Deluan Quintão
652c27690b
* feat(httpclient): implement HttpClient service for outbound HTTP requests in plugins Signed-off-by: Deluan <deluan@navidrome.org> * feat(httpclient): enhance SSRF protection by validating host requests against private IPs Signed-off-by: Deluan <deluan@navidrome.org> * feat(httpclient): support DELETE requests with body in HttpClient service Signed-off-by: Deluan <deluan@navidrome.org> * feat(httpclient): refactor HTTP client initialization and enhance redirect handling Signed-off-by: Deluan <deluan@navidrome.org> * refactor(http): standardize naming conventions for HTTP types and methods Signed-off-by: Deluan <deluan@navidrome.org> * refactor example plugin to use host.HTTPSend for improved error management Signed-off-by: Deluan <deluan@navidrome.org> * fix(plugins): fix IPv6 SSRF bypass and wildcard host matching Fix two bugs in the plugin HTTP/WebSocket host validation: 1. extractHostname now strips IPv6 brackets when no port is present (e.g. "[::1]" → "::1"). Previously, net.SplitHostPort failed for bracketed IPv6 without a port, leaving brackets intact. This caused net.ParseIP to return nil, bypassing the private/loopback SSRF guard. 2. matchHostPattern now treats "*" as an allow-all pattern. Previously, a bare "*" only matched via exact equality, so plugins declaring requiredHosts: ["*"] (like webhook-rs) had all requests rejected. --------- Signed-off-by: Deluan <deluan@navidrome.org>
56 lines
1.9 KiB
Go
56 lines
1.9 KiB
Go
// Code generated by ndpgen. DO NOT EDIT.
|
|
//
|
|
// This file contains mock implementations for non-WASM builds.
|
|
// These mocks allow IDE support, compilation, and unit testing on non-WASM platforms.
|
|
// Plugin authors can use the exported mock instances to set expectations in tests.
|
|
//
|
|
//go:build !wasip1
|
|
|
|
package host
|
|
|
|
import "github.com/stretchr/testify/mock"
|
|
|
|
// HTTPRequest represents an outbound HTTP request from a plugin.
|
|
type HTTPRequest struct {
|
|
Method string `json:"method"`
|
|
URL string `json:"url"`
|
|
Headers map[string]string `json:"headers"`
|
|
Body []byte `json:"body"`
|
|
TimeoutMs int32 `json:"timeoutMs"`
|
|
}
|
|
|
|
// HTTPResponse represents the response from an outbound HTTP request.
|
|
type HTTPResponse struct {
|
|
StatusCode int32 `json:"statusCode"`
|
|
Headers map[string]string `json:"headers"`
|
|
Body []byte `json:"body"`
|
|
}
|
|
|
|
// mockHTTPService is the mock implementation for testing.
|
|
type mockHTTPService struct {
|
|
mock.Mock
|
|
}
|
|
|
|
// HTTPMock is the auto-instantiated mock instance for testing.
|
|
// Use this to set expectations: host.HTTPMock.On("MethodName", args...).Return(values...)
|
|
var HTTPMock = &mockHTTPService{}
|
|
|
|
// Send is the mock method for HTTPSend.
|
|
func (m *mockHTTPService) Send(request HTTPRequest) (*HTTPResponse, error) {
|
|
args := m.Called(request)
|
|
return args.Get(0).(*HTTPResponse), args.Error(1)
|
|
}
|
|
|
|
// HTTPSend delegates to the mock instance.
|
|
// Send executes an HTTP request and returns the response.
|
|
//
|
|
// Parameters:
|
|
// - request: The HTTP request to execute, including method, URL, headers, body, and timeout
|
|
//
|
|
// Returns the HTTP response with status code, headers, and body.
|
|
// Network errors, timeouts, and permission failures are returned as Go errors.
|
|
// Successful HTTP calls (including 4xx/5xx status codes) return a non-nil response with nil error.
|
|
func HTTPSend(request HTTPRequest) (*HTTPResponse, error) {
|
|
return HTTPMock.Send(request)
|
|
}
|