URL Shortener: How to verify full URL, not just hostname

When the automated freeCodeCamp grader checks the project, it does something like this:

  1. POST http://localhost:3000/?v=1650357481653 to /api/shorturl
  2. POST http://localhost:3000/?v=1650357481929 to /api/shorturl
  3. GET /api/shorturl/f (which equals the URL in 2)
  4. POST ftp:/john-doe.invalidTLD (invalid URL) to /api/shorturl

As far as I know, the DNS core module can resolve hostnames, e.g.:

github.com

But it can’t check if anything more complex actually loads, e.g.:

https://github.com/freeCodeCamp/freeCodeCamp/blob/main/tools/scripts/lint/index.js

For this project, since the URLs that get posted in steps 1 and 2 are obviously completely random, I’m assuming it’s acceptable to only check if the format of the URL is valid and the hostname can be resolved and to disregard checking whether the page actually loads. However, just out of curiosity, is there a safe way to check if an arbitrary page on a host exists, or is this just too much of a security risk since someone could post a link to a malicious web site? Thank you.

Your project url has to be hosted publicly. I suggest clicking the link to start a replit boiler plate and copy your code into it. Click run and a preview window should open that prjoject with a live link you can copy into the submission link. The test doesn’t have access to your local host server. Unless I misunderstood your question.

Are the ?v= query strings the test is trying to redirect to valid short urls stored in your database?

My apologies. I didn’t write the original post very well. Thanks for pointing out how vague it was. I actually ended up getting my project to pass all the tests, so I completely rewrote the original post to ask about something that I was never able to figure out: checking whether an arbitrary URL beyond just a hostname actually leads somewhere.

My apologies also im a bit sleepy. The test require :

If you pass an invalid URL that doesn’t follow the valid http://www.example.com format, the JSON response will contain { error: 'invalid url' }

I used a regular expression to trim the url to a hostname only before running it through DNS and anything that didnt pass that test was responded with the above Json. Hope that helps. :face_exhaling: