github/TREK
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add comprehensive backend test suite (#339)

Browse Source 
* add test suite, mostly covers integration testing, tests are only backend side

* workflow runs the correct script

* workflow runs the correct script

* workflow runs the correct script

* unit tests incoming

* Fix multer silent rejections and error handler info leak

- Revert cb(null, false) to cb(new Error(...)) in auth.ts, collab.ts,
  and files.ts so invalid uploads return an error instead of silently
  dropping the file
- Error handler in app.ts now always returns 500 / "Internal server
  error" instead of forwarding err.message to the client

* Use statusCode consistently for multer errors and error handler

- Error handler in app.ts reads err.statusCode to forward the correct
  HTTP status while keeping the response body generic
This commit is contained in:
Julien G.
2026-04-03 13:17:53 +02:00
committed by GitHub
parent d48714d17a
commit 905c7d460b
74 changed files with 12821 additions and 311 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
server/src/utils/ssrfGuard.ts
View File

@@ -1,6 +1,6 @@
import dns from 'dns/promises';
import http from 'http';
import https from 'https';
import dns from 'node:dns/promises';
import http from 'node:http';
import https from 'node:https';
const ALLOW_INTERNAL_NETWORK = process.env.ALLOW_INTERNAL_NETWORK === 'true';
@@ -17,11 +17,11 @@ function isAlwaysBlocked(ip: string): boolean {
const addr = ip.startsWith('[') ? ip.slice(1, -1) : ip;
// Loopback
if (/^127\./.test(addr) || addr === '::1') return true;
if (addr.startsWith("127.") || addr === '::1') return true;
// Unspecified
if (/^0\./.test(addr)) return true;
if (addr.startsWith("0.")) return true;
// Link-local / cloud metadata
if (/^169\.254\./.test(addr) || /^fe80:/i.test(addr)) return true;
if (addr.startsWith("169.254.") || /^fe80:/i.test(addr)) return true;
// IPv4-mapped loopback / link-local: ::ffff:127.x.x.x, ::ffff:169.254.x.x
if (/^::ffff:127\./i.test(addr) || /^::ffff:169\.254\./i.test(addr)) return true;
@@ -33,9 +33,9 @@ function isPrivateNetwork(ip: string): boolean {
const addr = ip.startsWith('[') ? ip.slice(1, -1) : ip;
// RFC-1918 private ranges
if (/^10\./.test(addr)) return true;
if (addr.startsWith("10.")) return true;
if (/^172\.(1[6-9]|2\d|3[01])\./.test(addr)) return true;
if (/^192\.168\./.test(addr)) return true;
if (addr.startsWith("192.168.")) return true;
// CGNAT / Tailscale shared address space (100.64.0.0/10)
if (/^100\.(6[4-9]|[7-9]\d|1[01]\d|12[0-7])\./.test(addr)) return true;
// IPv6 ULA (fc00::/7)