Class: CamaleonCms::UserUrlValidator

Inherits:

Object

Object
CamaleonCms::UserUrlValidator

Defined in:: app/validators/camaleon_cms/user_url_validator.rb

Constant Summary collapse

LOCAL_IPS =

%w[0.0.0.0 ::].freeze

Class Method Summary collapse

.validate ⇒ Object

Instance Method Summary collapse

#initialize ⇒ UserUrlValidator constructor

A new instance of UserUrlValidator.
#validate(url, allow_localhost: false, allow_local_network: false, enforce_user: true, enforce_sanitizing: true) ⇒ Object

Validates the given url according to the constraints specified by the received arguments.

Constructor Details

#initialize ⇒ `UserUrlValidator`

Returns a new instance of UserUrlValidator.



39
40
41

# File 'app/validators/camaleon_cms/user_url_validator.rb', line 39

def initialize
  @errors = []
end

Class Method Details

.validate ⇒ `Object`



35
36
37

# File 'app/validators/camaleon_cms/user_url_validator.rb', line 35

def self.validate(...)
  new.validate(...)
end

Instance Method Details

#validate(url, allow_localhost: false, allow_local_network: false, enforce_user: true, enforce_sanitizing: true) ⇒ `Object`

Validates the given url according to the constraints specified by the received arguments.

allow_localhost - Registers error if URL resolves to a localhost IP address and argument is false. allow_local_network - Registers error if URL resolves to a link-local address and argument is false. enforce_user - Registers error if URL user doesn’t start with alphanumeric characters and argument is true. enforce_sanitizing - Registers error if URL includes any HTML/CSS/JS tags and argument is true.

Returns an array with [<uri>, <original-hostname>].

# File 'app/validators/camaleon_cms/user_url_validator.rb', line 51

def validate(url, allow_localhost: false, allow_local_network: false, enforce_user: true, enforce_sanitizing: true)
  return invalid_url unless url.present?

  # Param url can be a string, URI or Addressable::URI
  return invalid_url unless (uri = parse_url(url))

  validate_uri(uri: uri, enforce_sanitizing: enforce_sanitizing, enforce_user: enforce_user)
  return @errors if @errors.any?

  address_info = get_address_info(uri)
  return @errors if @errors.any?

  validate_local_request(
    address_info: address_info,
    allow_localhost: allow_localhost,
    allow_local_network: allow_local_network
  )

  @errors.empty? || @errors
end