mirror of
https://github.com/discourse/discourse-ai.git
synced 2025-02-07 03:58:18 +00:00
94ba0dadc2
The Faraday adapter and `FinalDestionation::HTTP` will protect us from admin-initiated SSRF attacks when interacting with the external services powering this plugin features.:
21 lines
646 B
Ruby
21 lines
646 B
Ruby
# frozen_string_literal: true
|
|
|
|
module ::DiscourseAi
|
|
module Inference
|
|
class DiscourseClassifier
|
|
def self.perform!(endpoint, model, content, api_key)
|
|
headers = { "Referer" => Discourse.base_url, "Content-Type" => "application/json" }
|
|
|
|
headers["X-API-KEY"] = api_key if api_key.present?
|
|
|
|
conn = Faraday.new { |f| f.adapter FinalDestination::FaradayAdapter }
|
|
response = conn.post(endpoint, { model: model, content: content }.to_json, headers)
|
|
|
|
raise Net::HTTPBadResponse if ![200, 415].include?(response.status)
|
|
|
|
JSON.parse(response.body, symbolize_names: true)
|
|
end
|
|
end
|
|
end
|
|
end
|