X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;ds=sidebyside;f=lib%2Fpleroma%2Fweb%2Frich_media%2Fhelpers.ex;h=0314535d27d8a3dd4805f88ae602a56a78b2d22f;hb=d1c7f8e576e31487544b57d67802843b8ef38388;hp=abb1cf7f2b481617fc18236328a397abf2032b65;hpb=bc4f77b10bb4360ac00d1999b1d08fa55e1fa547;p=akkoma

diff --git a/lib/pleroma/web/rich_media/helpers.ex b/lib/pleroma/web/rich_media/helpers.ex
index abb1cf7f2..0314535d2 100644
--- a/lib/pleroma/web/rich_media/helpers.ex
+++ b/lib/pleroma/web/rich_media/helpers.ex
@@ -1,21 +1,68 @@
 # Pleroma: A lightweight social networking server
-# Copyright _ 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright _ 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.RichMedia.Helpers do
   alias Pleroma.Activity
-  alias Pleroma.Object
+  alias Pleroma.Config
   alias Pleroma.HTML
+  alias Pleroma.Object
   alias Pleroma.Web.RichMedia.Parser
 
-  def fetch_data_for_activity(%Activity{} = activity) do
-    with true <- Pleroma.Config.get([:rich_media, :enabled]),
-         %Object{} = object <- Object.normalize(activity.data["object"]),
+  @spec validate_page_url(any()) :: :ok | :error
+  defp validate_page_url(page_url) when is_binary(page_url) do
+    validate_tld = Application.get_env(:auto_linker, :opts)[:validate_tld]
+
+    page_url
+    |> AutoLinker.Parser.url?(scheme: true, validate_tld: validate_tld)
+    |> parse_uri(page_url)
+  end
+
+  defp validate_page_url(%URI{host: host, scheme: scheme, authority: authority})
+       when scheme == "https" and not is_nil(authority) do
+    cond do
+      host in Config.get([:rich_media, :ignore_hosts], []) ->
+        :error
+
+      get_tld(host) in Config.get([:rich_media, :ignore_tld], []) ->
+        :error
+
+      true ->
+        :ok
+    end
+  end
+
+  defp validate_page_url(_), do: :error
+
+  defp parse_uri(true, url) do
+    url
+    |> URI.parse()
+    |> validate_page_url
+  end
+
+  defp parse_uri(_, _), do: :error
+
+  defp get_tld(host) do
+    host
+    |> String.split(".")
+    |> Enum.reverse()
+    |> hd
+  end
+
+  def fetch_data_for_activity(%Activity{data: %{"type" => "Create"}} = activity) do
+    with true <- Config.get([:rich_media, :enabled]),
+         %Object{} = object <- Object.normalize(activity),
+         false <- object.data["sensitive"] || false,
          {:ok, page_url} <- HTML.extract_first_external_url(object, object.data["content"]),
+         :ok <- validate_page_url(page_url),
          {:ok, rich_media} <- Parser.parse(page_url) do
       %{page_url: page_url, rich_media: rich_media}
     else
       _ -> %{}
     end
   end
+
+  def fetch_data_for_activity(_), do: %{}
+
+  def perform(:fetch, %Activity{} = activity), do: fetch_data_for_activity(activity)
 end