github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-24 09:17:30 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
d3fb724578
discourse/app/controllers/onebox_controller.rb
Régis Hanol 52cd9972bb FIX: prevent DDoS with lots of _oneboxable_ links 
FIX: ensure the onebox route is only allowed to logged in users
FIX: only allow 1 outgoing onebox preview per user
FIX: client should only do 1 preview at a time
2016-12-20 00:31:10 +01:00

34 lines
837 B
Ruby
Raw Blame History

require_dependency 'oneboxer'
class OneboxController < ApplicationController
before_filter :ensure_logged_in
def show
params.require(:user_id)
preview = Oneboxer.cached_preview(params[:url])
preview.strip! if preview.present?
return render(text: preview) if preview.present?
# only 1 outgoing preview per user
return render(nothing: true, status: 429) if Oneboxer.is_previewing?(params[:user_id])
Oneboxer.preview_onebox!(params[:user_id])
preview = Oneboxer.preview(params[:url], invalidate_oneboxes: params[:refresh] == 'true')
preview.strip! if preview.present?
Scheduler::Defer.later("Onebox previewed") {
Oneboxer.onebox_previewed!(params[:user_id])
}
if preview.blank?
render nothing: true, status: 404
else
render text: preview
end
end
end
Reference in New Issue View Git Blame Copy Permalink