Skip to content

Commit 00f0d80

Browse files
committed
feat: add gateway forbidden content types
1 parent 3def450 commit 00f0d80

File tree

3 files changed

+31
-3
lines changed

3 files changed

+31
-3
lines changed

packages/edge-gateway/src/constants.js

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,3 +9,4 @@ export const HTTP_STATUS_RATE_LIMITED = 429
99
export const HTTP_STATUS_SUCCESS = 200
1010
export const REQUEST_PREVENTED_RATE_LIMIT_CODE = 'RATE_LIMIT'
1111
export const TIMEOUT_CODE = 'TIMEOUT'
12+
export const FORBIDDEN_CONTENT_TYPES = ['application/octet-stream']

packages/edge-gateway/src/errors.js

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,21 @@ export class InvalidUrlError extends Error {
1313
}
1414
InvalidUrlError.CODE = 'ERROR_INVALID_URL'
1515

16+
export class ForbiddenContentError extends Error {
17+
/**
18+
* @param {string} message
19+
*/
20+
constructor(message = 'Forbidden content') {
21+
const status = 403
22+
super(createErrorHtmlContent(status, message))
23+
this.name = 'ForbiddenContentError'
24+
this.status = status
25+
this.code = ForbiddenContentError.CODE
26+
this.contentType = 'text/html'
27+
}
28+
}
29+
ForbiddenContentError.CODE = 'ERROR_INVALID_URL'
30+
1631
export class TimeoutError extends Error {
1732
/**
1833
* @param {string} message

packages/edge-gateway/src/gateway.js

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ import pAny, { AggregateError } from 'p-any'
55
import { FilterError } from 'p-some'
66
import pSettle from 'p-settle'
77

8-
import { TimeoutError } from './errors.js'
8+
import { TimeoutError, ForbiddenContentError } from './errors.js'
99
import { getCidFromSubdomainUrl } from './utils/cid.js'
1010
import { toDenyListAnchor } from './utils/deny-list.js'
1111
import {
@@ -17,6 +17,7 @@ import {
1717
HTTP_STATUS_RATE_LIMITED,
1818
REQUEST_PREVENTED_RATE_LIMIT_CODE,
1919
TIMEOUT_CODE,
20+
FORBIDDEN_CONTENT_TYPES,
2021
} from './constants.js'
2122

2223
/**
@@ -109,7 +110,6 @@ export async function gatewayGet(request, env, ctx) {
109110
const contentLengthMb = Number(
110111
winnerGwResponse.response.headers.get('content-length')
111112
)
112-
113113
await Promise.all([
114114
storeWinnerGwResponse(request, env, winnerGwResponse),
115115
settleGatewayRequests(),
@@ -120,6 +120,19 @@ export async function gatewayGet(request, env, ctx) {
120120
})()
121121
)
122122

123+
// Block content types
124+
if (
125+
FORBIDDEN_CONTENT_TYPES.includes(
126+
winnerGwResponse.response.headers.get('content-type')
127+
)
128+
) {
129+
throw new ForbiddenContentError(
130+
`Forbidden content type: ${winnerGwResponse.response.headers.get(
131+
'content-type'
132+
)}`
133+
)
134+
}
135+
123136
// forward winner gateway response
124137
return winnerGwResponse.response
125138
} catch (err) {
@@ -166,7 +179,6 @@ export async function gatewayGet(request, env, ctx) {
166179
throw new TimeoutError()
167180
}
168181
}
169-
170182
throw err
171183
}
172184
}

0 commit comments

Comments
 (0)