auth

Paddy 2014-07-18

0:7a6f64db7246 Go to Latest

auth/urivalidate.go

Start rewriting the repo. This code originally was a carbon copy of https://github.com/RangelReale/osin, but I am methodically stripping out the extensible nature of it for a simpler interface, while simultaneously bringing the style into line with the Ducky style.

Download raw file
View source Diff to previous Annotate
History
1 package oauth2
2
3 import (
4 "errors"
5 "fmt"
6 "net/url"
7 "strings"
8 )
9
10 // ValidateURI validates that redirectURI is contained in baseURI
11 func ValidateURI(baseURI string, redirectURI string) error {
12 if baseURI == "" || redirectURI == "" {
13 return errors.New("urls cannot be blank.")
14 }
15
16 // parse base url
17 base, err := url.Parse(baseURI)
18 if err != nil {
19 return err
20 }
21
22 // parse passed url
23 redirect, err := url.Parse(redirectURI)
24 if err != nil {
25 return err
26 }
27
28 // must not have fragment
29 if base.Fragment != "" || redirect.Fragment != "" {
30 return errors.New("url must not include fragment.")
31 }
32
33 // check if urls match
34 if base.Scheme == redirect.Scheme && base.Host == redirect.Host && len(redirect.Path) >= len(base.Path) && strings.HasPrefix(redirect.Path, base.Path) {
35 return nil
36 }
37
38 return errors.New(fmt.Sprintf("urls don't validate: %s / %s\n", baseURI, redirectURI))
39 }