UNPKG

@lobehub/chat

Version:

Lobe Chat - an open-source, high-performance chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application.

github.com/lobehub/lobe-chat

lobehub/lobe-chat

38 lines (34 loc) 1.38 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
import fetch from 'node-fetch'; import { RequestFilteringAgentOptions, useAgent as ssrfAgent } from 'request-filtering-agent'; /** * SSRF-safe fetch implementation for server-side use * Uses request-filtering-agent to prevent requests to private IP addresses */ // eslint-disable-next-line no-undef export const ssrfSafeFetch = async (url: string, options?: RequestInit): Promise<Response> => { try { // Configure SSRF protection options const agentOptions: RequestFilteringAgentOptions = { allowIPAddressList: process.env.SSRF_ALLOW_IP_ADDRESS_LIST?.split(',') || [], allowMetaIPAddress: process.env.SSRF_ALLOW_PRIVATE_IP_ADDRESS === '1', allowPrivateIPAddress: process.env.SSRF_ALLOW_PRIVATE_IP_ADDRESS === '1', denyIPAddressList: [], }; // Use node-fetch with SSRF protection agent const response = await fetch(url, { ...options, agent: ssrfAgent(url, agentOptions), } as any); // Convert node-fetch Response to standard Response return new Response(await response.arrayBuffer(), { headers: response.headers as any, status: response.status, statusText: response.statusText, }); } catch (error) { console.error('SSRF-safe fetch error:', error); throw new Error( `SSRF-safe fetch failed: ${error instanceof Error ? error.message : String(error)}`, ); } };