Comunic/comunicapiv3
1
0
Fork 0
mirror of https://gitlab.com/comunic/comunicapiv3 synced 2025-06-20 08:25:16 +00:00
Code Issues Projects Releases Wiki Activity

Handle pre-flight requests

Browse Source
This commit is contained in:
Pierre HUBERT
2021-03-14 14:25:11 +01:00
parent c29d8b1997
commit eb0c7aec6a
5 changed files with 57 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/data/config.rs
View File

@ -35,7 +35,6 @@ pub struct Config {
pub play_store_url: String,
pub android_direct_download_url: String,
pub proxy: Option<String>,
pub force_https: bool,
pub verbose_mode: bool,
pub database: DatabaseConfig,
pub rtc_relay: Option<RtcRelayConfig>,
@ -116,8 +115,6 @@ impl Config {
s => Some(s.to_string())
},
force_https: Config::yaml_bool(parsed, "force-https"),
verbose_mode: Config::yaml_bool(parsed, "verbose-mode"),
database: database_conf,

13
src/data/http_request_handler.rs
View File

@ -7,13 +7,13 @@ use actix_web::http::{HeaderName, HeaderValue, StatusCode};
use serde::Serialize;
use crate::api_data::http_error::HttpError;
use crate::routes::RequestResult;
use crate::data::api_client::APIClient;
use crate::data::base_request_handler::{BaseRequestHandler, RequestValue};
use crate::data::config::conf;
use crate::data::error::{Res, ResultBoxError};
use crate::data::user_token::UserAccessToken;
use crate::helpers::{account_helper, api_helper};
use crate::routes::RequestResult;
/// Http request handler
///
@ -86,22 +86,17 @@ impl HttpRequestHandler {
)?;
if let Some(domain) = &client.domain {
let allowed_origin = match conf().force_https {
true => format!("https://{}", domain),
false => format!("http://{}", domain)
};
if let Some(allowed_origin) = &client.domain {
match self.request.headers().get("Referer") {
None => self.bad_request("Unknown origin!".to_string())?,
Some(s) => {
if !s.to_str()?.starts_with(&allowed_origin) {
if !s.to_str()?.starts_with(allowed_origin) {
self.bad_request("Use of this client is prohibited from this domain!".to_string())?;
}
}
}
self.headers.insert("Access-Control-Allow-Origin".to_string(), allowed_origin);
self.headers.insert("Access-Control-Allow-Origin".to_string(), allowed_origin.to_string());
}
self.client = Some(client);