restrict 0.0.0.0 in code files and 0.0.0.0 in .env.template files (#1323)

2026-04-21 14:37:17 +00:00 · 2023-02-10 02:15:24 +01:00 · 2023-02-10 02:15:24 +01:00 · e1b3fe2df5
commit e1b3fe2df5
parent 99f7c66a44
5 changed files with 86 additions and 2 deletions
--- a/.eslintrc.cjs
+++ b/.eslintrc.cjs
@ -1,5 +1,6 @@
 /* eslint-env node */
 const guildConfig = require('@theguild/eslint-config/base');
+const { REACT_RESTRICTED_SYNTAX, RESTRICTED_SYNTAX } = require('@theguild/eslint-config/constants');

 const rulesToExtends = Object.fromEntries(
  Object.entries(guildConfig.rules).filter(([key]) =>
@ -16,11 +17,18 @@ const rulesToExtends = Object.fromEntries(
      'react/self-closing-comp',
      'prefer-const',
      'no-extra-boolean-cast',
-      'no-restricted-syntax',
    ].includes(key),
  ),
 );

+const HIVE_RESTRICTED_SYNTAX = [
+  {
+    // ❌ '0.0.0.0' or `0.0.0.0`
+    selector: ':matches(Literal[value="0.0.0.0"], TemplateElement[value.raw="0.0.0.0"])',
+    message: 'Use "::" to make it compatible with both IPv4 and IPv6',
+  },
+];
+
 module.exports = {
  reportUnusedDisableDirectives: true,
  ignorePatterns: [
@ -65,6 +73,7 @@ module.exports = {
    '@typescript-eslint/no-floating-promises': 'error',
    '@typescript-eslint/no-unnecessary-type-assertion': 'error',
    ...rulesToExtends,
+    'no-restricted-syntax': ['error', ...HIVE_RESTRICTED_SYNTAX, ...RESTRICTED_SYNTAX],

    // 🚨 The following rules needs to be fixed and was temporarily disabled to avoid printing warning
    '@typescript-eslint/no-explicit-any': 'off',
@ -99,6 +108,7 @@ module.exports = {
        'react/no-unknown-property': 'off',
        'jsx-a11y/anchor-is-valid': ['off', { components: ['Link', 'NextLink'] }],
        'jsx-a11y/alt-text': ['warn', { elements: ['img'], img: ['Image', 'NextImage'] }],
+        'no-restricted-syntax': ['error', ...HIVE_RESTRICTED_SYNTAX, ...REACT_RESTRICTED_SYNTAX],

        // TODO: enable below rules👇
        '@typescript-eslint/consistent-type-imports': ['off', { prefer: 'no-type-imports' }],
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@ -12,6 +12,9 @@ jobs:
      - name: setup environment
        uses: ./.github/actions/setup

+      - name: lint .env.template files
+        run: pnpm lint:env-template
+
      - name: eslint cache
        uses: actions/cache@v3
        with:
--- a/package.json
+++ b/package.json
@ -29,6 +29,7 @@
    "generate": "pnpm --filter @hive/storage db:generate && pnpm graphql:generate",
    "graphql:generate": "graphql-codegen",
    "lint": "eslint --cache --ignore-path .gitignore \"{packages,cypress}/**/*.{ts,tsx}\"",
+    "lint:env-template": "tsx scripts/check-env-template.ts",
    "lint:fix": "pnpm lint --fix",
    "lint:prettier": "prettier --cache --check .",
    "local:setup": "docker-compose -f ./docker/docker-compose.dev.yml up -d --remove-orphans && pnpm --filter @hive/migrations db:init",
@ -92,6 +93,7 @@
    "ts-jest": "29.0.5",
    "ts-node": "10.9.1",
    "tsup": "6.6.0",
+    "tsx": "3.12.3",
    "turbo": "1.7.4",
    "typescript": "4.9.5"
  },
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -83,6 +83,7 @@ importers:
      ts-jest: 29.0.5
      ts-node: 10.9.1
      tsup: 6.5.0
+      tsx: 3.12.3
      turbo: 1.7.4
      typescript: 4.9.5
    devDependencies:
@ -132,6 +133,7 @@ importers:
      ts-jest: 29.0.5_xvkg46limlf5bbm7x5z7xzp47q
      ts-node: 10.9.1_fitjlvgw3uly4vbg54vdujb7vy
      tsup: 6.5.0_arb6tv3bymv5hkfd2xmjxdai7u
+      tsx: 3.12.3
      turbo: 1.7.4
      typescript: 4.9.5

@ -5967,6 +5969,27 @@ packages:
      tslib: 2.5.0
    dev: false

+  /@esbuild-kit/cjs-loader/2.4.2:
+    resolution: {integrity: sha512-BDXFbYOJzT/NBEtp71cvsrGPwGAMGRB/349rwKuoxNSiKjPraNNnlK6MIIabViCjqZugu6j+xeMDlEkWdHHJSg==}
+    dependencies:
+      '@esbuild-kit/core-utils': 3.1.0
+      get-tsconfig: 4.4.0
+    dev: true
+
+  /@esbuild-kit/core-utils/3.1.0:
+    resolution: {integrity: sha512-Uuk8RpCg/7fdHSceR1M6XbSZFSuMrxcePFuGgyvsBn+u339dk5OeL4jv2EojwTN2st/unJGsVm4qHWjWNmJ/tw==}
+    dependencies:
+      esbuild: 0.17.6
+      source-map-support: 0.5.21
+    dev: true
+
+  /@esbuild-kit/esm-loader/2.5.5:
+    resolution: {integrity: sha512-Qwfvj/qoPbClxCRNuac1Du01r9gvNOT+pMYtJDapfB1eoGN1YlJ1BixLyL9WVENRx5RXgNLdfYdx/CuswlGhMw==}
+    dependencies:
+      '@esbuild-kit/core-utils': 3.1.0
+      get-tsconfig: 4.4.0
+    dev: true
+
  /@esbuild/android-arm/0.15.15:
    resolution: {integrity: sha512-JJjZjJi2eBL01QJuWjfCdZxcIgot+VoK6Fq7eKF9w4YHm9hwl7nhBR1o2Wnt/WcANk5l9SkpvrldW1PLuXxcbw==}
    engines: {node: '>=12'}
@ -17172,6 +17195,10 @@ packages:
      call-bind: 1.0.2
      get-intrinsic: 1.1.3

+  /get-tsconfig/4.4.0:
+    resolution: {integrity: sha512-0Gdjo/9+FzsYhXCEFueo2aY1z1tpXrxWZzP7k8ul9qt1U5o8rYJwTJYmaeHdrVosYIVYkOy2iwCJ9FdpocJhPQ==}
+    dev: true
+
  /getos/3.2.1:
    resolution: {integrity: sha512-U56CfOK17OKgTVqozZjUKNdkfEv6jk5WISBJ8SHoagjE6L69zOwl3Z+O8myjY9MEW3i2HPWQBt/LTbCgcC973Q==}
    dependencies:
@ -25041,7 +25068,6 @@ packages:
    dependencies:
      buffer-from: 1.1.2
      source-map: 0.6.1
-    dev: false

  /source-map/0.5.6:
    resolution: {integrity: sha512-MjZkVp0NHr5+TPihLcadqnlVoGIoWo4IBHptutGh9wI3ttUYvCG26HkSuDi+K6lsZ25syXJXcctwgyVCt//xqA==}
@ -26250,6 +26276,17 @@ packages:
      typescript: 4.9.5
    dev: true

+  /tsx/3.12.3:
+    resolution: {integrity: sha512-Wc5BFH1xccYTXaQob+lEcimkcb/Pq+0en2s+ruiX0VEIC80nV7/0s7XRahx8NnsoCnpCVUPz8wrqVSPi760LkA==}
+    hasBin: true
+    dependencies:
+      '@esbuild-kit/cjs-loader': 2.4.2
+      '@esbuild-kit/core-utils': 3.1.0
+      '@esbuild-kit/esm-loader': 2.5.5
+    optionalDependencies:
+      fsevents: 2.3.2
+    dev: true
+
  /tty-table/4.1.6:
    resolution: {integrity: sha512-kRj5CBzOrakV4VRRY5kUWbNYvo/FpOsz65DzI5op9P+cHov3+IqPbo1JE1ZnQGkHdZgNFDsrEjrfqqy/Ply9fw==}
    engines: {node: '>=8.0.0'}
--- a/scripts/check-env-template.ts
+++ b/scripts/check-env-template.ts
@ -0,0 +1,32 @@
+import { readFile } from 'node:fs/promises';
+import fg from 'fast-glob';
+
+const FORBIDDEN_IP = '0.0.0.0';
+const ALLOWED_IP = 'localhost';
+
+const envTemplatePaths = await fg('**/.env.template', {
+  cwd: process.cwd(),
+  ignore: ['**/node_modules'],
+});
+
+for (const envPath of envTemplatePaths) {
+  const file = await readFile(envPath, 'utf8');
+  const entry = file
+    .split('\n')
+    .filter(line => line && !line.startsWith('#'))
+    .map(keyValue => {
+      const [key, value] = keyValue.split('=');
+      return [key, value.match(/(["'])((?:\1|.)*?)\1/)?.[2] || value];
+    });
+
+  for (const [key, value] of entry) {
+    if (value.includes(FORBIDDEN_IP)) {
+      throw new Error(`Error while validating "${key}" in ${envPath}.
+
+Use "${ALLOWED_IP}" to make it compatible with both IPv4 and IPv6.
+
+Replace: ${value} by ${value.replace(FORBIDDEN_IP, ALLOWED_IP)}
+`);
+    }
+  }
+}