Class: Banzai::Filter::AssetProxyFilter

Inherits:
HTML::Pipeline::Filter
  • Object
show all
Includes:
Concerns::PipelineTimingCheck
Defined in:
lib/banzai/filter/asset_proxy_filter.rb

Overview

Proxy’s images/assets to another server. Reduces mixed content warnings as well as hiding the customer’s IP address when requesting images. Copies the original img ‘src` to `data-canonical-src` then replaces the `src` with a new url to the proxy server.

Based on github.com/gjtorikian/html-pipeline/blob/v2.14.3/lib/html/pipeline/camo_filter.rb

Constant Summary

Constants included from Concerns::PipelineTimingCheck

Concerns::PipelineTimingCheck::MAX_PIPELINE_SECONDS

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Concerns::PipelineTimingCheck

#exceeded_pipeline_max?

Constructor Details

#initialize(text, context = nil, result = nil) ⇒ AssetProxyFilter

Returns a new instance of AssetProxyFilter.



14
15
16
# File 'lib/banzai/filter/asset_proxy_filter.rb', line 14

def initialize(text, context = nil, result = nil)
  super
end

Class Method Details

.compile_allowlist(domain_list) ⇒ Object



81
82
83
84
85
86
# File 'lib/banzai/filter/asset_proxy_filter.rb', line 81

def self.compile_allowlist(domain_list)
  return if domain_list.empty?

  escaped = domain_list.map { |domain| Regexp.escape(domain).gsub('\*', '.*?') }
  Regexp.new("^(#{escaped.join('|')})$", Regexp::IGNORECASE)
end

.determine_allowlist(application_settings) ⇒ Object



88
89
90
91
92
# File 'lib/banzai/filter/asset_proxy_filter.rb', line 88

def self.determine_allowlist(application_settings)
  application_settings.try(:asset_proxy_allowlist).presence ||
    application_settings.try(:asset_proxy_whitelist).presence ||
    [Gitlab.config.gitlab.host]
end

.initialize_settingsObject

called during an initializer. Caching the values in Gitlab.config significantly increased performance, rather than querying Gitlab::CurrentSettings.current_application_settings over and over. However, this does mean that the Rails servers need to get restarted whenever the application settings are changed



66
67
68
69
70
71
72
73
74
75
76
77
78
79
# File 'lib/banzai/filter/asset_proxy_filter.rb', line 66

def self.initialize_settings
  application_settings           = Gitlab::CurrentSettings.current_application_settings
  Gitlab.config['asset_proxy'] ||= GitlabSettings::Options.build({})

  if application_settings.respond_to?(:asset_proxy_enabled)
    Gitlab.config.asset_proxy['enabled']       = application_settings.asset_proxy_enabled
    Gitlab.config.asset_proxy['url']           = application_settings.asset_proxy_url
    Gitlab.config.asset_proxy['secret_key']    = application_settings.asset_proxy_secret_key
    Gitlab.config.asset_proxy['allowlist']     = determine_allowlist(application_settings)
    Gitlab.config.asset_proxy['domain_regexp'] = compile_allowlist(Gitlab.config.asset_proxy.allowlist)
  else
    Gitlab.config.asset_proxy['enabled']       = ::ApplicationSetting.defaults[:asset_proxy_enabled]
  end
end

.transform_context(context) ⇒ Object



49
50
51
52
53
54
55
56
57
58
59
60
# File 'lib/banzai/filter/asset_proxy_filter.rb', line 49

def self.transform_context(context)
  context[:disable_asset_proxy] = !Gitlab.config.asset_proxy.enabled

  unless context[:disable_asset_proxy]
    context[:asset_proxy_enabled]       = !context[:disable_asset_proxy]
    context[:asset_proxy]               = Gitlab.config.asset_proxy.url
    context[:asset_proxy_secret_key]    = Gitlab.config.asset_proxy.secret_key
    context[:asset_proxy_domain_regexp] = Gitlab.config.asset_proxy.domain_regexp
  end

  context
end

Instance Method Details

#asset_host_allowed?(host) ⇒ Boolean

Returns:

  • (Boolean)


45
46
47
# File 'lib/banzai/filter/asset_proxy_filter.rb', line 45

def asset_host_allowed?(host)
  context[:asset_proxy_domain_regexp] ? context[:asset_proxy_domain_regexp].match?(host) : false
end

#callObject



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# File 'lib/banzai/filter/asset_proxy_filter.rb', line 18

def call
  return doc unless asset_proxy_enabled?

  doc.search('img').each do |element|
    original_src = element['src']
    next unless original_src

    begin
      uri = URI.parse(original_src)

      # Skip URLs like `/path.ext` or `path.ext` which are relative to the current host
      next if uri.relative? && uri.host.nil? && original_src.match(%r{\A/*})[0].length < 2
      next if asset_host_allowed?(uri.host)
    rescue StandardError
      # Ignored
    end

    element['src'] = asset_proxy_url(original_src)
    element['data-canonical-src'] = original_src
  end
  doc
end

#validateObject



41
42
43
# File 'lib/banzai/filter/asset_proxy_filter.rb', line 41

def validate
  needs(:asset_proxy, :asset_proxy_secret_key) if asset_proxy_enabled?
end