Add sub-command for checking CORS on discovery endpoints (check_cors), fail lookup if CORS check fails (#63)

Co-authored-by: James Mills <prologic@shortcircuit.net.au> Reviewed-on: https://git.mills.io/saltyim/saltyim/pulls/63
2024-06-27 09:18:22 +00:00 · 2022-03-26 01:42:57 +00:00 · 2022-03-26 01:42:57 +00:00 · 4c88a24c87
commit 4c88a24c87
parent 323f09ff5c
1 changed files with 36 additions and 0 deletions
--- a/bin/salty-chat.sh
+++ b/bin/salty-chat.sh
@ -82,6 +82,26 @@ stream () {
  printf ">"
 }

+check_cors() {
+  if [ $# -lt 1 ]; then
+    printf "check_cors takes 1 arugment %d given\n" "$#"
+    printf "Try %s check_cors uri\n" "$(basename "$0")"
+    return 1
+  fi
+
+  uri="$1"
+
+  if [ "$(curl -v -o - -X GET "$uri" 2>&1 | grep -c -i -E 'access-control-allow-(headers|origin)')" -lt 2 ]; then
+    return 1
+  fi
+
+  if [ "$(curl -v -o - -X OPTIONS "$uri" 2>&1 | grep -c -i -E 'access-control-allow-(headers|origin)')" -lt 2 ]; then
+    return 1
+  fi
+
+  return 0
+}
+
 lookup () {
  if [ $# -lt 1 ]; then
    printf "lookup takes 1 arugment %d given\n" "$#"
@ -97,6 +117,8 @@ lookup () {
  discovery_host="$(dig +short SRV _salty._tcp."$domain" | cut -f 4 -d' ')"
  if [ -z "$discovery_host" ]; then
    discovery_host="$domain"
+  else
+    discovery_host="$(printf "%s" "$discovery_host" | sed -e 's/\.$//')"
  fi

  info=$(mktemp /tmp/salty.XXXXXX)
@ -105,6 +127,16 @@ lookup () {
      rm "$info"
      echo "error: lookup failed"
      return 1
+    else
+      if ! check_cors "https://$discovery_host/.well-known/salty/${nick}.json"; then
+        echo "error: lookup will fail for mobile users due to lack of CORS headers"
+        return 1
+      fi
+    fi
+  else
+    if ! check_cors "https://$discovery_host/.well-known/salty/${hash}.json"; then
+      echo "error: lookup will fail for mobile users due to lack of CORS headers"
+      return 1
    fi
  fi

@ -281,6 +313,7 @@ show_help() {
  printf "  help       -- Display this help message\n"
  printf "  chat       -- Chat with a user by nick@domain\n"
  printf "  lookup     -- Lookup a user by nick@domain\n"
+  printf "  check-cors -- Perform a CORS check on a uri\n"
  printf "  make-user  -- Generate a new user key pair\n"
  printf "  read       -- Reads your messages\n"
  printf "  send       -- Sends a message to nick@domain\n"
@ -318,6 +351,9 @@ case $CMD in
  lookup)
    lookup "$@"
  ;;
+  check-cors)
+    check_cors "@"
+  ;;
  make-user)
    make_user "$@"
  ;;