From 0de81c2b3f56f57121f6a9f911c599cef70eeeb2 Mon Sep 17 00:00:00 2001
From: Tomas <tomasysh@gmail.com>
Date: 星期二, 05 九月 2023 14:23:27 +0800
Subject: [PATCH] Update: 0901-P5 URL manipulation

---
 PAMapp/shared/services/httpClient.ts |   21 ++++++++++++++++++---
 1 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/PAMapp/shared/services/httpClient.ts b/PAMapp/shared/services/httpClient.ts
index a015cd1..db17491 100644
--- a/PAMapp/shared/services/httpClient.ts
+++ b/PAMapp/shared/services/httpClient.ts
@@ -13,11 +13,26 @@
   '/api/access_analysis/insert'
 ];
 
-const BASE_URL = process.env.BASE_URL;
+const BASE_URL = process.env.BASE_URL!;
+
+function sanitizeBaseUrl(baseUrl: string): string {
+  const pattern = /^(https?:\/\/).+/i;
+  if (!pattern.test(baseUrl)) {
+    throw new Error('Invalid BASE_URL');
+  }
+  const cleanedBaseUrl = cleanUrl(baseUrl);
+  return cleanedBaseUrl;
+}
+
+function cleanUrl(url: string): string {
+  const cleanedUrl = url.replace(/[^a-zA-Z0-9:/._-]/g, '');
+  return cleanedUrl;
+}
+
 
 export const http = axios.create({
-  baseURL: BASE_URL,
-  withCredentials: true,
+  baseURL: sanitizeBaseUrl(BASE_URL),
+  withCredentials: true
 });
 
 let apiNumber = 0;

--
Gitblit v1.8.0