Merge pull request #6 from fdoxyz/aasa-env-enforced-and-invalid-url-enhancement

fdocr · web-flow · commit 846f19c277ba · 2021-08-23T11:47:43.000-06:00
Enhancements for invalid URL handling + AASA ENV variable enforced
diff --git a/server.rb b/server.rb
@@ -47,28 +47,33 @@
 end
 
 get '/.well-known/apple-app-site-association' do
-  aasa_app_id = ENV['AASA_APP_ID'].to_s
   content_type :json
-  {
-    "applinks": {
-      "apps": [],
-      "details":[
-        {
-          "appID": aasa_app_id,
-          "paths": ["/*"]
-        }
-      ]
-    },
-    "activitycontinuation": {
-      "apps": [aasa_app_id]
-    }
-  }.to_json
+
+  aasa_app_id = ENV['AASA_APP_ID'].to_s
+  if aasa_app_id.present?
+    {
+      "applinks": {
+        "apps": [],
+        "details":[
+          {
+            "appID": aasa_app_id,
+            "paths": ["/*"]
+          }
+        ]
+      },
+      "activitycontinuation": {
+        "apps": [aasa_app_id]
+      }
+    }.to_json
+  else
+    { error: 'AASA_APP_ID not configured' }.to_json
+  end
 end
 
 get '/*' do
   begin
-    target_url = URI(params['splat'].first)
-    raise 'Invalid redirect URL' if target_url.host != request.host
+    target_url = URI(params['splat'].first.gsub('https:/', 'https://'))
+    raise 'Invalid redirect URL' unless target_url.host.present?
     redirect target_url
   rescue => error
     @error = error
diff --git a/spec/app_spec.rb b/spec/app_spec.rb
@@ -18,6 +18,13 @@ def app
       expect(last_response).to be_redirect
       expect(last_response.location).to eq(target_url)
     end
+
+    it "redirects when passing target in REST first level param" do
+      target_url = "https://dev.to/fdoxyz"
+      get "/#{target_url}"
+      expect(last_response).to be_redirect
+      expect(last_response.location).to eq(target_url)
+    end
   end
 
   context "failure" do
@@ -31,12 +38,28 @@ def app
       get '/'
     end
 
-    it "renders fallback page if requesting any other path" do
+    it "renders fallback page if requesting anything other than URL redirect" do
       get '/about-us'
     end
 
     it "renders fallback page if r parameter is an invalid URL" do
       get '/?r=poorthing-ble$$ur<3'
     end
   end
+
+  context "AASA" do
+    it "responds with AASA when AASA_APP_ID is configured" do
+      allow(ENV).to receive(:[]).with('AASA_APP_ID').and_return("R9SWHSQNV8.com.forem.app")
+      get '/.well-known/apple-app-site-association'
+      expect(last_response).to be_ok
+      expect(last_response.body).to eq("{\"applinks\":{\"apps\":[],\"details\":[{\"appID\":\"R9SWHSQNV8.com.forem.app\",\"paths\":[\"/*\"]}]},\"activitycontinuation\":{\"apps\":[\"R9SWHSQNV8.com.forem.app\"]}}")
+    end
+
+    it "responds with error when AASA_APP_ID isn't configured" do
+      allow(ENV).to receive(:[]).with('AASA_APP_ID').and_return("")
+      get '/.well-known/apple-app-site-association'
+      expect(last_response).to be_ok
+      expect(last_response.body).to eq("{\"error\":\"AASA_APP_ID not configured\"}")
+    end
+  end
 end
