{"version":3,"sources":["../../src/uploads/getExternalFile.ts"],"sourcesContent":["import type { PayloadRequest } from '../types/index.js'\nimport type { File, FileData, UploadConfig } from './types.js'\n\nimport { APIError } from '../errors/index.js'\nimport { isURLAllowed } from '../utilities/isURLAllowed.js'\nimport { safeFetch } from './safeFetch.js'\n\ntype Args = {\n data: FileData\n req: PayloadRequest\n uploadConfig: UploadConfig\n}\nexport const getExternalFile = async ({ data, req, uploadConfig }: Args): Promise => {\n const { filename, url } = data\n\n let trimAuthCookies = true\n if (typeof url === 'string') {\n let fileURL = url\n if (!url.startsWith('http')) {\n // URL points to the same server - we can send any cookies safely to our server.\n trimAuthCookies = false\n const baseUrl = req.headers.get('origin') || `${req.protocol}://${req.headers.get('host')}`\n fileURL = `${baseUrl}${url}`\n }\n\n let cookies = (req.headers.get('cookie') ?? '').split(';')\n\n if (trimAuthCookies) {\n cookies = cookies.filter(\n (cookie) => !cookie.trim().startsWith(req.payload.config.cookiePrefix),\n )\n }\n\n const headers = uploadConfig.externalFileHeaderFilter\n ? uploadConfig.externalFileHeaderFilter(Object.fromEntries(new Headers(req.headers)))\n : {\n cookie: cookies.join(';'),\n }\n\n let res\n let redirectCount = 0\n const maxRedirects = 3\n\n while (redirectCount <= maxRedirects) {\n const skipSafeFetch: boolean =\n uploadConfig.skipSafeFetch === true\n ? uploadConfig.skipSafeFetch\n : Array.isArray(uploadConfig.skipSafeFetch) &&\n isURLAllowed(fileURL, uploadConfig.skipSafeFetch)\n\n const isAllowedPasteUrl: boolean | undefined =\n uploadConfig.pasteURL &&\n uploadConfig.pasteURL.allowList &&\n isURLAllowed(fileURL, uploadConfig.pasteURL.allowList)\n\n if (skipSafeFetch || isAllowedPasteUrl) {\n res = await fetch(fileURL, {\n credentials: 'include',\n headers,\n method: 'GET',\n redirect: 'manual',\n })\n } else {\n // Default\n res = await safeFetch(fileURL, {\n credentials: 'include',\n headers,\n method: 'GET',\n })\n }\n\n if (res.status >= 300 && res.status < 400) {\n redirectCount++\n if (redirectCount > maxRedirects) {\n throw new APIError(`Too many redirects (max ${maxRedirects})`, 403)\n }\n const location = res.headers.get('location')\n if (location) {\n fileURL = new URL(location, fileURL).toString()\n if (\n uploadConfig.pasteURL &&\n uploadConfig.pasteURL.allowList &&\n !isURLAllowed(fileURL, uploadConfig.pasteURL.allowList)\n ) {\n throw new APIError('Redirect target is not allowed.', 400)\n }\n continue\n }\n }\n\n break\n }\n\n if (!res || !res.ok) {\n throw new APIError(`Failed to fetch file from ${fileURL}`, res?.status)\n }\n\n const data = await res.arrayBuffer()\n\n return {\n name: filename,\n data: Buffer.from(data),\n mimetype: res.headers.get('content-type') || undefined!,\n size: Number(res.headers.get('content-length')) || 0,\n }\n }\n\n throw new APIError('Invalid file url', 400)\n}\n"],"names":["APIError","isURLAllowed","safeFetch","getExternalFile","data","req","uploadConfig","filename","url","trimAuthCookies","fileURL","startsWith","baseUrl","headers","get","protocol","cookies","split","filter","cookie","trim","payload","config","cookiePrefix","externalFileHeaderFilter","Object","fromEntries","Headers","join","res","redirectCount","maxRedirects","skipSafeFetch","Array","isArray","isAllowedPasteUrl","pasteURL","allowList","fetch","credentials","method","redirect","status","location","URL","toString","ok","arrayBuffer","name","Buffer","from","mimetype","undefined","size","Number"],"mappings":"AAGA,SAASA,QAAQ,QAAQ,qBAAoB;AAC7C,SAASC,YAAY,QAAQ,+BAA8B;AAC3D,SAASC,SAAS,QAAQ,iBAAgB;AAO1C,OAAO,MAAMC,kBAAkB,OAAO,EAAEC,IAAI,EAAEC,GAAG,EAAEC,YAAY,EAAQ;IACrE,MAAM,EAAEC,QAAQ,EAAEC,GAAG,EAAE,GAAGJ;IAE1B,IAAIK,kBAAkB;IACtB,IAAI,OAAOD,QAAQ,UAAU;QAC3B,IAAIE,UAAUF;QACd,IAAI,CAACA,IAAIG,UAAU,CAAC,SAAS;YAC3B,gFAAgF;YAChFF,kBAAkB;YAClB,MAAMG,UAAUP,IAAIQ,OAAO,CAACC,GAAG,CAAC,aAAa,GAAGT,IAAIU,QAAQ,CAAC,GAAG,EAAEV,IAAIQ,OAAO,CAACC,GAAG,CAAC,SAAS;YAC3FJ,UAAU,GAAGE,UAAUJ,KAAK;QAC9B;QAEA,IAAIQ,UAAU,AAACX,CAAAA,IAAIQ,OAAO,CAACC,GAAG,CAAC,aAAa,EAAC,EAAGG,KAAK,CAAC;QAEtD,IAAIR,iBAAiB;YACnBO,UAAUA,QAAQE,MAAM,CACtB,CAACC,SAAW,CAACA,OAAOC,IAAI,GAAGT,UAAU,CAACN,IAAIgB,OAAO,CAACC,MAAM,CAACC,YAAY;QAEzE;QAEA,MAAMV,UAAUP,aAAakB,wBAAwB,GACjDlB,aAAakB,wBAAwB,CAACC,OAAOC,WAAW,CAAC,IAAIC,QAAQtB,IAAIQ,OAAO,MAChF;YACEM,QAAQH,QAAQY,IAAI,CAAC;QACvB;QAEJ,IAAIC;QACJ,IAAIC,gBAAgB;QACpB,MAAMC,eAAe;QAErB,MAAOD,iBAAiBC,aAAc;YACpC,MAAMC,gBACJ1B,aAAa0B,aAAa,KAAK,OAC3B1B,aAAa0B,aAAa,GAC1BC,MAAMC,OAAO,CAAC5B,aAAa0B,aAAa,KACxC/B,aAAaS,SAASJ,aAAa0B,aAAa;YAEtD,MAAMG,oBACJ7B,aAAa8B,QAAQ,IACrB9B,aAAa8B,QAAQ,CAACC,SAAS,IAC/BpC,aAAaS,SAASJ,aAAa8B,QAAQ,CAACC,SAAS;YAEvD,IAAIL,iBAAiBG,mBAAmB;gBACtCN,MAAM,MAAMS,MAAM5B,SAAS;oBACzB6B,aAAa;oBACb1B;oBACA2B,QAAQ;oBACRC,UAAU;gBACZ;YACF,OAAO;gBACL,UAAU;gBACVZ,MAAM,MAAM3B,UAAUQ,SAAS;oBAC7B6B,aAAa;oBACb1B;oBACA2B,QAAQ;gBACV;YACF;YAEA,IAAIX,IAAIa,MAAM,IAAI,OAAOb,IAAIa,MAAM,GAAG,KAAK;gBACzCZ;gBACA,IAAIA,gBAAgBC,cAAc;oBAChC,MAAM,IAAI/B,SAAS,CAAC,wBAAwB,EAAE+B,aAAa,CAAC,CAAC,EAAE;gBACjE;gBACA,MAAMY,WAAWd,IAAIhB,OAAO,CAACC,GAAG,CAAC;gBACjC,IAAI6B,UAAU;oBACZjC,UAAU,IAAIkC,IAAID,UAAUjC,SAASmC,QAAQ;oBAC7C,IACEvC,aAAa8B,QAAQ,IACrB9B,aAAa8B,QAAQ,CAACC,SAAS,IAC/B,CAACpC,aAAaS,SAASJ,aAAa8B,QAAQ,CAACC,SAAS,GACtD;wBACA,MAAM,IAAIrC,SAAS,mCAAmC;oBACxD;oBACA;gBACF;YACF;YAEA;QACF;QAEA,IAAI,CAAC6B,OAAO,CAACA,IAAIiB,EAAE,EAAE;YACnB,MAAM,IAAI9C,SAAS,CAAC,0BAA0B,EAAEU,SAAS,EAAEmB,KAAKa;QAClE;QAEA,MAAMtC,OAAO,MAAMyB,IAAIkB,WAAW;QAElC,OAAO;YACLC,MAAMzC;YACNH,MAAM6C,OAAOC,IAAI,CAAC9C;YAClB+C,UAAUtB,IAAIhB,OAAO,CAACC,GAAG,CAAC,mBAAmBsC;YAC7CC,MAAMC,OAAOzB,IAAIhB,OAAO,CAACC,GAAG,CAAC,sBAAsB;QACrD;IACF;IAEA,MAAM,IAAId,SAAS,oBAAoB;AACzC,EAAC"}