diff options
| author | Douwe Maan <douwe@gitlab.com> | 2018-07-17 15:57:10 +0000 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2018-07-17 15:57:10 +0000 |
| commit | 10bd800297ee9cca53566ae3f021a73e22e2b803 (patch) | |
| tree | be87e98505a5bd17c19a7050aef95da8dc41fd0c | |
| parent | 05bef3c67a06cfea6553078f6d4e3882f5d03d0e (diff) | |
| parent | fc580935ca2171d4f5628818aa4826fbce4a7261 (diff) | |
| download | gitlab-ce-10bd800297ee9cca53566ae3f021a73e22e2b803.tar.gz | |
Merge branch 'satishperala/gitlab-ce-20720_webhooks_full_image_url' into 'master'
Include full image URL in webhooks for uploaded images
Closes #20720
See merge request gitlab-org/gitlab-ce!18109
| -rw-r--r-- | app/models/note.rb | 2 | ||||
| -rw-r--r-- | app/models/wiki_page.rb | 2 | ||||
| -rw-r--r-- | changelogs/unreleased/satishperala-gitlab-ce-20720_webhooks_full_image_url.yml | 5 | ||||
| -rw-r--r-- | doc/user/project/integrations/webhooks.md | 28 | ||||
| -rw-r--r-- | lib/banzai/filter/blockquote_fence_filter.rb | 22 | ||||
| -rw-r--r-- | lib/gitlab/hook_data/base_builder.rb | 38 | ||||
| -rw-r--r-- | lib/gitlab/hook_data/issuable_builder.rb | 8 | ||||
| -rw-r--r-- | lib/gitlab/hook_data/issue_builder.rb | 9 | ||||
| -rw-r--r-- | lib/gitlab/hook_data/merge_request_builder.rb | 9 | ||||
| -rw-r--r-- | lib/gitlab/hook_data/note_builder.rb | 43 | ||||
| -rw-r--r-- | lib/gitlab/hook_data/wiki_page_builder.rb | 15 | ||||
| -rw-r--r-- | lib/gitlab/regex.rb | 26 | ||||
| -rw-r--r-- | spec/lib/gitlab/hook_data/base_builder_spec.rb | 64 | ||||
| -rw-r--r-- | spec/lib/gitlab/hook_data/issue_builder_spec.rb | 9 | ||||
| -rw-r--r-- | spec/lib/gitlab/hook_data/merge_request_builder_spec.rb | 9 | ||||
| -rw-r--r-- | spec/models/wiki_page_spec.rb | 10 |
16 files changed, 258 insertions, 41 deletions
diff --git a/app/models/note.rb b/app/models/note.rb index abc40d9016e..fe3507adcb3 100644 --- a/app/models/note.rb +++ b/app/models/note.rb @@ -202,7 +202,7 @@ class Note < ActiveRecord::Base end def hook_attrs - attributes + Gitlab::HookData::NoteBuilder.new(self).build end def for_commit? diff --git a/app/models/wiki_page.rb b/app/models/wiki_page.rb index 4b49edb01a5..55243136140 100644 --- a/app/models/wiki_page.rb +++ b/app/models/wiki_page.rb @@ -60,7 +60,7 @@ class WikiPage attr_accessor :attributes def hook_attrs - attributes + Gitlab::HookData::WikiPageBuilder.new(self).build end def initialize(wiki, page = nil, persisted = false) diff --git a/changelogs/unreleased/satishperala-gitlab-ce-20720_webhooks_full_image_url.yml b/changelogs/unreleased/satishperala-gitlab-ce-20720_webhooks_full_image_url.yml new file mode 100644 index 00000000000..7bfe1b5778f --- /dev/null +++ b/changelogs/unreleased/satishperala-gitlab-ce-20720_webhooks_full_image_url.yml @@ -0,0 +1,5 @@ +--- +title: Include full image URL in webhooks for uploaded images +merge_request: 18109 +author: Satish Perala +type: changed diff --git a/doc/user/project/integrations/webhooks.md b/doc/user/project/integrations/webhooks.md index 8c09927e2df..8e486318980 100644 --- a/doc/user/project/integrations/webhooks.md +++ b/doc/user/project/integrations/webhooks.md @@ -10,6 +10,13 @@ Starting from GitLab 8.5: Starting from GitLab 11.1, the logs of web hooks are automatically removed after one month. +>**Note** +Starting from GitLab 11.2: +- The `description` field for issues, merge requests, comments, and wiki pages + is rewritten so that simple Markdown image references (like + ``) have their target URL changed to an absolute URL. See + [image URL rewriting](#image-url-rewriting) for more details. + Project webhooks allow you to trigger a URL if for example new code is pushed or a new issue is created. You can configure webhooks to listen for specific events like pushes, issues or merge requests. GitLab will send a POST request with data @@ -1125,6 +1132,27 @@ X-Gitlab-Event: Build Hook } ``` +## Image URL rewriting + +From GitLab 11.2, simple image references are rewritten to use an absolute URL +in webhooks. So if an image, merge request, comment, or wiki page has this in +its description: + +```markdown + +``` + +It will appear in the webhook body as the below (assuming that GitLab is +installed at gitlab.example.com): + +```markdown + +``` + +This will not rewrite URLs that already are pointing to HTTP, HTTPS, or +protocol-relative URLs. It will also not rewrite image URLs using advanced +Markdown features, like link labels. + ## Testing webhooks You can trigger the webhook manually. Sample data from the project will be used.Sample data will take from the project. diff --git a/lib/banzai/filter/blockquote_fence_filter.rb b/lib/banzai/filter/blockquote_fence_filter.rb index fbfcd72c916..7108e828c6d 100644 --- a/lib/banzai/filter/blockquote_fence_filter.rb +++ b/lib/banzai/filter/blockquote_fence_filter.rb @@ -2,27 +2,7 @@ module Banzai module Filter class BlockquoteFenceFilter < HTML::Pipeline::TextFilter REGEX = %r{ - (?<code> - # Code blocks: - # ``` - # Anything, including `>>>` blocks which are ignored by this filter - # ``` - - ^``` - .+? - \n```\ *$ - ) - | - (?<html> - # HTML block: - # <tag> - # Anything, including `>>>` blocks which are ignored by this filter - # </tag> - - ^<[^>]+?>\ *\n - .+? - \n<\/[^>]+?>\ *$ - ) + #{::Gitlab::Regex.markdown_code_or_html_blocks} | (?: # Blockquote: diff --git a/lib/gitlab/hook_data/base_builder.rb b/lib/gitlab/hook_data/base_builder.rb new file mode 100644 index 00000000000..4ffca356b29 --- /dev/null +++ b/lib/gitlab/hook_data/base_builder.rb @@ -0,0 +1,38 @@ +module Gitlab + module HookData + class BaseBuilder + attr_accessor :object + + MARKDOWN_SIMPLE_IMAGE = %r{ + #{::Gitlab::Regex.markdown_code_or_html_blocks} + | + (?<image> + ! + \[(?<title>[^\n]*?)\] + \((?<url>(?!(https?://|//))[^\n]+?)\) + ) + }mx.freeze + + def initialize(object) + @object = object + end + + private + + def absolute_image_urls(markdown_text) + return markdown_text unless markdown_text.present? + + markdown_text.gsub(MARKDOWN_SIMPLE_IMAGE) do + if $~[:image] + url = $~[:url] + url = "/#{url}" unless url.start_with?('/') + + "![#{$~[:title]}](#{Gitlab.config.gitlab.url}#{url})" + else + $~[0] + end + end + end + end + end +end diff --git a/lib/gitlab/hook_data/issuable_builder.rb b/lib/gitlab/hook_data/issuable_builder.rb index 6ab36676127..f2eda398b8f 100644 --- a/lib/gitlab/hook_data/issuable_builder.rb +++ b/lib/gitlab/hook_data/issuable_builder.rb @@ -1,13 +1,9 @@ module Gitlab module HookData - class IssuableBuilder + class IssuableBuilder < BaseBuilder CHANGES_KEYS = %i[previous current].freeze - attr_accessor :issuable - - def initialize(issuable) - @issuable = issuable - end + alias_method :issuable, :object def build(user: nil, changes: {}) hook_data = { diff --git a/lib/gitlab/hook_data/issue_builder.rb b/lib/gitlab/hook_data/issue_builder.rb index f9b1a3caf5e..0d71c748dc6 100644 --- a/lib/gitlab/hook_data/issue_builder.rb +++ b/lib/gitlab/hook_data/issue_builder.rb @@ -1,6 +1,6 @@ module Gitlab module HookData - class IssueBuilder + class IssueBuilder < BaseBuilder SAFE_HOOK_ATTRIBUTES = %i[ assignee_id author_id @@ -30,14 +30,11 @@ module Gitlab total_time_spent ].freeze - attr_accessor :issue - - def initialize(issue) - @issue = issue - end + alias_method :issue, :object def build attrs = { + description: absolute_image_urls(issue.description), url: Gitlab::UrlBuilder.build(issue), total_time_spent: issue.total_time_spent, human_total_time_spent: issue.human_total_time_spent, diff --git a/lib/gitlab/hook_data/merge_request_builder.rb b/lib/gitlab/hook_data/merge_request_builder.rb index aff786864f2..dfbed0597ed 100644 --- a/lib/gitlab/hook_data/merge_request_builder.rb +++ b/lib/gitlab/hook_data/merge_request_builder.rb @@ -1,6 +1,6 @@ module Gitlab module HookData - class MergeRequestBuilder + class MergeRequestBuilder < BaseBuilder SAFE_HOOK_ATTRIBUTES = %i[ assignee_id author_id @@ -35,14 +35,11 @@ module Gitlab total_time_spent ].freeze - attr_accessor :merge_request - - def initialize(merge_request) - @merge_request = merge_request - end + alias_method :merge_request, :object def build attrs = { + description: absolute_image_urls(merge_request.description), url: Gitlab::UrlBuilder.build(merge_request), source: merge_request.source_project.try(:hook_attrs), target: merge_request.target_project.hook_attrs, diff --git a/lib/gitlab/hook_data/note_builder.rb b/lib/gitlab/hook_data/note_builder.rb new file mode 100644 index 00000000000..81873e345d5 --- /dev/null +++ b/lib/gitlab/hook_data/note_builder.rb @@ -0,0 +1,43 @@ +module Gitlab + module HookData + class NoteBuilder < BaseBuilder + SAFE_HOOK_ATTRIBUTES = %i[ + attachment + author_id + change_position + commit_id + created_at + discussion_id + id + line_code + note + noteable_id + noteable_type + original_position + position + project_id + resolved_at + resolved_by_id + resolved_by_push + st_diff + system + type + updated_at + updated_by_id + ].freeze + + alias_method :note, :object + + def build + note + .attributes + .with_indifferent_access + .slice(*SAFE_HOOK_ATTRIBUTES) + .merge( + description: absolute_image_urls(note.note), + url: Gitlab::UrlBuilder.build(note) + ) + end + end + end +end diff --git a/lib/gitlab/hook_data/wiki_page_builder.rb b/lib/gitlab/hook_data/wiki_page_builder.rb new file mode 100644 index 00000000000..59c94a61cf2 --- /dev/null +++ b/lib/gitlab/hook_data/wiki_page_builder.rb @@ -0,0 +1,15 @@ +module Gitlab + module HookData + class WikiPageBuilder < BaseBuilder + alias_method :wiki_page, :object + + def build + wiki_page + .attributes + .merge( + 'content' => absolute_image_urls(wiki_page.content) + ) + end + end + end +end diff --git a/lib/gitlab/regex.rb b/lib/gitlab/regex.rb index ac3de2a8f71..e1a958c508a 100644 --- a/lib/gitlab/regex.rb +++ b/lib/gitlab/regex.rb @@ -73,5 +73,31 @@ module Gitlab def build_trace_section_regex @build_trace_section_regexp ||= /section_((?:start)|(?:end)):(\d+):([a-zA-Z0-9_.-]+)\r\033\[0K/.freeze end + + def markdown_code_or_html_blocks + @markdown_code_or_html_blocks ||= %r{ + (?<code> + # Code blocks: + # ``` + # Anything, including `>>>` blocks which are ignored by this filter + # ``` + + ^``` + .+? + \n```\ *$ + ) + | + (?<html> + # HTML block: + # <tag> + # Anything, including `>>>` blocks which are ignored by this filter + # </tag> + + ^<[^>]+?>\ *\n + .+? + \n<\/[^>]+?>\ *$ + ) + }mx + end end end diff --git a/spec/lib/gitlab/hook_data/base_builder_spec.rb b/spec/lib/gitlab/hook_data/base_builder_spec.rb new file mode 100644 index 00000000000..a921dd766c3 --- /dev/null +++ b/spec/lib/gitlab/hook_data/base_builder_spec.rb @@ -0,0 +1,64 @@ +require 'spec_helper' + +describe Gitlab::HookData::BaseBuilder do + describe '#absolute_image_urls' do + let(:subclass) do + Class.new(described_class) do + public :absolute_image_urls + end + end + + subject { subclass.new(nil) } + + using RSpec::Parameterized::TableSyntax + + where do + { + 'relative image URL' => { + input: '', + output: "" + }, + 'HTTP URL' => { + input: '', + output: '' + }, + 'HTTPS URL' => { + input: '', + output: '' + }, + 'protocol-relative URL' => { + input: '', + output: '' + }, + 'URL reference by title' => { + input: "![foo]\n\n[foo]: foo.png", + output: "![foo]\n\n[foo]: foo.png" + }, + 'URL reference by label' => { + input: "![][foo]\n\n[foo]: foo.png", + output: "![][foo]\n\n[foo]: foo.png" + }, + 'in Markdown inline code block' => { + input: '``', + output: "``" + }, + 'in HTML tag on the same line' => { + input: '<p></p>', + output: "<p></p>" + }, + 'in Markdown multi-line code block' => { + input: "```\n\n```", + output: "```\n\n```" + }, + 'in HTML tag on different lines' => { + input: "<p>\n\n</p>", + output: "<p>\n\n</p>" + } + } + end + + with_them do + it { expect(subject.absolute_image_urls(input)).to eq(output) } + end + end +end diff --git a/spec/lib/gitlab/hook_data/issue_builder_spec.rb b/spec/lib/gitlab/hook_data/issue_builder_spec.rb index 506b2c0be20..60093474f8a 100644 --- a/spec/lib/gitlab/hook_data/issue_builder_spec.rb +++ b/spec/lib/gitlab/hook_data/issue_builder_spec.rb @@ -40,5 +40,14 @@ describe Gitlab::HookData::IssueBuilder do expect(data).to include(:human_total_time_spent) expect(data).to include(:assignee_ids) end + + context 'when the issue has an image in the description' do + let(:issue_with_description) { create(:issue, description: 'test') } + let(:builder) { described_class.new(issue_with_description) } + + it 'sets the image to use an absolute URL' do + expect(data[:description]).to eq("test") + end + end end end diff --git a/spec/lib/gitlab/hook_data/merge_request_builder_spec.rb b/spec/lib/gitlab/hook_data/merge_request_builder_spec.rb index b61614e4790..dd586af6118 100644 --- a/spec/lib/gitlab/hook_data/merge_request_builder_spec.rb +++ b/spec/lib/gitlab/hook_data/merge_request_builder_spec.rb @@ -56,5 +56,14 @@ describe Gitlab::HookData::MergeRequestBuilder do expect(data).to include(:human_time_estimate) expect(data).to include(:human_total_time_spent) end + + context 'when the MR has an image in the description' do + let(:mr_with_description) { create(:merge_request, description: 'test') } + let(:builder) { described_class.new(mr_with_description) } + + it 'sets the image to use an absolute URL' do + expect(data[:description]).to eq("test") + end + end end end diff --git a/spec/models/wiki_page_spec.rb b/spec/models/wiki_page_spec.rb index 1c765ceac2f..63850939be1 100644 --- a/spec/models/wiki_page_spec.rb +++ b/spec/models/wiki_page_spec.rb @@ -554,6 +554,16 @@ describe WikiPage do end end + describe '#hook_attrs' do + it 'adds absolute urls for images in the content' do + create_page("test page", "test") + page = wiki.wiki.page(title: "test page") + wiki_page = described_class.new(wiki, page, true) + + expect(wiki_page.hook_attrs['content']).to eq("test") + end + end + private def remove_temp_repo(path) |