diff --git a/Cargo.lock b/Cargo.lock
index e3dc752f2..eae4823f6 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -283,6 +283,7 @@ dependencies = [
"serde_codegen 0.7.9 (registry+https://github.com/rust-lang/crates.io-index)",
"serde_json 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)",
"syntex 0.33.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "unicase 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
"url 1.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
]
diff --git a/dapps/Cargo.toml b/dapps/Cargo.toml
index 94af56ca3..c42ed8eff 100644
--- a/dapps/Cargo.toml
+++ b/dapps/Cargo.toml
@@ -13,6 +13,7 @@ log = "0.3"
jsonrpc-core = "2.0"
jsonrpc-http-server = { git = "https://github.com/ethcore/jsonrpc-http-server.git" }
hyper = { default-features = false, git = "https://github.com/ethcore/hyper" }
+unicase = "1.3"
url = "1.0"
rustc-serialize = "0.3"
serde = "0.7.0"
diff --git a/dapps/src/api/api.rs b/dapps/src/api/api.rs
index ab3632074..84db93f63 100644
--- a/dapps/src/api/api.rs
+++ b/dapps/src/api/api.rs
@@ -15,20 +15,23 @@
// along with Parity. If not, see .
use std::sync::Arc;
-use endpoint::{Endpoint, Endpoints, Handler, EndpointPath};
-use api::types::{App, ApiError};
-use api::response::{as_json, as_json_error};
use hyper::{server, net, Decoder, Encoder, Next};
+use api::types::{App, ApiError};
+use api::response::{as_json, as_json_error, ping_response};
+use handlers::extract_url;
+use endpoint::{Endpoint, Endpoints, Handler, EndpointPath};
#[derive(Clone)]
pub struct RestApi {
+ local_domain: String,
endpoints: Arc,
}
impl RestApi {
- pub fn new(endpoints: Arc) -> Box {
+ pub fn new(local_domain: String, endpoints: Arc) -> Box {
Box::new(RestApi {
- endpoints: endpoints
+ local_domain: local_domain,
+ endpoints: endpoints,
})
}
@@ -59,9 +62,28 @@ struct RestApiRouter {
impl server::Handler for RestApiRouter {
- fn on_request(&mut self, _request: server::Request) -> Next {
- self.handler = as_json(&self.api.list_apps());
- Next::write()
+ fn on_request(&mut self, request: server::Request) -> Next {
+ let url = extract_url(&request);
+ if url.is_none() {
+ // Just return 404 if we can't parse URL
+ return Next::write();
+ }
+
+ let url = url.expect("Check for None is above; qed");
+ let endpoint = url.path.get(1).map(|v| v.as_str());
+
+ let handler = endpoint.and_then(|v| match v {
+ "apps" => Some(as_json(&self.api.list_apps())),
+ "ping" => Some(ping_response(&self.api.local_domain)),
+ _ => None,
+ });
+
+ // Overwrite default
+ if let Some(h) = handler {
+ self.handler = h;
+ }
+
+ self.handler.on_request(request)
}
fn on_request_readable(&mut self, decoder: &mut Decoder) -> Next {
diff --git a/dapps/src/api/response.rs b/dapps/src/api/response.rs
index ba0922e7a..ce6eb2921 100644
--- a/dapps/src/api/response.rs
+++ b/dapps/src/api/response.rs
@@ -17,7 +17,7 @@
use serde::Serialize;
use serde_json;
use endpoint::Handler;
-use handlers::ContentHandler;
+use handlers::{ContentHandler, EchoHandler};
pub fn as_json(val: &T) -> Box {
Box::new(ContentHandler::ok(serde_json::to_string(val).unwrap(), "application/json".to_owned()))
@@ -26,3 +26,11 @@ pub fn as_json(val: &T) -> Box {
pub fn as_json_error(val: &T) -> Box {
Box::new(ContentHandler::not_found(serde_json::to_string(val).unwrap(), "application/json".to_owned()))
}
+
+pub fn ping_response(local_domain: &str) -> Box {
+ Box::new(EchoHandler::cors(vec![
+ format!("http://{}", local_domain),
+ // Allow CORS calls also for localhost
+ format!("http://{}", local_domain.replace("127.0.0.1", "localhost")),
+ ]))
+}
diff --git a/dapps/src/api/types.rs b/dapps/src/api/types.rs
index d99d767eb..64697123b 100644
--- a/dapps/src/api/types.rs
+++ b/dapps/src/api/types.rs
@@ -19,5 +19,3 @@ include!("types.rs.in");
#[cfg(not(feature = "serde_macros"))]
include!(concat!(env!("OUT_DIR"), "/types.rs"));
-
-
diff --git a/dapps/src/api/types.rs.in b/dapps/src/api/types.rs.in
index 72a8cd221..a7961a144 100644
--- a/dapps/src/api/types.rs.in
+++ b/dapps/src/api/types.rs.in
@@ -48,4 +48,3 @@ pub struct ApiError {
pub detail: String,
}
-
diff --git a/dapps/src/handlers/echo.rs b/dapps/src/handlers/echo.rs
new file mode 100644
index 000000000..b2ea8f580
--- /dev/null
+++ b/dapps/src/handlers/echo.rs
@@ -0,0 +1,148 @@
+// Copyright 2015, 2016 Ethcore (UK) Ltd.
+// This file is part of Parity.
+
+// Parity is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity. If not, see .
+
+//! Echo Handler
+
+use std::io::Read;
+use hyper::{header, server, Decoder, Encoder, Next};
+use hyper::method::Method;
+use hyper::net::HttpStream;
+use unicase::UniCase;
+use super::ContentHandler;
+
+#[derive(Debug, PartialEq)]
+/// Type of Cross-Origin request
+enum Cors {
+ /// Not a Cross-Origin request - no headers needed
+ No,
+ /// Cross-Origin request with valid Origin
+ Allowed(String),
+ /// Cross-Origin request with invalid Origin
+ Forbidden,
+}
+
+pub struct EchoHandler {
+ safe_origins: Vec,
+ content: String,
+ cors: Cors,
+ handler: Option,
+}
+
+impl EchoHandler {
+
+ pub fn cors(safe_origins: Vec) -> Self {
+ EchoHandler {
+ safe_origins: safe_origins,
+ content: String::new(),
+ cors: Cors::Forbidden,
+ handler: None,
+ }
+ }
+
+ fn cors_header(&self, origin: Option) -> Cors {
+ fn origin_is_allowed(origin: &str, safe_origins: &[String]) -> bool {
+ for safe in safe_origins {
+ if origin.starts_with(safe) {
+ return true;
+ }
+ }
+ false
+ }
+
+ match origin {
+ Some(ref origin) if origin_is_allowed(origin, &self.safe_origins) => {
+ Cors::Allowed(origin.clone())
+ },
+ None => Cors::No,
+ _ => Cors::Forbidden,
+ }
+ }
+}
+
+impl server::Handler for EchoHandler {
+ fn on_request(&mut self, request: server::Request) -> Next {
+ let origin = request.headers().get_raw("origin")
+ .and_then(|list| list.get(0))
+ .and_then(|origin| String::from_utf8(origin.clone()).ok());
+
+ self.cors = self.cors_header(origin);
+
+ // Don't even read the payload if origin is forbidden!
+ if let Cors::Forbidden = self.cors {
+ self.handler = Some(ContentHandler::ok(String::new(), "text/plain".into()));
+ Next::write()
+ } else {
+ Next::read()
+ }
+ }
+
+ fn on_request_readable(&mut self, decoder: &mut Decoder) -> Next {
+ match decoder.read_to_string(&mut self.content) {
+ Ok(0) => {
+ self.handler = Some(ContentHandler::ok(self.content.clone(), "application/json".into()));
+ Next::write()
+ },
+ Ok(_) => Next::read(),
+ Err(e) => match e.kind() {
+ ::std::io::ErrorKind::WouldBlock => Next::read(),
+ _ => Next::end(),
+ }
+ }
+ }
+
+ fn on_response(&mut self, res: &mut server::Response) -> Next {
+ if let Cors::Allowed(ref domain) = self.cors {
+ let mut headers = res.headers_mut();
+ headers.set(header::Allow(vec![Method::Options, Method::Post, Method::Get]));
+ headers.set(header::AccessControlAllowHeaders(vec![
+ UniCase("origin".to_owned()),
+ UniCase("content-type".to_owned()),
+ UniCase("accept".to_owned()),
+ ]));
+ headers.set(header::AccessControlAllowOrigin::Value(domain.clone()));
+ }
+ self.handler.as_mut().unwrap().on_response(res)
+ }
+
+ fn on_response_writable(&mut self, encoder: &mut Encoder) -> Next {
+ self.handler.as_mut().unwrap().on_response_writable(encoder)
+ }
+}
+
+#[test]
+fn should_return_correct_cors_value() {
+ // given
+ let safe_origins = vec!["chrome-extension://".to_owned(), "http://localhost:8080".to_owned()];
+ let cut = EchoHandler {
+ safe_origins: safe_origins,
+ content: String::new(),
+ cors: Cors::No,
+ handler: None,
+ };
+
+ // when
+ let res1 = cut.cors_header(Some("http://ethcore.io".into()));
+ let res2 = cut.cors_header(Some("http://localhost:8080".into()));
+ let res3 = cut.cors_header(Some("chrome-extension://deadbeefcafe".into()));
+ let res4 = cut.cors_header(None);
+
+
+ // then
+ assert_eq!(res1, Cors::Forbidden);
+ assert_eq!(res2, Cors::Allowed("http://localhost:8080".into()));
+ assert_eq!(res3, Cors::Allowed("chrome-extension://deadbeefcafe".into()));
+ assert_eq!(res4, Cors::No);
+}
diff --git a/dapps/src/handlers/mod.rs b/dapps/src/handlers/mod.rs
index 933538655..5fa9fda95 100644
--- a/dapps/src/handlers/mod.rs
+++ b/dapps/src/handlers/mod.rs
@@ -17,9 +17,41 @@
//! Hyper handlers implementations.
mod auth;
+mod echo;
mod content;
mod redirect;
pub use self::auth::AuthRequiredHandler;
+pub use self::echo::EchoHandler;
pub use self::content::ContentHandler;
pub use self::redirect::Redirection;
+
+use url::Url;
+use hyper::{server, header, net, uri};
+
+pub fn extract_url(req: &server::Request) -> Option {
+ match *req.uri() {
+ uri::RequestUri::AbsoluteUri(ref url) => {
+ match Url::from_generic_url(url.clone()) {
+ Ok(url) => Some(url),
+ _ => None,
+ }
+ },
+ uri::RequestUri::AbsolutePath(ref path) => {
+ // Attempt to prepend the Host header (mandatory in HTTP/1.1)
+ let url_string = match req.headers().get::() {
+ Some(ref host) => {
+ format!("http://{}:{}{}", host.hostname, host.port.unwrap_or(80), path)
+ },
+ None => return None,
+ };
+
+ match Url::parse(&url_string) {
+ Ok(url) => Some(url),
+ _ => None,
+ }
+ },
+ _ => None,
+ }
+}
+
diff --git a/dapps/src/lib.rs b/dapps/src/lib.rs
index 1c550fb07..ccdf172ce 100644
--- a/dapps/src/lib.rs
+++ b/dapps/src/lib.rs
@@ -45,8 +45,9 @@
#[macro_use]
extern crate log;
-extern crate url;
+extern crate url as url_lib;
extern crate hyper;
+extern crate unicase;
extern crate serde;
extern crate serde_json;
extern crate jsonrpc_core;
@@ -63,6 +64,7 @@ mod handlers;
mod rpc;
mod api;
mod proxypac;
+mod url;
use std::sync::{Arc, Mutex};
use std::net::SocketAddr;
@@ -121,7 +123,7 @@ impl Server {
let special = Arc::new({
let mut special = HashMap::new();
special.insert(router::SpecialEndpoint::Rpc, rpc::rpc(handler, panic_handler.clone()));
- special.insert(router::SpecialEndpoint::Api, api::RestApi::new(endpoints.clone()));
+ special.insert(router::SpecialEndpoint::Api, api::RestApi::new(format!("{}", addr), endpoints.clone()));
special.insert(router::SpecialEndpoint::Utils, apps::utils());
special
});
diff --git a/dapps/src/router/mod.rs b/dapps/src/router/mod.rs
index f04c8b614..8fbb37cf3 100644
--- a/dapps/src/router/mod.rs
+++ b/dapps/src/router/mod.rs
@@ -17,22 +17,18 @@
//! Router implementation
//! Processes request handling authorization and dispatching it to proper application.
-mod url;
pub mod auth;
use DAPPS_DOMAIN;
use std::sync::Arc;
use std::collections::HashMap;
-use url::Host;
-use hyper;
-use hyper::{server, uri, header};
-use hyper::{Next, Encoder, Decoder};
+use url::{Url, Host};
+use hyper::{self, server, Next, Encoder, Decoder};
use hyper::net::HttpStream;
use apps;
use endpoint::{Endpoint, Endpoints, EndpointPath};
-use self::url::Url;
+use handlers::{Redirection, extract_url};
use self::auth::{Authorization, Authorized};
-use handlers::Redirection;
/// Special endpoints are accessible on every domain (every dapp)
#[derive(Debug, PartialEq, Hash, Eq)]
@@ -123,32 +119,6 @@ impl Router {
}
}
-fn extract_url(req: &server::Request) -> Option {
- match *req.uri() {
- uri::RequestUri::AbsoluteUri(ref url) => {
- match Url::from_generic_url(url.clone()) {
- Ok(url) => Some(url),
- _ => None,
- }
- },
- uri::RequestUri::AbsolutePath(ref path) => {
- // Attempt to prepend the Host header (mandatory in HTTP/1.1)
- let url_string = match req.headers().get::() {
- Some(ref host) => {
- format!("http://{}:{}{}", host.hostname, host.port.unwrap_or(80), path)
- },
- None => return None,
- };
-
- match Url::parse(&url_string) {
- Ok(url) => Some(url),
- _ => None,
- }
- },
- _ => None,
- }
-}
-
fn extract_endpoint(url: &Option) -> (Option, SpecialEndpoint) {
fn special_endpoint(url: &Url) -> SpecialEndpoint {
if url.path.len() <= 1 {
diff --git a/dapps/src/router/url.rs b/dapps/src/url.rs
similarity index 96%
rename from dapps/src/router/url.rs
rename to dapps/src/url.rs
index b96168239..c9eb2f78f 100644
--- a/dapps/src/router/url.rs
+++ b/dapps/src/url.rs
@@ -16,14 +16,14 @@
//! HTTP/HTTPS URL type. Based on URL type from Iron library.
-use url::Host;
-use url::{self};
+use url_lib::{self};
+pub use url_lib::Host;
/// HTTP/HTTPS URL type for Iron.
#[derive(PartialEq, Eq, Clone, Debug)]
pub struct Url {
/// Raw url of url
- pub raw: url::Url,
+ pub raw: url_lib::Url,
/// The host field of the URL, probably a domain.
pub host: Host,
@@ -62,14 +62,14 @@ impl Url {
/// See: http://url.spec.whatwg.org/#special-scheme
pub fn parse(input: &str) -> Result {
// Parse the string using rust-url, then convert.
- match url::Url::parse(input) {
+ match url_lib::Url::parse(input) {
Ok(raw_url) => Url::from_generic_url(raw_url),
Err(e) => Err(format!("{}", e))
}
}
/// Create a `Url` from a `rust-url` `Url`.
- pub fn from_generic_url(raw_url: url::Url) -> Result {
+ pub fn from_generic_url(raw_url: url_lib::Url) -> Result {
// Map empty usernames to None.
let username = match raw_url.username() {
"" => None,