1package config
 2
 3import (
 4	"fmt"
 5	"net"
 6	"net/url"
 7)
 8
 9var lookupHostFn = net.LookupHost
10
11func isLoopbackHost(host string) (bool, error) {
12	ip := net.ParseIP(host)
13	if ip != nil {
14		return ip.IsLoopback(), nil
15	}
16
17	// Host is not an ip, perform lookup
18	addrs, err := lookupHostFn(host)
19	if err != nil {
20		return false, err
21	}
22	if len(addrs) == 0 {
23		return false, fmt.Errorf("no addrs found for host, %s", host)
24	}
25
26	for _, addr := range addrs {
27		if !net.ParseIP(addr).IsLoopback() {
28			return false, nil
29		}
30	}
31
32	return true, nil
33}
34
35func validateLocalURL(v string) error {
36	u, err := url.Parse(v)
37	if err != nil {
38		return err
39	}
40
41	host := u.Hostname()
42	if len(host) == 0 {
43		return fmt.Errorf("unable to parse host from local HTTP cred provider URL")
44	} else if isLoopback, err := isLoopbackHost(host); err != nil {
45		return fmt.Errorf("failed to resolve host %q, %v", host, err)
46	} else if !isLoopback {
47		return fmt.Errorf("invalid endpoint host, %q, only host resolving to loopback addresses are allowed", host)
48	}
49
50	return nil
51}