NeoAnd/evolution-api
1
0
Fork 0
mirror of https://github.com/EvolutionAPI/evolution-api.git synced 2025-12-09 01:49:37 -06:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #1929 from moothz/main

Browse Source 
Customizable Websockets Security
This commit is contained in:
Davidson Gomes 2025-09-09 16:06:31 -03:00 committed by GitHub
commit edbf36019e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.env.example
View File

@ -99,6 +99,7 @@ SQS_REGION=
# Websocket - Environment variables # Websocket - Environment variables
WEBSOCKET_ENABLED=false WEBSOCKET_ENABLED=false
WEBSOCKET_GLOBAL_EVENTS=false WEBSOCKET_GLOBAL_EVENTS=false
WEBSOCKET_ALLOWED_HOSTS=127.0.0.1,::1,::ffff:127.0.0.1
# Pusher - Environment variables # Pusher - Environment variables
PUSHER_ENABLED=false PUSHER_ENABLED=false

9
src/api/integrations/event/websocket/websocket.controller.ts
View File

@ -31,11 +31,12 @@ export class WebsocketController extends EventController implements EventControl
const params = new URLSearchParams(url.search); const params = new URLSearchParams(url.search);
const { remoteAddress } = req.socket; const { remoteAddress } = req.socket;
const isLocalhost = const isAllowedHost = (process.env.WEBSOCKET_ALLOWED_HOSTS || '127.0.0.1,::1,::ffff:127.0.0.1')
remoteAddress === '127.0.0.1' || remoteAddress === '::1' || remoteAddress === '::ffff:127.0.0.1'; .split(',')
.map((h) => h.trim())
.includes(remoteAddress);
// Permite conexões internas do Socket.IO (EIO=4 é o Engine.IO v4) if (params.has('EIO') && isAllowedHost) {
if (params.has('EIO') && isLocalhost) {
return callback(null, true); return callback(null, true);
} }