did some anti ssrf stuff
This commit is contained in:
parent
c7f5d7f0c2
commit
2ae1b60cae
|
@ -4,7 +4,7 @@ module Helpers where
|
||||||
|
|
||||||
import YTDL
|
import YTDL
|
||||||
import qualified Data.Text.Lazy as TL
|
import qualified Data.Text.Lazy as TL
|
||||||
import Network.URI (parseURI)
|
import Network.URI
|
||||||
|
|
||||||
getRes :: TL.Text -> Maybe Resolution
|
getRes :: TL.Text -> Maybe Resolution
|
||||||
getRes ("144p") = Just P144
|
getRes ("144p") = Just P144
|
||||||
|
@ -22,7 +22,13 @@ isRes res = case getRes res of
|
||||||
(Just _) -> True
|
(Just _) -> True
|
||||||
_ -> False
|
_ -> False
|
||||||
|
|
||||||
|
-- ssrf paranoia
|
||||||
|
isOkPath :: String -> Bool
|
||||||
|
isOkPath p = not $ isIPv4address p || isIPv6address p || p == "localhost"
|
||||||
|
|
||||||
isURL :: TL.Text -> Bool
|
isURL :: TL.Text -> Bool
|
||||||
isURL uri = case parseURI (TL.unpack uri) of
|
isURL uri = case parseURI (TL.unpack uri) of
|
||||||
(Just _) -> True
|
(Just u) -> case uriAuthority u of
|
||||||
|
(Just (URIAuth _ p _)) -> isOkPath p
|
||||||
|
_ -> False
|
||||||
_ -> False
|
_ -> False
|
||||||
|
|
|
@ -27,7 +27,6 @@ downloadAction = do
|
||||||
setHeader "content-type" "video/mp4"
|
setHeader "content-type" "video/mp4"
|
||||||
file filePath
|
file filePath
|
||||||
(Left err) -> html $ errorPage (TL.pack err)
|
(Left err) -> html $ errorPage (TL.pack err)
|
||||||
-- liftIO $ ytdlClean ident
|
|
||||||
else
|
else
|
||||||
html $ errorPage "Invalid input!"
|
html $ errorPage "Invalid input!"
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user