diff --git a/packages/service/core/workflow/dispatch/tools/http468.ts b/packages/service/core/workflow/dispatch/tools/http468.ts index 1cccef0e8..7d408d699 100644 --- a/packages/service/core/workflow/dispatch/tools/http468.ts +++ b/packages/service/core/workflow/dispatch/tools/http468.ts @@ -27,6 +27,7 @@ import type { StoreSecretValueType } from '@fastgpt/global/common/secret/type'; import { addLog } from '../../../../common/system/log'; import { SERVICE_LOCAL_HOST } from '../../../../common/system/tools'; import { formatHttpError } from '../utils'; +import { isInternalAddress } from '../../../../common/system/utils'; type PropsArrType = { key: string; @@ -414,6 +415,10 @@ async function fetchData({ params: Record; timeout: number; }) { + if (isInternalAddress(url)) { + return Promise.reject('Url is invalid'); + } + const { data: response } = await axios({ method, baseURL: `http://${SERVICE_LOCAL_HOST}`, diff --git a/packages/service/core/workflow/dispatch/tools/readFiles.ts b/packages/service/core/workflow/dispatch/tools/readFiles.ts index eee033233..92433796d 100644 --- a/packages/service/core/workflow/dispatch/tools/readFiles.ts +++ b/packages/service/core/workflow/dispatch/tools/readFiles.ts @@ -15,6 +15,7 @@ import { addLog } from '../../../../common/system/log'; import { addRawTextBuffer, getRawTextBuffer } from '../../../../common/buffer/rawText/controller'; import { addMinutes } from 'date-fns'; import { getNodeErrResponse } from '../utils'; +import { isInternalAddress } from '../../../../common/system/utils'; type Props = ModuleDispatchProps<{ [NodeInputKeyEnum.fileUrlList]: string[]; @@ -175,6 +176,9 @@ export const getFileContentFromLinks = async ({ } try { + if (isInternalAddress(url)) { + return Promise.reject('Url is invalid'); + } // Get file buffer data const response = await axios.get(url, { baseURL: serverRequestBaseUrl, diff --git a/projects/app/src/pages/api/common/system/writefile.ts b/projects/app/src/pages/api/common/system/writefile.ts deleted file mode 100644 index feb458e53..000000000 --- a/projects/app/src/pages/api/common/system/writefile.ts +++ /dev/null @@ -1,25 +0,0 @@ -import type { ApiRequestProps, ApiResponseType } from '@fastgpt/service/type/next'; -import { NextAPI } from '@/service/middleware/entry'; -import * as fs from 'fs'; -import { authCert } from '@fastgpt/service/support/permission/auth/common'; - -export type writefileQuery = {}; - -export type writefileBody = { - name: string; - content: string; -}; - -export type writefileResponse = {}; - -async function handler( - req: ApiRequestProps, - res: ApiResponseType -): Promise { - await authCert({ req, authRoot: true }); - const { name, content } = req.body; - await fs.promises.writeFile(`public/${name}`, content); - return {}; -} - -export default NextAPI(handler);