dingtalk-docs-cool-app
Version:
钉钉文档酷应用插件扩展 开发者初始化包
1 lines • 1.06 kB
JavaScript
;var _interopRequireDefault=require("@babel/runtime/helpers/interopRequireDefault");Object.defineProperty(exports,"__esModule",{value:!0}),exports.getSafeFetch=getSafeFetch;var _nodeFetch=_interopRequireDefault(require("node-fetch")),_url=require("url"),_kit=require("../module/fields/kit");function isPrivateIP(e){return["127.0.0.1","::1","localhost","0.0.0.0","192.168.","10.","172.16.","172.17.","172.18.","172.19.","172.20.","172.21.","172.22.","172.23.","172.24.","172.25.","172.26.","172.27.","172.28.","172.29.","172.30.","172.31."].some((t=>e.startsWith(t)))}function isDomainAllowed(e,t){if(isPrivateIP(t))return!1;const r=t.toLowerCase();return e.some((e=>"string"==typeof e?e.toLowerCase()===r:e instanceof RegExp&&e.test(r)))}function getSafeFetch(e,t,r){return(o,i,n)=>{const s=new _url.URL(o),{hostname:u}=s;let a=i.headers||{};n&&r&&(a={...a,...(0,_kit.getAuthenticationHeader)(t,n,r)});const l={...i,headers:a};if(!isDomainAllowed(e,u))throw new Error(`Blocked request to disallowed domain: ${u}`);return(0,_nodeFetch.default)(o,l)}}