From a22ac157417d041045127c574f8bbe4847e8b2ff Mon Sep 17 00:00:00 2001 From: Juan Carlos Date: Thu, 31 Oct 2024 21:38:56 -0300 Subject: [PATCH 1/4] feat: Check if url is an HTTP URL --- supabase_auth/helpers.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/supabase_auth/helpers.py b/supabase_auth/helpers.py index 1ac90e83..cfa41d17 100644 --- a/supabase_auth/helpers.py +++ b/supabase_auth/helpers.py @@ -8,6 +8,7 @@ from base64 import urlsafe_b64decode from datetime import datetime from json import loads +from urllib.parse import urlparse from typing import Any, Dict, Optional, Type, TypeVar, cast from httpx import HTTPStatusError, Response @@ -238,3 +239,7 @@ def parse_response_api_version(response: Response): return dt except Exception as e: return None + + +def is_http_url(url: str) -> bool: + return urlparse(url).scheme in {"https", "http"} From 9607f93fd82cc309d8bb4dbd0af19bdbac6be856 Mon Sep 17 00:00:00 2001 From: Juan Carlos Date: Thu, 31 Oct 2024 21:39:01 -0300 Subject: [PATCH 2/4] feat: Check if url is an HTTP URL --- supabase_auth/_sync/client.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/supabase_auth/_sync/client.py b/supabase_auth/_sync/client.py index 46577133..65d612df 100644 --- a/supabase_auth/_sync/client.py +++ b/supabase_auth/_sync/client.py @@ -10,7 +10,7 @@ from ..constants import COOKIE_OPTIONS, DEFAULT_HEADERS, GOTRUE_URL, STORAGE_KEY from ..exceptions import APIError -from ..helpers import model_dump, model_validate +from ..helpers import model_dump, model_validate, is_http_url from ..types import ( AuthChangeEvent, CookieOptions, @@ -61,6 +61,8 @@ def __init__( proxy: str HTTP Proxy string or None, None by default, None disables proxy. """ + if not is_http_url(url): + ValueError("url must be a valid HTTP URL string") if url.startswith("http://"): print( "Warning:\n\nDO NOT USE HTTP IN PRODUCTION FOR GOTRUE EVER!\n" @@ -428,6 +430,8 @@ def get_session_from_url( APIError If an error occurs. """ + if not is_http_url(url): + ValueError("url must be a valid HTTP URL string") data = urlparse(url) query = parse_qs(data.query) error_description = query.get("error_description") From d4067375ff671db7ec35c38e87dad5a4c9a09cbb Mon Sep 17 00:00:00 2001 From: Juan Carlos Date: Thu, 31 Oct 2024 21:39:21 -0300 Subject: [PATCH 3/4] feat: Check if url is an HTTP URL --- supabase_auth/_sync/client.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/supabase_auth/_sync/client.py b/supabase_auth/_sync/client.py index 65d612df..7f075765 100644 --- a/supabase_auth/_sync/client.py +++ b/supabase_auth/_sync/client.py @@ -10,7 +10,7 @@ from ..constants import COOKIE_OPTIONS, DEFAULT_HEADERS, GOTRUE_URL, STORAGE_KEY from ..exceptions import APIError -from ..helpers import model_dump, model_validate, is_http_url +from ..helpers import is_http_url, model_dump, model_validate from ..types import ( AuthChangeEvent, CookieOptions, From f861b597f992454a09d51897db72fa07ae7330b9 Mon Sep 17 00:00:00 2001 From: Juan Carlos Date: Thu, 31 Oct 2024 21:39:23 -0300 Subject: [PATCH 4/4] feat: Check if url is an HTTP URL --- supabase_auth/helpers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/supabase_auth/helpers.py b/supabase_auth/helpers.py index cfa41d17..9808efd1 100644 --- a/supabase_auth/helpers.py +++ b/supabase_auth/helpers.py @@ -8,8 +8,8 @@ from base64 import urlsafe_b64decode from datetime import datetime from json import loads -from urllib.parse import urlparse from typing import Any, Dict, Optional, Type, TypeVar, cast +from urllib.parse import urlparse from httpx import HTTPStatusError, Response from pydantic import BaseModel