From f0d877c4a71a922355669cacc433bc2fa4a3a961 Mon Sep 17 00:00:00 2001
From: Embbnux Ji <embbnux.ji@ringcentral.com>
Date: Tue, 10 Dec 2024 11:09:31 +0800
Subject: [PATCH] misc: verify appServer

---
 src/app.js | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/app.js b/src/app.js
index 5b649fa13..143ff4949 100644
--- a/src/app.js
+++ b/src/app.js
@@ -22,10 +22,22 @@ const clientSecretFromParams = pathParams.clientSecret || pathParams.appSecret;
 const authProxy = pathParams.authProxy;
 const enableDiscovery = !!pathParams.discovery;
 const discoverAppServer = pathParams.discoverAppServer;
+
+function getAppServer() {
+  if (
+    pathParams.appServer &&
+    pathParams.appServer.indexOf('https://') === 0 &&
+    pathParams.appServer.indexOf('?') === -1 &&
+    pathParams.appServer.indexOf('javascript') === -1
+  ) {
+    return pathParams.appServer;
+  }
+  return defaultApiConfig.server;
+}
 const apiConfig = {
   clientId: clientIdFromParams || defaultApiConfig.appKey,
   clientSecret: (clientIdFromParams ? clientSecretFromParams : defaultApiConfig.appSecret),
-  server: pathParams.appServer || defaultApiConfig.server,
+  server: getAppServer(),
 };
 if (enableDiscovery) {
   apiConfig.enableDiscovery = enableDiscovery;