lib/clients.js
'use strict'
let url = require('url')
function insecureURL (uri) {
if (uri.protocol === 'https:') return false
// allow non-https localhost, 10.*, 127.*, and 192.* clients for testing
if (/^localhost(?:[:]\d+)?$/.test(uri.host)) return false
if (/\.local(?:[:]\d+)?$/.test(uri.host)) return false
if (uri.host.match(/^(10|127|192)\.\d{1,3}\.\d{1,3}\.\d{1,3}(?:[:]\d+)?$/)) return false
return true
}
function validateURL (uri) {
let u = url.parse(uri)
if (!u.protocol) throw new Error('Invalid URL')
if (insecureURL(u)) throw new Error('Unsupported callback URL. Clients have to use HTTPS for non-local addresses.')
return uri
}
module.exports = {
validateURL
}