🐛 fix: fix /api/proxy internal proxy attack (#2255)

package.json

@@ -118,6 +118,7 @@
     "i18next-resources-to-backend": "^1.2.1",
     "idb-keyval": "^6.2.1",
     "immer": "^10.0.4",
+    "ip": "^2.0.1",
     "jose": "^5.2.4",
     "langfuse": "^3.7.0",
     "langfuse-core": "^3.7.0",
@@ -183,6 +184,7 @@
     "@types/chroma-js": "^2.4.4",
     "@types/debug": "^4.1.12",
     "@types/diff": "^5.2.0",
+    "@types/ip": "^1.1.3",
     "@types/json-schema": "^7.0.15",
     "@types/lodash": "^4.17.0",
     "@types/lodash-es": "^4.17.12",

src/app/api/proxy/route.ts

@@ -1,12 +1,34 @@
-export const runtime = 'edge';
+import { isPrivate } from 'ip';
+import { NextResponse } from 'next/server';
+import dns from 'node:dns';
+import { promisify } from 'node:util';
+
+const lookupAsync = promisify(dns.lookup);
+
+export const runtime = 'nodejs';
 
 /**
  * just for a proxy
  */
 export const POST = async (req: Request) => {
-  const url = await req.text();
+  const url = new URL(await req.text());
+  let address;
+
+  try {
+    const lookupResult = await lookupAsync(url.hostname);
+    address = lookupResult.address;
+  } catch (err) {
+    console.error(`${url.hostname} DNS parser error:`, err);
+
+    return NextResponse.json({ error: 'DNS parser error' }, { status: 504 });
+  }
+
+  const isInternalHost = isPrivate(address);
+
+  if (isInternalHost)
+    return NextResponse.json({ error: 'Not support internal host proxy' }, { status: 400 });
 
-  const res = await fetch(url);
+  const res = await fetch(url.toString());
 
   return new Response(res.body, { headers: res.headers });
 };