pengjunjie/server
1
0
Fork 1
mirror of https://github.com/ONLYOFFICE/server.git synced 2026-04-07 14:04:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bug] Check ip-filter for 'downloadfile' and 'imgurls' request

Browse Source
This commit is contained in:
Sergey Konovalov
2023-05-12 01:13:42 +03:00
parent 4cebf0f89e
commit 3bf2dc20c3
2 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Common/sources/utils.js
View File

@ -72,7 +72,7 @@ const contentDisposition = require('content-disposition');
var configIpFilter = config.get('services.CoAuthoring.ipfilter');
var cfgIpFilterRules = configIpFilter.get('rules');
var cfgIpFilterErrorCode = configIpFilter.get('errorcode');
const cfgIpFilterEseForRequest = configIpFilter.get('useforrequest');
const cfgIpFilterUseForRequest = configIpFilter.get('useforrequest');
var cfgExpPemStdTtl = config.get('services.CoAuthoring.expire.pemStdTTL');
var cfgExpPemCheckPeriod = config.get('services.CoAuthoring.expire.pemCheckPeriod');
var cfgTokenOutboxHeader = config.get('services.CoAuthoring.token.outbox.header');
@ -824,7 +824,7 @@ function* checkHostFilter(ctx, hostname) {
exports.checkHostFilter = checkHostFilter;
function checkClientIp(req, res, next) {
let status = 0;
if (cfgIpFilterEseForRequest) {
if (cfgIpFilterUseForRequest) {
const addresses = forwarded(req);
const ipString = addresses[addresses.length - 1];
status = checkIpFilter(ipString);

14
DocService/sources/canvasservice.js
View File

@ -703,6 +703,13 @@ function* commandImgurls(ctx, conn, cmd, outputData) {
}
} else if (urlSource) {
try {
if (authorizations[i]) {
let urlParsed = urlModule.parse(urlSource);
let filterStatus = yield* utils.checkHostFilter(ctx, urlParsed.hostname);
if (0 !== filterStatus) {
throw Error('checkIpFilter');
}
}
//todo stream
let getRes = yield utils.downloadUrlPromise(ctx, urlSource, cfgImageDownloadTimeout, cfgImageSize, authorizations[i], !authorizations[i]);
data = getRes.body;
@ -1556,6 +1563,13 @@ exports.downloadFile = function(req, res) {
authorization = utils.fillJwtForRequest({url: url}, secret, false);
}
}
let urlParsed = urlModule.parse(url);
let filterStatus = yield* utils.checkHostFilter(ctx, urlParsed.hostname);
if (0 !== filterStatus) {
ctx.logger.warn('Error downloadFile checkIpFilter error: url = %s', url);
res.sendStatus(filterStatus);
return;
}
yield utils.downloadUrlPromise(ctx, url, cfgDownloadTimeout, cfgDownloadMaxBytes, authorization, !authorization, null, res);
if (clientStatsD) {