Merge pull request cachethq#12 from fiveai/6-disable-external-http

cachethq#6 Provide option to disable external http requests when hosting behind a firewall
MathisG-Recia · Jan 27, 2021 · 3947f0d · 3947f0d
2 parents 082020e + 0c6fc2d
commit 3947f0d
Show file tree

Hide file tree

Showing 22 changed files with 266 additions and 236 deletions.
diff --git a/app/Http/Controllers/Api/GeneralController.php b/app/Http/Controllers/Api/GeneralController.php
@@ -40,10 +40,14 @@ public function version()
     {
         $latest = app()->make(Releases::class)->latest();
 
-        return $this->setMetaData([
-            'on_latest' => version_compare(CACHET_VERSION, $latest['tag_name']) === 1,
-            'latest'    => $latest,
-        ])->item(CACHET_VERSION);
+        if ($latest) {
+            $this->setMetaData([
+                'on_latest' => version_compare(CACHET_VERSION, $latest['tag_name']) === 1,
+                'latest'    => $latest,
+            ]);
+        }
+
+        return $this->item(CACHET_VERSION);
     }
 
     /**

diff --git a/app/Http/Controllers/Dashboard/DashboardController.php b/app/Http/Controllers/Dashboard/DashboardController.php
@@ -12,7 +12,6 @@
 namespace CachetHQ\Cachet\Http\Controllers\Dashboard;
 
 use CachetHQ\Cachet\Bus\Commands\User\WelcomeUserCommand;
-use CachetHQ\Cachet\Integrations\Contracts\Feed;
 use CachetHQ\Cachet\Models\Component;
 use CachetHQ\Cachet\Models\ComponentGroup;
 use CachetHQ\Cachet\Models\Incident;
@@ -45,13 +44,6 @@ class DashboardController extends Controller
      */
     protected $timeZone;
 
-    /**
-     * The feed integration.
-     *
-     * @var \CachetHQ\Cachet\Integrations\Contracts\Feed
-     */
-    protected $feed;
-
     /**
      * The user session object.
      *
@@ -62,14 +54,12 @@ class DashboardController extends Controller
     /**
      * Creates a new dashboard controller instance.
      *
-     * @param \CachetHQ\Cachet\Integrations\Contracts\Feed $feed
      * @param \Illuminate\Contracts\Auth\Guard             $guard
      *
      * @return void
      */
-    public function __construct(Feed $feed, Guard $guard)
+    public function __construct(Guard $guard)
     {
-        $this->feed = $feed;
         $this->guard = $guard;
         $this->startDate = new Date();
         $this->dateTimeZone = Config::get('cachet.timezone');
@@ -104,19 +94,11 @@ public function showDashboard()
             execute(new WelcomeUserCommand(Auth::user()));
         }
 
-        $entries = null;
-        if ($feed = $this->feed->latest()) {
-            if (is_object($feed)) {
-                $entries = array_slice($feed->channel->item, 0, 5);
-            }
-        }
-
         return View::make('dashboard.index')
             ->withPageTitle(trans('dashboard.dashboard'))
             ->withComponents($components)
             ->withIncidents($incidents)
             ->withSubscribers($subscribers)
-            ->withEntries($entries)
             ->withComponentGroups($componentGroups)
             ->withUngroupedComponents($ungroupedComponents)
             ->withWelcomeUser($welcomeUser);

diff --git a/app/Http/Controllers/Dashboard/SettingsController.php b/app/Http/Controllers/Dashboard/SettingsController.php
@@ -115,6 +115,11 @@ public function __construct()
             ],
         ];
 
+        // Remove the credits link if we cannot look them up
+        if (Config::get('cachet.internet_lookups') === false) {
+            unset($this->subMenu['credits']);
+        }
+
         View::share([
             'subTitle' => trans('dashboard.settings.settings'),
             'subMenu'  => $this->subMenu,
@@ -244,21 +249,28 @@ public function showStylesheetView()
      */
     public function showCreditsView()
     {
+        if (Config::get('cachet.internet_lookups') === false) {
+            abort(403, 'Outbound Internet Lookups Disabled');
+        }
+
         $this->subMenu['credits']['active'] = true;
 
         $credits = app(Credits::class)->latest();
 
-        $backers = $credits['backers'];
-        $contributors = $credits['contributors'];
+        if ($credits) {
+            $backers = $credits['backers'];
+            $contributors = $credits['contributors'];
 
-        shuffle($backers);
-        shuffle($contributors);
+            shuffle($backers);
+            shuffle($contributors);
+        }
 
         return View::make('dashboard.settings.credits')
             ->withPageTitle(trans('dashboard.settings.credits.credits').' - '.trans('dashboard.dashboard'))
-            ->withBackers($backers)
-            ->withContributors($contributors)
-            ->withSubMenu($this->subMenu);
+            ->withBackers(($credits) ? $backers : false)
+            ->withContributors(($credits) ? $contributors : false)
+            ->withSubMenu($this->subMenu)
+            ->withErrors((!$credits) ? trans('dashboard.settings.credits.unable-to-load') : null);
     }
 
     /**

diff --git a/app/Integrations/Contracts/Feed.php b/app/Integrations/Contracts/Feed.php
diff --git a/app/Integrations/Core/Credits.php b/app/Integrations/Core/Credits.php
@@ -52,17 +52,27 @@ class Credits implements CreditsContract
      */
     protected $url;
 
+    /**
+     * Are outbound HTTP requests to the internet allowed by
+     * this installation
+     *
+     * @var bool
+     */
+    protected $enabled;
+
     /**
      * Creates a new credits instance.
      *
      * @param \Illuminate\Contracts\Cache\Repository $cache
+     * @param bool                                   $enabled
      * @param string|null                            $url
      *
      * @return void
      */
-    public function __construct(Repository $cache, $url = null)
+    public function __construct(Repository $cache, bool $enabled = true, $url = null)
     {
         $this->cache = $cache;
+        $this->enabled = $enabled;
         $this->url = $url ?: static::URL;
     }
 
@@ -73,10 +83,16 @@ public function __construct(Repository $cache, $url = null)
      */
     public function latest()
     {
+        if (!$this->enabled) {
+            return null;
+        }
+
         $result = $this->cache->remember('credits', 2880, function () {
             try {
                 return json_decode((new Client())->get($this->url, [
                     'headers' => ['Accept' => 'application/json', 'User-Agent' => defined('CACHET_VERSION') ? 'cachet/'.constant('CACHET_VERSION') : 'cachet'],
+                    'timeout' => 5,
+                    'connect_timeout' => 5,
                 ])->getBody(), true);
             } catch (Exception $e) {
                 return self::FAILED;

diff --git a/app/Integrations/Core/Feed.php b/app/Integrations/Core/Feed.php
diff --git a/app/Integrations/GitHub/Releases.php b/app/Integrations/GitHub/Releases.php
@@ -15,6 +15,7 @@
 use CachetHQ\Cachet\Integrations\Contracts\Releases as ReleasesContract;
 use GuzzleHttp\Client;
 use Illuminate\Contracts\Cache\Repository;
+use Illuminate\Support\Facades\Log;
 
 class Releases implements ReleasesContract
 {
@@ -32,6 +33,14 @@ class Releases implements ReleasesContract
      */
     const FAILED = 1;
 
+    /**
+     * The GuzzleHTTP client instance for making the requests
+     *
+     * @var \GuzzleHttp\Client
+     *
+     */
+    protected $client;
+
     /**
      * The cache repository instance.
      *
@@ -53,18 +62,29 @@ class Releases implements ReleasesContract
      */
     protected $url;
 
+    /**
+     * Are outbound HTTP requests to the internet allowed by
+     * this installation
+     *
+     * @var bool
+     */
+    protected $enabled;
+
     /**
      * Creates a new releases instance.
      *
+     * @param \GuzzleHttp\Client                     $client
      * @param \Illuminate\Contracts\Cache\Repository $cache
      * @param string|null                            $token
      * @param string|null                            $url
      *
      * @return void
      */
-    public function __construct(Repository $cache, $token = null, $url = null)
+    public function __construct(Client $client, Repository $cache, bool $enabled = true, $token = null, $url = null)
     {
+        $this->client = $client;
         $this->cache = $cache;
+        $this->enabled = $enabled;
         $this->token = $token;
         $this->url = $url ?: static::URL;
     }
@@ -76,6 +96,10 @@ public function __construct(Repository $cache, $token = null, $url = null)
      */
     public function latest()
     {
+        if (!$this->enabled) {
+            return null;
+        }
+
         $release = $this->cache->remember('release.latest', 720, function () {
             $headers = ['Accept' => 'application/vnd.github.v3+json', 'User-Agent' => defined('CACHET_VERSION') ? 'cachet/'.constant('CACHET_VERSION') : 'cachet'];
 
@@ -85,12 +109,21 @@ public function latest()
 
             event(new SystemCheckedForUpdatesEvent());
 
-            return json_decode((new Client())->get($this->url, [
-                'headers' => $headers,
-            ])->getBody(), true);
+            try {
+                return json_decode($this->client->get($this->url, [
+                    'headers' => $headers,
+                    'timeout' => 5,
+                    'connect_timeout' => 5,
+                ])->getBody(), true);
+
+            } catch (\Exception $e) {
+                Log::warning('Unable to lookup latest Cachet release. ' . $e->getMessage());
+                return self::FAILED;
+            }
+
         });
 
-        return [
+        return $release === self::FAILED ? null : [
             'tag_name' => $release['tag_name'],
             'prelease' => $release['prerelease'],
             'draft'    => $release['draft'],