feat: make invalid host fail-fast

Author: alexbabrykovich

Example/HCaptcha_Tests/Core/HCaptcha__Config__Tests.swift

@@ -139,4 +139,51 @@ class HCaptcha__Config__Tests: XCTestCase {
         let actual = config!.actualEndpoint.absoluteString
         XCTAssertTrue(actual.contains("pat=off"))
     }
+
+    func test__Host_Validation__Valid_Hostnames() {
+        // Test valid hostnames
+        let validHosts = [
+            "example.com",
+            "subdomain.example.com",
+            "localhost",
+            "127.0.0.1",
+            "api.hcaptcha.com",
+            "test-host.com",
+            "host_with_underscores.com"
+        ]
+
+        for host in validHosts {
+            do {
+                let config = try HCaptchaConfig(host: host)
+                XCTAssertEqual(config.host, host)
+            } catch {
+                XCTFail("Valid host '\(host)' should not throw error: \(error)")
+            }
+        }
+    }
+
+    func test__Host_Validation__Invalid_URLs() {
+        // Test invalid URLs that should throw error
+        let invalidHosts = [
+            "https://example.com",
+            "http://api.hcaptcha.com",
+            "ftp://test.com",
+            "example.com/path",
+            "api.hcaptcha.com/api",
+            "https://example.com/path",
+            "http://localhost:8080",
+            "example.com:8080/path"
+        ]
+
+        for host in invalidHosts {
+            do {
+                _ = try HCaptchaConfig(host: host)
+                XCTFail("Invalid host '\(host)' should throw HCaptchaError.invalidHostFormat")
+            } catch let error as HCaptchaError {
+                XCTAssertEqual(error, HCaptchaError.invalidHostFormat)
+            } catch {
+                XCTFail("HCaptchaError.invalidHostFormat should be thrown, but got: \(error)")
+            }
+        }
+    }
 }

Example/HCaptcha_Tests/Helpers/HCaptchaError+Equatable.swift

@@ -20,7 +20,8 @@ extension HCaptchaError: Equatable {
              (.sessionTimeout, .sessionTimeout),
              (.rateLimit, .rateLimit),
              (.invalidCustomTheme, .invalidCustomTheme),
-             (.networkError, .networkError):
+             (.networkError, .networkError),
+             (.invalidHostFormat, .invalidHostFormat):
             return true
         case (.unexpected(let lhe as NSError), .unexpected(let rhe as NSError)):
             return lhe == rhe
@@ -30,17 +31,19 @@ extension HCaptchaError: Equatable {
     }
 
     static func random() -> HCaptchaError {
-        switch arc4random_uniform(7) {
-        case 0: return .htmlLoadError
-        case 1: return .apiKeyNotFound
-        case 2: return .baseURLNotFound
-        case 3: return .wrongMessageFormat
-        case 4: return .failedSetup
-        case 5: return .sessionTimeout
-        case 6: return .rateLimit
-        case 7: return .invalidCustomTheme
-        case 8: return .networkError
-        default: return .unexpected(NSError())
-        }
+        let cases: [HCaptchaError] = [
+            .htmlLoadError,
+            .apiKeyNotFound,
+            .baseURLNotFound,
+            .wrongMessageFormat,
+            .failedSetup,
+            .sessionTimeout,
+            .rateLimit,
+            .invalidCustomTheme,
+            .invalidHostFormat,
+            .networkError,
+            .unexpected(NSError())
+        ]
+        return cases.randomElement()!
     }
 }

HCaptcha/Classes/HCaptchaConfig.swift

@@ -234,6 +234,10 @@ struct HCaptchaConfig: CustomDebugStringConvertible {
             }
         }
 
+        if let host = host, host.localizedStandardContains("/") {
+            throw HCaptchaError.invalidHostFormat
+        }
+
         self.html = html
         self.apiKey = apiKey
         self.passiveApiKey = passiveApiKey ?? false

HCaptcha/Classes/HCaptchaError.swift

@@ -44,6 +44,9 @@ public enum HCaptchaError: Error, CustomStringConvertible {
     /// Invalid custom theme passed
     case invalidCustomTheme
 
+    /// Invalid host format - host should be a hostname only, not a full URL
+    case invalidHostFormat
+
     public static func == (lhs: HCaptchaError, rhs: HCaptchaError) -> Bool {
         return lhs.description == rhs.description
     }
@@ -86,6 +89,9 @@ public enum HCaptchaError: Error, CustomStringConvertible {
 
         case .invalidCustomTheme:
             return "Invalid JSON or JSObject as customTheme"
+
+        case .invalidHostFormat:
+            return "Host parameter should be a hostname only (e.g., 'example.com'), not a full URL"
         }
     }
 }