whitequark.org
+10
-2
src/auth.go
+10
-2
src/auth.go
···
12
12
"slices"
13
13
"strings"
14
14
"time"
15
+
16
+
"golang.org/x/net/idna"
15
17
)
16
18
17
19
type AuthError struct {
···
42
44
return nil
43
45
}
44
46
47
+
var idnaProfile = idna.New(idna.MapForLookup(), idna.BidiRule())
48
+
45
49
func GetHost(r *http.Request) (string, error) {
46
-
// FIXME: handle IDNA
47
50
host, _, err := net.SplitHostPort(r.Host)
48
51
if err != nil {
49
-
// dirty but the go stdlib doesn't have a "split port if present" function
50
52
host = r.Host
53
+
}
54
+
// this also rejects invalid characters and labels
55
+
host, err = idnaProfile.ToASCII(host)
56
+
if err != nil {
57
+
return "", AuthError{http.StatusBadRequest,
58
+
fmt.Sprintf("malformed host name %q", host)}
51
59
}
52
60
if strings.HasPrefix(host, ".") {
53
61
return "", AuthError{http.StatusBadRequest,