From 807140ce43584e9612f7b5890b13d751247f8e6e Mon Sep 17 00:00:00 2001
From: jwijenbergh <jeroenwijenbergh@protonmail.com>
Date: Thu, 16 Feb 2023 15:48:52 +0100
Subject: Server: Validate endpoints

This commit validates the server endpoints by checking the Host and
scheme of each URL to check if they match eachother. This is to
prevent further mixup attacks
---
 internal/server/server.go | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'internal/server/server.go')

diff --git a/internal/server/server.go b/internal/server/server.go
index 00324a2..c68916e 100644
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -33,12 +33,14 @@ type EndpointList struct {
 	Token         string `json:"token_endpoint"`
 }
 
+type EndpointsVersions struct {
+	V2 EndpointList `json:"http://eduvpn.org/api#2"`
+	V3 EndpointList `json:"http://eduvpn.org/api#3"`
+}
+
 // Endpoints defines the json format for /.well-known/vpn-user-portal".
 type Endpoints struct {
-	API struct {
-		V2 EndpointList `json:"http://eduvpn.org/api#2"`
-		V3 EndpointList `json:"http://eduvpn.org/api#3"`
-	} `json:"api"`
+	API EndpointsVersions `json:"api"`
 	V string `json:"v"`
 }
 
-- 
cgit v1.2.3