fix(security): proxy external markdown images via Cloudinary (#3542)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
Co-authored-by: Ido Shamun <idoshamun@users.noreply.github.com>

Author: 3 people

__tests__/common/markdown.ts

@@ -0,0 +1,131 @@
+import cloudinary from 'cloudinary';
+import { markdown } from '../../src/common/markdown';
+
+const configureCloudinary = () => {
+  cloudinary.v2.config({
+    cloud_name: 'daily-now',
+    api_key: 'test',
+    api_secret: 'test',
+  });
+};
+
+describe('markdown image proxy integration', () => {
+  const originalEnv = process.env;
+
+  beforeEach(() => {
+    jest.resetModules();
+    process.env = { ...originalEnv };
+    process.env.CLOUDINARY_URL = 'cloudinary://test:test@daily-now';
+    configureCloudinary();
+  });
+
+  afterAll(() => {
+    process.env = originalEnv;
+  });
+
+  describe('image rendering', () => {
+    it('should proxy external image URLs in markdown', () => {
+      const content = '![alt text](https://example.com/image.png)';
+      const result = markdown.render(content);
+
+      expect(result).toContain('media.daily.dev');
+      expect(result).toContain('/image/fetch/');
+      expect(result).toContain('s--'); // signature
+    });
+
+    it('should not proxy images from media.daily.dev', () => {
+      const content = '![alt text](https://media.daily.dev/image.png)';
+      const result = markdown.render(content);
+
+      expect(result).toContain('https://media.daily.dev/image.png');
+      expect(result).not.toContain('/image/fetch/');
+    });
+
+    it('should not proxy images from res.cloudinary.com', () => {
+      const content =
+        '![alt text](https://res.cloudinary.com/daily-now/image/upload/image.png)';
+      const result = markdown.render(content);
+
+      expect(result).toContain(
+        'https://res.cloudinary.com/daily-now/image/upload/image.png',
+      );
+    });
+
+    it('should block images from private IPs', () => {
+      const content = '![alt text](http://127.0.0.1/image.png)';
+      const result = markdown.render(content);
+
+      expect(result).toContain('src=""');
+      expect(result).not.toContain('127.0.0.1');
+    });
+
+    it('should block images from localhost', () => {
+      const content = '![alt text](http://localhost/image.png)';
+      const result = markdown.render(content);
+
+      expect(result).toContain('src=""');
+      expect(result).not.toContain('localhost');
+    });
+
+    it('should not render file:// protocol URLs as images', () => {
+      const content = '![alt text](file:///etc/passwd)';
+      const result = markdown.render(content);
+
+      // Markdown-it does not render file:// URLs as images, just plain text
+      // This is safe since the path is not loaded as an image
+      expect(result).not.toContain('<img');
+    });
+
+    it('should preserve alt text in proxied images', () => {
+      const content = '![my alt text](https://example.com/image.png)';
+      const result = markdown.render(content);
+
+      expect(result).toContain('alt="my alt text"');
+    });
+
+    it('should handle multiple images in same content', () => {
+      const content = `
+![image1](https://example.com/1.png)
+
+Some text here
+
+![image2](https://evil.com/2.gif)
+      `;
+      const result = markdown.render(content);
+
+      // Both images should be proxied through Cloudinary
+      expect(result.match(/media\.daily\.dev/g)?.length).toBe(2);
+      expect(result).toContain('/image/fetch/');
+    });
+
+    it('should handle images in links', () => {
+      const content =
+        '[![alt](https://example.com/image.png)](https://link.com)';
+      const result = markdown.render(content);
+
+      expect(result).toContain('media.daily.dev');
+      expect(result).toContain('href="https://link.com"');
+    });
+
+    it('should handle data URIs without proxying', () => {
+      const dataUri = 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAAB';
+      const content = `![alt](${dataUri})`;
+      const result = markdown.render(content);
+
+      expect(result).toContain(dataUri);
+    });
+  });
+
+  describe('without Cloudinary configured', () => {
+    beforeEach(() => {
+      delete process.env.CLOUDINARY_URL;
+    });
+
+    it('should pass through external URLs when Cloudinary is not configured', () => {
+      const content = '![alt](https://example.com/image.png)';
+      const result = markdown.render(content);
+
+      expect(result).toContain('https://example.com/image.png');
+    });
+  });
+});

src/common/imageProxy.ts

@@ -0,0 +1,161 @@
+import cloudinary from 'cloudinary';
+import { mapCloudinaryUrl } from './cloudinary';
+
+/**
+ * Allowed domains that don't need proxying (already hosted by us)
+ */
+const ALLOWED_DOMAINS = [
+  'media.daily.dev',
+  'res.cloudinary.com',
+  'daily-now-res.cloudinary.com',
+];
+
+/**
+ * Private/internal IP ranges that should be blocked (SSRF prevention)
+ */
+const PRIVATE_IP_PATTERNS = [
+  // IPv4 private ranges
+  /^127\./,
+  /^10\./,
+  /^192\.168\./,
+  /^172\.(1[6-9]|2[0-9]|3[0-1])\./,
+  // IPv4 link-local
+  /^169\.254\./,
+  // Localhost variations
+  /^0\.0\.0\.0/,
+  /^localhost$/i,
+  // IPv6 loopback and private
+  /^::1$/,
+  /^fe80:/i,
+  /^fc00:/i,
+  /^fd00:/i,
+];
+
+/**
+ * Maximum URL length to prevent abuse
+ */
+const MAX_URL_LENGTH = 2048;
+
+/**
+ * Checks if a hostname is a private/internal IP address
+ */
+export function isPrivateIP(hostname: string): boolean {
+  return PRIVATE_IP_PATTERNS.some((pattern) => pattern.test(hostname));
+}
+
+/**
+ * Checks if a URL is from an allowed domain that doesn't need proxying
+ */
+export function isAllowedDomain(url: string): boolean {
+  try {
+    const parsedUrl = new URL(url);
+    return ALLOWED_DOMAINS.some(
+      (domain) =>
+        parsedUrl.hostname === domain ||
+        parsedUrl.hostname.endsWith(`.${domain}`),
+    );
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Validates that a URL is safe to proxy
+ * Returns an error message if invalid, or null if valid
+ *
+ * Note: This assumes the URL is already http/https since it's called after
+ * isExternalImageUrl check which filters out non-http/https URLs.
+ */
+export function validateImageUrl(url: string): string | null {
+  // Check URL length
+  if (url.length > MAX_URL_LENGTH) {
+    return 'URL exceeds maximum length';
+  }
+
+  try {
+    const parsedUrl = new URL(url);
+
+    // Block private/internal IP addresses (SSRF prevention)
+    if (isPrivateIP(parsedUrl.hostname)) {
+      return 'Private IP addresses are not allowed';
+    }
+
+    return null;
+  } catch {
+    return 'Invalid URL format';
+  }
+}
+
+/**
+ * Checks if a URL is an external image URL that needs proxying
+ * Returns true for external http/https URLs, false for everything else
+ * (data URIs, relative URLs, and allowed domains)
+ *
+ * Note: Invalid protocols like file:// are NOT considered external URLs.
+ * They are handled by validateImageUrl which rejects them.
+ */
+export function isExternalImageUrl(url: string): boolean {
+  // Skip data URIs
+  if (url.startsWith('data:')) {
+    return false;
+  }
+
+  // Only consider http/https URLs as external (relative URLs and other protocols are skipped)
+  if (!url.startsWith('http://') && !url.startsWith('https://')) {
+    return false;
+  }
+
+  // Skip URLs from allowed domains
+  if (isAllowedDomain(url)) {
+    return false;
+  }
+
+  return true;
+}
+
+/**
+ * Generates a signed Cloudinary fetch URL for proxying an external image
+ *
+ * Uses Cloudinary's fetch feature with signed URLs to:
+ * 1. Cache the image on Cloudinary's CDN
+ * 2. Prevent direct requests from users to external servers (IP privacy)
+ * 3. Apply automatic format and quality optimization
+ *
+ * @param externalUrl The external image URL to proxy
+ * @returns The signed Cloudinary fetch URL, or null if the URL is invalid/blocked
+ */
+export function getProxiedImageUrl(externalUrl: string): string | null {
+  // Skip if not an external URL
+  if (!isExternalImageUrl(externalUrl)) {
+    return externalUrl;
+  }
+
+  // Validate the URL
+  const validationError = validateImageUrl(externalUrl);
+  if (validationError) {
+    return null;
+  }
+
+  // Skip if Cloudinary is not configured
+  if (!process.env.CLOUDINARY_URL) {
+    return externalUrl;
+  }
+
+  try {
+    // Generate a signed Cloudinary fetch URL
+    const cloudinaryUrl = cloudinary.v2.url(externalUrl, {
+      type: 'fetch',
+      sign_url: true,
+      secure: true,
+      fetch_format: 'auto',
+      quality: 'auto',
+    });
+
+    // Map to media.daily.dev domain
+    return mapCloudinaryUrl(cloudinaryUrl);
+  } catch {
+    // If Cloudinary URL generation fails, return original URL
+    // to avoid breaking the content
+    return externalUrl;
+  }
+}

src/common/markdown.ts

@@ -7,6 +7,7 @@ import { MentionedUser } from '../schema/comments';
 import { EntityTarget } from 'typeorm/common/EntityTarget';
 import { ghostUser } from './utils';
 import { isValidHttpUrl } from './links';
+import { getProxiedImageUrl } from './imageProxy';
 
 /**
  * Sanitizes HTML content, allowing only safe tags for rich text content.
@@ -211,6 +212,40 @@ markdown.renderer.rules.link_open = function (tokens, idx, options, env, self) {
   return defaultRender(tokens, idx, options, env, self);
 };
 
+/**
+ * Store the default image renderer for markdown-it
+ */
+const defaultImageRender =
+  markdown.renderer.rules.image ||
+  function (tokens, idx, options, env, self) {
+    return self.renderToken(tokens, idx, options);
+  };
+
+/**
+ * Custom image renderer that proxies external images through Cloudinary
+ * to prevent IP address exposure when users view markdown content with
+ * external images.
+ */
+markdown.renderer.rules.image = function (tokens, idx, options, env, self) {
+  const token = tokens[idx];
+  const srcIndex = token.attrIndex('src');
+
+  if (srcIndex >= 0 && token.attrs) {
+    const originalSrc = token.attrs[srcIndex][1];
+    const proxiedSrc = getProxiedImageUrl(originalSrc);
+
+    if (proxiedSrc) {
+      token.attrs[srcIndex][1] = proxiedSrc;
+    } else {
+      // If the URL is invalid/blocked, remove the src to prevent the image from loading
+      // This is a security measure to prevent SSRF and other attacks
+      token.attrs[srcIndex][1] = '';
+    }
+  }
+
+  return defaultImageRender(tokens, idx, options, env, self);
+};
+
 export const saveMentions = (
   transaction: DataSource | EntityManager,
   referenceId: string,