create may fail, validates origin

This commit is contained in:
Robur 2021-10-06 10:12:47 +00:00
parent f1f0fe3229
commit d926cf90b2
3 changed files with 37 additions and 14 deletions

View file

@ -255,9 +255,11 @@ let add_routes t =
let setup_app level port host origin https = let setup_app level port host origin https =
let webauthn = Webauthn.create origin in
let level = match level with None -> None | Some Logs.Debug -> Some `Debug | Some Info -> Some `Info | Some Warning -> Some `Warning | Some Error -> Some `Error | Some App -> None in let level = match level with None -> None | Some Logs.Debug -> Some `Debug | Some Info -> Some `Info | Some Warning -> Some `Warning | Some Error -> Some `Error | Some App -> None in
Dream.initialize_log ?level (); Dream.initialize_log ?level ();
match Webauthn.create origin with
| Error e -> Logs.err (fun m -> m "failed to create webauthn: %s" e); exit 1
| Ok webauthn ->
Dream.run ~port ~interface:host ~https Dream.run ~port ~interface:host ~https
@@ Dream.logger @@ Dream.logger
@@ Dream.memory_sessions @@ Dream.memory_sessions

View file

@ -60,6 +60,7 @@ let pp_error ppf = function
type t = { type t = {
origin : string; origin : string;
rpid : [`host] Domain_name.t;
} }
type challenge = string type challenge = string
@ -256,13 +257,33 @@ let json_assoc thing : Yojson.Safe.t -> ((string * Yojson.Safe.t) list, _) resul
| `Assoc s -> Ok s | `Assoc s -> Ok s
| json -> Error (`Json_decoding (thing, "non-assoc", Yojson.Safe.to_string json)) | json -> Error (`Json_decoding (thing, "non-assoc", Yojson.Safe.to_string json))
(* XXX: verify [origin] is in fact an origin *) let create origin =
let create origin = { origin } match String.split_on_char '/' origin with
| [ "https:" ; "" ; host_port ] ->
let host_ok h =
match Domain_name.of_string h with
| Error (`Msg m) -> Error ("origin is not a domain name " ^ m ^ "(data: " ^ h ^ ")")
| Ok d -> match Domain_name.host d with
| Error (`Msg m) -> Error ("origin is not a host name " ^ m ^ "(data: " ^ h ^ ")")
| Ok host -> Ok host
in
begin
match
match String.split_on_char ':' host_port with
| [ host ] -> host_ok host
| [ host ; port ] ->
(match host_ok host with
| Error _ as e -> e
| Ok h -> (try ignore(int_of_string port); Ok h
with Failure _ -> Error ("invalid port " ^ port)))
| _ -> Error ("invalid origin host and port " ^ host_port)
with
| Ok host -> Ok { origin ; rpid = host }
| Error _ as e -> e
end
| _ -> Error ("invalid origin " ^ origin)
let rpid t = let rpid t = Domain_name.to_string t.rpid
match String.split_on_char '/' t.origin with
| [ _protocol ; "" ; host ] -> host
| _ -> assert false
type credential_data = { type credential_data = {
aaguid : string ; aaguid : string ;

View file

@ -1,6 +1,6 @@
type t type t
val create : string -> t val create : string -> (t, string) result
val rpid : t -> string val rpid : t -> string