From 70f5751a97f770819f8b823fd09ba63d75bf4a8b Mon Sep 17 00:00:00 2001
From: jwijenbergh <jeroenwijenbergh@protonmail.com>
Date: Tue, 2 May 2023 10:41:39 +0200
Subject: Endpoints: Double check HTTPS scheme

Now the note in the CLI is really not needed, but maybe wise to keep
it there?
---
 internal/server/api/api_test.go        | 16 ++++++++++++----
 internal/server/endpoints/endpoints.go |  3 +++
 2 files changed, 15 insertions(+), 4 deletions(-)

(limited to 'internal/server')

diff --git a/internal/server/api/api_test.go b/internal/server/api/api_test.go
index 7509a30..2e19d47 100644
--- a/internal/server/api/api_test.go
+++ b/internal/server/api/api_test.go
@@ -54,11 +54,11 @@ func Test_APIGetEndpoints(t *testing.T) {
 		},
 		{
 			epl: endpoints.List{
-				API:           "http://example.com/1",
-				Authorization: "https://example.com/2",
-				Token:         "https://example.com/3",
+				API:           "https://example.com/1",
+				Authorization: "http://example.com/2",
+				Token:         "http://example.com/3",
 			},
-			err: errors.New("API scheme: 'http', is not equal to authorization scheme: 'https'"),
+			err: errors.New("API scheme: 'https', is not equal to authorization scheme: 'http'"),
 		},
 		{
 			epl: endpoints.List{
@@ -92,6 +92,14 @@ func Test_APIGetEndpoints(t *testing.T) {
 			},
 			err: errors.New("API host: 'example.com', is not equal to authorization host: 'malicious.com'"),
 		},
+		{
+			epl: endpoints.List{
+				API:           "https://example.com/1",
+				Authorization: "https://example.com/2",
+				Token:         "ftp://example.com/3",
+			},
+			err: errors.New("API scheme: 'https', is not equal to token scheme: 'ftp'"),
+		},
 	}
 
 	for _, tc := range testCases {
diff --git a/internal/server/endpoints/endpoints.go b/internal/server/endpoints/endpoints.go
index 75bca55..3e675e4 100644
--- a/internal/server/endpoints/endpoints.go
+++ b/internal/server/endpoints/endpoints.go
@@ -37,6 +37,9 @@ func (e Endpoints) Validate() error {
 	if err != nil {
 		return errors.WrapPrefix(err, "failed to parse API token endpoint", 0)
 	}
+	if pAPI.Scheme != "https" {
+		return errors.Errorf("API Scheme: '%v', is not equal to HTTPS", pAPI.Scheme)
+	}
 	if pAPI.Scheme != pAuth.Scheme {
 		return errors.Errorf("API scheme: '%v', is not equal to authorization scheme: '%v'", pAPI.Scheme, pAuth.Scheme)
 	}
-- 
cgit v1.2.3