{"version":3,"sources":["../../src/uploads/safeFetch.ts"],"sourcesContent":["import type { LookupFunction } from 'net'\n\nimport { lookup } from 'dns'\nimport ipaddr from 'ipaddr.js'\nimport { Agent, fetch as undiciFetch } from 'undici'\n\n/**\n * @internal this is used to mock the IP `lookup` function in integration tests\n */\nexport const _internal_safeFetchGlobal = {\n  lookup,\n}\n\nconst isSafeIp = (ip: string) => {\n  try {\n    if (!ip) {\n      return false\n    }\n\n    if (!ipaddr.isValid(ip)) {\n      return false\n    }\n\n    const parsedIpAddress = ipaddr.parse(ip)\n    const range = parsedIpAddress.range()\n    if (range !== 'unicast') {\n      return false // Private IP Range\n    }\n  } catch (ignore) {\n    return false\n  }\n  return true\n}\n\nconst ssrfFilterInterceptor: LookupFunction = (hostname, options, callback) => {\n  _internal_safeFetchGlobal.lookup(hostname, options, (err, address, family) => {\n    if (err) {\n      callback(err, address, family)\n    } else {\n      let ips = [] as string[]\n      if (Array.isArray(address)) {\n        ips = address.map((a) => a.address)\n      } else {\n        ips = [address]\n      }\n\n      if (ips.some((ip) => !isSafeIp(ip))) {\n        callback(new Error(`Blocked unsafe attempt to ${hostname}`), address, family)\n        return\n      }\n\n      callback(null, address, family)\n    }\n  })\n}\n\nconst safeDispatcher = new Agent({\n  connect: { lookup: ssrfFilterInterceptor },\n})\n/**\n * A \"safe\" version of undici's fetch that prevents SSRF attacks.\n *\n * - Utilizes a custom dispatcher that filters out requests to unsafe IP addresses.\n * - Validates domain names by resolving them to IP addresses and checking if they're safe.\n * - Undici was used because it supported interceptors as well as \"credentials: include\". Native fetch\n */\nexport const safeFetch = async (...args: Parameters<typeof undiciFetch>): Promise<Response> => {\n  const [unverifiedUrl, options] = args\n\n  try {\n    const url = new URL(unverifiedUrl)\n\n    let hostname = url.hostname\n\n    // Strip brackets from IPv6 addresses (e.g., \"[::1]\" => \"::1\")\n    if (hostname.startsWith('[') && hostname.endsWith(']')) {\n      hostname = hostname.slice(1, -1)\n    }\n\n    if (ipaddr.isValid(hostname)) {\n      if (!isSafeIp(hostname)) {\n        throw new Error(`Blocked unsafe attempt to ${hostname}`)\n      }\n    }\n    return (await undiciFetch(url, {\n      ...options,\n      dispatcher: safeDispatcher,\n      redirect: 'manual', // Prevent automatic redirects\n    })) as unknown as Response\n  } catch (error) {\n    if (error instanceof Error) {\n      if (error.cause instanceof Error && error.cause.message.includes('unsafe')) {\n        // Errors thrown from within interceptors always have 'fetch error' as the message\n        // The desired message we want to bubble up is in the cause\n        throw new Error(error.cause.message)\n      } else {\n        let stringifiedUrl: string | undefined = undefined\n        if (typeof unverifiedUrl === 'string') {\n          stringifiedUrl = unverifiedUrl\n        } else if (unverifiedUrl instanceof URL) {\n          stringifiedUrl = unverifiedUrl.toString()\n        } else if (unverifiedUrl instanceof Request) {\n          stringifiedUrl = unverifiedUrl.url\n        }\n\n        throw new Error(`Failed to fetch from ${stringifiedUrl}, ${error.message}`)\n      }\n    }\n    throw error\n  }\n}\n"],"names":["lookup","ipaddr","Agent","fetch","undiciFetch","_internal_safeFetchGlobal","isSafeIp","ip","isValid","parsedIpAddress","parse","range","ignore","ssrfFilterInterceptor","hostname","options","callback","err","address","family","ips","Array","isArray","map","a","some","Error","safeDispatcher","connect","safeFetch","args","unverifiedUrl","url","URL","startsWith","endsWith","slice","dispatcher","redirect","error","cause","message","includes","stringifiedUrl","undefined","toString","Request"],"mappings":"AAEA,SAASA,MAAM,QAAQ,MAAK;AAC5B,OAAOC,YAAY,YAAW;AAC9B,SAASC,KAAK,EAAEC,SAASC,WAAW,QAAQ,SAAQ;AAEpD;;CAEC,GACD,OAAO,MAAMC,4BAA4B;IACvCL;AACF,EAAC;AAED,MAAMM,WAAW,CAACC;IAChB,IAAI;QACF,IAAI,CAACA,IAAI;YACP,OAAO;QACT;QAEA,IAAI,CAACN,OAAOO,OAAO,CAACD,KAAK;YACvB,OAAO;QACT;QAEA,MAAME,kBAAkBR,OAAOS,KAAK,CAACH;QACrC,MAAMI,QAAQF,gBAAgBE,KAAK;QACnC,IAAIA,UAAU,WAAW;YACvB,OAAO,MAAM,mBAAmB;;QAClC;IACF,EAAE,OAAOC,QAAQ;QACf,OAAO;IACT;IACA,OAAO;AACT;AAEA,MAAMC,wBAAwC,CAACC,UAAUC,SAASC;IAChEX,0BAA0BL,MAAM,CAACc,UAAUC,SAAS,CAACE,KAAKC,SAASC;QACjE,IAAIF,KAAK;YACPD,SAASC,KAAKC,SAASC;QACzB,OAAO;YACL,IAAIC,MAAM,EAAE;YACZ,IAAIC,MAAMC,OAAO,CAACJ,UAAU;gBAC1BE,MAAMF,QAAQK,GAAG,CAAC,CAACC,IAAMA,EAAEN,OAAO;YACpC,OAAO;gBACLE,MAAM;oBAACF;iBAAQ;YACjB;YAEA,IAAIE,IAAIK,IAAI,CAAC,CAAClB,KAAO,CAACD,SAASC,MAAM;gBACnCS,SAAS,IAAIU,MAAM,CAAC,0BAA0B,EAAEZ,UAAU,GAAGI,SAASC;gBACtE;YACF;YAEAH,SAAS,MAAME,SAASC;QAC1B;IACF;AACF;AAEA,MAAMQ,iBAAiB,IAAIzB,MAAM;IAC/B0B,SAAS;QAAE5B,QAAQa;IAAsB;AAC3C;AACA;;;;;;CAMC,GACD,OAAO,MAAMgB,YAAY,OAAO,GAAGC;IACjC,MAAM,CAACC,eAAehB,QAAQ,GAAGe;IAEjC,IAAI;QACF,MAAME,MAAM,IAAIC,IAAIF;QAEpB,IAAIjB,WAAWkB,IAAIlB,QAAQ;QAE3B,8DAA8D;QAC9D,IAAIA,SAASoB,UAAU,CAAC,QAAQpB,SAASqB,QAAQ,CAAC,MAAM;YACtDrB,WAAWA,SAASsB,KAAK,CAAC,GAAG,CAAC;QAChC;QAEA,IAAInC,OAAOO,OAAO,CAACM,WAAW;YAC5B,IAAI,CAACR,SAASQ,WAAW;gBACvB,MAAM,IAAIY,MAAM,CAAC,0BAA0B,EAAEZ,UAAU;YACzD;QACF;QACA,OAAQ,MAAMV,YAAY4B,KAAK;YAC7B,GAAGjB,OAAO;YACVsB,YAAYV;YACZW,UAAU;QACZ;IACF,EAAE,OAAOC,OAAO;QACd,IAAIA,iBAAiBb,OAAO;YAC1B,IAAIa,MAAMC,KAAK,YAAYd,SAASa,MAAMC,KAAK,CAACC,OAAO,CAACC,QAAQ,CAAC,WAAW;gBAC1E,kFAAkF;gBAClF,2DAA2D;gBAC3D,MAAM,IAAIhB,MAAMa,MAAMC,KAAK,CAACC,OAAO;YACrC,OAAO;gBACL,IAAIE,iBAAqCC;gBACzC,IAAI,OAAOb,kBAAkB,UAAU;oBACrCY,iBAAiBZ;gBACnB,OAAO,IAAIA,yBAAyBE,KAAK;oBACvCU,iBAAiBZ,cAAcc,QAAQ;gBACzC,OAAO,IAAId,yBAAyBe,SAAS;oBAC3CH,iBAAiBZ,cAAcC,GAAG;gBACpC;gBAEA,MAAM,IAAIN,MAAM,CAAC,qBAAqB,EAAEiB,eAAe,EAAE,EAAEJ,MAAME,OAAO,EAAE;YAC5E;QACF;QACA,MAAMF;IACR;AACF,EAAC"}