Sultan
/
Flowise
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: add http deny list in HTTP node

This commit is contained in:
chungyau97 2025-07-21 19:52:51 +08:00
parent 5fbb9985f8
commit 97db0f7b15
1 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
packages/components/nodes/agentflow/HTTP/HTTP.ts
View File

@ -3,6 +3,8 @@ import axios, { AxiosRequestConfig, Method, ResponseType } from 'axios'
import FormData from 'form-data' import FormData from 'form-data'
import * as querystring from 'querystring' import * as querystring from 'querystring'
import { getCredentialData, getCredentialParam } from '../../../src/utils' import { getCredentialData, getCredentialParam } from '../../../src/utils'
import * as ipaddr from 'ipaddr.js'
import dns from 'dns/promises'
class HTTP_Agentflow implements INode { class HTTP_Agentflow implements INode {
label: string label: string
@ -230,6 +232,39 @@ class HTTP_Agentflow implements INode {
] ]
} }
private isDeniedIP(ip: string, denyList: string[]): void {
for (const entry of denyList) {
if (entry.includes('/')) {
try {
if (ipaddr.parse(ip).match(ipaddr.parseCIDR(entry))) throw new Error(`IP given is in deny list: ${ip}`)
} catch (error) {
throw new Error(`isDeniedIP: ${error}`)
}
} else if (ip === entry) throw new Error(`IP given is in deny list: ${ip}`)
}
}
private async checkDenyList(url: string) {
const httpDenyListString: string | undefined = process.env.HTTP_DENY_LIST
if (!httpDenyListString) return url
const httpDenyList = httpDenyListString.split(',').map((ip) => ip.trim())
const urlObj = new URL(url)
const hostname = urlObj.hostname
if (httpDenyList.includes(hostname)) throw new Error(`Hostname given is in deny list: ${hostname}`)
if (ipaddr.isValid(hostname)) {
this.isDeniedIP(hostname, httpDenyList)
} else {
const addresses = await dns.lookup(hostname, { all: true })
for (const address of addresses) {
this.isDeniedIP(address.address, httpDenyList)
}
}
}
async run(nodeData: INodeData, _: string, options: ICommonObject): Promise<any> { async run(nodeData: INodeData, _: string, options: ICommonObject): Promise<any> {
const method = nodeData.inputs?.method as 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' const method = nodeData.inputs?.method as 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH'
const url = nodeData.inputs?.url as string const url = nodeData.inputs?.url as string
@ -292,6 +327,8 @@ class HTTP_Agentflow implements INode {
// Build final URL with query parameters // Build final URL with query parameters
const finalUrl = queryString ? `${url}${url.includes('?') ? '&' : '?'}${queryString}` : url const finalUrl = queryString ? `${url}${url.includes('?') ? '&' : '?'}${queryString}` : url
await this.checkDenyList(finalUrl)
// Prepare request config // Prepare request config
const requestConfig: AxiosRequestConfig = { const requestConfig: AxiosRequestConfig = {
method: method as Method, method: method as Method,