Revert "api: Enable local IP verification on webhooks (#2118)" (#2123)

This reverts commit 2c11962.
livepeer · Apr 3, 2024 · 5d92474 · 5d92474
1 parent 1fa939f
commit 5d92474
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 23 deletions.
diff --git a/packages/api/src/app-router.ts b/packages/api/src/app-router.ts
@@ -53,9 +53,6 @@ const PROM_BUNDLE_OPTS: promBundle.Opts = {
   },
 };
 
-const isTest =
-  process.env.NODE_ENV === "test" || process.env.NODE_ENV === "development";
-
 export default async function makeApp(params: CliArgs) {
   const {
     httpPrefix,
@@ -125,12 +122,15 @@ export default async function makeApp(params: CliArgs) {
     recordCatalystObjectStoreId,
     secondaryRecordObjectStoreId,
     supportAddr,
-    skipUrlVerification: isTest,
+    verifyUrls: true,
     queue,
   });
   await webhookCannon.start();
 
-  if (isTest) {
+  if (
+    process.env.NODE_ENV === "test" ||
+    process.env.NODE_ENV === "development"
+  ) {
     await setupTestTus();
   } else if (vodObjectStoreId) {
     await setupTus(vodObjectStoreId);

diff --git a/packages/api/src/webhooks/cannon.ts b/packages/api/src/webhooks/cannon.ts
@@ -42,7 +42,7 @@ function isRuntimeError(err: any): boolean {
 
 export default class WebhookCannon {
   running: boolean;
-  skipUrlVerification: boolean;
+  verifyUrls: boolean;
   frontendDomain: string;
   sendgridTemplateId: string;
   sendgridApiKey: string;
@@ -51,7 +51,7 @@ export default class WebhookCannon {
   secondaryVodObjectStoreId: string;
   recordCatalystObjectStoreId: string;
   secondaryRecordObjectStoreId: string;
-  resolver: dns.Resolver;
+  resolver: any;
   queue: Queue;
   constructor({
     frontendDomain,
@@ -62,11 +62,11 @@ export default class WebhookCannon {
     secondaryVodObjectStoreId,
     recordCatalystObjectStoreId,
     secondaryRecordObjectStoreId,
-    skipUrlVerification,
+    verifyUrls,
     queue,
   }) {
     this.running = true;
-    this.skipUrlVerification = skipUrlVerification;
+    this.verifyUrls = verifyUrls;
     this.frontendDomain = frontendDomain;
     this.sendgridTemplateId = sendgridTemplateId;
     this.sendgridApiKey = sendgridApiKey;
@@ -208,7 +208,8 @@ export default class WebhookCannon {
       return;
     }
     try {
-      await this._fireHook(trigger);
+      // TODO Activate URL Verification
+      await this._fireHook(trigger, false);
     } catch (err) {
       console.log("_fireHook error", err);
       await this.retry(trigger, null, err);
@@ -222,6 +223,10 @@ export default class WebhookCannon {
     this.running = false;
   }
 
+  disableUrlVerify() {
+    this.verifyUrls = false;
+  }
+
   public calcBackoff = (lastInterval?: number): number => {
     if (!lastInterval || lastInterval < 1000) {
       return 5000;
@@ -323,7 +328,7 @@ export default class WebhookCannon {
     );
   }
 
-  async _fireHook(trigger: messages.WebhookTrigger) {
+  async _fireHook(trigger: messages.WebhookTrigger, verifyUrl = true) {
     const { event, webhook, stream, user } = trigger;
     if (!event || !webhook || !user) {
       console.error(
@@ -333,24 +338,34 @@ export default class WebhookCannon {
       return;
     }
     console.log(`trying webhook ${webhook.name}: ${webhook.url}`);
-
-    let ips: string[];
-    let isLocal = false;
-    // These conditions are mainly useful for local testing
-    if (!user.admin && !this.skipUrlVerification) {
+    let ips, urlObj, isLocal;
+    if (verifyUrl) {
       try {
-        const urlObj = parseUrl(webhook.url);
-        ips = await Promise.all([
-          this.resolver.resolve4(urlObj.hostname),
-          this.resolver.resolve6(urlObj.hostname),
-        ]).then((ipsArrs) => ipsArrs.flat());
-        isLocal = ips.some(isLocalIP);
+        urlObj = parseUrl(webhook.url);
+        if (urlObj.host) {
+          ips = await this.resolver.resolve4(urlObj.hostname);
+        }
       } catch (e) {
-        console.error("error checking if is local IP: ", e);
+        console.error("error: ", e);
         throw e;
       }
     }
 
+    // This is mainly useful for local testing
+    if (user.admin || verifyUrl === false) {
+      isLocal = false;
+    } else {
+      try {
+        if (ips && ips.length) {
+          isLocal = isLocalIP(ips[0]);
+        } else {
+          isLocal = true;
+        }
+      } catch (e) {
+        console.error("isLocal Error", isLocal, e);
+        throw e;
+      }
+    }
     if (isLocal) {
       // don't fire this webhook.
       console.log(