first commit

common/Domains/Validation/HostIsNotBlacklisted.php

@@ -0,0 +1,34 @@
+<?php
+
+namespace Common\Domains\Validation;
+
+use Illuminate\Contracts\Validation\InvokableRule;
+use Illuminate\Support\Str;
+
+class HostIsNotBlacklisted implements InvokableRule
+{
+    public function __invoke($attribute, mixed $value, $fail): void
+    {
+        $message = __("$value can't be used as a branded domain.");
+        $blacklist =
+            settings('links.blacklist.domains') ??
+            settings('blacklist.domains');
+        if ($blacklist) {
+            $blacklist = collect(explode(',', $blacklist))->map(
+                fn($item) => trim($item),
+            );
+
+            if ($blacklist->some(fn($item) => Str::contains($value, $item))) {
+                $fail($message);
+            }
+        }
+
+        if (!(new ValidateLinkWithGoogleSafeBrowsing())->execute($value)) {
+            $fail($message);
+        }
+
+        if (!(new ValidateLinkWithPhishtank())->execute($value)) {
+            $fail($message);
+        }
+    }
+}

common/Domains/Validation/ValidateLinkWithGoogleSafeBrowsing.php

@@ -0,0 +1,43 @@
+<?php
+
+namespace Common\Domains\Validation;
+
+use Illuminate\Support\Arr;
+use Illuminate\Support\Facades\Http;
+
+class ValidateLinkWithGoogleSafeBrowsing
+{
+    public function execute(string $url): bool
+    {
+        $key = settings('links.google_safe_browsing_key');
+        if (!$key) {
+            return true;
+        }
+
+        $response = Http::withHeaders([
+            'Referer' => config('app.url'),
+        ])
+            ->post(
+                "https://safebrowsing.googleapis.com/v4/threatMatches:find?key=$key",
+                [
+                    'client' => [
+                        'clientId' => config('app.name'),
+                        'clientVersion' => config('common.site.version'),
+                    ],
+                    'threatInfo' => [
+                        'threatTypes' => [
+                            'MALWARE',
+                            'SOCIAL_ENGINEERING',
+                            'THREAT_TYPE_UNSPECIFIED',
+                        ],
+                        'platformTypes' => ['ANY_PLATFORM'],
+                        'threatEntryTypes' => ['URL'],
+                        'threatEntries' => [['url' => $url]],
+                    ],
+                ],
+            )
+            ->throw();
+
+        return Arr::get($response, 'matches.0.threatType') === null;
+    }
+}

common/Domains/Validation/ValidateLinkWithPhishtank.php

@@ -0,0 +1,32 @@
+<?php
+
+namespace Common\Domains\Validation;
+
+use Common\Core\HttpClient;
+use Illuminate\Support\Arr;
+
+class ValidateLinkWithPhishtank
+{
+    public function execute(string $url): bool
+    {
+        $key = settings('links.phishtank_key');
+        if (!$key) {
+            return true;
+        }
+
+        $appName = config('app.name');
+        $response = HttpClient::post(
+            'https://checkurl.phishtank.com/checkurl/',
+            [
+                'headers' => ['User-Agent' => "phishtank/$appName"],
+                'form_params' => [
+                    'format' => 'json',
+                    'app_key' => $key,
+                    'url' => $url,
+                ],
+            ],
+        );
+
+        return Arr::get($response, 'results.valid', false);
+    }
+}