Merge pull request #756 from SSWConsulting/viewsource-error-handling

Add error handling and response messages to viewsource function
SSWConsulting · Nov 8, 2023 · 1043f15 · 1043f15
2 parents 8463b51 + d4f4c41
commit 1043f15
Showing 1 changed file with 18 additions and 3 deletions.
diff --git a/api/functions/index.js b/api/functions/index.js
@@ -146,9 +146,24 @@ app.get('/allscans', async (req, res) => {
 });
 
 app.get('/viewsource', async (req, res) => {
-	const resp = await fetch(req.query.url);
-	const source = await resp.text();
-	res.send(source);
+	const target = new URL(req.query.url);
+	const functionHost = '-sswlinkauditor-c1131.cloudfunctions.net';
+
+	// Disallow fetching from same host to prevent request forgery
+	if (target.hostname.includes(functionHost) || target.hostname === 'localhost') {
+		res.send('Cannot fetch from internal host');
+		return;
+	}
+
+	const resp = await fetch(target.href).catch((err) => {
+		res.send(`Failed to load source: ${err.message}`);
+	});
+	if (resp.ok) {
+		const source = await resp.text();
+		res.send(source);
+	} else {
+		res.send(`Failed to load source: ${resp.status} - ${resp.statusText}`);
+	}
 });
 
 app.get('/run/:runId', async (req, res) => {