From fbc2e1335bf861b97cd8f4a3f7382287ea227ba8 Mon Sep 17 00:00:00 2001
From: bogercraig <124094535+bogercraig@users.noreply.github.com>
Date: Wed, 2 Oct 2024 14:05:21 -0700
Subject: [PATCH] Pull Additional Allowed Cassandra and Mongo Proxy Endpoints
 from Deployed Config (#1984)

* Updating to take default cassandra proxy endpoints from external config.json.

* Updating allow list for mongo proxy endpoints.
---
 src/Common/MongoProxyClient.ts | 11 ++++++-----
 src/ConfigContext.ts           | 22 ++++++++++++++++++----
 src/Utils/EndpointUtils.ts     |  4 ++--
 3 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/src/Common/MongoProxyClient.ts b/src/Common/MongoProxyClient.ts
index 775ac9b18..c0e391e0f 100644
--- a/src/Common/MongoProxyClient.ts
+++ b/src/Common/MongoProxyClient.ts
@@ -1,7 +1,7 @@
 import { Constants as CosmosSDKConstants } from "@azure/cosmos";
 import {
-  allowedMongoProxyEndpoints,
   allowedMongoProxyEndpoints_ToBeDeprecated,
+  defaultAllowedMongoProxyEndpoints,
   validateEndpoint,
 } from "Utils/EndpointUtils";
 import queryString from "querystring";
@@ -689,15 +689,16 @@ export function createMongoCollectionWithProxy_ToBeDeprecated(
 }
 export function getFeatureEndpointOrDefault(feature: string): string {
   let endpoint;
+  const allowedMongoProxyEndpoints = configContext.allowedMongoProxyEndpoints || [
+    ...defaultAllowedMongoProxyEndpoints,
+    ...allowedMongoProxyEndpoints_ToBeDeprecated,
+  ];
   if (useMongoProxyEndpoint(feature)) {
     endpoint = configContext.MONGO_PROXY_ENDPOINT;
   } else {
     endpoint =
       hasFlag(userContext.features.mongoProxyAPIs, feature) &&
-      validateEndpoint(userContext.features.mongoProxyEndpoint, [
-        ...allowedMongoProxyEndpoints,
-        ...allowedMongoProxyEndpoints_ToBeDeprecated,
-      ])
+      validateEndpoint(userContext.features.mongoProxyEndpoint, allowedMongoProxyEndpoints)
         ? userContext.features.mongoProxyEndpoint
         : configContext.MONGO_BACKEND_ENDPOINT || configContext.BACKEND_ENDPOINT;
   }
diff --git a/src/ConfigContext.ts b/src/ConfigContext.ts
index 86a024263..931893be4 100644
--- a/src/ConfigContext.ts
+++ b/src/ConfigContext.ts
@@ -8,16 +8,16 @@ import {
 import {
   allowedAadEndpoints,
   allowedArcadiaEndpoints,
-  allowedCassandraProxyEndpoints,
   allowedEmulatorEndpoints,
   allowedGraphEndpoints,
   allowedHostedExplorerEndpoints,
   allowedJunoOrigins,
   allowedMongoBackendEndpoints,
-  allowedMongoProxyEndpoints,
   allowedMsalRedirectEndpoints,
   defaultAllowedArmEndpoints,
   defaultAllowedBackendEndpoints,
+  defaultAllowedCassandraProxyEndpoints,
+  defaultAllowedMongoProxyEndpoints,
   validateEndpoint,
 } from "Utils/EndpointUtils";
 
@@ -32,6 +32,8 @@ export interface ConfigContext {
   platform: Platform;
   allowedArmEndpoints: ReadonlyArray<string>;
   allowedBackendEndpoints: ReadonlyArray<string>;
+  allowedCassandraProxyEndpoints: ReadonlyArray<string>;
+  allowedMongoProxyEndpoints: ReadonlyArray<string>;
   allowedParentFrameOrigins: ReadonlyArray<string>;
   gitSha?: string;
   proxyPath?: string;
@@ -72,6 +74,8 @@ let configContext: Readonly<ConfigContext> = {
   platform: Platform.Portal,
   allowedArmEndpoints: defaultAllowedArmEndpoints,
   allowedBackendEndpoints: defaultAllowedBackendEndpoints,
+  allowedCassandraProxyEndpoints: defaultAllowedCassandraProxyEndpoints,
+  allowedMongoProxyEndpoints: defaultAllowedMongoProxyEndpoints,
   allowedParentFrameOrigins: [
     `^https:\\/\\/cosmos\\.azure\\.(com|cn|us)$`,
     `^https:\\/\\/[\\.\\w]*portal\\.azure\\.(com|cn|us)$`,
@@ -153,7 +157,12 @@ export function updateConfigContext(newContext: Partial<ConfigContext>): void {
     delete newContext.BACKEND_ENDPOINT;
   }
 
-  if (!validateEndpoint(newContext.MONGO_PROXY_ENDPOINT, allowedMongoProxyEndpoints)) {
+  if (
+    !validateEndpoint(
+      newContext.MONGO_PROXY_ENDPOINT,
+      configContext.allowedMongoProxyEndpoints || defaultAllowedMongoProxyEndpoints,
+    )
+  ) {
     delete newContext.MONGO_PROXY_ENDPOINT;
   }
 
@@ -161,7 +170,12 @@ export function updateConfigContext(newContext: Partial<ConfigContext>): void {
     delete newContext.MONGO_BACKEND_ENDPOINT;
   }
 
-  if (!validateEndpoint(newContext.CASSANDRA_PROXY_ENDPOINT, allowedCassandraProxyEndpoints)) {
+  if (
+    !validateEndpoint(
+      newContext.CASSANDRA_PROXY_ENDPOINT,
+      configContext.allowedCassandraProxyEndpoints || defaultAllowedCassandraProxyEndpoints,
+    )
+  ) {
     delete newContext.CASSANDRA_PROXY_ENDPOINT;
   }
 
diff --git a/src/Utils/EndpointUtils.ts b/src/Utils/EndpointUtils.ts
index cbfa8d79d..3172deed3 100644
--- a/src/Utils/EndpointUtils.ts
+++ b/src/Utils/EndpointUtils.ts
@@ -92,7 +92,7 @@ export const MongoProxyOutboundIPs: { [key: string]: string[] } = {
   [MongoProxyEndpoints.Mooncake]: ["52.131.240.99", "143.64.61.130"],
 };
 
-export const allowedMongoProxyEndpoints: ReadonlyArray<string> = [
+export const defaultAllowedMongoProxyEndpoints: ReadonlyArray<string> = [
   MongoProxyEndpoints.Local,
   MongoProxyEndpoints.Mpac,
   MongoProxyEndpoints.Prod,
@@ -108,7 +108,7 @@ export const allowedMongoProxyEndpoints_ToBeDeprecated: ReadonlyArray<string> =
   "https://localhost:12901",
 ];
 
-export const allowedCassandraProxyEndpoints: ReadonlyArray<string> = [
+export const defaultAllowedCassandraProxyEndpoints: ReadonlyArray<string> = [
   CassandraProxyEndpoints.Development,
   CassandraProxyEndpoints.Mpac,
   CassandraProxyEndpoints.Prod,