fix: harden GHE URL detection and extract shared GitHub helpers
This commit is contained in:
statxc
parent
9e1ee925cd
commit
f9cebe9b73
6 changed files with 35 additions and 50 deletions
|
|
@ -768,7 +768,7 @@ export function isHttpUrl(input: string): boolean {
|
|||
export function isGithubUrl(input: string): boolean {
|
||||
try {
|
||||
const url = new URL(input.trim());
|
||||
if (url.protocol !== "https:" && url.protocol !== "http:") return false;
|
||||
if (url.protocol !== "https:") return false;
|
||||
const segments = url.pathname.split("/").filter(Boolean);
|
||||
return segments.length >= 2;
|
||||
} catch {
|
||||
|
|
|
|||
|
|
@ -45,6 +45,7 @@ import {
|
|||
writePaperclipSkillSyncPreference,
|
||||
} from "@paperclipai/adapter-utils/server-utils";
|
||||
import { notFound, unprocessable } from "../errors.js";
|
||||
import { ghFetch, gitHubApiBase, resolveRawGitHubUrl } from "./github-fetch.js";
|
||||
import type { StorageService } from "../storage/types.js";
|
||||
import { accessService } from "./access.js";
|
||||
import { agentService } from "./agents.js";
|
||||
|
|
@ -2100,14 +2101,6 @@ function parseFrontmatterMarkdown(raw: string): MarkdownDoc {
|
|||
};
|
||||
}
|
||||
|
||||
async function ghFetch(url: string, init?: RequestInit): Promise<Response> {
|
||||
try {
|
||||
return await fetch(url, init);
|
||||
} catch {
|
||||
throw unprocessable(`Could not connect to ${new URL(url).hostname} — ensure the URL points to a GitHub or GitHub Enterprise instance`);
|
||||
}
|
||||
}
|
||||
|
||||
async function fetchText(url: string) {
|
||||
const response = await ghFetch(url);
|
||||
if (!response.ok) {
|
||||
|
|
@ -2619,21 +2612,6 @@ export function parseGitHubSourceUrl(rawUrl: string) {
|
|||
return { hostname, owner, repo, ref, basePath, companyPath };
|
||||
}
|
||||
|
||||
function isGitHubDotCom(hostname: string) {
|
||||
const h = hostname.toLowerCase();
|
||||
return h === "github.com" || h === "www.github.com";
|
||||
}
|
||||
|
||||
function resolveRawGitHubUrl(hostname: string, owner: string, repo: string, ref: string, filePath: string) {
|
||||
const p = filePath.replace(/^\/+/, "");
|
||||
return isGitHubDotCom(hostname)
|
||||
? `https://raw.githubusercontent.com/${owner}/${repo}/${ref}/${p}`
|
||||
: `https://${hostname}/raw/${owner}/${repo}/${ref}/${p}`;
|
||||
}
|
||||
|
||||
function gitHubApiBase(hostname: string) {
|
||||
return isGitHubDotCom(hostname) ? "https://api.github.com" : `https://${hostname}/api/v3`;
|
||||
}
|
||||
|
||||
export function companyPortabilityService(db: Db, storage?: StorageService) {
|
||||
const companies = companyService(db);
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ import { normalizeAgentUrlKey } from "@paperclipai/shared";
|
|||
import { findServerAdapter } from "../adapters/index.js";
|
||||
import { resolvePaperclipInstanceRoot } from "../home-paths.js";
|
||||
import { notFound, unprocessable } from "../errors.js";
|
||||
import { ghFetch, gitHubApiBase, resolveRawGitHubUrl } from "./github-fetch.js";
|
||||
import { agentService } from "./agents.js";
|
||||
import { projectService } from "./projects.js";
|
||||
import { secretService } from "./secrets.js";
|
||||
|
|
@ -470,14 +471,6 @@ function parseFrontmatterMarkdown(raw: string): { frontmatter: Record<string, un
|
|||
};
|
||||
}
|
||||
|
||||
async function ghFetch(url: string, init?: RequestInit): Promise<Response> {
|
||||
try {
|
||||
return await fetch(url, init);
|
||||
} catch {
|
||||
throw unprocessable(`Could not connect to ${new URL(url).hostname} — ensure the URL points to a GitHub or GitHub Enterprise instance`);
|
||||
}
|
||||
}
|
||||
|
||||
async function fetchText(url: string) {
|
||||
const response = await ghFetch(url);
|
||||
if (!response.ok) {
|
||||
|
|
@ -498,14 +491,6 @@ async function fetchJson<T>(url: string): Promise<T> {
|
|||
return response.json() as Promise<T>;
|
||||
}
|
||||
|
||||
function isGitHubDotCom(hostname: string) {
|
||||
const h = hostname.toLowerCase();
|
||||
return h === "github.com" || h === "www.github.com";
|
||||
}
|
||||
|
||||
function gitHubApiBase(hostname: string) {
|
||||
return isGitHubDotCom(hostname) ? "https://api.github.com" : `https://${hostname}/api/v3`;
|
||||
}
|
||||
|
||||
async function resolveGitHubDefaultBranch(owner: string, repo: string, apiBase: string) {
|
||||
const response = await fetchJson<{ default_branch?: string }>(
|
||||
|
|
@ -566,12 +551,6 @@ async function resolveGitHubPinnedRef(parsed: ReturnType<typeof parseGitHubSourc
|
|||
return { pinnedRef, trackingRef };
|
||||
}
|
||||
|
||||
function resolveRawGitHubUrl(hostname: string, owner: string, repo: string, ref: string, filePath: string) {
|
||||
const p = filePath.replace(/^\/+/, "");
|
||||
return isGitHubDotCom(hostname)
|
||||
? `https://raw.githubusercontent.com/${owner}/${repo}/${ref}/${p}`
|
||||
: `https://${hostname}/raw/${owner}/${repo}/${ref}/${p}`;
|
||||
}
|
||||
|
||||
function extractCommandTokens(raw: string) {
|
||||
const matches = raw.match(/"[^"]*"|'[^']*'|\S+/g) ?? [];
|
||||
|
|
@ -1004,8 +983,11 @@ async function readUrlSkillImports(
|
|||
const warnings: string[] = [];
|
||||
const isGitHubRepoUrl = (() => { try {
|
||||
const parsed = new URL(url);
|
||||
if (parsed.protocol !== "https:" && parsed.protocol !== "http:") return false;
|
||||
return parsed.pathname.split("/").filter(Boolean).length >= 2 && !parsed.pathname.endsWith(".md");
|
||||
if (parsed.protocol !== "https:") return false;
|
||||
const h = parsed.hostname.toLowerCase();
|
||||
if (h.endsWith(".githubusercontent.com") || h === "gist.github.com") return false;
|
||||
const segments = parsed.pathname.split("/").filter(Boolean);
|
||||
return segments.length >= 2 && !parsed.pathname.endsWith(".md");
|
||||
} catch { return false; } })();
|
||||
if (isGitHubRepoUrl) {
|
||||
const parsed = parseGitHubSourceUrl(url);
|
||||
|
|
|
|||
25
server/src/services/github-fetch.ts
Normal file
25
server/src/services/github-fetch.ts
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
import { unprocessable } from "../errors.js";
|
||||
|
||||
function isGitHubDotCom(hostname: string) {
|
||||
const h = hostname.toLowerCase();
|
||||
return h === "github.com" || h === "www.github.com";
|
||||
}
|
||||
|
||||
export function gitHubApiBase(hostname: string) {
|
||||
return isGitHubDotCom(hostname) ? "https://api.github.com" : `https://${hostname}/api/v3`;
|
||||
}
|
||||
|
||||
export function resolveRawGitHubUrl(hostname: string, owner: string, repo: string, ref: string, filePath: string) {
|
||||
const p = filePath.replace(/^\/+/, "");
|
||||
return isGitHubDotCom(hostname)
|
||||
? `https://raw.githubusercontent.com/${owner}/${repo}/${ref}/${p}`
|
||||
: `https://${hostname}/raw/${owner}/${repo}/${ref}/${p}`;
|
||||
}
|
||||
|
||||
export async function ghFetch(url: string, init?: RequestInit): Promise<Response> {
|
||||
try {
|
||||
return await fetch(url, init);
|
||||
} catch {
|
||||
throw unprocessable(`Could not connect to ${new URL(url).hostname} — ensure the URL points to a GitHub or GitHub Enterprise instance`);
|
||||
}
|
||||
}
|
||||
|
|
@ -121,7 +121,7 @@ export function NewProjectDialog() {
|
|||
const isGitHubRepoUrl = (value: string) => {
|
||||
try {
|
||||
const parsed = new URL(value);
|
||||
if (parsed.protocol !== "https:" && parsed.protocol !== "http:") return false;
|
||||
if (parsed.protocol !== "https:") return false;
|
||||
const segments = parsed.pathname.split("/").filter(Boolean);
|
||||
return segments.length >= 2;
|
||||
} catch {
|
||||
|
|
|
|||
|
|
@ -346,7 +346,7 @@ export function ProjectProperties({ project, onUpdate, onFieldUpdate, getFieldSa
|
|||
const isGitHubRepoUrl = (value: string) => {
|
||||
try {
|
||||
const parsed = new URL(value);
|
||||
if (parsed.protocol !== "https:" && parsed.protocol !== "http:") return false;
|
||||
if (parsed.protocol !== "https:") return false;
|
||||
const segments = parsed.pathname.split("/").filter(Boolean);
|
||||
return segments.length >= 2;
|
||||
} catch {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue