create may fail, validates origin
This commit is contained in:
parent
f1f0fe3229
commit
d926cf90b2
3 changed files with 37 additions and 14 deletions
|
@ -255,9 +255,11 @@ let add_routes t =
|
||||||
|
|
||||||
|
|
||||||
let setup_app level port host origin https =
|
let setup_app level port host origin https =
|
||||||
let webauthn = Webauthn.create origin in
|
|
||||||
let level = match level with None -> None | Some Logs.Debug -> Some `Debug | Some Info -> Some `Info | Some Warning -> Some `Warning | Some Error -> Some `Error | Some App -> None in
|
let level = match level with None -> None | Some Logs.Debug -> Some `Debug | Some Info -> Some `Info | Some Warning -> Some `Warning | Some Error -> Some `Error | Some App -> None in
|
||||||
Dream.initialize_log ?level ();
|
Dream.initialize_log ?level ();
|
||||||
|
match Webauthn.create origin with
|
||||||
|
| Error e -> Logs.err (fun m -> m "failed to create webauthn: %s" e); exit 1
|
||||||
|
| Ok webauthn ->
|
||||||
Dream.run ~port ~interface:host ~https
|
Dream.run ~port ~interface:host ~https
|
||||||
@@ Dream.logger
|
@@ Dream.logger
|
||||||
@@ Dream.memory_sessions
|
@@ Dream.memory_sessions
|
||||||
|
|
|
@ -60,6 +60,7 @@ let pp_error ppf = function
|
||||||
|
|
||||||
type t = {
|
type t = {
|
||||||
origin : string;
|
origin : string;
|
||||||
|
rpid : [`host] Domain_name.t;
|
||||||
}
|
}
|
||||||
|
|
||||||
type challenge = string
|
type challenge = string
|
||||||
|
@ -256,13 +257,33 @@ let json_assoc thing : Yojson.Safe.t -> ((string * Yojson.Safe.t) list, _) resul
|
||||||
| `Assoc s -> Ok s
|
| `Assoc s -> Ok s
|
||||||
| json -> Error (`Json_decoding (thing, "non-assoc", Yojson.Safe.to_string json))
|
| json -> Error (`Json_decoding (thing, "non-assoc", Yojson.Safe.to_string json))
|
||||||
|
|
||||||
(* XXX: verify [origin] is in fact an origin *)
|
let create origin =
|
||||||
let create origin = { origin }
|
match String.split_on_char '/' origin with
|
||||||
|
| [ "https:" ; "" ; host_port ] ->
|
||||||
|
let host_ok h =
|
||||||
|
match Domain_name.of_string h with
|
||||||
|
| Error (`Msg m) -> Error ("origin is not a domain name " ^ m ^ "(data: " ^ h ^ ")")
|
||||||
|
| Ok d -> match Domain_name.host d with
|
||||||
|
| Error (`Msg m) -> Error ("origin is not a host name " ^ m ^ "(data: " ^ h ^ ")")
|
||||||
|
| Ok host -> Ok host
|
||||||
|
in
|
||||||
|
begin
|
||||||
|
match
|
||||||
|
match String.split_on_char ':' host_port with
|
||||||
|
| [ host ] -> host_ok host
|
||||||
|
| [ host ; port ] ->
|
||||||
|
(match host_ok host with
|
||||||
|
| Error _ as e -> e
|
||||||
|
| Ok h -> (try ignore(int_of_string port); Ok h
|
||||||
|
with Failure _ -> Error ("invalid port " ^ port)))
|
||||||
|
| _ -> Error ("invalid origin host and port " ^ host_port)
|
||||||
|
with
|
||||||
|
| Ok host -> Ok { origin ; rpid = host }
|
||||||
|
| Error _ as e -> e
|
||||||
|
end
|
||||||
|
| _ -> Error ("invalid origin " ^ origin)
|
||||||
|
|
||||||
let rpid t =
|
let rpid t = Domain_name.to_string t.rpid
|
||||||
match String.split_on_char '/' t.origin with
|
|
||||||
| [ _protocol ; "" ; host ] -> host
|
|
||||||
| _ -> assert false
|
|
||||||
|
|
||||||
type credential_data = {
|
type credential_data = {
|
||||||
aaguid : string ;
|
aaguid : string ;
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
type t
|
type t
|
||||||
|
|
||||||
val create : string -> t
|
val create : string -> (t, string) result
|
||||||
|
|
||||||
val rpid : t -> string
|
val rpid : t -> string
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue