From b9ce959c18703429610ff51f6287a176a2059b0a Mon Sep 17 00:00:00 2001
From: Jun Kimura <jun.kimura@datachain.jp>
Date: Tue, 24 Dec 2024 11:27:04 +0900
Subject: [PATCH] improve url validation

Signed-off-by: Jun Kimura <jun.kimura@datachain.jp>
---
 crates/light-client-cli/src/context.rs |  2 +-
 crates/lodestar-rpc/src/client.rs      | 24 ++++++++++++++++++++----
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/crates/light-client-cli/src/context.rs b/crates/light-client-cli/src/context.rs
index 6d0bb1c..ac539f1 100644
--- a/crates/light-client-cli/src/context.rs
+++ b/crates/light-client-cli/src/context.rs
@@ -29,8 +29,8 @@ impl<
     pub fn build(network: Network, opts: Opts) -> Result<Self, Error> {
         let home_dir = opts.home_dir();
         if !home_dir.exists() {
-            info!("directory {:?} is created", home_dir);
             std::fs::create_dir(&home_dir)?;
+            info!("directory {:?} is created", home_dir);
         }
         Ok(Self {
             config: network.config(),
diff --git a/crates/lodestar-rpc/src/client.rs b/crates/lodestar-rpc/src/client.rs
index db1ae8f..7fbab2a 100644
--- a/crates/lodestar-rpc/src/client.rs
+++ b/crates/lodestar-rpc/src/client.rs
@@ -8,7 +8,7 @@ use ethereum_consensus::beacon::Slot;
 use ethereum_consensus::sync_protocol::SyncCommitteePeriod;
 use ethereum_consensus::types::H256;
 use log::debug;
-use reqwest::{Client, StatusCode};
+use reqwest::{Client, StatusCode, Url};
 use serde::de::DeserializeOwned;
 
 type Result<T> = core::result::Result<T, Error>;
@@ -20,9 +20,25 @@ pub struct RPCClient {
 
 impl RPCClient {
     pub fn new(endpoint: impl Into<String>) -> Self {
+        let url = Url::parse(&endpoint.into()).expect("Invalid URL");
+        if url.scheme() != "http" && url.scheme() != "https" {
+            panic!("Invalid URL scheme: {}", url.scheme());
+        }
+        if url.path() != "/" {
+            panic!("Invalid URL path: {}", url.path());
+        }
+        if url.host().is_none() {
+            panic!("Invalid URL host: {}", url.host().unwrap());
+        }
+        if url.query().is_some() {
+            panic!("Invalid URL query: {}", url.query().unwrap());
+        }
+        if url.fragment().is_some() {
+            panic!("Invalid URL fragment: {}", url.fragment().unwrap());
+        }
         Self {
             http_client: reqwest::Client::new(),
-            endpoint: endpoint.into(),
+            endpoint: url.as_str().strip_suffix("/").unwrap().to_string(),
         }
     }
 
@@ -168,8 +184,8 @@ impl RPCClient {
 
 #[derive(serde::Serialize, serde::Deserialize)]
 struct InternalServerError {
-    #[serde(rename = "statusCode")]
+    #[serde(alias = "statusCode", alias = "code")]
     status_code: u64,
-    error: String,
+    error: Option<String>,
     message: String,
 }