relmeauth-algorithms

From Microformats Wiki
Revision as of 14:16, 8 October 2013 by Barnabywalters (talk | contribs) (extracted single reverse rel me link matching function, listed outcomes)
Jump to navigation Jump to search

Pseudocode implementations of various algorithms required for implementing relmeauth.

To find me_url from the raw_url (normalise_url):

   If the path of raw_url == ""
       set the path of raw_url to "/"
   return raw_url

To find rel_me_document_url for given me_url:

   stop = false
   previous = []
   secure = true
   while stop == false
       redirected_url = follow_one_redirect(me_url)
       if redirected_url == nil
           # this is the end of the redirect line
           stop = true
       elseif redirected_url in previous
           # entered redirect loop, stop here
           stop = true
       elseif url_scheme(me_url) != url_scheme(redirected_url)
           stop = true
           secure = false
       else
           me_url = redirected_url
           add redirected_url to previous
       end
   end
   
   if secure is false return nil
   
   return me_url

To find rel=me links given me_url (rel_me_links):

   response = http_get(final_me_url)
   rel_me_links = []
   if content type of response != html return rel_me_links
   
   document = parse_html(body of content)
   link_elements = document.querySelectorAll('a[rel~=me], link[rel~=me]')
   
   for element in link_elements:
       if element.href is a valid URI
           add element.href to rel_me_links
   
   rel_me_links = remove_duplicates(rel_me_links)
   
   return rel_me_links

To determine whether or not a reverse_rel_me_url can be considered a reciprocal link for me_url:

TODO: fix this to match outcomes listed below

   me_url = normalise(me_url)
   previous = []
   secure = true
   
   while:
       reverse_rel_me_url = normalise(reverse_rel_me_url)
       
       if reverse_rel_url == me_url
           return [true, true, previous]
       
       redirected_url = follow_one_redirect(reverse_rel_me_url)
       if redirected_url is null
           break
       elseif redirected_url in previous
           break
       elseif url_scheme(reverse_rel_me_url) != url_scheme(redirected_url)
           if me_url otherwise matches redirected_url
               secure = false
           break
       else
           reverse_rel_me_url = redirected_url
           append redirected_url to previous
   

Outcomes:

  • reverse_rel_me_url == me_url => true, true, previous
  • reverse_rel_me_url redirects to URL which matches me_url => true, true, previous
  • reverse_rel_me_url redirects insecurely to completely different URL => false, false, previous
  • reverse_rel_me_url redirects insecurely to URL which otherwise matches me_url => true, false, previous
  • reverse_rel_me_url doesn’t match me_url, nor do any of its redirects if any => false, true, previous


To determine whether or not a profile_url linked via rel=me from the me_url back-links validly to the given me_url:

   final_profile_url = rel_me_document_url(profile_url)
   reverse_rel_me_links = rel_me_links(final_profile_url)
   
   for backlink in reverse_rel_me_links
       TODO: reintegrate validate single link function
   
   if insecure_redirect_to_url is not false
       return error insecure_redirect_to_url + " is linked to via an insecure redirect. Link to it directly to fix this"
   
   return false
   

TODO:

  • Generalise secure redirect matching loop, define as any_secure_redirects_match(url, match_url)