farcasclaudiu/Flowise
1
0
Fork 0
mirror of https://github.com/farcasclaudiu/Flowise.git synced 2026-06-28 19:00:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1765 from 0xi4o/feature/allowed-domains

Browse Source 
Feature: Allowed domains for chatflows
This commit is contained in:
Ilango
2024-03-11 16:16:53 +05:30
committed by GitHub
parent 6083dfa9cc 3b84e718a2
commit 13ee0d0c7b
4 changed files with 279 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/server/src/index.ts
+30 -1
View File
@@ -1319,7 +1319,36 @@ export class App {
upload.array('files'),
(req: Request, res: Response, next: NextFunction) => getRateLimiter(req, res, next),
async (req: Request, res: Response) => {
await this.buildChatflow(req, res, socketIO)
const chatflow = await this.AppDataSource.getRepository(ChatFlow).findOneBy({
id: req.params.id
})
if (!chatflow) return res.status(404).send(`Chatflow ${req.params.id} not found`)
let isDomainAllowed = true
logger.info(`[server]: Request originated from ${req.headers.origin}`)
if (chatflow.chatbotConfig) {
const parsedConfig = JSON.parse(chatflow.chatbotConfig)
// check whether the first one is not empty. if it is empty that means the user set a value and then removed it.
const isValidAllowedOrigins = parsedConfig.allowedOrigins?.length && parsedConfig.allowedOrigins[0] !== ''
if (isValidAllowedOrigins) {
const originHeader = req.headers.origin as string
const origin = new URL(originHeader).host
isDomainAllowed =
parsedConfig.allowedOrigins.filter((domain: string) => {
try {
const allowedOrigin = new URL(domain).host
return origin === allowedOrigin
} catch (e) {
return false
}
}).length > 0
}
}
if (isDomainAllowed) {
await this.buildChatflow(req, res, socketIO)
} else {
return res.status(401).send(`This site is not allowed to access this chatbot`)
}
}
)