Allow any URI wild card formatting for redirect_to URIs.

[spencerbart]

Bug report

This bug might be intentional but limits people who are building mobile apps. In gotrue/api/helpers.go on line 108, when I specify a redirect_to parameter during an invite request for a mobile app with formatting such as exp://192.168.0.80:19000/, gotrue doesn't support wild cards for that kind of URI format. This becomes a problem when working with Expo at a hosted URL where wildcard formatting would be useful. This also becomes a problem when working with a production mobile app.

The solution would be pretty simple by just removing if strings.HasPrefix(uri, "http") || strings.HasPrefix(uri, "https") and letting any URI wildcard formatting.

func isRedirectURLValid(config *conf.GlobalConfiguration, redirectURL string) bool {
	if redirectURL == "" {
		return false
	}

	base, berr := url.Parse(config.SiteURL)
	refurl, rerr := url.Parse(redirectURL)

	// As long as the referrer came from the site, we will redirect back there
	if berr == nil && rerr == nil && base.Hostname() == refurl.Hostname() {
		return true
	}

	// For case when user came from mobile app or other permitted resource - redirect back
	for uri, g := range config.URIAllowListMap {
		// Only allow wildcard matching if url scheme is http(s)
		if strings.HasPrefix(uri, "http") || strings.HasPrefix(uri, "https") {
			if g.Match(redirectURL) {
				return true
			}
		} else if redirectURL == uri {
			return true
		}
	}

	return false
}

[spencerbart]

There might be a purpose to only allowing HTTP and HTTPS to have wild card but it would be nice to have more flexibility

[blake-rouse]

^^having this problem too. This would be way nice.

[spencerbart]

Here is a Lyft example lyft://ridetype?id=lyft&pickup[latitude]=37.764728&pickup[longitude]=-122.422999&destination[latitude]=37.7763592&destination[longitude]=-122.4242038

[hf]

Fixing this in #711. Let's move any further conversation there.