Feature/whitelist

app/Factories/LinkFactory.php

@@ -41,6 +41,8 @@ public static function createLink($long_url, $is_secret=false, $custom_ending=nu
         * @return string $formatted_link
         */
 
+//        $lh = new LinkHelper(); // TODO: remove static access
+
         if (strlen($long_url) > self::MAXIMUM_LINK_LENGTH) {
             // If $long_url is longer than the maximum length, then
             // throw an Exception
@@ -62,6 +64,22 @@ public static function createLink($long_url, $is_secret=false, $custom_ending=nu
             return self::formatLink($existing_link);
         }
 
+        if (!empty(env('SETTING_WHITELISTED_DOMAINS'))) {
+//             TODO: remove static access? maybe for all funct calls?
+//            $is_whitelisted = $lh::checkAuthUrl($long_url, env('SETTING_WHITELISTED_DOMAINS'));
+            $is_whitelisted = LinkHelper::checkAuthUrl($long_url, env('SETTING_WHITELISTED_DOMAINS'));
+            if (!$is_whitelisted) {
+                throw new  \Exception('Sorry, only links from the whitelist are supported for shortening.');
+            }
+        }
+
+        if (!empty(env('SETTING_BLACKLISTED_DOMAINS'))) {
+            $is_blacklisted = !LinkHelper::checkAuthUrl($long_url, env('SETTING_BLACKLISTED_DOMAINS'));
+            if (!$is_blacklisted) {
+                throw new  \Exception('Sorry, links from the blacklist are not permitted for shortening.');
+            }
+        }
+
         if (isset($custom_ending) && $custom_ending !== '') {
             // has custom ending
             $ending_conforms = LinkHelper::validateEnding($custom_ending);

app/Helpers/LinkHelper.php

@@ -142,4 +142,28 @@ static public function findSuitableEnding() {
 
         return $base_x_val;
     }
-}
+
+    static public function checkAuthUrl($long_link, $auth_ls) {
+        /**
+         * @param long_link a long link (string)
+         * @param auth_ls a list of (un)authorized urls for shortening
+         * checks whether the link is authorized or not
+         * @return boolean
+         */
+
+        $auth_urls = explode(',', $auth_ls);
+//        echo "<script>console.log( 'ST_WHITELISTED_DOMAINS var_export: " . var_export(env('ST_WHITELISTED_DOMAINS'), true) . " ' );</script>";
+//        foreach ($auth_urls as $x) {echo "<script>console.log( 'ST_WHITELISTED_DOMAINS 8: " . $x . " ' );</script>";}
+
+        $url_host = parse_url($long_link, PHP_URL_HOST);
+//        echo "<script>console.log( 'url_host: " . print_r($url_host, true) . " ' );</script>";
+
+        foreach ($auth_urls as $auth_url) {
+            if (preg_match($auth_url, $url_host)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+}

app/Http/Controllers/SetupController.php

@@ -55,6 +55,31 @@ public static function displaySetupPage(Request $request) {
         return view('setup');
     }
 
+    public static function createRegexForDomains($url) {
+        /**
+         * @param $url a tld domain (string)
+         * creates the corresponding regex
+         * @return string
+         */
+
+        $url_arr = explode(',', $url);
+
+        // escapes all non word characters
+        $add_escapes = function ($url) { return preg_replace("/(?:(\w*)(\W)(\w*))/m", '$1\\\$2$3', $url); };
+        // replaces "*." in front of a domain with the regex for subdomains
+        $add_sub_domain = function ($url) { return preg_replace("/^(\\\\\*\\\\\.)(.*)$/m", '(?:.+\\\.)*$2', $url); };
+        // adds the missing regex syntax surrounding the actual regex
+        $add_start_end = function ($url) { return preg_replace("/^(.*)$/m", '/^$1\$/m', $url); };
+
+        $url_arr = array_map($add_escapes, $url_arr);
+        $url_arr = array_map($add_sub_domain, $url_arr);
+        $url_arr = array_map($add_start_end, $url_arr);
+
+        $url_regex = implode(',', $url_arr);
+
+        return $url_regex;
+    }
+
     public static function performSetup(Request $request) {
         if (env('POLR_SETUP_RAN')) {
             return self::setupAlreadyRan();
@@ -119,6 +144,13 @@ public static function performSetup(Request $request) {
         $st_restrict_email_domain = $request->input('setting:restrict_email_domain');
         $st_allowed_email_domains = $request->input('setting:allowed_email_domains');
 
+        // sets the variables for the white/blacklist to '' or the corresponding regex
+        $st_whitelisted_domains = empty($request->input('setting:whitelisted_domains')) ? '' :
+            self::createRegexForDomains($request->input('setting:whitelisted_domains'));
+        $st_blacklisted_domains = empty($request->input('setting:blacklisted_domains')) ? '' :
+            self::createRegexForDomains($request->input('setting:blacklisted_domains'));
+
+
         $st_base = $request->input('setting:base');
         $st_auto_api_key = $request->input('setting:auto_api_key');
         $st_anon_api = $request->input('setting:anon_api');
@@ -167,6 +199,8 @@ public static function performSetup(Request $request) {
             'ST_ALLOWED_EMAIL_DOMAINS' => $st_allowed_email_domains,
             'POLR_RECAPTCHA_SITE_KEY' => $polr_recaptcha_site_key,
             'POLR_RECAPTCHA_SECRET' => $polr_recaptcha_secret_key,
+            'ST_WHITELISTED_DOMAINS' => $st_whitelisted_domains,
+            'ST_BLACKLISTED_DOMAINS' => $st_blacklisted_domains,
 
             'MAIL_ENABLED' => $mail_enabled,
             'MAIL_HOST' => $mail_host,
@@ -248,4 +282,4 @@ public static function finishSetup(Request $request) {
 
         return view('setup_thanks')->with('success', 'Set up completed! Thanks for using Polr!');
     }
-}
+}

resources/views/env.blade.php

@@ -97,6 +97,13 @@
 # reCAPTCHA secret key
 POLR_RECAPTCHA_SECRET_KEY="{{$POLR_RECAPTCHA_SECRET}}"
 
+# A comma-separated list of whitelisted domains
+SETTING_WHITELISTED_DOMAINS={{$ST_WHITELISTED_DOMAINS}}
+
+# A comma-separated list of blacklisted domains
+SETTING_BLACKLISTED_DOMAINS={{$ST_BLACKLISTED_DOMAINS}}
+
+
 # Set each to blank to disable mail
 @if($MAIL_ENABLED)
 MAIL_DRIVER=smtp

resources/views/setup.blade.php

@@ -195,6 +195,18 @@
             </p>
             <input type='text' class='form-control' name='setting:allowed_email_domains' placeholder='company.com,company-corp.com'>
 
+            <p>
+                Whitelisted Domains:
+                <setup-tooltip content='A comma-separated list of whitelisted domains. To include subdomains use "*." as prefix (eg.: *.example.com)'></setup-tooltip>
+            </p>
+            <input type='text' class='form-control' name='setting:whitelisted_domains' placeholder='company.com,*.example.com'>
+
+            <p>
+                Blacklisted Domains:
+                <setup-tooltip content='A comma-separated list of blacklisted domains. To include subdomains use "*." as prefix (eg.: *.example.com)'></setup-tooltip>
+            </p>
+            <input type='text' class='form-control' name='setting:blacklisted_domains' placeholder='company.com,*.example.com'>
+
             <p>
                 Password Recovery:
                 <setup-tooltip content="Password recovery allows users to reset their password through email."></setup-tooltip>
@@ -288,4 +300,4 @@
 <script src='/js/angular.min.js'></script>
 <script src='/js/base.js'></script>
 <script src='/js/SetupCtrl.js'></script>
-@endsection
+@endsection