+11

migration_scripts/v2.py

··· 23 23 """ 24 24 ) 25 25 26 26 + con.execute( 27 27 + """ 28 28 + CREATE TABLE handle_cache( 29 29 + handle TEXT PRIMARY KEY NOT NULL, 30 30 + did TEXT, 31 31 + created_at INTEGER NOT NULL, 32 32 + expires_at INTEGER NOT NULL 33 33 + ) 34 34 + """ 35 35 + ) 36 36 + 26 37 con.execute("UPDATE config SET db_version=2") 27 38 28 39 print("v1 -> v2 Migration successful")

+12

src/millipds/database.py

··· 230 230 """ 231 231 ) 232 232 233 233 + # likewise, a null did represents a failed resolution 234 234 + self.con.execute( 235 235 + """ 236 236 + CREATE TABLE handle_cache( 237 237 + handle TEXT PRIMARY KEY NOT NULL, 238 238 + did TEXT, 239 239 + created_at INTEGER NOT NULL, 240 240 + expires_at INTEGER NOT NULL 241 241 + ) 242 242 + """ 243 243 + ) 244 244 + 233 245 def update_config( 234 246 self, 235 247 pds_pfx: Optional[str] = None,

+7 -2

src/millipds/ssrf.py

··· 14 14 # (without this, bare IPs in the URL will bypass the resolver, where our SSRF check is) 15 15 aiohttp.connector.is_ip_address = lambda _: False 16 16 17 17 + 17 18 class SSRFException(ValueError): 18 19 pass 20 20 + 19 21 20 22 class SSRFSafeResolverWrapper(AbstractResolver): 21 23 def __init__(self, resolver: AbstractResolver): ··· 25 27 result = await self.resolver.resolve(host, port, family) 26 28 for host in result: 27 29 if ipaddress.ip_address(host["host"]).is_private: 28 28 - raise SSRFException("Can't connect to private IP: " + host["host"]) 30 30 + raise SSRFException( 31 31 + "Can't connect to private IP: " + host["host"] 32 32 + ) 29 33 return result 30 30 - 34 34 + 31 35 async def close(self) -> None: 32 36 await self.resolver.close() 37 37 + 33 38 34 39 def get_ssrf_safe_client() -> ClientSession: 35 40 resolver = SSRFSafeResolverWrapper(DefaultResolver())