From 105136494c5a5bf4b1f1cc06cc71815412d17ec8 Mon Sep 17 00:00:00 2001 From: DiamondDrake Date: Tue, 21 Jan 2025 19:23:37 -0500 Subject: [PATCH] feat(http): add dangerous settings / disable ssl verification - issue #518 (#2204) --- .changes/http-dangerous-settings.md | 6 ++++++ plugins/http/Cargo.toml | 1 + plugins/http/api-iife.js | 2 +- plugins/http/guest-js/index.ts | 25 ++++++++++++++++++++++++- plugins/http/src/commands.rs | 28 ++++++++++++++++++++++++++++ plugins/http/src/error.rs | 2 ++ 6 files changed, 62 insertions(+), 2 deletions(-) create mode 100644 .changes/http-dangerous-settings.md diff --git a/.changes/http-dangerous-settings.md b/.changes/http-dangerous-settings.md new file mode 100644 index 0000000000..31d4205c64 --- /dev/null +++ b/.changes/http-dangerous-settings.md @@ -0,0 +1,6 @@ +--- +"http": minor +"http-js": minor +--- + +Add `dangerous-settings` feature flag and new JS `danger` option to disable tls hostname/certificate validation. diff --git a/plugins/http/Cargo.toml b/plugins/http/Cargo.toml index b498c5174c..b90bf8f53c 100644 --- a/plugins/http/Cargo.toml +++ b/plugins/http/Cargo.toml @@ -73,3 +73,4 @@ charset = ["reqwest/charset"] macos-system-configuration = ["reqwest/macos-system-configuration"] unsafe-headers = [] tracing = ["dep:tracing"] +dangerous-settings = [] diff --git a/plugins/http/api-iife.js b/plugins/http/api-iife.js index 0cfeb063a3..76b498ada5 100644 --- a/plugins/http/api-iife.js +++ b/plugins/http/api-iife.js @@ -1 +1 @@ -if("__TAURI__"in window){var __TAURI_PLUGIN_HTTP__=function(e){"use strict";async function t(e,t={},r){return window.__TAURI_INTERNALS__.invoke(e,t,r)}"function"==typeof SuppressedError&&SuppressedError;const r="Request canceled";return e.fetch=async function(e,n){const a=n?.signal;if(a?.aborted)throw new Error(r);const o=n?.maxRedirections,s=n?.connectTimeout,i=n?.proxy;n&&(delete n.maxRedirections,delete n.connectTimeout,delete n.proxy);const d=n?.headers?n.headers instanceof Headers?n.headers:new Headers(n.headers):new Headers,c=new Request(e,n),u=await c.arrayBuffer(),f=0!==u.byteLength?Array.from(new Uint8Array(u)):null;for(const[e,t]of c.headers)d.get(e)||d.set(e,t);const _=(d instanceof Headers?Array.from(d.entries()):Array.isArray(d)?d:Object.entries(d)).map((([e,t])=>[e,"string"==typeof t?t:t.toString()]));if(a?.aborted)throw new Error(r);const h=await t("plugin:http|fetch",{clientConfig:{method:c.method,url:c.url,headers:_,data:f,maxRedirections:o,connectTimeout:s,proxy:i}}),l=()=>t("plugin:http|fetch_cancel",{rid:h});if(a?.aborted)throw l(),new Error(r);a?.addEventListener("abort",(()=>{l()}));const{status:p,statusText:w,url:y,headers:T,rid:A}=await t("plugin:http|fetch_send",{rid:h}),g=await t("plugin:http|fetch_read_body",{rid:A}),R=new Response(g instanceof ArrayBuffer&&0!==g.byteLength?g:g instanceof Array&&g.length>0?new Uint8Array(g):null,{status:p,statusText:w});return Object.defineProperty(R,"url",{value:y}),Object.defineProperty(R,"headers",{value:new Headers(T)}),R},e}({});Object.defineProperty(window.__TAURI__,"http",{value:__TAURI_PLUGIN_HTTP__})} +if("__TAURI__"in window){var __TAURI_PLUGIN_HTTP__=function(e){"use strict";async function t(e,t={},r){return window.__TAURI_INTERNALS__.invoke(e,t,r)}"function"==typeof SuppressedError&&SuppressedError;const r="Request canceled";return e.fetch=async function(e,n){const a=n?.signal;if(a?.aborted)throw new Error(r);const o=n?.maxRedirections,s=n?.connectTimeout,i=n?.proxy,d=n?.danger;n&&(delete n.maxRedirections,delete n.connectTimeout,delete n.proxy,delete n.danger);const c=n?.headers?n.headers instanceof Headers?n.headers:new Headers(n.headers):new Headers,u=new Request(e,n),f=await u.arrayBuffer(),_=0!==f.byteLength?Array.from(new Uint8Array(f)):null;for(const[e,t]of u.headers)c.get(e)||c.set(e,t);const h=(c instanceof Headers?Array.from(c.entries()):Array.isArray(c)?c:Object.entries(c)).map((([e,t])=>[e,"string"==typeof t?t:t.toString()]));if(a?.aborted)throw new Error(r);const l=await t("plugin:http|fetch",{clientConfig:{method:u.method,url:u.url,headers:h,data:_,maxRedirections:o,connectTimeout:s,proxy:i,danger:d}}),p=()=>t("plugin:http|fetch_cancel",{rid:l});if(a?.aborted)throw p(),new Error(r);a?.addEventListener("abort",(()=>{p()}));const{status:w,statusText:y,url:g,headers:T,rid:A}=await t("plugin:http|fetch_send",{rid:l}),R=await t("plugin:http|fetch_read_body",{rid:A}),b=new Response(R instanceof ArrayBuffer&&0!==R.byteLength?R:R instanceof Array&&R.length>0?new Uint8Array(R):null,{status:w,statusText:y});return Object.defineProperty(b,"url",{value:g}),Object.defineProperty(b,"headers",{value:new Headers(T)}),b},e}({});Object.defineProperty(window.__TAURI__,"http",{value:__TAURI_PLUGIN_HTTP__})} diff --git a/plugins/http/guest-js/index.ts b/plugins/http/guest-js/index.ts index 4362e893a2..bea18e4486 100644 --- a/plugins/http/guest-js/index.ts +++ b/plugins/http/guest-js/index.ts @@ -84,6 +84,26 @@ export interface ClientOptions { * Configuration of a proxy that a Client should pass requests to. */ proxy?: Proxy + /** + * Configuration for dangerous settings on the client such as disabling SSL verification. + */ + danger?: DangerousSettings +} + +/** + * Configuration for dangerous settings on the client such as disabling SSL verification. + * + * @since 2.3.0 + */ +export interface DangerousSettings { + /** + * Disables SSL verification. + */ + acceptInvalidCerts?: boolean + /** + * Disables hostname verification. + */ + acceptInvalidHostnames?: boolean } const ERROR_REQUEST_CANCELLED = 'Request canceled' @@ -115,12 +135,14 @@ export async function fetch( const maxRedirections = init?.maxRedirections const connectTimeout = init?.connectTimeout const proxy = init?.proxy + const danger = init?.danger // Remove these fields before creating the request if (init) { delete init.maxRedirections delete init.connectTimeout delete init.proxy + delete init.danger } const headers = init?.headers @@ -172,7 +194,8 @@ export async function fetch( data, maxRedirections, connectTimeout, - proxy + proxy, + danger } }) diff --git a/plugins/http/src/commands.rs b/plugins/http/src/commands.rs index 03c84adf5f..3dc0297e43 100644 --- a/plugins/http/src/commands.rs +++ b/plugins/http/src/commands.rs @@ -75,6 +75,14 @@ pub struct FetchResponse { rid: ResourceId, } +#[derive(Debug, Deserialize)] +#[serde(rename_all = "camelCase")] +#[allow(dead_code)] //feature flags shoudln't affect api +pub struct DangerousSettings { + accept_invalid_certs: bool, + accept_invalid_hostnames: bool, +} + #[derive(Debug, Deserialize)] #[serde(rename_all = "camelCase")] pub struct ClientConfig { @@ -85,6 +93,7 @@ pub struct ClientConfig { connect_timeout: Option, max_redirections: Option, proxy: Option, + danger: Option, } #[derive(Debug, Deserialize)] @@ -181,6 +190,7 @@ pub async fn fetch( connect_timeout, max_redirections, proxy, + danger, } = client_config; let scheme = url.scheme(); @@ -220,6 +230,24 @@ pub async fn fetch( { let mut builder = reqwest::ClientBuilder::new(); + if let Some(danger_config) = danger { + #[cfg(not(feature = "dangerous-settings"))] + { + #[cfg(debug_assertions)] + { + eprintln!("[\x1b[33mWARNING\x1b[0m] using dangerous settings requires `dangerous-settings` feature flag in your Cargo.toml"); + } + let _ = danger_config; + return Err(Error::DangerousSettings); + } + #[cfg(feature = "dangerous-settings")] + { + builder = builder + .danger_accept_invalid_certs(danger_config.accept_invalid_certs) + .danger_accept_invalid_hostnames(danger_config.accept_invalid_hostnames) + } + } + if let Some(timeout) = connect_timeout { builder = builder.connect_timeout(Duration::from_millis(timeout)); } diff --git a/plugins/http/src/error.rs b/plugins/http/src/error.rs index 78ff08a206..ef8de0c526 100644 --- a/plugins/http/src/error.rs +++ b/plugins/http/src/error.rs @@ -41,6 +41,8 @@ pub enum Error { Tauri(#[from] tauri::Error), #[error(transparent)] Utf8(#[from] std::string::FromUtf8Error), + #[error("dangerous settings used but are not enabled")] + DangerousSettings, } impl Serialize for Error {