Elgato_dark/documenso
1
0
Fork 0
mirror of https://github.com/documenso/documenso synced 2026-04-21 21:37:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
documenso/packages/lib/utils
History
Lucas Smith 6b1b1d0417
fix: improve webhook execution (#2608) 
Webhook URLs were being fetched without validating whether they
resolved to private/loopback addresses, exposing the server to SSRF.

Current SSRF is best effort and fail open, you should never host
services that
you cant risk exposure of.

This extracts webhook execution into a shared module that validates
URLs against private IP ranges (including DNS resolution), enforces
timeouts, and disables redirect following. The resend route now
queues through the job system instead of calling fetch inline.
2026-03-13 15:02:09 +11:00
..
images refactor: extract image-helpers (#2261) 2025-12-09 09:19:49 +11:00
advanced-fields-helpers.ts feat: migrate nextjs to rr7 2025-02-13 14:10:38 +11:00
authenticator.ts feat: migrate nextjs to rr7 2025-02-13 14:10:38 +11:00
avatars.ts feat: migrate nextjs to rr7 2025-02-13 14:10:38 +11:00
billing.ts feat: add organisations (#1820) 2025-06-10 11:49:52 +10:00
debugger.ts fix: add sign up hook 2025-02-13 20:21:23 +11:00
document-audit-logs.ts feat: per-recipient envelope expiration (#2519) 2026-02-20 11:36:20 +11:00
document-auth.ts feat: add envelopes (#2025) 2025-10-14 21:56:36 +11:00
document.ts feat: per-recipient envelope expiration (#2519) 2026-02-20 11:36:20 +11:00
email-domains.ts feat: add email domains (#1895) 2025-07-24 16:05:00 +10:00
embed-config.ts feat: add embedded envelopes (#2564) 2026-03-06 14:11:27 +11:00
env.ts refactor: replace pdf-sign with libpdf/core for PDF operations (#2403) 2026-01-21 15:16:23 +11:00
envelope-download.ts feat: add embedded envelopes (#2564) 2026-03-06 14:11:27 +11:00
envelope-signing.ts fix: envelope direct template (#2156) 2025-11-09 22:23:13 +11:00
envelope.ts feat: get many endpoints (#2226) 2025-12-24 11:02:02 +11:00
fields.ts feat: add pdf image renderer (#2554) 2026-03-06 12:39:03 +11:00
format-folder-count.ts feat: add folders (#1711) 2025-05-02 02:46:59 +10:00
i18n.ts feat: add organisations (#1820) 2025-06-10 11:49:52 +10:00
is-admin.ts fix: cleanup env variables 2025-02-13 20:56:44 +11:00
is-valid-redirect-url.ts feat: i18n for emails (#1442) 2024-11-05 11:52:54 +11:00
is-valid-return-to.ts fix: embedded direct template recipient auth 2025-11-07 14:23:46 +11:00
logger.ts fix: add document page access logging (#1947) 2025-08-11 11:50:32 +10:00
mask-recipient-tokens-for-document.ts feat: add envelopes (#2025) 2025-10-14 21:56:36 +11:00
organisation-authentication-portal.ts feat: add organisation sso portal (#1946) 2025-09-09 17:14:07 +10:00
organisations-claims.ts feat: polish envelopes (#2090) 2025-10-24 16:22:06 +11:00
organisations.ts feat: per-recipient envelope expiration (#2519) 2026-02-20 11:36:20 +11:00
params.ts feat: migrate nextjs to rr7 2025-02-13 14:10:38 +11:00
public-profiles.ts feat: migrate nextjs to rr7 2025-02-13 14:10:38 +11:00
recipient-formatter.ts feat: add default recipients for teams and orgs (#2248) 2026-01-13 20:32:00 +11:00
recipients.ts feat: per-recipient envelope expiration (#2519) 2026-02-20 11:36:20 +11:00
remember.ts feat: i18n for emails (#1442) 2024-11-05 11:52:54 +11:00
render-custom-email-template.ts fix: reverse meta relation and tidy code 2023-11-06 13:01:15 +11:00
render-email-with-i18n.tsx chore: dependency updates (#2229) 2025-11-22 20:28:20 +11:00
slugify.ts feat: automatically set public profile url for OIDC users (#1225) 2024-08-20 13:58:56 +10:00
team-global-settings-to-branding.ts feat: add organisations (#1820) 2025-06-10 11:49:52 +10:00
teams.ts feat: per-recipient envelope expiration (#2519) 2026-02-20 11:36:20 +11:00
templates.ts feat: add pdf image renderer (#2554) 2026-03-06 12:39:03 +11:00
timeout.ts fix: improve webhook execution (#2608) 2026-03-13 15:02:09 +11:00
token-verification.ts feat: add teams (#848) 2024-02-06 16:16:10 +11:00