Skip to content

Commit

Permalink
Mk:apiで外部サーバーとの接続を禁止 (#11883)
Browse files Browse the repository at this point in the history
* Mk:url(): no automatic token attaching when ep is url

* Limit requests to external servers by Mk:api

* remove unused import

* Update CHANGELOG.md

* Update packages/frontend/src/scripts/aiscript/api.ts

Co-authored-by: syuilo <[email protected]>

---------

Co-authored-by: syuilo <[email protected]>
  • Loading branch information
FineArchs and syuilo authored Sep 24, 2023
1 parent d05563c commit 30b2312
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,7 @@
- Fix: 複数の階層があるメニューで、短くタップすると正常に動かない場合がある問題を修正
- Fix: アニメーションがオフのとき、スマホで子メニューの選択ができない問題を修正
- Fix: ドロワーメニューで、親メニュー項目をマウスでホバーすると子メニューが表示されてしまう問題を修正
- Fix: AiScriptでMk:apiが外部と通信できる問題を修正

### Server
- Change: cacheRemoteFilesの初期値はfalseになりました
Expand Down
5 changes: 4 additions & 1 deletion packages/frontend/src/scripts/aiscript/api.ts
Original file line number Diff line number Diff line change
Expand Up @@ -34,12 +34,15 @@ export function createAiScriptEnv(opts) {
return confirm.canceled ? values.FALSE : values.TRUE;
}),
'Mk:api': values.FN_NATIVE(async ([ep, param, token]) => {
utils.assertString(ep);
if (ep.value.includes('://')) throw new Error('invalid endpoint');
if (token) {
utils.assertString(token);
// バグがあればundefinedもあり得るため念のため
if (typeof token.value !== 'string') throw new Error('invalid token');
}
return os.api(ep.value, utils.valToJs(param), token ? token.value : (opts.token ?? null)).then(res => {
const actualToken: string|null = token?.value ?? opts.token ?? null;
return os.api(ep.value, utils.valToJs(param), actualToken).then(res => {
return utils.jsToVal(res);
}, err => {
return values.ERROR('request_failed', utils.jsToVal(err));
Expand Down

0 comments on commit 30b2312

Please sign in to comment.