fix login redirects for all but login+secure+query params

2024-11-23 03:44:04 +03:00 · 2024-07-10 17:27:49 -07:00 · 2024-07-10 17:27:49 -07:00 · 89213a92fe
commit 89213a92fe
parent 9cf1c494f0
4 changed files with 34 additions and 32 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -3269,7 +3269,7 @@ dependencies = [

 [[package]]
 name = "kinode_lib"
-version = "0.8.2"
+version = "0.8.3"
 dependencies = [
 "lib",
 ]
@ -3391,7 +3391,7 @@ checksum = "884e2677b40cc8c339eaefcb701c32ef1fd2493d71118dc0ca4b6a736c93bd67"

 [[package]]
 name = "lib"
-version = "0.8.2"
+version = "0.8.3"
 dependencies = [
 "alloy",
 "kit",
--- a/kinode/packages/settings/settings/src/lib.rs
+++ b/kinode/packages/settings/settings/src/lib.rs
@ -157,9 +157,12 @@ fn initialize(our: Address) {
        .unwrap();

    // Serve the index.html and other UI files found in pkg/ui at the root path.
-    http::serve_ui(&our, "ui", true, false, vec!["/"]).unwrap();
-    http::bind_http_path("/ask", true, false).unwrap();
-    http::bind_ws_path("/", true, false).unwrap();
+    //http::serve_ui(&our, "ui", true, false, vec!["/"]).unwrap();
+    //http::bind_http_path("/ask", true, false).unwrap();
+    //http::bind_ws_path("/", true, false).unwrap();
+    http::secure_serve_ui(&our, "ui", vec!["/"]).unwrap();
+    http::secure_bind_http_path("/ask").unwrap();
+    http::secure_bind_ws_path("/", false).unwrap();

    // Grab our state, then enter the main event loop.
    let mut state: SettingsState = SettingsState::new(our);
--- a/kinode/src/http/login.html
+++ b/kinode/src/http/login.html
@ -1194,10 +1194,13 @@ Constrain images and videos to the parent width and preserve their intrinsic asp
    }

    const firstPathItem = window.location.pathname.split('/')[1];
-    if (firstPathItem === '') {
-      document.getElementById("node-and-domain").innerText = "${node} ";
-    } else {
+    const expectedSecureSubdomain = generateSecureSubdomain(firstPathItem);
+    const maybeSecureSubdomain = window.location.host.split('.')[0];
+    const isSecureSubdomain = expectedSecureSubdomain === maybeSecureSubdomain;
+    if (isSecureSubdomain) {
      document.getElementById("node-and-domain").innerText = "${node}: authenticate for secure subdomain app " + firstPathItem;
+    } else {
+      document.getElementById("node-and-domain").innerText = "${node} ";
    }

    async function login(password) {
@ -1210,7 +1213,10 @@ Constrain images and videos to the parent width and preserve their intrinsic asp
      const result = await fetch("/login", {
        method: "POST",
        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ password_hash: hashHex, subdomain: firstPathItem }),
+        body: JSON.stringify({
+          password_hash: hashHex,
+          subdomain: isSecureSubdomain ? firstPathItem : '',
+        }),
      });

      if (result.status == 200) {
@ -1226,6 +1232,17 @@ Constrain images and videos to the parent width and preserve their intrinsic asp
      }
    }

+    function generateSecureSubdomain(processString) {
+      const parts = processString.split(':');
+      const package = parts[1];
+      const publisher = parts[2];
+      const subdomain = [package, publisher].join("-")
+        .split("")
+        .map(c => c.match(/[a-zA-Z0-9]/) ? c : '-')
+        .join("");
+      return subdomain;
+    }
+
    document.addEventListener("DOMContentLoaded", () => {
      const form = document.getElementById("signup-form");
      form.addEventListener("submit", (e) => {
@ -1238,4 +1255,4 @@ Constrain images and videos to the parent width and preserve their intrinsic asp
  </script>
 </body>

-</html>
+</html>
--- a/kinode/src/http/server.rs
+++ b/kinode/src/http/server.rs
@ -584,28 +584,10 @@ async fn http_handler(
                &jwt_secret_bytes,
            ) {
                // redirect to login page so they can get an auth token
-                if original_path == "" {
-                    return Ok(warp::http::Response::builder()
-                        .status(StatusCode::OK)
-                        .body(login_html.to_string())
-                        .into_response());
-                } else {
-                    return Ok(warp::http::Response::builder()
-                        .status(StatusCode::TEMPORARY_REDIRECT)
-                        .header(
-                            "Location",
-                            format!(
-                                "{}://{}",
-                                match headers.get("X-Forwarded-Proto") {
-                                    Some(proto) => proto.to_str().unwrap_or("http"),
-                                    None => "http",
-                                },
-                                host,
-                            ),
-                        )
-                        .body(vec![])
-                        .into_response());
-                }
+                return Ok(warp::http::Response::builder()
+                    .status(StatusCode::OK)
+                    .body(login_html.to_string())
+                    .into_response());
            }
        }
    }