config option to check root domain with URL previews
Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
parent
54ade97f96
commit
244c1f7190
5 changed files with 60 additions and 12 deletions
|
@ -183,6 +183,11 @@ url_preview_url_contains_allowlist = []
|
|||
# Maximum amount of bytes allowed in a URL preview body size when spidering. Defaults to 1MB (1_000_000 bytes)
|
||||
url_preview_max_spider_size = 1_000_000
|
||||
|
||||
# Option to decide whether you would like to run the domain allowlist checks (contains and explicit) on the root domain or not. Does not apply to URL contains allowlist. Defaults to false.
|
||||
# Example: If this is enabled and you have "wikipedia.org" allowed in the explicit and/or contains domain allowlist, it will allow all subdomains under "wikipedia.org" such as "en.m.wikipedia.org" as the root domain is checked and matched.
|
||||
# Useful if the domain contains allowlist is still too broad for you but you still want to allow all the subdomains under a root domain.
|
||||
url_preview_check_root_domain = false
|
||||
|
||||
|
||||
|
||||
### Misc
|
||||
|
|
5
debian/postinst
vendored
5
debian/postinst
vendored
|
@ -220,6 +220,11 @@ url_preview_url_contains_allowlist = []
|
|||
# Maximum amount of bytes allowed in a URL preview body size when spidering. Defaults to 1MB (1_000_000 bytes)
|
||||
url_preview_max_spider_size = 1_000_000
|
||||
|
||||
# Option to decide whether you would like to run the domain allowlist checks (contains and explicit) on the root domain or not. Does not apply to URL contains allowlist. Defaults to false.
|
||||
# Example: If this is enabled and you have "wikipedia.org" allowed in the explicit and/or contains domain allowlist, it will allow all subdomains under "wikipedia.org" such as "en.m.wikipedia.org" as the root domain is checked and matched.
|
||||
# Useful if the domain contains allowlist is still too broad for you but you still want to allow all the subdomains under a root domain.
|
||||
url_preview_check_root_domain = false
|
||||
|
||||
|
||||
|
||||
### Misc
|
||||
|
|
|
@ -541,34 +541,62 @@ fn url_preview_allowed(url_str: &str) -> bool {
|
|||
|
||||
if !host.is_empty() {
|
||||
if allowlist_domain_explicit.contains(&host) {
|
||||
return true;
|
||||
}
|
||||
debug!(
|
||||
"Host {} is allowed by url_preview_domain_explicit_allowlist (check 1/3)",
|
||||
&host
|
||||
);
|
||||
return true;
|
||||
}
|
||||
|
||||
if allowlist_domain_contains
|
||||
.iter()
|
||||
.any(|domain_s| domain_s.contains(&host.clone()))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
debug!(
|
||||
"Host {} is allowed by url_preview_domain_contains_allowlist (check 2/3)",
|
||||
&host
|
||||
);
|
||||
return true;
|
||||
}
|
||||
|
||||
if allowlist_url_contains
|
||||
.iter()
|
||||
.any(|url_s| url.to_string().contains(&url_s.to_string()))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
debug!(
|
||||
"URL {} is allowed by url_preview_url_contains_allowlist (check 3/3)",
|
||||
&host
|
||||
);
|
||||
return true;
|
||||
}
|
||||
|
||||
// check root domain if available and if user has root domain checks
|
||||
if services().globals.url_preview_check_root_domain() {
|
||||
debug!("Checking root domain");
|
||||
match host.split_once('.') {
|
||||
None => return false,
|
||||
Some((_, root_domain)) => {
|
||||
if allowlist_domain_explicit.contains(&root_domain.to_owned()) {
|
||||
debug!(
|
||||
"Root domain {} is allowed by url_preview_domain_explicit_allowlist (check 1/3)",
|
||||
&root_domain
|
||||
);
|
||||
return true;
|
||||
}
|
||||
|
||||
if allowlist_domain_contains
|
||||
.iter()
|
||||
.any(|domain_s| domain_s.contains(&root_domain.to_owned()))
|
||||
{
|
||||
debug!(
|
||||
"Root domain {} is allowed by url_preview_domain_contains_allowlist (check 2/3)",
|
||||
&root_domain
|
||||
);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
false
|
||||
|
|
|
@ -142,6 +142,8 @@ pub struct Config {
|
|||
pub url_preview_url_contains_allowlist: Vec<String>,
|
||||
#[serde(default = "default_url_preview_max_spider_size")]
|
||||
pub url_preview_max_spider_size: usize,
|
||||
#[serde(default)]
|
||||
pub url_preview_check_root_domain: bool,
|
||||
|
||||
#[serde(default = "RegexSet::empty")]
|
||||
#[serde(with = "serde_regex")]
|
||||
|
@ -374,6 +376,10 @@ impl fmt::Display for Config {
|
|||
"URL preview maximum spider size",
|
||||
&self.url_preview_max_spider_size.to_string(),
|
||||
),
|
||||
(
|
||||
"URL preview check root domain",
|
||||
&self.url_preview_check_root_domain.to_string(),
|
||||
),
|
||||
];
|
||||
|
||||
let mut msg: String = "Active config values:\n\n".to_owned();
|
||||
|
|
|
@ -416,6 +416,10 @@ impl Service<'_> {
|
|||
self.config.url_preview_max_spider_size
|
||||
}
|
||||
|
||||
pub fn url_preview_check_root_domain(&self) -> bool {
|
||||
self.config.url_preview_check_root_domain
|
||||
}
|
||||
|
||||
pub fn forbidden_room_names(&self) -> &RegexSet {
|
||||
&self.config.forbidden_room_names
|
||||
}
|
||||
|
|
Loading…
Add table
Reference in a new issue