eyre: simplify auto-https logic

2024-09-20 06:58:16 +03:00 · 2022-09-24 21:52:34 +12:00 · 2022-09-24 21:52:34 +12:00 · ac1dac0c6c
commit ac1dac0c6c
parent 27349c51ab
1 changed files with 15 additions and 32 deletions
--- a/pkg/arvo/sys/vane/eyre.hoon
+++ b/pkg/arvo/sys/vane/eyre.hoon
@ -551,18 +551,18 @@
      (easy ~)
    ==
  ==
-::  +host-parser: returns [(unit userinfo=@t) (unit port=@ud) host:eyre]
+::  +host-sans-port: strip the :<port> from a host string
 ::
-++  host-parser
-  |^
-  ;~(plug userinfo thor:de-purl:html)
-  ++  userinfo       (punt (cook crip ;~(sfix (star userinfo-char) pat)))
-  ++  userinfo-char  ;~(pose col unreserved sub-delims pct-encoded)
-  ++  unreserved     ;~(pose aln hep dot cab sig)
-  ++  sub-delims     ;~(pose zap buc pam soq pal par tar lus com mic tis)
-  ++  pct-encoded    (cook crip ;~(plug cen hex-char hex-char (easy ~)))
-  ++  hex-char       ;~(pose nud (shim 'a' 'f') (shim 'A' 'F'))
-  --
++  host-sans-port
+  ;~  sfix
+    %+  cook  crip
+    %-  star
+    ;~  less
+      ;~(plug col (punt dem) ;~(less next (easy ~)))
+      next
+    ==
+    (star next)
+  ==
 ::  +per-server-event: per-event server core
 ::
 ++  per-server-event
@ -592,7 +592,7 @@
  ::
  ++  request
    |=  [secure=? =address =request:http]
-    |^  ^-  [(list move) server-state]
+    ^-  [(list move) server-state]
    =*  headers  header-list.request
    ::  for requests from localhost, respect the "forwarded" header
    ::
@ -614,21 +614,17 @@
      [action [authenticated secure address request] ~ 0]
    =.  connections.state
      (~(put by connections.state) duct connection)
-    :: redirect to https if insecure, redirects enabled,
-    :: secure port live, not an acme challenge and host
-    :: is in domains.state
+    :: redirect to https if insecure, redirects enabled
+    :: and secure port live
    ::
    ?:  ?&  !secure
            redirect.http-config.state
            ?=(^ secure.ports.state)
-            ?!  ?=  [* [%'.well-known' %acme-challenge *] *]
-                (parse-request-line url.request)
-            (host-in-domains host)
        ==
      =/  location=@t
        ;:  (cury cat 3)
          'https://'
-          (need host)
+          (rash (fall host '') host-sans-port)
          ?:  =(443 u.secure.ports.state)
            ''
          (crip ":{(a-co:co u.secure.ports.state)}")
@ -753,19 +749,6 @@
      %^  return-static-data-on-duct  404  'text/html'
      (error-page 404 authenticated url.request ~)
    ==
-    :: test if host header is valid and turf in domains.state
-    ::
-    ++  host-in-domains
-      |=  raw-host=(unit @t)
-      ^-  ?
-      ?~  raw-host  |
-      =/  auth=(unit [* * =host:eyre])
-        (rush u.raw-host host-parser)
-      ?&  ?=(^ auth)
-          ?=(%.y -.host.u.auth)
-          (~(has in domains.state) p.host.u.auth)
-      ==
-    --
 ::
  ::  +handle-scry: respond with scry result, 404 or 500
  ::