From 4c88a24c8775061dac5ab5356857b7f273dbffab Mon Sep 17 00:00:00 2001
From: James Mills <james@mills.io>
Date: Sat, 26 Mar 2022 01:42:57 +0000
Subject: [PATCH] Add sub-command for checking CORS on discovery endpoints
 (check_cors), fail lookup if CORS check fails (#63)

Co-authored-by: James Mills <prologic@shortcircuit.net.au>
Reviewed-on: https://git.mills.io/saltyim/saltyim/pulls/63
---
 bin/salty-chat.sh | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/bin/salty-chat.sh b/bin/salty-chat.sh
index 8baf912..b2cef3f 100755
--- a/bin/salty-chat.sh
+++ b/bin/salty-chat.sh
@@ -82,6 +82,26 @@ stream () {
   printf ">"
 }
 
+check_cors() {
+  if [ $# -lt 1 ]; then
+    printf "check_cors takes 1 arugment %d given\n" "$#"
+    printf "Try %s check_cors uri\n" "$(basename "$0")"
+    return 1
+  fi
+
+  uri="$1"
+
+  if [ "$(curl -v -o - -X GET "$uri" 2>&1 | grep -c -i -E 'access-control-allow-(headers|origin)')" -lt 2 ]; then
+    return 1
+  fi
+
+  if [ "$(curl -v -o - -X OPTIONS "$uri" 2>&1 | grep -c -i -E 'access-control-allow-(headers|origin)')" -lt 2 ]; then
+    return 1
+  fi
+
+  return 0
+}
+
 lookup () {
   if [ $# -lt 1 ]; then
     printf "lookup takes 1 arugment %d given\n" "$#"
@@ -97,6 +117,8 @@ lookup () {
   discovery_host="$(dig +short SRV _salty._tcp."$domain" | cut -f 4 -d' ')"
   if [ -z "$discovery_host" ]; then
     discovery_host="$domain"
+  else
+    discovery_host="$(printf "%s" "$discovery_host" | sed -e 's/\.$//')"
   fi
 
   info=$(mktemp /tmp/salty.XXXXXX)
@@ -105,6 +127,16 @@ lookup () {
       rm "$info"
       echo "error: lookup failed"
       return 1
+    else
+      if ! check_cors "https://$discovery_host/.well-known/salty/${nick}.json"; then
+        echo "error: lookup will fail for mobile users due to lack of CORS headers"
+        return 1
+      fi
+    fi
+  else
+    if ! check_cors "https://$discovery_host/.well-known/salty/${hash}.json"; then
+      echo "error: lookup will fail for mobile users due to lack of CORS headers"
+      return 1
     fi
   fi
 
@@ -281,6 +313,7 @@ show_help() {
   printf "  help       -- Display this help message\n"
   printf "  chat       -- Chat with a user by nick@domain\n"
   printf "  lookup     -- Lookup a user by nick@domain\n"
+  printf "  check-cors -- Perform a CORS check on a uri\n"
   printf "  make-user  -- Generate a new user key pair\n"
   printf "  read       -- Reads your messages\n"
   printf "  send       -- Sends a message to nick@domain\n"
@@ -318,6 +351,9 @@ case $CMD in
   lookup)
     lookup "$@"
   ;;
+  check-cors)
+    check_cors "@"
+  ;;
   make-user)
     make_user "$@"
   ;;