2019-05-02 17:17:27 -05:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2015-08-18 16:15:46 -05:00
|
|
|
class EmbeddableHost < ActiveRecord::Base
|
2016-01-11 10:06:09 -06:00
|
|
|
validate :host_must_be_valid
|
2015-08-18 16:15:46 -05:00
|
|
|
belongs_to :category
|
2024-05-16 14:47:01 -05:00
|
|
|
belongs_to :user, optional: true
|
|
|
|
has_many :embeddable_host_tags
|
|
|
|
has_many :tags, through: :embeddable_host_tags
|
2019-03-29 11:05:51 -05:00
|
|
|
after_destroy :reset_embedding_settings
|
2015-08-18 16:15:46 -05:00
|
|
|
|
|
|
|
before_validation do
|
2023-01-20 12:52:49 -06:00
|
|
|
self.host.sub!(%r{\Ahttps?://}, "")
|
|
|
|
self.host.sub!(%r{/.*\z}, "")
|
2015-08-18 16:15:46 -05:00
|
|
|
end
|
|
|
|
|
2024-05-06 22:06:31 -05:00
|
|
|
self.ignored_columns = ["path_whitelist"] # TODO: Remove when 20240212034010_drop_deprecated_columns has been promoted to pre-deploy
|
2024-05-06 13:18:53 -05:00
|
|
|
|
2016-08-23 13:55:52 -05:00
|
|
|
def self.record_for_url(uri)
|
|
|
|
if uri.is_a?(String)
|
2023-01-09 06:20:10 -06:00
|
|
|
uri =
|
|
|
|
begin
|
|
|
|
URI(UrlHelper.normalized_encode(uri))
|
|
|
|
rescue URI::Error, Addressable::URI::InvalidURIError
|
|
|
|
end
|
2016-08-23 13:55:52 -05:00
|
|
|
end
|
2022-02-06 21:25:42 -06:00
|
|
|
|
2024-05-27 05:27:13 -05:00
|
|
|
return false if uri.blank?
|
2015-08-18 16:15:46 -05:00
|
|
|
|
|
|
|
host = uri.host
|
2024-05-27 05:27:13 -05:00
|
|
|
return false if host.blank?
|
2015-08-18 16:15:46 -05:00
|
|
|
|
2023-01-09 06:20:10 -06:00
|
|
|
host << ":#{uri.port}" if uri.port.present? && uri.port != 80 && uri.port != 443
|
2017-02-27 11:17:52 -06:00
|
|
|
|
2016-08-26 11:47:21 -05:00
|
|
|
path = uri.path
|
|
|
|
path << "?" << uri.query if uri.query.present?
|
|
|
|
|
2017-02-17 11:39:33 -06:00
|
|
|
where("lower(host) = ?", host).each do |eh|
|
2020-07-26 19:23:54 -05:00
|
|
|
return eh if eh.allowed_paths.blank?
|
2017-12-12 10:56:28 -06:00
|
|
|
|
2020-07-26 19:23:54 -05:00
|
|
|
path_regexp = Regexp.new(eh.allowed_paths)
|
2019-12-11 20:49:21 -06:00
|
|
|
return eh if path_regexp.match(path) || path_regexp.match(UrlHelper.unencode(path))
|
2017-02-17 11:39:33 -06:00
|
|
|
end
|
|
|
|
|
|
|
|
nil
|
|
|
|
end
|
2016-08-26 11:47:21 -05:00
|
|
|
|
2017-02-17 11:39:33 -06:00
|
|
|
def self.url_allowed?(url)
|
2021-07-16 13:25:49 -05:00
|
|
|
return false if url.nil?
|
|
|
|
|
2023-01-09 06:20:10 -06:00
|
|
|
uri =
|
|
|
|
begin
|
|
|
|
URI(UrlHelper.normalized_encode(url))
|
|
|
|
rescue URI::Error
|
|
|
|
end
|
2018-03-28 03:20:08 -05:00
|
|
|
|
2017-02-17 11:39:33 -06:00
|
|
|
uri.present? && record_for_url(uri).present?
|
2015-08-18 16:15:46 -05:00
|
|
|
end
|
|
|
|
|
2016-01-11 10:06:09 -06:00
|
|
|
private
|
|
|
|
|
2019-03-29 11:05:51 -05:00
|
|
|
def reset_embedding_settings
|
|
|
|
unless EmbeddableHost.exists?
|
|
|
|
Embedding.settings.each { |s| SiteSetting.set(s.to_s, SiteSetting.defaults[s]) }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2018-06-07 00:28:18 -05:00
|
|
|
def host_must_be_valid
|
2020-06-18 12:58:47 -05:00
|
|
|
if host !~ /\A[a-z0-9]+([\-\.]+{1}[a-z0-9]+)*\.[a-z]{2,24}(:[0-9]{1,5})?(\/.*)?\Z/i &&
|
2023-01-09 06:20:10 -06:00
|
|
|
host !~ /\A(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})(:[0-9]{1,5})?(\/.*)?\Z/ &&
|
|
|
|
host !~ /\A([a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.)?localhost(\:[0-9]{1,5})?(\/.*)?\Z/i
|
|
|
|
errors.add(:host, I18n.t("errors.messages.invalid"))
|
2016-01-11 10:06:09 -06:00
|
|
|
end
|
2018-06-07 00:28:18 -05:00
|
|
|
end
|
2015-08-18 16:15:46 -05:00
|
|
|
end
|
2015-09-17 19:41:10 -05:00
|
|
|
|
|
|
|
# == Schema Information
|
|
|
|
#
|
|
|
|
# Table name: embeddable_hosts
|
|
|
|
#
|
2020-08-20 22:36:53 -05:00
|
|
|
# id :integer not null, primary key
|
|
|
|
# host :string not null
|
|
|
|
# category_id :integer not null
|
|
|
|
# created_at :datetime not null
|
|
|
|
# updated_at :datetime not null
|
|
|
|
# class_name :string
|
|
|
|
# allowed_paths :string
|
2024-05-16 14:47:01 -05:00
|
|
|
# user_id :integer
|
2015-09-17 19:41:10 -05:00
|
|
|
#
|