Merge pull request #38 from jonschoning/non-http-url-schemes

add setting ALLOW_NON_HTTP_URL_SCHEMES
2022-04-26 21:11:45 -05:00 · 2022-04-26 21:11:45 -05:00 · 368c5db510
parent 2986230bd5 e7636cc048
commit 368c5db510
7 changed files with 20 additions and 8 deletions
--- a/changelog.md
+++ b/changelog.md
@ -1,3 +1,6 @@
 __v0.0.13__
 add setting ALLOW_NON_HTTP_URL_SCHEMES (default false)
 __v0.0.12__
 update to ghc9
--- a/config/settings.yml
+++ b/config/settings.yml
@ -43,3 +43,5 @@ archive-socks-proxy-port: "_env:ARCHIVE_SOCKS_PROXY_PORT"
 source-code-uri: "_env:SOURCE_CODE_URI:https://github.com/jonschoning/espial"
 ssl-only: "_env:SSL_ONLY" # false
 allow-non-http-url-schemes: "_env:ALLOW_NON_HTTP_URL_SCHEMES:false"
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -13,8 +13,10 @@ services:
    environment:
      - IP_FROM_HEADER=true
      - SQLITE_DATABASE=/app/data/espial.sqlite3
-      # - DETAILED_LOGGING=true
+      # - SSL_ONLY=false
-      # - SHOULD_LOG_ALL=true
+      # - DETAILED_LOGGING=false
      # - SHOULD_LOG_ALL=false
      # - ARCHIVE_SOCKS_PROXY_HOST=localhost 
      # - ARCHIVE_SOCKS_PROXY_PORT=8888
      # - SOURCE_CODE_URI=https://github.com/jonschoning/espial
      # - ALLOW_NON_HTTP_URL_SCHEMES=false
--- a/espial.cabal
+++ b/espial.cabal
@ -5,7 +5,7 @@ cabal-version: 1.12
 -- see: https://github.com/sol/hpack
 name:           espial
-version:        0.0.12
+version:        0.0.13
 synopsis:       Espial is an open-source, web-based bookmarking server.
 description:    .
                Espial is an open-source, web-based bookmarking server.
--- a/package.yaml
+++ b/package.yaml
@ -1,6 +1,6 @@
 name:    espial
 synopsis: Espial is an open-source, web-based bookmarking server.
-version: "0.0.12"
+version: "0.0.13"
 description: ! '
  Espial is an open-source, web-based bookmarking server.
--- a/src/Handler/Add.hs
+++ b/src/Handler/Add.hs
@ -68,16 +68,17 @@ postAddR = do
 _handleFormSuccess :: BookmarkForm -> Handler (UpsertResult (Key Bookmark))
 _handleFormSuccess bookmarkForm = do
  (userId, user) <- requireAuthPair
-  case (parseRequest . unpack . _url) bookmarkForm of
+  appSettings <- appSettings <$> getYesod
-    Nothing -> pure $ Failed "Invalid URL"
+  case (appAllowNonHttpUrlSchemes appSettings, (parseRequest . unpack . _url) bookmarkForm) of
-    Just _ -> do
+    (False, Nothing) -> pure $ Failed "Invalid URL"
    (_, _) -> do
      let mkbid = BookmarkKey <$> _bid bookmarkForm
          tags = maybe [] (nub . words . T.replace "," " ") (_tags bookmarkForm)
      bm <- liftIO $ _toBookmark userId bookmarkForm
      res <- runDB (upsertBookmark userId mkbid bm tags)
      forM_ (maybeUpsertResult res) $ \kbid ->
        whenM (shouldArchiveBookmark user kbid) $
-          void $ async (archiveBookmarkUrl kbid (unpack (bookmarkHref bm)))
+        void $ async (archiveBookmarkUrl kbid (unpack (bookmarkHref bm)))
      pure res
 postLookupTitleR :: Handler ()
--- a/src/Settings.hs
+++ b/src/Settings.hs
@ -66,6 +66,8 @@ data AppSettings = AppSettings
    -- ^ Uri to app source code
    , appSSLOnly :: Bool
    , appAllowNonHttpUrlSchemes :: Bool
    }
 instance FromJSON AppSettings where
@ -102,6 +104,8 @@ instance FromJSON AppSettings where
        appSSLOnly                 <- fromMaybe False <$> o .:? "ssl-only"
        appAllowNonHttpUrlSchemes  <- fromMaybe False <$> o .:? "allow-non-http-url-schemes"
        return AppSettings {..}
 -- | Settings for 'widgetFile', such as which template languages to support and