Sultan
/
Flowise
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Chore/Add Deny List URLs (#4933) 

Refactor URL filtering logic in App class

- Introduced a denylist for URLs using the DENYLIST_URLS environment variable.
- Updated the whitelist logic to filter out denylisted URLs, ensuring improved request validation.
This commit is contained in:
Henry Heng 2025-07-23 14:33:06 +01:00 committed by GitHub
parent f2bd83252d
commit d081221a97
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
packages/server/src/index.ts
View File

@ -197,7 +197,8 @@ export class App {
if (next) next()
})
const whitelistURLs = WHITELIST_URLS
const denylistURLs = process.env.DENYLIST_URLS ? process.env.DENYLIST_URLS.split(',') : []
const whitelistURLs = WHITELIST_URLS.filter((url) => !denylistURLs.includes(url))
const URL_CASE_INSENSITIVE_REGEX: RegExp = /\/api\/v1\//i
const URL_CASE_SENSITIVE_REGEX: RegExp = /\/api\/v1\//
@ -209,7 +210,7 @@ export class App {
// Step 2: Check if the req path is casesensitive
if (URL_CASE_SENSITIVE_REGEX.test(req.path)) {
// Step 3: Check if the req path is in the whitelist
const isWhitelisted = whitelistURLs.some((url) => req.path.startsWith(url))
const isWhitelisted = whitelistURLs.includes(req.path)
if (isWhitelisted) {
next()
} else if (req.headers['x-request-from'] === 'internal') {