Fix wrong domains not allowed

Author: leobz

lib/bookmark/archives.ex

@@ -210,15 +210,16 @@ defmodule Bookmark.Archives do
   end
 
   defp check_nsfw_domain(url) do
+    domain = Utils.get_domain(url)
+
     blocked_domains =
       :bookmark
       |> :code.priv_dir()
       |> Path.join("/static/blocked_domains.txt")
       |> File.read!()
       |> String.split("\n", trim: true)
 
-    blocked_domains
-    |> Enum.find(&String.contains?(url, &1))
+    Enum.find(blocked_domains, fn blocked_domain -> blocked_domain == domain end)
   end
 
   defp archivebox_url() do

lib/bookmark/utils.ex

@@ -5,4 +5,23 @@ defmodule Bookmark.Utils do
     |> Map.put(:query, nil)
     |> URI.to_string()
   end
+
+  # Extracts the domain from a url
+  # Example: www.sub1.sub2.sub3.domain.com/path -> domain.com
+  def get_domain(url) do
+    case URI.parse(url) do
+      %{authority: nil} ->
+        url
+
+      %{authority: host} ->
+        # sub1.sub2.sub3.domain.com -> 3
+        subdomains = (host |> String.split(".") |> length()) - 2
+        if subdomains >= 1 do
+          subdomains = String.split(host, ".", parts: subdomains + 1)
+          List.last(subdomains)
+        else
+          host
+        end
+    end
+  end
 end

test/bookmark/bookmark_context_test.exs

@@ -14,22 +14,14 @@ defmodule Bookmark.ArchivesTest do
 
     @invalid_attrs %{name: nil}
 
+    #********************************** Get Archives  *********************************#
+
     test "list_archives/0 returns all archives" do
       archive = archive_fixture()
       [archive_from_list] = Archives.list_archives()
       assert archive_from_list |> Bookmark.Repo.preload(:user) == archive
     end
 
-    test "create_archive/1 with valid data creates a archive" do
-      valid_attrs = %{name: "some name"}
-
-      assert {:ok, %Archive{} = archive} = Archives.create_archive(valid_attrs, nil)
-      assert archive.name == "some name"
-    end
-
-    test "create_archive/1 with invalid data returns error changeset" do
-      assert_raise(MatchError,  fn -> Archives.create_archive(@invalid_attrs, nil) end)
-    end
 
     test "get_archives_by_user/1 returns all archives from the user" do
       # Create 2 users
@@ -59,6 +51,20 @@ defmodule Bookmark.ArchivesTest do
         Bookmark.Archives.get_archives_by_user(user2) |> Enum.map(fn a -> Bookmark.Repo.preload(a, :user) end)
     end
 
+    #********************************** Create Archives  *********************************#
+
+    test "create_archive/1 with valid data creates a archive" do
+      valid_attrs = %{name: "some name"}
+
+      assert {:ok, %Archive{} = archive} = Archives.create_archive(valid_attrs, nil)
+      assert archive.name == "some name"
+    end
+
+    test "create_archive/1 with invalid data returns error changeset" do
+      assert_raise(MatchError,  fn -> Archives.create_archive(@invalid_attrs, nil) end)
+    end
+
+
     test "archive_url/2 with valid data creates archives" do
       # Mocked functions
       Mimic.expect(Req, :post, fn _url, _opts -> archivebox_response("archive/some_id") end)
@@ -70,6 +76,21 @@ defmodule Bookmark.ArchivesTest do
       assert archive.title == "some_title"
     end
 
+    test "Avoid archive if url is blocked" do
+      # Blocked URL
+      assert {:error, :domain_not_allowed} = Archives.archive_url("https://es.pornhub.com/", nil)
+      assert {:error, :domain_not_allowed} = Archives.archive_url("https://s1.s2.s3.s4.sex.com/", nil)
+
+      # Not blocked URL
+      Mimic.expect(Req, :post, fn url, _opts -> archivebox_response("archive/_id") end)
+      Mimic.expect(Archives, :get_title, fn _archive ->  "_" end )
+
+      allowed_url = "https://whyisthisinteresting.substack.com/p/the-platinum-photography-edition"
+      assert {:ok, %Archive{} = _archive} = Archives.archive_url(allowed_url, nil)
+    end
+
+    #********************************** Bulk Archives  *********************************#
+
     test "bulk_archives/3 with valid data creates archives" do
       # Mocked functions
       Mimic.expect(Req, :post, 2, fn _url, _opts ->  archivebox_response("archive/some_id") end)