fix: Adjust filtering logic for secure contexts; improve tests (#579)

acul71 · SgtPooki · web-flow · commit ac4bdb8a73ca · 2024-08-12T11:02:02.000-07:00
* Fix issue #564: Modify filtering logic and update related tests * chore: fix linting issues * Update packages/block-brokers/src/trustless-gateway/utils.ts Co-authored-by: Russell Dempsey <1173416+SgtPooki@users.noreply.github.com> * refactor: simplify conditional logic in filterNonHTTPMultiaddrs --------- Co-authored-by: Russell Dempsey <1173416+SgtPooki@users.noreply.github.com>
diff --git a/packages/block-brokers/src/trustless-gateway/utils.ts b/packages/block-brokers/src/trustless-gateway/utils.ts
@@ -21,6 +21,14 @@ export function filterNonHTTPMultiaddrs (multiaddrs: Multiaddr[], allowInsecure:
       return isPrivateIp(ma.toOptions().host) === false
     }
 
+    // When allowInsecure is false and allowLocal is true, allow multiaddrs with "127.0.0.1", "localhost", or any subdomain ending with ".localhost"
+    if (!allowInsecure && allowLocal) {
+      const { host } = ma.toOptions()
+      if (host === '127.0.0.1' || host === 'localhost' || host.endsWith('.localhost')) {
+        return true
+      }
+    }
+
     return false
   })
 }
diff --git a/packages/block-brokers/test/trustless-gateway-utils.spec.ts b/packages/block-brokers/test/trustless-gateway-utils.spec.ts
@@ -27,4 +27,28 @@ describe('trustless-gateway-block-broker-utils', () => {
 
     expect(filtered.length).to.deep.equal(0)
   })
+
+  it('filterNonHTTPMultiaddrs allows 127.0.0.1 when allowInsecure=false', async function () {
+    const localMaddr = uriToMultiaddr('http://127.0.0.1')
+
+    const filtered = filterNonHTTPMultiaddrs([localMaddr], false, true)
+
+    expect(filtered.length).to.deep.equal(1)
+  })
+
+  it('filterNonHTTPMultiaddrs allows localhost when allowInsecure=false', async function () {
+    const localMaddr = uriToMultiaddr('http://localhost')
+
+    const filtered = filterNonHTTPMultiaddrs([localMaddr], false, true)
+
+    expect(filtered.length).to.deep.equal(1)
+  })
+
+  it('filterNonHTTPMultiaddrs allows *.localhost when allowInsecure=false', async function () {
+    const localMaddr = uriToMultiaddr('http://example.localhost')
+
+    const filtered = filterNonHTTPMultiaddrs([localMaddr], false, true)
+
+    expect(filtered.length).to.deep.equal(1)
+  })
 })

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,14 @@ export function filterNonHTTPMultiaddrs (multiaddrs: Multiaddr[], allowInsecure:`
`21`	`21`	`return isPrivateIp(ma.toOptions().host) === false`
`22`	`22`	`}`
`23`	`23`
	`24`	`+ // When allowInsecure is false and allowLocal is true, allow multiaddrs with "127.0.0.1", "localhost", or any subdomain ending with ".localhost"`
	`25`	`+ if (!allowInsecure && allowLocal) {`
	`26`	`+ const { host } = ma.toOptions()`
	`27`	`+ if (host === '127.0.0.1' \|\| host === 'localhost' \|\| host.endsWith('.localhost')) {`
	`28`	`+ return true`
	`29`	`+ }`
	`30`	`+ }`
	`31`	`+`
`24`	`32`	`return false`
`25`	`33`	`})`
`26`	`34`	`}`