Initial commit: Add logistics and order_detail message types
Some checks failed
Lock Threads / action (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Publish Chatwoot EE docker images / build (linux/amd64, ubuntu-latest) (push) Has been cancelled
Publish Chatwoot EE docker images / build (linux/arm64, ubuntu-22.04-arm) (push) Has been cancelled
Publish Chatwoot EE docker images / merge (push) Has been cancelled
Publish Chatwoot CE docker images / build (linux/amd64, ubuntu-latest) (push) Has been cancelled
Publish Chatwoot CE docker images / build (linux/arm64, ubuntu-22.04-arm) (push) Has been cancelled
Publish Chatwoot CE docker images / merge (push) Has been cancelled
Run Chatwoot CE spec / lint-backend (push) Has been cancelled
Run Chatwoot CE spec / lint-frontend (push) Has been cancelled
Run Chatwoot CE spec / frontend-tests (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (0, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (1, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (10, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (11, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (12, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (13, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (14, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (15, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (2, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (3, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (4, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (5, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (6, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (7, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (8, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (9, 16) (push) Has been cancelled
Run Linux nightly installer / nightly (push) Has been cancelled
Some checks failed
Lock Threads / action (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Publish Chatwoot EE docker images / build (linux/amd64, ubuntu-latest) (push) Has been cancelled
Publish Chatwoot EE docker images / build (linux/arm64, ubuntu-22.04-arm) (push) Has been cancelled
Publish Chatwoot EE docker images / merge (push) Has been cancelled
Publish Chatwoot CE docker images / build (linux/amd64, ubuntu-latest) (push) Has been cancelled
Publish Chatwoot CE docker images / build (linux/arm64, ubuntu-22.04-arm) (push) Has been cancelled
Publish Chatwoot CE docker images / merge (push) Has been cancelled
Run Chatwoot CE spec / lint-backend (push) Has been cancelled
Run Chatwoot CE spec / lint-frontend (push) Has been cancelled
Run Chatwoot CE spec / frontend-tests (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (0, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (1, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (10, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (11, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (12, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (13, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (14, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (15, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (2, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (3, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (4, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (5, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (6, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (7, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (8, 16) (push) Has been cancelled
Run Chatwoot CE spec / backend-tests (9, 16) (push) Has been cancelled
Run Linux nightly installer / nightly (push) Has been cancelled
- Add Logistics component with progress tracking - Add OrderDetail component for order information - Support data-driven steps and actions - Add blue color scale to widget SCSS - Fix node overflow and progress bar rendering issues - Add English translations for dashboard components Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Liang XJ
84
enterprise/app/models/concerns/safe_endpoint_validatable.rb
Normal file
84
enterprise/app/models/concerns/safe_endpoint_validatable.rb
Normal file
@@ -0,0 +1,84 @@
|
||||
module Concerns::SafeEndpointValidatable
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
FRONTEND_HOST = URI.parse(ENV.fetch('FRONTEND_URL', 'http://localhost:3000')).host.freeze
|
||||
DISALLOWED_HOSTS = ['localhost', /\.local\z/i].freeze
|
||||
|
||||
included do
|
||||
validate :validate_safe_endpoint_url
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def validate_safe_endpoint_url
|
||||
return if endpoint_url.blank?
|
||||
|
||||
uri = parse_endpoint_uri
|
||||
return errors.add(:endpoint_url, 'must be a valid URL') unless uri
|
||||
|
||||
validate_endpoint_scheme(uri)
|
||||
validate_endpoint_host(uri)
|
||||
validate_not_ip_address(uri)
|
||||
validate_no_unicode_chars(uri)
|
||||
end
|
||||
|
||||
def parse_endpoint_uri
|
||||
# Strip Liquid template syntax for validation
|
||||
# Replace {{ variable }} with a placeholder value
|
||||
sanitized_url = endpoint_url.gsub(/\{\{[^}]+\}\}/, 'placeholder')
|
||||
URI.parse(sanitized_url)
|
||||
rescue URI::InvalidURIError
|
||||
nil
|
||||
end
|
||||
|
||||
def validate_endpoint_scheme(uri)
|
||||
return if uri.scheme == 'https'
|
||||
|
||||
errors.add(:endpoint_url, 'must use HTTPS protocol')
|
||||
end
|
||||
|
||||
def validate_endpoint_host(uri)
|
||||
if uri.host.blank?
|
||||
errors.add(:endpoint_url, 'must have a valid hostname')
|
||||
return
|
||||
end
|
||||
|
||||
if uri.host == FRONTEND_HOST
|
||||
errors.add(:endpoint_url, 'cannot point to the application itself')
|
||||
return
|
||||
end
|
||||
|
||||
DISALLOWED_HOSTS.each do |pattern|
|
||||
matched = if pattern.is_a?(Regexp)
|
||||
uri.host =~ pattern
|
||||
else
|
||||
uri.host.downcase == pattern
|
||||
end
|
||||
|
||||
next unless matched
|
||||
|
||||
errors.add(:endpoint_url, 'cannot use disallowed hostname')
|
||||
break
|
||||
end
|
||||
end
|
||||
|
||||
def validate_not_ip_address(uri)
|
||||
# Check for IPv4
|
||||
if /\A\d+\.\d+\.\d+\.\d+\z/.match?(uri.host)
|
||||
errors.add(:endpoint_url, 'cannot be an IP address, must be a hostname')
|
||||
return
|
||||
end
|
||||
|
||||
# Check for IPv6
|
||||
return unless uri.host.include?(':')
|
||||
|
||||
errors.add(:endpoint_url, 'cannot be an IP address, must be a hostname')
|
||||
end
|
||||
|
||||
def validate_no_unicode_chars(uri)
|
||||
return unless uri.host
|
||||
return if /\A[\x00-\x7F]+\z/.match?(uri.host)
|
||||
|
||||
errors.add(:endpoint_url, 'hostname cannot contain non-ASCII characters')
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user