Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: Redirect checking being applied to all URIs
Browse files Browse the repository at this point in the history
should fix #67
brian6932 committed Oct 16, 2024
1 parent e780c20 commit e4c2c92
Showing 1 changed file with 59 additions and 60 deletions.
119 changes: 59 additions & 60 deletions pages/api/create.js
Original file line number Diff line number Diff line change
@@ -91,7 +91,8 @@ export default async function handler(req, res) {
}

const collectionName =
process.env.NODE_ENV === "production" ? "links" : "testLinks";
process.env.NODE_ENV === "production" ? "links" : "testLinks",
URI = regex.exec(link);

// check if link is valid
if (link.length < 1) {
@@ -100,7 +101,7 @@ export default async function handler(req, res) {
.json({ slug, message: "You entered an invalid link" });
}

if (!regex.test(link)) {
if (URI === null) {
return res.status(StatusCodes.BAD_REQUEST).json({
slug,
message:
@@ -126,71 +127,69 @@ export default async function handler(req, res) {
return res.status(401).json({ message: "Malicious link entered!" });
}

// Redirection check
try {
// Step 1: Check for HTTP redirects using fetch
const { response, redirectCount } = await fetchWithRedirects(
link,
MAX_REDIRECTS,
);

if (redirectCount >= MAX_REDIRECTS) {
return res.status(400).json({
message: `Suspcious URL detected. If this is a valid URL, please report this issue.`,
if (URI[1].startsWith("http")) {
// Redirection check
try {
// Step 1: Check for HTTP redirects using fetch
const { response, redirectCount } = await fetchWithRedirects(
link,
MAX_REDIRECTS,
);

if (redirectCount >= MAX_REDIRECTS) {
return res.status(400).json({
message: `Suspcious URL detected. If this is a valid URL, please report this issue.`,
});
}
} catch (error) {
console.error("Error checking link:", error);
return res.status(500).json({
message: "Error checking the link.",
});
}
} catch (error) {
console.error("Error checking link:", error);
return res.status(500).json({
message: "Error checking the link.",
});
}

if (
process.env.SKIP_SAFE_BROWSING === "true" ||
link.startsWith("magnet:") ||
link.startsWith("ftp:")
) {
console.log("Skipping safe browsing check");
} else {
try {
const response = await fetch(
"https://safebrowsing.googleapis.com/v4/threatMatches:find?key=" +
apiKey,
{
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
client: {
clientId: "maglit-website",
clientVersion: "1.0.0",
},
threatInfo: {
threatTypes: [
"MALWARE",
"SOCIAL_ENGINEERING",
"UNWANTED_SOFTWARE",
"POTENTIALLY_HARMFUL_APPLICATION",
],
platformTypes: ["ANY_PLATFORM"],
threatEntryTypes: ["URL"],
threatEntries: [{ url: `${link}` }],
if (process.env.SKIP_SAFE_BROWSING === "true") {
console.log("Skipping safe browsing check");
} else {
try {
const response = await fetch(
"https://safebrowsing.googleapis.com/v4/threatMatches:find?key=" +
apiKey,
{
method: "POST",
headers: {
"Content-Type": "application/json",
},
}),
},
);
body: JSON.stringify({
client: {
clientId: "maglit-website",
clientVersion: "1.0.0",
},
threatInfo: {
threatTypes: [
"MALWARE",
"SOCIAL_ENGINEERING",
"UNWANTED_SOFTWARE",
"POTENTIALLY_HARMFUL_APPLICATION",
],
platformTypes: ["ANY_PLATFORM"],
threatEntryTypes: ["URL"],
threatEntries: [{ url: `${link}` }],
},
}),
},
);

const data = await response.json();
console.log("🚀 => data:", data);
const data = await response.json();
console.log("🚀 => data:", data);

if (data && data?.matches?.length > 0) {
// Handle error cases where the URL might not be checked by Safe Browsing
res.status(401).json({ message: "Malicious link entered!" });
if (data && data?.matches?.length > 0) {
// Handle error cases where the URL might not be checked by Safe Browsing
res.status(401).json({ message: "Malicious link entered!" });
}
} catch (error) {
res.status(500).json({ error: "Failed to check the URL." });
}
} catch (error) {
res.status(500).json({ error: "Failed to check the URL." });
}
}

0 comments on commit e4c2c92

Please sign in to comment.