forked from wgroeneveld/go-jamming
51 lines
1.1 KiB
Go
51 lines
1.1 KiB
Go
|
|
package webmention
|
|
|
|
import (
|
|
"strings"
|
|
"net/http"
|
|
|
|
"github.com/wgroeneveld/go-jamming/common"
|
|
|
|
"github.com/rs/zerolog/log"
|
|
)
|
|
|
|
func isValidUrl(url string) bool {
|
|
return url != "" &&
|
|
(strings.HasPrefix(url, "http://") || strings.HasPrefix(url, "https://"))
|
|
}
|
|
|
|
func isValidDomain(url string, conf *common.Config) bool {
|
|
for _, domain := range conf.AllowedWebmentionSources {
|
|
if strings.Index(url, domain) != -1 {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
// great, these are needed to do the structural typing for the tests...
|
|
type httpReq interface {
|
|
FormValue(key string) string
|
|
}
|
|
type httpHeader interface {
|
|
Get(key string) string
|
|
}
|
|
|
|
func isValidTargetUrl(url string) bool {
|
|
_, err := http.Get(url)
|
|
if err != nil {
|
|
log.Warn().Str("target", url).Msg("Invalid target URL")
|
|
return false
|
|
}
|
|
return true
|
|
}
|
|
|
|
func validate(r httpReq, h httpHeader, conf *common.Config) bool {
|
|
return h.Get("Content-Type") == "application/x-www-form-urlencoded" &&
|
|
isValidUrl(r.FormValue("source")) &&
|
|
isValidUrl(r.FormValue("target")) &&
|
|
r.FormValue("source") != r.FormValue("target") &&
|
|
isValidDomain(r.FormValue("target"), conf)
|
|
}
|