diff --git a/packages/tests/src/api/server/ssrf.ts b/packages/tests/src/api/server/ssrf.ts index 8896d5d70..105d8141b 100644 --- a/packages/tests/src/api/server/ssrf.ts +++ b/packages/tests/src/api/server/ssrf.ts @@ -1,5 +1,6 @@ /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ +import { HttpStatusCode } from '@peertube/peertube-models' import { cleanupTests, createMultipleServers, @@ -10,7 +11,6 @@ import { } from '@peertube/peertube-server-commands' import { MockHTTP } from '@tests/shared/mock-servers/mock-http.js' import { expect } from 'chai' -import { HttpStatusCode } from '../../../../models/src/http/http-status-codes.js' describe('Test SSRF requests', function () { let servers: PeerTubeServer[] = [] diff --git a/packages/tests/src/server-helpers/request.ts b/packages/tests/src/server-helpers/request.ts index 38a74f6ea..b3d0f7aaa 100644 --- a/packages/tests/src/server-helpers/request.ts +++ b/packages/tests/src/server-helpers/request.ts @@ -43,7 +43,7 @@ describe('Request helpers', function () { const port = await mock.initialize() const before = new Date().getTime() - await doRequest('http://127.0.0.1:' + port) + await doRequest('http://127.0.0.1:' + port, { preventSSRF: false }) expect(new Date().getTime() - before).to.be.greaterThan(2000) diff --git a/packages/tests/src/shared/requests.ts b/packages/tests/src/shared/requests.ts index 908226cbd..3e4205f18 100644 --- a/packages/tests/src/shared/requests.ts +++ b/packages/tests/src/shared/requests.ts @@ -1,12 +1,11 @@ import { doRequest } from '@peertube/peertube-server/core/helpers/requests.js' export function makePOSTAPRequest (url: string, body: any, httpSignature: any, headers: any) { - const options = { - method: 'POST' as 'POST', + return doRequest(url, { + method: 'POST', json: body, httpSignature, - headers - } - - return doRequest(url, options) + headers, + preventSSRF: false + }) } diff --git a/server/core/helpers/requests.ts b/server/core/helpers/requests.ts index ced0b4bdc..b2ce1c65d 100644 --- a/server/core/helpers/requests.ts +++ b/server/core/helpers/requests.ts @@ -124,10 +124,14 @@ export const peertubeGot = CONFIG.FEDERATION.PREVENT_SSRF // --------------------------------------------------------------------------- -export function doRequest (url: string, options: PeerTubeRequestOptions = {}) { +export function doRequest (url: string, options: PeerTubeRequestOptions & { preventSSRF?: false } = {}) { const gotOptions = buildGotOptions(options) as OptionsOfTextResponseBody - return peertubeGot(url, gotOptions) + const gotInstance = options.preventSSRF === false + ? unsafeSSRFGot + : peertubeGot + + return gotInstance(url, gotOptions) .catch(err => { throw buildRequestError(err) }) }