relmeauth-algorithms
Jump to navigation
Jump to search
Pseudocode implementations of various algorithms required for implementing relmeauth.
- Sourced mainly from https://github.com/aaronpk/IndieAuth/blob/master/lib/relparser.rb
- Dumped from https://etherpad.mozilla.org/indiewebcamp-relmeauth-algorithms
To find me_url from the raw_url (normalise_url):
If the path of raw_url == ""
set the path of raw_url to "/"
return raw_url
To find rel_me_document_url for given me_url:
stop = false
previous = []
secure = true
while stop == false
redirected_url = follow_one_redirect(me_url)
if redirected_url == nil
# this is the end of the redirect line
stop = true
elseif redirected_url in previous
# entered redirect loop, stop here
stop = true
elseif url_scheme(me_url) != url_scheme(redirected_url)
stop = true
secure = false
else
me_url = redirected_url
add redirected_url to previous
end
end
if secure is false return nil
return me_url
To find rel=me links given me_url (rel_me_links):
response = http_get(final_me_url)
rel_me_links = []
if content type of response != html return rel_me_links
document = parse_html(body of content)
link_elements = document.querySelectorAll('a[rel~=me], link[rel~=me]')
for element in link_elements:
if element.href is a valid URI
add element.href to rel_me_links
rel_me_links = remove_duplicates(rel_me_links)
return rel_me_links
To determine whether or not a reverse_rel_me_url can be considered a reciprocal link for me_url:
me_url = normalise(me_url)
previous = []
secure = true
while:
reverse_rel_me_url = normalise(reverse_rel_me_url)
if reverse_rel_url == me_url
return [true, true, previous]
redirected_url = follow_one_redirect(reverse_rel_me_url)
if redirected_url is null or redirected_url in previous
return [false, true, previous]
elseif url_scheme(reverse_rel_me_url) != url_scheme(redirected_url)
if me_url otherwise matches redirected_url
return [true, false, previous]
else:
return [false, false, previous]
else
reverse_rel_me_url = redirected_url
append redirected_url to previous
Outcomes (input => bool matches, bool is_secure, array redirect chain):
- reverse_rel_me_url == me_url => true, true, previous
- reverse_rel_me_url redirects to URL which matches me_url => true, true, previous
- reverse_rel_me_url redirects insecurely to completely different URL => false, false, previous
- reverse_rel_me_url redirects insecurely to URL which otherwise matches me_url => true, false, previous
- reverse_rel_me_url doesn’t match me_url, nor do any of its redirects if any => false, true, previous
To determine whether or not a profile_url linked via rel=me from the me_url back-links validly to the given me_url:
final_profile_url = rel_me_document_url(profile_url)
reverse_rel_me_links = rel_me_links(final_profile_url)
for backlink in reverse_rel_me_links
matches, secure, previous = backlinking_rel_me_url_matches(backlink, me_url)
if matches and secure: return true
if insecure_redirect_to_url is not false
return error insecure_redirect_to_url + " is linked to via an insecure redirect. Link to it directly to fix this"
return false
TODO:
- Define behaviour for URLs which redirect to relative URLs
Implementations
- PHP package: indieweb/rel-me
- Ruby, as part of IndieAuth: relparser.rb