From c2a084803aab762db09f75398ff7e3b826d7164e Mon Sep 17 00:00:00 2001
From: Hongbo Wu <hongbo@omnivore.app>
Date: Thu, 18 Jan 2024 21:56:19 +0800
Subject: [PATCH] validate feed url before adding

---
 packages/api/src/resolvers/subscriptions/index.ts | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/packages/api/src/resolvers/subscriptions/index.ts b/packages/api/src/resolvers/subscriptions/index.ts
index 173f1be1b..493c0fb31 100644
--- a/packages/api/src/resolvers/subscriptions/index.ts
+++ b/packages/api/src/resolvers/subscriptions/index.ts
@@ -39,6 +39,7 @@ import {
 } from '../../generated/graphql'
 import { getRepository } from '../../repository'
 import { feedRepository } from '../../repository/feed'
+import { validateUrl } from '../../services/create_page_save_request'
 import { unsubscribe } from '../../services/subscriptions'
 import { Merge } from '../../util'
 import { analytics } from '../../utils/analytics'
@@ -201,6 +202,15 @@ export const subscribeResolver = authorized<
       }
     }
     const feedUrl = feed.url
+    try {
+      validateUrl(feedUrl)
+    } catch (error) {
+      log.error('invalid feedUrl', { feedUrl, error })
+
+      return {
+        errorCodes: [SubscribeErrorCode.BadRequest],
+      }
+    }
 
     // find existing subscription
     const existingSubscription = await getRepository(Subscription).findOneBy({