|
133
|
-
// 10.x.x.x
|
|
134
|
-
if (a === 10)
|
|
135
|
-
return 'Webhook URL cannot point to private IP';
|
|
136
|
-
// 172.16.x.x - 172.31.x.x
|
|
137
|
-
if (a === 172 && b >= 16 && b <= 31)
|
|
138
|
-
return 'Webhook URL cannot point to private IP';
|
|
139
|
-
// 192.168.x.x
|
|
140
|
-
if (a === 192 && b === 168)
|
|
141
|
-
return 'Webhook URL cannot point to private IP';
|
|
142
|
-
// 169.254.x.x (link-local)
|
|
143
|
-
if (a === 169 && b === 254)
|
|
144
|
-
return 'Webhook URL cannot point to link-local IP';
|
|
145
|
-
// 0.0.0.0
|
|
146
|
-
if (a === 0)
|
|
147
|
-
return 'Webhook URL cannot point to unspecified IP';
|
|
148
|
-
// 127.x.x.x
|
|
149
|
-
if (a === 127)
|
|
150
|
-
return 'Webhook URL cannot point to loopback IP';
|
|
151
|
-
}
|
|
152
|
-
// Block cloud metadata endpoints
|
|
153
|
-
if (hostname === '169.254.169.254' ||
|
|
154
|
-
hostname === 'metadata.google.internal' ||
|
|
155
|
-
hostname.endsWith('.internal')) {
|
|
156
|
-
return 'Webhook URL cannot point to cloud metadata endpoints';
|
|
157
|
-
}
|
|
158
|
-
return null;
|
|
159
|
-
}
|
|
100
|
+
/** Re-export from shared module for backward compatibility */
|
|
101
|
+
export { validateWebhookUrl } from '../../shared/webhookValidation';
|
|
160
102
|
/** Create initial connection state */
|
|
161
103
|
export function createConnectionState(clientId) {
|
|
162
104
|
return {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"protocol.js","sourceRoot":"","sources":["../../../src/infrastructure/server/protocol.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAiB,KAAK,EAAE,MAAM,6BAA6B,CAAC;AAEnE,uCAAuC;AACvC,MAAM,UAAU,YAAY,CAAC,IAAY;IACvC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;QAC3D,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,MAA4B,CAAC;IACtC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,wCAAwC;AACxC,MAAM,UAAU,iBAAiB,CAAC,QAAkB;IAClD,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;AAClC,CAAC;AAED,0DAA0D;AAC1D,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACxE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,GAAG,EAAE,CAAC;YACR,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,0BAA0B;AAC1B,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,wBAAwB,CAAC;IAClC,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QACtB,OAAO,0CAA0C,CAAC;IACpD,CAAC;IACD,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACtC,OAAO,wCAAwC,CAAC;IAClD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,6BAA6B;AAC7B,MAAM,UAAU,eAAe,CAAC,IAAa;IAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAClC,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,CAAC;QACnC,OAAO,+BAA+B,CAAC;IACzC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,qDAAqD;AACrD,MAAM,UAAU,oBAAoB,CAClC,KAAc,EACd,IAAY,EACZ,UAA8D,EAAE;IAEhE,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,gBAAgB,EAAE,QAAQ,GAAG,KAAK,EAAE,GAAG,OAAO,CAAC;IAE7E,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QAC1C,OAAO,QAAQ,CAAC,CAAC,CAAC,GAAG,IAAI,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC;IACjD,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,GAAG,IAAI,mBAAmB,CAAC;IACpC,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,GAAG,IAAI,0BAA0B,CAAC;IAC3C,CAAC;IAED,IACE,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC;QACxB,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,KAAK,UAAU,IAAI,IAAI,KAAK,aAAa,CAAC,EACtE,CAAC;QACD,OAAO,GAAG,IAAI,qBAAqB,CAAC;IACtC,CAAC;IAED,IAAI,KAAK,GAAG,GAAG,EAAE,CAAC;QAChB,OAAO,GAAG,IAAI,qBAAqB,GAAG,EAAE,CAAC;IAC3C,CAAC;IAED,IAAI,KAAK,GAAG,GAAG,EAAE,CAAC;QAChB,OAAO,GAAG,IAAI,oBAAoB,GAAG,EAAE,CAAC;IAC1C,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,0CAA0C;AAC1C,MAAM,UAAU,kBAAkB,CAAC,OAAgC;IACjE,MAAM,WAAW,GAAG;QAClB,oBAAoB,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,UAAU,EAAE,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;QACtF,oBAAoB,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC,EAAE,aAAa;QAC1G,oBAAoB,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC,EAAE,YAAY;QACvG,oBAAoB,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,aAAa,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;QAClF,oBAAoB,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC,EAAE,YAAY;QACvG,oBAAoB,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC,EAAE,aAAa;QACtG,oBAAoB,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,cAAc,EAAE;YAC5D,GAAG,EAAE,CAAC;YACN,GAAG,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;SACzB,CAAC,EAAE,YAAY;KACjB,CAAC;IAEF,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;QAChC,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC;IAC1B,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,
|
|
1
|
+
{"version":3,"file":"protocol.js","sourceRoot":"","sources":["../../../src/infrastructure/server/protocol.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAiB,KAAK,EAAE,MAAM,6BAA6B,CAAC;AAEnE,uCAAuC;AACvC,MAAM,UAAU,YAAY,CAAC,IAAY;IACvC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;QAC3D,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,MAA4B,CAAC;IACtC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,wCAAwC;AACxC,MAAM,UAAU,iBAAiB,CAAC,QAAkB;IAClD,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;AAClC,CAAC;AAED,0DAA0D;AAC1D,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACxE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,GAAG,EAAE,CAAC;YACR,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,0BAA0B;AAC1B,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,wBAAwB,CAAC;IAClC,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QACtB,OAAO,0CAA0C,CAAC;IACpD,CAAC;IACD,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACtC,OAAO,wCAAwC,CAAC;IAClD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,6BAA6B;AAC7B,MAAM,UAAU,eAAe,CAAC,IAAa;IAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAClC,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,CAAC;QACnC,OAAO,+BAA+B,CAAC;IACzC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,qDAAqD;AACrD,MAAM,UAAU,oBAAoB,CAClC,KAAc,EACd,IAAY,EACZ,UAA8D,EAAE;IAEhE,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,gBAAgB,EAAE,QAAQ,GAAG,KAAK,EAAE,GAAG,OAAO,CAAC;IAE7E,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QAC1C,OAAO,QAAQ,CAAC,CAAC,CAAC,GAAG,IAAI,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC;IACjD,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,GAAG,IAAI,mBAAmB,CAAC;IACpC,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,GAAG,IAAI,0BAA0B,CAAC;IAC3C,CAAC;IAED,IACE,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC;QACxB,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,KAAK,UAAU,IAAI,IAAI,KAAK,aAAa,CAAC,EACtE,CAAC;QACD,OAAO,GAAG,IAAI,qBAAqB,CAAC;IACtC,CAAC;IAED,IAAI,KAAK,GAAG,GAAG,EAAE,CAAC;QAChB,OAAO,GAAG,IAAI,qBAAqB,GAAG,EAAE,CAAC;IAC3C,CAAC;IAED,IAAI,KAAK,GAAG,GAAG,EAAE,CAAC;QAChB,OAAO,GAAG,IAAI,oBAAoB,GAAG,EAAE,CAAC;IAC1C,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,0CAA0C;AAC1C,MAAM,UAAU,kBAAkB,CAAC,OAAgC;IACjE,MAAM,WAAW,GAAG;QAClB,oBAAoB,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,UAAU,EAAE,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;QACtF,oBAAoB,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC,EAAE,aAAa;QAC1G,oBAAoB,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC,EAAE,YAAY;QACvG,oBAAoB,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,aAAa,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;QAClF,oBAAoB,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC,EAAE,YAAY;QACvG,oBAAoB,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC,EAAE,aAAa;QACtG,oBAAoB,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,cAAc,EAAE;YAC5D,GAAG,EAAE,CAAC;YACN,GAAG,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;SACzB,CAAC,EAAE,YAAY;KACjB,CAAC;IAEF,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;QAChC,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC;IAC1B,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,8DAA8D;AAC9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AAQpE,sCAAsC;AACtC,MAAM,UAAU,qBAAqB,CAAC,QAAgB;IACpD,OAAO;QACL,aAAa,EAAE,KAAK;QACpB,QAAQ;KACT,CAAC;AACJ,CAAC;AAED,4BAA4B;AAC5B,MAAM,UAAU,aAAa,CAAC,OAAe,EAAE,KAAc;IAC3D,OAAO,iBAAiB,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;AAClD,CAAC;AAED,sCAAsC;AACtC,MAAM,OAAO,UAAU;IACb,MAAM,GAAG,EAAE,CAAC;IAEpB,oDAAoD;IACpD,OAAO,CAAC,IAAY;QAClB,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC;QACpB,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,IAAI,UAAkB,CAAC;QAEvB,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACvD,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,IAAI,EAAE,CAAC;YACrD,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;YAChD,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,mCAAmC;IACnC,YAAY;QACV,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,mBAAmB;IACnB,KAAK;QACH,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC;IACnB,CAAC;CACF;AAED,yEAAyE;AACzE,MAAM,CAAC,MAAM,cAAc,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC;AAE/C,mDAAmD;AACnD,MAAM,OAAO,cAAe,SAAQ,KAAK;IAErB;IACA;IAFlB,YACkB,aAAqB,EACrB,OAAe;QAE/B,KAAK,CAAC,cAAc,aAAa,iCAAiC,OAAO,EAAE,CAAC,CAAC;QAH7D,kBAAa,GAAb,aAAa,CAAQ;QACrB,YAAO,GAAP,OAAO,CAAQ;QAG/B,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;IAC/B,CAAC;CACF;AAED,mCAAmC;AACnC,MAAM,OAAO,WAAW;IACd,MAAM,GAAe,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAC9B,YAAY,CAAS;IAEtC,YAAY,eAAuB,cAAc;QAC/C,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,IAAgB;QACtB,sBAAsB;QACtB,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;QACnE,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3B,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACxC,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC;QAExB,MAAM,MAAM,GAAiB,EAAE,CAAC;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAC/B,0FAA0F;YAC1F,2EAA2E;YAC3E,MAAM,MAAM,GACV,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBACrB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBACtB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;gBACrB,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBACjB,CAAC,CAAC;YAEJ,uDAAuD;YACvD,IAAI,MAAM,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;gBAC/B,+DAA+D;gBAC/D,IAAI,CAAC,MAAM,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;gBAChC,MAAM,IAAI,cAAc,CAAC,MAAM,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;YACtD,CAAC;YAED,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,GAAG,MAAM,EAAE,CAAC;gBACpC,kBAAkB;gBAClB,MAAM;YACR,CAAC;YAED,gBAAgB;YAChB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC;YAC9C,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC;QAC9C,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,gCAAgC;IAChC,KAAK;QACH,IAAI,CAAC,MAAM,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAClC,CAAC;IAED,8BAA8B;IAC9B,MAAM,CAAC,KAAK,CAAC,IAAgB;QAC3B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;QAC9C,uCAAuC;QACvC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;QACtC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;QACtC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;QACrC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QAC9B,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QACnB,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Webhook URL Validation
|
|
3
|
+
* SSRF prevention for webhook URLs — shared between server handlers and embedded SDK
|
|
4
|
+
*/
|
|
5
|
+
/** Validate webhook URL to prevent SSRF. Returns error message or null if valid. */
|
|
6
|
+
export declare function validateWebhookUrl(url: string): string | null;
|
|
7
|
+
//# sourceMappingURL=webhookValidation.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"webhookValidation.d.ts","sourceRoot":"","sources":["../../src/shared/webhookValidation.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAqCH,oFAAoF;AACpF,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAyB7D"}
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Webhook URL Validation
|
|
3
|
+
* SSRF prevention for webhook URLs — shared between server handlers and embedded SDK
|
|
4
|
+
*/
|
|
5
|
+
/** Check if hostname is a localhost variant */
|
|
6
|
+
function isLocalhost(hostname) {
|
|
7
|
+
return (hostname === 'localhost' ||
|
|
8
|
+
hostname === '127.0.0.1' ||
|
|
9
|
+
hostname === '::1' ||
|
|
10
|
+
hostname === '[::1]' ||
|
|
11
|
+
hostname.endsWith('.localhost'));
|
|
12
|
+
}
|
|
13
|
+
/** Check if hostname is a blocked IPv4 address. Returns error message or null. */
|
|
14
|
+
function checkPrivateIpv4(hostname) {
|
|
15
|
+
const m = hostname.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
|
|
16
|
+
if (!m)
|
|
17
|
+
return null;
|
|
18
|
+
const [, a, b] = m.map(Number);
|
|
19
|
+
if (a === 10)
|
|
20
|
+
return 'Webhook URL cannot point to private IP';
|
|
21
|
+
if (a === 172 && b >= 16 && b <= 31)
|
|
22
|
+
return 'Webhook URL cannot point to private IP';
|
|
23
|
+
if (a === 192 && b === 168)
|
|
24
|
+
return 'Webhook URL cannot point to private IP';
|
|
25
|
+
if (a === 169 && b === 254)
|
|
26
|
+
return 'Webhook URL cannot point to link-local IP';
|
|
27
|
+
if (a === 0)
|
|
28
|
+
return 'Webhook URL cannot point to unspecified IP';
|
|
29
|
+
if (a === 127)
|
|
30
|
+
return 'Webhook URL cannot point to loopback IP';
|
|
31
|
+
return null;
|
|
32
|
+
}
|
|
33
|
+
/** Check if hostname is a cloud metadata endpoint */
|
|
34
|
+
function isCloudMetadata(hostname) {
|
|
35
|
+
return (hostname === '169.254.169.254' ||
|
|
36
|
+
hostname === 'metadata.google.internal' ||
|
|
37
|
+
hostname.endsWith('.internal'));
|
|
38
|
+
}
|
|
39
|
+
/** Validate webhook URL to prevent SSRF. Returns error message or null if valid. */
|
|
40
|
+
export function validateWebhookUrl(url) {
|
|
41
|
+
if (!url || url.length === 0)
|
|
42
|
+
return 'Webhook URL is required';
|
|
43
|
+
if (url.length > 2048)
|
|
44
|
+
return 'Webhook URL too long (max 2048 characters)';
|
|
45
|
+
let parsed;
|
|
46
|
+
try {
|
|
47
|
+
parsed = new URL(url);
|
|
48
|
+
}
|
|
49
|
+
catch {
|
|
50
|
+
return 'Invalid URL format';
|
|
51
|
+
}
|
|
52
|
+
if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
|
|
53
|
+
return 'Webhook URL must use http or https protocol';
|
|
54
|
+
}
|
|
55
|
+
const hostname = parsed.hostname.toLowerCase();
|
|
56
|
+
if (isLocalhost(hostname))
|
|
57
|
+
return 'Webhook URL cannot point to localhost';
|
|
58
|
+
const ipError = checkPrivateIpv4(hostname);
|
|
59
|
+
if (ipError)
|
|
60
|
+
return ipError;
|
|
61
|
+
if (isCloudMetadata(hostname))
|
|
62
|
+
return 'Webhook URL cannot point to cloud metadata endpoints';
|
|
63
|
+
return null;
|
|
64
|
+
}
|
|
65
|
+
//# sourceMappingURL=webhookValidation.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"webhookValidation.js","sourceRoot":"","sources":["../../src/shared/webhookValidation.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,+CAA+C;AAC/C,SAAS,WAAW,CAAC,QAAgB;IACnC,OAAO,CACL,QAAQ,KAAK,WAAW;QACxB,QAAQ,KAAK,WAAW;QACxB,QAAQ,KAAK,KAAK;QAClB,QAAQ,KAAK,OAAO;QACpB,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,CAChC,CAAC;AACJ,CAAC;AAED,kFAAkF;AAClF,SAAS,gBAAgB,CAAC,QAAgB;IACxC,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;IACzE,IAAI,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAEpB,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC/B,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,wCAAwC,CAAC;IAC9D,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,wCAAwC,CAAC;IACrF,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,wCAAwC,CAAC;IAC5E,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,2CAA2C,CAAC;IAC/E,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,4CAA4C,CAAC;IACjE,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,yCAAyC,CAAC;IAChE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,qDAAqD;AACrD,SAAS,eAAe,CAAC,QAAgB;IACvC,OAAO,CACL,QAAQ,KAAK,iBAAiB;QAC9B,QAAQ,KAAK,0BAA0B;QACvC,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,CAC/B,CAAC;AACJ,CAAC;AAED,oFAAoF;AACpF,MAAM,UAAU,kBAAkB,CAAC,GAAW;IAC5C,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,yBAAyB,CAAC;IAC/D,IAAI,GAAG,CAAC,MAAM,GAAG,IAAI;QAAE,OAAO,4CAA4C,CAAC;IAE3E,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,oBAAoB,CAAC;IAC9B,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAChE,OAAO,6CAA6C,CAAC;IACvD,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IAE/C,IAAI,WAAW,CAAC,QAAQ,CAAC;QAAE,OAAO,uCAAuC,CAAC;IAE1E,MAAM,OAAO,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC3C,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC;IAE5B,IAAI,eAAe,CAAC,QAAQ,CAAC;QAAE,OAAO,sDAAsD,CAAC;IAE7F,OAAO,IAAI,CAAC;AACd,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "bunqueue",
|
|
3
|
-
"version": "2.6.
|
|
3
|
+
"version": "2.6.61",
|
|
4
4
|
"description": "High-performance job queue for Bun & AI agents. SQLite persistence, cron scheduling, priorities, retries, DLQ, webhooks, native MCP server. Zero external dependencies.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/main.js",
|