app/controllers/external_redirect/external_redirect_controller.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

# frozen_string_literal: true

module ExternalRedirect
  class ExternalRedirectController < ApplicationController
    feature_category :navigation
    skip_before_action :authenticate_user!
    before_action :check_url_param

    def index
      if known_url?
        redirect_to url_param
      else
        render layout: 'fullscreen', locals: {
          minimal: true,
          url: url_param
        }
      end
    end

    private

    def url_param
      params['url']&.strip
    end

    def known_url?
      uri_data = Addressable::URI.parse(url_param)

      uri_data.site == Gitlab.config.gitlab.url
    end

    def check_url_param
      render_404 unless ::Gitlab::UrlSanitizer.valid_web?(url_param)
    end
  end
end