Fix whitelist checking for dev-portal

2025-04-20 03:24:50 +00:00 · 2023-11-22 16:05:27 +01:00 · 2023-11-22 16:05:27 +01:00 · ef8ea9eecf
commit ef8ea9eecf
parent e221b508d3
3 changed files with 23 additions and 5 deletions
--- a/app/src/main/java/com/futo/platformplayer/api/media/platforms/js/internal/JSHttpClient.kt
+++ b/app/src/main/java/com/futo/platformplayer/api/media/platforms/js/internal/JSHttpClient.kt
@ -6,10 +6,13 @@ import com.futo.platformplayer.api.http.ManagedHttpClient
 import com.futo.platformplayer.api.media.platforms.js.JSClient
 import com.futo.platformplayer.api.media.platforms.js.SourceAuth
 import com.futo.platformplayer.api.media.platforms.js.SourceCaptchaData
+import com.futo.platformplayer.api.media.platforms.js.SourcePluginConfig
+import com.futo.platformplayer.engine.exceptions.ScriptImplementationException
 import com.futo.platformplayer.matchesDomain

 class JSHttpClient : ManagedHttpClient {
    private val _jsClient: JSClient?;
+    private val _jsConfig: SourcePluginConfig?;
    private val _auth: SourceAuth?;
    private val _captcha: SourceCaptchaData?;

@ -20,8 +23,9 @@ class JSHttpClient : ManagedHttpClient {

    private var _currentCookieMap: HashMap<String, HashMap<String, String>>;

-    constructor(jsClient: JSClient?, auth: SourceAuth? = null, captcha: SourceCaptchaData? = null) : super() {
+    constructor(jsClient: JSClient?, auth: SourceAuth? = null, captcha: SourceCaptchaData? = null, config: SourcePluginConfig? = null) : super() {
        _jsClient = jsClient;
+        _jsConfig = config;
        _auth = auth;
        _captcha = captcha;

@ -87,7 +91,11 @@ class JSHttpClient : ManagedHttpClient {
            }
        }

-        _jsClient?.validateUrlOrThrow(request.url.toString());
+        if(_jsClient != null)
+            _jsClient?.validateUrlOrThrow(request.url.toString());
+        else if (_jsConfig != null && !_jsConfig.isUrlAllowed(request.url.toString()))
+            throw ScriptImplementationException(_jsConfig, "Attempted to access non-whitelisted url: ${request.url.toString()}\nAdd it to your config");
+
        return newBuilder?.let { it.build() } ?: request;
    }

--- a/app/src/main/java/com/futo/platformplayer/developer/DeveloperEndpoints.kt
+++ b/app/src/main/java/com/futo/platformplayer/developer/DeveloperEndpoints.kt
@ -24,6 +24,7 @@ import com.google.gson.JsonArray
 import com.google.gson.JsonParser
 import kotlinx.serialization.encodeToString
 import kotlinx.serialization.json.Json
+import java.lang.reflect.InvocationTargetException
 import java.util.UUID
 import kotlin.reflect.jvm.jvmErasure

@ -185,7 +186,11 @@ class DeveloperEndpoints(private val context: Context) {
        val config = context.readContentJson<SourcePluginConfig>()
        try {
            _testPluginVariables.clear();
-            _testPlugin = V8Plugin(StateApp.instance.context, config);
+
+            val client = JSHttpClient(null, null, null, config);
+            val clientAuth = JSHttpClient(null, null, null, config);
+            _testPlugin = V8Plugin(StateApp.instance.context, config, null, client, clientAuth);
+
            context.respondJson(200, testPluginOrThrow.getPackageVariables());
        }
        catch(ex: Throwable) {
@ -235,7 +240,7 @@ class DeveloperEndpoints(private val context: Context) {
            }
            LoginActivity.showLogin(StateApp.instance.context, config) {
                _testPluginVariables.clear();
-                _testPlugin = V8Plugin(StateApp.instance.context, config, null, JSHttpClient(null), JSHttpClient(null, it));
+                _testPlugin = V8Plugin(StateApp.instance.context, config, null, JSHttpClient(null, null, null, config), JSHttpClient(null, it, null, config));

            };
            context.respondCode(200, "Login started");
@ -311,6 +316,11 @@ class DeveloperEndpoints(private val context: Context) {
            val json = wrapRemoteResult(callResult, false);
            context.respondCode(200, json, "application/json");
        }
+        catch(invocation: InvocationTargetException) {
+            val innerException = invocation.targetException;
+            Logger.e("DeveloperEndpoints", innerException.message, innerException);
+            context.respondCode(500, innerException::class.simpleName + ":" + innerException.message ?: "", "text/plain")
+        }
        catch(ilEx: IllegalArgumentException) {
            if(ilEx.message?.contains("does not exist") ?: false) {
                context.respondCode(400, ilEx.message ?: "", "text/plain");
--- a/app/src/unstable/assets/sources/kick
+++ b/app/src/unstable/assets/sources/kick
@ -1 +1 @@
-Subproject commit d0b7a2c1b4939c27b4ec04ee52b5a16380c27afb
+Subproject commit 12b84d2ff179f9f4940c4232859b59b57e37fdc6