blsmedia/bot
2
0
Fork 0
Code Activity

fix(viewer): 🐛 Forwarded host check attempt

Browse Source
This commit is contained in:
Baptiste Arnaud
2022-05-23 14:51:11 -07:00
parent a2dd26b60f
commit c168b678dd
1 changed files with 20 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
apps/viewer/pages/[[...publicId]].tsx
View File

@ -1,3 +1,4 @@
import { IncomingMessage } from 'http'
import { NotFoundPage } from 'layouts/NotFoundPage' import { NotFoundPage } from 'layouts/NotFoundPage'
import { PublicTypebot } from 'models' import { PublicTypebot } from 'models'
import { GetServerSideProps, GetServerSidePropsContext } from 'next' import { GetServerSideProps, GetServerSidePropsContext } from 'next'
@ -11,15 +12,19 @@ export const getServerSideProps: GetServerSideProps = async (
let typebot: Omit<PublicTypebot, 'createdAt' | 'updatedAt'> | null let typebot: Omit<PublicTypebot, 'createdAt' | 'updatedAt'> | null
const isIE = /MSIE|Trident/.test(context.req.headers['user-agent'] ?? '') const isIE = /MSIE|Trident/.test(context.req.headers['user-agent'] ?? '')
const pathname = context.resolvedUrl.split('?')[0] const pathname = context.resolvedUrl.split('?')[0]
const { host, forwardedHost } = getHost(context.req)
try { try {
if (!context.req.headers.host) return { props: {} } if (!host) return { props: {} }
const viewerUrls = (process.env.NEXT_PUBLIC_VIEWER_URL ?? '').split(',') const viewerUrls = (process.env.NEXT_PUBLIC_VIEWER_URL ?? '').split(',')
const isMatchingViewerUrl = viewerUrls.some((url) => const isMatchingViewerUrl = viewerUrls.some(
(context.req.headers.host ?? '') (url) =>
.split(':')[0] host.split(':')[0].includes(url.split('//')[1].split(':')[0]) ||
.includes(url.split('//')[1].split(':')[0]) (forwardedHost &&
forwardedHost
.split(':')[0]
.includes(url.split('//')[1].split(':')[0]))
) )
const customDomain = `${context.req.headers.host}${ const customDomain = `${forwardedHost ?? host}${
pathname === '/' ? '' : pathname pathname === '/' ? '' : pathname
}` }`
typebot = isMatchingViewerUrl typebot = isMatchingViewerUrl
@ -35,7 +40,7 @@ export const getServerSideProps: GetServerSideProps = async (
props: { props: {
typebot, typebot,
isIE, isIE,
url: `https://${context.req.headers.host}${pathname}`, url: `https://${forwardedHost ?? host}${pathname}`,
}, },
} }
} catch (err) { } catch (err) {
@ -44,7 +49,7 @@ export const getServerSideProps: GetServerSideProps = async (
return { return {
props: { props: {
isIE, isIE,
url: `https://${context.req.headers.host}${pathname}`, url: `https://${forwardedHost ?? host}${pathname}`,
}, },
} }
} }
@ -66,6 +71,13 @@ const getTypebotFromCustomDomain = async (customDomain: string) => {
return omit(typebot as unknown as PublicTypebot, 'createdAt', 'updatedAt') return omit(typebot as unknown as PublicTypebot, 'createdAt', 'updatedAt')
} }
const getHost = (
req?: IncomingMessage
): { host?: string; forwardedHost?: string } => ({
host: req?.headers ? req.headers.host : window.location.host,
forwardedHost: req?.headers['x-forwarded-host'] as string | undefined,
})
const App = ({ typebot, ...props }: TypebotPageProps) => const App = ({ typebot, ...props }: TypebotPageProps) =>
isDefined(typebot) ? ( isDefined(typebot) ? (
<TypebotPage typebot={typebot} {...props} /> <TypebotPage typebot={typebot} {...props} />