feat: add gateway forbidden content types

Author: vasco-santos

packages/edge-gateway/src/constants.js

@@ -9,3 +9,4 @@ export const HTTP_STATUS_RATE_LIMITED = 429
 export const HTTP_STATUS_SUCCESS = 200
 export const REQUEST_PREVENTED_RATE_LIMIT_CODE = 'RATE_LIMIT'
 export const TIMEOUT_CODE = 'TIMEOUT'
+export const FORBIDDEN_CONTENT_TYPES = ['application/octet-stream']

packages/edge-gateway/src/errors.js

@@ -13,6 +13,21 @@ export class InvalidUrlError extends Error {
 }
 InvalidUrlError.CODE = 'ERROR_INVALID_URL'
 
+export class ForbiddenContentError extends Error {
+  /**
+   * @param {string} message
+   */
+  constructor(message = 'Forbidden content') {
+    const status = 403
+    super(createErrorHtmlContent(status, message))
+    this.name = 'ForbiddenContentError'
+    this.status = status
+    this.code = ForbiddenContentError.CODE
+    this.contentType = 'text/html'
+  }
+}
+ForbiddenContentError.CODE = 'ERROR_INVALID_URL'
+
 export class TimeoutError extends Error {
   /**
    * @param {string} message

packages/edge-gateway/src/gateway.js

@@ -5,7 +5,7 @@ import pAny, { AggregateError } from 'p-any'
 import { FilterError } from 'p-some'
 import pSettle from 'p-settle'
 
-import { TimeoutError } from './errors.js'
+import { TimeoutError, ForbiddenContentError } from './errors.js'
 import { getCidFromSubdomainUrl } from './utils/cid.js'
 import { toDenyListAnchor } from './utils/deny-list.js'
 import {
@@ -17,6 +17,7 @@ import {
   HTTP_STATUS_RATE_LIMITED,
   REQUEST_PREVENTED_RATE_LIMIT_CODE,
   TIMEOUT_CODE,
+  FORBIDDEN_CONTENT_TYPES,
 } from './constants.js'
 
 /**
@@ -109,7 +110,6 @@ export async function gatewayGet(request, env, ctx) {
         const contentLengthMb = Number(
           winnerGwResponse.response.headers.get('content-length')
         )
-
         await Promise.all([
           storeWinnerGwResponse(request, env, winnerGwResponse),
           settleGatewayRequests(),
@@ -120,6 +120,19 @@ export async function gatewayGet(request, env, ctx) {
       })()
     )
 
+    // Block content types
+    if (
+      FORBIDDEN_CONTENT_TYPES.includes(
+        winnerGwResponse.response.headers.get('content-type')
+      )
+    ) {
+      throw new ForbiddenContentError(
+        `Forbidden content type: ${winnerGwResponse.response.headers.get(
+          'content-type'
+        )}`
+      )
+    }
+
     // forward winner gateway response
     return winnerGwResponse.response
   } catch (err) {
@@ -166,7 +179,6 @@ export async function gatewayGet(request, env, ctx) {
         throw new TimeoutError()
       }
     }
-
     throw err
   }
 }