pepepper/tissue
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #443 from shikorism/fix/ignore-resolve-self

Browse Source 
Tissue内のURLに対するメタデータ取得は拒否する
This commit is contained in:
shibafu 2020-08-01 18:38:14 +09:00 committed by GitHub
commit 978d54cf12
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 45 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/Http/Controllers/Api/CardController.php
View File

@ -2,6 +2,7 @@
namespace App\Http\Controllers\Api; namespace App\Http\Controllers\Api;
use App\MetadataResolver\DeniedHostException;
use App\Services\MetadataResolveService; use App\Services\MetadataResolveService;
use Illuminate\Http\Request; use Illuminate\Http\Request;
@ -13,7 +14,11 @@ class CardController
'url:required|url' 'url:required|url'
]); ]);
$metadata = $service->execute($request->input('url')); try {
$metadata = $service->execute($request->input('url'));
} catch (DeniedHostException $e) {
abort(403, $e->getMessage());
}
$metadata->load('tags'); $metadata->load('tags');
$response = response($metadata); $response = response($metadata);

3
app/Listeners/LinkCollector.php
View File

@ -3,6 +3,7 @@
namespace App\Listeners; namespace App\Listeners;
use App\Events\LinkDiscovered; use App\Events\LinkDiscovered;
use App\MetadataResolver\DeniedHostException;
use App\Services\MetadataResolveService; use App\Services\MetadataResolveService;
use Illuminate\Contracts\Queue\ShouldQueue; use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Queue\InteractsWithQueue; use Illuminate\Queue\InteractsWithQueue;
@ -32,6 +33,8 @@ class LinkCollector
{ {
try { try {
$this->metadataResolveService->execute($event->url); $this->metadataResolveService->execute($event->url);
} catch (DeniedHostException $e) {
// ignored
} catch (\Exception $e) { } catch (\Exception $e) {
// 今のところこのイベントは同期実行されるので、上流をクラッシュさせないために雑catchする // 今のところこのイベントは同期実行されるので、上流をクラッシュさせないために雑catchする
report($e); report($e);

30
app/MetadataResolver/DeniedHostException.php Normal file
View File

@ -0,0 +1,30 @@
<?php
namespace App\MetadataResolver;
use Exception;
use Throwable;
/**
* メタデータの解決を禁止しているホストに対して取得を試み、ブロックされたことを表します。
*/
class DeniedHostException extends Exception
{
private $url;
public function __construct(string $url, Throwable $previous = null)
{
parent::__construct("Access denied by system policy: $url", 0, $previous);
$this->url = $url;
}
public function getUrl(): string
{
return $this->url;
}
public function getHost(): string
{
return parse_url($this->url, PHP_URL_HOST);
}
}

6
app/Services/MetadataResolveService.php
View File

@ -3,6 +3,7 @@
namespace App\Services; namespace App\Services;
use App\Metadata; use App\Metadata;
use App\MetadataResolver\DeniedHostException;
use App\MetadataResolver\MetadataResolver; use App\MetadataResolver\MetadataResolver;
use App\Tag; use App\Tag;
use App\Utilities\Formatter; use App\Utilities\Formatter;
@ -27,6 +28,11 @@ class MetadataResolveService
// URLの正規化 // URLの正規化
$url = $this->formatter->normalizeUrl($url); $url = $this->formatter->normalizeUrl($url);
// 自分自身は解決しない
if (parse_url($url, PHP_URL_HOST) === parse_url(config('app.url'), PHP_URL_HOST)) {
throw new DeniedHostException($url);
}
// 無かったら取得 // 無かったら取得
// TODO: ある程度古かったら再取得とかありだと思う // TODO: ある程度古かったら再取得とかありだと思う
$metadata = Metadata::find($url); $metadata = Metadata::find($url);