2020-01-01 13:55:28 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
module SafeUrl
|
|
|
|
extend ActiveSupport::Concern
|
|
|
|
|
2022-10-02 17:18:49 +05:30
|
|
|
# Return the URL with obfuscated userinfo
|
|
|
|
# and keeping it intact
|
2021-04-29 21:17:54 +05:30
|
|
|
def safe_url(allowed_usernames: [])
|
2020-01-01 13:55:28 +05:30
|
|
|
return if url.nil?
|
|
|
|
|
2022-10-02 17:18:49 +05:30
|
|
|
escaped = Addressable::URI.escape(url)
|
|
|
|
uri = URI.parse(escaped)
|
2020-01-01 13:55:28 +05:30
|
|
|
uri.password = '*****' if uri.password
|
2021-04-29 21:17:54 +05:30
|
|
|
uri.user = '*****' if uri.user && allowed_usernames.exclude?(uri.user)
|
2022-10-02 17:18:49 +05:30
|
|
|
Addressable::URI.unescape(uri.to_s)
|
|
|
|
rescue URI::Error, TypeError
|
2020-01-01 13:55:28 +05:30
|
|
|
end
|
|
|
|
end
|