Difference between revisions of "relmeauth-algorithms"

From Microformats Wiki
Jump to navigation Jump to search
(added backlink verification stage, relative redirect TODO)
(added implementations section with indieweb/rel-me and relparser.rb)
Line 100: Line 100:
 
      
 
      
 
TODO:
 
TODO:
* Generalise secure redirect matching loop, define as any_secure_redirects_match(url, match_url)
 
 
* Define behaviour for URLs which redirect to relative URLs
 
* Define behaviour for URLs which redirect to relative URLs
 +
 +
## Implementations
 +
* **PHP** package: [https://github.com/indieweb/rel-me indieweb/rel-me]
 +
* **Ruby**, as part of IndieAuth: [https://github.com/aaronpk/IndieAuth/blob/master/lib/relparser.rb relparser.rb]

Revision as of 16:25, 12 January 2014

Pseudocode implementations of various algorithms required for implementing relmeauth.

To find me_url from the raw_url (normalise_url):

   If the path of raw_url == ""
       set the path of raw_url to "/"
   return raw_url

To find rel_me_document_url for given me_url:

   stop = false
   previous = []
   secure = true
   while stop == false
       redirected_url = follow_one_redirect(me_url)
       if redirected_url == nil
           # this is the end of the redirect line
           stop = true
       elseif redirected_url in previous
           # entered redirect loop, stop here
           stop = true
       elseif url_scheme(me_url) != url_scheme(redirected_url)
           stop = true
           secure = false
       else
           me_url = redirected_url
           add redirected_url to previous
       end
   end
   
   if secure is false return nil
   
   return me_url

To find rel=me links given me_url (rel_me_links):

   response = http_get(final_me_url)
   rel_me_links = []
   if content type of response != html return rel_me_links
   
   document = parse_html(body of content)
   link_elements = document.querySelectorAll('a[rel~=me], link[rel~=me]')
   
   for element in link_elements:
       if element.href is a valid URI
           add element.href to rel_me_links
   
   rel_me_links = remove_duplicates(rel_me_links)
   
   return rel_me_links

To determine whether or not a reverse_rel_me_url can be considered a reciprocal link for me_url:

   me_url = normalise(me_url)
   previous = []
   secure = true
   
   while:
       reverse_rel_me_url = normalise(reverse_rel_me_url)
       
       if reverse_rel_url == me_url
           return [true, true, previous]
       
       redirected_url = follow_one_redirect(reverse_rel_me_url)
       if redirected_url is null or redirected_url in previous
           return [false, true, previous]
       elseif url_scheme(reverse_rel_me_url) != url_scheme(redirected_url)
           if me_url otherwise matches redirected_url
               return [true, false, previous]
           else:
               return [false, false, previous]
       else
           reverse_rel_me_url = redirected_url
           append redirected_url to previous
   

Outcomes (input => bool matches, bool is_secure, array redirect chain):

  • reverse_rel_me_url == me_url => true, true, previous
  • reverse_rel_me_url redirects to URL which matches me_url => true, true, previous
  • reverse_rel_me_url redirects insecurely to completely different URL => false, false, previous
  • reverse_rel_me_url redirects insecurely to URL which otherwise matches me_url => true, false, previous
  • reverse_rel_me_url doesn’t match me_url, nor do any of its redirects if any => false, true, previous


To determine whether or not a profile_url linked via rel=me from the me_url back-links validly to the given me_url:

   final_profile_url = rel_me_document_url(profile_url)
   reverse_rel_me_links = rel_me_links(final_profile_url)
   
   for backlink in reverse_rel_me_links
       matches, secure, previous = backlinking_rel_me_url_matches(backlink, me_url)
       if matches and secure: return true
   
   if insecure_redirect_to_url is not false
       return error insecure_redirect_to_url + " is linked to via an insecure redirect. Link to it directly to fix this"
   
   return false
   

TODO:

  • Define behaviour for URLs which redirect to relative URLs
    1. Implementations