fix: overzealous url validation

Closes #930

rule/validator.go

@@ -21,7 +21,8 @@
 package rule
 
 import (
-	"github.com/asaskevich/govalidator"
+	"net/url"
+
 	"github.com/pkg/errors"
 
 	"github.com/ory/herodot"
@@ -126,13 +127,13 @@ func (v *ValidatorDefault) Validate(r *Rule) error {
 	}
 
 	if r.Match.URL == "" {
-		return errors.WithStack(herodot.ErrInternalServerError.WithReasonf(`Value "%s" of "match.url" field is not a valid url.`, r.Match.URL))
+		return errors.WithStack(herodot.ErrInternalServerError.WithReasonf(`Value "%s" of "match.url" field must not be empty.`, r.Match.URL))
 	}
 
 	if r.Upstream.URL == "" {
 		// Having no upstream URL is fine here because the judge does not need an upstream!
-	} else if !govalidator.IsURL(r.Upstream.URL) {
-		return errors.WithStack(herodot.ErrInternalServerError.WithReasonf(`Value "%s" of "upstream.url" is not a valid url.`, r.Upstream.URL))
+	} else if _, err := url.ParseRequestURI(r.Upstream.URL); err != nil {
+		return errors.WithStack(herodot.ErrInternalServerError.WithReasonf(`Value "%s" of "upstream.url" is not a valid url: %s`, r.Upstream.URL, err))
 	}
 
 	if err := v.validateAuthenticators(r); err != nil {

rule/validator_test.go

@@ -58,7 +58,7 @@ func TestValidateRule(t *testing.T) {
 		},
 		{
 			r:         &Rule{Match: &Match{}},
-			expectErr: `Value "" of "match.url" field is not a valid url.`,
+			expectErr: `Value "" of "match.url" field must not be empty.`,
 		},
 		{
 			r: &Rule{
@@ -145,6 +145,16 @@ func TestValidateRule(t *testing.T) {
 				Mutators:       []Handler{{Handler: "noop"}},
 			},
 		},
+		{
+			setup: prep(true, true, true),
+			r: &Rule{
+				Match:          &Match{URL: "https://www.ory.sh", Methods: []string{"MKCOL"}},
+				Upstream:       Upstream{URL: "http://tasks.foo-bar_baz"},
+				Authenticators: []Handler{{Handler: "noop"}},
+				Authorizer:     Handler{Handler: "allow"},
+				Mutators:       []Handler{{Handler: "noop"}},
+			},
+		},
 		{
 			setup: prep(true, true, false),
 			r: &Rule{