1 files changed, 18 insertions, 0 deletions

diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index 2a99c6e5c59..92004b92647 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -18,12 +18,19 @@ class ApplicationSetting < ApplicationRecord
   # fix a lot of tests using allow_any_instance_of
   include ApplicationSettingImplementation
 
+  attr_encrypted :asset_proxy_secret_key,
+                 mode: :per_attribute_iv,
+                 insecure_mode: true,
+                 key: Settings.attr_encrypted_db_key_base_truncated,
+                 algorithm: 'aes-256-cbc'
+
   serialize :restricted_visibility_levels # rubocop:disable Cop/ActiveRecordSerialize
   serialize :import_sources # rubocop:disable Cop/ActiveRecordSerialize
   serialize :disabled_oauth_sign_in_sources, Array # rubocop:disable Cop/ActiveRecordSerialize
   serialize :domain_whitelist, Array # rubocop:disable Cop/ActiveRecordSerialize
   serialize :domain_blacklist, Array # rubocop:disable Cop/ActiveRecordSerialize
   serialize :repository_storages # rubocop:disable Cop/ActiveRecordSerialize
+  serialize :asset_proxy_whitelist, Array # rubocop:disable Cop/ActiveRecordSerialize
 
   ignore_column :koding_url
   ignore_column :koding_enabled
@@ -192,6 +199,17 @@ class ApplicationSetting < ApplicationRecord
             allow_nil: true,
             numericality: { only_integer: true, greater_than_or_equal_to: 0, less_than: 65536 }
 
+  validates :asset_proxy_url,
+            presence: true,
+            allow_blank: false,
+            url: true,
+            if: :asset_proxy_enabled?
+
+  validates :asset_proxy_secret_key,
+            presence: true,
+            allow_blank: false,
+            if: :asset_proxy_enabled?
+
   SUPPORTED_KEY_TYPES.each do |type|
     validates :"#{type}_key_restriction", presence: true, key_restriction: { type: type }
   end