pezkuwichain/pezkuwi-subxt
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-subxt.git synced 2026-06-12 08:51:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make using insecure connections opt-in (#1309)

Browse Source 
* add insecure url checks

* rename variables

* add feature flags to expose Url properly

* fix test compile error

* fix feature errors

* remove comment

* add url crate and use it for url parsing

* fix compile errors

* satisfy the holy clippy

* fix typos and host loopback

* macro attribute, provide validation function in utils

* fix expected output of ui tests

* remove the success case for --allow-insecure because we cannot establish ws:// connection at the moment.
This commit is contained in:
Tadeo Hepperle
2024-01-09 18:18:23 +01:00
committed by GitHub
parent 5b35a9f849
commit 7f714cbcb9
22 changed files with 562 additions and 413 deletions
Download Patch File Download Diff File Expand all files Collapse all files
subxt/src/utils/mod.rs
+28
View File
@@ -13,8 +13,11 @@ mod static_type;
mod unchecked_extrinsic;
mod wrapper_opaque;
use crate::error::RpcError;
use crate::Error;
use codec::{Compact, Decode, Encode};
use derivative::Derivative;
use url::Url;
pub use account_id::AccountId32;
pub use era::Era;
@@ -47,6 +50,31 @@ pub(crate) fn strip_compact_prefix(bytes: &[u8]) -> Result<(u64, &[u8]), codec::
Ok((val.0, *cursor))
}
/// A URL is considered secure if it uses a secure scheme ("https" or "wss") or is referring to localhost.
///
/// Returns an error if the the string could not be parsed into a URL.
pub fn url_is_secure(url: &str) -> Result<bool, Error> {
let url = Url::parse(url).map_err(|e| Error::Rpc(RpcError::ClientError(Box::new(e))))?;
let secure_scheme = url.scheme() == "https" || url.scheme() == "wss";
let is_localhost = url.host().is_some_and(|e| match e {
url::Host::Domain(e) => e == "localhost",
url::Host::Ipv4(e) => e.is_loopback(),
url::Host::Ipv6(e) => e.is_loopback(),
});
Ok(secure_scheme || is_localhost)
}
/// Validates, that the given Url is secure ("https" or "wss" scheme) or is referring to localhost.
pub fn validate_url_is_secure(url: &str) -> Result<(), Error> {
if !url_is_secure(url)? {
Err(Error::Rpc(crate::error::RpcError::InsecureUrl(url.into())))
} else {
Ok(())
}
}
/// A version of [`std::marker::PhantomData`] that is also Send and Sync (which is fine
/// because regardless of the generic param, it is always possible to Send + Sync this
/// 0 size type).