fix: validate urls when creating a notification endpoint

http/notification_endpoint_test.go

@@ -75,7 +75,7 @@ func TestService_handleGetNotificationEndpoints(t *testing.T) {
 									OrgID:  influxTesting.MustIDBase16Ptr("50f7ba1150f7ba11"),
 									Status: influxdb.Active,
 								},
-								URL: "http://example.com",
+								URL: "http://slack.com",
 							},
 							&endpoint.HTTP{
 								Base: endpoint.Base{
@@ -84,7 +84,7 @@ func TestService_handleGetNotificationEndpoints(t *testing.T) {
 									OrgID:  influxTesting.MustIDBase16Ptr("7e55e118dbabb1ed"),
 									Status: influxdb.Inactive,
 								},
-								URL:             "example.com",
+								URL:             "http://example.com",
 								Username:        influxdb.SecretField{Key: "http-user-key"},
 								Password:        influxdb.SecretField{Key: "http-password-key"},
 								AuthMethod:      "basic",
@@ -152,11 +152,11 @@ func TestService_handleGetNotificationEndpoints(t *testing.T) {
 			 "type": "slack",
 			 "token": "",
 		     "updatedAt": "0001-01-01T00:00:00Z",
-		     "url": "http://example.com"
+		     "url": "http://slack.com"
 		   },
 		   {
 		     "createdAt": "0001-01-01T00:00:00Z",
-		     "url": "example.com",
+		     "url": "http://example.com",
 		     "id": "c0175f0077a77005",
 		     "labels": [
 		       {
@@ -293,7 +293,7 @@ func TestService_handleGetNotificationEndpoint(t *testing.T) {
 									Name:   "hello",
 									Status: influxdb.Active,
 								},
-								URL:             "example.com",
+								URL:             "http://example.com",
 								Username:        influxdb.SecretField{Key: "http-user-key"},
 								Password:        influxdb.SecretField{Key: "http-password-key"},
 								AuthMethod:      "basic",
@@ -326,7 +326,7 @@ func TestService_handleGetNotificationEndpoint(t *testing.T) {
 		  "createdAt": "0001-01-01T00:00:00Z",
 		  "updatedAt": "0001-01-01T00:00:00Z",
 		  "id": "020f755c3c082000",
-		  "url": "example.com",
+		  "url": "http://example.com",
 		  "username": "secret: http-user-key",
 		  "password": "secret: http-password-key",
 		  "token":"",
@@ -450,7 +450,7 @@ func TestService_handlePostNotificationEndpoint(t *testing.T) {
 					"orgID":           "6f626f7274697320",
 					"description":     "desc1",
 					"status":          "active",
-					"url":             "example.com",
+					"url":             "http://example.com",
 					"username":        "user1",
 					"password":        "password1",
 					"authMethod":      "basic",
@@ -469,7 +469,7 @@ func TestService_handlePostNotificationEndpoint(t *testing.T) {
     "members": "/api/v2/notificationEndpoints/020f755c3c082000/members",
     "owners": "/api/v2/notificationEndpoints/020f755c3c082000/owners"
   },
-  "url": "example.com",
+  "url": "http://example.com",
   "status": "active",
   "username": "secret: 020f755c3c082000-username",
   "password": "secret: 020f755c3c082000-password",
@@ -489,6 +489,44 @@ func TestService_handlePostNotificationEndpoint(t *testing.T) {
 `,
 			},
 		},
+		{
+			name: "create a new notification endpoint with bad URL",
+			fields: fields{
+				Secrets: map[string]string{},
+				NotificationEndpointService: &mock.NotificationEndpointService{
+					CreateNotificationEndpointF: func(ctx context.Context, edp influxdb.NotificationEndpoint, userID platform.ID) error {
+						edp.SetID(influxTesting.MustIDBase16("020f755c3c082000"))
+						edp.BackfillSecretKeys()
+						return nil
+					},
+				},
+				OrganizationService: &mock.OrganizationService{
+					FindOrganizationF: func(ctx context.Context, f influxdb.OrganizationFilter) (*influxdb.Organization, error) {
+						return &influxdb.Organization{ID: influxTesting.MustIDBase16("6f626f7274697320")}, nil
+					},
+				},
+			},
+			args: args{
+				endpoint: map[string]interface{}{
+					"name":            "hello",
+					"type":            "http",
+					"orgID":           "6f626f7274697320",
+					"description":     "desc1",
+					"status":          "active",
+					"url":             "example.com",
+					"username":        "user1",
+					"password":        "password1",
+					"authMethod":      "basic",
+					"method":          "POST",
+					"contentTemplate": "template",
+				},
+			},
+			wants: wants{
+				statusCode:  http.StatusBadRequest,
+				contentType: "application/json; charset=utf-8",
+				body:        `{"code":"invalid","message":"the provided url should match the standard url schema"}`,
+			},
+		},
 	}
 
 	for _, tt := range tests {
@@ -796,7 +834,7 @@ func TestService_handleUpdateNotificationEndpoint(t *testing.T) {
 					"orgID":  "020f755c3c082001",
 					"type":   "slack",
 					"token":  "",
-					"url":    "example.com",
+					"url":    "https://slack.com",
 				},
 			},
 			wants: wants{
@@ -815,7 +853,7 @@ func TestService_handleUpdateNotificationEndpoint(t *testing.T) {
 		  "id": "020f755c3c082000",
 		  "orgID": "020f755c3c082001",
 		  "name": "example",
-		  "url": "example.com",
+		  "url": "https://slack.com",
           "type": "slack",
 		  "status": "active",
 		  "token": "",

notification/endpoint/http.go

@@ -133,6 +133,25 @@ func (s HTTP) MarshalJSON() ([]byte, error) {
 		})
 }
 
+func (s *HTTP) UnmarshalJSON(b []byte) error {
+	type Alias HTTP
+	var a Alias
+
+	if err := json.Unmarshal(b, &a); err != nil {
+		return err
+	}
+
+	if a.URL != "" {
+		if u, err := url.Parse(a.URL); err != nil || u.Scheme == "" || u.Host == "" {
+			return fmt.Errorf("the provided url should match the standard url schema")
+		}
+	}
+
+	*s = HTTP(a)
+
+	return nil
+}
+
 // Type returns the type.
 func (s HTTP) Type() string {
 	return HTTPType