2024-04-29 00:17:15 +02:00
# frozen_string_literal: true
2024-02-20 10:31:10 +01:00
# We need to ensure the embed code is not any random string in order to avoid injections
2019-07-17 17:13:08 +02:00
class MonAvisEmbedValidator < ActiveModel :: Validator
2024-02-20 10:31:10 +01:00
class MonAvisEmbedError < StandardError ; end
# from time to time, they decide to change domain just for fun. if it breaks, check the new subdomain
KNOWN_SUBDOMAIN = [ 'jedonnemonavis' , 'monavis' , 'voxusagers' ]
HREF_CHECKER = / https: \/ \/ #{ KNOWN_SUBDOMAIN . join ( '|' ) } .numerique.gouv.fr \/ Demarches \/ \ d+.*key=[[:alnum:]]+.* /
IMG_CHECKER = / https: \/ \/ #{ KNOWN_SUBDOMAIN . join ( '|' ) } .numerique.gouv.fr \/ (monavis-)?static \/ bouton-blanc|bleu.png|svg /
2019-07-17 17:13:08 +02:00
def validate ( record )
2024-02-20 10:31:10 +01:00
if record . monavis_embed . present?
embed = Nokogiri :: HTML ( record . monavis_embed )
check_link ( embed . css ( 'a' ) )
check_img ( embed . css ( 'img' ) )
2019-07-17 17:13:08 +02:00
end
2024-02-20 10:31:10 +01:00
rescue MonAvisEmbedError = > e
2024-03-14 18:14:57 +01:00
record . errors . add :monavis_embed , :invalid , message : " Le code fourni ne correspond pas au format des codes MonAvis reconnus par la plateforme. #{ e . message } "
2024-02-20 10:31:10 +01:00
rescue # nokogiri
2024-03-14 18:14:57 +01:00
record . errors . add :monavis_embed , :invalid , message : " Le code fourni ne correspond pas au format des codes MonAvis reconnus par la plateforme. "
2024-02-20 10:31:10 +01:00
end
def check_link ( links )
raise MonAvisEmbedError . new ( " le code monavis doit comporter un seul lien " ) if links . size != 1
raise MonAvisEmbedError . new ( " le lien du bouton mon avis doit pointer vers le bon domaine " ) if ! HREF_CHECKER . match? ( links . first [ 'href' ] )
end
def check_img ( imgs )
raise MonAvisEmbedError . new ( " le code monavis doit comporter une seule image " ) if imgs . size != 1
raise MonAvisEmbedError . new ( " l'image du bouton mon avis ne pointe pas vers le bon domaine " ) if ! IMG_CHECKER . match? ( imgs . first [ 'src' ] )
raise MonAvisEmbedError . new ( " l'image du bouton mon avis n'a pas d'attribut alt " ) if imgs . first [ 'alt' ] . blank?
2019-07-17 17:13:08 +02:00
end
end