From 4af6da6758de373b94c731ab9113ff6453998249 Mon Sep 17 00:00:00 2001
From: Rudis Muiznieks <rudis@sitosis.com>
Date: Sun, 30 Apr 2023 18:07:57 -0500
Subject: [PATCH] hopefully really fixed origin

---
 src/Program.cs | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/src/Program.cs b/src/Program.cs
index 5bb8731..d0ae9bf 100644
--- a/src/Program.cs
+++ b/src/Program.cs
@@ -5,6 +5,7 @@ using System.Text;
 using System.Text.Json;
 using Fido2NetLib;
 using Fido2NetLib.Objects;
+using Microsoft.AspNetCore.Diagnostics;
 using Microsoft.Data.Sqlite;
 using SQLitePCL;
 
@@ -40,19 +41,12 @@ public static class Program {
   private static string ConnectionString { get => $"Data Source={s_db}"; }
 
   private static Fido2 GetFido2(HttpContext context) {
-    var origin = context.Request.Host.Value.Split(":").First();
-    Console.WriteLine($"origin {origin}");
+    var origin = context.Request.Headers["Origin"].First()!;
     if (!s_fido2.ContainsKey(origin)) {
       s_fido2.Add(origin, new(new Fido2Configuration {
-        ServerDomain = origin,
+        ServerDomain = s_domain ?? context.Request.Host.Value.Split(":").First(),
         ServerName = "WebauthnProxy",
-        Origins = new(new[] { $"http{(
-            origin == "localhost"
-              ? string.Empty
-              : "s")}://{origin}{(
-            origin == "localhost"
-              ? $":{s_port}"
-              : string.Empty)}" }),
+        Origins = new(new[] { origin }),
       }));
     }
 
@@ -62,6 +56,7 @@ public static class Program {
   public static void Main(string[] args) {
     var app = Initialize(args);
     app.UseSession();
+    app.UseDeveloperExceptionPage();
 
     app.MapGet("/favicon.ico", () => Results.File(Convert.FromBase64String(
         $"AAABAAEAEBAAAAAAAABoBQAAFgAAACgAAAAQAAAAIAAAAAEACAAAAAAAAAEAAAAAAAAAAAAAAAEAAAAAAAD///8{new string('A', 1788)}="),
@@ -69,7 +64,6 @@ public static class Program {
 
     app.MapGet("/auth/check", async (context) => {
       var token = context.Request.Cookies[COOKIE_NAME];
-      Console.WriteLine(token);
       if (!TokenIsValid(token)) {
         context.Response.ContentType = "text/plain";
         context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
@@ -196,6 +190,7 @@ public static class Program {
       var req = await context.Request.ReadFromJsonAsync<AddKeyRequest>();
       if (req == null) {
         context.Response.StatusCode = 400;
+        await context.Response.WriteAsJsonAsync(new { error = "bad request" });
         return;
       }
 
@@ -230,6 +225,8 @@ public static class Program {
       cmd.Parameters.Add(idParam);
       cmd.Parameters.Add(keyParam);
       await cmd.ExecuteNonQueryAsync();
+
+      await context.Response.WriteAsJsonAsync(new { status = "ok" });
     });
 
     app.Run($"http://0.0.0.0:{s_port}");