diff --git a/src/Common/MongoProxyClient.test.ts b/src/Common/MongoProxyClient.test.ts index 5cd540862..7edae316b 100644 --- a/src/Common/MongoProxyClient.test.ts +++ b/src/Common/MongoProxyClient.test.ts @@ -11,7 +11,7 @@ import { getFeatureEndpointOrDefault, queryDocuments, readDocument, - updateDocument + updateDocument, } from "./MongoProxyClient"; const databaseId = "testDB"; diff --git a/src/Common/MongoProxyClient.ts b/src/Common/MongoProxyClient.ts index 79bc66c93..1a0c75a4a 100644 --- a/src/Common/MongoProxyClient.ts +++ b/src/Common/MongoProxyClient.ts @@ -337,10 +337,11 @@ export function createMongoCollectionWithProxy( } export function getFeatureEndpointOrDefault(feature: string): string { - - const endpoint = (hasFlag(userContext.features.mongoProxyAPIs, feature) && validateEndpoint(userContext.features.mongoProxyEndpoint, allowedMongoProxyEndpoints)) - ? userContext.features.mongoProxyEndpoint - : configContext.MONGO_BACKEND_ENDPOINT || configContext.BACKEND_ENDPOINT; + const endpoint = + hasFlag(userContext.features.mongoProxyAPIs, feature) && + validateEndpoint(userContext.features.mongoProxyEndpoint, allowedMongoProxyEndpoints) + ? userContext.features.mongoProxyEndpoint + : configContext.MONGO_BACKEND_ENDPOINT || configContext.BACKEND_ENDPOINT; return getEndpoint(endpoint); } diff --git a/src/ConfigContext.ts b/src/ConfigContext.ts index 090593be6..46c98d0a7 100644 --- a/src/ConfigContext.ts +++ b/src/ConfigContext.ts @@ -1,5 +1,18 @@ import { JunoEndpoints } from "Common/Constants"; -import { allowedAadEndpoints, allowedArcadiaEndpoints, allowedArcadiaLivyDnsZones, allowedArmEndpoints, allowedBackendEndpoints, allowedEmulatorEndpoints, allowedGraphEndpoints, allowedHostedExplorerEndpoints, allowedJunoEndpoints, allowedMongoBackendEndpoints, allowedMsalRedirectEndpoints, validateEndpoint } from "Utils/EndpointValidation"; +import { + allowedAadEndpoints, + allowedArcadiaEndpoints, + allowedArcadiaLivyDnsZones, + allowedArmEndpoints, + allowedBackendEndpoints, + allowedEmulatorEndpoints, + allowedGraphEndpoints, + allowedHostedExplorerEndpoints, + allowedJunoEndpoints, + allowedMongoBackendEndpoints, + allowedMsalRedirectEndpoints, + validateEndpoint, +} from "Utils/EndpointValidation"; export enum Platform { Portal = "Portal", @@ -84,47 +97,102 @@ export function updateConfigContext(newContext: Partial): void { return; } - if (!validateEndpoint(newContext.ARM_ENDPOINT, allowedArmEndpoints.map(endpoint => endpoint))) { + if ( + !validateEndpoint( + newContext.ARM_ENDPOINT, + allowedArmEndpoints.map((endpoint) => endpoint) + ) + ) { delete newContext.ARM_ENDPOINT; } - if (!validateEndpoint(newContext.AAD_ENDPOINT, allowedAadEndpoints.map(endpoint => endpoint))) { + if ( + !validateEndpoint( + newContext.AAD_ENDPOINT, + allowedAadEndpoints.map((endpoint) => endpoint) + ) + ) { delete newContext.AAD_ENDPOINT; } - if (!validateEndpoint(newContext.EMULATOR_ENDPOINT, allowedEmulatorEndpoints.map(endpoint => endpoint))) { + if ( + !validateEndpoint( + newContext.EMULATOR_ENDPOINT, + allowedEmulatorEndpoints.map((endpoint) => endpoint) + ) + ) { delete newContext.EMULATOR_ENDPOINT; } - if (!validateEndpoint(newContext.GRAPH_ENDPOINT, allowedGraphEndpoints.map(endpoint => endpoint))) { + if ( + !validateEndpoint( + newContext.GRAPH_ENDPOINT, + allowedGraphEndpoints.map((endpoint) => endpoint) + ) + ) { delete newContext.GRAPH_ENDPOINT; } - if (!validateEndpoint(newContext.ARCADIA_ENDPOINT, allowedArcadiaEndpoints.map(endpoint => endpoint))) { + if ( + !validateEndpoint( + newContext.ARCADIA_ENDPOINT, + allowedArcadiaEndpoints.map((endpoint) => endpoint) + ) + ) { delete newContext.ARCADIA_ENDPOINT; } - if (!validateEndpoint(newContext.ARCADIA_LIVY_ENDPOINT_DNS_ZONE, allowedArcadiaLivyDnsZones.map(endpoint => endpoint))) { + if ( + !validateEndpoint( + newContext.ARCADIA_LIVY_ENDPOINT_DNS_ZONE, + allowedArcadiaLivyDnsZones.map((endpoint) => endpoint) + ) + ) { delete newContext.ARCADIA_LIVY_ENDPOINT_DNS_ZONE; } - if (!validateEndpoint(newContext.BACKEND_ENDPOINT, allowedBackendEndpoints.map(endpoint => endpoint))) { + if ( + !validateEndpoint( + newContext.BACKEND_ENDPOINT, + allowedBackendEndpoints.map((endpoint) => endpoint) + ) + ) { delete newContext.BACKEND_ENDPOINT; } - if (!validateEndpoint(newContext.MONGO_BACKEND_ENDPOINT, allowedMongoBackendEndpoints.map(endpoint => endpoint))) { + if ( + !validateEndpoint( + newContext.MONGO_BACKEND_ENDPOINT, + allowedMongoBackendEndpoints.map((endpoint) => endpoint) + ) + ) { delete newContext.MONGO_BACKEND_ENDPOINT; } - if (!validateEndpoint(newContext.JUNO_ENDPOINT, allowedJunoEndpoints.map(endpoint => endpoint))) { + if ( + !validateEndpoint( + newContext.JUNO_ENDPOINT, + allowedJunoEndpoints.map((endpoint) => endpoint) + ) + ) { delete newContext.JUNO_ENDPOINT; } - if (!validateEndpoint(newContext.hostedExplorerURL, allowedHostedExplorerEndpoints.map(endpoint => endpoint))) { + if ( + !validateEndpoint( + newContext.hostedExplorerURL, + allowedHostedExplorerEndpoints.map((endpoint) => endpoint) + ) + ) { delete newContext.hostedExplorerURL; } - if (!validateEndpoint(newContext.msalRedirectURI, allowedMsalRedirectEndpoints.map(endpoint => endpoint))) { + if ( + !validateEndpoint( + newContext.msalRedirectURI, + allowedMsalRedirectEndpoints.map((endpoint) => endpoint) + ) + ) { delete newContext.msalRedirectURI; } @@ -201,4 +269,3 @@ export async function initializeConfiguration(): Promise { } export { configContext }; - diff --git a/src/Explorer/Explorer.tsx b/src/Explorer/Explorer.tsx index 53f59e10c..08e9e8c98 100644 --- a/src/Explorer/Explorer.tsx +++ b/src/Explorer/Explorer.tsx @@ -20,7 +20,7 @@ import { ContainerConnectionInfo, IPhoenixConnectionInfoResult, IProvisionData, - IResponse + IResponse, } from "../Contracts/DataModels"; import * as ViewModels from "../Contracts/ViewModels"; import { GitHubOAuthService } from "../GitHub/GitHubOAuthService"; @@ -36,7 +36,7 @@ import { update } from "../Utils/arm/generatedClients/cosmos/databaseAccounts"; import { get as getWorkspace, listByDatabaseAccount, - start + start, } from "../Utils/arm/generatedClients/cosmosNotebooks/notebookWorkspaces"; import { stringToBlob } from "../Utils/BlobUtils"; import { isCapabilityEnabled } from "../Utils/CapabilityUtils"; @@ -179,7 +179,11 @@ export default class Explorer { this.resourceTree = new ResourceTreeAdapter(this); // Override notebook server parameters from URL parameters - if (userContext.features.notebookServerUrl && validateEndpoint(userContext.features.notebookServerUrl, allowedNotebookServerUrls) && userContext.features.notebookServerToken) { + if ( + userContext.features.notebookServerUrl && + validateEndpoint(userContext.features.notebookServerUrl, allowedNotebookServerUrls) && + userContext.features.notebookServerToken + ) { useNotebook.getState().setNotebookServerInfo({ notebookServerEndpoint: userContext.features.notebookServerUrl, authToken: userContext.features.notebookServerToken, @@ -410,7 +414,10 @@ export default class Explorer { connectionStatus.status = ConnectionStatusType.Connected; useNotebook.getState().setConnectionInfo(connectionStatus); useNotebook.getState().setNotebookServerInfo({ - notebookServerEndpoint: validateEndpoint(userContext.features.notebookServerUrl, allowedNotebookServerUrls) && userContext.features.notebookServerUrl || connectionInfo.data.notebookServerUrl, + notebookServerEndpoint: + (validateEndpoint(userContext.features.notebookServerUrl, allowedNotebookServerUrls) && + userContext.features.notebookServerUrl) || + connectionInfo.data.notebookServerUrl, authToken: userContext.features.notebookServerToken || connectionInfo.data.notebookAuthToken, forwardingId: connectionInfo.data.forwardingId, }); diff --git a/src/Phoenix/PhoenixClient.ts b/src/Phoenix/PhoenixClient.ts index 305f4e4a0..d0abb61de 100644 --- a/src/Phoenix/PhoenixClient.ts +++ b/src/Phoenix/PhoenixClient.ts @@ -7,7 +7,7 @@ import { ContainerStatusType, HttpHeaders, HttpStatusCodes, - Notebook + Notebook, } from "../Common/Constants"; import { getErrorMessage } from "../Common/ErrorHandlingUtils"; import * as Logger from "../Common/Logger"; @@ -18,7 +18,7 @@ import { IContainerData, IPhoenixConnectionInfoResult, IProvisionData, - IResponse + IResponse, } from "../Contracts/DataModels"; import { useNotebook } from "../Explorer/Notebook/useNotebook"; import * as TelemetryProcessor from "../Shared/Telemetry/TelemetryProcessor"; diff --git a/src/Utils/EndpointValidation.ts b/src/Utils/EndpointValidation.ts index e111c69c6..268238eea 100644 --- a/src/Utils/EndpointValidation.ts +++ b/src/Utils/EndpointValidation.ts @@ -1,65 +1,40 @@ export function validateEndpoint(endpointToValidate: string, allowedEndpoints: string[]): boolean { - if (!endpointToValidate) { - return true; - } - const originToValidate: string = new URL(endpointToValidate).origin; - const allowedOrigins: string[] = allowedEndpoints.map(allowedEndpoint => new URL(allowedEndpoint).origin) || []; - return allowedOrigins.indexOf(originToValidate) >= 0; + if (!endpointToValidate) { + return true; + } + const originToValidate: string = new URL(endpointToValidate).origin; + const allowedOrigins: string[] = allowedEndpoints.map((allowedEndpoint) => new URL(allowedEndpoint).origin) || []; + return allowedOrigins.indexOf(originToValidate) >= 0; } export const allowedArmEndpoints: ReadonlyArray = [ - "https://​management.azure.com", - "https://​management.usgovcloudapi.net", - "https://management.chinacloudapi.cn" + "https://​management.azure.com", + "https://​management.usgovcloudapi.net", + "https://management.chinacloudapi.cn", ]; -export const allowedAadEndpoints: ReadonlyArray = [ - "https://login.microsoftonline.com/" -]; +export const allowedAadEndpoints: ReadonlyArray = ["https://login.microsoftonline.com/"]; -export const allowedEmulatorEndpoints: ReadonlyArray = [ -]; +export const allowedEmulatorEndpoints: ReadonlyArray = []; -export const allowedGraphEndpoints: ReadonlyArray = [ +export const allowedGraphEndpoints: ReadonlyArray = []; -]; +export const allowedArcadiaEndpoints: ReadonlyArray = []; -export const allowedArcadiaEndpoints: ReadonlyArray = [ +export const allowedArcadiaLivyDnsZones: ReadonlyArray = []; -]; +export const allowedBackendEndpoints: ReadonlyArray = []; -export const allowedArcadiaLivyDnsZones: ReadonlyArray = [ +export const allowedMongoBackendEndpoints: ReadonlyArray = []; -]; +export const allowedJunoEndpoints: ReadonlyArray = []; -export const allowedBackendEndpoints: ReadonlyArray = [ +export const allowedHostedExplorerEndpoints: ReadonlyArray = []; -]; +export const allowedMsalRedirectEndpoints: ReadonlyArray = []; -export const allowedMongoBackendEndpoints: ReadonlyArray = [ +export const allowedMongoProxyEndpoints: ReadonlyArray = []; -]; +export const allowedPhoenixEndpoints: ReadonlyArray = []; -export const allowedJunoEndpoints: ReadonlyArray = [ - -]; - -export const allowedHostedExplorerEndpoints: ReadonlyArray = [ - -]; - -export const allowedMsalRedirectEndpoints: ReadonlyArray = [ - -]; - -export const allowedMongoProxyEndpoints: ReadonlyArray = [ - -]; - -export const allowedPhoenixEndpoints: ReadonlyArray = [ - -]; - -export const allowedNotebookServerUrls: ReadonlyArray = [ - -]; +export const allowedNotebookServerUrls: ReadonlyArray = [];