Add size limit for link preview URLs (#30854)

2024-06-27 16:40:19 +02:00 · 2024-06-27 16:40:19 +02:00 · 815680bd13
commit 815680bd13
parent d8e8437a29
2 changed files with 17 additions and 1 deletions
--- a/app/services/fetch_link_card_service.rb
+++ b/app/services/fetch_link_card_service.rb
@ -15,6 +15,9 @@ class FetchLinkCardService < BaseService
    )
  }iox

+  # URL size limit to safely store in PosgreSQL's unique indexes
+  BYTESIZE_LIMIT = 2692
+
  def call(status)
    @status       = status
    @original_url = parse_urls
@ -85,7 +88,7 @@ class FetchLinkCardService < BaseService

  def bad_url?(uri)
    # Avoid local instance URLs and invalid URLs
-    uri.host.blank? || TagManager.instance.local_url?(uri.to_s) || !%w(http https).include?(uri.scheme)
+    uri.host.blank? || TagManager.instance.local_url?(uri.to_s) || !%w(http https).include?(uri.scheme) || uri.to_s.bytesize > BYTESIZE_LIMIT
  end

  def mention_link?(anchor)
--- a/spec/services/fetch_link_card_service_spec.rb
+++ b/spec/services/fetch_link_card_service_spec.rb
@ -95,6 +95,19 @@ RSpec.describe FetchLinkCardService, type: :service do
        expect(a_request(:get, 'http://example.com/test?data=file.gpx%5E1')).to have_been_made.once
      end
    end
+
+    context 'with an URL too long for PostgreSQL unique indexes' do
+      let(:url) { "http://example.com/#{'a' * 2674}" }
+      let(:status) { Fabricate(:status, text: url) }
+
+      it 'does not fetch the URL' do
+        expect(a_request(:get, url)).to_not have_been_made
+      end
+
+      it 'does not create a preview card' do
+        expect(status.preview_card).to be_nil
+      end
+    end
  end

  context 'in a remote status' do