From c181d92e84113c92b8c233ced8884cb55a48f957 Mon Sep 17 00:00:00 2001
From: Asier Isayas <aisayas@microsoft.com>
Date: Mon, 28 Oct 2024 14:42:13 -0400
Subject: [PATCH] validate portal backend endpoints

---
 src/Common/Constants.ts    |  2 +-
 src/ConfigContext.ts       | 13 +++++++++++++
 src/Utils/EndpointUtils.ts | 10 +++++++++-
 3 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/src/Common/Constants.ts b/src/Common/Constants.ts
index 246e07653..53360db86 100644
--- a/src/Common/Constants.ts
+++ b/src/Common/Constants.ts
@@ -139,7 +139,7 @@ export class PortalBackendEndpoints {
 }
 
 export class MongoProxyEndpoints {
-  public static readonly Local: string = "https://localhost:7238";
+  public static readonly Development: string = "https://localhost:7238";
   public static readonly Mpac: string = "https://cdb-ms-mpac-mp.cosmos.azure.com";
   public static readonly Prod: string = "https://cdb-ms-prod-mp.cosmos.azure.com";
   public static readonly Fairfax: string = "https://cdb-ff-prod-mp.cosmos.azure.us";
diff --git a/src/ConfigContext.ts b/src/ConfigContext.ts
index 039db4863..c20db3ea9 100644
--- a/src/ConfigContext.ts
+++ b/src/ConfigContext.ts
@@ -11,6 +11,7 @@ import {
   defaultAllowedArmEndpoints,
   defaultAllowedCassandraProxyEndpoints,
   defaultAllowedMongoProxyEndpoints,
+  defaultAllowedPortalBackendEndpoints,
   validateEndpoint,
 } from "Utils/EndpointUtils";
 
@@ -24,6 +25,7 @@ export enum Platform {
 export interface ConfigContext {
   platform: Platform;
   allowedArmEndpoints: ReadonlyArray<string>;
+  allowedPortalBackendEndpoints: ReadonlyArray<string>;
   allowedCassandraProxyEndpoints: ReadonlyArray<string>;
   allowedMongoProxyEndpoints: ReadonlyArray<string>;
   allowedParentFrameOrigins: ReadonlyArray<string>;
@@ -64,6 +66,7 @@ export interface ConfigContext {
 let configContext: Readonly<ConfigContext> = {
   platform: Platform.Portal,
   allowedArmEndpoints: defaultAllowedArmEndpoints,
+  allowedPortalBackendEndpoints: defaultAllowedPortalBackendEndpoints,
   allowedCassandraProxyEndpoints: defaultAllowedCassandraProxyEndpoints,
   allowedMongoProxyEndpoints: defaultAllowedMongoProxyEndpoints,
   allowedParentFrameOrigins: [
@@ -138,6 +141,15 @@ export function updateConfigContext(newContext: Partial<ConfigContext>): void {
     delete newContext.ARCADIA_ENDPOINT;
   }
 
+  if (
+    !validateEndpoint(
+      newContext.PORTAL_BACKEND_ENDPOINT,
+      configContext.allowedPortalBackendEndpoints || defaultAllowedPortalBackendEndpoints,
+    )
+  ) {
+    delete newContext.PORTAL_BACKEND_ENDPOINT;
+  }
+
   if (
     !validateEndpoint(
       newContext.MONGO_PROXY_ENDPOINT,
@@ -236,3 +248,4 @@ export async function initializeConfiguration(): Promise<ConfigContext> {
 }
 
 export { configContext };
+
diff --git a/src/Utils/EndpointUtils.ts b/src/Utils/EndpointUtils.ts
index c2be5a75f..ade027e71 100644
--- a/src/Utils/EndpointUtils.ts
+++ b/src/Utils/EndpointUtils.ts
@@ -65,8 +65,16 @@ export const MongoProxyOutboundIPs: { [key: string]: string[] } = {
   [MongoProxyEndpoints.Mooncake]: ["52.131.240.99", "143.64.61.130"],
 };
 
+export const defaultAllowedPortalBackendEndpoints: ReadonlyArray<string> = [
+  PortalBackendEndpoints.Development,
+  PortalBackendEndpoints.Mpac,
+  PortalBackendEndpoints.Prod,
+  PortalBackendEndpoints.Fairfax,
+  PortalBackendEndpoints.Mooncake,
+];
+
 export const defaultAllowedMongoProxyEndpoints: ReadonlyArray<string> = [
-  MongoProxyEndpoints.Local,
+  MongoProxyEndpoints.Development,
   MongoProxyEndpoints.Mpac,
   MongoProxyEndpoints.Prod,
   MongoProxyEndpoints.Fairfax,