apunkt/webclaw
1
0
Fork 0
mirror of https://github.com/0xMassi/webclaw.git synced 2026-06-17 23:55:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

fix: harden fetch URL validation

Browse source
This commit is contained in:
Valerio 2026-05-04 11:50:57 +02:00
parent 23544f8fac
commit bdf81fe6bf
10 changed files with 284 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

16
crates/webclaw-server/src/main.rs
View file

@ -75,6 +75,15 @@ async fn main() -> anyhow::Result<()> {
.compact()
.init();
if is_unspecified_addr(args.host)
&& args.api_key.is_none()
&& std::env::var_os("WEBCLAW_ALLOW_OPEN_PUBLIC").is_none()
{
anyhow::bail!(
"refusing to bind 0.0.0.0/[::] without WEBCLAW_API_KEY; set WEBCLAW_API_KEY or WEBCLAW_ALLOW_OPEN_PUBLIC=1 to override"
);
}
let state = AppState::new(args.api_key.clone())?;
let v1 = Router::new()
@ -121,3 +130,10 @@ async fn main() -> anyhow::Result<()> {
axum::serve(listener, app).await?;
Ok(())
}
fn is_unspecified_addr(addr: IpAddr) -> bool {
match addr {
IpAddr::V4(ip) => ip.is_unspecified(),
IpAddr::V6(ip) => ip.is_unspecified(),
}
}