diff --git a/Dockerfile b/Dockerfile index 8b72f70618..7d30696d4a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,8 @@ ARG BASE FROM ${BASE} +ENV IN_DOCKER=1 + # Add backend server - Application Layer ARG JAR_FILE=./app/server/dist/server-*.jar ARG PLUGIN_JARS=./app/server/dist/plugins/*.jar diff --git a/app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java b/app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java index 3f7de88877..189b8e7d06 100644 --- a/app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java +++ b/app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java @@ -25,14 +25,15 @@ import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.UnknownHostException; import java.util.Arrays; +import java.util.Collections; +import java.util.HashSet; import java.util.List; import java.util.Set; @Slf4j public class WebClientUtils { - private static final Set DISALLOWED_HOSTS = - Set.of("169.254.169.254", "0:0:0:0:0:0:a9fe:a9fe", "fd00:ec2:0:0:0:0:0:254", "metadata.google.internal"); + private static final Set DISALLOWED_HOSTS = computeDisallowedHosts(); public static final String HOST_NOT_ALLOWED = "Host not allowed."; @@ -45,6 +46,18 @@ public class WebClientUtils { private WebClientUtils() {} + private static Set computeDisallowedHosts() { + final Set hosts = new HashSet<>(Set.of( + "169.254.169.254", "0:0:0:0:0:0:a9fe:a9fe", "fd00:ec2:0:0:0:0:0:254", "metadata.google.internal")); + + if ("1".equals(System.getenv("IN_DOCKER"))) { + hosts.add("127.0.0.1"); + hosts.add("0:0:0:0:0:0:0:1"); + } + + return Collections.unmodifiableSet(hosts); + } + public static WebClient create() { return builder().build(); } diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/helpers/RTSCaller.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/helpers/RTSCaller.java index 09b5959002..c5c2711584 100644 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/helpers/RTSCaller.java +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/helpers/RTSCaller.java @@ -1,15 +1,16 @@ package com.appsmith.server.helpers; -import com.appsmith.util.WebClientUtils; import jakarta.annotation.PostConstruct; import lombok.NonNull; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.HttpMethod; import org.springframework.http.MediaType; +import org.springframework.http.client.reactive.ReactorClientHttpConnector; import org.springframework.stereotype.Component; import org.springframework.web.reactive.function.BodyInserters; import org.springframework.web.reactive.function.client.WebClient; import reactor.core.publisher.Mono; +import reactor.netty.http.client.HttpClient; import reactor.netty.resources.ConnectionProvider; import java.time.Duration; @@ -33,13 +34,18 @@ public class RTSCaller { rtsPort = "8091"; } - webClient = WebClientUtils.builder(ConnectionProvider.builder("rts-provider") - .maxConnections(100) - .maxIdleTime(Duration.ofSeconds(30)) - .maxLifeTime(Duration.ofSeconds(40)) - .pendingAcquireTimeout(Duration.ofSeconds(10)) - .pendingAcquireMaxCount(-1) - .build()) + final ConnectionProvider connectionProvider = ConnectionProvider.builder("rts-provider") + .maxConnections(100) + .maxIdleTime(Duration.ofSeconds(30)) + .maxLifeTime(Duration.ofSeconds(40)) + .pendingAcquireTimeout(Duration.ofSeconds(10)) + .pendingAcquireMaxCount(-1) + .build(); + + // We do NOT use `WebClientUtils` here, intentionally, since we don't allow connections to 127.0.0.1, + // which is exactly the _only_ host we want to hit from here. + webClient = WebClient.builder() + .clientConnector(new ReactorClientHttpConnector(HttpClient.create(connectionProvider))) .baseUrl("http://127.0.0.1:" + rtsPort) .build(); }