From c6fdffba774086a4a10d9483c4e79abf81b17ed9 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Tue, 5 Jul 2022 11:06:47 +0200
Subject: [PATCH] chore: Internal request filtering

---
 .eslintrc                                 |  2 --
 app/.eslintrc                             |  6 +++++-
 package.json                              |  3 +++
 server/queues/tasks/DeliverWebhookTask.ts |  3 +++
 server/typings/fetch-with-proxy.d.ts      |  4 +++-
 server/utils/passport.ts                  |  1 -
 server/utils/s3.ts                        |  6 ++++--
 yarn.lock                                 | 20 ++++++++++++++++++++
 8 files changed, 38 insertions(+), 7 deletions(-)

diff --git a/.eslintrc b/.eslintrc
index 46b29e133..8ab3ee175 100644
--- a/.eslintrc
+++ b/.eslintrc
@@ -12,7 +12,6 @@
     "plugin:@typescript-eslint/recommended",
     "plugin:import/recommended",
     "plugin:import/typescript",
-    "plugin:react-hooks/recommended",
     "plugin:prettier/recommended"
   ],
   "plugins": [
@@ -21,7 +20,6 @@
     "eslint-plugin-import",
     "eslint-plugin-node",
     "eslint-plugin-react",
-    "eslint-plugin-react-hooks",
     "import"
   ],
   "rules": {
diff --git a/app/.eslintrc b/app/.eslintrc
index f273da1c9..639b5e8e2 100644
--- a/app/.eslintrc
+++ b/app/.eslintrc
@@ -1,6 +1,10 @@
 {
   "extends": [
-    "../.eslintrc"
+    "../.eslintrc",
+    "plugin:react-hooks/recommended",
+  ],
+  "plugins": [
+    "eslint-plugin-react-hooks",
   ],
   "env": {
     "jest": true,
diff --git a/package.json b/package.json
index 3fb97c083..3981a59eb 100644
--- a/package.json
+++ b/package.json
@@ -133,6 +133,7 @@
     "mobx-react": "^6.3.1",
     "natural-sort": "^1.0.0",
     "nodemailer": "^6.6.1",
+    "node-fetch": "2.6.7",
     "outline-icons": "^1.43.1",
     "oy-vey": "^0.10.0",
     "passport": "^0.4.1",
@@ -182,6 +183,7 @@
     "reflect-metadata": "^0.1.13",
     "refractor": "^3.5.0",
     "regenerator-runtime": "^0.13.7",
+    "request-filtering-agent": "^1.1.2",
     "semver": "^7.3.2",
     "sequelize": "^6.20.1",
     "sequelize-cli": "^6.4.1",
@@ -247,6 +249,7 @@
     "@types/mime-types": "^2.1.1",
     "@types/natural-sort": "^0.0.21",
     "@types/node": "15.12.2",
+    "@types/node-fetch": "^2.6.2",
     "@types/nodemailer": "^6.4.4",
     "@types/passport-oauth2": "^1.4.11",
     "@types/prosemirror-commands": "^1.0.1",
diff --git a/server/queues/tasks/DeliverWebhookTask.ts b/server/queues/tasks/DeliverWebhookTask.ts
index 571511eae..68a9bf15d 100644
--- a/server/queues/tasks/DeliverWebhookTask.ts
+++ b/server/queues/tasks/DeliverWebhookTask.ts
@@ -1,4 +1,5 @@
 import fetch from "fetch-with-proxy";
+import { useAgent } from "request-filtering-agent";
 import { Op } from "sequelize";
 import WebhookDisabledEmail from "@server/emails/templates/WebhookDisabledEmail";
 import env from "@server/env";
@@ -535,6 +536,8 @@ export default class DeliverWebhookTask extends BaseTask<Props> {
         method: "POST",
         headers: requestHeaders,
         body: JSON.stringify(requestBody),
+        redirect: "error",
+        agent: useAgent(subscription.url),
       });
       status = response.ok ? "success" : "failed";
     } catch (err) {
diff --git a/server/typings/fetch-with-proxy.d.ts b/server/typings/fetch-with-proxy.d.ts
index 381995596..3438f9ad9 100644
--- a/server/typings/fetch-with-proxy.d.ts
+++ b/server/typings/fetch-with-proxy.d.ts
@@ -1,3 +1,5 @@
 declare module "fetch-with-proxy" {
-  export = fetch;
+  import nodeFetch from "node-fetch";
+
+  export = nodeFetch;
 }
diff --git a/server/utils/passport.ts b/server/utils/passport.ts
index 279b0ac56..34f43e6be 100644
--- a/server/utils/passport.ts
+++ b/server/utils/passport.ts
@@ -82,7 +82,6 @@ export class StateStore {
 export async function request(endpoint: string, accessToken: string) {
   const response = await fetch(endpoint, {
     method: "GET",
-    credentials: "same-origin",
     headers: {
       Authorization: `Bearer ${accessToken}`,
       "Content-Type": "application/json",
diff --git a/server/utils/s3.ts b/server/utils/s3.ts
index f60209c99..4a911debf 100644
--- a/server/utils/s3.ts
+++ b/server/utils/s3.ts
@@ -3,6 +3,7 @@ import util from "util";
 import AWS from "aws-sdk";
 import { addHours, format } from "date-fns";
 import fetch from "fetch-with-proxy";
+import { useAgent } from "request-filtering-agent";
 import { v4 as uuidv4 } from "uuid";
 import env from "@server/env";
 import Logger from "@server/logging/Logger";
@@ -185,8 +186,9 @@ export const uploadToS3FromUrl = async (
   }
 
   try {
-    const res = await fetch(url);
-    // @ts-expect-error buffer exists, need updated typings
+    const res = await fetch(url, {
+      agent: useAgent(url),
+    });
     const buffer = await res.buffer();
     await s3
       .putObject({
diff --git a/yarn.lock b/yarn.lock
index 98ff4f04d..80b223051 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2809,6 +2809,14 @@
   resolved "https://registry.yarnpkg.com/@types/natural-sort/-/natural-sort-0.0.21.tgz#5583cfcd250f72e45af8611ef515d4e881f49556"
   integrity sha512-WYMWhAQLuBym+6qQ2Ojptm6qIACnkkYYs08sj+PVgRCrB6b7k1QpTRk0yMmxhlpPn5MbXcSfd6sHOYlzaokU3w==
 
+"@types/node-fetch@^2.6.2":
+  version "2.6.2"
+  resolved "https://registry.yarnpkg.com/@types/node-fetch/-/node-fetch-2.6.2.tgz#d1a9c5fd049d9415dce61571557104dec3ec81da"
+  integrity sha512-DHqhlq5jeESLy19TYhLakJ07kNumXWjcDdxXsLUMJZ6ue8VZJj4kLPQVE/2mdHh3xZziNF1xppu5lwmS53HR+A==
+  dependencies:
+    "@types/node" "*"
+    form-data "^3.0.0"
+
 "@types/node@*", "@types/node@>=12", "@types/node@>=13.7.0":
   version "17.0.38"
   resolved "https://registry.yarnpkg.com/@types/node/-/node-17.0.38.tgz#f8bb07c371ccb1903f3752872c89f44006132947"
@@ -8610,6 +8618,11 @@ ioredis@^4.27.0, ioredis@^4.28.0:
     redis-parser "^3.0.0"
     standard-as-callback "^2.1.0"
 
+ipaddr.js@^2.0.0:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/ipaddr.js/-/ipaddr.js-2.0.1.tgz#eca256a7a877e917aeb368b0a7497ddf42ef81c0"
+  integrity sha512-1qTgH9NG+IIJ4yfKs2e6Pp1bZg8wbDbKHT21HrLIeYBTRLgMYKnMTPAuI3Lcs61nfx5h1xlXnbJtH1kX5/d/ng==
+
 is-absolute@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/is-absolute/-/is-absolute-1.0.0.tgz#395e1ae84b11f26ad1795e73c17378e48a301576"
@@ -12924,6 +12937,13 @@ replace-ext@^1.0.0:
   resolved "https://registry.yarnpkg.com/replace-ext/-/replace-ext-1.0.1.tgz#2d6d996d04a15855d967443631dd5f77825b016a"
   integrity sha512-yD5BHCe7quCgBph4rMQ+0KkIRKwWCrHDOX1p1Gp6HwjPM5kVoCdKGNhN7ydqqsX6lJEnQDKZ/tFMiEdQ1dvPEw==
 
+request-filtering-agent@^1.1.2:
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/request-filtering-agent/-/request-filtering-agent-1.1.2.tgz#327deaff55dfee0b32efa0025ff9b8e6e121f2f4"
+  integrity sha512-v6uYIoey6rhe+nQXB5rlYEWJI+5SrnvM72XGeLUsykzu2omOEPoW4QmzEH+8/sheK4M/hwQ85L7aPj1cTJfPLg==
+  dependencies:
+    ipaddr.js "^2.0.0"
+
 require-directory@^2.1.1:
   version "2.1.1"
   resolved "https://registry.yarnpkg.com/require-directory/-/require-directory-2.1.1.tgz#8c64ad5fd30dab1c976e2344ffe7f792a6a6df42"