redirect_ynh/scripts/_common.sh

#!/bin/bash

URL_REGEX_VALID='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]'
URL_REGEX_SECURE='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$'

_validate_redirect_uri() {
    if [[ ! $target =~ $URL_REGEX_VALID ]]; then
        ynh_die --message="Invalid destination: $target" 1
    fi

    # Avoid uncrypted remote destination with reverse proxy mode
    # Indeed the SSO send the password in all requests in HTTP headers
    if [[ "$redirect_type" = "reverseproxy" ]] && [[ ! $target =~ $URL_REGEX_SECURE ]]; then
        ynh_die --message="For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $target" 1
    fi
}
write validate_redirect_uri in _common.sh 2023-12-12 17:07:15 +01:00			`#!/bin/bash`

			`URL_REGEX_VALID='(https?\|ftp\|file)://[-A-Za-z0-9\+&@#/%?=~_\|!:,.;]*[-A-Za-z0-9\+&@#/%=~_\|]'`
			`URL_REGEX_SECURE='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+\|localhost)\|https://.)(:[0-9]+)?(/.)?$'`

			`_validate_redirect_uri() {`
			`if [[ ! $target =~ $URL_REGEX_VALID ]]; then`
Just adding some getops 2024-01-02 23:05:32 +01:00			`ynh_die --message="Invalid destination: $target" 1`
write validate_redirect_uri in _common.sh 2023-12-12 17:07:15 +01:00			`fi`

			`# Avoid uncrypted remote destination with reverse proxy mode`
			`# Indeed the SSO send the password in all requests in HTTP headers`
Moar tweaking/cleaning x_x 2024-01-02 17:43:58 +01:00			`if [[ "$redirect_type" = "reverseproxy" ]] && [[ ! $target =~ $URL_REGEX_SECURE ]]; then`
Just adding some getops 2024-01-02 23:05:32 +01:00			`ynh_die --message="For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $target" 1`
write validate_redirect_uri in _common.sh 2023-12-12 17:07:15 +01:00			`fi`
			`}`