2019-12-17 15:08:15 +00:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
module SafeUrl
|
|
|
|
extend ActiveSupport::Concern
|
|
|
|
|
2022-09-29 21:08:27 +00:00
|
|
|
# Return the URL with obfuscated userinfo
|
|
|
|
# and keeping it intact
|
2021-03-22 12:09:02 +00:00
|
|
|
def safe_url(allowed_usernames: [])
|
2019-12-17 15:08:15 +00:00
|
|
|
return if url.nil?
|
|
|
|
|
2022-09-29 21:08:27 +00:00
|
|
|
escaped = Addressable::URI.escape(url)
|
|
|
|
uri = URI.parse(escaped)
|
2019-12-17 15:08:15 +00:00
|
|
|
uri.password = '*****' if uri.password
|
2021-03-22 12:09:02 +00:00
|
|
|
uri.user = '*****' if uri.user && allowed_usernames.exclude?(uri.user)
|
2022-09-29 21:08:27 +00:00
|
|
|
Addressable::URI.unescape(uri.to_s)
|
|
|
|
rescue URI::Error, TypeError
|
2019-12-17 15:08:15 +00:00
|
|
|
end
|
|
|
|
end
|