feat(import): enhance image URL handling and error reporting during recipe import

2026-04-22 22:00:47 +02:00
parent 2edd6d003d
commit 28606d7abd
4 changed files with 126 additions and 37 deletions
@@ -20,19 +20,24 @@ export async function downloadAndOptimizeImage(
  sourceUrl: string,
  destDir: string,
 ): Promise<string> {
-  // Protokollvalidering
-  if (!sourceUrl.startsWith('https://')) {
-    throw new Error('Bild-URL måste använda https://');
-  }
+  const raw = sourceUrl.trim();
+  const protocolNormalized = raw.startsWith('//') ? `https:${raw}` : raw;

  // SSRF: blockera privata hostnames
-  let hostname: string;
+  let parsedUrl: URL;
  try {
-    hostname = new URL(sourceUrl).hostname;
+    parsedUrl = new URL(protocolNormalized);
  } catch {
    throw new Error('Ogiltig bild-URL');
  }

+  // Protokollvalidering
+  if (parsedUrl.protocol !== 'https:') {
+    throw new Error('Bild-URL måste använda https://');
+  }
+
+  const hostname = parsedUrl.hostname;
+
  if (BLOCKED_HOSTNAMES.test(hostname)) {
    throw new Error('Bild-URL pekar på ett blockerat nätverk');
  }
@@ -42,7 +47,7 @@ export async function downloadAndOptimizeImage(
  const timeout = setTimeout(() => controller.abort(), 10_000);
  let response: Response;
  try {
-    response = await fetch(sourceUrl, {
+    response = await fetch(parsedUrl.toString(), {
      signal: controller.signal,
      headers: { 'User-Agent': 'Mozilla/5.0 (compatible; RecipeApp/1.0)' },
    });