grassrootseconomics/openethereum
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Missing changes required to make new UI work (#2793)

Browse Source 
* Getting rid of old dapps

* Updating proxypac and allowing home.parity on signer

* CORS support for API

* Fixing CORS - origin is sent with protocol

* Fixing signer with proxy

* Fixing grumbles

* Fix expect msg [ci:skip]
This commit is contained in:
Tomasz Drwięga
2016-10-22 15:21:41 +02:00
committed by Gav Wood
parent 9150fce2f1
commit 3ff1ca81f4
22 changed files with 370 additions and 274 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
signer/src/tests/mod.rs
View File

@@ -81,7 +81,28 @@ fn should_reject_invalid_host() {
// then
assert_eq!(response.status, "HTTP/1.1 403 FORBIDDEN".to_owned());
assert!(response.body.contains("URL Blocked"));
http_client::assert_security_headers_present(&response.headers);
http_client::assert_security_headers_present(&response.headers, None);
}
#[test]
fn should_allow_home_parity_host() {
// given
let server = serve().0;
// when
let response = request(server,
"\
GET http://home.parity/ HTTP/1.1\r\n\
Host: home.parity\r\n\
Connection: close\r\n\
\r\n\
{}
"
);
// then
assert_eq!(response.status, "HTTP/1.1 200 OK".to_owned());
http_client::assert_security_headers_present(&response.headers, None);
}
#[test]
@@ -102,7 +123,27 @@ fn should_serve_styles_even_on_disallowed_domain() {
// then
assert_eq!(response.status, "HTTP/1.1 200 OK".to_owned());
http_client::assert_security_headers_present(&response.headers);
http_client::assert_security_headers_present(&response.headers, None);
}
#[test]
fn should_return_200_ok_for_connect_requests() {
// given
let server = serve().0;
// when
let response = request(server,
"\
CONNECT home.parity:8080 HTTP/1.1\r\n\
Host: home.parity\r\n\
Connection: close\r\n\
\r\n\
{}
"
);
// then
assert_eq!(response.status, "HTTP/1.1 200 OK".to_owned());
}
#[test]
@@ -126,7 +167,7 @@ fn should_block_if_authorization_is_incorrect() {
// then
assert_eq!(response.status, "HTTP/1.1 403 FORBIDDEN".to_owned());
http_client::assert_security_headers_present(&response.headers);
http_client::assert_security_headers_present(&response.headers, None);
}
#[test]
@@ -205,5 +246,6 @@ fn should_allow_initial_connection_but_only_once() {
// then
assert_eq!(response1.status, "HTTP/1.1 101 Switching Protocols".to_owned());
assert_eq!(response2.status, "HTTP/1.1 403 FORBIDDEN".to_owned());
http_client::assert_security_headers_present(&response2.headers);
http_client::assert_security_headers_present(&response2.headers, None);
}

28
signer/src/ws_server/session.rs
View File

@@ -63,6 +63,8 @@ mod ui {
}
}
const HOME_DOMAIN: &'static str = "home.parity";
fn origin_is_allowed(self_origin: &str, header: Option<&[u8]>) -> bool {
match header {
None => false,
@@ -72,6 +74,8 @@ fn origin_is_allowed(self_origin: &str, header: Option<&[u8]>) -> bool {
Some(ref origin) if origin.starts_with("chrome-extension://") => true,
Some(ref origin) if origin.starts_with(self_origin) => true,
Some(ref origin) if origin.starts_with(&format!("http://{}", self_origin)) => true,
Some(ref origin) if origin.starts_with(HOME_DOMAIN) => true,
Some(ref origin) if origin.starts_with(&format!("http://{}", HOME_DOMAIN)) => true,
_ => false
}
}
@@ -134,13 +138,20 @@ pub struct Session {
impl ws::Handler for Session {
#[cfg_attr(feature="dev", allow(collapsible_if))]
fn on_request(&mut self, req: &ws::Request) -> ws::Result<(ws::Response)> {
let origin = req.header("origin").or_else(|| req.header("Origin")).map(|x| &x[..]);
let host = req.header("host").or_else(|| req.header("Host")).map(|x| &x[..]);
trace!(target: "signer", "Handling request: {:?}", req);
// TODO [ToDr] ws server is not handling proxied requests correctly:
// Trim domain name from resource part:
let resource = req.resource().trim_left_matches(&format!("http://{}", HOME_DOMAIN));
// Styles file is allowed for error pages to display nicely.
let is_styles_file = req.resource() == "/styles.css";
let is_styles_file = resource == "/styles.css";
// Check request origin and host header.
if !self.skip_origin_validation {
let origin = req.header("origin").or_else(|| req.header("Origin")).map(|x| &x[..]);
let host = req.header("host").or_else(|| req.header("Host")).map(|x| &x[..]);
let is_valid = origin_is_allowed(&self.self_origin, origin) || (origin.is_none() && origin_is_allowed(&self.self_origin, host));
let is_valid = is_styles_file || is_valid;
@@ -155,6 +166,14 @@ impl ws::Handler for Session {
}
}
// PROXY requests when running behind home.parity
if req.method() == "CONNECT" {
let mut res = ws::Response::ok("".into());
res.headers_mut().push(("Content-Length".into(), b"0".to_vec()));
res.headers_mut().push(("Connection".into(), b"keep-alive".to_vec()));
return Ok(res);
}
// Detect if it's a websocket request
// (styles file skips origin validation, so make sure to prevent WS connections on this resource)
if req.header("sec-websocket-key").is_some() && !is_styles_file {
@@ -173,8 +192,9 @@ impl ws::Handler for Session {
});
}
debug!(target: "signer", "Requesting resource: {:?}", resource);
// Otherwise try to serve a page.
Ok(self.file_handler.handle(req.resource())
Ok(self.file_handler.handle(resource)
.map_or_else(
// return 404 not found
|| error(ErrorType::NotFound, "Not found", "Requested file was not found.", None),