Add size limit for link preview URLs (#30854)

2024-06-27 16:40:19 +02:00 · 2024-06-27 16:40:19 +02:00 · 42adb6eaee
commit 42adb6eaee
parent 096057b845
2 changed files with 17 additions and 1 deletions
--- a/app/services/fetch_link_card_service.rb
+++ b/app/services/fetch_link_card_service.rb
@ -15,6 +15,9 @@ class FetchLinkCardService < BaseService
    )
  }iox

+  # URL size limit to safely store in PosgreSQL's unique indexes
+  BYTESIZE_LIMIT = 2692
+
  def call(status)
    @status       = status
    @original_url = parse_urls
@ -85,7 +88,7 @@ class FetchLinkCardService < BaseService

  def bad_url?(uri)
    # Avoid local instance URLs and invalid URLs
-    uri.host.blank? || TagManager.instance.local_url?(uri.to_s) || !%w(http https).include?(uri.scheme)
+    uri.host.blank? || TagManager.instance.local_url?(uri.to_s) || !%w(http https).include?(uri.scheme) || uri.to_s.bytesize > BYTESIZE_LIMIT
  end

  def mention_link?(anchor)
--- a/spec/services/fetch_link_card_service_spec.rb
+++ b/spec/services/fetch_link_card_service_spec.rb
@ -193,6 +193,19 @@ RSpec.describe FetchLinkCardService do
      end
    end

+    context 'with an URL too long for PostgreSQL unique indexes' do
+      let(:url) { "http://example.com/#{'a' * 2674}" }
+      let(:status) { Fabricate(:status, text: url) }
+
+      it 'does not fetch the URL' do
+        expect(a_request(:get, url)).to_not have_been_made
+      end
+
+      it 'does not create a preview card' do
+        expect(status.preview_card).to be_nil
+      end
+    end
+
    context 'with a URL of a page with oEmbed support' do
      let(:html) { '<!doctype html><title>Hello world</title><link rel="alternate" type="application/json+oembed" href="http://example.com/oembed?url=http://example.com/html">' }
      let(:status) { Fabricate(:status, text: 'http://example.com/html') }