From e2a57e49453b04be4c396343debba374f051b01c Mon Sep 17 00:00:00 2001
From: Tony <TonyRL@users.noreply.github.com>
Date: Wed, 11 Jan 2023 08:57:32 -0300
Subject: [PATCH] fix(route): invalid url (#11597)

---
 lib/routes/gitlab/explore.js | 2 +-
 lib/v2/btzj/index.js         | 4 ++--
 lib/v2/javbus/index.js       | 2 +-
 lib/v2/javdb/utils.js        | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/routes/gitlab/explore.js b/lib/routes/gitlab/explore.js
index 9d4971fb66..2d8dae948b 100644
--- a/lib/routes/gitlab/explore.js
+++ b/lib/routes/gitlab/explore.js
@@ -12,7 +12,7 @@ module.exports = async (ctx) => {
         starred: 'Most stars',
         all: 'All',
     };
-    if (!config.feature.allow_user_supply_unsafe_domain && !allowHost.includes(new URL(host).hostname)) {
+    if (!config.feature.allow_user_supply_unsafe_domain && !allowHost.includes(new URL(`https://${host}/`).hostname)) {
         ctx.throw(403, `This RSS is disabled unless 'ALLOW_USER_SUPPLY_UNSAFE_DOMAIN' is set to 'true'.`);
     }
 
diff --git a/lib/v2/btzj/index.js b/lib/v2/btzj/index.js
index 9134e484b4..d50796ef02 100644
--- a/lib/v2/btzj/index.js
+++ b/lib/v2/btzj/index.js
@@ -5,12 +5,12 @@ const { parseDate } = require('@/utils/parse-date');
 const { art } = require('@/utils/render');
 const path = require('path');
 const config = require('@/config').value;
-const allowDomain = ['btbtt15.com'];
+const allowDomain = ['2btjia.com', '88btbtt.com', 'btbtt15.com', 'btbtt20.com'];
 
 module.exports = async (ctx) => {
     let category = ctx.params.category ?? '';
     let domain = ctx.query.domain ?? 'btbtt15.com';
-    if (!config.feature.allow_user_supply_unsafe_domain && !allowDomain.includes(new URL(domain).hostname)) {
+    if (!config.feature.allow_user_supply_unsafe_domain && !allowDomain.includes(new URL(`http://${domain}/`).hostname)) {
         ctx.throw(403, `This RSS is disabled unless 'ALLOW_USER_SUPPLY_UNSAFE_DOMAIN' is set to 'true'.`);
     }
 
diff --git a/lib/v2/javbus/index.js b/lib/v2/javbus/index.js
index b1dfe76791..4e1c92f3a0 100644
--- a/lib/v2/javbus/index.js
+++ b/lib/v2/javbus/index.js
@@ -20,7 +20,7 @@ module.exports = async (ctx) => {
     const rootUrl = `https://www.${domain}`;
     const westernUrl = `https://www.${westernDomain}`;
 
-    if (!config.feature.allow_user_supply_unsafe_domain && (!allowDomain.includes(new URL(domain).hostname) || !allowDomain.includes(new URL(westernDomain).hostname))) {
+    if (!config.feature.allow_user_supply_unsafe_domain && (!allowDomain.includes(new URL(`https://${domain}/`).hostname) || !allowDomain.includes(new URL(`https://${westernDomain}/`).hostname))) {
         ctx.throw(403, `This RSS is disabled unless 'ALLOW_USER_SUPPLY_UNSAFE_DOMAIN' is set to 'true'.`);
     }
 
diff --git a/lib/v2/javdb/utils.js b/lib/v2/javdb/utils.js
index b1e8f981d5..e6dd932762 100644
--- a/lib/v2/javdb/utils.js
+++ b/lib/v2/javdb/utils.js
@@ -7,7 +7,7 @@ const allowDomain = ['javdb.com', 'javdb36.com', 'javdb007.com'];
 module.exports = {
     ProcessItems: async (ctx, currentUrl, title) => {
         const domain = ctx.query.domain ?? 'javdb.com';
-        if (!config.feature.allow_user_supply_unsafe_domain && !allowDomain.includes(new URL(domain).hostname)) {
+        if (!config.feature.allow_user_supply_unsafe_domain && !allowDomain.includes(new URL(`https://${domain}/`).hostname)) {
             ctx.throw(403, `This RSS is disabled unless 'ALLOW_USER_SUPPLY_UNSAFE_DOMAIN' is set to 'true'.`);
         }