Fix DCR consistency: safe JSON, proper HTTP client, error wrapping

Author: telegrapher

cmd/dcr.go

@@ -1,8 +1,19 @@
+// Copyright 2025 Adobe. All rights reserved.
+// This file is licensed to you under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License. You may obtain a copy
+// of the License at http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software distributed under
+// the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+// OF ANY KIND, either express or implied. See the License for the specific language
+// governing permissions and limitations under the License.
+
 package cmd
 
 import (
 	"fmt"
 
+	"github.com/adobe/imscli/cmd/pretty"
 	"github.com/adobe/imscli/ims"
 	"github.com/spf13/cobra"
 )
@@ -30,11 +41,10 @@ func registerCmd(imsConfig *ims.Config) *cobra.Command {
 
 			resp, err := imsConfig.Register()
 			if err != nil {
-				return fmt.Errorf("error during client registration: %v", err)
+			return fmt.Errorf("error during client registration: %w", err)
 			}
 
-			fmt.Printf("Status Code: %d\n", resp.StatusCode)
-			fmt.Println(resp.Body)
+			fmt.Println(pretty.JSON(resp))
 			return nil
 		},
 	}

ims/client.go

@@ -1,3 +1,13 @@
+// Copyright 2020 Adobe. All rights reserved.
+// This file is licensed to you under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License. You may obtain a copy
+// of the License at http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software distributed under
+// the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+// OF ANY KIND, either express or implied. See the License for the specific language
+// governing permissions and limitations under the License.
+
 package ims
 
 import (

ims/register.go

@@ -1,22 +1,29 @@
+// Copyright 2025 Adobe. All rights reserved.
+// This file is licensed to you under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License. You may obtain a copy
+// of the License at http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software distributed under
+// the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+// OF ANY KIND, either express or implied. See the License for the specific language
+// governing permissions and limitations under the License.
+
 package ims
 
 import (
+	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
 	"strings"
 )
 
-// RegisterResponse contains the response from DCR registration
-type RegisterResponse struct {
-	StatusCode int
-	Body       string
-}
-
 func (i Config) validateRegisterConfig() error {
 	switch {
 	case i.URL == "":
 		return fmt.Errorf("missing IMS base URL parameter")
+	case !validateURL(i.URL):
+		return fmt.Errorf("invalid IMS base URL parameter")
 	case i.ClientName == "":
 		return fmt.Errorf("missing client name parameter")
 	case len(i.RedirectURIs) == 0:
@@ -26,48 +33,44 @@ func (i Config) validateRegisterConfig() error {
 	}
 }
 
-// Register performs Dynamic Client Registration
-func (i Config) Register() (RegisterResponse, error) {
+// Register performs Dynamic Client Registration.
+func (i Config) Register() (string, error) {
 	if err := i.validateRegisterConfig(); err != nil {
-		return RegisterResponse{}, fmt.Errorf("invalid parameters for client registration: %v", err)
+		return "", fmt.Errorf("invalid parameters for client registration: %w", err)
 	}
 
-	// Build redirect URIs JSON array
-	redirectURIsJSON := "["
-	for idx, uri := range i.RedirectURIs {
-		if idx > 0 {
-			redirectURIsJSON += ","
-		}
-		redirectURIsJSON += fmt.Sprintf(`"%s"`, uri)
+	// Build the request payload using json.Marshal for proper escaping.
+	payload, err := json.Marshal(map[string]interface{}{
+		"client_name":   i.ClientName,
+		"redirect_uris": i.RedirectURIs,
+	})
+	if err != nil {
+		return "", fmt.Errorf("error building registration payload: %w", err)
 	}
-	redirectURIsJSON += "]"
-
-	payload := strings.NewReader(fmt.Sprintf(`{
-  "client_name": "%s",
-  "redirect_uris": %s
-}`, i.ClientName, redirectURIsJSON))
 
 	endpoint := strings.TrimRight(i.URL, "/") + "/ims/register"
 
-	req, err := http.NewRequest("POST", endpoint, payload)
+	req, err := http.NewRequest("POST", endpoint, strings.NewReader(string(payload)))
 	if err != nil {
-		return RegisterResponse{}, fmt.Errorf("error creating request: %v", err)
+		return "", fmt.Errorf("error creating request: %w", err)
 	}
 	req.Header.Add("content-type", "application/json")
 
-	res, err := http.DefaultClient.Do(req)
+	httpClient, err := i.httpClient()
+	if err != nil {
+		return "", fmt.Errorf("error creating the HTTP client: %w", err)
+	}
+
+	res, err := httpClient.Do(req)
 	if err != nil {
-		return RegisterResponse{}, fmt.Errorf("error making registration request: %v", err)
+		return "", fmt.Errorf("error making registration request: %w", err)
 	}
 	defer func() { _ = res.Body.Close() }()
 
 	body, err := io.ReadAll(res.Body)
 	if err != nil {
-		return RegisterResponse{}, fmt.Errorf("error reading response body: %v", err)
+		return "", fmt.Errorf("error reading response body: %w", err)
 	}
 
-	return RegisterResponse{
-		StatusCode: res.StatusCode,
-		Body:       string(body),
-	}, nil
+	return string(body), nil
 }