config option to check root domain with URL previews

Signed-off-by: strawberry <strawberry@puppygock.gay>

src/api/client_server/media.rs

@@ -541,34 +541,62 @@ fn url_preview_allowed(url_str: &str) -> bool {
 
     if !host.is_empty() {
         if allowlist_domain_explicit.contains(&host) {
+            debug!(
+                "Host {} is allowed by url_preview_domain_explicit_allowlist (check 1/3)",
+                &host
+            );
             return true;
         }
-        debug!(
-            "Host {} is allowed by url_preview_domain_explicit_allowlist (check 1/3)",
-            &host
-        );
 
         if allowlist_domain_contains
             .iter()
             .any(|domain_s| domain_s.contains(&host.clone()))
         {
+            debug!(
+                "Host {} is allowed by url_preview_domain_contains_allowlist (check 2/3)",
+                &host
+            );
             return true;
         }
-        debug!(
-            "Host {} is allowed by url_preview_domain_contains_allowlist (check 2/3)",
-            &host
-        );
 
         if allowlist_url_contains
             .iter()
             .any(|url_s| url.to_string().contains(&url_s.to_string()))
         {
+            debug!(
+                "URL {} is allowed by url_preview_url_contains_allowlist (check 3/3)",
+                &host
+            );
             return true;
         }
-        debug!(
-            "URL {} is allowed by url_preview_url_contains_allowlist (check 3/3)",
-            &host
-        );
+
+        // check root domain if available and if user has root domain checks
+        if services().globals.url_preview_check_root_domain() {
+            debug!("Checking root domain");
+            match host.split_once('.') {
+                None => return false,
+                Some((_, root_domain)) => {
+                    if allowlist_domain_explicit.contains(&root_domain.to_owned()) {
+                        debug!(
+                        "Root domain {} is allowed by url_preview_domain_explicit_allowlist (check 1/3)",
+                        &root_domain
+                    );
+                        return true;
+                    }
+
+                    if allowlist_domain_contains
+                        .iter()
+                        .any(|domain_s| domain_s.contains(&root_domain.to_owned()))
+                    {
+                        debug!(
+                    "Root domain {} is allowed by url_preview_domain_contains_allowlist (check 2/3)",
+                    &root_domain
+                );
+                        return true;
+                    }
+                }
+            }
+        }
     }
 
     false

src/config/mod.rs

@@ -142,6 +142,8 @@ pub struct Config {
     pub url_preview_url_contains_allowlist: Vec<String>,
     #[serde(default = "default_url_preview_max_spider_size")]
     pub url_preview_max_spider_size: usize,
+    #[serde(default)]
+    pub url_preview_check_root_domain: bool,
 
     #[serde(default = "RegexSet::empty")]
     #[serde(with = "serde_regex")]
@@ -374,6 +376,10 @@ impl fmt::Display for Config {
                 "URL preview maximum spider size",
                 &self.url_preview_max_spider_size.to_string(),
             ),
+            (
+                "URL preview check root domain",
+                &self.url_preview_check_root_domain.to_string(),
+            ),
         ];
 
         let mut msg: String = "Active config values:\n\n".to_owned();

src/service/globals/mod.rs

@@ -416,6 +416,10 @@ impl Service<'_> {
         self.config.url_preview_max_spider_size
     }
 
+    pub fn url_preview_check_root_domain(&self) -> bool {
+        self.config.url_preview_check_root_domain
+    }
+
     pub fn forbidden_room_names(&self) -> &RegexSet {
         &self.config.forbidden_room_names
     }