diff options
| author | Evgeny Kuznetsov <evgeny@kuznetsov.md> | 2023-03-22 15:50:06 +0300 |
|---|---|---|
| committer | Evgeny Kuznetsov <evgeny@kuznetsov.md> | 2023-03-22 15:50:06 +0300 |
| commit | ea0fa8fcf7a911aaa3023f5efb47db9daa9d2c3c (patch) | |
| tree | 74653ea42819492c9490fd1807ff6d48d24f1677 | |
| parent | 401a0e82107efca657a185cd1711d637dd48e59c (diff) | |
| download | static-wm-ea0fa8fcf7a911aaa3023f5efb47db9daa9d2c3c.tar.gz static-wm-ea0fa8fcf7a911aaa3023f5efb47db9daa9d2c3c.zip | |
feat: add basic source validation
| -rw-r--r-- | main.go | 24 | ||||
| -rw-r--r-- | main_test.go | 30 |
2 files changed, 54 insertions, 0 deletions
@@ -0,0 +1,24 @@ +package main + +import ( + "net/http" + "net/url" +) + +const ( + errSrcInvalid = "source contains no valid URL" +) + +// endpoint is a webmention receiver. +type endpoint struct { + allowPrefix string +} + +// ServeHTTP is http.Handler implementation. +func (ep endpoint) ServeHTTP(w http.ResponseWriter, r *http.Request) { + _, err := url.Parse(r.PostFormValue("source")) + if err != nil { + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte(errSrcInvalid)) + } +} diff --git a/main_test.go b/main_test.go new file mode 100644 index 0000000..d1b864d --- /dev/null +++ b/main_test.go @@ -0,0 +1,30 @@ +package main + +import ( + "io" + "net/http" + "net/http/httptest" + "net/url" + "testing" +) + +func TestSyncRejection(t *testing.T) { + server := httptest.NewServer(endpoint{"my.site"}) + defer server.Close() + + client := http.DefaultClient + r, err := client.PostForm(server.URL, url.Values{ + "source": []string{"https||:example.org/somewhere"}, + "target": []string{"my.site/target"}, + }) + if err != nil { + t.Fatal(err) + } + if r.StatusCode != 400 { + t.Fatalf("want 400, got %v", r.Status) + } + bb, _ := io.ReadAll(r.Body) + if string(bb) != errSrcInvalid { + t.Fatalf("want %s, got %s", errSrcInvalid, string(bb)) + } +} |