From e9d5b9958ab4047e88fbf14576bbe1cca735ca02 Mon Sep 17 00:00:00 2001
From: fengmk2 <suqian.yf@antgroup.com>
Date: Sun, 15 Sep 2024 18:25:14 +0800
Subject: [PATCH] f

---
 lib/core/httpclient4.js | 31 +++++++++++++++++++++++++++----
 lib/egg.js              |  2 +-
 2 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/lib/core/httpclient4.js b/lib/core/httpclient4.js
index 7d8134f0c2..2ec166a22e 100644
--- a/lib/core/httpclient4.js
+++ b/lib/core/httpclient4.js
@@ -1,14 +1,22 @@
 const { HttpClient } = require('urllib4');
 const ms = require('humanize-ms');
+const SSRF_HTTPCLIENT = Symbol('SSRF_HTTPCLIENT');
 
 class HttpClient4 extends HttpClient {
-  constructor(app) {
+  constructor(app, options) {
     normalizeConfig(app);
-    const config = app.config.httpclient;
+    options = options || {};
+    options = {
+      ...app.config.httpclient,
+      ...options,
+    };
     super({
       app,
-      defaultArgs: config.request,
-      allowH2: config.allowH2,
+      defaultArgs: options.request,
+      allowH2: options.allowH2,
+      // use on egg-security ssrf
+      // https://github.com/eggjs/egg-security/blob/master/lib/extend/safe_curl.js#L11
+      checkAddress: options.checkAddress,
     });
     this.app = app;
   }
@@ -26,6 +34,21 @@ class HttpClient4 extends HttpClient {
   async curl(...args) {
     return await this.request(...args);
   }
+
+  async safeCurl(url, options = {}) {
+    if (!this[SSRF_HTTPCLIENT]) {
+      const ssrfConfig = this.app.config.security.ssrf;
+      if (ssrfConfig?.checkAddress) {
+        options.checkAddress = ssrfConfig.checkAddress;
+      } else {
+        this.app.logger.warn('[egg-security] please configure `config.security.ssrf` first');
+      }
+      this[SSRF_HTTPCLIENT] = new HttpClient4(this.app, {
+        checkAddress: ssrfConfig.checkAddress,
+      });
+    }
+    return await this[SSRF_HTTPCLIENT].request(url, options);
+  }
 }
 
 function normalizeConfig(app) {
diff --git a/lib/egg.js b/lib/egg.js
index 9bcf24c666..33ed380152 100644
--- a/lib/egg.js
+++ b/lib/egg.js
@@ -301,7 +301,7 @@ class EggApplication extends EggCore {
   createHttpClient(options) {
     let httpClient;
     if (this.config.httpclient.allowH2) {
-      httpClient = new this.HttpClient4(this);
+      httpClient = new this.HttpClient4(this, options);
     } else if (this.config.httpclient.useHttpClientNext) {
       httpClient = new this.HttpClientNext(this, options);
     } else if (this.config.httpclient.enableDNSCache) {