completion-kit 0.5.26 → 0.5.27
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/models/completion_kit/provider_credential.rb +32 -0
- data/lib/completion_kit/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7036ea465a5b70d324e3eec554e3adf62a63fc1ebfa93b91bc28cc675ddfc0c5
|
|
4
|
+
data.tar.gz: 7bb7393d08c9631609fbcd845e01db0152a926f36f7bfd82f463455a53350dbd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 38e72b62b2426caf8197619088b5223fffeee27cfb784f2c16c5d9c58295ddea67b6375459d44a748d655a987658a95d244329f64add5a493cb745e8f04393dd
|
|
7
|
+
data.tar.gz: ae792a3bf6315da654ea760dd9f6c9d73abf90902e8eb3f72354ec9bf65aa2406bbd9a3160b07a4b6038371b6021652a3208fb7d2cb4abfea6633f0cb03cf9a5
|
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
require "ipaddr"
|
|
2
|
+
require "resolv"
|
|
3
|
+
|
|
1
4
|
module CompletionKit
|
|
2
5
|
class ProviderCredential < ApplicationRecord
|
|
3
6
|
include Turbo::Broadcastable
|
|
@@ -24,6 +27,7 @@ module CompletionKit
|
|
|
24
27
|
|
|
25
28
|
validates :provider, presence: true, inclusion: { in: PROVIDERS }
|
|
26
29
|
validates :provider, tenant_scoped_uniqueness: true
|
|
30
|
+
validate :api_endpoint_not_internal
|
|
27
31
|
|
|
28
32
|
after_save :enqueue_discovery
|
|
29
33
|
|
|
@@ -131,5 +135,33 @@ module CompletionKit
|
|
|
131
135
|
CompletionKit::Engine.warm_routes!
|
|
132
136
|
CompletionKit::ApplicationController.render(partial: partial, locals: locals)
|
|
133
137
|
end
|
|
138
|
+
|
|
139
|
+
def api_endpoint_not_internal
|
|
140
|
+
return if api_endpoint.blank?
|
|
141
|
+
|
|
142
|
+
uri = safe_http_uri(api_endpoint)
|
|
143
|
+
unless uri
|
|
144
|
+
errors.add(:api_endpoint, "must be a valid http or https URL")
|
|
145
|
+
return
|
|
146
|
+
end
|
|
147
|
+
|
|
148
|
+
if endpoint_addresses(uri.host).any? { |ip| ip.private? || ip.link_local? }
|
|
149
|
+
errors.add(:api_endpoint, "must not point at a private or internal address")
|
|
150
|
+
end
|
|
151
|
+
end
|
|
152
|
+
|
|
153
|
+
def safe_http_uri(value)
|
|
154
|
+
uri = URI.parse(value.to_s.strip)
|
|
155
|
+
uri if uri.is_a?(URI::HTTP) && uri.host.present?
|
|
156
|
+
rescue URI::InvalidURIError
|
|
157
|
+
nil
|
|
158
|
+
end
|
|
159
|
+
|
|
160
|
+
def endpoint_addresses(host)
|
|
161
|
+
bare = host.delete_prefix("[").delete_suffix("]")
|
|
162
|
+
[IPAddr.new(bare)]
|
|
163
|
+
rescue IPAddr::InvalidAddressError
|
|
164
|
+
Resolv.getaddresses(host).map { |addr| IPAddr.new(addr) }
|
|
165
|
+
end
|
|
134
166
|
end
|
|
135
167
|
end
|