admin-coderabbit · admin-coderabbit · Aug 18, 2015 · coderabbit-eval · Feb 4, 2026 · coderabbit-eval
diff --git a/app/assets/javascripts/admin/adapters/embedding.js.es6 b/app/assets/javascripts/admin/adapters/embedding.js.es6
@@ -0,0 +1,7 @@
+import RestAdapter from 'discourse/adapters/rest';
+
+export default RestAdapter.extend({
+  pathFor() {
+    return "/admin/customize/embedding";
+  }
+});
diff --git a/app/assets/javascripts/admin/components/embeddable-host.js.es6 b/app/assets/javascripts/admin/components/embeddable-host.js.es6
@@ -0,0 +1,63 @@
+import { bufferedProperty } from 'discourse/mixins/buffered-content';
+import computed from 'ember-addons/ember-computed-decorators';
+import { on, observes } from 'ember-addons/ember-computed-decorators';
+import { popupAjaxError } from 'discourse/lib/ajax-error';
+
+export default Ember.Component.extend(bufferedProperty('host'), {
+  editToggled: false,
+  tagName: 'tr',
+  categoryId: null,
+
+  editing: Ember.computed.or('host.isNew', 'editToggled'),
+
+  @on('didInsertElement')
+  @observes('editing')
+  _focusOnInput() {
+    Ember.run.schedule('afterRender', () => { this.$('.host-name').focus(); });
+  },
+
+  @computed('buffered.host', 'host.isSaving')
+  cantSave(host, isSaving) {
+    return isSaving || Ember.isEmpty(host);
+  },
+
+  actions: {
+    edit() {
+      this.set('categoryId', this.get('host.category.id'));
+      this.set('editToggled', true);
+    },
+
+    save() {
+      if (this.get('cantSave')) { return; }
+
+      const props = this.get('buffered').getProperties('host');
+      props.category_id = this.get('categoryId');
+
+      const host = this.get('host');
+      host.save(props).then(() => {
+        host.set('category', Discourse.Category.findById(this.get('categoryId')));
+        this.set('editToggled', false);
+      }).catch(popupAjaxError);
+    },
+
+    delete() {
+      bootbox.confirm(I18n.t('admin.embedding.confirm_delete'), (result) => {
+        if (result) {
+          this.get('host').destroyRecord().then(() => {
+            this.sendAction('deleteHost', this.get('host'));
+          });
+        }
+      });
+    },
+
+    cancel() {
+      const host = this.get('host');
+      if (host.get('isNew')) {
+        this.sendAction('deleteHost', host);
+      } else {
+        this.rollbackBuffer();
+        this.set('editToggled', false);
+      }
+    }
+  }
+});
diff --git a/app/assets/javascripts/admin/controllers/admin-embedding.js.es6 b/app/assets/javascripts/admin/controllers/admin-embedding.js.es6
@@ -0,0 +1,18 @@
+export default Ember.Controller.extend({
+  embedding: null,
+
+  actions: {
+    saveChanges() {
+      this.get('embedding').update({});
+    },
+
+    addHost() {
+      const host = this.store.createRecord('embeddable-host');
+      this.get('embedding.embeddable_hosts').pushObject(host);
+    },
+
+    deleteHost(host) {
+      this.get('embedding.embeddable_hosts').removeObject(host);
+    }
+  }
+});
diff --git a/app/assets/javascripts/admin/routes/admin-embedding.js.es6 b/app/assets/javascripts/admin/routes/admin-embedding.js.es6
@@ -0,0 +1,9 @@
+export default Ember.Route.extend({
+  model() {
+    return this.store.find('embedding');
+  },
+
+  setupController(controller, model) {
+    controller.set('embedding', model);
+  }
+});
diff --git a/app/assets/javascripts/admin/routes/admin-route-map.js.es6 b/app/assets/javascripts/admin/routes/admin-route-map.js.es6
@@ -27,6 +27,7 @@ export default {
       this.resource('adminUserFields', { path: '/user_fields' });
       this.resource('adminEmojis', { path: '/emojis' });
       this.resource('adminPermalinks', { path: '/permalinks' });
+      this.resource('adminEmbedding', { path: '/embedding' });
     });
     this.route('api');
 

diff --git a/app/assets/javascripts/admin/templates/components/embeddable-host.hbs b/app/assets/javascripts/admin/templates/components/embeddable-host.hbs
@@ -0,0 +1,19 @@
+{{#if editing}}
+  <td>
+    {{input value=buffered.host placeholder="example.com" enter="save" class="host-name"}}
+  </td>
+  <td>
+    {{category-chooser value=categoryId}}
+  </td>
+  <td>
+    {{d-button icon="check" action="save" class="btn-primary" disabled=cantSave}}
+    {{d-button icon="times" action="cancel" class="btn-danger" disabled=host.isSaving}}
+  </td>
+{{else}}
+  <td>{{host.host}}</td>
+  <td>{{category-badge host.category}}</td>
+  <td>
+    {{d-button icon="pencil" action="edit"}}
+    {{d-button icon="trash-o" action="delete" class='btn-danger'}}
+  </td>
+{{/if}}
diff --git a/app/assets/javascripts/admin/templates/customize.hbs b/app/assets/javascripts/admin/templates/customize.hbs
@@ -5,6 +5,7 @@
   {{nav-item route='adminUserFields' label='admin.user_fields.title'}}
   {{nav-item route='adminEmojis' label='admin.emoji.title'}}
   {{nav-item route='adminPermalinks' label='admin.permalink.title'}}
+  {{nav-item route='adminEmbedding' label='admin.embedding.title'}}
 {{/admin-nav}}
 
 <div class="admin-container">

diff --git a/app/assets/javascripts/admin/templates/embedding.hbs b/app/assets/javascripts/admin/templates/embedding.hbs
@@ -0,0 +1,15 @@
+{{#if embedding.embeddable_hosts}}
+  <table>
+    <tr>
+      <th style='width: 50%'>{{i18n "admin.embedding.host"}}</th>
+      <th style='width: 30%'>{{i18n "admin.embedding.category"}}</th>
+      <th style='width: 20%'>&nbsp;</th>
+    </tr>
+    {{#each embedding.embeddable_hosts as |host|}}
+      {{embeddable-host host=host deleteHost="deleteHost"}}
+    {{/each}}
+  </table>
+{{/if}}
+
+{{d-button label="admin.embedding.add_host" action="addHost" icon="plus" class="btn-primary"}}
+
diff --git a/app/assets/javascripts/discourse/adapters/rest.js.es6 b/app/assets/javascripts/discourse/adapters/rest.js.es6
@@ -1,4 +1,4 @@
-const ADMIN_MODELS = ['plugin', 'site-customization'];
+const ADMIN_MODELS = ['plugin', 'site-customization', 'embeddable-host'];
 
 export function Result(payload, responseJson) {
   this.payload = payload;
@@ -19,7 +19,7 @@ function rethrow(error) {
 export default Ember.Object.extend({
 
   basePath(store, type) {
-    if (ADMIN_MODELS.indexOf(type) !== -1) { return "/admin/"; }
+    if (ADMIN_MODELS.indexOf(type.replace('_', '-')) !== -1) { return "/admin/"; }
     return "/";
   },
 

diff --git a/app/assets/javascripts/discourse/models/store.js.es6 b/app/assets/javascripts/discourse/models/store.js.es6
@@ -189,14 +189,24 @@ export default Ember.Object.extend({
   _hydrateEmbedded(type, obj, root) {
     const self = this;
     Object.keys(obj).forEach(function(k) {
-      const m = /(.+)\_id$/.exec(k);
+      const m = /(.+)\_id(s?)$/.exec(k);
       if (m) {
         const subType = m[1];
-        const hydrated = self._lookupSubType(subType, type, obj[k], root);
-        if (hydrated) {
-          obj[subType] = hydrated;
+
+        if (m[2]) {
+          const hydrated = obj[k].map(function(id) {
+            return self._lookupSubType(subType, type, id, root);
+          });
+          obj[self.pluralize(subType)] = hydrated || [];
           delete obj[k];
+        } else {
+          const hydrated = self._lookupSubType(subType, type, obj[k], root);
+          if (hydrated) {
+            obj[subType] = hydrated;
+            delete obj[k];
+          }
         }
+
       }
     });
   },

diff --git a/app/controllers/admin/embeddable_hosts_controller.rb b/app/controllers/admin/embeddable_hosts_controller.rb
@@ -0,0 +1,34 @@
+class Admin::EmbeddableHostsController < Admin::AdminController
+
+  before_filter :ensure_logged_in, :ensure_staff
+
+  def create
+    save_host(EmbeddableHost.new)
+  end
+
+  def update
+    host = EmbeddableHost.where(id: params[:id]).first
+    save_host(host)
+  end
+
+  def destroy
+    host = EmbeddableHost.where(id: params[:id]).first
+    host.destroy
+    render json: success_json
+  end
-  def destroy
-    host = EmbeddableHost.where(id: params[:id]).first
-    host.destroy
-    render json: success_json
-  end
+  def destroy
+    host = EmbeddableHost.find(params[:id])
+    host.destroy
+    render json: success_json
+  end
-  def destroy
-    host = EmbeddableHost.where(id: params[:id]).first
-    host.destroy
-    render json: success_json
-  end
+  def destroy
+    host = EmbeddableHost.find(params[:id])
+    host.destroy
+    render json: success_json
+  end
+
+  protected
+
+    def save_host(host)
+      host.host = params[:embeddable_host][:host]
+      host.category_id = params[:embeddable_host][:category_id]
+      host.category_id = SiteSetting.uncategorized_category_id if host.category_id.blank?
+
+      if host.save
+        render_serialized(host, EmbeddableHostSerializer, root: 'embeddable_host', rest_serializer: true)
+      else
+        render_json_error(host)
+      end
+    end
+
+end
diff --git a/app/controllers/admin/embedding_controller.rb b/app/controllers/admin/embedding_controller.rb
@@ -0,0 +1,21 @@
+class Admin::EmbeddingController < Admin::AdminController
+
+  before_filter :ensure_logged_in, :ensure_staff, :fetch_embedding
+
+  def show
+    render_serialized(@embedding, EmbeddingSerializer, root: 'embedding', rest_serializer: true)
+  end
+
+  def update
+    render_serialized(@embedding, EmbeddingSerializer, root: 'embedding', rest_serializer: true)
+  end
+
+  protected
+
+    def fetch_embedding
+      @embedding = OpenStruct.new({
+        id: 'default',
+        embeddable_hosts: EmbeddableHost.all.order(:host)
+      })
+    end
+end
diff --git a/app/controllers/embed_controller.rb b/app/controllers/embed_controller.rb
@@ -58,8 +58,7 @@ def count
     def ensure_embeddable
 
       if !(Rails.env.development? && current_user.try(:admin?))
-        raise Discourse::InvalidAccess.new('embeddable hosts not set') if SiteSetting.embeddable_hosts.blank?
-        raise Discourse::InvalidAccess.new('invalid referer host') unless SiteSetting.allows_embeddable_host?(request.referer)
+        raise Discourse::InvalidAccess.new('invalid referer host') unless EmbeddableHost.host_allowed?(request.referer)
       end
 
       response.headers['X-Frame-Options'] = "ALLOWALL"

diff --git a/app/models/embeddable_host.rb b/app/models/embeddable_host.rb
@@ -0,0 +1,24 @@
+class EmbeddableHost < ActiveRecord::Base
+  validates_format_of :host, :with => /\A[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,5}(:[0-9]{1,5})?(\/.*)?\Z/i
+  belongs_to :category
+
+  before_validation do
+    self.host.sub!(/^https?:\/\//, '')
+    self.host.sub!(/\/.*$/, '')
+  end
-  before_validation do
-    self.host.sub!(/^https?:\/\//, '')
-    self.host.sub!(/\/.*$/, '')
-  end
+  before_validation do
+    return if self.host.blank?
+    self.host.sub!(/^https?:\/\//, '')
+    self.host.sub!(/\/.*$/, '')
+  end
-  before_validation do
-    self.host.sub!(/^https?:\/\//, '')
-    self.host.sub!(/\/.*$/, '')
-  end
+  before_validation do
+    return if self.host.blank?
+    self.host.sub!(/^https?:\/\//, '')
+    self.host.sub!(/\/.*$/, '')
+  end
+
+  def self.record_for_host(host)
+    uri = URI(host) rescue nil
+    return false unless uri.present?
+
+    host = uri.host
+    return false unless host.present?
+
+    where("lower(host) = ?", host).first
+  end
+
+  def self.host_allowed?(host)
+    record_for_host(host).present?
+  end
+
+end
diff --git a/app/models/site_setting.rb b/app/models/site_setting.rb
@@ -68,20 +68,6 @@ def self.anonymous_menu_items
     @anonymous_menu_items ||= Set.new Discourse.anonymous_filters.map(&:to_s)
   end
 
-  def self.allows_embeddable_host?(host)
-    return false if embeddable_hosts.blank?
-    uri = URI(host) rescue nil
-    return false unless uri.present?
-
-    host = uri.host
-    return false unless host.present?
-
-    !!embeddable_hosts.split("\n").detect {|h| h.sub(/^https?\:\/\//, '') == host }
-
-    hosts = embeddable_hosts.split("\n").map {|h| (URI(h).host rescue nil) || h  }
-    !!hosts.detect {|h| h == host}
-  end
-
   def self.anonymous_homepage
     top_menu_items.map { |item| item.name }
                   .select { |item| anonymous_menu_items.include?(item) }

diff --git a/app/models/topic.rb b/app/models/topic.rb
@@ -866,7 +866,7 @@ def has_topic_embed?
   end
 
   def expandable_first_post?
-    SiteSetting.embeddable_hosts.present? && SiteSetting.embed_truncate? && has_topic_embed?
+    SiteSetting.embed_truncate? && has_topic_embed?
   end
 
   TIME_TO_FIRST_RESPONSE_SQL ||= <<-SQL

diff --git a/app/models/topic_embed.rb b/app/models/topic_embed.rb
@@ -33,12 +33,14 @@ def self.import(user, url, title, contents)
     # If there is no embed, create a topic, post and the embed.
     if embed.blank?
       Topic.transaction do
+        eh = EmbeddableHost.record_for_host(url)
+
         creator = PostCreator.new(user,
                                   title: title,
                                   raw: absolutize_urls(url, contents),
                                   skip_validations: true,
                                   cook_method: Post.cook_methods[:raw_html],
-                                  category: SiteSetting.embed_category)
+                                  category: eh.try(:category_id))
         post = creator.create
         if post.present?
           TopicEmbed.create!(topic_id: post.topic_id,

diff --git a/app/serializers/embeddable_host_serializer.rb b/app/serializers/embeddable_host_serializer.rb
@@ -0,0 +1,16 @@
+class EmbeddableHostSerializer < ApplicationSerializer
+  attributes :id, :host, :category_id
+
+  def id
+    object.id
+  end
+
+  def host
+    object.host
+  end
+
+  def category_id
+    object.category_id
+  end
+end
+
diff --git a/app/serializers/embedding_serializer.rb b/app/serializers/embedding_serializer.rb
@@ -0,0 +1,8 @@
+class EmbeddingSerializer < ApplicationSerializer
+  attributes :id
+  has_many :embeddable_hosts, serializer: EmbeddableHostSerializer, embed: :ids
+
+  def id
+    object.id
+  end
+end
diff --git a/config/locales/client.en.yml b/config/locales/client.en.yml
@@ -2491,6 +2491,14 @@ en:
         image: "Image"
         delete_confirm: "Are you sure you want to delete the :%{name}: emoji?"
 
+      embedding:
+        confirm_delete: "Are you sure you want to delete that host?"
+        title: "Embedding"
+        host: "Allowed Hosts"
+        edit: "edit"
+        category: "Post to Category"
+        add_host: "Add Host"
+
       permalink:
         title: "Permalinks"
         url: "URL"

diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
@@ -1164,13 +1164,11 @@ en:
     autohighlight_all_code: "Force apply code highlighting to all preformatted code blocks even when they didn't explicitly specify the language."
     highlighted_languages: "Included syntax highlighting rules. (Warning: including too many langauges may impact performance) see: https://highlightjs.org/static/demo/ for a demo"
 
-    embeddable_hosts: "Host(s) that can embed the comments from this Discourse forum. Hostname only, do not begin with http://"
     feed_polling_enabled: "EMBEDDING ONLY: Whether to embed a RSS/ATOM feed as posts."
     feed_polling_url: "EMBEDDING ONLY: URL of RSS/ATOM feed to embed."
     embed_by_username: "Discourse username of the user who creates the embedded topics."
     embed_username_key_from_feed: "Key to pull discourse username from feed."
     embed_truncate: "Truncate the embedded posts."
-    embed_category: "Category of embedded topics."
     embed_post_limit: "Maximum number of posts to embed."
     embed_whitelist_selector: "CSS selector for elements that are allowed in embeds."
     embed_blacklist_selector: "CSS selector for elements that are removed from embeds."