relmeauth-algorithms: Difference between revisions

From Microformats Wiki
Jump to navigation Jump to search
(clarified return argument order)
(fixed reverse_rel_me_url link is reciprocal logic, think it matches outcomes now)
Line 34: Line 34:
      
      
     return me_url
     return me_url
To find rel=me links given me_url (rel_me_links):
To find rel=me links given me_url (rel_me_links):
      
      
Line 52: Line 53:


To determine whether or not a reverse_rel_me_url can be considered a reciprocal link for me_url:
To determine whether or not a reverse_rel_me_url can be considered a reciprocal link for me_url:
TODO: fix this to match outcomes listed below


     me_url = normalise(me_url)
     me_url = normalise(me_url)
Line 66: Line 65:
          
          
         redirected_url = follow_one_redirect(reverse_rel_me_url)
         redirected_url = follow_one_redirect(reverse_rel_me_url)
         if redirected_url is null
         if redirected_url is null or redirected_url in previous
            break
             return [false, true, previous]
        elseif redirected_url in previous
             break
         elseif url_scheme(reverse_rel_me_url) != url_scheme(redirected_url)
         elseif url_scheme(reverse_rel_me_url) != url_scheme(redirected_url)
             if me_url otherwise matches redirected_url
             if me_url otherwise matches redirected_url
                 secure = false
                 return [true, false, previous]
             break
             else:
                return [false, false, previous]
         else
         else
             reverse_rel_me_url = redirected_url
             reverse_rel_me_url = redirected_url

Revision as of 20:19, 8 October 2013

Pseudocode implementations of various algorithms required for implementing relmeauth.

To find me_url from the raw_url (normalise_url):

   If the path of raw_url == ""
       set the path of raw_url to "/"
   return raw_url

To find rel_me_document_url for given me_url:

   stop = false
   previous = []
   secure = true
   while stop == false
       redirected_url = follow_one_redirect(me_url)
       if redirected_url == nil
           # this is the end of the redirect line
           stop = true
       elseif redirected_url in previous
           # entered redirect loop, stop here
           stop = true
       elseif url_scheme(me_url) != url_scheme(redirected_url)
           stop = true
           secure = false
       else
           me_url = redirected_url
           add redirected_url to previous
       end
   end
   
   if secure is false return nil
   
   return me_url

To find rel=me links given me_url (rel_me_links):

   response = http_get(final_me_url)
   rel_me_links = []
   if content type of response != html return rel_me_links
   
   document = parse_html(body of content)
   link_elements = document.querySelectorAll('a[rel~=me], link[rel~=me]')
   
   for element in link_elements:
       if element.href is a valid URI
           add element.href to rel_me_links
   
   rel_me_links = remove_duplicates(rel_me_links)
   
   return rel_me_links

To determine whether or not a reverse_rel_me_url can be considered a reciprocal link for me_url:

   me_url = normalise(me_url)
   previous = []
   secure = true
   
   while:
       reverse_rel_me_url = normalise(reverse_rel_me_url)
       
       if reverse_rel_url == me_url
           return [true, true, previous]
       
       redirected_url = follow_one_redirect(reverse_rel_me_url)
       if redirected_url is null or redirected_url in previous
           return [false, true, previous]
       elseif url_scheme(reverse_rel_me_url) != url_scheme(redirected_url)
           if me_url otherwise matches redirected_url
               return [true, false, previous]
           else:
               return [false, false, previous]
       else
           reverse_rel_me_url = redirected_url
           append redirected_url to previous
   

Outcomes (input => bool matches, bool is_secure, array redirect chain):

  • reverse_rel_me_url == me_url => true, true, previous
  • reverse_rel_me_url redirects to URL which matches me_url => true, true, previous
  • reverse_rel_me_url redirects insecurely to completely different URL => false, false, previous
  • reverse_rel_me_url redirects insecurely to URL which otherwise matches me_url => true, false, previous
  • reverse_rel_me_url doesn’t match me_url, nor do any of its redirects if any => false, true, previous


To determine whether or not a profile_url linked via rel=me from the me_url back-links validly to the given me_url:

   final_profile_url = rel_me_document_url(profile_url)
   reverse_rel_me_links = rel_me_links(final_profile_url)
   
   for backlink in reverse_rel_me_links
       TODO: reintegrate validate single link function
   
   if insecure_redirect_to_url is not false
       return error insecure_redirect_to_url + " is linked to via an insecure redirect. Link to it directly to fix this"
   
   return false
   

TODO:

  • Generalise secure redirect matching loop, define as any_secure_redirects_match(url, match_url)