mirror of
https://github.com/TxtDot/vigi.git
synced 2024-11-22 03:16:21 +03:00
fix: remove insecure gemini client, add secure file based cert verifier
This commit is contained in:
parent
b821b2bb8b
commit
055b03838d
6 changed files with 43 additions and 67 deletions
|
@ -9,7 +9,7 @@ mod utils;
|
||||||
|
|
||||||
use tokio::sync::Mutex;
|
use tokio::sync::Mutex;
|
||||||
use types::{VigiError, VigiJsState, VigiState};
|
use types::{VigiError, VigiJsState, VigiState};
|
||||||
use utils::{read_or_create_jsonl, read_or_create_number};
|
use utils::{create_file, read_or_create_jsonl, read_or_create_number};
|
||||||
|
|
||||||
#[tauri::command]
|
#[tauri::command]
|
||||||
async fn update_input(
|
async fn update_input(
|
||||||
|
@ -133,6 +133,14 @@ async fn setup(
|
||||||
state.current_tab_index_path = local_data_dir.join("current_tab_index");
|
state.current_tab_index_path = local_data_dir.join("current_tab_index");
|
||||||
state.current_tab_index = read_or_create_number(&state.current_tab_index_path);
|
state.current_tab_index = read_or_create_number(&state.current_tab_index_path);
|
||||||
|
|
||||||
|
println!("Checking cache dir");
|
||||||
|
if !state.cache_dir.exists() {
|
||||||
|
println!(" Creating cache dir");
|
||||||
|
fs::create_dir_all(&state.cache_dir).map_err(|_| VigiError::Config)?;
|
||||||
|
}
|
||||||
|
|
||||||
|
state.gemini_certs_path = create_file(state.cache_dir.join("gemini_certs"));
|
||||||
|
|
||||||
state.update_top_bar_input()?;
|
state.update_top_bar_input()?;
|
||||||
|
|
||||||
println!("---Setup done---");
|
println!("---Setup done---");
|
||||||
|
|
|
@ -1,54 +0,0 @@
|
||||||
use tokio_rustls::rustls::{
|
|
||||||
client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier},
|
|
||||||
ClientConfig, SignatureScheme,
|
|
||||||
};
|
|
||||||
|
|
||||||
/// TODO: update to secure version when supported
|
|
||||||
pub fn insecure_gemini_client_config() -> ClientConfig {
|
|
||||||
ClientConfig::builder()
|
|
||||||
.dangerous()
|
|
||||||
.with_custom_certificate_verifier(std::sync::Arc::new(NoCertVerification {}))
|
|
||||||
.with_no_client_auth()
|
|
||||||
}
|
|
||||||
|
|
||||||
#[derive(Debug)]
|
|
||||||
struct NoCertVerification;
|
|
||||||
|
|
||||||
impl ServerCertVerifier for NoCertVerification {
|
|
||||||
fn verify_server_cert(
|
|
||||||
&self,
|
|
||||||
_end_entity: &tokio_rustls::rustls::pki_types::CertificateDer<'_>,
|
|
||||||
_intermediates: &[tokio_rustls::rustls::pki_types::CertificateDer<'_>],
|
|
||||||
_server_name: &tokio_rustls::rustls::pki_types::ServerName<'_>,
|
|
||||||
_ocsp_response: &[u8],
|
|
||||||
_now: tokio_rustls::rustls::pki_types::UnixTime,
|
|
||||||
) -> Result<ServerCertVerified, tokio_rustls::rustls::Error> {
|
|
||||||
Ok(ServerCertVerified::assertion())
|
|
||||||
}
|
|
||||||
|
|
||||||
fn verify_tls12_signature(
|
|
||||||
&self,
|
|
||||||
_message: &[u8],
|
|
||||||
_cert: &tokio_rustls::rustls::pki_types::CertificateDer<'_>,
|
|
||||||
_dss: &tokio_rustls::rustls::DigitallySignedStruct,
|
|
||||||
) -> Result<HandshakeSignatureValid, tokio_rustls::rustls::Error> {
|
|
||||||
Ok(HandshakeSignatureValid::assertion())
|
|
||||||
}
|
|
||||||
|
|
||||||
fn verify_tls13_signature(
|
|
||||||
&self,
|
|
||||||
_message: &[u8],
|
|
||||||
_cert: &tokio_rustls::rustls::pki_types::CertificateDer<'_>,
|
|
||||||
_dss: &tokio_rustls::rustls::DigitallySignedStruct,
|
|
||||||
) -> Result<HandshakeSignatureValid, tokio_rustls::rustls::Error> {
|
|
||||||
Ok(HandshakeSignatureValid::assertion())
|
|
||||||
}
|
|
||||||
|
|
||||||
fn supported_verify_schemes(&self) -> Vec<tokio_rustls::rustls::SignatureScheme> {
|
|
||||||
vec![
|
|
||||||
SignatureScheme::ECDSA_NISTP256_SHA256,
|
|
||||||
SignatureScheme::ECDSA_NISTP384_SHA384,
|
|
||||||
SignatureScheme::ECDSA_NISTP521_SHA512,
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,9 +1,8 @@
|
||||||
use crate::types::{VigiError, VigiOutput};
|
use crate::types::{VigiError, VigiOutput, VigiState};
|
||||||
use bytes::Bytes;
|
use bytes::Bytes;
|
||||||
use mime::Mime;
|
use mime::Mime;
|
||||||
use url::Url;
|
use url::Url;
|
||||||
|
|
||||||
mod insecure_gemini_client;
|
|
||||||
mod process_data;
|
mod process_data;
|
||||||
mod process_url;
|
mod process_url;
|
||||||
|
|
||||||
|
@ -12,11 +11,11 @@ use process_url::process_url;
|
||||||
|
|
||||||
type ReqResult = (Mime, Bytes);
|
type ReqResult = (Mime, Bytes);
|
||||||
|
|
||||||
pub async fn process_input(input: &String) -> Result<VigiOutput, VigiError> {
|
pub async fn process_input(input: &String, state: &VigiState) -> Result<VigiOutput, VigiError> {
|
||||||
let parsed = Url::parse(input);
|
let parsed = Url::parse(input);
|
||||||
|
|
||||||
let (mime, data) = match parsed {
|
let (mime, data) = match parsed {
|
||||||
Ok(url) => process_url(url).await?,
|
Ok(url) => process_url(url, state).await?,
|
||||||
Err(_) => Err(VigiError::Network)?,
|
Err(_) => Err(VigiError::Network)?,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,15 +1,15 @@
|
||||||
use crate::types::VigiError;
|
use crate::types::{VigiError, VigiState};
|
||||||
use insecure_gemini_client::insecure_gemini_client_config;
|
|
||||||
use mime::Mime;
|
use mime::Mime;
|
||||||
use reqwest::header::CONTENT_TYPE;
|
use reqwest::header::CONTENT_TYPE;
|
||||||
|
use tokio_gemini::certs::file_sscv::FileBasedCertVerifier;
|
||||||
use url::Url;
|
use url::Url;
|
||||||
|
|
||||||
use super::{insecure_gemini_client, ReqResult};
|
use super::ReqResult;
|
||||||
|
|
||||||
pub async fn process_url(url: Url) -> Result<ReqResult, VigiError> {
|
pub async fn process_url(url: Url, state: &VigiState) -> Result<ReqResult, VigiError> {
|
||||||
let result = match url.scheme() {
|
let result = match url.scheme() {
|
||||||
"http" | "https" => process_http(url.to_string()).await?,
|
"http" | "https" => process_http(url.to_string()).await?,
|
||||||
"gemini" => process_gemini(url.to_string()).await?,
|
"gemini" => process_gemini(url.to_string(), state).await?,
|
||||||
_ => Err(VigiError::UnsupportedProtocol)?,
|
_ => Err(VigiError::UnsupportedProtocol)?,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -37,8 +37,17 @@ async fn process_http(url: String) -> Result<ReqResult, VigiError> {
|
||||||
))
|
))
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn process_gemini(url: String) -> Result<ReqResult, VigiError> {
|
async fn process_gemini(url: String, state: &VigiState) -> Result<ReqResult, VigiError> {
|
||||||
let mut res = tokio_gemini::Client::from(insecure_gemini_client_config())
|
let mut res = tokio_gemini::Client::builder()
|
||||||
|
.with_selfsigned_cert_verifier(
|
||||||
|
FileBasedCertVerifier::init(&state.gemini_certs_path.to_string_lossy().to_string())
|
||||||
|
.await
|
||||||
|
.map_err(|e| {
|
||||||
|
println!("{:#?}", e);
|
||||||
|
VigiError::GeminiCertsFile
|
||||||
|
})?,
|
||||||
|
)
|
||||||
|
.build()
|
||||||
.request(&url)
|
.request(&url)
|
||||||
.await
|
.await
|
||||||
.map_err(|_| VigiError::Network)?;
|
.map_err(|_| VigiError::Network)?;
|
||||||
|
|
|
@ -22,6 +22,8 @@ pub enum VigiError {
|
||||||
InvalidMimeType,
|
InvalidMimeType,
|
||||||
|
|
||||||
InvalidCharset,
|
InvalidCharset,
|
||||||
|
|
||||||
|
GeminiCertsFile,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, Clone)]
|
#[derive(Debug, Clone)]
|
||||||
|
@ -30,6 +32,7 @@ pub struct VigiState {
|
||||||
pub current_tab_index_path: PathBuf,
|
pub current_tab_index_path: PathBuf,
|
||||||
pub local_tabs_path: PathBuf,
|
pub local_tabs_path: PathBuf,
|
||||||
pub favorites_tabs_path: PathBuf,
|
pub favorites_tabs_path: PathBuf,
|
||||||
|
pub gemini_certs_path: PathBuf,
|
||||||
|
|
||||||
pub cache_dir: PathBuf,
|
pub cache_dir: PathBuf,
|
||||||
|
|
||||||
|
@ -74,6 +77,8 @@ impl VigiState {
|
||||||
current_tab_index_path: PathBuf::new(),
|
current_tab_index_path: PathBuf::new(),
|
||||||
local_tabs_path: PathBuf::new(),
|
local_tabs_path: PathBuf::new(),
|
||||||
favorites_tabs_path: PathBuf::new(),
|
favorites_tabs_path: PathBuf::new(),
|
||||||
|
gemini_certs_path: PathBuf::new(),
|
||||||
|
|
||||||
cache_dir: PathBuf::new(),
|
cache_dir: PathBuf::new(),
|
||||||
|
|
||||||
tabs_id_counter: 0,
|
tabs_id_counter: 0,
|
||||||
|
@ -135,7 +140,7 @@ impl VigiState {
|
||||||
vec![El("Type something in the address bar".into()).into()],
|
vec![El("Type something in the address bar".into()).into()],
|
||||||
)
|
)
|
||||||
} else {
|
} else {
|
||||||
process_input(&self.top_bar_input).await?
|
process_input(&self.top_bar_input, &self).await?
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -38,6 +38,15 @@ pub fn read_or_create_number(path: &PathBuf) -> usize {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn create_file(path: PathBuf) -> PathBuf {
|
||||||
|
if !path.exists() {
|
||||||
|
println!(" Creating {}", path.to_string_lossy());
|
||||||
|
File::create(&path).unwrap();
|
||||||
|
}
|
||||||
|
|
||||||
|
path
|
||||||
|
}
|
||||||
|
|
||||||
pub fn write_tabs(path: &PathBuf, tabs: &Vec<Tab>) -> Result<(), VigiError> {
|
pub fn write_tabs(path: &PathBuf, tabs: &Vec<Tab>) -> Result<(), VigiError> {
|
||||||
fs::write(
|
fs::write(
|
||||||
path,
|
path,
|
||||||
|
|
Loading…
Add table
Reference in a new issue