diff --git a/sdk/sdk.go b/sdk/sdk.go index 2960a701f..95bbd1926 100644 --- a/sdk/sdk.go +++ b/sdk/sdk.go @@ -12,7 +12,7 @@ import ( "net" "net/http" "net/url" - "regexp" + "strings" "github.com/opentdf/platform/lib/ocrypto" "github.com/opentdf/platform/protocol/go/authorization" @@ -207,17 +207,24 @@ func New(platformEndpoint string, opts ...Option) (*SDK, error) { func SanitizePlatformEndpoint(e string) (string, error) { // check if there's a scheme, if not, add https - if !regexp.MustCompile(`^https?://`).MatchString(e) { - e = "https://" + e + u, err := url.ParseRequestURI(e) + if err != nil { + return "", errors.Join(fmt.Errorf("cannot parse platform endpoint [%s]", e), err) } - - if !regexp.MustCompile(`^(https?:\/\/)?(([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}(:\d+)?|(localhost)(:\d+)?)\/?$`).MatchString(e) { - return "", errors.New("platform endpoint is not valid") + if u.Host == "" { + // if the schema is missing add https. when the schema is missing the host is parsed as the scheme + newE := "https://" + e + u, err = url.ParseRequestURI(newE) + if err != nil { + return "", errors.Join(fmt.Errorf("cannot parse platform endpoint [%s]", newE), err) + } + if u.Host == "" { + return "", fmt.Errorf("invalid URL [%s], got empty hostname", newE) + } } - u, err := url.ParseRequestURI(e) - if err != nil { - return "", errors.Join(fmt.Errorf("cannot parse platform endpoint(%s)", e), err) + if strings.Contains(u.Hostname(), ":") { + return "", fmt.Errorf("invalid hostname [%s]. IPv6 addresses are not supported", u.Hostname()) } p := u.Port() diff --git a/sdk/sdk_test.go b/sdk/sdk_test.go index f0d1d0fa3..da6d4fdf8 100644 --- a/sdk/sdk_test.go +++ b/sdk/sdk_test.go @@ -303,6 +303,16 @@ func Test_ShouldSanitizePlatformEndpoint(t *testing.T) { endpoint: "https://localhost", expected: "localhost:443", }, + { + name: "HTTPS scheme port (IP)", + endpoint: "https://192.168.1.1:8080", + expected: "192.168.1.1:8080", + }, + { + name: "HTTPS scheme no port (IP)", + endpoint: "https://192.168.1.1", + expected: "192.168.1.1:443", + }, { name: "Malformed url", endpoint: "http://localhost:8080:8080",