mirror of
https://github.com/discourse/discourse.git
synced 2024-12-01 00:43:43 +08:00
8ebd5edd1e
This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality. This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site. Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing. This also keeps compatibility with the `secure-media-uploads` path, and changes new secure URLs to be `secure-uploads`. Deprecated settings: * secure_media -> secure_uploads * secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails * secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
275 lines
9.4 KiB
Ruby
275 lines
9.4 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
module SiteSettings; end
|
|
|
|
module SiteSettings::Validations
|
|
PROHIBITED_USER_AGENT_STRINGS = %w[
|
|
apple
|
|
windows
|
|
linux
|
|
ubuntu
|
|
gecko
|
|
firefox
|
|
chrome
|
|
safari
|
|
applewebkit
|
|
webkit
|
|
mozilla
|
|
macintosh
|
|
khtml
|
|
intel
|
|
osx
|
|
os\ x
|
|
iphone
|
|
ipad
|
|
mac
|
|
]
|
|
|
|
def validate_error(key, opts = {})
|
|
raise Discourse::InvalidParameters.new(I18n.t("errors.site_settings.#{key}", opts))
|
|
end
|
|
|
|
def validate_category_ids(category_ids)
|
|
category_ids = category_ids.split('|').map(&:to_i).to_set
|
|
validate_error :invalid_category_id if Category.where(id: category_ids).count != category_ids.size
|
|
category_ids
|
|
end
|
|
|
|
def validate_default_categories(category_ids, default_categories_selected)
|
|
validate_error :default_categories_already_selected if (category_ids & default_categories_selected).size > 0
|
|
end
|
|
|
|
def validate_default_categories_watching(new_val)
|
|
category_ids = validate_category_ids(new_val)
|
|
|
|
default_categories_selected = [
|
|
SiteSetting.default_categories_tracking.split("|"),
|
|
SiteSetting.default_categories_muted.split("|"),
|
|
SiteSetting.default_categories_watching_first_post.split("|"),
|
|
SiteSetting.default_categories_normal.split("|")
|
|
].flatten.map(&:to_i).to_set
|
|
|
|
validate_default_categories(category_ids, default_categories_selected)
|
|
end
|
|
|
|
def validate_default_categories_tracking(new_val)
|
|
category_ids = validate_category_ids(new_val)
|
|
|
|
default_categories_selected = [
|
|
SiteSetting.default_categories_watching.split("|"),
|
|
SiteSetting.default_categories_muted.split("|"),
|
|
SiteSetting.default_categories_watching_first_post.split("|"),
|
|
SiteSetting.default_categories_normal.split("|")
|
|
].flatten.map(&:to_i).to_set
|
|
|
|
validate_default_categories(category_ids, default_categories_selected)
|
|
end
|
|
|
|
def validate_default_categories_muted(new_val)
|
|
category_ids = validate_category_ids(new_val)
|
|
|
|
default_categories_selected = [
|
|
SiteSetting.default_categories_watching.split("|"),
|
|
SiteSetting.default_categories_tracking.split("|"),
|
|
SiteSetting.default_categories_watching_first_post.split("|"),
|
|
SiteSetting.default_categories_normal.split("|")
|
|
].flatten.map(&:to_i).to_set
|
|
|
|
validate_default_categories(category_ids, default_categories_selected)
|
|
end
|
|
|
|
def validate_default_categories_watching_first_post(new_val)
|
|
category_ids = validate_category_ids(new_val)
|
|
|
|
default_categories_selected = [
|
|
SiteSetting.default_categories_watching.split("|"),
|
|
SiteSetting.default_categories_tracking.split("|"),
|
|
SiteSetting.default_categories_muted.split("|"),
|
|
SiteSetting.default_categories_normal.split("|")
|
|
].flatten.map(&:to_i).to_set
|
|
|
|
validate_default_categories(category_ids, default_categories_selected)
|
|
end
|
|
|
|
def validate_default_categories_regular(new_val)
|
|
category_ids = validate_category_ids(new_val)
|
|
|
|
default_categories_selected = [
|
|
SiteSetting.default_categories_watching.split("|"),
|
|
SiteSetting.default_categories_tracking.split("|"),
|
|
SiteSetting.default_categories_muted.split("|"),
|
|
SiteSetting.default_categories_watching_first_post.split("|")
|
|
].flatten.map(&:to_i).to_set
|
|
|
|
validate_default_categories(category_ids, default_categories_selected)
|
|
end
|
|
|
|
def validate_default_tags(tag_names, default_tags_selected)
|
|
validate_error :default_tags_already_selected if (tag_names & default_tags_selected).size > 0
|
|
end
|
|
|
|
def validate_default_tags_watching(new_val)
|
|
tag_names = new_val.split('|').to_set
|
|
|
|
default_tags_selected = [
|
|
SiteSetting.default_tags_tracking.split("|"),
|
|
SiteSetting.default_tags_muted.split("|"),
|
|
SiteSetting.default_tags_watching_first_post.split("|")
|
|
].flatten.to_set
|
|
|
|
validate_default_tags(tag_names, default_tags_selected)
|
|
end
|
|
|
|
def validate_default_tags_tracking(new_val)
|
|
tag_names = new_val.split('|').to_set
|
|
|
|
default_tags_selected = [
|
|
SiteSetting.default_tags_watching.split("|"),
|
|
SiteSetting.default_tags_muted.split("|"),
|
|
SiteSetting.default_tags_watching_first_post.split("|")
|
|
].flatten.to_set
|
|
|
|
validate_default_tags(tag_names, default_tags_selected)
|
|
end
|
|
|
|
def validate_default_tags_muted(new_val)
|
|
tag_names = new_val.split('|').to_set
|
|
|
|
default_tags_selected = [
|
|
SiteSetting.default_tags_watching.split("|"),
|
|
SiteSetting.default_tags_tracking.split("|"),
|
|
SiteSetting.default_tags_watching_first_post.split("|")
|
|
].flatten.to_set
|
|
|
|
validate_default_tags(tag_names, default_tags_selected)
|
|
end
|
|
|
|
def validate_default_tags_watching_first_post(new_val)
|
|
tag_names = new_val.split('|').to_set
|
|
|
|
default_tags_selected = [
|
|
SiteSetting.default_tags_watching.split("|"),
|
|
SiteSetting.default_tags_tracking.split("|"),
|
|
SiteSetting.default_tags_muted.split("|")
|
|
].flatten.to_set
|
|
|
|
validate_default_tags(tag_names, default_tags_selected)
|
|
end
|
|
|
|
def validate_enable_s3_uploads(new_val)
|
|
return if new_val == "f"
|
|
validate_error :cannot_enable_s3_uploads_when_s3_enabled_globally if GlobalSetting.use_s3?
|
|
validate_error :s3_upload_bucket_is_required if SiteSetting.s3_upload_bucket.blank?
|
|
end
|
|
|
|
def validate_secure_uploads(new_val)
|
|
validate_error :secure_uploads_requirements if new_val == "t" && !SiteSetting.Upload.enable_s3_uploads
|
|
end
|
|
|
|
def validate_enable_page_publishing(new_val)
|
|
validate_error :page_publishing_requirements if new_val == "t" && SiteSetting.secure_uploads?
|
|
end
|
|
|
|
def validate_share_quote_buttons(new_val)
|
|
validate_error :share_quote_facebook_requirements if new_val.include?("facebook") && SiteSetting.facebook_app_id.blank?
|
|
end
|
|
|
|
def validate_enable_s3_inventory(new_val)
|
|
validate_error :enable_s3_uploads_is_required if new_val == "t" && !SiteSetting.Upload.enable_s3_uploads
|
|
end
|
|
|
|
def validate_backup_location(new_val)
|
|
return unless new_val == BackupLocationSiteSetting::S3
|
|
validate_error(:s3_backup_requires_s3_settings, setting_name: "s3_backup_bucket") if SiteSetting.s3_backup_bucket.blank?
|
|
|
|
unless SiteSetting.s3_use_iam_profile
|
|
validate_error(:s3_backup_requires_s3_settings, setting_name: "s3_access_key_id") if SiteSetting.s3_access_key_id.blank?
|
|
validate_error(:s3_backup_requires_s3_settings, setting_name: "s3_secret_access_key") if SiteSetting.s3_secret_access_key.blank?
|
|
end
|
|
end
|
|
|
|
def validate_s3_upload_bucket(new_val)
|
|
validate_bucket_setting("s3_upload_bucket", new_val, SiteSetting.s3_backup_bucket)
|
|
|
|
validate_error(:s3_upload_bucket_is_required, setting_name: 's3_upload_bucket') if new_val.blank? && SiteSetting.enable_s3_uploads?
|
|
end
|
|
|
|
def validate_s3_backup_bucket(new_val)
|
|
validate_bucket_setting("s3_backup_bucket", SiteSetting.s3_upload_bucket, new_val)
|
|
end
|
|
|
|
def validate_enforce_second_factor(new_val)
|
|
if new_val != "no" && SiteSetting.enable_discourse_connect?
|
|
return validate_error :second_factor_cannot_be_enforced_with_discourse_connect_enabled
|
|
end
|
|
if new_val == "all" && Discourse.enabled_auth_providers.count > 0
|
|
auth_provider_names = Discourse.enabled_auth_providers.map(&:name).join(", ")
|
|
return validate_error(:second_factor_cannot_enforce_with_socials, auth_provider_names: auth_provider_names)
|
|
end
|
|
return if SiteSetting.enable_local_logins
|
|
return if new_val == "no"
|
|
validate_error :second_factor_cannot_be_enforced_with_disabled_local_login
|
|
end
|
|
|
|
def validate_enable_local_logins(new_val)
|
|
return if new_val == "t"
|
|
return if SiteSetting.enforce_second_factor == "no"
|
|
validate_error :local_login_cannot_be_disabled_if_second_factor_enforced
|
|
end
|
|
|
|
def validate_cors_origins(new_val)
|
|
return if new_val.blank?
|
|
return unless new_val.split('|').any?(/\/$/)
|
|
validate_error :cors_origins_should_not_have_trailing_slash
|
|
end
|
|
|
|
def validate_slow_down_crawler_user_agents(new_val)
|
|
return if new_val.blank?
|
|
|
|
new_val.downcase.split("|").each do |crawler|
|
|
if crawler.size < 3
|
|
validate_error(:slow_down_crawler_user_agent_must_be_at_least_3_characters)
|
|
end
|
|
if PROHIBITED_USER_AGENT_STRINGS.any? { |c| c.include?(crawler) }
|
|
validate_error(
|
|
:slow_down_crawler_user_agent_cannot_be_popular_browsers,
|
|
values: PROHIBITED_USER_AGENT_STRINGS.join(I18n.t("word_connector.comma"))
|
|
)
|
|
end
|
|
end
|
|
end
|
|
|
|
def validate_strip_image_metadata(new_val)
|
|
return if new_val == "t"
|
|
return if SiteSetting.composer_media_optimization_image_enabled == false
|
|
validate_error :strip_image_metadata_cannot_be_disabled_if_composer_media_optimization_image_enabled
|
|
end
|
|
|
|
def validate_twitter_summary_large_image(new_val)
|
|
return if new_val.blank?
|
|
return if !Upload.exists?(id: new_val, extension: "svg")
|
|
validate_error :twitter_summary_large_image_no_svg
|
|
end
|
|
|
|
private
|
|
|
|
def validate_bucket_setting(setting_name, upload_bucket, backup_bucket)
|
|
return if upload_bucket.blank? || backup_bucket.blank?
|
|
|
|
backup_bucket_name, backup_prefix = split_s3_bucket(backup_bucket)
|
|
upload_bucket_name, upload_prefix = split_s3_bucket(upload_bucket)
|
|
|
|
return if backup_bucket_name != upload_bucket_name
|
|
|
|
if backup_prefix == upload_prefix || backup_prefix.blank? || upload_prefix&.start_with?(backup_prefix)
|
|
validate_error(:s3_bucket_reused, setting_name: setting_name)
|
|
end
|
|
end
|
|
|
|
def split_s3_bucket(s3_bucket)
|
|
bucket_name, prefix = s3_bucket.downcase.split("/", 2)
|
|
prefix&.chomp!("/")
|
|
[bucket_name, prefix]
|
|
end
|
|
end
|