-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathoauth_extend.rb
More file actions
127 lines (102 loc) · 3.56 KB
/
oauth_extend.rb
File metadata and controls
127 lines (102 loc) · 3.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
require 'asciidoctor'
require_relative 'extended_reader'
require_relative 'other_processor'
# IncludeProcessor to handle https like includes with or without auth.
# Currently, only OpenURI is supported
Asciidoctor::Extensions.register do
include_processor OAuthExtensionIncludeProcessor
include_processor OtherIncludeProcessor
end
class OAuthExtensionIncludeProcessor < Asciidoctor::Extensions::IncludeProcessor
# Specifies that this IncludeProcessor only handles http/https targets
def handles? target
target.start_with? 'http://', 'https://'
end
def process(_doc, reader, target, attributes)
unless include_allowed? target, reader
reader.unshift_line("link:#{target}[]")
return
end
if (max_depth = reader.exceeded_max_depth?)
logger.error "#{reader.line_info}: maximum include depth of #{max_depth} exceeded"
return
end
token = resolve_token attributes
http_provider = resolve_http_provider attributes
resolved_content = resolve_content target, token, http_provider
if(resolved_content)
included_content = nil
lines = get_lines(attributes)
tags = get_tags(attributes)
start_line_num = nil
if(lines && !lines.empty?)
included_content, start_line_num = filter_lines_by_line_numbers(reader, target, resolved_content, lines)
elsif(tags)
included_content, start_line_num = filter_lines_by_tags(reader, target, resolved_content, tags)
else
included_content = resolved_content
end
end
reader.push_include included_content, target, target, 1, attributes
end
def include_allowed?(target, reader)
doc = reader.document
return false if doc.safe >= ::Asciidoctor::SafeMode::SECURE
return false if doc.attributes.fetch('max-include-depth', 64).to_i < 1
return false if target_http?(target) && !doc.attributes.key?('allow-uri-read')
true
end
def target_http?(target)
# First do a fast test, then try to parse it.
target.downcase.start_with?('http://', 'https://') \
&& URI.parse(target).is_a?(URI::HTTP)
rescue URI::InvalidURIError
false
end
# this should return the GITLAB_TOKEN and/or the oauth_token in an array.
# The content of the returning array must never be logged.
# TODO: Should one of the tokens have precedence instead?
def resolve_token(attributes)
gitlab_token = ENV['GITLAB_TOKEN']
include_token = attributes['oauth_token']
combine_variables gitlab_token, include_token
end
def combine_variables(var1, var2)
if var1.nil? && var2.nil?
''
elsif !var1.nil? && !var2.nil?
[var1, var2]
elsif !var1.nil?
var1
else
var2
end
end
def resolve_content(target, token, http_provider = "OpenURI")
unless http_provider == "OpenURI" || http_provider == "HTTParty"
raise ArgumentError, "Invalid http_provider value. Must be HTTParty or OpenURI."
end
if(http_provider == "OpenURI")
resolve_openuri target, token
else
resolve_httparty target, token
end
end
def resolve_openuri(target, token)
if target.start_with? 'https://'
if token.empty?
(::OpenURI.open_uri target).readlines
else
(::OpenURI.open_uri target, 'Authorization' => "Bearer #{token}").readlines
end
else
MyLogger.log.warn("Not able to parse URI. Are you using http instead of https?")
end
end
def resolve_httparty(target, token)
raise ArgumentError, "Not implemented yet"
end
def resolve_http_provider(attributes)
http_provider = attributes.fetch('http_provider', 'OpenURI')
end
end