debian-mirror-gitlab/app/controllers/web_ide/remote_ide_controller.rb
2023-07-09 08:55:56 +05:30

53 lines
1.6 KiB
Ruby

# frozen_string_literal: true
require 'uri'
module WebIde
class RemoteIdeController < ApplicationController
include WebIdeCSP
rescue_from URI::InvalidComponentError, with: :render_404
before_action :allow_remote_ide_content_security_policy
feature_category :remote_development
urgency :low
def index
return render_404 unless Feature.enabled?(:vscode_web_ide, current_user)
render layout: 'fullscreen', locals: { minimal: true, data: root_element_data }
end
private
def allow_remote_ide_content_security_policy
return if request.content_security_policy.directives.blank?
default_src = Array(request.content_security_policy.directives['default-src'] || [])
request.content_security_policy.directives['connect-src'] ||= default_src
request.content_security_policy.directives['connect-src'].concat(connect_src_urls)
end
def connect_src_urls
# It's okay if "port" is null
host, port = params.require(:remote_host).split(':')
# This could throw URI::InvalidComponentError. We go ahead and let it throw
# and let the controller recover with a bad_request response
%w[ws wss http https].map { |scheme| URI::Generic.build(scheme: scheme, host: host, port: port).to_s }
end
def root_element_data
{
connection_token: params.fetch(:connection_token, ''),
remote_host: params.require(:remote_host),
remote_path: params.fetch(:remote_path, ''),
return_url: params.fetch(:return_url, ''),
csp_nonce: content_security_policy_nonce
}
end
end
end