Merge pull request #167 from rudderlabs/release/v1.5.2

chore(release): pull release/v1.5.2 into main
rudderlabs · Sep 30, 2024 · 54bdb50 · 54bdb50
2 parents c125b32 + 1873107
commit 54bdb50
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 28 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,13 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+### [1.5.2](https://github.com/rudderlabs/rudder-shopify-tracker/compare/v1.5.1...v1.5.2) (2024-09-23)
+
+
+### Bug Fixes
+
+* dataplane sanitise logic ([#166](https://github.com/rudderlabs/rudder-shopify-tracker/issues/166)) ([babe16f](https://github.com/rudderlabs/rudder-shopify-tracker/commit/babe16f4b08e8dd3095b841aaea9a6f026e4ba8c))
+
 ### [1.5.1](https://github.com/rudderlabs/rudder-shopify-tracker/compare/v1.5.0...v1.5.1) (2024-09-20)
 
 ## [1.5.0](https://github.com/rudderlabs/rudder-shopify-tracker/compare/v1.4.10...v1.5.0) (2024-09-20)

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "rudderstack-shopify-tracker",
-  "version": "1.5.1",
+  "version": "1.5.2",
   "description": "Tracks client-side events on Shopify stores",
   "main": "src/main.js",
   "scripts": {

diff --git a/src/deviceModeInit.js b/src/deviceModeInit.js
@@ -340,7 +340,7 @@ let _rudderTracking = (function () {
 
   // common function for sending anonymousId and sessionId Identifier
   function sendToRudderWebhook(data, type, updateTypeCookieFunction, retryAttempt = 0) {
-    const webhookUrl = 'dataplaneUrl_placeHolder/v1/webhook?writeKey=writeKey_placeHolder';
+    const webhookUrl = 'https://dataplaneUrl_placeHolder/v1/webhook?writeKey=writeKey_placeHolder';
     const timeToRetry = 1000; // 1 second
     const maxRetries = 3;
     if (maxRetries > retryAttempt) {

diff --git a/src/loadingCode.js b/src/loadingCode.js
@@ -23,7 +23,7 @@
       };
     })(method);
   }
-  rudderanalytics.load('writeKey', 'dataPlaneUrl', {
+  rudderanalytics.load('writeKey', 'https://dataPlaneUrl', {
     configUrl: 'configBackendUrl',
     logLevel: 'DEBUG',
   });

diff --git a/src/router.js b/src/router.js
@@ -10,25 +10,9 @@ const configUrl = process.env.CONFIG_BACKEND_URL || 'https://api.rudderstack.com
 const jsSdkCdnUrl =
   process.env.JS_SDK_CDN || 'https://cdn.rudderlabs.com/v1.1/rudder-analytics.min.js';
 
-const ensureHttpsPrefix = (url) => {
-  // Check if the URL starts with http:// or https://
-  if (!/^https?:\/\//i.test(url)) {
-    return `https://${url}`;
-  }
-  return url;
-};
-
-const formatDataPlaneURL = (dataPlaneUrl) => {
-  // TODO :: Sanitize dataplane url with basic checks before prefixing with https
-  const newDataPlaneUrl = ensureHttpsPrefix(dataPlaneUrl);
-  try {
-    new URL(newDataPlaneUrl); // This will throw if the URL is invalid
-    return newDataPlaneUrl;
-  } catch {
-    return undefined;
-  }
-};
 const isValidWriteKey = (writeKey) => /^[A-Za-z0-9_]{5,}$/.test(writeKey);
+const isValidDataPlaneURL = (dataPlaneUrl) =>
+  /^(?!:\/\/)([a-zA-Z0-9-_]{1,63}\.)+[a-zA-Z]{2,6}$/.test(dataPlaneUrl);
 
 router.get('/load', async (ctx) => {
   // only takes in writeKey and DataPlane Url
@@ -53,18 +37,17 @@ router.get('/load', async (ctx) => {
   const { writeKey, dataPlaneUrl } = ctx.request.query;
   console.log('writeKey', writeKey);
   console.log('dataplaneUrl', dataPlaneUrl);
-  if (formatDataPlaneURL(dataPlaneUrl) === undefined || !isValidWriteKey(writeKey)) {
+  if (!isValidDataPlaneURL(dataPlaneUrl) || !isValidWriteKey(writeKey)) {
+    console.log(`writeKey:${writeKey} or dataPlaneUrl:${dataPlaneUrl} is invalid or missing`);
     ctx.response.body = {
       error: 'writeKey or dataPlaneUrl is invalid or missing',
     };
     ctx.status = 400;
     return ctx;
   }
-  const formattedDataPlaneUrl = formatDataPlaneURL(dataPlaneUrl);
-  console.log('formattedDataPlaneUrl', formattedDataPlaneUrl);
 
   d = d.replace('writeKey', writeKey);
-  d = d.replace('dataPlaneUrl', formattedDataPlaneUrl);
+  d = d.replace('dataPlaneUrl', dataPlaneUrl);
   d = d.replace('configBackendUrl', configUrl);
 
   const pollTimeForSessionIdentifierCheck =
@@ -73,7 +56,7 @@ router.get('/load', async (ctx) => {
     /sessionIdentifierPollTime_placeHolder/g,
     pollTimeForSessionIdentifierCheck,
   );
-  deviceModeInit = deviceModeInit.replace(/dataplaneUrl_placeHolder/g, formattedDataPlaneUrl);
+  deviceModeInit = deviceModeInit.replace(/dataplaneUrl_placeHolder/g, dataPlaneUrl);
   deviceModeInit = deviceModeInit.replace(/writeKey_placeHolder/g, writeKey);
   deviceModeInit = deviceModeInit.replace(/configUrl_placeholder/g, configUrl);