hopefully really fixed origin

2023-04-30 18:07:57 -05:00 · 2023-04-30 18:07:57 -05:00 · 4af6da6758
parent 1dea48554d
commit 4af6da6758
1 changed files with 8 additions and 11 deletions
--- a/src/Program.cs
+++ b/src/Program.cs
@ -5,6 +5,7 @@ using System.Text;
 using System.Text.Json;
 using Fido2NetLib;
 using Fido2NetLib.Objects;
+using Microsoft.AspNetCore.Diagnostics;
 using Microsoft.Data.Sqlite;
 using SQLitePCL;

@ -40,19 +41,12 @@ public static class Program {
  private static string ConnectionString { get => $"Data Source={s_db}"; }

  private static Fido2 GetFido2(HttpContext context) {
-    var origin = context.Request.Host.Value.Split(":").First();
-    Console.WriteLine($"origin {origin}");
+    var origin = context.Request.Headers["Origin"].First()!;
    if (!s_fido2.ContainsKey(origin)) {
      s_fido2.Add(origin, new(new Fido2Configuration {
-        ServerDomain = origin,
+        ServerDomain = s_domain ?? context.Request.Host.Value.Split(":").First(),
        ServerName = "WebauthnProxy",
-        Origins = new(new[] { $"http{(
-            origin == "localhost"
-              ? string.Empty
-              : "s")}://{origin}{(
-            origin == "localhost"
-              ? $":{s_port}"
-              : string.Empty)}" }),
+        Origins = new(new[] { origin }),
      }));
    }

@ -62,6 +56,7 @@ public static class Program {
  public static void Main(string[] args) {
    var app = Initialize(args);
    app.UseSession();
+    app.UseDeveloperExceptionPage();

    app.MapGet("/favicon.ico", () => Results.File(Convert.FromBase64String(
        $"AAABAAEAEBAAAAAAAABoBQAAFgAAACgAAAAQAAAAIAAAAAEACAAAAAAAAAEAAAAAAAAAAAAAAAEAAAAAAAD///8{new string('A', 1788)}="),
@ -69,7 +64,6 @@ public static class Program {

    app.MapGet("/auth/check", async (context) => {
      var token = context.Request.Cookies[COOKIE_NAME];
-      Console.WriteLine(token);
      if (!TokenIsValid(token)) {
        context.Response.ContentType = "text/plain";
        context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
@ -196,6 +190,7 @@ public static class Program {
      var req = await context.Request.ReadFromJsonAsync<AddKeyRequest>();
      if (req == null) {
        context.Response.StatusCode = 400;
+        await context.Response.WriteAsJsonAsync(new { error = "bad request" });
        return;
      }

@ -230,6 +225,8 @@ public static class Program {
      cmd.Parameters.Add(idParam);
      cmd.Parameters.Add(keyParam);
      await cmd.ExecuteNonQueryAsync();
+
+      await context.Response.WriteAsJsonAsync(new { status = "ok" });
    });

    app.Run($"http://0.0.0.0:{s_port}");