Karl/homepage
1
0
Fork 0
mirror of https://github.com/karl0ss/homepage.git synced 2025-11-04 00:10:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix: some error URLs aren't sanitized (#3385)

Browse Source
This commit is contained in:
shamoon 2024-04-29 17:18:55 -07:00 committed by GitHub
parent daa51f9740
commit ea63716b61
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/utils/proxy/api-helpers.js
View File

@ -57,7 +57,7 @@ export function jsonArrayFilter(data, filter) {
export function sanitizeErrorURL(errorURL) {
// Dont display sensitive params on frontend
const url = new URL(errorURL);
["apikey", "api_key", "token", "t", "access_token"].forEach((key) => {
["apikey", "api_key", "token", "t", "access_token", "auth"].forEach((key) => {
if (url.searchParams.has(key)) url.searchParams.set(key, "***");
});
return url.toString();

8
src/utils/proxy/http.js
View File

@ -5,6 +5,7 @@ import { createUnzip, constants as zlibConstants } from "node:zlib";
import { http, https } from "follow-redirects";
import { addCookieToJar, setCookieHeader } from "./cookie-jar";
import { sanitizeErrorURL } from "./api-helpers";
import createLogger from "utils/logger";
@ -113,6 +114,11 @@ export async function httpProxy(url, params = {}) {
constructedUrl.pathname,
);
if (err) logger.error(err);
return [500, "application/json", { error: { message: err?.message ?? "Unknown error", url, rawError: err } }, null];
return [
500,
"application/json",
{ error: { message: err?.message ?? "Unknown error", url: sanitizeErrorURL(url), rawError: err } },
null,
];
}
}