blob: 89a2a6cfe4db1d901e55d0f02d59a0d6d744109b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
export enum ContentType {
JSON = 'json',
FORM = 'form',
MULTIPART = 'multipart',
TEXT = 'text',
RAW = 'raw',
}
export interface NtfyConfig {
enabled: boolean;
server?: string;
topic?: string;
}
export interface EmailConfig {
enabled: boolean;
to?: string;
from?: string;
host?: string;
port?: number;
secure?: boolean;
username?: string;
password?: string;
subject?: string;
includeBody?: boolean;
includeHeaders?: boolean;
}
export interface RouteConfig {
name: string;
contentType: ContentType;
hcaptchaProtected: boolean;
hcaptchaSecret?: string;
ntfy?: NtfyConfig;
email?: EmailConfig;
requireToken?: boolean;
}
export interface StoredRequest {
timestamp: number;
uuid: string;
routeName: string;
method: string;
headers: Record<string, string>;
body: unknown;
files?: Array<{
fieldName: string;
originalFilename: string;
filename: string;
contentType: string;
size: number;
path: string;
}>;
}
const ROUTE_NAME_PATTERN = /^[a-z0-9][a-z0-9_-]{0,63}$/i;
export function isSafeRouteName(name: unknown): name is string {
if (typeof name !== 'string') return false;
if (name !== name.trim()) return false;
if (name === '.' || name === '..') return false;
if (name.includes('/') || name.includes('\\')) return false;
return ROUTE_NAME_PATTERN.test(name);
}
export function isRouteConfig(obj: unknown): obj is RouteConfig {
if (typeof obj !== 'object' || obj === null) return false;
const r = obj as Record<string, unknown>;
const validBasic =
isSafeRouteName(r.name) &&
typeof r.contentType === 'string' &&
Object.values(ContentType).includes(r.contentType as ContentType) &&
typeof r.hcaptchaProtected === 'boolean' &&
(r.hcaptchaProtected === false || typeof r.hcaptchaSecret === 'string');
if (!validBasic) return false;
// Validate ntfy config if present
if (r.ntfy !== undefined) {
if (typeof r.ntfy !== 'object' || r.ntfy === null) return false;
const ntfy = r.ntfy as Record<string, unknown>;
if (typeof ntfy.enabled !== 'boolean') return false;
if (ntfy.enabled && (typeof ntfy.server !== 'string' || typeof ntfy.topic !== 'string')) {
return false;
}
}
// Validate email config if present
if (r.email !== undefined) {
if (typeof r.email !== 'object' || r.email === null) return false;
const email = r.email as Record<string, unknown>;
if (typeof email.enabled !== 'boolean') return false;
if (email.enabled && (typeof email.to !== 'string' || typeof email.from !== 'string')) {
return false;
}
if (email.host !== undefined && typeof email.host !== 'string') return false;
if (email.port !== undefined && typeof email.port !== 'number') return false;
if (email.secure !== undefined && typeof email.secure !== 'boolean') return false;
if (email.username !== undefined && typeof email.username !== 'string') return false;
if (email.password !== undefined && typeof email.password !== 'string') return false;
if (email.subject !== undefined && typeof email.subject !== 'string') return false;
if (email.includeBody !== undefined && typeof email.includeBody !== 'boolean') return false;
if (email.includeHeaders !== undefined && typeof email.includeHeaders !== 'boolean') return false;
}
// Validate requireToken if present
if (r.requireToken !== undefined && typeof r.requireToken !== 'boolean') {
return false;
}
return true;
}
|
