From e90637098a51d3c7af56f252d18cb49272417750 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Wed, 1 Sep 2021 01:21:47 -0600 Subject: [PATCH] Add Bearcap util --- app/Story.php | 3 +- app/Util/Lexer/Bearcap.php | 57 ++++++++++++++++++++++++++++ tests/Unit/BearcapTest.php | 77 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 136 insertions(+), 1 deletion(-) create mode 100644 app/Util/Lexer/Bearcap.php create mode 100644 tests/Unit/BearcapTest.php diff --git a/app/Story.php b/app/Story.php index f46f01403..f4d403e85 100644 --- a/app/Story.php +++ b/app/Story.php @@ -6,6 +6,7 @@ use Auth; use Storage; use Illuminate\Database\Eloquent\Model; use Pixelfed\Snowflake\HasSnowflakePrimary; +use App\Util\Lexer\Bearcap; class Story extends Model { @@ -66,7 +67,7 @@ class Story extends Model public function bearcapUrl() { - return "bear:?t={$this->bearcap_token}&u={$this->url()}"; + return Bearcap::encode($this->url(), $this->bearcap_token); } public function scopeToAudience($scope) diff --git a/app/Util/Lexer/Bearcap.php b/app/Util/Lexer/Bearcap.php new file mode 100644 index 000000000..abc62adac --- /dev/null +++ b/app/Util/Lexer/Bearcap.php @@ -0,0 +1,57 @@ +substr(6)->explode('&')->toArray(); + + foreach($parts as $part) { + if(Str::startsWith($part, 't=')) { + $res['token'] = substr($part, 2); + } + + if(Str::startsWith($part, 'u=')) { + $res['url'] = substr($part, 2); + } + } + + if( !isset($res['token']) || + !isset($res['url']) + ) { + return false; + } + + $url = $res['url']; + if(mb_substr($url, 0, 8) !== 'https://') { + return false; + } + $valid = filter_var($url, FILTER_VALIDATE_URL); + if(!$valid) { + return false; + } + return $res; + } +} diff --git a/tests/Unit/BearcapTest.php b/tests/Unit/BearcapTest.php new file mode 100644 index 000000000..f7aaf6d98 --- /dev/null +++ b/tests/Unit/BearcapTest.php @@ -0,0 +1,77 @@ + "LpVypnEUdHhwwgXE9tTqEwrtPvmLjqYaPexqyXnVo1flSfJy5AYMCdRPiFRmqld2", + "url" => "https://pixelfed.test/stories/admin/337892163734081536", + ]; + $actual = Bearcap::decode($str); + $this->assertEquals($expected, $actual); + } + + /** @test */ + public function invalidTokenParameterName() + { + $str = 'bear:?token=LpVypnEUdHhwwgXE9tTqEwrtPvmLjqYaPexqyXnVo1flSfJy5AYMCdRPiFRmqld2&u=https://pixelfed.test/stories/admin/337892163734081536'; + $actual = Bearcap::decode($str); + $this->assertFalse($actual); + } + + /** @test */ + public function invalidUrlParameterName() + { + $str = 'bear:?t=LpVypnEUdHhwwgXE9tTqEwrtPvmLjqYaPexqyXnVo1flSfJy5AYMCdRPiFRmqld2&url=https://pixelfed.test/stories/admin/337892163734081536'; + $actual = Bearcap::decode($str); + $this->assertFalse($actual); + } + + /** @test */ + public function invalidScheme() + { + $str = 'bearcap:?t=LpVypnEUdHhwwgXE9tTqEwrtPvmLjqYaPexqyXnVo1flSfJy5AYMCdRPiFRmqld2&url=https://pixelfed.test/stories/admin/337892163734081536'; + $actual = Bearcap::decode($str); + $this->assertFalse($actual); + } + + /** @test */ + public function missingToken() + { + $str = 'bear:?u=https://pixelfed.test/stories/admin/337892163734081536'; + $actual = Bearcap::decode($str); + $this->assertFalse($actual); + } + + /** @test */ + public function missingUrl() + { + $str = 'bear:?t=LpVypnEUdHhwwgXE9tTqEwrtPvmLjqYaPexqyXnVo1flSfJy5AYMCdRPiFRmqld2'; + $actual = Bearcap::decode($str); + $this->assertFalse($actual); + } + + /** @test */ + public function invalidHttpUrl() + { + $str = 'bear:?t=LpVypnEUdHhwwgXE9tTqEwrtPvmLjqYaPexqyXnVo1flSfJy5AYMCdRPiFRmqld2&u=http://pixelfed.test/stories/admin/337892163734081536'; + $actual = Bearcap::decode($str); + $this->assertFalse($actual); + } + + /** @test */ + public function invalidUrlSchema() + { + $str = 'bear:?t=LpVypnEUdHhwwgXE9tTqEwrtPvmLjqYaPexqyXnVo1flSfJy5AYMCdRPiFRmqld2&u=phar://pixelfed.test/stories/admin/337892163734081536'; + $actual = Bearcap::decode($str); + $this->assertFalse($actual); + } +}