use ip check wrapper on img proxy

base-org · Oct 9, 2024 · 514acd1 · 514acd1
1 parent 0b42cce
commit 514acd1
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 43 deletions.
diff --git a/apps/web/app/frames/img-proxy/route.ts b/apps/web/app/frames/img-proxy/route.ts
@@ -1,6 +1,7 @@
+import { withIPCheck } from 'apps/web/app/frames/proxy-ip-check';
 import { NextRequest, NextResponse } from 'next/server';
 
-export async function GET(request: NextRequest) {
+export async function getHandler(request: NextRequest) {
   const { searchParams } = new URL(request.url);
   const url = searchParams.get('url');
 
@@ -31,3 +32,5 @@ export async function GET(request: NextRequest) {
     return NextResponse.json({ error: 'Failed to fetch image' }, { status: 500 });
   }
 }
+
+export const GET = withIPCheck(getHandler);
diff --git a/apps/web/app/frames/proxy-ip-check.ts b/apps/web/app/frames/proxy-ip-check.ts
@@ -0,0 +1,42 @@
+import { ipSafe } from 'apps/web/src/middleware/ipSafe';
+import dns from 'dns/promises';
+import ipaddr from 'ipaddr.js';
+import { NextRequest, NextResponse } from 'next/server';
+import { URL } from 'url';
+
+export function withIPCheck(handler: (req: NextRequest) => Promise<Response>) {
+  return async function (req: NextRequest) {
+    const searchParams = req.nextUrl.searchParams;
+    const url = searchParams.get('url');
+
+    if (url) {
+      try {
+        const parsedUrl = new URL(url);
+        const hostname = parsedUrl.hostname;
+        const resolvedAddresses = await dns.resolve(hostname);
+
+        let allSafe = true;
+
+        for (const address of resolvedAddresses) {
+          if (ipaddr.isValid(address)) {
+            if (!ipSafe(address)) {
+              allSafe = false;
+            }
+          } else {
+            return NextResponse.json({ message: 'Invalid IP address resolution' }, { status: 400 });
+          }
+        }
+
+        if (!allSafe) {
+          return NextResponse.json({ message: 'Forbidden' }, { status: 403 });
+        }
+
+        return await handler(req);
+      } catch (error) {
+        return NextResponse.json({ message: 'Invalid URL format' }, { status: 400 });
+      }
+    }
+
+    return handler(req);
+  };
+}
diff --git a/apps/web/app/frames/route.ts b/apps/web/app/frames/route.ts
@@ -1,46 +1,5 @@
 import { GET as getHandler, POST as postHandler } from '@frames.js/render/next';
-import { ipSafe } from 'apps/web/src/middleware/ipSafe';
-import { NextRequest, NextResponse } from 'next/server';
-import ipaddr from 'ipaddr.js';
-import { URL } from 'url';
-import dns from 'dns/promises';
-
-function withIPCheck(handler: (req: NextRequest) => Promise<Response>) {
-  return async function (req: NextRequest) {
-    const searchParams = req.nextUrl.searchParams;
-    const url = searchParams.get('url');
-
-    if (url) {
-      try {
-        const parsedUrl = new URL(url);
-        const hostname = parsedUrl.hostname;
-        const resolvedAddresses = await dns.resolve(hostname);
-
-        let allSafe = true;
-
-        for (const address of resolvedAddresses) {
-          if (ipaddr.isValid(address)) {
-            if (!ipSafe(address)) {
-              allSafe = false;
-            }
-          } else {
-            return NextResponse.json({ message: 'Invalid IP address resolution' }, { status: 400 });
-          }
-        }
-
-        if (!allSafe) {
-          return NextResponse.json({ message: 'Forbidden' }, { status: 403 });
-        }
-
-        return await handler(req);
-      } catch (error) {
-        return NextResponse.json({ message: 'Invalid URL format' }, { status: 400 });
-      }
-    }
-
-    return handler(req);
-  };
-}
+import { withIPCheck } from 'apps/web/app/frames/proxy-ip-check';
 
 export const GET = withIPCheck(getHandler);
 export const POST = withIPCheck(postHandler);