relmeauth-algorithms: Difference between revisions
Jump to navigation
Jump to search
(Dump from etherpad) |
(extracted single reverse rel me link matching function, listed outcomes) |
||
Line 50: | Line 50: | ||
return rel_me_links | return rel_me_links | ||
To determine whether or not a reverse_rel_me_url can be considered a reciprocal link for me_url: | |||
TODO: fix this to match outcomes listed below | |||
me_url = normalise(me_url) | |||
previous = [] | |||
secure = true | |||
while: | |||
reverse_rel_me_url = normalise(reverse_rel_me_url) | |||
if reverse_rel_url == me_url | |||
return [true, true, previous] | |||
redirected_url = follow_one_redirect(reverse_rel_me_url) | |||
if redirected_url is null | |||
break | |||
elseif redirected_url in previous | |||
break | |||
elseif url_scheme(reverse_rel_me_url) != url_scheme(redirected_url) | |||
if me_url otherwise matches redirected_url | |||
secure = false | |||
break | |||
else | |||
reverse_rel_me_url = redirected_url | |||
append redirected_url to previous | |||
Outcomes: | |||
* reverse_rel_me_url == me_url => true, true, previous | |||
* reverse_rel_me_url redirects to URL which matches me_url => true, true, previous | |||
* reverse_rel_me_url redirects insecurely to completely different URL => false, false, previous | |||
* reverse_rel_me_url redirects insecurely to URL which otherwise matches me_url => true, false, previous | |||
* reverse_rel_me_url doesn’t match me_url, nor do any of its redirects if any => false, true, previous | |||
To determine whether or not a profile_url linked via rel=me from the me_url back-links validly to the given me_url: | To determine whether or not a profile_url linked via rel=me from the me_url back-links validly to the given me_url: | ||
Line 56: | Line 93: | ||
for backlink in reverse_rel_me_links | for backlink in reverse_rel_me_links | ||
TODO: reintegrate validate single link function | |||
if insecure_redirect_to_url is not false | if insecure_redirect_to_url is not false |
Revision as of 14:16, 8 October 2013
Pseudocode implementations of various algorithms required for implementing relmeauth.
- Sourced mainly from https://github.com/aaronpk/IndieAuth/blob/master/lib/relparser.rb
- Dumped from https://etherpad.mozilla.org/indiewebcamp-relmeauth-algorithms
To find me_url from the raw_url (normalise_url):
If the path of raw_url == "" set the path of raw_url to "/" return raw_url
To find rel_me_document_url for given me_url:
stop = false previous = [] secure = true while stop == false redirected_url = follow_one_redirect(me_url) if redirected_url == nil # this is the end of the redirect line stop = true elseif redirected_url in previous # entered redirect loop, stop here stop = true elseif url_scheme(me_url) != url_scheme(redirected_url) stop = true secure = false else me_url = redirected_url add redirected_url to previous end end if secure is false return nil return me_url
To find rel=me links given me_url (rel_me_links):
response = http_get(final_me_url) rel_me_links = [] if content type of response != html return rel_me_links document = parse_html(body of content) link_elements = document.querySelectorAll('a[rel~=me], link[rel~=me]') for element in link_elements: if element.href is a valid URI add element.href to rel_me_links rel_me_links = remove_duplicates(rel_me_links) return rel_me_links
To determine whether or not a reverse_rel_me_url can be considered a reciprocal link for me_url:
TODO: fix this to match outcomes listed below
me_url = normalise(me_url) previous = [] secure = true while: reverse_rel_me_url = normalise(reverse_rel_me_url) if reverse_rel_url == me_url return [true, true, previous] redirected_url = follow_one_redirect(reverse_rel_me_url) if redirected_url is null break elseif redirected_url in previous break elseif url_scheme(reverse_rel_me_url) != url_scheme(redirected_url) if me_url otherwise matches redirected_url secure = false break else reverse_rel_me_url = redirected_url append redirected_url to previous
Outcomes:
- reverse_rel_me_url == me_url => true, true, previous
- reverse_rel_me_url redirects to URL which matches me_url => true, true, previous
- reverse_rel_me_url redirects insecurely to completely different URL => false, false, previous
- reverse_rel_me_url redirects insecurely to URL which otherwise matches me_url => true, false, previous
- reverse_rel_me_url doesn’t match me_url, nor do any of its redirects if any => false, true, previous
To determine whether or not a profile_url linked via rel=me from the me_url back-links validly to the given me_url:
final_profile_url = rel_me_document_url(profile_url) reverse_rel_me_links = rel_me_links(final_profile_url) for backlink in reverse_rel_me_links TODO: reintegrate validate single link function if insecure_redirect_to_url is not false return error insecure_redirect_to_url + " is linked to via an insecure redirect. Link to it directly to fix this" return false
TODO:
- Generalise secure redirect matching loop, define as any_secure_redirects_match(url, match_url)