mozilla · seanmonstar · Aug 29, 2013 · Aug 29, 2013 · Sep 5, 2013 · Sep 5, 2013
diff --git a/bin/proxy b/bin/proxy
@@ -20,11 +20,12 @@ var addy = config.has('bind_to.host') ? config.get('bind_to.host') : "127.0.0.1"
 forward.setTimeout(config.get('declaration_of_support_timeout_ms'));
 
 const allowed = /^https:\/\/[a-zA-Z0-9\.\-_]+\/\.well-known\/browserid(\?.*)?$/;
+const allowed_realm = /^https:\/\/[a-zA-Z0-9\.\-_:]+\/\.well-known\/browserid-realm$/;
 const allowed_kpi = /^https:\/\/[a-zA-Z0-9\.\-_]+\/wsapi\/interaction_data(\?.*)?$/;
 
 var server = http.createServer(function (req, res) {
   var url = req.url;
-  if (!allowed.test(url) && !allowed_kpi.test(url) ) {
+  if (!allowed.test(url) && !allowed_realm.test(url) && !allowed_kpi.test(url) ) {
     res.writeHead(400);
     res.end('You can\'t get there from here');
     return;

diff --git a/example/rp/.well-known/browserid-realm b/example/rp/.well-known/browserid-realm
@@ -0,0 +1,3 @@
+{
+  "realm": ["http://localhost:10001", "http://127.0.0.1:10001"]
+}
diff --git a/example/rp/index.html b/example/rp/index.html
@@ -176,9 +176,9 @@ <h2>readiness</h2>
     }
   });
 };
-
 navigator.id.watch({
   loggedInUser: (storage.loggedInUser === 'null') ? null : storage.loggedInUser,
+  realm: location.search ? location.search.match(/realm=([^&]+)/)[1] : undefined,
   onready: function () {
     loggit("onready");
     var txt = serial++ + ' navigator.id ready at ' + (new Date).toString();

diff --git a/lib/realm.js b/lib/realm.js
@@ -0,0 +1,87 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+const fs = require('fs');
+
+const request = require('./request');
+const logger = require('./logging').logger;
+const util = require('util');
+const validate = require('./validate');
+
+const WELL_KNOWN_PATH = '/.well-known/browserid-realm';
+
+const SHIMMED_REALMS = {};
+
+// Support for "shimmed realms" for local development.
+// CSV values:
+//  <realm>|<browserid-realm filepath>,
+if (process.env.SHIMMED_REALMS) {
+  process.env.SHIMMED_REALMS.split(',').forEach(function(shim) {
+    var parts = shim.split('|');
+    SHIMMED_REALMS[parts[0]] = parts[1]; // realm name, filepath
+    logger.info("shimmed realm info for " + parts[0]);
+  });
+}
+
+
+function isJsonType(res) {
+  var contentType = res.headers['content-type'];
+  return contentType && contentType.indexOf('application/json') === 0;
+}
+
+function onRealmInfo(err, body, callback) {
+  if (err) {
+    // just pass err
+  } else if (!(body && body.realm)) {
+    err = new Error('missing realm json');
+  } else if (!util.isArray(body.realm)) {
+    err = new Error('realm property is not an array');
+  } else {
+    body.realm = body.realm.filter(function(value) {
+      try {
+        validate.is.origin(value);
+        return true;
+      } catch(err) {
+        return false;
+      }
+    });
+  }
+  callback(err, body);
+}
+
+function loadShimmedRealm(realm, callback) {
+  fs.readFile(SHIMMED_REALMS[realm], function(err, str) {
+    var body;
+    if (err) {
+      logger.debug(err); // io error?
+    } else {
+      try {
+        body = JSON.parse(str);
+      } catch (jsonErr) {
+        err = jsonErr;
+      }
+    }
+    onRealmInfo(err, body, callback);
+  });
+}
+
+exports.checkSupport = function realmSupport(realm, callback) {
+  if (SHIMMED_REALMS[realm]) {
+    loadShimmedRealm(realm, callback);
+  } else {
+    request('https://' + realm + WELL_KNOWN_PATH, { json: true }, function onRequest(err, res, body) {
+      if (err) {
+        logger.debug(err);
+      } else if (!isJsonType(res)) {
+        // strict here so that file isn't added to site by mistake. admin
+        // must want this file to exist by explicitly setting headers
+        err = new Error("content-type was not application/json");
+        body = null;
+      }
+
+      onRealmInfo(err, body, callback);
+    });
+  }
+};
+
diff --git a/lib/request.js b/lib/request.js
@@ -0,0 +1,29 @@
+const request = require('request');
+const config = require('./configuration');
+
+const REQUEST_TIMEOUT = config.get('declaration_of_support_timeout_ms');
+const HTTP_PROXY = config.has('http_proxy') ? config.get('http_proxy') : null;
+
+module.exports = function browserid_request(url, options, callback) {
+  if (typeof options === 'function') {
+    callback = options;
+    options = {};
+  }
+
+  if (HTTP_PROXY) {
+    options.proxy = {
+      protocol: 'http:',
+      host: HTTP_PROXY.host,
+      port: HTTP_PROXY.port
+    };
+  }
+
+  if (!('timeout' in options)) {
+    options.timeout = REQUEST_TIMEOUT;
+  }
+
+  options.strictSSL = true;
+
+  request(url, options, callback);
+};
+
diff --git a/lib/validate.js b/lib/validate.js
@@ -18,6 +18,7 @@ httputils = require('./httputils.js'),
 check = require('validator').check;
 
 var hostnameRegex = /^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$/;
+var hostRegex = /^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])(:\d{1,5})?$/;
 
 var types = {
   email: function(x) {
@@ -48,6 +49,9 @@ var types = {
   hostname: function(x) {
     check(x).is(hostnameRegex);
   },
+  host: function(x) {
+    check(x).is(hostRegex);
+  },
   origin: function(x) {
     /* origin regex
     /^                          // beginning
@@ -143,3 +147,5 @@ module.exports = function (params) {
     next();
   };
 };
+
+module.exports.is = types;
diff --git a/lib/wsapi/realm_info.js b/lib/wsapi/realm_info.js
@@ -0,0 +1,28 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+const realm = require('../realm');
+const logger = require('../logging').logger;
+
+exports.method = 'get';
+exports.writes_db = false;
+exports.authed = false;
+exports.args = {
+  realm: 'host'
+};
+exports.i18n = false;
+
+exports.process = function realm_info(req, res) {
+  var domain = req.params.realm.toLowerCase();
+  realm.checkSupport(domain, function onRealm(err, body) {
+    var json = {};
+    if (err) {
+      logger.info('"' + domain + '" realm support is misconfigured: ' + err);
+      json.realm = [];
+    } else {
+      json.realm = body.realm;
+    }
+
+    res.json(json);
+  });
+};