feat: validate proxy targets during signing and proxy fetch

This commit is contained in:
2026-06-26 23:56:23 +02:00
parent f8e3f89e42
commit 5338c61a5d
3 changed files with 12 additions and 3 deletions

View File

@@ -8,8 +8,8 @@ import (
"time"
"mal/internal/domain"
"mal/internal/playback/proxytarget"
"mal/internal/server"
netutil "mal/pkg/net"
"github.com/gin-gonic/gin"
)
@@ -27,8 +27,8 @@ func NewPlaybackHandler(svc domain.PlaybackService, animeSvc domain.AnimePlaybac
return &PlaybackHandler{
svc: svc,
animeSvc: animeSvc,
proxyClient: netutil.NewClient(),
streamingClient: netutil.NewStreamingClient(),
proxyClient: proxytarget.NewClient(60 * time.Second),
streamingClient: proxytarget.NewStreamingClient(),
subtitleCache: newSubtitleCache(10*time.Minute, 256),
}
}

View File

@@ -4,6 +4,7 @@ import (
"context"
"fmt"
"mal/internal/observability"
"mal/internal/playback/proxytarget"
netutil "mal/pkg/net"
"net/http"
@@ -11,6 +12,10 @@ import (
)
func newProxyRequest(ctx context.Context, targetURL string, referer string) (*http.Request, error) {
if err := proxytarget.Validate(targetURL); err != nil {
return nil, fmt.Errorf("validate proxy target %q: %w", targetURL, err)
}
req, err := http.NewRequestWithContext(ctx, http.MethodGet, targetURL, nil)
if err != nil {
return nil, fmt.Errorf("build proxy request for %q: %w", targetURL, err)

View File

@@ -7,6 +7,7 @@ import (
"mal/integrations/jikan"
"mal/internal/domain"
"mal/internal/observability"
"mal/internal/playback/proxytarget"
errlog "mal/pkg"
netutil "mal/pkg/net"
"net/http"
@@ -43,6 +44,9 @@ func (s *playbackService) SignProxyToken(targetURL, referer, scope string) (stri
if s.proxyTokenKey == "" {
return "", nil
}
if err := proxytarget.Validate(targetURL); err != nil {
return "", err
}
return s.proxyTokens.create(targetURL, referer, scope, 2*time.Hour, time.Now())
}