Class: Banzai::Filter::AssetProxyFilter

Inherits:

HTML::Pipeline::Filter

• Object
• HTML::Pipeline::Filter
• Banzai::Filter::AssetProxyFilter

Defined in:

lib/banzai/filter/asset_proxy_filter.rb

Overview

Proxy’s images/assets to another server. Reduces mixed content warnings as well as hiding the customer’s IP address when requesting images. Copies the original img ‘src` to `data-canonical-src` then replaces the `src` with a new url to the proxy server.

Based on github.com/gjtorikian/html-pipeline/blob/v2.14.3/lib/html/pipeline/camo_filter.rb

Class Method Summary

• .compile_allowlist(domain_list) ⇒ Object
• .determine_allowlist(application_settings) ⇒ Object
• .initialize_settings ⇒ Object

  called during an initializer.

• .transform_context(context) ⇒ Object

Instance Method Summary

• #asset_host_allowed?(host) ⇒ Boolean
• #call ⇒ Object
• #initialize(text, context = nil, result = nil) ⇒ AssetProxyFilter constructor

  A new instance of AssetProxyFilter.

• #validate ⇒ Object

Constructor Details

#initialize(text, context = nil, result = nil) ⇒ AssetProxyFilter

Returns a new instance of AssetProxyFilter.

# File 'lib/banzai/filter/asset_proxy_filter.rb', line 12

def initialize(text, context = nil, result = nil)
  super
end

Class Method Details

.compile_allowlist(domain_list) ⇒ Object

# File 'lib/banzai/filter/asset_proxy_filter.rb', line 78

def self.compile_allowlist(domain_list)
  return if domain_list.empty?

  escaped = domain_list.map { |domain| Regexp.escape(domain).gsub('\*', '.*?') }
  Regexp.new("^(#{escaped.join('|')})$", Regexp::IGNORECASE)
end

.determine_allowlist(application_settings) ⇒ Object

# File 'lib/banzai/filter/asset_proxy_filter.rb', line 85

def self.determine_allowlist(application_settings)
  application_settings.try(:asset_proxy_allowlist).presence ||
    application_settings.try(:asset_proxy_whitelist).presence ||
    [Gitlab.config.gitlab.host]
end

.initialize_settings ⇒ Object

called during an initializer. Caching the values in Gitlab.config significantly increased performance, rather than querying Gitlab::CurrentSettings.current_application_settings over and over. However, this does mean that the Rails servers need to get restarted whenever the application settings are changed

# File 'lib/banzai/filter/asset_proxy_filter.rb', line 63

def self.initialize_settings
  application_settings           = Gitlab::CurrentSettings.current_application_settings
  Gitlab.config['asset_proxy'] ||= GitlabSettings::Options.build({})

  if application_settings.respond_to?(:asset_proxy_enabled)
    Gitlab.config.asset_proxy['enabled']       = application_settings.asset_proxy_enabled
    Gitlab.config.asset_proxy['url']           = application_settings.asset_proxy_url
    Gitlab.config.asset_proxy['secret_key']    = application_settings.asset_proxy_secret_key
    Gitlab.config.asset_proxy['allowlist']     = determine_allowlist(application_settings)
    Gitlab.config.asset_proxy['domain_regexp'] = compile_allowlist(Gitlab.config.asset_proxy.allowlist)
  else
    Gitlab.config.asset_proxy['enabled']       = ::ApplicationSetting.defaults[:asset_proxy_enabled]
  end
end

.transform_context(context) ⇒ Object

# File 'lib/banzai/filter/asset_proxy_filter.rb', line 46

def self.transform_context(context)
  context[:disable_asset_proxy] = !Gitlab.config.asset_proxy.enabled

  unless context[:disable_asset_proxy]
    context[:asset_proxy_enabled]       = !context[:disable_asset_proxy]
    context[:asset_proxy]               = Gitlab.config.asset_proxy.url
    context[:asset_proxy_secret_key]    = Gitlab.config.asset_proxy.secret_key
    context[:asset_proxy_domain_regexp] = Gitlab.config.asset_proxy.domain_regexp
  end

  context
end

Instance Method Details

#asset_host_allowed?(host) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/banzai/filter/asset_proxy_filter.rb', line 42

def asset_host_allowed?(host)
  context[:asset_proxy_domain_regexp] ? context[:asset_proxy_domain_regexp].match?(host) : false
end

#call ⇒ Object

# File 'lib/banzai/filter/asset_proxy_filter.rb', line 16

def call
  return doc unless asset_proxy_enabled?

  doc.search('img').each do |element|
    original_src = element['src']
    next unless original_src

    begin
      uri = URI.parse(original_src)
    rescue StandardError
      next
    end

    next if uri.host.nil? && !original_src.start_with?('///')
    next if asset_host_allowed?(uri.host)

    element['src'] = asset_proxy_url(original_src)
    element['data-canonical-src'] = original_src
  end
  doc
end

#validate ⇒ Object

# File 'lib/banzai/filter/asset_proxy_filter.rb', line 38

def validate
  needs(:asset_proxy, :asset_proxy_secret_key) if asset_proxy_enabled?
end