2022-07-05 01:32:10 +00:00
|
|
|
package utils
|
|
|
|
|
|
|
|
import (
|
2022-08-07 11:13:56 +00:00
|
|
|
"fmt"
|
2022-07-05 01:32:10 +00:00
|
|
|
"net/url"
|
|
|
|
"path"
|
2022-08-07 11:13:56 +00:00
|
|
|
"strings"
|
2022-07-05 01:32:10 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// URLPathFullClean returns a URL path with the query parameters appended (full path) with the path portion parsed
|
|
|
|
// through path.Clean given a *url.URL.
|
2022-07-18 04:59:13 +00:00
|
|
|
func URLPathFullClean(u *url.URL) (output string) {
|
|
|
|
lengthPath := len(u.Path)
|
|
|
|
lengthQuery := len(u.RawQuery)
|
|
|
|
appendForwardSlash := lengthPath > 1 && u.Path[lengthPath-1] == '/'
|
|
|
|
|
|
|
|
switch {
|
|
|
|
case lengthPath == 1 && lengthQuery == 0:
|
|
|
|
return u.Path
|
|
|
|
case lengthPath == 1:
|
2022-07-05 01:32:10 +00:00
|
|
|
return path.Clean(u.Path) + "?" + u.RawQuery
|
2022-07-18 04:59:13 +00:00
|
|
|
case lengthQuery != 0 && appendForwardSlash:
|
|
|
|
return path.Clean(u.Path) + "/?" + u.RawQuery
|
|
|
|
case lengthQuery != 0:
|
|
|
|
return path.Clean(u.Path) + "?" + u.RawQuery
|
|
|
|
case appendForwardSlash:
|
|
|
|
return path.Clean(u.Path) + "/"
|
|
|
|
default:
|
|
|
|
return path.Clean(u.Path)
|
2022-07-05 01:32:10 +00:00
|
|
|
}
|
|
|
|
}
|
2022-08-07 11:13:56 +00:00
|
|
|
|
|
|
|
// URLDomainHasSuffix determines whether the uri has a suffix of the domain value.
|
|
|
|
func URLDomainHasSuffix(uri url.URL, domain string) bool {
|
|
|
|
if uri.Scheme != https {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
if uri.Hostname() == domain {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
if strings.HasSuffix(uri.Hostname(), period+domain) {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
// IsRedirectionURISafe determines whether the URI is safe to be redirected to.
|
|
|
|
func IsRedirectionURISafe(uri, protectedDomain string) (safe bool, err error) {
|
|
|
|
var parsedURI *url.URL
|
|
|
|
|
|
|
|
if parsedURI, err = url.ParseRequestURI(uri); err != nil {
|
|
|
|
return false, fmt.Errorf("failed to parse URI '%s': %w", uri, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return parsedURI != nil && URLDomainHasSuffix(*parsedURI, protectedDomain), nil
|
|
|
|
}
|