Refactor webhook endpoint validation to utilize BLOCKED_HOSTNAMES and ALLOWED_PORTS constants from ipValidator module, improving code organization and maintainability.

Dobrunia · Dobrunia · commit 8f5d1402ecde · 2026-02-18T19:02:01.000+03:00
diff --git a/src/utils/ipValidator.ts b/src/utils/ipValidator.ts
@@ -43,3 +43,22 @@ export function isPrivateIP(ip: string): boolean {
 
   return PRIVATE_IP_PATTERNS.some((pattern) => pattern.test(bare));
 }
+
+/**
+ * Hostnames blocked regardless of DNS resolution
+ */
+export const BLOCKED_HOSTNAMES: RegExp[] = [
+  /^localhost$/i,
+  /\.local$/i,
+  /\.internal$/i,
+  /\.lan$/i,
+  /\.localdomain$/i,
+];
+
+/**
+ * Only these ports are allowed for webhook delivery
+ */
+export const ALLOWED_PORTS: Record<string, number> = {
+  'http:': 80,
+  'https:': 443,
+};
diff --git a/src/utils/webhookEndpointValidator.ts b/src/utils/webhookEndpointValidator.ts
@@ -1,24 +1,5 @@
 import dns from 'dns';
-import { isPrivateIP } from './ipValidator';
-
-/**
- * Hostnames blocked regardless of DNS resolution
- */
-const BLOCKED_HOSTNAMES: RegExp[] = [
-  /^localhost$/i,
-  /\.local$/i,
-  /\.internal$/i,
-  /\.lan$/i,
-  /\.localdomain$/i,
-];
-
-/**
- * Only these ports are allowed for webhook delivery
- */
-const ALLOWED_PORTS: Record<string, number> = {
-  'http:': 80,
-  'https:': 443,
-};
+import { isPrivateIP, BLOCKED_HOSTNAMES, ALLOWED_PORTS } from './ipValidator';
 
 /**
  * Validates a webhook endpoint URL for SSRF safety.
