build/services/misc.js

"use strict";
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
    return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.MiscService = void 0;
const tsyringe_1 = require("tsyringe");
const async_service_1 = require("civkit/async-service");
const civ_rpc_1 = require("civkit/civ-rpc");
const errors_1 = require("../shared/lib/errors");
const node_net_1 = require("node:net");
const ip_1 = require("../utils/ip");
const logger_1 = require("./logger");
const promises_1 = require("node:dns/promises");
const threaded_1 = require("./threaded");
const normalizeUrl = require('@esm2cjs/normalize-url').default;
let MiscService = class MiscService extends async_service_1.AsyncService {
    constructor(globalLogger) {
        super(...arguments);
        this.globalLogger = globalLogger;
        this.logger = this.globalLogger.child({ service: this.constructor.name });
    }
    async init() {
        await this.dependencyReady();
        this.emit('ready');
    }
    async assertNormalizedUrl(input) {
        let result;
        try {
            result = new URL(normalizeUrl(input, {
                stripWWW: false,
                removeTrailingSlash: false,
                removeSingleSlash: false,
                sortQueryParameters: false,
            }));
        }
        catch (err) {
            throw new civ_rpc_1.ParamValidationError({
                message: `${err}`,
                path: 'url'
            });
        }
        if (!['http:', 'https:', 'blob:'].includes(result.protocol)) {
            throw new civ_rpc_1.ParamValidationError({
                message: `Invalid protocol ${result.protocol}`,
                path: 'url'
            });
        }
        const normalizedHostname = result.hostname.startsWith('[') ? result.hostname.slice(1, -1) : result.hostname;
        let ips = [];
        const isIp = (0, node_net_1.isIP)(normalizedHostname);
        if (isIp) {
            ips.push(normalizedHostname);
        }
        if ((result.hostname === 'localhost') ||
            (isIp && (0, ip_1.isIPInNonPublicRange)(normalizedHostname))) {
            this.logger.warn(`Suspicious action: Request to localhost or non-public IP: ${normalizedHostname}`, { href: result.href });
            throw new errors_1.SecurityCompromiseError({
                message: `Suspicious action: Request to localhost or non-public IP: ${normalizedHostname}`,
                path: 'url'
            });
        }
        if (!isIp && result.protocol !== 'blob:') {
            const resolved = await (0, promises_1.lookup)(result.hostname, { all: true }).catch((err) => {
                if (err.code === 'ENOTFOUND') {
                    return Promise.reject(new civ_rpc_1.ParamValidationError({
                        message: `Domain '${result.hostname}' could not be resolved`,
                        path: 'url'
                    }));
                }
                return;
            });
            if (resolved) {
                for (const x of resolved) {
                    if ((0, ip_1.isIPInNonPublicRange)(x.address)) {
                        this.logger.warn(`Suspicious action: Domain resolved to non-public IP: ${result.hostname} => ${x.address}`, { href: result.href, ip: x.address });
                        throw new errors_1.SecurityCompromiseError({
                            message: `Suspicious action: Domain resolved to non-public IP: ${x.address}`,
                            path: 'url'
                        });
                    }
                    ips.push(x.address);
                }
            }
        }
        return {
            url: result,
            ips
        };
    }
};
exports.MiscService = MiscService;
__decorate([
    (0, threaded_1.Threaded)(),
    __metadata("design:type", Function),
    __metadata("design:paramtypes", [String]),
    __metadata("design:returntype", Promise)
], MiscService.prototype, "assertNormalizedUrl", null);
exports.MiscService = MiscService = __decorate([
    (0, tsyringe_1.singleton)(),
    __metadata("design:paramtypes", [logger_1.GlobalLogger])
], MiscService);
//# sourceMappingURL=misc.js.map