HTTP client refactor (#7884)

* http client refactor

* simplification

1 files changed, 39 insertions, 0 deletions

diff --git a/app/app.go b/app/app.go
index ea79d8e81..7bd4c561b 100644
--- a/app/app.go
+++ b/app/app.go
@@ -5,8 +5,10 @@ package app
 
 import (
 	"html/template"
+	"net"
 	"net/http"
 	"runtime/debug"
+	"strings"
 	"sync/atomic"
 
 	l4g "github.com/alecthomas/log4go"
@@ -351,6 +353,43 @@ func (a *App) HTMLTemplates() *template.Template {
 	return a.htmlTemplateWatcher.Templates()
 }
 
+func (a *App) HTTPClient(trustURLs bool) *http.Client {
+	insecure := a.Config().ServiceSettings.EnableInsecureOutgoingConnections != nil && *a.Config().ServiceSettings.EnableInsecureOutgoingConnections
+
+	if trustURLs {
+		return utils.NewHTTPClient(insecure, nil, nil)
+	}
+
+	allowHost := func(host string) bool {
+		if a.Config().ServiceSettings.AllowedUntrustedInternalConnections == nil {
+			return false
+		}
+		for _, allowed := range strings.Fields(*a.Config().ServiceSettings.AllowedUntrustedInternalConnections) {
+			if host == allowed {
+				return true
+			}
+		}
+		return false
+	}
+
+	allowIP := func(ip net.IP) bool {
+		if !utils.IsReservedIP(ip) {
+			return true
+		}
+		if a.Config().ServiceSettings.AllowedUntrustedInternalConnections == nil {
+			return false
+		}
+		for _, allowed := range strings.Fields(*a.Config().ServiceSettings.AllowedUntrustedInternalConnections) {
+			if _, ipRange, err := net.ParseCIDR(allowed); err == nil && ipRange.Contains(ip) {
+				return true
+			}
+		}
+		return false
+	}
+
+	return utils.NewHTTPClient(insecure, allowHost, allowIP)
+}
+
 func (a *App) Handle404(w http.ResponseWriter, r *http.Request) {
 	err := model.NewAppError("Handle404", "api.context.404.app_error", nil, "", http.StatusNotFound)
 	err.Translate(utils.T)