fix(websocket): improve host validation logic in WebsocketController

2025-12-09 01:49:37 -06:00 · 2025-12-05 11:02:06 -03:00 · 2025-12-05 11:02:06 -03:00 · de11e6f9ca
commit de11e6f9ca
parent 26e7eefe51
2 changed files with 6 additions and 10 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -8589,12 +8589,6 @@
        "undici": ">=6"
      }
    },
-    "node_modules/fflate": {
-      "version": "0.8.2",
-      "resolved": "https://registry.npmjs.org/fflate/-/fflate-0.8.2.tgz",
-      "integrity": "sha512-cPJU47OaAoCbg0pBvzsgpTPhmhqI5eJjh/JIu8tPj5q+T7iLvW/JAYUqmE7KOB4R1ZyEhzBaIQpQpardBF5z8A==",
-      "license": "MIT"
-    },
    "node_modules/figures": {
      "version": "3.2.0",
      "resolved": "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz",
--- a/src/api/integrations/event/websocket/websocket.controller.ts
+++ b/src/api/integrations/event/websocket/websocket.controller.ts
@ -34,10 +34,12 @@ export class WebsocketController extends EventController implements EventControl
          const websocketConfig = configService.get<Websocket>('WEBSOCKET');
          const allowedHosts = websocketConfig.ALLOWED_HOSTS || '127.0.0.1,::1,::ffff:127.0.0.1';
          const allowAllHosts = allowedHosts.trim() === '*';
-          const isAllowedHost = allowAllHosts || allowedHosts
-            .split(',')
-            .map((h) => h.trim())
-            .includes(remoteAddress);
+          const isAllowedHost =
+            allowAllHosts ||
+            allowedHosts
+              .split(',')
+              .map((h) => h.trim())
+              .includes(remoteAddress);

          if (params.has('EIO') && isAllowedHost) {
            return callback(null, true);