2020-03-04 16:07:54 -05:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
# This is based on https://github.com/jch/html-pipeline/blob/v2.12.2/lib/html/pipeline/camo_filter.rb
|
|
|
|
# and Banzai::Filter::AssetProxyFilter which we use to proxy images in Markdown
|
|
|
|
|
|
|
|
module Gitlab
|
|
|
|
module AssetProxy
|
|
|
|
class << self
|
|
|
|
def proxy_url(url)
|
|
|
|
return url unless Gitlab.config.asset_proxy.enabled
|
|
|
|
return url if asset_host_whitelisted?(url)
|
|
|
|
|
|
|
|
"#{Gitlab.config.asset_proxy.url}/#{asset_url_hash(url)}/#{hexencode(url)}"
|
2020-03-04 19:07:49 -05:00
|
|
|
rescue Addressable::URI::InvalidURIError
|
|
|
|
url
|
2020-03-04 16:07:54 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
def asset_host_whitelisted?(url)
|
2020-03-04 19:07:49 -05:00
|
|
|
parsed_url = Addressable::URI.parse(url)
|
2020-03-04 16:07:54 -05:00
|
|
|
|
|
|
|
Gitlab.config.asset_proxy.domain_regexp&.match?(parsed_url.host)
|
|
|
|
end
|
|
|
|
|
|
|
|
def asset_url_hash(url)
|
|
|
|
OpenSSL::HMAC.hexdigest('sha1', Gitlab.config.asset_proxy.secret_key, url)
|
|
|
|
end
|
|
|
|
|
|
|
|
def hexencode(str)
|
|
|
|
str.unpack1('H*')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|