Merge pull request #443 from shikorism/fix/ignore-resolve-self
Tissue内のURLに対するメタデータ取得は拒否する
This commit is contained in:
shibafu
GitHub
commit
978d54cf12
@ -2,6 +2,7 @@
|
||||
|
||||
namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\MetadataResolver\DeniedHostException;
|
||||
use App\Services\MetadataResolveService;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
@ -13,7 +14,11 @@ class CardController
|
||||
'url:required|url'
|
||||
]);
|
||||
|
||||
$metadata = $service->execute($request->input('url'));
|
||||
try {
|
||||
$metadata = $service->execute($request->input('url'));
|
||||
} catch (DeniedHostException $e) {
|
||||
abort(403, $e->getMessage());
|
||||
}
|
||||
$metadata->load('tags');
|
||||
|
||||
$response = response($metadata);
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
namespace App\Listeners;
|
||||
|
||||
use App\Events\LinkDiscovered;
|
||||
use App\MetadataResolver\DeniedHostException;
|
||||
use App\Services\MetadataResolveService;
|
||||
use Illuminate\Contracts\Queue\ShouldQueue;
|
||||
use Illuminate\Queue\InteractsWithQueue;
|
||||
@ -32,6 +33,8 @@ class LinkCollector
|
||||
{
|
||||
try {
|
||||
$this->metadataResolveService->execute($event->url);
|
||||
} catch (DeniedHostException $e) {
|
||||
// ignored
|
||||
} catch (\Exception $e) {
|
||||
// 今のところこのイベントは同期実行されるので、上流をクラッシュさせないために雑catchする
|
||||
report($e);
|
||||
|
||||
30
app/MetadataResolver/DeniedHostException.php
Normal file
30
app/MetadataResolver/DeniedHostException.php
Normal file
@ -0,0 +1,30 @@
|
||||
<?php
|
||||
|
||||
namespace App\MetadataResolver;
|
||||
|
||||
use Exception;
|
||||
use Throwable;
|
||||
|
||||
/**
|
||||
* メタデータの解決を禁止しているホストに対して取得を試み、ブロックされたことを表します。
|
||||
*/
|
||||
class DeniedHostException extends Exception
|
||||
{
|
||||
private $url;
|
||||
|
||||
public function __construct(string $url, Throwable $previous = null)
|
||||
{
|
||||
parent::__construct("Access denied by system policy: $url", 0, $previous);
|
||||
$this->url = $url;
|
||||
}
|
||||
|
||||
public function getUrl(): string
|
||||
{
|
||||
return $this->url;
|
||||
}
|
||||
|
||||
public function getHost(): string
|
||||
{
|
||||
return parse_url($this->url, PHP_URL_HOST);
|
||||
}
|
||||
}
|
||||
@ -3,6 +3,7 @@
|
||||
namespace App\Services;
|
||||
|
||||
use App\Metadata;
|
||||
use App\MetadataResolver\DeniedHostException;
|
||||
use App\MetadataResolver\MetadataResolver;
|
||||
use App\Tag;
|
||||
use App\Utilities\Formatter;
|
||||
@ -27,6 +28,11 @@ class MetadataResolveService
|
||||
// URLの正規化
|
||||
$url = $this->formatter->normalizeUrl($url);
|
||||
|
||||
// 自分自身は解決しない
|
||||
if (parse_url($url, PHP_URL_HOST) === parse_url(config('app.url'), PHP_URL_HOST)) {
|
||||
throw new DeniedHostException($url);
|
||||
}
|
||||
|
||||
// 無かったら取得
|
||||
// TODO: ある程度古かったら再取得とかありだと思う
|
||||
$metadata = Metadata::find($url);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user