chore: validate custom at multiple places

sk-portkey · sk-portkey · commit 5688b5b797a8 · 2025-11-07T12:27:35.000+05:30
diff --git a/src/handlers/services/providerContext.ts b/src/handlers/services/providerContext.ts
@@ -9,6 +9,7 @@ import Providers from '../../providers';
 import { RequestContext } from './requestContext';
 import { ANTHROPIC, AZURE_OPEN_AI } from '../../globals';
 import { GatewayError } from '../../errors/GatewayError';
+import { isValidCustomHost } from '../../middlewares/requestValidator';
 
 export class ProviderContext {
   constructor(private provider: string) {
@@ -94,6 +95,10 @@ export class ProviderContext {
   }
 
   async getFullURL(context: RequestContext): Promise<string> {
+    const customHost = context.customHost;
+    if (customHost && !isValidCustomHost(customHost, context.honoContext)) {
+      throw new GatewayError('Invalid custom host');
+    }
     const baseURL = context.customHost || (await this.getBaseURL(context));
     let url: string;
     if (context.endpoint === 'proxy') {
diff --git a/src/middlewares/requestValidator/index.ts b/src/middlewares/requestValidator/index.ts
@@ -141,7 +141,7 @@ export const requestValidator = (c: Context, next: any) => {
   }
 
   const customHostHeader = requestHeaders[`x-${POWERED_BY}-custom-host`];
-  if (customHostHeader && !isValidCustomHost(c, customHostHeader)) {
+  if (customHostHeader && !isValidCustomHost(customHostHeader, c)) {
     return new Response(
       JSON.stringify({
         status: 'failure',
@@ -228,7 +228,8 @@ export const requestValidator = (c: Context, next: any) => {
   }
   return next();
 };
-function isValidCustomHost(c: Context, customHost: string) {
+
+export function isValidCustomHost(customHost: string, c?: Context) {
   try {
     const value = customHost.trim().toLowerCase();
 
diff --git a/src/middlewares/requestValidator/schema/config.ts b/src/middlewares/requestValidator/schema/config.ts
@@ -5,6 +5,7 @@ import {
   GOOGLE_VERTEX_AI,
   TRITON,
 } from '../../../globals';
+import { isValidCustomHost } from '..';
 
 export const configSchema: any = z
   .object({
@@ -149,7 +150,7 @@ export const configSchema: any = z
   .refine(
     (value) => {
       const customHost = value.custom_host;
-      if (customHost && customHost.indexOf('api.portkey') > -1) {
+      if (customHost && !isValidCustomHost(customHost)) {
         return false;
       }
       return true;
