mirror of
https://github.com/TxtDot/vigi.git
synced 2024-10-16 11:18:03 +03:00
fix: remove insecure gemini client, add secure file based cert verifier
This commit is contained in:
parent
b821b2bb8b
commit
055b03838d
6 changed files with 43 additions and 67 deletions
|
|
@ -9,7 +9,7 @@ mod utils;
|
|||
|
||||
use tokio::sync::Mutex;
|
||||
use types::{VigiError, VigiJsState, VigiState};
|
||||
use utils::{read_or_create_jsonl, read_or_create_number};
|
||||
use utils::{create_file, read_or_create_jsonl, read_or_create_number};
|
||||
|
||||
#[tauri::command]
|
||||
async fn update_input(
|
||||
|
|
@ -133,6 +133,14 @@ async fn setup(
|
|||
state.current_tab_index_path = local_data_dir.join("current_tab_index");
|
||||
state.current_tab_index = read_or_create_number(&state.current_tab_index_path);
|
||||
|
||||
println!("Checking cache dir");
|
||||
if !state.cache_dir.exists() {
|
||||
println!(" Creating cache dir");
|
||||
fs::create_dir_all(&state.cache_dir).map_err(|_| VigiError::Config)?;
|
||||
}
|
||||
|
||||
state.gemini_certs_path = create_file(state.cache_dir.join("gemini_certs"));
|
||||
|
||||
state.update_top_bar_input()?;
|
||||
|
||||
println!("---Setup done---");
|
||||
|
|
|
|||
|
|
@ -1,54 +0,0 @@
|
|||
use tokio_rustls::rustls::{
|
||||
client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier},
|
||||
ClientConfig, SignatureScheme,
|
||||
};
|
||||
|
||||
/// TODO: update to secure version when supported
|
||||
pub fn insecure_gemini_client_config() -> ClientConfig {
|
||||
ClientConfig::builder()
|
||||
.dangerous()
|
||||
.with_custom_certificate_verifier(std::sync::Arc::new(NoCertVerification {}))
|
||||
.with_no_client_auth()
|
||||
}
|
||||
|
||||
#[derive(Debug)]
|
||||
struct NoCertVerification;
|
||||
|
||||
impl ServerCertVerifier for NoCertVerification {
|
||||
fn verify_server_cert(
|
||||
&self,
|
||||
_end_entity: &tokio_rustls::rustls::pki_types::CertificateDer<'_>,
|
||||
_intermediates: &[tokio_rustls::rustls::pki_types::CertificateDer<'_>],
|
||||
_server_name: &tokio_rustls::rustls::pki_types::ServerName<'_>,
|
||||
_ocsp_response: &[u8],
|
||||
_now: tokio_rustls::rustls::pki_types::UnixTime,
|
||||
) -> Result<ServerCertVerified, tokio_rustls::rustls::Error> {
|
||||
Ok(ServerCertVerified::assertion())
|
||||
}
|
||||
|
||||
fn verify_tls12_signature(
|
||||
&self,
|
||||
_message: &[u8],
|
||||
_cert: &tokio_rustls::rustls::pki_types::CertificateDer<'_>,
|
||||
_dss: &tokio_rustls::rustls::DigitallySignedStruct,
|
||||
) -> Result<HandshakeSignatureValid, tokio_rustls::rustls::Error> {
|
||||
Ok(HandshakeSignatureValid::assertion())
|
||||
}
|
||||
|
||||
fn verify_tls13_signature(
|
||||
&self,
|
||||
_message: &[u8],
|
||||
_cert: &tokio_rustls::rustls::pki_types::CertificateDer<'_>,
|
||||
_dss: &tokio_rustls::rustls::DigitallySignedStruct,
|
||||
) -> Result<HandshakeSignatureValid, tokio_rustls::rustls::Error> {
|
||||
Ok(HandshakeSignatureValid::assertion())
|
||||
}
|
||||
|
||||
fn supported_verify_schemes(&self) -> Vec<tokio_rustls::rustls::SignatureScheme> {
|
||||
vec![
|
||||
SignatureScheme::ECDSA_NISTP256_SHA256,
|
||||
SignatureScheme::ECDSA_NISTP384_SHA384,
|
||||
SignatureScheme::ECDSA_NISTP521_SHA512,
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
@ -1,9 +1,8 @@
|
|||
use crate::types::{VigiError, VigiOutput};
|
||||
use crate::types::{VigiError, VigiOutput, VigiState};
|
||||
use bytes::Bytes;
|
||||
use mime::Mime;
|
||||
use url::Url;
|
||||
|
||||
mod insecure_gemini_client;
|
||||
mod process_data;
|
||||
mod process_url;
|
||||
|
||||
|
|
@ -12,11 +11,11 @@ use process_url::process_url;
|
|||
|
||||
type ReqResult = (Mime, Bytes);
|
||||
|
||||
pub async fn process_input(input: &String) -> Result<VigiOutput, VigiError> {
|
||||
pub async fn process_input(input: &String, state: &VigiState) -> Result<VigiOutput, VigiError> {
|
||||
let parsed = Url::parse(input);
|
||||
|
||||
let (mime, data) = match parsed {
|
||||
Ok(url) => process_url(url).await?,
|
||||
Ok(url) => process_url(url, state).await?,
|
||||
Err(_) => Err(VigiError::Network)?,
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -1,15 +1,15 @@
|
|||
use crate::types::VigiError;
|
||||
use insecure_gemini_client::insecure_gemini_client_config;
|
||||
use crate::types::{VigiError, VigiState};
|
||||
use mime::Mime;
|
||||
use reqwest::header::CONTENT_TYPE;
|
||||
use tokio_gemini::certs::file_sscv::FileBasedCertVerifier;
|
||||
use url::Url;
|
||||
|
||||
use super::{insecure_gemini_client, ReqResult};
|
||||
use super::ReqResult;
|
||||
|
||||
pub async fn process_url(url: Url) -> Result<ReqResult, VigiError> {
|
||||
pub async fn process_url(url: Url, state: &VigiState) -> Result<ReqResult, VigiError> {
|
||||
let result = match url.scheme() {
|
||||
"http" | "https" => process_http(url.to_string()).await?,
|
||||
"gemini" => process_gemini(url.to_string()).await?,
|
||||
"gemini" => process_gemini(url.to_string(), state).await?,
|
||||
_ => Err(VigiError::UnsupportedProtocol)?,
|
||||
};
|
||||
|
||||
|
|
@ -37,8 +37,17 @@ async fn process_http(url: String) -> Result<ReqResult, VigiError> {
|
|||
))
|
||||
}
|
||||
|
||||
async fn process_gemini(url: String) -> Result<ReqResult, VigiError> {
|
||||
let mut res = tokio_gemini::Client::from(insecure_gemini_client_config())
|
||||
async fn process_gemini(url: String, state: &VigiState) -> Result<ReqResult, VigiError> {
|
||||
let mut res = tokio_gemini::Client::builder()
|
||||
.with_selfsigned_cert_verifier(
|
||||
FileBasedCertVerifier::init(&state.gemini_certs_path.to_string_lossy().to_string())
|
||||
.await
|
||||
.map_err(|e| {
|
||||
println!("{:#?}", e);
|
||||
VigiError::GeminiCertsFile
|
||||
})?,
|
||||
)
|
||||
.build()
|
||||
.request(&url)
|
||||
.await
|
||||
.map_err(|_| VigiError::Network)?;
|
||||
|
|
|
|||
|
|
@ -22,6 +22,8 @@ pub enum VigiError {
|
|||
InvalidMimeType,
|
||||
|
||||
InvalidCharset,
|
||||
|
||||
GeminiCertsFile,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
|
|
@ -30,6 +32,7 @@ pub struct VigiState {
|
|||
pub current_tab_index_path: PathBuf,
|
||||
pub local_tabs_path: PathBuf,
|
||||
pub favorites_tabs_path: PathBuf,
|
||||
pub gemini_certs_path: PathBuf,
|
||||
|
||||
pub cache_dir: PathBuf,
|
||||
|
||||
|
|
@ -74,6 +77,8 @@ impl VigiState {
|
|||
current_tab_index_path: PathBuf::new(),
|
||||
local_tabs_path: PathBuf::new(),
|
||||
favorites_tabs_path: PathBuf::new(),
|
||||
gemini_certs_path: PathBuf::new(),
|
||||
|
||||
cache_dir: PathBuf::new(),
|
||||
|
||||
tabs_id_counter: 0,
|
||||
|
|
@ -135,7 +140,7 @@ impl VigiState {
|
|||
vec![El("Type something in the address bar".into()).into()],
|
||||
)
|
||||
} else {
|
||||
process_input(&self.top_bar_input).await?
|
||||
process_input(&self.top_bar_input, &self).await?
|
||||
}
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -38,6 +38,15 @@ pub fn read_or_create_number(path: &PathBuf) -> usize {
|
|||
}
|
||||
}
|
||||
|
||||
pub fn create_file(path: PathBuf) -> PathBuf {
|
||||
if !path.exists() {
|
||||
println!(" Creating {}", path.to_string_lossy());
|
||||
File::create(&path).unwrap();
|
||||
}
|
||||
|
||||
path
|
||||
}
|
||||
|
||||
pub fn write_tabs(path: &PathBuf, tabs: &Vec<Tab>) -> Result<(), VigiError> {
|
||||
fs::write(
|
||||
path,
|
||||
|
|
|
|||
Loading…
Reference in a new issue