From cae76f022f49f782ae52258451baf154b16e222d Mon Sep 17 00:00:00 2001
From: IsayIsee <solin.zhan@gmail.com>
Date: Tue, 6 Jan 2026 17:21:11 +0800
Subject: [PATCH] Implement message sanitization for Aliyun SMS

Added a method to remove IP addresses and domains from SMS messages to comply with Aliyun SMS restrictions.
---
 server/notification-providers/aliyun-sms.js | 31 +++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/server/notification-providers/aliyun-sms.js b/server/notification-providers/aliyun-sms.js
index 59560599f..78203eb85 100644
--- a/server/notification-providers/aliyun-sms.js
+++ b/server/notification-providers/aliyun-sms.js
@@ -19,7 +19,7 @@ class AliyunSMS extends NotificationProvider {
                     name: monitorJSON["name"],
                     time: heartbeatJSON["localDateTime"],
                     status: this.statusToString(heartbeatJSON["status"]),
-                    msg: heartbeatJSON["msg"],
+                    msg: this.removeIpAndDomain(heartbeatJSON["msg"]),
                 });
                 if (await this.sendSms(notification, msgBody)) {
                     return okMsg;
@@ -29,7 +29,7 @@ class AliyunSMS extends NotificationProvider {
                     name: "",
                     time: "",
                     status: "",
-                    msg: msg,
+                    msg: this.removeIpAndDomain(msg),
                 });
                 if (await this.sendSms(notification, msgBody)) {
                     return okMsg;
@@ -140,6 +140,33 @@ class AliyunSMS extends NotificationProvider {
                 return status;
         }
     }
+
+    /**
+     * Remove IP addresses and domains from message to comply with Aliyun SMS restrictions
+     * @param {string} message Original message
+     * @returns {string} Message with IP addresses and domains removed
+     */
+    removeIpAndDomain(message) {
+        if (!message) return message;
+        
+        // 1. Remove URLs first to avoid domain being matched separately
+        message = message.replace(/(?:https?|ftp|ws|wss):\/\/[^\s]+/gi, '[URL]');
+        
+        // 2. Remove IPv4 addresses (with or without port)
+        message = message.replace(/\b(?:\d{1,3}\.){3}\d{1,3}(?::\d+)?\b/g, '[IP]');
+        
+        // 3. Remove IPv6 addresses (with or without port)
+        message = message.replace(/\[?(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\]?(?::\d+)?/g, '[IP]');
+        
+        // 4. Remove domain names (including subdomains and ports)
+        // Matches example.com, www.example.com, sub.example.com:8080, etc.
+        message = message.replace(/\b(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}(?::\d+)?\b/g, '[Domain]');
+        
+        // 5. Remove CIDR notation (e.g., 192.168.0.0/24)
+        message = message.replace(/\b(?:\d{1,3}\.){3}\d{1,3}\/\d{1,2}\b/g, '[CIDR]');
+        
+        return message;
+    }
 }
 
 module.exports = AliyunSMS;