create may fail, validates origin

This commit is contained in:
Robur 2021-10-06 10:12:47 +00:00
parent f1f0fe3229
commit d926cf90b2
3 changed files with 37 additions and 14 deletions

View file

@ -255,15 +255,17 @@ let add_routes t =
let setup_app level port host origin https =
let webauthn = Webauthn.create origin in
let level = match level with None -> None | Some Logs.Debug -> Some `Debug | Some Info -> Some `Info | Some Warning -> Some `Warning | Some Error -> Some `Error | Some App -> None in
Dream.initialize_log ?level ();
Dream.run ~port ~interface:host ~https
@@ Dream.logger
@@ Dream.memory_sessions
@@ Flash_message.flash_messages
@@ add_routes webauthn
@@ Dream.not_found
match Webauthn.create origin with
| Error e -> Logs.err (fun m -> m "failed to create webauthn: %s" e); exit 1
| Ok webauthn ->
Dream.run ~port ~interface:host ~https
@@ Dream.logger
@@ Dream.memory_sessions
@@ Flash_message.flash_messages
@@ add_routes webauthn
@@ Dream.not_found
open Cmdliner

View file

@ -60,6 +60,7 @@ let pp_error ppf = function
type t = {
origin : string;
rpid : [`host] Domain_name.t;
}
type challenge = string
@ -256,13 +257,33 @@ let json_assoc thing : Yojson.Safe.t -> ((string * Yojson.Safe.t) list, _) resul
| `Assoc s -> Ok s
| json -> Error (`Json_decoding (thing, "non-assoc", Yojson.Safe.to_string json))
(* XXX: verify [origin] is in fact an origin *)
let create origin = { origin }
let create origin =
match String.split_on_char '/' origin with
| [ "https:" ; "" ; host_port ] ->
let host_ok h =
match Domain_name.of_string h with
| Error (`Msg m) -> Error ("origin is not a domain name " ^ m ^ "(data: " ^ h ^ ")")
| Ok d -> match Domain_name.host d with
| Error (`Msg m) -> Error ("origin is not a host name " ^ m ^ "(data: " ^ h ^ ")")
| Ok host -> Ok host
in
begin
match
match String.split_on_char ':' host_port with
| [ host ] -> host_ok host
| [ host ; port ] ->
(match host_ok host with
| Error _ as e -> e
| Ok h -> (try ignore(int_of_string port); Ok h
with Failure _ -> Error ("invalid port " ^ port)))
| _ -> Error ("invalid origin host and port " ^ host_port)
with
| Ok host -> Ok { origin ; rpid = host }
| Error _ as e -> e
end
| _ -> Error ("invalid origin " ^ origin)
let rpid t =
match String.split_on_char '/' t.origin with
| [ _protocol ; "" ; host ] -> host
| _ -> assert false
let rpid t = Domain_name.to_string t.rpid
type credential_data = {
aaguid : string ;

View file

@ -1,6 +1,6 @@
type t
val create : string -> t
val create : string -> (t, string) result
val rpid : t -> string