From a3ab9c116fde973ca089f209b13290a9c92e15da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Lorber?= <slorber@users.noreply.github.com>
Date: Thu, 8 Oct 2020 18:40:41 +0200
Subject: [PATCH] feat(v2): prevent using remote image urls in showcase (#3560)

* prevent using remote image urls in showcase

* remove old/duplicate user image self-hosted check

* fix unavailable str.startsWith

* fix external image check due to ideal-image plugin

* fix external image check due to ideal-image plugin
---
 website-1.x/core/Showcase.js |  9 ---------
 website-1.x/data/users.js    | 12 +++++++++++-
 website/src/data/users.js    | 12 ++++++++++++
 3 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/website-1.x/core/Showcase.js b/website-1.x/core/Showcase.js
index 4db077f8a8..d14fe22577 100644
--- a/website-1.x/core/Showcase.js
+++ b/website-1.x/core/Showcase.js
@@ -7,15 +7,6 @@
 
 const React = require('react');
 const PropTypes = require('prop-types');
-const users = require('../data/users');
-
-users.forEach((user) => {
-  if (!user.image.startsWith('/img/users')) {
-    throw new Error(
-      `User image should be self-hosted in /img/users folder. This was not the case for ${user.image}`,
-    );
-  }
-});
 
 const UserLink = ({infoLink, image, caption}) => (
   <a className="link" href={infoLink} key={infoLink}>
diff --git a/website-1.x/data/users.js b/website-1.x/data/users.js
index 89706f2c44..cd8df05433 100644
--- a/website-1.x/data/users.js
+++ b/website-1.x/data/users.js
@@ -5,7 +5,7 @@
  * LICENSE file in the root directory of this source tree.
  */
 
-module.exports = [
+const users = [
   // Please add your logo in alphabetical order of caption.
   {
     caption: '1Hive',
@@ -892,3 +892,13 @@ module.exports = [
 
   // Please add your logo in alphabetical order of caption.
 ];
+
+users.forEach((user) => {
+  if (!user.image || !user.image.startsWith('/img/users/')) {
+    throw new Error(
+      `Bad user site image = ${user.image}. The image should be hosted on Docusaurus site, in /static/img/users/ folder, and not use remote http or https urls`,
+    );
+  }
+});
+
+module.exports = users;
diff --git a/website/src/data/users.js b/website/src/data/users.js
index c1a046ddec..f3ad470e1d 100644
--- a/website/src/data/users.js
+++ b/website/src/data/users.js
@@ -269,4 +269,16 @@ const users = [
   },
 ];
 
+users.forEach((user) => {
+  if (
+    !user.preview ||
+    (user.preview instanceof String &&
+      (user.preview.startsWith('http') || user.preview.startsWith('//')))
+  ) {
+    throw new Error(
+      `Bad user site image preview = ${user.preview}. The image should be hosted on Docusaurus site, and not use remote http or https urls`,
+    );
+  }
+});
+
 export default users;