diff options
author | poeti8 <ezzati.upt@gmail.com> | 2020-12-12 16:55:56 +0300 |
---|---|---|
committer | poeti8 <ezzati.upt@gmail.com> | 2020-12-12 16:55:56 +0300 |
commit | 5e42185df52bc4eccfb088d79100bf5fa92becf8 (patch) | |
tree | c692653a9222e0cc063ec30dcf111f14904a35f9 /server | |
parent | 403d94612877881a78c3764116616ac9e9b0df56 (diff) |
fix: remove www when checking and adding domains
Diffstat (limited to 'server')
-rw-r--r-- | server/__v1/controllers/linkController.ts | 26 | ||||
-rw-r--r-- | server/__v1/controllers/validateBodyController.ts | 4 | ||||
-rw-r--r-- | server/handlers/links.ts | 14 | ||||
-rw-r--r-- | server/handlers/validators.ts | 14 | ||||
-rw-r--r-- | server/queues/visit.ts | 5 | ||||
-rw-r--r-- | server/utils/index.ts | 4 |
6 files changed, 39 insertions, 28 deletions
diff --git a/server/__v1/controllers/linkController.ts b/server/__v1/controllers/linkController.ts index ee6e165..e7bcdfe 100644 --- a/server/__v1/controllers/linkController.ts +++ b/server/__v1/controllers/linkController.ts @@ -21,7 +21,12 @@ import { } from "../db/link"; import transporter from "../../mail/mail"; import * as redis from "../../redis"; -import { addProtocol, generateShortLink, getStatsCacheTime } from "../../utils"; +import { + addProtocol, + generateShortLink, + getStatsCacheTime, + removeWww +} from "../../utils"; import { checkBannedDomain, checkBannedHost, @@ -47,7 +52,7 @@ const generateId = async () => { export const shortener: Handler = async (req, res) => { try { const target = addProtocol(req.body.target); - const targetDomain = URL.parse(target).hostname; + const targetDomain = removeWww(URL.parse(target).hostname); const queries = await Promise.all([ env.GOOGLE_SAFE_BROWSING_KEY && cooldownCheck(req.user), @@ -112,7 +117,7 @@ export const shortener: Handler = async (req, res) => { }; export const goToLink: Handler = async (req, res, next) => { - const { host } = req.headers; + const host = removeWww(req.headers.host); const reqestedId = req.params.id || req.body.id; const address = reqestedId.replace("+", ""); const customDomain = host !== env.DEFAULT_DOMAIN && host; @@ -202,7 +207,7 @@ export const getUserLinks: Handler = async (req, res) => { export const setCustomDomain: Handler = async (req, res) => { const parsed = URL.parse(req.body.customDomain); - const customDomain = parsed.hostname || parsed.href; + const customDomain = removeWww(parsed.hostname || parsed.href); if (!customDomain) return res.status(400).json({ error: "Domain is not valid." }); if (customDomain.length > 40) { @@ -258,15 +263,16 @@ export const deleteCustomDomain: Handler = async (req, res) => { }; export const customDomainRedirection: Handler = async (req, res, next) => { - const { headers, path } = req; + const { path } = req; + const host = removeWww(req.headers.host); if ( - headers.host !== env.DEFAULT_DOMAIN && + host !== env.DEFAULT_DOMAIN && (path === "/" || preservedUrls .filter(l => l !== "url-password") .some(item => item === path.replace("/", ""))) ) { - const domain = await getDomain({ address: headers.host }); + const domain = await getDomain({ address: host }); return res.redirect( 301, (domain && domain.homepage) || `https://${env.DEFAULT_DOMAIN + path}` @@ -300,7 +306,7 @@ export const getLinkStats: Handler = async (req, res) => { return res.status(400).json({ error: "No id has been provided." }); } - const { hostname } = URL.parse(req.query.domain); + const hostname = removeWww(URL.parse(req.query.domain).hostname); const hasCustomDomain = req.query.domain && hostname !== env.DEFAULT_DOMAIN; const customDomain = hasCustomDomain ? (await getDomain({ address: req.query.domain })) || ({ id: -1 } as Domain) @@ -338,7 +344,7 @@ export const reportLink: Handler = async (req, res) => { return res.status(400).json({ error: "No URL has been provided." }); } - const { hostname } = URL.parse(req.body.link); + const hostname = removeWww(URL.parse(req.body.link).hostname); if (hostname !== env.DEFAULT_DOMAIN) { return res.status(400).json({ error: `You can only report a ${env.DEFAULT_DOMAIN} link` @@ -374,7 +380,7 @@ export const ban: Handler = async (req, res) => { return res.status(200).json({ message: "Link was banned already." }); } - const domain = URL.parse(link.target).hostname; + const domain = removeWww(URL.parse(link.target).hostname); let host; if (req.body.host) { diff --git a/server/__v1/controllers/validateBodyController.ts b/server/__v1/controllers/validateBodyController.ts index a445a7d..4f104e0 100644 --- a/server/__v1/controllers/validateBodyController.ts +++ b/server/__v1/controllers/validateBodyController.ts @@ -8,7 +8,7 @@ import axios from "axios"; import dns from "dns"; import URL from "url"; -import { addProtocol, CustomError } from "../../utils"; +import { addProtocol, CustomError, removeWww } from "../../utils"; import { addCooldown, banUser } from "../db/user"; import { getUserLinksCount } from "../db/link"; import { getDomain } from "../db/domain"; @@ -83,7 +83,7 @@ export const validateUrl: RequestHandler = async (req, res, next) => { return res.status(400).json({ error: "URL is not valid." }); // If target is the URL shortener itself - const { host } = URL.parse(addProtocol(req.body.target)); + const host = removeWww(URL.parse(addProtocol(req.body.target)).host); if (host === env.DEFAULT_DOMAIN) { return res .status(400) diff --git a/server/handlers/links.ts b/server/handlers/links.ts index 837d37b..588a50a 100644 --- a/server/handlers/links.ts +++ b/server/handlers/links.ts @@ -53,7 +53,7 @@ export const create: Handler = async (req: CreateLinkReq, res) => { } = req.body; const domain_id = domain ? domain.id : null; - const targetDomain = URL.parse(target).hostname; + const targetDomain = utils.removeWww(URL.parse(target).hostname); const queries = await Promise.all([ validators.cooldown(req.user), @@ -123,7 +123,7 @@ export const edit: Handler = async (req, res) => { throw new CustomError("Link was not found."); } - const targetDomain = URL.parse(target).hostname; + const targetDomain = utils.removeWww(URL.parse(target).hostname); const domain_id = link.domain_id || null; const queries = await Promise.all([ @@ -218,7 +218,7 @@ export const ban: Handler = async (req, res) => { // 2. Ban link tasks.push(query.link.update({ uuid: id }, update)); - const domain = URL.parse(link.target).hostname; + const domain = utils.removeWww(URL.parse(link.target).hostname); // 3. Ban target's domain if (req.body.domain) { @@ -266,7 +266,7 @@ export const redirect = (app: ReturnType<typeof next>): Handler => async ( if (isPreservedUrl) return next(); // 1. If custom domain, get domain info - const { host } = req.headers; + const host = utils.removeWww(req.headers.host); const domain = host !== env.DEFAULT_DOMAIN ? await query.domain.find({ address: host }) @@ -371,10 +371,8 @@ export const redirectProtected: Handler = async (req, res) => { }; export const redirectCustomDomain: Handler = async (req, res, next) => { - const { - headers: { host }, - path - } = req; + const { path } = req; + const host = utils.removeWww(req.headers.host); if (host === env.DEFAULT_DOMAIN) { return next(); diff --git a/server/handlers/validators.ts b/server/handlers/validators.ts index d954c51..635401b 100644 --- a/server/handlers/validators.ts +++ b/server/handlers/validators.ts @@ -8,7 +8,7 @@ import dns from "dns"; import URL from "url"; import ms from "ms"; -import { CustomError, addProtocol } from "../utils"; +import { CustomError, addProtocol, removeWww } from "../utils"; import query from "../queries"; import knex from "../knex"; import env from "../env"; @@ -55,7 +55,7 @@ export const createLink = [ /^(?!https?)(\w+):\/\//.test(value) ) .withMessage("URL is not valid.") - .custom(value => URL.parse(value).host !== env.DEFAULT_DOMAIN) + .custom(value => removeWww(URL.parse(value).host) !== env.DEFAULT_DOMAIN) .withMessage(`${env.DEFAULT_DOMAIN} URLs are not allowed.`), body("password") .optional({ nullable: true, checkFalsy: true }) @@ -111,7 +111,7 @@ export const createLink = [ .isString() .withMessage("Domain should be string.") .customSanitizer(value => value.toLowerCase()) - .customSanitizer(value => URL.parse(value).hostname || value) + .customSanitizer(value => removeWww(URL.parse(value).hostname || value)) .custom(async (address, { req }) => { if (address === env.DEFAULT_DOMAIN) { req.body.domain = null; @@ -143,7 +143,7 @@ export const editLink = [ /^(?!https?)(\w+):\/\//.test(value) ) .withMessage("URL is not valid.") - .custom(value => URL.parse(value).host !== env.DEFAULT_DOMAIN) + .custom(value => removeWww(URL.parse(value).host) !== env.DEFAULT_DOMAIN) .withMessage(`${env.DEFAULT_DOMAIN} URLs are not allowed.`), body("address") .optional({ checkFalsy: true, nullable: true }) @@ -201,7 +201,7 @@ export const addDomain = [ .trim() .customSanitizer(value => { const parsed = URL.parse(value); - return parsed.hostname || parsed.href; + return removeWww(parsed.hostname || parsed.href); }) .custom(value => urlRegex({ exact: true, strict: false }).test(value)) .custom(value => value !== env.DEFAULT_DOMAIN) @@ -243,7 +243,9 @@ export const reportLink = [ checkNull: true }) .customSanitizer(addProtocol) - .custom(value => URL.parse(value).hostname === env.DEFAULT_DOMAIN) + .custom( + value => removeWww(URL.parse(value).hostname) === env.DEFAULT_DOMAIN + ) .withMessage(`You can only report a ${env.DEFAULT_DOMAIN} link.`) ]; diff --git a/server/queues/visit.ts b/server/queues/visit.ts index 0ed9a66..0130b1b 100644 --- a/server/queues/visit.ts +++ b/server/queues/visit.ts @@ -3,7 +3,7 @@ import geoip from "geoip-lite"; import URL from "url"; import query from "../queries"; -import { getStatsLimit } from "../utils"; +import { getStatsLimit, removeWww } from "../utils"; const browsersList = ["IE", "Firefox", "Chrome", "Opera", "Safari", "Edge"]; const osList = ["Windows", "Mac OS", "Linux", "Android", "iOS"]; @@ -21,7 +21,8 @@ export default function({ data }) { const agent = useragent.parse(data.headers["user-agent"]); const [browser = "Other"] = browsersList.filter(filterInBrowser(agent)); const [os = "Other"] = osList.filter(filterInOs(agent)); - const referrer = data.referrer && URL.parse(data.referrer).hostname; + const referrer = + data.referrer && removeWww(URL.parse(data.referrer).hostname); const location = geoip.lookup(data.realIP); const country = location && location.country; tasks.push( diff --git a/server/utils/index.ts b/server/utils/index.ts index 5384bf5..dd99617 100644 --- a/server/utils/index.ts +++ b/server/utils/index.ts @@ -164,3 +164,7 @@ export const sanitize = { link: generateShortLink(link.address, link.domain) }) }; + +export const removeWww = (host = "") => { + return host.replace("www.", ""); +}; |