discourse/lib/url_helper.rb

# frozen_string_literal: true

class UrlHelper

  # At the moment this handles invalid URLs that browser address bar accepts
  # where second # is not encoded
  #
  # Longer term we can add support of simpleidn and encode unicode domains
  def self.relaxed_parse(url)
    url, fragment = url.split("#", 2)
    uri = URI.parse(url)
    if uri
      # Addressable::URI::CharacterClasses::UNRESERVED is used here because without it
      # the # in the fragment is not encoded
      fragment = Addressable::URI.encode_component(fragment, Addressable::URI::CharacterClasses::UNRESERVED) if fragment&.include?('#')
      uri.fragment = fragment
      uri
    end
  rescue URI::Error
  end

  def self.encode_and_parse(url)
    URI.parse(Addressable::URI.encode(url))
  end

  def self.encode(url)
    Addressable::URI.encode(url)
  end

  def self.unencode(url)
    Addressable::URI.unencode(url)
  end

  def self.encode_component(url_component)
    Addressable::URI.encode_component(url_component)
  end

  def self.is_local(url)
    url.present? && (
      Discourse.store.has_been_uploaded?(url) ||
      !!(url =~ Regexp.new("^#{Discourse.base_path}/(assets|plugins|images)/")) ||
      url.start_with?(Discourse.asset_host || Discourse.base_url_no_prefix)
    )
  end

  def self.absolute(url, cdn = Discourse.asset_host)
    cdn = "https:#{cdn}" if cdn && cdn =~ /^\/\//
    url =~ /^\/[^\/]/ ? (cdn || Discourse.base_url_no_prefix) + url : url
  end

  def self.absolute_without_cdn(url)
    self.absolute(url, nil)
  end

  def self.schemaless(url)
    url.sub(/^http:/i, "")
  end

  def self.secure_proxy_without_cdn(url)
    self.absolute(Upload.secure_media_url_from_upload_url(url), nil)
  end

  def self.escape_uri(uri)
    return uri if s3_presigned_url?(uri)
    Addressable::URI.normalized_encode(uri)
  end

  def self.rails_route_from_url(url)
    path = URI.parse(encode(url)).path
    Rails.application.routes.recognize_path(path)
  rescue Addressable::URI::InvalidURIError, URI::InvalidComponentError
    nil
  end

  def self.s3_presigned_url?(url)
    url[/x-amz-(algorithm|credential)/i].present?
  end

  def self.cook_url(url, secure: false, local: nil)
    local = is_local(url) if local.nil?
    return url if !local

    url = secure ? secure_proxy_without_cdn(url) : absolute_without_cdn(url)

    # we always want secure media to come from
    # Discourse.base_url_no_prefix/secure-media-uploads
    # to avoid asset_host mixups
    return schemaless(url) if secure

    # PERF: avoid parsing url excpet for extreme conditions
    # this is a hot path used on home page
    filename = url
    if url.include?("?")
      uri = URI.parse(url)
      filename = File.basename(uri.path)
    end

    # this technically requires a filename, but will work with a URL as long as it end with the
    # extension and has no query params
    is_attachment = !FileHelper.is_supported_media?(filename)

    no_cdn = SiteSetting.login_required || SiteSetting.prevent_anons_from_downloading_files
    unless is_attachment && no_cdn
      url = Discourse.store.cdn_url(url)
      url = local_cdn_url(url) if Discourse.store.external?
    end

    schemaless(url)
  rescue URI::Error
    url
  end

  def self.local_cdn_url(url)
    return url if Discourse.asset_host.blank?
    if url.start_with?("/#{Discourse.store.upload_path}/")
      "#{Discourse.asset_host}#{url}"
    else
      url.sub(Discourse.base_url_no_prefix, Discourse.asset_host)
    end
  end

end
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging 2019-05-02 18:17:27 -04:00			`# frozen_string_literal: true`

FEATURE: move migrate_to_new_scheme into a background job - new hidden site setting 'migrate_to_new_scheme' (defaults to false) - new rake tasks to toggle migration to new scheme - FIX: migrate_to_new_scheme also works with CDN - PERF: improve perf of the DbHelper.remap method - REFACTOR: UrlHelper is now a class 2015-06-12 06:02:36 -04:00			`class UrlHelper`
FIX markdown hotlinked images were not properly pulled 2013-11-20 07:10:08 -05:00
FIX: URLs containing two # would fail to work Some URLs in browsers are non compliant and contain twos `#` this commit adds special handling for this edge case by auto encoding any fragments containing `#` 2018-12-11 02:03:13 -05:00			`# At the moment this handles invalid URLs that browser address bar accepts`
			`# where second # is not encoded`
			`#`
			`# Longer term we can add support of simpleidn and encode unicode domains`
			`def self.relaxed_parse(url)`
			`url, fragment = url.split("#", 2)`
			`uri = URI.parse(url)`
			`if uri`
FIX: Replace deprecated URI.encode, URI.escape, URI.unescape and URI.unencode (#8528) The following methods have long been deprecated in ruby due to flaws in their implementation per http://blade.nagaokaut.ac.jp/cgi-bin/vframe.rb/ruby/ruby-core/29293?29179-31097: URI.escape URI.unescape URI.encode URI.unencode escape/encode are just aliases for one another. This PR uses the Addressable gem to replace these methods with its own encode, unencode, and encode_component methods where appropriate. I have put all references to Addressable::URI here into the UrlHelper to keep them corralled in one place to make changes to this implementation easier. Addressable is now also an explicit gem dependency. 2019-12-11 21:49:21 -05:00			`# Addressable::URI::CharacterClasses::UNRESERVED is used here because without it`
			`# the # in the fragment is not encoded`
			`fragment = Addressable::URI.encode_component(fragment, Addressable::URI::CharacterClasses::UNRESERVED) if fragment&.include?('#')`
FIX: URLs containing two # would fail to work Some URLs in browsers are non compliant and contain twos `#` this commit adds special handling for this edge case by auto encoding any fragments containing `#` 2018-12-11 02:03:13 -05:00			`uri.fragment = fragment`
			`uri`
			`end`
			`rescue URI::Error`
			`end`

FIX: Replace deprecated URI.encode, URI.escape, URI.unescape and URI.unencode (#8528) The following methods have long been deprecated in ruby due to flaws in their implementation per http://blade.nagaokaut.ac.jp/cgi-bin/vframe.rb/ruby/ruby-core/29293?29179-31097: URI.escape URI.unescape URI.encode URI.unencode escape/encode are just aliases for one another. This PR uses the Addressable gem to replace these methods with its own encode, unencode, and encode_component methods where appropriate. I have put all references to Addressable::URI here into the UrlHelper to keep them corralled in one place to make changes to this implementation easier. Addressable is now also an explicit gem dependency. 2019-12-11 21:49:21 -05:00			`def self.encode_and_parse(url)`
			`URI.parse(Addressable::URI.encode(url))`
			`end`

			`def self.encode(url)`
			`Addressable::URI.encode(url)`
			`end`

			`def self.unencode(url)`
			`Addressable::URI.unencode(url)`
			`end`

			`def self.encode_component(url_component)`
			`Addressable::URI.encode_component(url_component)`
			`end`

FEATURE: move migrate_to_new_scheme into a background job - new hidden site setting 'migrate_to_new_scheme' (defaults to false) - new rake tasks to toggle migration to new scheme - FIX: migrate_to_new_scheme also works with CDN - PERF: improve perf of the DbHelper.remap method - REFACTOR: UrlHelper is now a class 2015-06-12 06:02:36 -04:00			`def self.is_local(url)`
BUGFIX: errors when post-processing 'data images' 2014-07-18 11:54:18 -04:00			`url.present? && (`
			`Discourse.store.has_been_uploaded?(url) \|\|`
Replace `base_uri` with `base_path` (#10879) DEV: Replace instances of Discourse.base_uri with Discourse.base_path This is clearer because the base_uri is actually just a path prefix. This continues the work started in 555f467. 2020-10-09 07:51:24 -04:00			`!!(url =~ Regexp.new("^#{Discourse.base_path}/(assets\|plugins\|images)/")) \|\|`
BUGFIX: errors when post-processing 'data images' 2014-07-18 11:54:18 -04:00			`url.start_with?(Discourse.asset_host \|\| Discourse.base_url_no_prefix)`
			`)`
FIX markdown hotlinked images were not properly pulled 2013-11-20 07:10:08 -05:00			`end`

FEATURE: move migrate_to_new_scheme into a background job - new hidden site setting 'migrate_to_new_scheme' (defaults to false) - new rake tasks to toggle migration to new scheme - FIX: migrate_to_new_scheme also works with CDN - PERF: improve perf of the DbHelper.remap method - REFACTOR: UrlHelper is now a class 2015-06-12 06:02:36 -04:00			`def self.absolute(url, cdn = Discourse.asset_host)`
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging 2019-05-02 18:17:27 -04:00			`cdn = "https:#{cdn}" if cdn && cdn =~ /^\/\//`
FIX: canonical url should not use the CDN 2013-12-16 18:35:34 -05:00			`url =~ /^\/[^\/]/ ? (cdn \|\| Discourse.base_url_no_prefix) + url : url`
			`end`

FEATURE: move migrate_to_new_scheme into a background job - new hidden site setting 'migrate_to_new_scheme' (defaults to false) - new rake tasks to toggle migration to new scheme - FIX: migrate_to_new_scheme also works with CDN - PERF: improve perf of the DbHelper.remap method - REFACTOR: UrlHelper is now a class 2015-06-12 06:02:36 -04:00			`def self.absolute_without_cdn(url)`
			`self.absolute(url, nil)`
FIX markdown hotlinked images were not properly pulled 2013-11-20 07:10:08 -05:00			`end`

FEATURE: move migrate_to_new_scheme into a background job - new hidden site setting 'migrate_to_new_scheme' (defaults to false) - new rake tasks to toggle migration to new scheme - FIX: migrate_to_new_scheme also works with CDN - PERF: improve perf of the DbHelper.remap method - REFACTOR: UrlHelper is now a class 2015-06-12 06:02:36 -04:00			`def self.schemaless(url)`
FIX: httpshttps ultra secure URLs 2016-06-30 10:55:01 -04:00			`url.sub(/^http:/i, "")`
FIX markdown hotlinked images were not properly pulled 2013-11-20 07:10:08 -05:00			`end`

FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3 2019-11-17 20:25:42 -05:00			`def self.secure_proxy_without_cdn(url)`
FIX: Resolve pull hotlinked image and broken link issues for secure media URLs (#8777) When pull_hotlinked_images tried to run on posts with secure media (which had already been downloaded from external sources) we were getting a 404 when trying to download the image because the secure endpoint doesn't allow anon downloads. Also, we were getting into an infinite loop of pull_hotlinked_images because the job didn't consider the secure media URLs as "downloaded" already so it kept trying to download them over and over. In this PR I have also refactored secure-media-upload URL checks and mutations into single source of truth in Upload, adding a SECURE_MEDIA_ROUTE constant to check URLs against too. 2020-01-23 20:59:30 -05:00			`self.absolute(Upload.secure_media_url_from_upload_url(url), nil)`
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3 2019-11-17 20:25:42 -05:00			`end`

FIX: Replace deprecated URI.encode, URI.escape, URI.unescape and URI.unencode (#8528) The following methods have long been deprecated in ruby due to flaws in their implementation per http://blade.nagaokaut.ac.jp/cgi-bin/vframe.rb/ruby/ruby-core/29293?29179-31097: URI.escape URI.unescape URI.encode URI.unencode escape/encode are just aliases for one another. This PR uses the Addressable gem to replace these methods with its own encode, unencode, and encode_component methods where appropriate. I have put all references to Addressable::URI here into the UrlHelper to keep them corralled in one place to make changes to this implementation easier. Addressable is now also an explicit gem dependency. 2019-12-11 21:49:21 -05:00			`def self.escape_uri(uri)`
FIX: Stop encoding presigned URLs with UrlHelper (#8818) When FinalDestination is given a URL it encodes it before doing anything else. however S3 presigned URLs should not be messed with in any way otherwise we can end up with 400 errors when downloading the URL e.g. <Error><Code>InvalidToken</Code><Message>The provided token is malformed or otherwise invalid.</Message> The signature of presigned URLs is very important and is automatically generated and should be preserved. 2020-01-30 18:09:34 -05:00			`return uri if s3_presigned_url?(uri)`
DEV: More robust processing of URLs (#11361) * DEV: More robust processing of URLs The previous `UrlHelper.encode_component(CGI.unescapeHTML(UrlHelper.unencode(uri))` method would naively process URLs, which could result in a badly formed response. `Addressable::URI.normalized_encode(uri)` appears to deal with these edge-cases in a more robust way. * DEV: onebox should use UrlHelper * DEV: fix spec * DEV: Escape output when rendering local links 2020-12-03 17:16:01 -05:00			`Addressable::URI.normalized_encode(uri)`
FIX: Stop encoding presigned URLs with UrlHelper (#8818) When FinalDestination is given a URL it encodes it before doing anything else. however S3 presigned URLs should not be messed with in any way otherwise we can end up with 400 errors when downloading the URL e.g. <Error><Code>InvalidToken</Code><Message>The provided token is malformed or otherwise invalid.</Message> The signature of presigned URLs is very important and is automatically generated and should be preserved. 2020-01-30 18:09:34 -05:00			`end`

DEV: Replace SECURE_MEDIA_ROUTE const with other methods (#10545) This is so if the route changes this const won't be around to bite us, use the Rails route methods instead. 2020-08-27 21:28:11 -04:00			`def self.rails_route_from_url(url)`
FIX - rails_route_from_url would fail if path contained unicode characters 2020-08-28 15:10:10 -04:00			`path = URI.parse(encode(url)).path`
DEV: Replace SECURE_MEDIA_ROUTE const with other methods (#10545) This is so if the route changes this const won't be around to bite us, use the Rails route methods instead. 2020-08-27 21:28:11 -04:00			`Rails.application.routes.recognize_path(path)`
FIX: Escaped `mailto` URLs would raise an exception This prevents exceptions from being raised if a URL has an invalid component. 2020-10-05 14:12:33 -04:00			`rescue Addressable::URI::InvalidURIError, URI::InvalidComponentError`
FIX: Invalid URLs could raise exceptions when calling UrlHelper.rails_route_from_url (#10782) Upload.secure_media_url? raised an exceptions when the URL was invalid, which was a issue in some situations where secure media URLs must be removed. For example, sending digests used PrettyText.strip_secure_media, which used Upload.secure_media_url? to replace secure media with placeholders. If the URL was invalid, then an exception would be raised and left unhandled. Now instead in UrlHelper.rails_route_from_url we return nil if there is something wrong with the URL. Co-authored-by: Bianca Nenciu <nenciu.bianca@gmail.com> 2020-09-30 01:20:00 -04:00			`nil`
DEV: Replace SECURE_MEDIA_ROUTE const with other methods (#10545) This is so if the route changes this const won't be around to bite us, use the Rails route methods instead. 2020-08-27 21:28:11 -04:00			`end`

FIX: Stop encoding presigned URLs with UrlHelper (#8818) When FinalDestination is given a URL it encodes it before doing anything else. however S3 presigned URLs should not be messed with in any way otherwise we can end up with 400 errors when downloading the URL e.g. <Error><Code>InvalidToken</Code><Message>The provided token is malformed or otherwise invalid.</Message> The signature of presigned URLs is very important and is automatically generated and should be preserved. 2020-01-30 18:09:34 -05:00			`def self.s3_presigned_url?(url)`
Minor change to case-insensitive regex for s3_presigned_url? 2020-02-02 23:22:35 -05:00			`url[/x-amz-(algorithm\|credential)/i].present?`
Move escape_uri method to a more suitable place 2017-12-12 11:50:39 -05:00			`end`

PERF: Improve cook_url performance for topic thumbnails (#11609) - Only initialize the S3Helper when needed - Skip initializing the S3Helper for S3Store#cdn_url - Allow cook_url to be passed a `local` hint to skip unnecessary checks 2020-12-30 13:13:13 -05:00			`def self.cook_url(url, secure: false, local: nil)`
			`local = is_local(url) if local.nil?`
			`return url if !local`
FIX: store the topic links using the cooked upload url 2018-08-14 06:23:32 -04:00
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3 2019-11-17 20:25:42 -05:00			`url = secure ? secure_proxy_without_cdn(url) : absolute_without_cdn(url)`
FIX: ensure local images use local CDN when uploads are stored on S3 When the S3 store was enabled, we were only applying the S3 CDN. So all images stored locally, like the emojis, were never put on the local CDN. Fixed a bunch of CookedPostProcessor test by adding a call to 'optimize_urls' in order to get final URLs. I also removed the unnecessary PrettyText.add_s3_cdn method since this is already handled in the CookedPostProcessor. 2019-02-20 13:24:38 -05:00
FIX: Always return secure_proxy_without_cdn url for secure media (#8394) There was an issue on dev where when uploading secure media, the href of the media was correctly being replaced in the CookedPostProcessor, but the srcset urls were not being replaced correctly. This is because UrlHelper.cook_url was returning the asset host URL for the media for secure media instead of returning early with the proxied secure proxy url. 2019-11-22 00:29:31 -05:00			`# we always want secure media to come from`
			`# Discourse.base_url_no_prefix/secure-media-uploads`
			`# to avoid asset_host mixups`
			`return schemaless(url) if secure`

PERF: optimize homepage and topic performance (#11607) These are a few small tweaks that slightly improve performance. - we omitted 1 query from the post guardian which could cause an N+1 - cook_url has been sped up a bit - url helper avoids re-creating sets for no reason 2020-12-30 08:08:02 -05:00			`# PERF: avoid parsing url excpet for extreme conditions`
			`# this is a hot path used on home page`
			`filename = url`
			`if url.include?("?")`
			`uri = URI.parse(url)`
			`filename = File.basename(uri.path)`
			`end`

			`# this technically requires a filename, but will work with a URL as long as it end with the`
			`# extension and has no query params`
			`is_attachment = !FileHelper.is_supported_media?(filename)`

			`no_cdn = SiteSetting.login_required \|\| SiteSetting.prevent_anons_from_downloading_files`
FIX: ensure local images use local CDN when uploads are stored on S3 When the S3 store was enabled, we were only applying the S3 CDN. So all images stored locally, like the emojis, were never put on the local CDN. Fixed a bunch of CookedPostProcessor test by adding a call to 'optimize_urls' in order to get final URLs. I also removed the unnecessary PrettyText.add_s3_cdn method since this is already handled in the CookedPostProcessor. 2019-02-20 13:24:38 -05:00			`unless is_attachment && no_cdn`
			`url = Discourse.store.cdn_url(url)`
			`url = local_cdn_url(url) if Discourse.store.external?`
			`end`
FIX: store the topic links using the cooked upload url 2018-08-14 06:23:32 -04:00
			`schemaless(url)`
			`rescue URI::Error`
			`url`
			`end`

FIX: ensure local images use local CDN when uploads are stored on S3 When the S3 store was enabled, we were only applying the S3 CDN. So all images stored locally, like the emojis, were never put on the local CDN. Fixed a bunch of CookedPostProcessor test by adding a call to 'optimize_urls' in order to get final URLs. I also removed the unnecessary PrettyText.add_s3_cdn method since this is already handled in the CookedPostProcessor. 2019-02-20 13:24:38 -05:00			`def self.local_cdn_url(url)`
			`return url if Discourse.asset_host.blank?`
FIX: 'local_cdn_url' method should work for local relative urls too. 2019-10-14 02:09:16 -04:00			`if url.start_with?("/#{Discourse.store.upload_path}/")`
			`"#{Discourse.asset_host}#{url}"`
			`else`
			`url.sub(Discourse.base_url_no_prefix, Discourse.asset_host)`
			`end`
FIX: ensure local images use local CDN when uploads are stored on S3 When the S3 store was enabled, we were only applying the S3 CDN. So all images stored locally, like the emojis, were never put on the local CDN. Fixed a bunch of CookedPostProcessor test by adding a call to 'optimize_urls' in order to get final URLs. I also removed the unnecessary PrettyText.add_s3_cdn method since this is already handled in the CookedPostProcessor. 2019-02-20 13:24:38 -05:00			`end`

FIX markdown hotlinked images were not properly pulled 2013-11-20 07:10:08 -05:00			`end`