NeoAnd/evolution-api
1
0
Fork 0
mirror of https://github.com/EvolutionAPI/evolution-api.git synced 2025-12-09 01:49:37 -06:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Customizable Websockets Security

Browse Source 
Enables the option to specify safe remote addresses using WEBSOCKET_ALLOWED_HOSTS enviroment variables. Defaults to the secure only localhost.
This commit is contained in:
moothz 2025-09-09 14:56:11 -03:00
parent c2085b59ea
commit 0aa6c96765
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.env.example
View File

@ -99,6 +99,7 @@ SQS_REGION=
# Websocket - Environment variables
WEBSOCKET_ENABLED=false
WEBSOCKET_GLOBAL_EVENTS=false
WEBSOCKET_ALLOWED_HOSTS=127.0.0.1,::1,::ffff:127.0.0.1
# Pusher - Environment variables
PUSHER_ENABLED=false

9
src/api/integrations/event/websocket/websocket.controller.ts
View File

@ -31,11 +31,12 @@ export class WebsocketController extends EventController implements EventControl
const params = new URLSearchParams(url.search);
const { remoteAddress } = req.socket;
const isLocalhost =
remoteAddress === '127.0.0.1' || remoteAddress === '::1' || remoteAddress === '::ffff:127.0.0.1';
const isAllowedHost = (process.env.WEBSOCKET_ALLOWED_HOSTS || '127.0.0.1,::1,::ffff:127.0.0.1')
.split(',')
.map(h => h.trim())
.includes(remoteAddress);
// Permite conexões internas do Socket.IO (EIO=4 é o Engine.IO v4)
if (params.has('EIO') && isLocalhost) {
if (params.has('EIO') && isAllowedHost) {
return callback(null, true);
}