egg 3.26.1 → 3.27.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.d.ts +3 -0
- package/lib/core/httpclient.js +11 -0
- package/lib/core/httpclient_next.js +16 -0
- package/package.json +1 -1
package/index.d.ts
CHANGED
|
@@ -69,6 +69,9 @@ declare module 'egg' {
|
|
|
69
69
|
curl<T = any>(url: HttpClientRequestURL): Promise<HttpClientResponseOld<T> | HttpClientResponse<T>>;
|
|
70
70
|
curl<T = any>(url: HttpClientRequestURL, options: RequestOptionsOld | HttpClientRequestOptions):
|
|
71
71
|
Promise<HttpClientResponseOld<T> | HttpClientResponse<T>>;
|
|
72
|
+
safeCurl<T = any>(url: HttpClientRequestURL): Promise<HttpClientResponseOld<T> | HttpClientResponse<T>>;
|
|
73
|
+
safeCurl<T = any>(url: HttpClientRequestURL, options: RequestOptionsOld | HttpClientRequestOptions):
|
|
74
|
+
Promise<HttpClientResponseOld<T> | HttpClientResponse<T>>;
|
|
72
75
|
}
|
|
73
76
|
|
|
74
77
|
interface EggHttpConstructor {
|
package/lib/core/httpclient.js
CHANGED
|
@@ -44,6 +44,17 @@ class HttpClient extends urllib.HttpClient2 {
|
|
|
44
44
|
async curl(...args) {
|
|
45
45
|
return await this.request(...args);
|
|
46
46
|
}
|
|
47
|
+
|
|
48
|
+
async safeCurl(url, options = {}) {
|
|
49
|
+
const ssrfConfig = this.app.config.security.ssrf;
|
|
50
|
+
if (ssrfConfig?.checkAddress) {
|
|
51
|
+
options.checkAddress = ssrfConfig.checkAddress;
|
|
52
|
+
} else {
|
|
53
|
+
this.app.logger.warn('[egg-security] please configure `config.security.ssrf` first');
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
return await this.curl(url, options);
|
|
57
|
+
}
|
|
47
58
|
}
|
|
48
59
|
|
|
49
60
|
function normalizeConfig(app) {
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
const { HttpClient } = require('urllib-next');
|
|
2
2
|
const ms = require('humanize-ms');
|
|
3
|
+
const SSRF_HTTPCLIENT = Symbol('SSRF_HTTPCLIENT');
|
|
3
4
|
|
|
4
5
|
class HttpClientNext extends HttpClient {
|
|
5
6
|
constructor(app, options) {
|
|
@@ -33,6 +34,21 @@ class HttpClientNext extends HttpClient {
|
|
|
33
34
|
async curl(...args) {
|
|
34
35
|
return await this.request(...args);
|
|
35
36
|
}
|
|
37
|
+
|
|
38
|
+
async safeCurl(url, options = {}) {
|
|
39
|
+
if (!this[SSRF_HTTPCLIENT]) {
|
|
40
|
+
const ssrfConfig = this.app.config.security.ssrf;
|
|
41
|
+
if (ssrfConfig?.checkAddress) {
|
|
42
|
+
options.checkAddress = ssrfConfig.checkAddress;
|
|
43
|
+
} else {
|
|
44
|
+
this.app.logger.warn('[egg-security] please configure `config.security.ssrf` first');
|
|
45
|
+
}
|
|
46
|
+
this[SSRF_HTTPCLIENT] = new HttpClientNext(this.app, {
|
|
47
|
+
checkAddress: ssrfConfig.checkAddress,
|
|
48
|
+
});
|
|
49
|
+
}
|
|
50
|
+
return await this[SSRF_HTTPCLIENT].request(url, options);
|
|
51
|
+
}
|
|
36
52
|
}
|
|
37
53
|
|
|
38
54
|
function normalizeConfig(app) {
|