NeoAnd/evolution-api
1
0
Fork 0
mirror of https://github.com/EvolutionAPI/evolution-api.git synced 2025-08-29 02:36:11 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

Securing websockets

Browse Source
This commit is contained in:
Felipe Augusto Rieck 2025-08-04 16:34:20 -03:00
parent 9cdb897a0f
commit 4f043f9576
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/api/integrations/event/websocket/websocket.controller.ts
View File

@ -28,10 +28,11 @@ export class WebsocketController extends EventController implements EventControl
allowRequest: async (req, callback) => { allowRequest: async (req, callback) => {
try { try {
const url = new URL(req.url || '', 'http://localhost'); const url = new URL(req.url || '', 'http://localhost');
const isInternalConnection = req.socket.remoteAddress === '127.0.0.1' || req.socket.remoteAddress === '::1';
const params = new URLSearchParams(url.search); const params = new URLSearchParams(url.search);
// Permite conexões internas do Socket.IO (EIO=4 é o Engine.IO v4) // Permite conexões internas do Socket.IO (EIO=4 é o Engine.IO v4)
if (params.has('EIO')) { if (params.has('EIO') && isInternalConnection) {
return callback(null, true); return callback(null, true);
} }