Add method to pseudonymize page url and referer url

app/controllers/application_controller.rb

@@ -62,7 +62,8 @@ class ApplicationController < ActionController::Base
     :bitbucket_import_enabled?, :bitbucket_import_configured?,
     :bitbucket_server_import_enabled?, :fogbugz_import_enabled?,
     :git_import_enabled?, :gitlab_project_import_enabled?,
-    :manifest_import_enabled?, :phabricator_import_enabled?
+    :manifest_import_enabled?, :phabricator_import_enabled?,
+    :masked_page_url
 
   # Adds `no-store` to the DEFAULT_CACHE_CONTROL, to prevent security
   # concerns due to caching private data.

app/helpers/gitlab_routing_helper.rb

@@ -16,6 +16,7 @@ module GitlabRoutingHelper
   include ::Routing::SnippetsHelper
   include ::Routing::WikiHelper
   include ::Routing::GraphqlHelper
+  include ::Routing::PseudonymizationHelper
   included do
     Gitlab::Routing.includes_helpers(self)
   end

app/helpers/routing/pseudonymization_helper.rb

+# frozen_string_literal: true
+
+module Routing
+  module PseudonymizationHelper
+    def masked_page_url
+      return unless Feature.enabled?(:mask_page_urls, type: :ops)
+
+      mask_params(Rails.application.routes.recognize_path(request.original_fullpath))
+    end
+
+    private
+
+    def mask_params(request_params)
+      return if request_params[:action] == 'new'
+
+      namespace_type = request_params[:controller].split('/')[1]
+
+      namespace_type.present? ? url_with_namespace_type(request_params, namespace_type) : url_without_namespace_type(request_params)
+    end
+
+    def url_without_namespace_type(request_params)
+      masked_url = "#{request.protocol}#{request.host_with_port}/"
+
+      masked_url += case request_params[:controller]
+                    when 'groups'
+                      "namespace:#{group.id}/"
+                    when 'projects'
+                      "namespace:#{project.namespace.id}/project:#{project.id}/"
+                    when 'root'
+                      ''
+                    end
+
+      masked_url
+    end
+
+    def url_with_namespace_type(request_params, namespace_type)
+      masked_url = "#{request.protocol}#{request.host_with_port}/"
+
+      if request_params.has_key?(:project_id)
+        masked_url += "namespace:#{project.namespace.id}/project:#{project.id}/-/#{namespace_type}/"
+      end
+
+      if request_params.has_key?(:id)
+        masked_url += namespace_type == 'blob' ? ':repository_path' : request_params[:id]
+      end
+
+      masked_url
+    end
+  end
+end

config/feature_flags/ops/mask_page_urls.yml

+---
+name: mask_page_urls
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69448
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/340181
+milestone: '14.3'
+type: ops
+group: group::product intelligence
+default_enabled: false

spec/helpers/routing/pseudonymization_helper_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe ::Routing::PseudonymizationHelper do
+  let_it_be(:group) { create(:group) }
+  let_it_be(:subgroup) { create(:group, parent: group) }
+  let_it_be(:project) { create(:project, group: group) }
+  let_it_be(:issue) { create(:issue, project: project) }
+
+  let(:merge_request) { create(:merge_request, source_project: project) }
+
+  before do
+    stub_feature_flags(mask_page_urls: true)
+    allow(helper).to receive(:group).and_return(group)
+    allow(helper).to receive(:project).and_return(project)
+  end
+
+  shared_examples 'masked url' do
+    it 'generates masked page url' do
+      expect(helper.masked_page_url).to eq(masked_url)
+    end
+  end
+
+  describe 'when url has params to mask' do
+    context 'with controller for MR' do
+      let(:masked_url) { "http://test.host/namespace:#{group.id}/project:#{project.id}/-/merge_requests/#{merge_request.id}" }
+
+      before do
+        allow(Rails.application.routes).to receive(:recognize_path).and_return({
+         controller: "projects/merge_requests",
+         action: "show",
+         namespace_id: group.name,
+         project_id: project.name,
+         id: merge_request.id.to_s
+        })
+      end
+
+      it_behaves_like 'masked url'
+    end
+
+    context 'with controller for issue' do
+      let(:masked_url) { "http://test.host/namespace:#{group.id}/project:#{project.id}/-/issues/#{issue.id}" }
+
+      before do
+        allow(Rails.application.routes).to receive(:recognize_path).and_return({
+         controller: "projects/issues",
+         action: "show",
+         namespace_id: group.name,
+         project_id: project.name,
+         id: issue.id.to_s
+        })
+      end
+
+      it_behaves_like 'masked url'
+    end
+
+    context 'with controller for groups with subgroups and project' do
+      let(:masked_url) { "http://test.host/namespace:#{subgroup.id}/project:#{project.id}/"}
+
+      before do
+        allow(helper).to receive(:group).and_return(subgroup)
+        allow(helper.project).to receive(:namespace).and_return(subgroup)
+        allow(Rails.application.routes).to receive(:recognize_path).and_return({
+          controller: 'projects',
+          action: 'show',
+          namespace_id: subgroup.name,
+          id: project.name
+        })
+      end
+
+      it_behaves_like 'masked url'
+    end
+
+    context 'with controller for groups and subgroups' do
+      let(:masked_url) { "http://test.host/namespace:#{subgroup.id}/"}
+
+      before do
+        allow(helper).to receive(:group).and_return(subgroup)
+        allow(Rails.application.routes).to receive(:recognize_path).and_return({
+          controller: 'groups',
+          action: 'show',
+          id: subgroup.name
+        })
+      end
+
+      it_behaves_like 'masked url'
+    end
+
+    context 'with controller for blob with file path' do
+      let(:masked_url) { "http://test.host/namespace:#{group.id}/project:#{project.id}/-/blob/:repository_path" }
+
+      before do
+        allow(Rails.application.routes).to receive(:recognize_path).and_return({
+          controller: 'projects/blob',
+          action: 'show',
+          namespace_id: group.name,
+          project_id: project.name,
+          id: 'master/README.md'
+        })
+      end
+
+      it_behaves_like 'masked url'
+    end
+  end
+
+  describe 'when url has no params to mask' do
+    let(:root_url) { 'http://test.host/' }
+
+    context 'returns root url' do
+      it 'masked_page_url' do
+        expect(helper.masked_page_url).to eq(root_url)
+      end
+    end
+  end
+
+  describe 'when feature flag is disabled' do
+    before do
+      stub_feature_flags(mask_page_urls: false)
+    end
+
+    it 'returns nil' do
+      expect(helper.masked_page_url).to be_nil
+    end
+  end
+end