wala-rust

commit e93b7a823cda4f02bcb2b14fdd88ce251852a957
parent 15b4bca53a0c8eefad73477257812388460f377d
Author: lash <dev@holbrook.no>
Date:   Sun, 18 Sep 2022 12:39:59 +0000

Add preflight handling

Diffstat:
M
src/auth/pgp.rs
 | 
5
+++++
M
src/main.rs
 | 
14
++++++++++++--
M
src/request.rs
 | 
1
-
M
src/response.rs
 | 
45
++++++++++++++++++++++++++++++++++++++++++++-

4 files changed, 61 insertions(+), 4 deletions(-)
diff --git a/src/auth/pgp.rs b/src/auth/pgp.rs
@@ -8,6 +8,8 @@
 //! ``` ignore,
 //! gpg -b <file>
 //! ```
+//!
+//! Does not work for ECC secp256k1 signature.
 use std::io::Read;
 use crate::auth::{
     AuthSpec,
@@ -136,6 +138,7 @@ pub fn auth_check(auth: &AuthSpec, data: impl Read, data_length: usize) -> Resul
         }
     };
 
+    debug!("signature data {:?}", auth.signature);
     let sig_data = match base64::decode(&auth.signature) {
         Ok(v) => {
             v
@@ -148,6 +151,7 @@ pub fn auth_check(auth: &AuthSpec, data: impl Read, data_length: usize) -> Resul
     
     let key = match check_key_single(&key_data) {
         Some(v) => {
+            debug!("using public key (raw) {:?}", v.key_id());
             if !check_sig_single(&v, sig_data, data, data_length) {
                 error!("invalid raw signature for {:?}", hex::encode(&v.fingerprint()));
                 return Err(AuthError{});
@@ -158,6 +162,7 @@ pub fn auth_check(auth: &AuthSpec, data: impl Read, data_length: usize) -> Resul
         None => {
             let key = match check_key_bundle(&key_data) {
                 Some(v) => {
+                    debug!("using public key (bundle) {:?}", v.key_id());
                     if !check_sig_bundle(&v, sig_data, data, data_length) {
                         error!("invalid bundle signature for {:?}", hex::encode(&v.fingerprint()));
                         return Err(AuthError{});
diff --git a/src/main.rs b/src/main.rs
@@ -34,7 +34,10 @@ use wala::record::{
 };
 
 use wala::request::process_method;
-use wala::response::exec_response;
+use wala::response::{
+    exec_response,
+    preflight_response,   
+};
 
 mod arg;
 use arg::Settings;
@@ -238,9 +241,16 @@ fn main() {
             }
         };
 
+        let method = req.method().clone();
+        match &method {
+            Method::Options => {
+                preflight_response(req);
+                continue;
+            },
+            _ => {},
+        }
 
         let url = String::from(&req.url()[1..]);
-        let method = req.method().clone();
         let expected_size = match req.body_length() {
                 Some(v) => {
                     v 
diff --git a/src/request.rs b/src/request.rs
@@ -158,7 +158,6 @@ pub fn process_method(method: &Method, url: String, mut f: impl Read, expected_s
                     return res;
                 },
                 None => {
-                    debug!("nooonn");
                     return RequestResult {
                         typ: RequestResultType::RecordError,
                         v: Some(String::new()),
diff --git a/src/response.rs b/src/response.rs
@@ -1,5 +1,7 @@
 use std::str::FromStr;
 
+use log::{debug};
+
 use tiny_http::{
     StatusCode,
     Request,
@@ -15,6 +17,35 @@ use crate::record::{
 };
 
 
+pub fn origin_headers() -> Vec<Header> {
+    let mut headers: Vec<Header> = vec!();
+    headers.push(Header{
+        field: HeaderField::from_str("Access-Control-Allow-Origin").unwrap(),
+        value: AsciiString::from_ascii("*").unwrap(),
+    });
+    headers.push(Header{
+        field: HeaderField::from_str("Access-Control-Allow-Methods").unwrap(),
+        value: AsciiString::from_ascii("OPTIONS, PUT, GET").unwrap(),
+    });
+    headers.push(Header{
+        field: HeaderField::from_str("Access-Control-Allow-Headers").unwrap(),
+        value: AsciiString::from_ascii("Content-Type,Authorization,X-Filename").unwrap(),
+    });
+    headers
+}
+
+pub fn preflight_response(req: Request) {
+    let auth_origin_headers = origin_headers();
+    let res_status = StatusCode(200);
+    let mut res = Response::empty(res_status);
+    for v in auth_origin_headers.iter() {
+        res.add_header(v.clone());
+    }
+    req.respond(res);
+    debug!("served options request");
+    return;
+}
+
 pub fn exec_response(req: Request, r: RequestResult) {
     let res_status: StatusCode;
     match r.typ {
@@ -40,10 +71,16 @@ pub fn exec_response(req: Request, r: RequestResult) {
             res_status = StatusCode(500);
         },
     }
+
+    let auth_origin_headers = origin_headers();
+
     match r.v {
         Some(v) => {
             let mut res = Response::from_string(v);
             res = res.with_status_code(res_status);
+            for v in auth_origin_headers.iter() {
+                res.add_header(v.clone());
+            }
             req.respond(res);
             return;
         },
@@ -74,11 +111,17 @@ pub fn exec_response(req: Request, r: RequestResult) {
                     }
 
                     res = res.with_status_code(res_status);
+                    for v in auth_origin_headers.iter() {
+                        res.add_header(v.clone());
+                    }
                     req.respond(res);
                     return;
                 },
                 None => {
-                    let res = Response::empty(res_status);
+                    let mut res = Response::empty(res_status);
+                    for v in auth_origin_headers.iter() {
+                        res.add_header(v.clone());
+                    }
                     req.respond(res);
                     return;
                 },