misc: try to be more strict in URL filter

fix: minor fixes to the HTTP frontend
2022-04-30 01:57:29 +01:00 · 2022-04-30 01:47:34 +01:00
3 changed files with 36 additions and 5 deletions
--- a/data/served/main.css
+++ b/data/served/main.css
@ -34,7 +34,7 @@ body {
 #shortened {
    font-size: calc(min(20pt, 10vw));
    font-family: monospace;
-    color: #385d22;
+    color: #99ff5e;
    text-align: center;
 }

--- a/data/served/main.js
+++ b/data/served/main.js
@ -12,8 +12,19 @@

        // Select the full link with one click
        shortened.onclick = () => {
-            this.focus();
-            this.select();
+            if (document.body.createTextRange) {
+                const range = document.body.createTextRange();
+                range.moveToElementText(shortened);
+                range.select();
+            } else if (window.getSelection) {
+                const selection = window.getSelection();
+                const range = document.createRange();
+                range.selectNodeContents(shortened);
+                selection.removeAllRanges();
+                selection.addRange(range);
+            } else {
+                // Highlight unsupported
+            }
        };

        // Set up the actual submission
--- a/src/main.rs
+++ b/src/main.rs
@ -223,7 +223,7 @@ mod service {
    use validators::prelude::*;

    #[derive(Validator)]
-    #[validator(http_url(local(Allow)))]
+    #[validator(http_url(local(NotAllow)))]
    #[derive(Clone, Debug)]
    /// A struct representing a URL.
    pub struct HttpUrl {
@ -237,6 +237,24 @@ mod service {
        }
    }

+    impl HttpUrl {
+        /// Transform this into an `Err(())` if the url does not match more
+        /// criteria.
+        pub fn strict(self) -> Result<Self, ()> {
+            // Don't even bother with URLs that don't have hosts.
+            if !self.url.has_host() {
+                return Err(());
+            }
+
+            // URLs that cannot be a base are weird (UNIX sockets, data types)
+            if self.url.cannot_be_a_base() {
+                return Err(())
+            }
+
+            Ok(self)
+        }
+    }
+
    /// Database management, including messaging and work stealing.
    pub mod db {
        use super::{slug::Slug, HttpUrl};
@ -679,7 +697,9 @@ async fn shorten(
                .into(),
            )
        })?;
-        HttpUrl::parse_str(url_str)
+        HttpUrl::parse_string(url_str)
+            .map_err(|_| (warp::http::StatusCode::BAD_REQUEST, "Invalid URL.".into()))?
+            .strict()
            .map_err(|_| (warp::http::StatusCode::BAD_REQUEST, "Invalid URL.".into()))?
    };
Author	SHA1	Message	Date
meeg_leeto	a9714fe51a	misc: try to be more strict in URL filter	2022-04-30 01:57:29 +01:00
meeg_leeto	df0cff37af	fix: minor fixes to the HTTP frontend	2022-04-30 01:47:34 +01:00