feat: add wildcard "*" to allow all hosts to connect via websocket

[micaelmz]

📋 Description

Adds support for using * in WEBSOCKET_ALLOWED_HOSTS env variable to allow any host to bypass the API’s WebSocket IP-restriction checks. Useful for local/Docker setups where container IPs change. Normal host whitelisting behavior remains unchanged when * is not used

🧪 Type of Change

• 🐛 Bug fix (non-breaking change which fixes an issue)
• ✨ New feature (non-breaking change which adds functionality)
• 💥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
• 📚 Documentation update
• 🔧 Refactoring (no functional changes)
• ⚡ Performance improvement
• 🧹 Code cleanup
• 🔒 Security fix

🧪 Testing

• Manual testing completed
• Functionality verified in development environment
• No breaking changes introduced
• Tested with different connection types (if applicable)
• Verified that WEBSOCKET_ALLOWED_HOSTS=* bypasses IP validation
• Verified that explicit host lists still work as before

✅ Checklist

• My code follows the project's style guidelines
• I have performed a self-review of my code
• I have manually tested my changes thoroughly
• I have verified the changes work with different scenarios

📝 Additional Notes

Intended only for development scenarios. Production should continue using explicit whitelists as introduced in the original security enhancement PR #1929

Summary by Sourcery

New Features:

• Support using a wildcard "*" value in WEBSOCKET_ALLOWED_HOSTS to bypass WebSocket IP-based host validation while retaining existing explicit host whitelist behavior.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Adds support for a wildcard "*" value in the WEBSOCKET_ALLOWED_HOSTS configuration to bypass WebSocket IP restriction checks while preserving existing explicit host validation behavior.

File-Level Changes

Change	Details	Files
Support a wildcard "*" value in WEBSOCKET_ALLOWED_HOSTS to allow all remote addresses to connect via WebSocket.	Read the WebSocket configuration and derive the allowed hosts string with existing default fallback. Introduce an allowAllHosts boolean that is true when the allowed hosts string is exactly "*" after trimming whitespace. Update the isAllowedHost computation to short-circuit to true when allowAllHosts is enabled, otherwise continue to split, trim, and check the remote address against the allowed host list.	src/api/integrations/event/websocket/websocket.controller.ts

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey there - I've reviewed your changes and they look great!

Prompt for AI Agents

Please address the comments from this code review:

## Individual Comments

### Comment 1
<location> `src/api/integrations/event/websocket/websocket.controller.ts:36-37` </location>
<code_context>
           const websocketConfig = configService.get<Websocket>('WEBSOCKET');
           const allowedHosts = websocketConfig.ALLOWED_HOSTS || '127.0.0.1,::1,::ffff:127.0.0.1';
-          const isAllowedHost = allowedHosts
+          const allowAllHosts = allowedHosts.trim() === '*';
+          const isAllowedHost = allowAllHosts || allowedHosts
             .split(',')
             .map((h) => h.trim())
</code_context>

<issue_to_address>
**suggestion (bug_risk):** Consider supporting '*' alongside other entries in ALLOWED_HOSTS, not only when it's the sole value.

Currently `allowAllHosts` is only true when `allowedHosts.trim() === '*'`. With a value like `"*,10.0.0.1"`, `*` will never match `remoteAddress` and the code will not allow all hosts as many would expect. To treat `*` as a wildcard even when combined with other entries, derive `allowAllHosts` from the split tokens, e.g.:

```ts
const tokens = allowedHosts.split(',').map(h => h.trim());
const allowAllHosts = tokens.includes('*');
const isAllowedHost = allowAllHosts || tokens.includes(remoteAddress);
```

(or equivalent), reusing `tokens` for the includes check.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[DavidsonGomes]

Please, fix the lint with npm run lint