JSDoc: Module: utils/ssrfGuard

Module: utils/ssrfGuard

Shared SSRF protection utilities.

Extracted from routes/trigger.js so the same two-layer defence can be reused wherever the server makes outbound HTTP requests to user-configured URLs (notification webhooks, callback URLs, etc.).

Exports

validateUrl — Synchronous string checks + async DNS resolution.
safeFetch — Fetch with DNS re-resolution and redirect blocking.
isPrivateIp — Check whether an IP is in a private/reserved range.

Source:

utils/ssrfGuard.js, line 1

Members

(inner, constant) PRIVATE_IPV4_RANGES :Array.<Array.<number>>

[baseIp, mask, bits] for IPv4

Type:

Array.<Array.<number>>

Source:

utils/ssrfGuard.js, line 21

Methods

(static) isPrivateIp(ip) → {boolean}

Check whether an IP address is in a private or reserved range.

Parameters:

Name	Type	Description
`ip`	string	IPv4 or IPv6 address string.

Source:

utils/ssrfGuard.js, line 48

Returns:

Type: boolean

(static) safeFetch(url, options) → {Promise.<Response>}

Fetch a URL with SSRF protections applied at request time.

Re-resolves DNS to mitigate DNS rebinding attacks.
Blocks redirects (redirect: "error") to prevent open-redirect SSRF bypass.

Parameters:

Name	Type	Description
`url`	string	The URL to fetch.
`options`	Object	Standard fetch options (method, headers, body, signal, etc.).

Source:

utils/ssrfGuard.js, line 159

Throws:

If DNS re-resolution detects a private IP or the fetch fails.
Type Error

Returns:

Type: Promise.<Response>

(static) validateUrl(raw) → {Promise.<(string|null)>}

Validate a URL for SSRF safety.

Performs synchronous string checks (protocol, known private hostnames, literal private IPs) and then resolves the hostname via DNS to catch domains that point to private/reserved addresses.

Parameters:

Name	Type	Description
`raw`	string	The URL to validate.

Source:

utils/ssrfGuard.js, line 128

Returns:

null if valid, or an error message string.

Type: Promise.<(string|null)>

(async, inner) resolveAndCheckDns(host) → {Promise.<(string|null)>}

Resolve a hostname via DNS and check all addresses for private/reserved IPs.

Skips resolution for bare IP addresses (already checked by the caller via isPrivateIp). Resolves both A and AAAA records to prevent bypass via a safe A record paired with a private AAAA record.

Parameters:

Name	Type	Description
`host`	string	Lowercase hostname to resolve.

Source:

utils/ssrfGuard.js, line 91

Returns:

null if safe, or an error message string.

Type: Promise.<(string|null)>