relmeauth-algorithms: Difference between revisions
Jump to navigation
Jump to search
(Dump from etherpad) |
(No difference)
|
Revision as of 18:23, 5 October 2013
Pseudocode implementations of various algorithms required for implementing relmeauth.
- Sourced mainly from https://github.com/aaronpk/IndieAuth/blob/master/lib/relparser.rb
- Dumped from https://etherpad.mozilla.org/indiewebcamp-relmeauth-algorithms
To find me_url from the raw_url (normalise_url):
If the path of raw_url == ""
set the path of raw_url to "/"
return raw_url
To find rel_me_document_url for given me_url:
stop = false
previous = []
secure = true
while stop == false
redirected_url = follow_one_redirect(me_url)
if redirected_url == nil
# this is the end of the redirect line
stop = true
elseif redirected_url in previous
# entered redirect loop, stop here
stop = true
elseif url_scheme(me_url) != url_scheme(redirected_url)
stop = true
secure = false
else
me_url = redirected_url
add redirected_url to previous
end
end
if secure is false return nil
return me_url
To find rel=me links given me_url (rel_me_links):
response = http_get(final_me_url)
rel_me_links = []
if content type of response != html return rel_me_links
document = parse_html(body of content)
link_elements = document.querySelectorAll('a[rel~=me], link[rel~=me]')
for element in link_elements:
if element.href is a valid URI
add element.href to rel_me_links
rel_me_links = remove_duplicates(rel_me_links)
return rel_me_links
To determine whether or not a profile_url linked via rel=me from the me_url back-links validly to the given me_url:
final_profile_url = rel_me_document_url(profile_url)
reverse_rel_me_links = rel_me_links(final_profile_url)
for backlink in reverse_rel_me_links
stop = false
previous = []
insecure_redirect_to_url = false
while stop is false
profile_url = normalise(profile_url)
if profile_url == me_url
return true
redirected_url = follow_one_redirect(profile_url)
if redirected_url is null
stop = true
elseif redirected_url in previous
stop = true
elseif url_scheme(me_url) != url_scheme(redirected_url)
stop = true
if me_url otherwise matches redirected_url
insecure_redirect_to_url = redirected_url
else
profile_url = redirected_url
append redirected_url to previous
if insecure_redirect_to_url is not false
return error insecure_redirect_to_url + " is linked to via an insecure redirect. Link to it directly to fix this"
return false
TODO:
- Generalise secure redirect matching loop, define as any_secure_redirects_match(url, match_url)