Add url format validator

.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+Gemfile.lock

.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

Gemfile

@@ -0,0 +1,3 @@
+source "https://rubygems.org"
+
+gemspec

LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2021 Yury Hapanovich
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

README.md

@@ -0,0 +1,85 @@
+# ValidatesUrlFormat
+
+This gem helps to validate URLs using ActiveModel.
+
+## Installation
+
+Add this to your `Gemfile`:
+
+```ruby
+gem 'validates_url_format'
+```
+And then execute:
+
+```sh
+bundle install
+```
+
+Or install it yourself:
+
+```sh
+gem install validates_url_format
+```
+
+## Usage
+
+### With ActiveRecord
+```ruby
+class Model < ActiveRecord::Base
+  attr_accessor :url, :second_url
+
+  validates_url_format_of :url, allow_blank: true
+  validates :second_url, url_format: { allow_blank: true }
+end
+```
+
+### With ActiveModel
+
+```ruby
+class Model
+  include ActiveModel::Validations
+
+  attr_accessor :url
+
+  validates_url_format_of :url, allow_blank: true
+end
+```
+
+Configuration options:
+- :messages - A custom error messages hash. Default is:
+    DEFAULT_MESSAGES = {
+      valid_url: 'is a valid URL',
+      invalid_url: 'is not a valid URL',
+      nil_or_blank_url: 'is nil or blank URL',
+      invalid_scheme: 'a URL has invalid scheme',
+      invalid_userinfo: 'a URL has invalid user info',
+      local_url: 'is a local URL',
+      space_symbol: 'a URL has space symbol',
+      public_suffix: 'a URL is invalid by public suffix'
+    }
+- :allow_nil - If set to true, skips this validation if the attribute is nil (default is false).
+- :allow_blank - If set to true, skips this validation if the attribute is blank (default is false).
+- :schemes - Array of URI schemes to validate against. (default is ['http', 'https'])
+- :public_suffix - If set to true, validates domain name by public suffix. (default is false)
+- :no_local - If set to true, filtrates local adresses. (default is false)
+
+### Plain Ruby
+
+```ruby
+ValidatesUrlFormat::Validator.new(options).validate(value)
+```
+Returns hash { valid: (true or false), message:  message_symbol }
+Message symbols: :valid_url, :invalid_url, :nil_or_blank_url, :invalid_scheme,
+                 :invalid_userinfo, :local_url, :space_symbol, :public_suffix
+Options:
+- :schemes - Array of URI schemes to validate against. (default is ['http', 'https'])
+- :public_suffix - If set to true, validates domain name by public suffix. (default is false)
+- :no_local - If set to true, filtrates local adresses. (default is false)
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/validates_url_format.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

lib/validates_url_format.rb

@@ -0,0 +1,54 @@
+require 'active_model'
+require 'validates_url_format/validator'
+
+module ActiveModel
+  module Validations
+    class UrlFormatValidator < ActiveModel::EachValidator
+      DEFAULT_MESSAGES = {
+        valid_url: 'is a valid URL',
+        invalid_url: 'is not a valid URL',
+        nil_or_blank_url: 'is nil or blank URL',
+        invalid_scheme: 'a URL has invalid scheme',
+        invalid_userinfo: 'a URL has invalid user info',
+        local_url: 'is a local URL',
+        space_symbol: 'a URL has space symbol',
+        public_suffix: 'a URL is invalid by public suffix'
+      }
+      DEFAULT_SCHEMES = %w(http https)
+
+      def initialize(options)
+        options[:messages] = (options[:messages] || {}).reverse_merge(DEFAULT_MESSAGES)
+        options.reverse_merge!(no_local: false, public_suffix: false)
+
+        super(options)
+      end
+
+      def validate_each(record, attribute, value)
+        return record.errors.add(attribute, options.dig(:messages, :invalid_url), value: value) unless value.is_a?(String)
+        validation_result = ValidatesUrlFormat::Validator.new(options).validate(value)
+        record.errors.add(attribute, options.dig(:messages, validation_result[:message]), value: value) unless validation_result[:valid]
+      end
+    end
+
+    module ClassMethods
+      # Validates whether the value of the specified attribute is valid url.
+      #
+      #  class Model
+      #    include ActiveModel::Validations
+      #    validates_url_format_of :homepage, allow_blank: true, schemes: ['ftp']
+      #  end
+      #
+      # Configuration options:
+      #   :messages - A custom error messages (default is DEFAULT_MESSAGES).
+      #   :allow_nil - If set to true, skips this validation if the attribute is nil (default is false).
+      #   :allow_blank - If set to true, skips this validation if the attribute is blank (default is false).
+      #   :schemes - Array of URI schemes to validate against. (default is ['http', 'https'])
+      #   :public_suffix - If set to true, validates domain name by public suffix. (default is false)
+      #   :no_local - If set to true, filtrates local adresses. (default is false)
+
+      def validates_url_format_of(*attr_names)
+        validates_with UrlFormatValidator, _merge_attributes(attr_names)
+      end
+    end
+  end
+end

lib/validates_url_format/validator.rb

@@ -0,0 +1,124 @@
+require 'public_suffix'
+require 'ipaddr'
+
+module ValidatesUrlFormat
+  class Validator
+    IPv4_PART   = /\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5]/  # 0-255
+    IPv4_REGEXP = %r{\A(#{IPv4_PART}(\.#{IPv4_PART}){3})\z}
+    IPv6_REGEXP = %r{
+      (
+      ([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|          # 1:2:3:4:5:6:7:8
+      ([0-9a-fA-F]{1,4}:){1,7}:|                         # 1::                              1:2:3:4:5:6:7::
+      ([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|         # 1::8             1:2:3:4:5:6::8  1:2:3:4:5:6::8
+      ([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|  # 1::7:8           1:2:3:4:5::7:8  1:2:3:4:5::8
+      ([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|  # 1::6:7:8         1:2:3:4::6:7:8  1:2:3:4::8
+      ([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|  # 1::5:6:7:8       1:2:3::5:6:7:8  1:2:3::8
+      ([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|  # 1::4:5:6:7:8     1:2::4:5:6:7:8  1:2::8
+      [0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|       # 1::3:4:5:6:7:8   1::3:4:5:6:7:8  1::8
+      :((:[0-9a-fA-F]{1,4}){1,7}|:)|                     # ::2:3:4:5:6:7:8  ::2:3:4:5:6:7:8 ::8       ::
+      fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|     # fe80::7:8%eth0   fe80::7:8%1 (link-local IPv6 addresses with zone index)
+      ::(ffff(:0{1,4}){0,1}:){0,1}
+      ((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}
+      (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|          # ::255.255.255.255   ::ffff:255.255.255.255  ::ffff:0:255.255.255.255 (IPv4-mapped IPv6 addresses and IPv4-translated addresses)
+      ([0-9a-fA-F]{1,4}:){1,4}:
+      ((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}
+      (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])           # 2001:db8:3:4::192.0.2.33  64:ff9b::192.0.2.33 (IPv4-Embedded IPv6 Address)
+      )
+    }x
+    ACCEPTED_SCRIPTS = '\p{Common}\p{Latin}\p{Cyrillic}\p{Arabic}\p{Georgian}'
+    # A TLD's maximum length is 63 characters. https://developer.mozilla.org/en-US/docs/Learn/Common_questions/What_is_a_domain_name
+    DOMAINNAME_REGEXP = %r{
+      \A(xn--)?[#{ACCEPTED_SCRIPTS}_]+([-._][#{ACCEPTED_SCRIPTS}]+)*\.[^\d&&[#{ACCEPTED_SCRIPTS}]]{2,63}\.?\z
+    }x
+    ONE_LEVEL_DOMAINNAME_REGEX = %r{\A[^.&&[#{ACCEPTED_SCRIPTS}]]*\z}
+    USERINFO_REGEXP = %r{\A[^:&&[#{ACCEPTED_SCRIPTS}]]+:?[#{ACCEPTED_SCRIPTS}]*\z}
+
+    LOCAL_TOP_DOMAINS = %W(local localhost intranet internet internal private corp home lan)
+
+    DEFAULT_SCHEMES = %w(http https)
+
+    attr_accessor :options
+
+    def initialize(options = {})
+      @options = options
+    end
+
+    def validate(value)
+      return result(false, :nil_or_blank_url) if value.blank?
+
+      schemes = (options[:schemes] || DEFAULT_SCHEMES).map(&:to_s)
+      encoded_value = URI.encode(value)
+      uri = URI.parse(encoded_value)
+      host = uri && uri.host && URI.decode(uri.host)
+      scheme = uri && uri.scheme&.downcase
+
+      return result(false, :invalid_scheme) unless host && scheme && schemes.include?(scheme)
+      return result(false, :invalid_userinfo) unless uri.userinfo.nil? || uri.userinfo.match?(USERINFO_REGEXP)
+
+      case host
+      when IPv6_REGEXP
+        # TODO: Add IPv6 local addresses filtration
+        result(true, :valid_url)
+      when IPv4_REGEXP
+        return result(false, :local_url) if filter_local? && ipv4_local_address?(host)
+
+        result(true, :valid_url)
+      when ONE_LEVEL_DOMAINNAME_REGEX
+        return result(false, :invalid_url) unless domainname_local_address?(host)
+        return result(false, :local_url) if filter_local?
+
+        result(true, :valid_url)
+      when DOMAINNAME_REGEXP
+        return result(false, :space_symbol) if value.include?(' ')
+        return result(false, :local_url) if filter_local? && domainname_local_address?(host)
+        return result(false, :public_suffix) if check_by_publicsuffix? && !PublicSuffix.valid?(host, :default_rule => nil)
+
+        result(true, :valid_url)
+      else
+        result(false, :invalid_url)
+      end
+    rescue URI::InvalidURIError
+      result(false, :invalid_url)
+    end
+
+    private
+
+    def result(valid, message)
+      { valid: valid, message: message }
+    end
+
+    def not_allowed_nil_or_blank?(value)
+      (value.nil? && !options[:allow_nil]) ||
+        (value.blank? && !options[:allow_blank])
+    end
+
+    def filter_local?
+      options[:no_local]
+    end
+
+    def check_by_publicsuffix?
+      options[:public_suffix]
+    end
+
+    def ipv4_local_address?(value)
+      ip = IPAddr.new(value)
+      # 127.0.0.0 - 127.255.255.255 loopback
+      # 10.0.0.0 - 10.255.255.255 private
+      # 192.168.0.0 - 192.168.255.255 private
+      # 172.16.0.0 - 172.31.255.255 private
+      # 169.254.0.0 - 169.254.255.255 link-local
+      return true if ip.loopback? || ip.private? || ip.link_local?
+      return true if ip == '0.0.0.0'          # unknown or non-applicable target
+      return true if ip == '255.255.255.255'  # local broadcast
+
+      false
+    end
+
+    def domainname_local_address?(value)
+      top_level_domain = value.split('.').last
+      return true if LOCAL_TOP_DOMAINS.include?(top_level_domain)
+
+      false
+    end
+  end
+end

lib/validates_url_format/version.rb

@@ -0,0 +1,3 @@
+module ValidatesUrlFormat
+  VERSION = '0.1.0'
+end

spec/models/model.rb

@@ -0,0 +1,7 @@
+class Model
+  include ActiveModel::Validations
+
+  attr_accessor :url
+
+  validates_url_format_of :url
+end

spec/models/model_allow_blank.rb

@@ -0,0 +1,7 @@
+class ModelAllowBlank
+  include ActiveModel::Validations
+
+  attr_accessor :url
+
+  validates_url_format_of :url, allow_blank: true
+end

spec/models/model_allow_nil.rb

@@ -0,0 +1,7 @@
+class ModelAllowNil
+  include ActiveModel::Validations
+
+  attr_accessor :url
+
+  validates_url_format_of :url, allow_nil: true
+end

spec/models/model_custom_scheme.rb

@@ -0,0 +1,7 @@
+class ModelCustomScheme
+  include ActiveModel::Validations
+
+  attr_accessor :url
+
+  validates_url_format_of :url, schemes: ['ftp']
+end

spec/models/model_no_local.rb

@@ -0,0 +1,7 @@
+class ModelNoLocal
+  include ActiveModel::Validations
+
+  attr_accessor :url
+
+  validates_url_format_of :url, no_local: true
+end

spec/models/model_on_create.rb

@@ -0,0 +1,7 @@
+class ModelOnCreate
+  include ActiveModel::Validations
+
+  attr_accessor :url
+
+  validates_url_format_of :url, on: :create
+end

spec/models/model_public_suffix.rb

@@ -0,0 +1,7 @@
+class ModelPublicSuffix
+  include ActiveModel::Validations
+
+  attr_accessor :url
+
+  validates_url_format_of :url, public_suffix: true
+end

spec/spec_helper.rb

@@ -0,0 +1,19 @@
+require 'rspec'
+require 'active_record'
+require 'validates_url_format'
+
+ActiveRecord::Migration.verbose = false
+ActiveRecord::Base.establish_connection(
+    'adapter' => 'sqlite3',
+    'database' => ':memory:'
+)
+
+autoload :Model,                          'models/model'
+autoload :ModelNoLocal,                   'models/model_no_local'
+autoload :ModelAllowBlank,                'models/model_allow_blank'
+autoload :ModelAllowNil,                  'models/model_allow_nil'
+autoload :ModelCustomScheme,              'models/model_custom_scheme'
+autoload :ModelPublicSuffix,              'models/model_public_suffix'
+autoload :ModelOnCreate,                  'models/model_on_create'
+
+RSpec.configure(&:disable_monkey_patching!)