feat: ability to have a blacklist of target urls for proxy to make ca…

…lls to
hoppscotch · Jan 24, 2022 · de67380 · de67380
1 parent f319207
commit de67380
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 1 deletion.
diff --git a/libproxy/proxy.go b/libproxy/proxy.go
@@ -24,6 +24,7 @@ var (
 	sessionFingerprint string
 	allowedOrigins     []string
 	bannedOutputs      []string
+	bannedDests        []string
 )
 
 type Request struct {
@@ -49,6 +50,16 @@ type Response struct {
 	Headers    map[string]string `json:"headers"`
 }
 
+func isAllowedDest(dest string) bool {
+	for _, b := range bannedDests {
+		if b == dest {
+			return false
+		}
+	}
+
+	return true
+}
+
 func isAllowedOrigin(origin string) bool {
 	if allowedOrigins[0] == "*" {
 		return true
@@ -68,13 +79,19 @@ func Initialize(
 	proxyURL string,
 	initialAllowedOrigins string,
 	initialBannedOutputs string,
+	initialBannedDests string,
 	onStatusChange statusChangeFunction,
 	withSSL bool,
 	finished chan bool,
 ) {
 	if initialBannedOutputs != "" {
 		bannedOutputs = strings.Split(initialBannedOutputs, ",")
 	}
+	if initialBannedDests != "" {
+		bannedDests = strings.Split(initialBannedDests, ",")
+	} else {
+		bannedDests = []string{}
+	}
 	allowedOrigins = strings.Split(initialAllowedOrigins, ",")
 	accessToken = initialAccessToken
 	sessionFingerprint = uuid.New().String()
@@ -209,6 +226,13 @@ func proxyHandler(response http.ResponseWriter, request *http.Request) {
 	proxyRequest.Method = requestData.Method
 	proxyRequest.URL, _ = url.Parse(requestData.Url)
 
+	// Block requests to illegal destinations
+	if !isAllowedDest(proxyRequest.URL.Hostname()) {
+		log.Print("A request to a banned destination was made.")
+		_, _ = fmt.Fprintln(response, "{\"success\": false, \"data\":{\"message\":\"(Proxy Error) Request cannot be to this destination.\"}}")
+		return
+	}
+
 	var params = proxyRequest.URL.Query()
 
 	for k, v := range requestData.Params {

diff --git a/server/server.go b/server/server.go
@@ -12,10 +12,12 @@ func main() {
 	tokenPtr := flag.String("token", "", "the Proxy Access Token used to restrict access to the server.")
 	allowedOriginsPtr := flag.String("allowed-origins", "*", "a comma separated list of allowed origins.")
 	bannedOutputsPtr := flag.String("banned-outputs", "", "a comma separated list of banned outputs.")
+	bannedDestsPtr := flag.String("banned-dests", "", "a comma separated list of banned proxy destinations.")
+
 	flag.Parse()
 
 	finished := make(chan bool)
-	libproxy.Initialize(*tokenPtr, *hostPtr, *allowedOriginsPtr, *bannedOutputsPtr, onProxyStateChangeServer, false, finished)
+	libproxy.Initialize(*tokenPtr, *hostPtr, *allowedOriginsPtr, *bannedOutputsPtr, *bannedDestsPtr, onProxyStateChangeServer, false, finished)
 
 	<-finished
 }