(serverUrl: string)
| 288 | * @throws Error if the URL is invalid, fails the IP policy, or DNS fails. |
| 289 | */ |
| 290 | export async function validateConnectServerUrl(serverUrl: string): Promise<string> { |
| 291 | let hostname: string |
| 292 | try { |
| 293 | hostname = new URL(serverUrl).hostname |
| 294 | } catch { |
| 295 | throw new Error('1Password server URL is not a valid URL') |
| 296 | } |
| 297 | |
| 298 | const clean = |
| 299 | hostname.startsWith('[') && hostname.endsWith(']') ? hostname.slice(1, -1) : hostname |
| 300 | |
| 301 | if (ipaddr.isValid(clean)) { |
| 302 | assertConnectIpAllowed(clean, clean) |
| 303 | return clean |
| 304 | } |
| 305 | |
| 306 | let address: string |
| 307 | try { |
| 308 | ;({ address } = await dns.lookup(clean, { verbatim: true })) |
| 309 | } catch (error) { |
| 310 | connectLogger.warn('DNS lookup failed for 1Password Connect server URL', { |
| 311 | hostname: clean, |
| 312 | error: toError(error).message, |
| 313 | }) |
| 314 | throw new Error('1Password server URL hostname could not be resolved') |
| 315 | } |
| 316 | |
| 317 | assertConnectIpAllowed(address, clean) |
| 318 | return address |
| 319 | } |
| 320 | |
| 321 | /** Minimal response shape used by all connectRequest callers. */ |
| 322 | export interface ConnectResponse { |
no test coverage detected