From fbf831355d33dc770899556dcd0e2250f811e738 Mon Sep 17 00:00:00 2001
From: Alexandre Bodin <bodin.alex@gmail.com>
Date: Thu, 22 Oct 2020 16:59:22 +0200
Subject: [PATCH] Remove usage of unsecure proxy for now

Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>
---
 .../InputModalStepperProvider/index.js        |  5 +--
 .../src/containers/ModalStepper/index.js      | 12 +-----
 .../strapi-plugin-upload/config/routes.json   |  8 ----
 .../strapi-plugin-upload/controllers/proxy.js | 42 -------------------
 .../test/proxy.test.e2e.js                    | 42 -------------------
 5 files changed, 4 insertions(+), 105 deletions(-)
 delete mode 100644 packages/strapi-plugin-upload/controllers/proxy.js
 delete mode 100644 packages/strapi-plugin-upload/test/proxy.test.e2e.js

diff --git a/packages/strapi-plugin-upload/admin/src/containers/InputModalStepperProvider/index.js b/packages/strapi-plugin-upload/admin/src/containers/InputModalStepperProvider/index.js
index a154d48d5d..e2d3b31438 100644
--- a/packages/strapi-plugin-upload/admin/src/containers/InputModalStepperProvider/index.js
+++ b/packages/strapi-plugin-upload/admin/src/containers/InputModalStepperProvider/index.js
@@ -1,6 +1,6 @@
 import React, { useReducer, useEffect, useState } from 'react';
 import PropTypes from 'prop-types';
-import { auth, request, generateSearchFromFilters, useGlobalContext } from 'strapi-helper-plugin';
+import { request, generateSearchFromFilters, useGlobalContext } from 'strapi-helper-plugin';
 import { clone, get, isEmpty, set } from 'lodash';
 import { useIntl } from 'react-intl';
 import axios from 'axios';
@@ -85,8 +85,7 @@ const InputModalStepperProvider = ({
           const { source } = file;
 
           return axios
-            .get(`${strapi.backendURL}/${pluginId}/proxy?url=${file.fileURL}`, {
-              headers: { Authorization: `Bearer ${auth.getToken()}` },
+            .get(file.fileURL, {
               responseType: 'blob',
               cancelToken: source.token,
               timeout: 60000,
diff --git a/packages/strapi-plugin-upload/admin/src/containers/ModalStepper/index.js b/packages/strapi-plugin-upload/admin/src/containers/ModalStepper/index.js
index fdde43f83a..2b6932ddc7 100644
--- a/packages/strapi-plugin-upload/admin/src/containers/ModalStepper/index.js
+++ b/packages/strapi-plugin-upload/admin/src/containers/ModalStepper/index.js
@@ -2,14 +2,7 @@ import React, { useCallback, useEffect, useState, useReducer, useRef } from 'rea
 import axios from 'axios';
 import PropTypes from 'prop-types';
 import { isEqual, isEmpty, get, set } from 'lodash';
-import {
-  Modal,
-  ModalFooter,
-  PopUpWarning,
-  useGlobalContext,
-  auth,
-  request,
-} from 'strapi-helper-plugin';
+import { Modal, ModalFooter, PopUpWarning, useGlobalContext, request } from 'strapi-helper-plugin';
 import { Button } from '@buffetjs/core';
 import pluginId from '../../pluginId';
 import { getFilesToDownload, getTrad, getYupError, urlSchema } from '../../utils';
@@ -100,8 +93,7 @@ const ModalStepper = ({
           const { source } = file;
 
           return axios
-            .get(`${strapi.backendURL}/${pluginId}/proxy?url=${file.fileURL}`, {
-              headers: { Authorization: `Bearer ${auth.getToken()}` },
+            .get(file.fileURL, {
               responseType: 'blob',
               cancelToken: source.token,
               timeout: 60000,
diff --git a/packages/strapi-plugin-upload/config/routes.json b/packages/strapi-plugin-upload/config/routes.json
index ca3e4f2b06..41641926cd 100644
--- a/packages/strapi-plugin-upload/config/routes.json
+++ b/packages/strapi-plugin-upload/config/routes.json
@@ -93,14 +93,6 @@
           "name": "File"
         }
       }
-    },
-    {
-      "method": "GET",
-      "path": "/proxy",
-      "handler": "proxy.uploadProxy",
-      "config": {
-        "policies": []
-      }
     }
   ]
 }
diff --git a/packages/strapi-plugin-upload/controllers/proxy.js b/packages/strapi-plugin-upload/controllers/proxy.js
deleted file mode 100644
index e49e811ef5..0000000000
--- a/packages/strapi-plugin-upload/controllers/proxy.js
+++ /dev/null
@@ -1,42 +0,0 @@
-'use strict';
-
-const _ = require('lodash');
-const fetch = require('node-fetch');
-const isValidDomain = require('is-valid-domain');
-
-module.exports = {
-  async uploadProxy(ctx) {
-    try {
-      const url = new URL(ctx.query.url);
-
-      if (!['http:', 'https:'].includes(url.protocol)) {
-        throw new Error('Unexpected url protocol');
-      }
-
-      if (!isValidDomain(url.hostname)) {
-        throw new Error('Invalid url hostname');
-      }
-    } catch (err) {
-      ctx.status = 400;
-      ctx.body = 'Invalid URL';
-      return;
-    }
-
-    try {
-      const res = await fetch(new URL(ctx.query.url), {
-        headers: _.omit(ctx.request.headers, ['origin', 'host', 'authorization']),
-      });
-
-      for (const [key, value] of res.headers.entries()) {
-        ctx.set(key, value);
-      }
-
-      ctx.status = res.status;
-      ctx.body = res.body;
-    } catch (err) {
-      strapi.log.error(err);
-      ctx.status = 500;
-      ctx.body = 'Internal Server Error';
-    }
-  },
-};
diff --git a/packages/strapi-plugin-upload/test/proxy.test.e2e.js b/packages/strapi-plugin-upload/test/proxy.test.e2e.js
deleted file mode 100644
index 1617ade19b..0000000000
--- a/packages/strapi-plugin-upload/test/proxy.test.e2e.js
+++ /dev/null
@@ -1,42 +0,0 @@
-'use strict';
-
-// Helpers.
-const { registerAndLogin } = require('../../../test/helpers/auth');
-const { createAuthRequest } = require('../../../test/helpers/request');
-
-let rq;
-
-describe('Upload plugin end to end tests', () => {
-  beforeAll(async () => {
-    const token = await registerAndLogin();
-    rq = createAuthRequest(token);
-  }, 60000);
-
-  describe('GET /upload/proxy => Proxy the file', () => {
-    test('Return the remote URL', async () => {
-      const res = await rq.get('/upload/proxy', {
-        qs: {
-          url: 'https://strapi.io/',
-        },
-      });
-      expect(res.statusCode).toBe(200);
-    });
-
-    test('Accept an url with utf-8 characters', async () => {
-      const res = await rq.get('/upload/proxy', {
-        qs: {
-          url: 'https://strapi.io/?foo=网',
-        },
-      });
-
-      expect(res.statusCode).toBe(200);
-    });
-
-    test('Return 400 with an invalid url', async () => {
-      const res = await rq.get('/upload/proxy');
-
-      expect(res.statusCode).toBe(400);
-      expect(res.body).toEqual('Invalid URL');
-    });
-  });
-});