NeoAnd/evolution-api
1
0
Fork 0
mirror of https://github.com/EvolutionAPI/evolution-api.git synced 2025-12-12 11:29:38 -06:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

fix(websocket): improve host validation logic in WebsocketController

Browse Source
This commit is contained in:
Davidson Gomes 2025-12-05 11:02:06 -03:00
parent 26e7eefe51
commit de11e6f9ca
2 changed files with 6 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
package-lock.json generated
View File

@ -8589,12 +8589,6 @@
"undici": ">=6" "undici": ">=6"
} }
}, },
"node_modules/fflate": {
"version": "0.8.2",
"resolved": "https://registry.npmjs.org/fflate/-/fflate-0.8.2.tgz",
"integrity": "sha512-cPJU47OaAoCbg0pBvzsgpTPhmhqI5eJjh/JIu8tPj5q+T7iLvW/JAYUqmE7KOB4R1ZyEhzBaIQpQpardBF5z8A==",
"license": "MIT"
},
"node_modules/figures": { "node_modules/figures": {
"version": "3.2.0", "version": "3.2.0",
"resolved": "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz", "resolved": "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz",

10
src/api/integrations/event/websocket/websocket.controller.ts
View File

@ -34,10 +34,12 @@ export class WebsocketController extends EventController implements EventControl
const websocketConfig = configService.get<Websocket>('WEBSOCKET'); const websocketConfig = configService.get<Websocket>('WEBSOCKET');
const allowedHosts = websocketConfig.ALLOWED_HOSTS || '127.0.0.1,::1,::ffff:127.0.0.1'; const allowedHosts = websocketConfig.ALLOWED_HOSTS || '127.0.0.1,::1,::ffff:127.0.0.1';
const allowAllHosts = allowedHosts.trim() === '*'; const allowAllHosts = allowedHosts.trim() === '*';
const isAllowedHost = allowAllHosts || allowedHosts const isAllowedHost =
.split(',') allowAllHosts ||
.map((h) => h.trim()) allowedHosts
.includes(remoteAddress); .split(',')
.map((h) => h.trim())
.includes(remoteAddress);
if (params.has('EIO') && isAllowedHost) { if (params.has('EIO') && isAllowedHost) {
return callback(null, true); return callback(null, true);