recap-relay

grant/recap-relay

Fork 0

Commit Graph

Author	SHA1	Message	Date
Keysat	8ad7c54da4	Block SSRF on media_url downloads (transcribe-url/summarize-url) downloadDirect fetched any caller-supplied media_url with redirect-follow and no host/scheme validation; the route is reachable via a self-chosen X-Recap-Install-Id, so a caller could probe the operator's LAN or cloud metadata (169.254.169.254). Add safe-url.js: assertPublicHttpUrl rejects non-http(s) schemes and hosts resolving to private/loopback/link-local/ reserved ranges, and safeFetch follows redirects manually, re-validating each hop. Route downloadDirect through it (covers transcribe-url, summarize-url, and admin-test-run).	2026-06-13 16:23:26 -05:00
Keysat	318c6c4b81	Wire new routes; identity, summarize-url, dashboard, admin	2026-06-13 13:36:30 -05:00
local	b7f75904bb	v0.2.11 /relay/capabilities + /relay/transcribe-url (yt-dlp in container)	2026-05-12 01:33:34 -05:00

Author

SHA1

Message

Date

Keysat

8ad7c54da4

Block SSRF on media_url downloads (transcribe-url/summarize-url)

downloadDirect fetched any caller-supplied media_url with redirect-follow
and no host/scheme validation; the route is reachable via a self-chosen
X-Recap-Install-Id, so a caller could probe the operator's LAN or cloud
metadata (169.254.169.254). Add safe-url.js: assertPublicHttpUrl rejects
non-http(s) schemes and hosts resolving to private/loopback/link-local/
reserved ranges, and safeFetch follows redirects manually, re-validating
each hop. Route downloadDirect through it (covers transcribe-url,
summarize-url, and admin-test-run).

2026-06-13 16:23:26 -05:00

Keysat

318c6c4b81

Wire new routes; identity, summarize-url, dashboard, admin

2026-06-13 13:36:30 -05:00

local

b7f75904bb

v0.2.11 /relay/capabilities + /relay/transcribe-url (yt-dlp in container)

2026-05-12 01:33:34 -05:00

3 Commits