From 16b5fb3533b5830e1a9fa49d52f666cb63270d43 Mon Sep 17 00:00:00 2001
From: shibafu <shibafu528@gmail.com>
Date: Tue, 21 Jul 2020 23:39:48 +0900
Subject: [PATCH 1/2] =?UTF-8?q?Tissue=E5=86=85=E3=81=AEURL=E3=81=AB?=
 =?UTF-8?q?=E5=AF=BE=E3=81=99=E3=82=8B=E3=83=A1=E3=82=BF=E3=83=87=E3=83=BC?=
 =?UTF-8?q?=E3=82=BF=E5=8F=96=E5=BE=97=E3=81=AF=E6=8B=92=E5=90=A6=E3=81=99?=
 =?UTF-8?q?=E3=82=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/Services/MetadataResolveService.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/Services/MetadataResolveService.php b/app/Services/MetadataResolveService.php
index 405ae9f..55372bd 100644
--- a/app/Services/MetadataResolveService.php
+++ b/app/Services/MetadataResolveService.php
@@ -27,6 +27,11 @@ class MetadataResolveService
         // URLの正規化
         $url = $this->formatter->normalizeUrl($url);
 
+        // 自分自身は解決しない
+        if (parse_url($url, PHP_URL_HOST) === parse_url(config('app.url'), PHP_URL_HOST)) {
+            abort(403);
+        }
+
         // 無かったら取得
         // TODO: ある程度古かったら再取得とかありだと思う
         $metadata = Metadata::find($url);

From 0a9920b11cf1e0cfad654944e60a96a50478c5b7 Mon Sep 17 00:00:00 2001
From: shibafu <shibafu528@gmail.com>
Date: Thu, 23 Jul 2020 13:08:20 +0900
Subject: [PATCH 2/2] =?UTF-8?q?=E3=81=95=E3=81=99=E3=81=8C=E3=81=ABService?=
 =?UTF-8?q?=E3=81=8B=E3=82=89HttpException=E3=81=AF=E9=9B=91=E3=81=99?=
 =?UTF-8?q?=E3=81=8E=E3=81=9F=E3=81=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/Http/Controllers/Api/CardController.php  |  7 ++++-
 app/Listeners/LinkCollector.php              |  3 ++
 app/MetadataResolver/DeniedHostException.php | 30 ++++++++++++++++++++
 app/Services/MetadataResolveService.php      |  3 +-
 4 files changed, 41 insertions(+), 2 deletions(-)
 create mode 100644 app/MetadataResolver/DeniedHostException.php

diff --git a/app/Http/Controllers/Api/CardController.php b/app/Http/Controllers/Api/CardController.php
index 8cdf980..38f56f7 100644
--- a/app/Http/Controllers/Api/CardController.php
+++ b/app/Http/Controllers/Api/CardController.php
@@ -2,6 +2,7 @@
 
 namespace App\Http\Controllers\Api;
 
+use App\MetadataResolver\DeniedHostException;
 use App\Services\MetadataResolveService;
 use Illuminate\Http\Request;
 
@@ -13,7 +14,11 @@ class CardController
             'url:required|url'
         ]);
 
-        $metadata = $service->execute($request->input('url'));
+        try {
+            $metadata = $service->execute($request->input('url'));
+        } catch (DeniedHostException $e) {
+            abort(403, $e->getMessage());
+        }
         $metadata->load('tags');
 
         $response = response($metadata);
diff --git a/app/Listeners/LinkCollector.php b/app/Listeners/LinkCollector.php
index 6c10e21..d3a1b37 100644
--- a/app/Listeners/LinkCollector.php
+++ b/app/Listeners/LinkCollector.php
@@ -3,6 +3,7 @@
 namespace App\Listeners;
 
 use App\Events\LinkDiscovered;
+use App\MetadataResolver\DeniedHostException;
 use App\Services\MetadataResolveService;
 use Illuminate\Contracts\Queue\ShouldQueue;
 use Illuminate\Queue\InteractsWithQueue;
@@ -32,6 +33,8 @@ class LinkCollector
     {
         try {
             $this->metadataResolveService->execute($event->url);
+        } catch (DeniedHostException $e) {
+            // ignored
         } catch (\Exception $e) {
             // 今のところこのイベントは同期実行されるので、上流をクラッシュさせないために雑catchする
             report($e);
diff --git a/app/MetadataResolver/DeniedHostException.php b/app/MetadataResolver/DeniedHostException.php
new file mode 100644
index 0000000..dac13b2
--- /dev/null
+++ b/app/MetadataResolver/DeniedHostException.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace App\MetadataResolver;
+
+use Exception;
+use Throwable;
+
+/**
+ * メタデータの解決を禁止しているホストに対して取得を試み、ブロックされたことを表します。
+ */
+class DeniedHostException extends Exception
+{
+    private $url;
+
+    public function __construct(string $url, Throwable $previous = null)
+    {
+        parent::__construct("Access denied by system policy: $url", 0, $previous);
+        $this->url = $url;
+    }
+
+    public function getUrl(): string
+    {
+        return $this->url;
+    }
+
+    public function getHost(): string
+    {
+        return parse_url($this->url, PHP_URL_HOST);
+    }
+}
diff --git a/app/Services/MetadataResolveService.php b/app/Services/MetadataResolveService.php
index 55372bd..e622813 100644
--- a/app/Services/MetadataResolveService.php
+++ b/app/Services/MetadataResolveService.php
@@ -3,6 +3,7 @@
 namespace App\Services;
 
 use App\Metadata;
+use App\MetadataResolver\DeniedHostException;
 use App\MetadataResolver\MetadataResolver;
 use App\Tag;
 use App\Utilities\Formatter;
@@ -29,7 +30,7 @@ class MetadataResolveService
 
         // 自分自身は解決しない
         if (parse_url($url, PHP_URL_HOST) === parse_url(config('app.url'), PHP_URL_HOST)) {
-            abort(403);
+            throw new DeniedHostException($url);
         }
 
         // 無かったら取得