From 609f7ea083fde11eaa50658a457ae6df2a309c9b Mon Sep 17 00:00:00 2001
From: Pierce Lally <pierce@vulpes.dev>
Date: Wed, 23 Aug 2023 18:15:44 -0400
Subject: [PATCH] Replace html urls (#33)

* replace urls in html and javascript with safe urls

* remove file

* remove temporary wrap functions

* remove most starfall domains

* apply CFCHTTP.RedirectURL to OpenURL wrap

* use concat and not string.format
---
 gluatest.yaml                                 |  2 +
 lua/.luarc.json                               |  5 --
 .../client/wrap_functions.lua                 | 56 +++++++++----------
 lua/cfc_http_restrictions/default_config.lua  | 12 +---
 lua/cfc_http_restrictions/shared/url.lua      | 19 ++++++-
 lua/tests/cfc_cl_http_whitelist/url.lua       |  9 ++-
 6 files changed, 53 insertions(+), 50 deletions(-)
 create mode 100644 gluatest.yaml
 delete mode 100644 lua/.luarc.json

diff --git a/gluatest.yaml b/gluatest.yaml
new file mode 100644
index 0000000..363337d
--- /dev/null
+++ b/gluatest.yaml
@@ -0,0 +1,2 @@
+config:
+  gamemode: sandbox
diff --git a/lua/.luarc.json b/lua/.luarc.json
deleted file mode 100644
index 8a11435..0000000
--- a/lua/.luarc.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-    "diagnostics.globals": [
-        "expect"
-    ]
-}
diff --git a/lua/cfc_http_restrictions/client/wrap_functions.lua b/lua/cfc_http_restrictions/client/wrap_functions.lua
index a5b14e4..009b36b 100644
--- a/lua/cfc_http_restrictions/client/wrap_functions.lua
+++ b/lua/cfc_http_restrictions/client/wrap_functions.lua
@@ -168,44 +168,40 @@ local function wrapHTMLPanel( panelName )
     _G[runJavascript] = _G[runJavascript] or controlTable.RunJavascript
 
     controlTable.SetHTML = function( self, html, ... )
-        local urls, err = CFCHTTP.FileTypes.HTML.GetURLSFromData( html )
-        local options = CFCHTTP.GetOptionsForURLs( urls )
-
-        local isAllowed
-        if #urls == 0 then
-            isAllowed = true
-        else
-            isAllowed = err == nil and options.combined and options.combined.allowed
-        end
-
         local stack = string.Split( debug.traceback(), "\n" )
-        logRequest( "GET", options.combinedUri, stack[3], isAllowed )
 
-        if not isAllowed then
-            html = [[<h1>BLOCKED By CFC HTTP Whitelist</h1>]]
-        end
+        html = CFCHTTP.ReplaceURLs( html, function( url )
+            local options = CFCHTTP.GetOptionsForURL( url )
+            local isAllowed = options and options.allowed
+            local noisy = true -- this will be really spammy so set it to noisy by default
+
+            logRequest( "GET", url, stack[3], isAllowed, noisy )
+
+            if not isAllowed then
+                return CFCHTTP.GetRedirectURL( url )
+            end
+
+            return url
+        end )
 
         return _G[setHTML]( self, html, ... )
     end
 
     controlTable.RunJavascript = function( self, js )
-        local urls, err = CFCHTTP.FileTypes.HTML.GetURLSFromData( js )
-        local options = CFCHTTP.GetOptionsForURLs( urls )
-
-        local isAllowed
-        if #urls == 0 then
-            return _G[runJavascript]( self, js )
-        else
-            isAllowed = err == nil and options.combined and options.combined.allowed
-        end
-
         local stack = string.Split( debug.traceback(), "\n" )
-        logRequest( "GET", options.combinedUri, stack[3], isAllowed )
+        js = CFCHTTP.ReplaceURLs( js, function( url )
+            local options = CFCHTTP.GetOptionsForURL( url )
+            local isAllowed = options and options.allowed
+            local noisy = true -- this will be really spammy so set it to noisy by default
 
-        if not isAllowed then
-            return
-        end
+            logRequest( "GET", url, stack[3], isAllowed, noisy )
 
+            if not isAllowed then
+                return CFCHTTP.GetRedirectURL( url )
+            end
+
+            return url
+        end )
         return _G[runJavascript]( self, js )
     end
 
@@ -217,7 +213,9 @@ local function wrapHTMLPanel( panelName )
         local stack = string.Split( debug.traceback(), "\n" )
         logRequest( "GET", url, stack[3], isAllowed, noisy )
 
-        if not isAllowed then return end
+        if not isAllowed then
+            url = CFCHTTP.GetRedirectURL( url )
+        end
 
         return _G[openURL]( self, url, ... )
     end
diff --git a/lua/cfc_http_restrictions/default_config.lua b/lua/cfc_http_restrictions/default_config.lua
index 7962baa..55ba4eb 100644
--- a/lua/cfc_http_restrictions/default_config.lua
+++ b/lua/cfc_http_restrictions/default_config.lua
@@ -20,6 +20,9 @@ local config = {
         allowed = false,
     },
     addresses = {
+        -- this is used internally by this addon, removing it could cause issues
+        ["gmhttp.pages.dev"] = { allowed = true, noisy = true, permanent = true },
+
         ["google.com"] = { allowed = true, noisy = true },
         ["www.google.com"] = { allowed = true, noisy = true },
 
@@ -92,18 +95,9 @@ local config = {
         -- media player
         ["samuelmaddock.github.io"] = { allowed = true },
 
-        -- domains starfall docs have that get caught by the html whitelist
-        ["npms.io"] = { allowed = true },
-        ["fb.me"] = { allowed = true },
-        ["reactjs.org"] = { allowed = true },
-        ["www.w3.org"] = { allowed = true },
-        ["www.cplusplus.com"] = { allowed = true },
         ["wiki.garrysmod.com"] = { allowed = true },
         ["en.wikipedia.org"] = { allowed = true },
-        ["mydomain.com"] = { allowed = true },
         ["developer.mozilla.org"] = { allowed = true },
-        ["w3.impa.br"] = { allowed = true },
-
     }
 }
 
diff --git a/lua/cfc_http_restrictions/shared/url.lua b/lua/cfc_http_restrictions/shared/url.lua
index 3191f68..7460f42 100644
--- a/lua/cfc_http_restrictions/shared/url.lua
+++ b/lua/cfc_http_restrictions/shared/url.lua
@@ -6,7 +6,7 @@
 
 
 CFCHTTP.URLPattern = "(%a+)://([^:/ \t]+):?(%d*)/?.*"
-CFCHTTP.URLPatternNoGroups = "%a+://[^:/ \t\"]+:?%d*/?[^\n\" ]*"
+CFCHTTP.URLPatternNoGroups = "%a+://[^:/ \t\"]+:?%d*/?[^\n\" \\]*"
 
 ---@param url string
 ---@return URLData
@@ -34,8 +34,23 @@ function CFCHTTP.FindURLs( text )
     return urls
 end
 
+function CFCHTTP.GetRedirectURL( url )
+    url = string.Replace( url, "\n", "" )
+    url = string.Trim( url )
+    local b64 = util.Base64Encode( url, true )
+    return "https://gmhttp.pages.dev/redirect?url=" .. b64
+end
+
+---@param text string
+---@param f fun( url:string ):string
+---@return string
+function CFCHTTP.ReplaceURLs( text, f )
+    local html = string.gsub( text, CFCHTTP.URLPatternNoGroups, f )
+    return html
+end
+
 local parsedAddressCache = {}
----@parm url string
+---@param url string
 ---@return string|nil
 function CFCHTTP.GetAddress( url )
     if not url then return end
diff --git a/lua/tests/cfc_cl_http_whitelist/url.lua b/lua/tests/cfc_cl_http_whitelist/url.lua
index 59f1067..4dd403b 100644
--- a/lua/tests/cfc_cl_http_whitelist/url.lua
+++ b/lua/tests/cfc_cl_http_whitelist/url.lua
@@ -19,12 +19,11 @@ local htmlBlobs = [[
     </html>
 ]]
 
-return {
+---@type GLuaTestTestGroup
+local group = {
     groupName = "CFC HTTP Whitelist Domains",
     cases = {
         {
-            timeout = 3,
-            async = false,
             name = "Should get addresses from urls",
             func = function()
                 for _, urlData in pairs( testUrls ) do
@@ -40,8 +39,6 @@ return {
             end
         },
         {
-            timeout = 3,
-            async = false,
             name = "Get address should return expected data",
             func = function()
                 for _, urlData in pairs( testUrls ) do
@@ -52,3 +49,5 @@ return {
         },
     }
 }
+
+return group