relmeauth-algorithms: Difference between revisions
Jump to navigation
Jump to search
(extracted single reverse rel me link matching function, listed outcomes) |
(clarified return argument order) |
||
Line 78: | Line 78: | ||
append redirected_url to previous | append redirected_url to previous | ||
Outcomes: | Outcomes (input => bool matches, bool is_secure, array redirect chain): | ||
* reverse_rel_me_url == me_url => true, true, previous | * reverse_rel_me_url == me_url => true, true, previous |
Revision as of 18:33, 8 October 2013
Pseudocode implementations of various algorithms required for implementing relmeauth.
- Sourced mainly from https://github.com/aaronpk/IndieAuth/blob/master/lib/relparser.rb
- Dumped from https://etherpad.mozilla.org/indiewebcamp-relmeauth-algorithms
To find me_url from the raw_url (normalise_url):
If the path of raw_url == "" set the path of raw_url to "/" return raw_url
To find rel_me_document_url for given me_url:
stop = false previous = [] secure = true while stop == false redirected_url = follow_one_redirect(me_url) if redirected_url == nil # this is the end of the redirect line stop = true elseif redirected_url in previous # entered redirect loop, stop here stop = true elseif url_scheme(me_url) != url_scheme(redirected_url) stop = true secure = false else me_url = redirected_url add redirected_url to previous end end if secure is false return nil return me_url
To find rel=me links given me_url (rel_me_links):
response = http_get(final_me_url) rel_me_links = [] if content type of response != html return rel_me_links document = parse_html(body of content) link_elements = document.querySelectorAll('a[rel~=me], link[rel~=me]') for element in link_elements: if element.href is a valid URI add element.href to rel_me_links rel_me_links = remove_duplicates(rel_me_links) return rel_me_links
To determine whether or not a reverse_rel_me_url can be considered a reciprocal link for me_url:
TODO: fix this to match outcomes listed below
me_url = normalise(me_url) previous = [] secure = true while: reverse_rel_me_url = normalise(reverse_rel_me_url) if reverse_rel_url == me_url return [true, true, previous] redirected_url = follow_one_redirect(reverse_rel_me_url) if redirected_url is null break elseif redirected_url in previous break elseif url_scheme(reverse_rel_me_url) != url_scheme(redirected_url) if me_url otherwise matches redirected_url secure = false break else reverse_rel_me_url = redirected_url append redirected_url to previous
Outcomes (input => bool matches, bool is_secure, array redirect chain):
- reverse_rel_me_url == me_url => true, true, previous
- reverse_rel_me_url redirects to URL which matches me_url => true, true, previous
- reverse_rel_me_url redirects insecurely to completely different URL => false, false, previous
- reverse_rel_me_url redirects insecurely to URL which otherwise matches me_url => true, false, previous
- reverse_rel_me_url doesn’t match me_url, nor do any of its redirects if any => false, true, previous
To determine whether or not a profile_url linked via rel=me from the me_url back-links validly to the given me_url:
final_profile_url = rel_me_document_url(profile_url) reverse_rel_me_links = rel_me_links(final_profile_url) for backlink in reverse_rel_me_links TODO: reintegrate validate single link function if insecure_redirect_to_url is not false return error insecure_redirect_to_url + " is linked to via an insecure redirect. Link to it directly to fix this" return false
TODO:
- Generalise secure redirect matching loop, define as any_secure_redirects_match(url, match_url)