feat: improve dispatch security

PluralKit.Core/CoreConfig.cs

@@ -15,6 +15,8 @@ public class CoreConfig
     public string LogDir { get; set; }
     public string? ElasticUrl { get; set; }
     public string? SeqLogUrl { get; set; }
+    public string? DispatchProxyUrl { get; set; }
+    public string? DispatchProxyToken { get; set; }
 
     public LogEventLevel ConsoleLogLevel { get; set; } = LogEventLevel.Debug;
     public LogEventLevel ElasticLogLevel { get; set; } = LogEventLevel.Information;

PluralKit.Core/Dispatch/DispatchModels.cs

@@ -43,7 +43,7 @@ public struct UpdateDispatchData
 
 public static class DispatchExt
 {
-    public static StringContent GetPayloadBody(this UpdateDispatchData data)
+    public static string GetPayloadBody(this UpdateDispatchData data)
     {
         var o = new JObject();
 
@@ -53,7 +53,18 @@ public static class DispatchExt
         o.Add("id", data.EntityId);
         o.Add("data", data.EventData);
 
-        return new StringContent(JsonConvert.SerializeObject(o), Encoding.UTF8, "application/json");
+        return JsonConvert.SerializeObject(o);
+    }
+
+    public static string GetPingBody(string systemId, string token)
+    {
+        var o = new JObject();
+
+        o.Add("type", "PING");
+        o.Add("signing_token", token);
+        o.Add("system_id", systemId);
+
+        return JsonConvert.SerializeObject(o);
     }
 
     private static List<IPNetwork> _privateNetworks = new()
@@ -71,6 +82,7 @@ public static class DispatchExt
         try
         {
             var uri = new Uri(url);
+            if (uri.Scheme != "https") return false;
             host = await Dns.GetHostEntryAsync(uri.DnsSafeHost);
         }
         catch (Exception)

PluralKit.Core/Dispatch/DispatchService.cs

@@ -1,5 +1,10 @@
 using Autofac;
 
+using System.Text;
+
+using Newtonsoft.Json;
+using Newtonsoft.Json.Linq;
+
 using Serilog;
 
 namespace PluralKit.Core;
@@ -8,32 +13,55 @@ public class DispatchService
 {
     private readonly HttpClient _client = new();
     private readonly ILogger _logger;
+    private readonly CoreConfig _cfg;
     private readonly ILifetimeScope _provider;
 
     public DispatchService(ILogger logger, ILifetimeScope provider, CoreConfig cfg)
     {
         _logger = logger;
+        _cfg = cfg;
         _provider = provider;
     }
 
-    public async Task DoPostRequest(SystemId system, string webhookUrl, HttpContent content, bool isVerify = false)
+    public async Task<string> TestUrl(Guid systemUuid, string newUrl, string newToken)
     {
-        if (!await DispatchExt.ValidateUri(webhookUrl))
+        if (_cfg.DispatchProxyUrl == null || _cfg.DispatchProxyToken == null)
+            throw new Exception("tried to dispatch without a proxy set!");
+
+        var o = new JObject();
+        o.Add("auth", _cfg.DispatchProxyToken);
+        o.Add("url", newUrl);
+        o.Add("payload", DispatchExt.GetPingBody(systemUuid.ToString(), newToken));
+        o.Add("test", DispatchExt.GetPingBody(systemUuid.ToString(), StringUtils.GenerateToken()));
+
+        var body = new StringContent(JsonConvert.SerializeObject(o), Encoding.UTF8, "application/json");
+
+        var res = await _client.PostAsync(_cfg.DispatchProxyUrl, body);
+        return await res.Content.ReadAsStringAsync();
+    }
+
+    public async Task DoPostRequest(SystemId system, string webhookUrl, string content)
+    {
+        if (_cfg.DispatchProxyUrl == null || _cfg.DispatchProxyToken == null)
         {
-            _logger.Warning(
-                "Failed to dispatch webhook for system {SystemId}: URL is invalid or points to a private address",
-                system);
+            _logger.Warning("tried to dispatch without a proxy set!");
             return;
         }
 
+        var o = new JObject();
+        o.Add("auth", _cfg.DispatchProxyToken);
+        o.Add("url", webhookUrl);
+        o.Add("payload", content);
+
+        var body = new StringContent(JsonConvert.SerializeObject(o), Encoding.UTF8, "application/json");
+
         try
         {
-            await _client.PostAsync(webhookUrl, content);
+            await _client.PostAsync(_cfg.DispatchProxyUrl, body);
+            // todo: do something with proxy errors
         }
         catch (HttpRequestException e)
         {
-            if (isVerify)
-                throw;
             _logger.Error(e, "Could not dispatch webhook request!");
         }
     }

PluralKit.Core/Utils/Emojis.cs

@@ -2,7 +2,7 @@ namespace PluralKit.Core;
 
 public static class Emojis
 {
-    public static readonly string Warn = "\u26A0";
+    public static readonly string Warn = "\u26A0\uFE0F";
     public static readonly string Success = "\u2705";
     public static readonly string Error = "\u274C";
     public static readonly string Note = "\U0001f4dd";

PluralKit.Core/packages.lock.json

@@ -183,9 +183,9 @@
       },
       "Npgsql": {
         "type": "Direct",
-        "requested": "[4.1.5, )",
-        "resolved": "4.1.5",
-        "contentHash": "juDlNse+SKfXRP0VSgpJkpdCcaVLZt8m37EHdRX+8hw+GG69Eat1Y0MdEfl+oetdOnf9E133GjIDEjg9AF6HSQ==",
+        "requested": "[4.1.13, )",
+        "resolved": "4.1.13",
+        "contentHash": "p79cObfuRgS8KD5sFmQUqVlINEkJm39bCrzRclicZE1942mKcbLlc0NdoVKhBeZPv//prK/sVTUmRVxdnoPCoA==",
         "dependencies": {
           "System.Runtime.CompilerServices.Unsafe": "4.6.0"
         }