discourse/lib/final_destination.rb

require 'socket'
require 'ipaddr'
require 'excon'
require 'rate_limiter'

# Determine the final endpoint for a Web URI, following redirects
class FinalDestination

  def self.clear_https_cache!(domain)
    key = redis_https_key(domain)
    $redis.without_namespace.del(key)
  end

  def self.cache_https_domain(domain)
    key = redis_https_key(domain)
    $redis.without_namespace.setex(key, "1", 1.day.to_i).present?
  end

  def self.is_https_domain?(domain)
    key = redis_https_key(domain)
    $redis.without_namespace.get(key).present?
  end

  def self.redis_https_key(domain)
    "HTTPS_DOMAIN_#{domain}"
  end

  attr_reader :status, :cookie, :status_code

  def initialize(url, opts = nil)
    @url = url
    @uri =
      begin
        URI(escape_url) if @url
      rescue URI::InvalidURIError
      end

    @opts = opts || {}
    @force_get_hosts = @opts[:force_get_hosts] || []
    @opts[:max_redirects] ||= 5
    @opts[:lookup_ip] ||= lambda do |host|
      begin
        FinalDestination.lookup_ip(host)
      end
    end
    @ignored = [Discourse.base_url_no_prefix] + (@opts[:ignore_redirects] || [])
    @limit = @opts[:max_redirects]
    @status = :ready
    @http_verb = @force_get_hosts.any? { |host| hostname_matches?(host) } ? :get : :head
    @cookie = nil
    @limited_ips = []
    @verbose = @opts[:verbose] || false
  end

  def self.connection_timeout
    20
  end

  def redirected?
    @limit < @opts[:max_redirects]
  end

  def request_headers
    result = {
      "User-Agent" => "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36",
      "Accept" => "*/*",
      "Host" => @uri.hostname
    }

    result['cookie'] = @cookie if @cookie

    result
  end

  def small_get(headers)
    Net::HTTP.start(@uri.host, @uri.port, use_ssl: @uri.is_a?(URI::HTTPS)) do |http|
      http.open_timeout = FinalDestination.connection_timeout
      http.read_timeout = FinalDestination.connection_timeout
      http.request_get(@uri.request_uri, headers)
    end
  end

  def resolve
    if @uri && @uri.port == 80 && FinalDestination.is_https_domain?(@uri.hostname)
      @uri.scheme = "https"
      @uri = URI(@uri.to_s)
    end

    if @limit < 0
      @status = :too_many_redirects
      log(:warn, "FinalDestination could not resolve URL (too many redirects): #{@uri}") if @verbose
      return nil
    end

    @ignored.each do |host|
      if hostname_matches?(host)
        @status = :resolved
        return @uri
      end
    end

    unless validate_uri
      log(:warn, "FinalDestination could not resolve URL (invalid URI): #{@uri}") if @verbose
      return nil
    end

    headers = request_headers
    response = Excon.public_send(@http_verb,
      @uri.to_s,
      read_timeout: FinalDestination.connection_timeout,
      headers: headers
    )

    location = nil
    headers = nil

    response_status = response.status.to_i

    case response.status
    when 200
      @status = :resolved
      return @uri
    when 405, 406, 409, 501
      get_response = small_get(request_headers)

      response_status = get_response.code.to_i
      if response_status == 200
        @status = :resolved
        return @uri
      end

      headers = {}
      if cookie_val = get_response.get_fields('set-cookie')
        headers['set-cookie'] = cookie_val.join
      end

      # TODO this is confusing why grap location for anything not
      # between 300-400 ?
      if location_val = get_response.get_fields('location')
        headers['location'] = location_val.join
      end
    end

    unless headers
      headers = {}
      response.headers.each do |k, v|
        headers[k.to_s.downcase] = v
      end
    end

    if (300..399).include?(response_status)
      location = headers["location"]
    end

    if set_cookie = headers["set-cookie"]
      @cookie = set_cookie
    end

    if location
      old_port = @uri.port

      location = "#{@uri.scheme}://#{@uri.host}#{location}" if location[0] == "/"
      @uri = URI(location) rescue nil
      @limit -= 1

      # https redirect, so just cache that whole new domain is https
      if old_port == 80 && @uri.port == 443 && (URI::HTTPS === @uri)
        FinalDestination.cache_https_domain(@uri.hostname)
      end

      return resolve
    end

    # this is weird an exception seems better
    @status = :failure
    @status_code = response.status

    log(:warn, "FinalDestination could not resolve URL (status #{response.status}): #{@uri}") if @verbose
    nil
  rescue Excon::Errors::Timeout
    log(:warn, "FinalDestination could not resolve URL (timeout): #{@uri}") if @verbose
    nil
  end

  def validate_uri
    validate_uri_format && is_dest_valid?
  end

  def validate_uri_format
    return false unless @uri
    return false unless ['https', 'http'].include?(@uri.scheme)
    return false if @uri.scheme == 'http' && @uri.port != 80
    return false if @uri.scheme == 'https' && @uri.port != 443

    # Disallow IP based crawling
    (IPAddr.new(@uri.hostname) rescue nil).nil?
  end

  def hostname_matches?(url)
    @uri && url.present? && @uri.hostname == (URI(url) rescue nil)&.hostname
  end

  def is_dest_valid?

    return false unless @uri && @uri.host

    # Whitelisted hosts
    return true if hostname_matches?(SiteSetting.Upload.s3_cdn_url) ||
      hostname_matches?(GlobalSetting.try(:cdn_url)) ||
      hostname_matches?(Discourse.base_url_no_prefix)

    if SiteSetting.whitelist_internal_hosts.present?
      SiteSetting.whitelist_internal_hosts.split('|').each do |h|
        return true if @uri.hostname.downcase == h.downcase
      end
    end

    address_s = @opts[:lookup_ip].call(@uri.hostname)
    return false unless address_s

    address = IPAddr.new(address_s)

    if private_ranges.any? { |r| r === address }
      @status = :invalid_address
      return false
    end

    # Rate limit how often this IP can be crawled
    if !@opts[:skip_rate_limit] && !@limited_ips.include?(address)
      @limited_ips << address
      RateLimiter.new(nil, "crawl-destination-ip:#{address_s}", 1000, 1.hour).performed!
    end

    true
  rescue RateLimiter::LimitExceeded
    false
  end

  def escape_url
    TopicEmbed.escape_uri(
      CGI.unescapeHTML(@url),
      Regexp.new("[^#{URI::PATTERN::UNRESERVED}#{URI::PATTERN::RESERVED}#]")
    )
  end

  def private_ranges
    FinalDestination.standard_private_ranges +
      SiteSetting.blacklist_ip_blocks.split('|').map { |r| IPAddr.new(r) rescue nil }.compact
  end

  def log(log_level, message)
    # blacklist 404 on gravatar.com
    return if @status_code == 404 && @uri.hostname["gravatar.com"]

    Rails.logger.public_send(
      log_level,
      "#{RailsMultisite::ConnectionManagement.current_db}: #{message}"
    )
  end

  def self.standard_private_ranges
    @private_ranges ||= [
      IPAddr.new('127.0.0.1'),
      IPAddr.new('172.16.0.0/12'),
      IPAddr.new('192.168.0.0/16'),
      IPAddr.new('10.0.0.0/8'),
      IPAddr.new('fc00::/7')
    ]
  end

  def self.lookup_ip(host)
    # TODO clean this up in the test suite, cause it is a mess
    # if Rails.env == "test"
    #   STDERR.puts "WARNING FinalDestination.lookup_ip was called with host: #{host}, this is network call that should be mocked"
    # end
    IPSocket::getaddress(host)
  rescue SocketError
    nil
  end

end
FEATURE: cache https redirects per hostname If a hostname does an https redirect we cache that so next lookup does not incur it. Also, only rate limit per ip once per final destination Raise final destination protection to 1000 ip lookups an hour 2017-10-17 01:22:38 -04:00			`require 'socket'`
			`require 'ipaddr'`
Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`require 'excon'`
FEATURE: Rate limit how often we'll crawl a destination IP 2017-05-23 15:03:04 -04:00			`require 'rate_limiter'`
Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00
			`# Determine the final endpoint for a Web URI, following redirects`
			`class FinalDestination`

FEATURE: cache https redirects per hostname If a hostname does an https redirect we cache that so next lookup does not incur it. Also, only rate limit per ip once per final destination Raise final destination protection to 1000 ip lookups an hour 2017-10-17 01:22:38 -04:00			`def self.clear_https_cache!(domain)`
			`key = redis_https_key(domain)`
			`$redis.without_namespace.del(key)`
			`end`

			`def self.cache_https_domain(domain)`
			`key = redis_https_key(domain)`
			`$redis.without_namespace.setex(key, "1", 1.day.to_i).present?`
			`end`

			`def self.is_https_domain?(domain)`
			`key = redis_https_key(domain)`
			`$redis.without_namespace.get(key).present?`
			`end`

			`def self.redis_https_key(domain)`
			`"HTTPS_DOMAIN_#{domain}"`
			`end`

FIX: correctly raise errors when downloads fail This corrects an issue where we are hitting Gravatar for 404 over and over Also ensures file download properly reports errors 2017-09-28 02:35:27 -04:00			`attr_reader :status, :cookie, :status_code`
Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`def initialize(url, opts = nil)`
extract url escaping to a dedicated class method and improved tests 2017-07-29 12:42:04 -04:00			`@url = url`
Specify the error that we want to ignore instead of rescuing all errors. 2017-07-17 20:50:06 -04:00			`@uri =`
			`begin`
extract url escaping to a dedicated class method and improved tests 2017-07-29 12:42:04 -04:00			`URI(escape_url) if @url`
Specify the error that we want to ignore instead of rescuing all errors. 2017-07-17 20:50:06 -04:00			`rescue URI::InvalidURIError`
			`end`

Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`@opts = opts \|\| {}`
FIX: allows onebox to force GET hosts returning wrong headers on HEAD 2017-08-08 05:44:27 -04:00			`@force_get_hosts = @opts[:force_get_hosts] \|\| []`
Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`@opts[:max_redirects] \|\|= 5`
			`@opts[:lookup_ip] \|\|= lambda do \|host\|`
			`begin`
UX: generic onebox treats all square images as avatars and renders them smaller 2017-11-12 19:19:06 -05:00			`FinalDestination.lookup_ip(host)`
Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`end`
			`end`
FIX: Support for skipping redirects on certain domains (like steam) 2017-06-26 15:38:23 -04:00			`@ignored = [Discourse.base_url_no_prefix] + (@opts[:ignore_redirects] \|\| [])`
Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`@limit = @opts[:max_redirects]`
			`@status = :ready`
FIX: allows onebox to force GET hosts returning wrong headers on HEAD 2017-08-08 05:44:27 -04:00			`@http_verb = @force_get_hosts.any? { \|host\| hostname_matches?(host) } ? :get : :head`
FIX: If HEAD is not supported, try GET. Also set cookies 2017-06-06 13:53:49 -04:00			`@cookie = nil`
FEATURE: cache https redirects per hostname If a hostname does an https redirect we cache that so next lookup does not incur it. Also, only rate limit per ip once per final destination Raise final destination protection to 1000 ip lookups an hour 2017-10-17 01:22:38 -04:00			`@limited_ips = []`
FinalDestination should only log when verbose is enabled 2017-10-31 12:03:03 -04:00			`@verbose = @opts[:verbose] \|\| false`
FIX: If HEAD is not supported, try GET. Also set cookies 2017-06-06 13:53:49 -04:00			`end`

			`def self.connection_timeout`
			`20`
Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`end`

			`def redirected?`
			`@limit < @opts[:max_redirects]`
			`end`

			`def request_headers`
FIX: If HEAD is not supported, try GET. Also set cookies 2017-06-06 13:53:49 -04:00			`result = {`
			`"User-Agent" => "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36",`
FIX: FinalDestination's small_get method wasn't using proper request headers 2017-11-17 11:24:35 -05:00			`"Accept" => "/",`
FIX: If HEAD is not supported, try GET. Also set cookies 2017-06-06 13:53:49 -04:00			`"Host" => @uri.hostname`
			`}`

			`result['cookie'] = @cookie if @cookie`

			`result`
			`end`

			`def small_get(headers)`
			`Net::HTTP.start(@uri.host, @uri.port, use_ssl: @uri.is_a?(URI::HTTPS)) do \|http\|`
			`http.open_timeout = FinalDestination.connection_timeout`
			`http.read_timeout = FinalDestination.connection_timeout`
FIX: FinalDestination's small_get method wasn't using proper request headers 2017-11-17 11:24:35 -05:00			`http.request_get(@uri.request_uri, headers)`
FIX: If HEAD is not supported, try GET. Also set cookies 2017-06-06 13:53:49 -04:00			`end`
Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`end`

			`def resolve`
FEATURE: cache https redirects per hostname If a hostname does an https redirect we cache that so next lookup does not incur it. Also, only rate limit per ip once per final destination Raise final destination protection to 1000 ip lookups an hour 2017-10-17 01:22:38 -04:00			`if @uri && @uri.port == 80 && FinalDestination.is_https_domain?(@uri.hostname)`
			`@uri.scheme = "https"`
			`@uri = URI(@uri.to_s)`
			`end`

Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`if @limit < 0`
			`@status = :too_many_redirects`
FinalDestination should only log when verbose is enabled 2017-10-31 12:03:03 -04:00			`log(:warn, "FinalDestination could not resolve URL (too many redirects): #{@uri}") if @verbose`
Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`return nil`
			`end`

FIX: Support for skipping redirects on certain domains (like steam) 2017-06-26 15:38:23 -04:00			`@ignored.each do \|host\|`
			`if hostname_matches?(host)`
			`@status = :resolved`
			`return @uri`
			`end`
FIX: Always allow the host the forum is hosted on 2017-06-12 13:22:29 -04:00			`end`

add more logging to FinalDestination 2017-10-31 07:08:34 -04:00			`unless validate_uri`
FinalDestination should only log when verbose is enabled 2017-10-31 12:03:03 -04:00			`log(:warn, "FinalDestination could not resolve URL (invalid URI): #{@uri}") if @verbose`
add more logging to FinalDestination 2017-10-31 07:08:34 -04:00			`return nil`
			`end`

Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`headers = request_headers`
FIX: allows onebox to force GET hosts returning wrong headers on HEAD 2017-08-08 05:44:27 -04:00			`response = Excon.public_send(@http_verb,`
FIX: If HEAD is not supported, try GET. Also set cookies 2017-06-06 13:53:49 -04:00			`@uri.to_s,`
			`read_timeout: FinalDestination.connection_timeout,`
			`headers: headers`
			`)`

			`location = nil`
FIX: correctly raise errors when downloads fail This corrects an issue where we are hitting Gravatar for 404 over and over Also ensures file download properly reports errors 2017-09-28 02:35:27 -04:00			`headers = nil`

			`response_status = response.status.to_i`

FIX: If HEAD is not supported, try GET. Also set cookies 2017-06-06 13:53:49 -04:00			`case response.status`
			`when 200`
Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`@status = :resolved`
			`return @uri`
FIX: try a GET for error code 406 2017-11-17 10:59:51 -05:00			`when 405, 406, 409, 501`
FIX: FinalDestination's small_get method wasn't using proper request headers 2017-11-17 11:24:35 -05:00			`get_response = small_get(request_headers)`
FIX: If HEAD is not supported, try GET. Also set cookies 2017-06-06 13:53:49 -04:00
FIX: correctly raise errors when downloads fail This corrects an issue where we are hitting Gravatar for 404 over and over Also ensures file download properly reports errors 2017-09-28 02:35:27 -04:00			`response_status = get_response.code.to_i`
			`if response_status == 200`
FIX: If HEAD is not supported, try GET. Also set cookies 2017-06-06 13:53:49 -04:00			`@status = :resolved`
			`return @uri`
			`end`

FIX: correctly raise errors when downloads fail This corrects an issue where we are hitting Gravatar for 404 over and over Also ensures file download properly reports errors 2017-09-28 02:35:27 -04:00			`headers = {}`
FIX: If HEAD is not supported, try GET. Also set cookies 2017-06-06 13:53:49 -04:00			`if cookie_val = get_response.get_fields('set-cookie')`
FIX: correctly raise errors when downloads fail This corrects an issue where we are hitting Gravatar for 404 over and over Also ensures file download properly reports errors 2017-09-28 02:35:27 -04:00			`headers['set-cookie'] = cookie_val.join`
FIX: If HEAD is not supported, try GET. Also set cookies 2017-06-06 13:53:49 -04:00			`end`

FIX: correctly raise errors when downloads fail This corrects an issue where we are hitting Gravatar for 404 over and over Also ensures file download properly reports errors 2017-09-28 02:35:27 -04:00			`# TODO this is confusing why grap location for anything not`
			`# between 300-400 ?`
FIX: If HEAD is not supported, try GET. Also set cookies 2017-06-06 13:53:49 -04:00			`if location_val = get_response.get_fields('location')`
FIX: correctly raise errors when downloads fail This corrects an issue where we are hitting Gravatar for 404 over and over Also ensures file download properly reports errors 2017-09-28 02:35:27 -04:00			`headers['location'] = location_val.join`
FIX: If HEAD is not supported, try GET. Also set cookies 2017-06-06 13:53:49 -04:00			`end`
FIX: correctly raise errors when downloads fail This corrects an issue where we are hitting Gravatar for 404 over and over Also ensures file download properly reports errors 2017-09-28 02:35:27 -04:00			`end`

			`unless headers`
			`headers = {}`
FIX: If HEAD is not supported, try GET. Also set cookies 2017-06-06 13:53:49 -04:00			`response.headers.each do \|k, v\|`
FIX: correctly raise errors when downloads fail This corrects an issue where we are hitting Gravatar for 404 over and over Also ensures file download properly reports errors 2017-09-28 02:35:27 -04:00			`headers[k.to_s.downcase] = v`
FIX: If HEAD is not supported, try GET. Also set cookies 2017-06-06 13:53:49 -04:00			`end`
Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`end`

FIX: correctly raise errors when downloads fail This corrects an issue where we are hitting Gravatar for 404 over and over Also ensures file download properly reports errors 2017-09-28 02:35:27 -04:00			`if (300..399).include?(response_status)`
			`location = headers["location"]`
			`end`

			`if set_cookie = headers["set-cookie"]`
			`@cookie = set_cookie`
			`end`

Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`if location`
FEATURE: cache https redirects per hostname If a hostname does an https redirect we cache that so next lookup does not incur it. Also, only rate limit per ip once per final destination Raise final destination protection to 1000 ip lookups an hour 2017-10-17 01:22:38 -04:00			`old_port = @uri.port`

Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`location = "#{@uri.scheme}://#{@uri.host}#{location}" if location[0] == "/"`
			`@uri = URI(location) rescue nil`
			`@limit -= 1`
FEATURE: cache https redirects per hostname If a hostname does an https redirect we cache that so next lookup does not incur it. Also, only rate limit per ip once per final destination Raise final destination protection to 1000 ip lookups an hour 2017-10-17 01:22:38 -04:00
			`# https redirect, so just cache that whole new domain is https`
			`if old_port == 80 && @uri.port == 443 && (URI::HTTPS === @uri)`
			`FinalDestination.cache_https_domain(@uri.hostname)`
			`end`

Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`return resolve`
			`end`

FIX: correctly raise errors when downloads fail This corrects an issue where we are hitting Gravatar for 404 over and over Also ensures file download properly reports errors 2017-09-28 02:35:27 -04:00			`# this is weird an exception seems better`
			`@status = :failure`
			`@status_code = response.status`

FinalDestination should only log when verbose is enabled 2017-10-31 12:03:03 -04:00			`log(:warn, "FinalDestination could not resolve URL (status #{response.status}): #{@uri}") if @verbose`
FIX: Don't raise an error if reading from URL timeout. 2017-09-27 02:52:49 -04:00			`nil`
			`rescue Excon::Errors::Timeout`
FinalDestination should only log when verbose is enabled 2017-10-31 12:03:03 -04:00			`log(:warn, "FinalDestination could not resolve URL (timeout): #{@uri}") if @verbose`
Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`nil`
			`end`

			`def validate_uri`
FIX: Use same code path for downloading images 2017-05-23 13:31:20 -04:00			`validate_uri_format && is_dest_valid?`
Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`end`

			`def validate_uri_format`
			`return false unless @uri`
			`return false unless ['https', 'http'].include?(@uri.scheme)`
SECURITY: Never crawl by IP 2017-05-23 13:07:18 -04:00			`return false if @uri.scheme == 'http' && @uri.port != 80`
			`return false if @uri.scheme == 'https' && @uri.port != 443`
Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00
SECURITY: Never crawl by IP 2017-05-23 13:07:18 -04:00			`# Disallow IP based crawling`
			`(IPAddr.new(@uri.hostname) rescue nil).nil?`
Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`end`

FIX: Always allow the host the forum is hosted on 2017-06-12 13:22:29 -04:00			`def hostname_matches?(url)`
			`@uri && url.present? && @uri.hostname == (URI(url) rescue nil)&.hostname`
			`end`
FIX: Always allow downloads from CDN 2017-05-23 16:32:54 -04:00
FIX: Always allow the host the forum is hosted on 2017-06-12 13:22:29 -04:00			`def is_dest_valid?`
FIX: Always allow downloads from CDN 2017-05-23 16:32:54 -04:00
Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`return false unless @uri && @uri.host`

FIX: Always allow the host the forum is hosted on 2017-06-12 13:22:29 -04:00			`# Whitelisted hosts`
FEATURE: allow specifying s3 config via globals This refactors handling of s3 so it can be specified via GlobalSetting This means that in a multisite environment you can configure s3 uploads without actual sites knowing credentials in s3 It is a critical setting for situations where assets are mirrored to s3. 2017-10-06 01:20:01 -04:00			`return true if hostname_matches?(SiteSetting.Upload.s3_cdn_url) \|\|`
FIX: Always allow the host the forum is hosted on 2017-06-12 13:22:29 -04:00			`hostname_matches?(GlobalSetting.try(:cdn_url)) \|\|`
			`hostname_matches?(Discourse.base_url_no_prefix)`

FEATURE: Whitelist hosts for internal crawling 2017-06-13 12:59:54 -04:00			`if SiteSetting.whitelist_internal_hosts.present?`
			`SiteSetting.whitelist_internal_hosts.split('\|').each do \|h\|`
			`return true if @uri.hostname.downcase == h.downcase`
			`end`
			`end`

Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`address_s = @opts[:lookup_ip].call(@uri.hostname)`
			`return false unless address_s`

			`address = IPAddr.new(address_s)`

Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`if private_ranges.any? { \|r\| r === address }`
Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`@status = :invalid_address`
			`return false`
			`end`

FEATURE: Rate limit how often we'll crawl a destination IP 2017-05-23 15:03:04 -04:00			`# Rate limit how often this IP can be crawled`
FEATURE: cache https redirects per hostname If a hostname does an https redirect we cache that so next lookup does not incur it. Also, only rate limit per ip once per final destination Raise final destination protection to 1000 ip lookups an hour 2017-10-17 01:22:38 -04:00			`if !@opts[:skip_rate_limit] && !@limited_ips.include?(address)`
			`@limited_ips << address`
			`RateLimiter.new(nil, "crawl-destination-ip:#{address_s}", 1000, 1.hour).performed!`
FIX: Don't rate limit gravatar downloads 2017-05-24 13:46:57 -04:00			`end`
FEATURE: Rate limit how often we'll crawl a destination IP 2017-05-23 15:03:04 -04:00
Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`true`
FEATURE: Rate limit how often we'll crawl a destination IP 2017-05-23 15:03:04 -04:00			`rescue RateLimiter::LimitExceeded`
			`false`
Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`end`

extract url escaping to a dedicated class method and improved tests 2017-07-29 12:42:04 -04:00			`def escape_url`
FIX: Onebox fails on encoded URL. https://meta.discourse.org/t/onebox-breaks-if-theres-chinese-text-in-url/67364 2017-09-26 06:34:54 -04:00			`TopicEmbed.escape_uri(`
			`CGI.unescapeHTML(@url),`
			`Regexp.new("[^#{URI::PATTERN::UNRESERVED}#{URI::PATTERN::RESERVED}#]")`
			`)`
extract url escaping to a dedicated class method and improved tests 2017-07-29 12:42:04 -04:00			`end`

FEATURE: A site setting to prevent crawling on private IP blocks 2017-05-23 11:51:23 -04:00			`def private_ranges`
			`FinalDestination.standard_private_ranges +`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`SiteSetting.blacklist_ip_blocks.split('\|').map { \|r\| IPAddr.new(r) rescue nil }.compact`
FEATURE: A site setting to prevent crawling on private IP blocks 2017-05-23 11:51:23 -04:00			`end`

add more logging to FinalDestination 2017-10-31 07:08:34 -04:00			`def log(log_level, message)`
don't log 404s to gravatar.com 2017-11-17 09:38:26 -05:00			`# blacklist 404 on gravatar.com`
SQL != Ruby 2017-11-17 10:12:20 -05:00			`return if @status_code == 404 && @uri.hostname["gravatar.com"]`
don't log 404s to gravatar.com 2017-11-17 09:38:26 -05:00
add more logging to FinalDestination 2017-10-31 07:08:34 -04:00			`Rails.logger.public_send(`
			`log_level,`
			`"#{RailsMultisite::ConnectionManagement.current_db}: #{message}"`
			`)`
			`end`

FEATURE: A site setting to prevent crawling on private IP blocks 2017-05-23 11:51:23 -04:00			`def self.standard_private_ranges`
Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`@private_ranges \|\|= [`
			`IPAddr.new('127.0.0.1'),`
			`IPAddr.new('172.16.0.0/12'),`
			`IPAddr.new('192.168.0.0/16'),`
			`IPAddr.new('10.0.0.0/8'),`
			`IPAddr.new('fc00::/7')`
			`]`
			`end`

			`def self.lookup_ip(host)`
UX: generic onebox treats all square images as avatars and renders them smaller 2017-11-12 19:19:06 -05:00			`# TODO clean this up in the test suite, cause it is a mess`
			`# if Rails.env == "test"`
			`# STDERR.puts "WARNING FinalDestination.lookup_ip was called with host: #{host}, this is network call that should be mocked"`
			`# end`
Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`IPSocket::getaddress(host)`
UX: generic onebox treats all square images as avatars and renders them smaller 2017-11-12 19:19:06 -05:00			`rescue SocketError`
			`nil`
Helper to find the final destination for a URL 2017-05-22 12:23:04 -04:00			`end`

			`end`