mirror of https://github.com/jlelse/GoBlog
Another fix for webmentions
This commit is contained in:
parent
597dc35470
commit
4e6afb8cc5
20
utils.go
20
utils.go
|
@ -5,7 +5,6 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"html/template"
|
"html/template"
|
||||||
"io"
|
"io"
|
||||||
"net/http"
|
|
||||||
"net/url"
|
"net/url"
|
||||||
"path"
|
"path"
|
||||||
"sort"
|
"sort"
|
||||||
|
@ -46,25 +45,6 @@ func generateRandomString(chars int) string {
|
||||||
return funk.RandomString(chars, []rune(randomLetters))
|
return funk.RandomString(chars, []rune(randomLetters))
|
||||||
}
|
}
|
||||||
|
|
||||||
func isAllowedHost(r *http.Request, hosts ...string) bool {
|
|
||||||
if r.URL == nil {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
rh := r.URL.Host
|
|
||||||
switch r.URL.Scheme {
|
|
||||||
case "http":
|
|
||||||
rh = strings.TrimSuffix(rh, ":80")
|
|
||||||
case "https":
|
|
||||||
rh = strings.TrimSuffix(rh, ":443")
|
|
||||||
}
|
|
||||||
for _, host := range hosts {
|
|
||||||
if rh == host {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
func isAbsoluteURL(s string) bool {
|
func isAbsoluteURL(s string) bool {
|
||||||
if u, err := url.Parse(s); err != nil || !u.IsAbs() {
|
if u, err := url.Parse(s); err != nil || !u.IsAbs() {
|
||||||
return false
|
return false
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"net/http"
|
|
||||||
"net/http/httptest"
|
|
||||||
"reflect"
|
"reflect"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
@ -28,28 +26,6 @@ func Test_generateRandomString(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func Test_isAllowedHost(t *testing.T) {
|
|
||||||
req1 := httptest.NewRequest(http.MethodGet, "https://example.com", nil)
|
|
||||||
req2 := httptest.NewRequest(http.MethodGet, "https://example.com:443", nil)
|
|
||||||
req3 := httptest.NewRequest(http.MethodGet, "http://example.com:80", nil)
|
|
||||||
|
|
||||||
if isAllowedHost(req1, "example.com") != true {
|
|
||||||
t.Error("Wrong result")
|
|
||||||
}
|
|
||||||
|
|
||||||
if isAllowedHost(req1, "example.net") != false {
|
|
||||||
t.Error("Wrong result")
|
|
||||||
}
|
|
||||||
|
|
||||||
if isAllowedHost(req2, "example.com") != true {
|
|
||||||
t.Error("Wrong result")
|
|
||||||
}
|
|
||||||
|
|
||||||
if isAllowedHost(req3, "example.com") != true {
|
|
||||||
t.Error("Wrong result")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func Test_isAbsoluteURL(t *testing.T) {
|
func Test_isAbsoluteURL(t *testing.T) {
|
||||||
if isAbsoluteURL("http://example.com") != true {
|
if isAbsoluteURL("http://example.com") != true {
|
||||||
t.Error("Wrong result")
|
t.Error("Wrong result")
|
||||||
|
|
|
@ -5,7 +5,6 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/http/httptest"
|
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
@ -52,7 +51,7 @@ func (a *goBlog) handleWebmention(w http.ResponseWriter, r *http.Request) {
|
||||||
a.serveError(w, r, err.Error(), http.StatusBadRequest)
|
a.serveError(w, r, err.Error(), http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if !isAllowedHost(httptest.NewRequest(http.MethodGet, m.Target, nil), a.cfg.Server.publicHostname) {
|
if !strings.HasPrefix(m.Target, a.cfg.Server.PublicAddress) {
|
||||||
a.serveError(w, r, "target not allowed", http.StatusBadRequest)
|
a.serveError(w, r, "target not allowed", http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -63,6 +63,18 @@ func (a *goBlog) queueMention(m *mention) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (a *goBlog) verifyMention(m *mention) error {
|
func (a *goBlog) verifyMention(m *mention) error {
|
||||||
|
// Parse url -> string for source and target
|
||||||
|
u, err := url.Parse(m.Source)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
m.Source = u.String()
|
||||||
|
u, err = url.Parse(m.Target)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
m.Target = u.String()
|
||||||
|
// Do request
|
||||||
req, err := http.NewRequest(http.MethodGet, m.Source, nil)
|
req, err := http.NewRequest(http.MethodGet, m.Source, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -156,7 +168,7 @@ func (m *mention) fill(mf *microformats.Microformat) bool {
|
||||||
// Check URL
|
// Check URL
|
||||||
if url, ok := mf.Properties["url"]; ok && len(url) > 0 {
|
if url, ok := mf.Properties["url"]; ok && len(url) > 0 {
|
||||||
if url0, ok := url[0].(string); ok {
|
if url0, ok := url[0].(string); ok {
|
||||||
if strings.ToLower(url0) != strings.ToLower(m.Source) {
|
if !strings.EqualFold(url0, m.Source) {
|
||||||
// Not correct URL
|
// Not correct URL
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue