discord-message-transcript 1.3.2 → 1.4.0-dev-next.1.57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/core/networkSecurity/urlSafety.js +21 -6
  2. package/dist/types/private/network.d.ts +4 -0
  3. package/package.json +2 -2
package/dist/core/networkSecurity/urlSafety.js CHANGED
@@ -2,6 +2,8 @@ import { CustomWarn } from "discord-message-transcript-base/internal";
2
2
  import { TRUSTED_DISCORD_HOSTS } from "./constants.js";
3
3
  import { isPrivateIp } from "./ip.js";
4
4
  import { resolveAllIps } from "./dns.js";
5
+ const cache = new Map();
6
+ const CACHELIMIT = 1000 * 5;
5
7
  export async function isSafeForHTML(url, options) {
6
8
  const { safeMode, disableWarnings } = options;
7
9
  if (!safeMode)
@@ -38,6 +40,25 @@ export async function isSafeForHTML(url, options) {
38
40
  CustomWarn(`Unsafe URL rejected: Blacklisted host "${host}"\nURL: ${url}`, disableWarnings);
39
41
  return { safe: false, safeIps: [], url: url };
40
42
  }
43
+ let checkPromise;
44
+ const cachedUrl = cache.get(u.origin);
45
+ if (cachedUrl && Date.now() - cachedUrl.expired < CACHELIMIT) {
46
+ const safeReturn = await cachedUrl.safeUrlReturn;
47
+ checkPromise = Promise.resolve({ safe: safeReturn.safe, safeIps: safeReturn.safeIps, url: url });
48
+ }
49
+ else {
50
+ checkPromise = checkList(url, u, host, disableWarnings);
51
+ cache.set(u.origin, { safeUrlReturn: checkPromise, expired: Date.now() });
52
+ }
53
+ const path = u.pathname.toLowerCase();
54
+ // External SVGs can execute scripts → allow only from Discord CDN
55
+ if (path.endsWith(".svg")) {
56
+ CustomWarn(`Unsafe URL rejected: External SVG not from Discord CDN\nURL: ${url}`, disableWarnings);
57
+ return { safe: false, safeIps: [], url: url };
58
+ }
59
+ return await checkPromise;
60
+ }
61
+ async function checkList(url, u, host, disableWarnings) {
41
62
  let ips;
42
63
  try {
43
64
  ips = await resolveAllIps(host);
@@ -55,12 +76,6 @@ export async function isSafeForHTML(url, options) {
55
76
  }
56
77
  safeIps.push(ip.address);
57
78
  }
58
- const path = u.pathname.toLowerCase();
59
- // External SVGs can execute scripts → allow only from Discord CDN
60
- if (path.endsWith(".svg")) {
61
- CustomWarn(`Unsafe URL rejected: External SVG not from Discord CDN\nURL: ${url}`, disableWarnings);
62
- return { safe: false, safeIps: [], url: url };
63
- }
64
79
  return { safe: true, safeIps: safeIps, url: url };
65
80
  }
66
81
  function isTrustedDiscordHost(host) {
package/dist/types/private/network.d.ts CHANGED
@@ -10,3 +10,7 @@ export interface safeUrlReturn {
10
10
  safeIps: string[];
11
11
  url: string;
12
12
  }
13
+ export interface cacheSafeUrlReturn {
14
+ safeUrlReturn: Promise<safeUrlReturn>;
15
+ expired: number;
16
+ }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "discord-message-transcript",
3
- "version": "1.3.2",
3
+ "version": "1.4.0-dev-next.1.57",
4
4
  "description": "",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
@@ -45,7 +45,7 @@
45
45
  },
46
46
  "homepage": "https://github.com/HenriqueMairesse/discord-message-transcript#readme",
47
47
  "dependencies": {
48
- "discord-message-transcript-base": "1.3.2"
48
+ "discord-message-transcript-base": "1.4.0-dev-next.1.57"
49
49
  },
50
50
  "peerDependencies": {
51
51
  "discord.js": ">=14.19.0 <15"