Class: Parse::Hyperdrive

Inherits:
Object
  • Object
show all
Defined in:
lib/parse/stack.rb

Overview

Special class to support Modernistik Hyperdrive server.

Class Method Summary collapse

Class Method Details

.config!(url = nil) ⇒ Boolean

Applies a remote JSON hash containing the ENV keys and values from a remote URL. Values from the JSON hash are only applied to the current ENV hash ONLY if it does not already have a value. Therefore local ENV values will take precedence over remote ones. By default, it uses the url in environment value in ‘CONFIG_URL’ or ‘HYPERDRIVE_URL’.

Parameters:

  • url (String) (defaults to: nil)

    the remote url that responds with the JSON body.

Returns:

  • (Boolean)

    true if the JSON hash was found and applied successfully.



381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
 
# File 'lib/parse/stack.rb', line 381

def self.config!(url = nil)
  url ||= ENV["HYPERDRIVE_URL"] || ENV["CONFIG_URL"]
  return false if url.blank?

  begin
    uri = URI.parse(url)

    # Security: Only allow HTTPS or localhost HTTP for development
    unless uri.is_a?(URI::HTTPS) || (uri.is_a?(URI::HTTP) && %w[localhost 127.0.0.1].include?(uri.host))
      warn "[Parse::Stack] Security: Config URL must be HTTPS (got: #{url})"
      return false
    end

    # Use Net::HTTP instead of open-uri to avoid command injection via pipe characters
    http = Net::HTTP.new(uri.host, uri.port)
    http.use_ssl = uri.scheme == "https"
    http.open_timeout = 10
    http.read_timeout = 10

    request = Net::HTTP::Get.new(uri.request_uri)
    response = http.request(request)

    unless response.is_a?(Net::HTTPSuccess)
      warn "[Parse::Stack] Config fetch failed: #{url} (HTTP #{response.code})"
      return false
    end

    # Parse JSON safely
    remote_config = JSON.parse(response.body)

    unless remote_config.is_a?(Hash)
      warn "[Parse::Stack] Config must be a JSON object: #{url}"
      return false
    end

    remote_config.each do |key, value|
      k = key.to_s.upcase
      # Validate key format to prevent injection
      next unless k.match?(/\A[A-Z][A-Z0-9_]*\z/)
      next unless ENV[k].nil?
      ENV[k] = value.to_s
    end
    true
  rescue URI::InvalidURIError => e
    warn "[Parse::Stack] Invalid config URL: #{url} (#{e.message})"
    false
  rescue JSON::ParserError => e
    warn "[Parse::Stack] Invalid JSON in config: #{url} (#{e.message})"
    false
  rescue StandardError => e
    warn "[Parse::Stack] Error loading config: #{url} (#{e.class}: #{e.message})"
    false
  end
end