TyleoDvDelaware3217/GoDoxy
1
0
Fork 0
mirror of https://github.com/yusing/godoxy.git synced 2025-06-05 19:22:34 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix(websocket): fix local address checks

Browse source
This commit is contained in:
yusing 2025-05-31 13:55:29 +08:00
parent 57200bc1e9
commit 54bf84dcba
1 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
internal/net/gphttp/gpwebsocket/utils.go
View file

@ -3,7 +3,6 @@ package gpwebsocket
import ( import (
"net" "net"
"net/http" "net/http"
"slices"
"strings" "strings"
"sync" "sync"
"time" "time"
@ -30,8 +29,6 @@ func SetWebsocketAllowedDomains(h http.Header, domains []string) {
h[HeaderXGoDoxyWebsocketAllowedDomains] = domains h[HeaderXGoDoxyWebsocketAllowedDomains] = domains
} }
var localAddresses = []string{"127.0.0.1", "10.0.*.*", "172.16.*.*", "192.168.*.*"}
const writeTimeout = time.Second * 10 const writeTimeout = time.Second * 10
func Initiate(w http.ResponseWriter, r *http.Request) (*websocket.Conn, error) { func Initiate(w http.ResponseWriter, r *http.Request) (*websocket.Conn, error) {
@ -49,9 +46,13 @@ func Initiate(w http.ResponseWriter, r *http.Request) (*websocket.Conn, error) {
if err != nil { if err != nil {
host = r.Host host = r.Host
} }
if slices.Contains(localAddresses, host) { if host == "localhost" {
return true return true
} }
ip := net.ParseIP(host)
if ip != nil {
return ip.IsLoopback() || ip.IsPrivate()
}
for _, domain := range allowedDomains { for _, domain := range allowedDomains {
if domain[0] == '.' { if domain[0] == '.' {
if host == domain[1:] || strings.HasSuffix(host, domain) { if host == domain[1:] || strings.HasSuffix(host, domain) {