mirror of
https://example.com
synced 2024-11-23 12:16:38 +09:00
fix: veiry url
This commit is contained in:
parent
36c9d5a870
commit
5520c6ff3d
1 changed files with 12 additions and 1 deletions
|
@ -23,6 +23,9 @@ type Args = {
|
|||
requestHeaders?: Record<string, string> | null;
|
||||
};
|
||||
|
||||
const PRIVATE_IP =
|
||||
/(^127\.)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^192\.168\.)/;
|
||||
|
||||
export async function uploadFromUrl({
|
||||
url,
|
||||
user,
|
||||
|
@ -35,7 +38,15 @@ export async function uploadFromUrl({
|
|||
requestIp = null,
|
||||
requestHeaders = null,
|
||||
}: Args): Promise<DriveFile> {
|
||||
let name = new URL(url).pathname.split("/").pop() || null;
|
||||
const parsedUrl = new URL(url);
|
||||
if (
|
||||
process.env.NODE_ENV === "production" &&
|
||||
PRIVATE_IP.test(parsedUrl.hostname)
|
||||
) {
|
||||
throw new Error("Private IP is not allowed");
|
||||
}
|
||||
|
||||
let name = parsedUrl.pathname.split("/").pop() || null;
|
||||
if (name == null || !DriveFiles.validateFileName(name)) {
|
||||
name = null;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue