Remove usage of unsecure proxy for now

Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>
2025-12-27 15:13:21 +00:00 · 2020-10-22 16:59:22 +02:00 · 2020-10-22 16:59:22 +02:00 · fbf831355d
commit fbf831355d
parent b324020579
5 changed files with 4 additions and 105 deletions
--- a/packages/strapi-plugin-upload/admin/src/containers/InputModalStepperProvider/index.js
+++ b/packages/strapi-plugin-upload/admin/src/containers/InputModalStepperProvider/index.js
@ -1,6 +1,6 @@
 import React, { useReducer, useEffect, useState } from 'react';
 import PropTypes from 'prop-types';
-import { auth, request, generateSearchFromFilters, useGlobalContext } from 'strapi-helper-plugin';
+import { request, generateSearchFromFilters, useGlobalContext } from 'strapi-helper-plugin';
 import { clone, get, isEmpty, set } from 'lodash';
 import { useIntl } from 'react-intl';
 import axios from 'axios';
@ -85,8 +85,7 @@ const InputModalStepperProvider = ({
          const { source } = file;

          return axios
-            .get(`${strapi.backendURL}/${pluginId}/proxy?url=${file.fileURL}`, {
-              headers: { Authorization: `Bearer ${auth.getToken()}` },
+            .get(file.fileURL, {
              responseType: 'blob',
              cancelToken: source.token,
              timeout: 60000,
--- a/packages/strapi-plugin-upload/admin/src/containers/ModalStepper/index.js
+++ b/packages/strapi-plugin-upload/admin/src/containers/ModalStepper/index.js
@ -2,14 +2,7 @@ import React, { useCallback, useEffect, useState, useReducer, useRef } from 'rea
 import axios from 'axios';
 import PropTypes from 'prop-types';
 import { isEqual, isEmpty, get, set } from 'lodash';
-import {
-  Modal,
-  ModalFooter,
-  PopUpWarning,
-  useGlobalContext,
-  auth,
-  request,
-} from 'strapi-helper-plugin';
+import { Modal, ModalFooter, PopUpWarning, useGlobalContext, request } from 'strapi-helper-plugin';
 import { Button } from '@buffetjs/core';
 import pluginId from '../../pluginId';
 import { getFilesToDownload, getTrad, getYupError, urlSchema } from '../../utils';
@ -100,8 +93,7 @@ const ModalStepper = ({
          const { source } = file;

          return axios
-            .get(`${strapi.backendURL}/${pluginId}/proxy?url=${file.fileURL}`, {
-              headers: { Authorization: `Bearer ${auth.getToken()}` },
+            .get(file.fileURL, {
              responseType: 'blob',
              cancelToken: source.token,
              timeout: 60000,
--- a/packages/strapi-plugin-upload/config/routes.json
+++ b/packages/strapi-plugin-upload/config/routes.json
@ -93,14 +93,6 @@
          "name": "File"
        }
      }
-    },
-    {
-      "method": "GET",
-      "path": "/proxy",
-      "handler": "proxy.uploadProxy",
-      "config": {
-        "policies": []
-      }
    }
  ]
 }
--- a/packages/strapi-plugin-upload/controllers/proxy.js
+++ b/packages/strapi-plugin-upload/controllers/proxy.js
@ -1,42 +0,0 @@
-'use strict';
-
-const _ = require('lodash');
-const fetch = require('node-fetch');
-const isValidDomain = require('is-valid-domain');
-
-module.exports = {
-  async uploadProxy(ctx) {
-    try {
-      const url = new URL(ctx.query.url);
-
-      if (!['http:', 'https:'].includes(url.protocol)) {
-        throw new Error('Unexpected url protocol');
-      }
-
-      if (!isValidDomain(url.hostname)) {
-        throw new Error('Invalid url hostname');
-      }
-    } catch (err) {
-      ctx.status = 400;
-      ctx.body = 'Invalid URL';
-      return;
-    }
-
-    try {
-      const res = await fetch(new URL(ctx.query.url), {
-        headers: _.omit(ctx.request.headers, ['origin', 'host', 'authorization']),
-      });
-
-      for (const [key, value] of res.headers.entries()) {
-        ctx.set(key, value);
-      }
-
-      ctx.status = res.status;
-      ctx.body = res.body;
-    } catch (err) {
-      strapi.log.error(err);
-      ctx.status = 500;
-      ctx.body = 'Internal Server Error';
-    }
-  },
-};
--- a/packages/strapi-plugin-upload/test/proxy.test.e2e.js
+++ b/packages/strapi-plugin-upload/test/proxy.test.e2e.js
@ -1,42 +0,0 @@
-'use strict';
-
-// Helpers.
-const { registerAndLogin } = require('../../../test/helpers/auth');
-const { createAuthRequest } = require('../../../test/helpers/request');
-
-let rq;
-
-describe('Upload plugin end to end tests', () => {
-  beforeAll(async () => {
-    const token = await registerAndLogin();
-    rq = createAuthRequest(token);
-  }, 60000);
-
-  describe('GET /upload/proxy => Proxy the file', () => {
-    test('Return the remote URL', async () => {
-      const res = await rq.get('/upload/proxy', {
-        qs: {
-          url: 'https://strapi.io/',
-        },
-      });
-      expect(res.statusCode).toBe(200);
-    });
-
-    test('Accept an url with utf-8 characters', async () => {
-      const res = await rq.get('/upload/proxy', {
-        qs: {
-          url: 'https://strapi.io/?foo=网',
-        },
-      });
-
-      expect(res.statusCode).toBe(200);
-    });
-
-    test('Return 400 with an invalid url', async () => {
-      const res = await rq.get('/upload/proxy');
-
-      expect(res.statusCode).toBe(400);
-      expect(res.body).toEqual('Invalid URL');
-    });
-  });
-});