Merge branch 'main' into dependabot/npm_and_yarn/nodemailer-8.0.5

Author: MarceloRGonc

packages/blocks/http/jest.config.ts

@@ -0,0 +1,11 @@
+export default {
+  displayName: 'blocks-http',
+  preset: '../../../jest.preset.js',
+  setupFiles: ['../../../jest.env.js'],
+  testEnvironment: 'node',
+  transform: {
+    '^.+\\.[tj]s$': ['ts-jest', { tsconfig: '<rootDir>/tsconfig.spec.json' }],
+  },
+  moduleFileExtensions: ['ts', 'js', 'html'],
+  coverageDirectory: '../../../coverage/packages/blocks/http',
+};

packages/blocks/http/project.json

@@ -17,6 +17,13 @@
         "updateBuildableProjectDepsInPackageJson": true
       }
     },
+    "test": {
+      "executor": "@nx/jest:jest",
+      "outputs": ["{workspaceRoot}/coverage/{projectRoot}"],
+      "options": {
+        "jestConfig": "packages/blocks/http/jest.config.ts"
+      }
+    },
     "lint": {
       "executor": "@nx/eslint:lint",
       "outputs": ["{options.outputFile}"]

packages/blocks/http/src/lib/actions/send-http-request-action.ts

@@ -10,13 +10,14 @@ import {
   DynamicPropsValue,
   Property,
 } from '@openops/blocks-framework';
-import { validateHostAllowingPublicWebhookUrl } from '@openops/server-shared';
+import { validateHost } from '@openops/server-shared';
 import { assertNotNullOrUndefined } from '@openops/shared';
 import axios from 'axios';
 import FormData from 'form-data';
 import { HttpsProxyAgent } from 'https-proxy-agent';
 import { httpAuth } from '../common/auth';
 import { httpMethodDropdown } from '../common/props';
+import { validateAndRewritePublicWebhookUrl } from '../common/webhook-url-validator';
 
 const toLowerCaseKeys = (obj: HttpHeaders) =>
   Object.fromEntries(Object.entries(obj).map(([k, v]) => [k.toLowerCase(), v]));
@@ -170,10 +171,8 @@ export const httpSendRequestAction = createAction({
     assertNotNullOrUndefined(method, 'Method');
     assertNotNullOrUndefined(url, 'URL');
 
-    await validateHostAllowingPublicWebhookUrl(url);
-    await validateHostAllowingPublicWebhookUrl(
-      context.propsValue.proxy_settings?.proxy_host,
-    );
+    const newUrl = await validateAndRewritePublicWebhookUrl(url);
+    await validateHost(context.propsValue.proxy_settings?.proxy_host);
 
     const headersArray =
       (context.auth?.headers as
@@ -193,7 +192,7 @@ export const httpSendRequestAction = createAction({
 
     const request: HttpRequest = {
       method,
-      url,
+      url: newUrl,
       headers: mergedHeaders,
       queryParams: (queryParams ?? {}) as QueryParams,
       timeout: timeout ? timeout * 1000 : 0,

packages/blocks/http/src/lib/common/webhook-url-validator.ts

@@ -0,0 +1,51 @@
+import { networkUtls, validateHost } from '@openops/server-shared';
+
+export async function validateAndRewritePublicWebhookUrl(
+  userUrl: string,
+): Promise<string> {
+  if (!userUrl) {
+    return userUrl;
+  }
+
+  try {
+    await validateHost(userUrl);
+    return userUrl;
+  } catch (error) {
+    const publicUrl = await networkUtls.getPublicUrl();
+    const internalApiUrl = networkUtls.getInternalApiUrl();
+
+    const publicUrlObj = new URL(publicUrl);
+    const internalUrlObj = new URL(internalApiUrl);
+    const userUrlObj = new URL(userUrl);
+
+    if (userUrlObj.origin !== publicUrlObj.origin) {
+      throw error;
+    }
+
+    const internalBasePath = internalUrlObj.pathname.replace(/\/$/, '');
+    let relativePath = userUrlObj.pathname;
+
+    if (
+      internalBasePath &&
+      internalBasePath !== '/' &&
+      relativePath.startsWith(internalBasePath)
+    ) {
+      relativePath = relativePath.slice(internalBasePath.length);
+    }
+
+    if (!relativePath.startsWith('/')) {
+      relativePath = `/${relativePath}`;
+    }
+
+    if (!/^\/v1\/webhooks\/[0-9A-Za-z]{21}\/sync$/.test(relativePath)) {
+      throw error;
+    }
+
+    const rewrittenPath = `${internalBasePath}${relativePath}`.replace(
+      /\/{2,}/g,
+      '/',
+    );
+
+    return `${internalUrlObj.origin}${rewrittenPath}`;
+  }
+}

packages/blocks/http/test/webhook-url-validator.test.ts

@@ -0,0 +1,121 @@
+import { networkUtls, validateHost } from '@openops/server-shared';
+import { validateAndRewritePublicWebhookUrl } from '../src/lib/common/webhook-url-validator';
+
+jest.mock('@openops/server-shared', () => ({
+  validateHost: jest.fn(),
+  networkUtls: {
+    getPublicUrl: jest.fn(),
+    getInternalApiUrl: jest.fn(),
+  },
+}));
+
+describe('webhook-url-validator', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should return the original URL if it is empty', async () => {
+    const result = await validateAndRewritePublicWebhookUrl('');
+    expect(result).toBe('');
+  });
+
+  it('should return the original URL if validateHost passes', async () => {
+    (validateHost as jest.Mock).mockResolvedValue(undefined);
+    const userUrl = 'https://example.com/webhook';
+    const result = await validateAndRewritePublicWebhookUrl(userUrl);
+    expect(result).toBe(userUrl);
+    expect(validateHost).toHaveBeenCalledWith(userUrl);
+  });
+
+  it('should rewrite the URL if it matches the public URL origin and valid webhook path', async () => {
+    const error = new Error('Host must not be an internal address');
+    (validateHost as jest.Mock).mockRejectedValue(error);
+    (networkUtls.getPublicUrl as jest.Mock).mockResolvedValue(
+      'https://public.openops.com',
+    );
+    (networkUtls.getInternalApiUrl as jest.Mock).mockReturnValue(
+      'http://internal-api:3000',
+    );
+
+    const userUrl =
+      'https://public.openops.com/v1/webhooks/123456789012345678901/sync';
+    const result = await validateAndRewritePublicWebhookUrl(userUrl);
+
+    expect(result).toBe(
+      'http://internal-api:3000/v1/webhooks/123456789012345678901/sync',
+    );
+  });
+
+  it('should rewrite the URL when public URL has a base path', async () => {
+    const error = new Error('Host must not be an internal address');
+    (validateHost as jest.Mock).mockRejectedValue(error);
+    (networkUtls.getPublicUrl as jest.Mock).mockResolvedValue(
+      'https://openops.com/',
+    );
+    (networkUtls.getInternalApiUrl as jest.Mock).mockReturnValue(
+      'http://internal-api:3000/api',
+    );
+
+    const userUrl =
+      'https://openops.com/api/v1/webhooks/123456789012345678901/sync';
+    const result = await validateAndRewritePublicWebhookUrl(userUrl);
+
+    expect(result).toBe(
+      'http://internal-api:3000/api/v1/webhooks/123456789012345678901/sync',
+    );
+  });
+
+  it('should throw the original error if origin does not match public URL origin', async () => {
+    const error = new Error('Host must not be an internal address');
+    (validateHost as jest.Mock).mockRejectedValue(error);
+    (networkUtls.getPublicUrl as jest.Mock).mockResolvedValue(
+      'https://public.openops.com',
+    );
+    (networkUtls.getInternalApiUrl as jest.Mock).mockReturnValue(
+      'http://internal-api:3000',
+    );
+
+    const userUrl =
+      'https://other-domain.com/v1/webhooks/123456789012345678901/sync';
+
+    await expect(validateAndRewritePublicWebhookUrl(userUrl)).rejects.toThrow(
+      error,
+    );
+  });
+
+  it('should throw the original error if the path does not match the webhook pattern', async () => {
+    const error = new Error('Host must not be an internal address');
+    (validateHost as jest.Mock).mockRejectedValue(error);
+    (networkUtls.getPublicUrl as jest.Mock).mockResolvedValue(
+      'https://public.openops.com',
+    );
+    (networkUtls.getInternalApiUrl as jest.Mock).mockReturnValue(
+      'http://internal-api:3000',
+    );
+
+    const userUrl = 'https://public.openops.com/v1/webhooks/invalid-id/sync';
+
+    await expect(validateAndRewritePublicWebhookUrl(userUrl)).rejects.toThrow(
+      error,
+    );
+  });
+
+  it('should handle multiple slashes correctly during rewrite', async () => {
+    const error = new Error('Host must not be an internal address');
+    (validateHost as jest.Mock).mockRejectedValue(error);
+    (networkUtls.getPublicUrl as jest.Mock).mockResolvedValue(
+      'https://public.openops.com/',
+    );
+    (networkUtls.getInternalApiUrl as jest.Mock).mockReturnValue(
+      'http://internal-api:3000/',
+    );
+
+    const userUrl =
+      'https://public.openops.com/v1/webhooks/123456789012345678901/sync';
+    const result = await validateAndRewritePublicWebhookUrl(userUrl);
+
+    expect(result).toBe(
+      'http://internal-api:3000/v1/webhooks/123456789012345678901/sync',
+    );
+  });
+});

packages/blocks/http/tsconfig.spec.json

@@ -0,0 +1,14 @@
+{
+  "extends": "./tsconfig.json",
+  "compilerOptions": {
+    "outDir": "../../../dist/out-tsc",
+    "module": "commonjs",
+    "types": ["jest", "node"]
+  },
+  "include": [
+    "jest.config.ts",
+    "src/**/*.test.ts",
+    "src/**/*.spec.ts",
+    "src/**/*.d.ts"
+  ]
+}