feat: add validation for invalid test URLs (#734) · openstatus.dev/openstatus@cb07e95

openstatus.dev / openstatus

fork atom

Openstatus www.openstatus.dev

fork atom

feat: add validation for invalid test URLs (#734)

authored by

Yassine Rais and committed by

GitHub 2 years ago cb07e953 e3ba32d0

+12 -1

2 changed files

expand all

apps

web

src

app

api

checker

test

route.ts

utils.ts

+2 -1

apps/web/src/app/api/checker/test/route.ts

··· 5 5 6 6 import { checkRegion } from "@/app/play/checker/[id]/utils"; // TODO: move into a shared package 7 7 import { payloadSchema } from "../schema"; 8 + import { isAnInvalidTestUrl } from "../utils"; 8 9 9 10 export const runtime = "edge"; 10 11 export const preferredRegion = "auto"; ··· 28 29 29 30 const { url, region, method, headers, body } = _valid.data; 30 31 // 🧑‍💻 for the smart one who want to create a loop hole 31 - if (url === "https://www.openstatus.dev/api/checker/test") { 32 + if (isAnInvalidTestUrl(url)) { 32 33 return NextResponse.json({ success: true }, { status: 200 }); 33 34 } 34 35

+10

apps/web/src/app/api/checker/utils.ts

··· 1 + export const isAnInvalidTestUrl = (rawUrl: string) => { 2 + const url = new URL(rawUrl); 3 + const isSelfHostName = url.hostname 4 + .split(".") 5 + .slice(-2) // ex: any.sub.openstatus.dev 6 + .join(".") 7 + .includes("openstatus.dev"); // ex: openstatus.dev:80 8 + 9 + return isSelfHostName && url.pathname.startsWith("/api/checker/"); 10 + };