ipx 0.9.6 → 0.9.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/chunks/middleware.cjs +17 -8
- package/dist/chunks/middleware.mjs +19 -10
- package/package.json +2 -2
|
@@ -106,7 +106,11 @@ const createFilesystemSource = (options) => {
|
|
|
106
106
|
};
|
|
107
107
|
};
|
|
108
108
|
};
|
|
109
|
+
const isWindows = process.platform === "win32";
|
|
109
110
|
function isValidPath(fp) {
|
|
111
|
+
if (isWindows) {
|
|
112
|
+
fp = fp.slice(pathe.parse(fp).root.length);
|
|
113
|
+
}
|
|
110
114
|
if (/[<>:"|?*]/.test(fp)) {
|
|
111
115
|
return false;
|
|
112
116
|
}
|
|
@@ -116,18 +120,23 @@ function isValidPath(fp) {
|
|
|
116
120
|
const createHTTPSource = (options) => {
|
|
117
121
|
const httpsAgent = new https__default.Agent({ keepAlive: true });
|
|
118
122
|
const httpAgent = new http__default.Agent({ keepAlive: true });
|
|
119
|
-
let
|
|
120
|
-
if (typeof
|
|
121
|
-
|
|
123
|
+
let _domains = options.domains || [];
|
|
124
|
+
if (typeof _domains === "string") {
|
|
125
|
+
_domains = _domains.split(",").map((s) => s.trim());
|
|
122
126
|
}
|
|
123
|
-
const
|
|
127
|
+
const domains = _domains.map((d) => {
|
|
128
|
+
if (!d.startsWith("http")) {
|
|
129
|
+
d = "http://" + d;
|
|
130
|
+
}
|
|
131
|
+
return new URL(d).hostname;
|
|
132
|
+
}).filter(Boolean);
|
|
124
133
|
return async (id, reqOptions) => {
|
|
125
|
-
const
|
|
126
|
-
if (!
|
|
134
|
+
const hostname = new URL(id).hostname;
|
|
135
|
+
if (!hostname) {
|
|
127
136
|
throw createError("Hostname is missing", 403, id);
|
|
128
137
|
}
|
|
129
|
-
if (!reqOptions?.bypassDomain && !
|
|
130
|
-
throw createError("Forbidden host", 403,
|
|
138
|
+
if (!reqOptions?.bypassDomain && !domains.find((domain) => hostname === domain)) {
|
|
139
|
+
throw createError("Forbidden host", 403, hostname);
|
|
131
140
|
}
|
|
132
141
|
const response = await ohmyfetch.fetch(id, {
|
|
133
142
|
agent: id.startsWith("https") ? httpsAgent : httpAgent,
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import defu from 'defu';
|
|
2
2
|
import { imageMeta } from 'image-meta';
|
|
3
|
-
import {
|
|
3
|
+
import { withLeadingSlash, hasProtocol, joinURL, decode } from 'ufo';
|
|
4
4
|
import { promises } from 'fs';
|
|
5
|
-
import { resolve, join } from 'pathe';
|
|
5
|
+
import { resolve, join, parse } from 'pathe';
|
|
6
6
|
import http from 'http';
|
|
7
7
|
import https from 'https';
|
|
8
8
|
import { fetch } from 'ohmyfetch';
|
|
@@ -95,7 +95,11 @@ const createFilesystemSource = (options) => {
|
|
|
95
95
|
};
|
|
96
96
|
};
|
|
97
97
|
};
|
|
98
|
+
const isWindows = process.platform === "win32";
|
|
98
99
|
function isValidPath(fp) {
|
|
100
|
+
if (isWindows) {
|
|
101
|
+
fp = fp.slice(parse(fp).root.length);
|
|
102
|
+
}
|
|
99
103
|
if (/[<>:"|?*]/.test(fp)) {
|
|
100
104
|
return false;
|
|
101
105
|
}
|
|
@@ -105,18 +109,23 @@ function isValidPath(fp) {
|
|
|
105
109
|
const createHTTPSource = (options) => {
|
|
106
110
|
const httpsAgent = new https.Agent({ keepAlive: true });
|
|
107
111
|
const httpAgent = new http.Agent({ keepAlive: true });
|
|
108
|
-
let
|
|
109
|
-
if (typeof
|
|
110
|
-
|
|
112
|
+
let _domains = options.domains || [];
|
|
113
|
+
if (typeof _domains === "string") {
|
|
114
|
+
_domains = _domains.split(",").map((s) => s.trim());
|
|
111
115
|
}
|
|
112
|
-
const
|
|
116
|
+
const domains = _domains.map((d) => {
|
|
117
|
+
if (!d.startsWith("http")) {
|
|
118
|
+
d = "http://" + d;
|
|
119
|
+
}
|
|
120
|
+
return new URL(d).hostname;
|
|
121
|
+
}).filter(Boolean);
|
|
113
122
|
return async (id, reqOptions) => {
|
|
114
|
-
const
|
|
115
|
-
if (!
|
|
123
|
+
const hostname = new URL(id).hostname;
|
|
124
|
+
if (!hostname) {
|
|
116
125
|
throw createError("Hostname is missing", 403, id);
|
|
117
126
|
}
|
|
118
|
-
if (!reqOptions?.bypassDomain && !
|
|
119
|
-
throw createError("Forbidden host", 403,
|
|
127
|
+
if (!reqOptions?.bypassDomain && !domains.find((domain) => hostname === domain)) {
|
|
128
|
+
throw createError("Forbidden host", 403, hostname);
|
|
120
129
|
}
|
|
121
130
|
const response = await fetch(id, {
|
|
122
131
|
agent: id.startsWith("https") ? httpsAgent : httpAgent,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "ipx",
|
|
3
|
-
"version": "0.9.
|
|
3
|
+
"version": "0.9.9",
|
|
4
4
|
"repository": "unjs/ipx",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"exports": {
|
|
@@ -26,7 +26,7 @@
|
|
|
26
26
|
"listhen": "^0.2.13",
|
|
27
27
|
"ohmyfetch": "^0.4.18",
|
|
28
28
|
"pathe": "^0.3.0",
|
|
29
|
-
"sharp": "^0.30.
|
|
29
|
+
"sharp": "^0.30.7",
|
|
30
30
|
"ufo": "^0.8.4",
|
|
31
31
|
"xss": "^1.0.13"
|
|
32
32
|
},
|