torrentclaw/torrentclaw-mcp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: correct README inconsistencies and add TORRENTCLAW_ALLOW_PRIVATE

Browse source 
- Rename get_torrent_download_url → get_torrent_url in README tools table
- Add TORRENTCLAW_ALLOW_PRIVATE env var to bypass SSRF checks for
  self-hosted setups (localhost, private IPs)
- Update self-hosted config example with TORRENTCLAW_ALLOW_PRIVATE=true
- Add Prompts section to README
- Add 3 tests for ALLOW_PRIVATE behavior (88 tests total)
This commit is contained in:
Deivid Soto 2026-02-09 17:46:24 +01:00
parent d471c9b695
commit e011c0f63e
3 changed files with 52 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/config.ts
View file

@ -24,11 +24,14 @@ export function validateApiUrl(raw: string): string {
);
}
const hostname = parsed.hostname.replace(/^\[|\]$/g, "");
if (PRIVATE_IP_PATTERNS.some((re) => re.test(hostname))) {
throw new Error(
`Invalid TORRENTCLAW_API_URL: private/reserved addresses not allowed`,
);
const allowPrivate = process.env.TORRENTCLAW_ALLOW_PRIVATE === "true";
if (!allowPrivate) {
const hostname = parsed.hostname.replace(/^\[|\]$/g, "");
if (PRIVATE_IP_PATTERNS.some((re) => re.test(hostname))) {
throw new Error(
`Invalid TORRENTCLAW_API_URL: private/reserved addresses not allowed. Set TORRENTCLAW_ALLOW_PRIVATE=true for self-hosted setups.`,
);
}
}
return raw;