relmeauth-algorithms
Revision as of 22:03, 8 October 2013 by Barnabywalters (talk | contribs) (added backlink verification stage, relative redirect TODO)
Pseudocode implementations of various algorithms required for implementing relmeauth.
- Sourced mainly from https://github.com/aaronpk/IndieAuth/blob/master/lib/relparser.rb
- Dumped from https://etherpad.mozilla.org/indiewebcamp-relmeauth-algorithms
To find me_url from the raw_url (normalise_url):
If the path of raw_url == "" set the path of raw_url to "/" return raw_url
To find rel_me_document_url for given me_url:
stop = false previous = [] secure = true while stop == false redirected_url = follow_one_redirect(me_url) if redirected_url == nil # this is the end of the redirect line stop = true elseif redirected_url in previous # entered redirect loop, stop here stop = true elseif url_scheme(me_url) != url_scheme(redirected_url) stop = true secure = false else me_url = redirected_url add redirected_url to previous end end if secure is false return nil return me_url
To find rel=me links given me_url (rel_me_links):
response = http_get(final_me_url) rel_me_links = [] if content type of response != html return rel_me_links document = parse_html(body of content) link_elements = document.querySelectorAll('a[rel~=me], link[rel~=me]') for element in link_elements: if element.href is a valid URI add element.href to rel_me_links rel_me_links = remove_duplicates(rel_me_links) return rel_me_links
To determine whether or not a reverse_rel_me_url can be considered a reciprocal link for me_url:
me_url = normalise(me_url) previous = [] secure = true while: reverse_rel_me_url = normalise(reverse_rel_me_url) if reverse_rel_url == me_url return [true, true, previous] redirected_url = follow_one_redirect(reverse_rel_me_url) if redirected_url is null or redirected_url in previous return [false, true, previous] elseif url_scheme(reverse_rel_me_url) != url_scheme(redirected_url) if me_url otherwise matches redirected_url return [true, false, previous] else: return [false, false, previous] else reverse_rel_me_url = redirected_url append redirected_url to previous
Outcomes (input => bool matches, bool is_secure, array redirect chain):
- reverse_rel_me_url == me_url => true, true, previous
- reverse_rel_me_url redirects to URL which matches me_url => true, true, previous
- reverse_rel_me_url redirects insecurely to completely different URL => false, false, previous
- reverse_rel_me_url redirects insecurely to URL which otherwise matches me_url => true, false, previous
- reverse_rel_me_url doesn’t match me_url, nor do any of its redirects if any => false, true, previous
To determine whether or not a profile_url linked via rel=me from the me_url back-links validly to the given me_url:
final_profile_url = rel_me_document_url(profile_url) reverse_rel_me_links = rel_me_links(final_profile_url) for backlink in reverse_rel_me_links matches, secure, previous = backlinking_rel_me_url_matches(backlink, me_url) if matches and secure: return true if insecure_redirect_to_url is not false return error insecure_redirect_to_url + " is linked to via an insecure redirect. Link to it directly to fix this" return false
TODO:
- Generalise secure redirect matching loop, define as any_secure_redirects_match(url, match_url)
- Define behaviour for URLs which redirect to relative URLs