feat(core): add http allowlist scope [TRI-008] (#24)

lucasfernog · lucasfernog · commit 0ad1c6515f69 · 2022-01-09T16:16:12.000-03:00
diff --git a/.changes/http-refactor.md b/.changes/http-refactor.md
@@ -0,0 +1,5 @@
+---
+"tauri": patch
+---
+
+`tauri::api::HttpRequestBuilder::new` now returns a `Result` to validate the url.
diff --git a/.changes/http-scope.md b/.changes/http-scope.md
diff --git a/.changes/scope-config.md b/.changes/scope-config.md
@@ -3,3 +3,5 @@
 ---
 
 Adds `scope` glob array config under `tauri > allowlist > fs`.
+Adds `assetScope` glob array config under `tauri > allowlist > protocol`.
+Adds `scope` URL array config under `tauri > allowlist > http`.
diff --git a/.changes/scopes.md b/.changes/scopes.md
@@ -2,5 +2,6 @@
 "tauri": patch
 ---
 
-Scopes the filesystem APIs from the webview access using `tauri.conf.json > tauri > allowlist > fs > scope`.
+Scopes the `filesystem` APIs from the webview access using `tauri.conf.json > tauri > allowlist > fs > scope`.
 Scopes the `asset` protocol access using `tauri.conf.json > tauri > allowlist > protocol > assetScope`.
+Scopes the `http` APIs from the webview access using `tauri.conf.json > tauri > allowlist > http > scope`.
diff --git a/core/tauri-utils/src/config.rs b/core/tauri-utils/src/config.rs
@@ -932,11 +932,19 @@ impl Allowlist for DialogAllowlistConfig {
   }
 }
 
+/// HTTP API scope definition.
+/// It is a list of URLs that can be accessed by the webview when using the HTTP APIs.
+#[derive(Debug, Default, PartialEq, Clone, Deserialize, Serialize)]
+#[cfg_attr(feature = "schema", derive(JsonSchema))]
+pub struct HttpAllowlistScope(pub Vec<Url>);
+
 /// Allowlist for the HTTP APIs.
 #[derive(Debug, Default, PartialEq, Clone, Deserialize, Serialize)]
 #[cfg_attr(feature = "schema", derive(JsonSchema))]
 #[serde(rename_all = "camelCase", deny_unknown_fields)]
 pub struct HttpAllowlistConfig {
+  /// The access scope for the HTTP APIs.
+  pub scope: HttpAllowlistScope,
   /// Use this flag to enable all HTTP API features.
   #[serde(default)]
   pub all: bool,
@@ -948,6 +956,7 @@ pub struct HttpAllowlistConfig {
 impl Allowlist for HttpAllowlistConfig {
   fn all_features() -> Vec<&'static str> {
     let allowlist = Self {
+      scope: Default::default(),
       all: false,
       request: true,
     };
@@ -1653,6 +1662,12 @@ mod build {
     quote! { ::std::path::PathBuf::from(#s) }
   }
 
+  /// Creates a `Url` constructor `TokenStream`.
+  fn url_lit(url: &Url) -> TokenStream {
+    let url = url.as_str();
+    quote! { #url.parse().unwrap() }
+  }
+
   /// Create a map constructor, mapping keys and values with other `TokenStream`s.
   ///
   /// This function is pretty generic because the types of keys AND values get transformed.
@@ -1758,8 +1773,8 @@ mod build {
           quote! { #prefix::App(#path) }
         }
         Self::External(url) => {
-          let url = url.as_str();
-          quote! { #prefix::External(#url.parse().unwrap()) }
+          let url = url_lit(url);
+          quote! { #prefix::External(#url) }
         }
       })
     }
@@ -2041,12 +2056,27 @@ mod build {
     }
   }
 
+  impl ToTokens for HttpAllowlistScope {
+    fn to_tokens(&self, tokens: &mut TokenStream) {
+      let allowed_urls = vec_lit(&self.0, url_lit);
+      tokens.append_all(quote! { ::tauri::utils::config::HttpAllowlistScope(#allowed_urls) })
+    }
+  }
+
+  impl ToTokens for HttpAllowlistConfig {
+    fn to_tokens(&self, tokens: &mut TokenStream) {
+      let scope = &self.scope;
+      tokens.append_all(quote! { ::tauri::utils::config::HttpAllowlistConfig { scope: #scope, ..Default::default() } })
+    }
+  }
+
   impl ToTokens for AllowlistConfig {
     fn to_tokens(&self, tokens: &mut TokenStream) {
       let fs = &self.fs;
       let protocol = &self.protocol;
+      let http = &self.http;
       tokens.append_all(
-        quote! { ::tauri::utils::config::AllowlistConfig { fs: #fs, protocol: #protocol, ..Default::default() } },
+        quote! { ::tauri::utils::config::AllowlistConfig { fs: #fs, protocol: #protocol, http: #http, ..Default::default() } },
       )
     }
   }
diff --git a/core/tauri/src/api/error.rs b/core/tauri/src/api/error.rs
@@ -72,6 +72,9 @@ pub enum Error {
   #[cfg(notification_all)]
   #[error(transparent)]
   Notification(#[from] notify_rust::error::Error),
+  /// Url error.
+  #[error(transparent)]
+  Url(#[from] url::ParseError),
   /// failed to detect the current platform.
   #[error("failed to detect platform: {0}")]
   FailedToDetectPlatform(String),
diff --git a/core/tauri/src/api/http.rs b/core/tauri/src/api/http.rs
@@ -8,6 +8,7 @@ use http::{header::HeaderName, Method};
 use serde::{Deserialize, Serialize};
 use serde_json::Value;
 use serde_repr::{Deserialize_repr, Serialize_repr};
+use url::Url;
 
 use std::{collections::HashMap, path::PathBuf, time::Duration};
 
@@ -139,7 +140,7 @@ impl Client {
   pub async fn send(&self, request: HttpRequestBuilder) -> crate::api::Result<Response> {
     let method = Method::from_bytes(request.method.to_uppercase().as_bytes())?;
 
-    let mut request_builder = self.0.request(method, &request.url);
+    let mut request_builder = self.0.request(method, request.url.as_str());
 
     if let Some(query) = request.query {
       request_builder = request_builder.query(&query);
@@ -265,7 +266,7 @@ pub struct HttpRequestBuilder {
   /// The request method (GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS, CONNECT or TRACE)
   pub method: String,
   /// The request URL
-  pub url: String,
+  pub url: Url,
   /// The request query params
   pub query: Option<HashMap<String, String>>,
   /// The request headers
@@ -280,16 +281,16 @@ pub struct HttpRequestBuilder {
 
 impl HttpRequestBuilder {
   /// Initializes a new instance of the HttpRequestrequest_builder.
-  pub fn new(method: impl Into<String>, url: impl Into<String>) -> Self {
-    Self {
+  pub fn new(method: impl Into<String>, url: impl AsRef<str>) -> crate::api::Result<Self> {
+    Ok(Self {
       method: method.into(),
-      url: url.into(),
+      url: Url::parse(url.as_ref())?,
       query: None,
       headers: None,
       body: None,
       timeout: None,
       response_type: None,
-    }
+    })
   }
 
   /// Sets the request parameters.
@@ -330,7 +331,7 @@ pub struct Response(ResponseType, reqwest::Response);
 /// The HTTP response.
 #[cfg(not(feature = "reqwest-client"))]
 #[derive(Debug)]
-pub struct Response(ResponseType, attohttpc::Response, String);
+pub struct Response(ResponseType, attohttpc::Response, Url);
 
 impl Response {
   /// Reads the response as raw bytes.
@@ -346,7 +347,7 @@ impl Response {
   /// Reads the response and returns its info.
   pub async fn read(self) -> crate::api::Result<ResponseData> {
     #[cfg(feature = "reqwest-client")]
-    let url = self.1.url().to_string();
+    let url = self.1.url().clone();
     #[cfg(not(feature = "reqwest-client"))]
     let url = self.2;
 
@@ -410,7 +411,7 @@ pub struct RawResponse {
 #[non_exhaustive]
 pub struct ResponseData {
   /// Response URL. Useful if it followed redirects.
-  pub url: String,
+  pub url: Url,
   /// Response status code.
   pub status: u16,
   /// Response headers.
diff --git a/core/tauri/src/app.rs b/core/tauri/src/app.rs
@@ -1025,6 +1025,8 @@ impl<R: Runtime> Builder<R> {
         &env,
         &app.config().tauri.allowlist.protocol.asset_scope,
       ),
+      #[cfg(http_request)]
+      http: crate::scope::HttpScope::for_http_api(&app.config().tauri.allowlist.http.scope),
     });
     app.manage(env);
 
diff --git a/core/tauri/src/endpoints/http.rs b/core/tauri/src/endpoints/http.rs
@@ -66,17 +66,27 @@ impl Cmd {
 
   #[module_command_handler(http_request, "http > request")]
   async fn http_request<R: Runtime>(
-    _context: InvokeContext<R>,
+    context: InvokeContext<R>,
     client_id: ClientId,
     options: Box<HttpRequestBuilder>,
   ) -> crate::Result<ResponseData> {
-    let client = clients()
-      .lock()
-      .unwrap()
-      .get(&client_id)
-      .ok_or(crate::Error::HttpClientNotInitialized)?
-      .clone();
-    let response = client.send(*options).await?;
-    Ok(response.read().await?)
+    use crate::Manager;
+    if context
+      .window
+      .state::<crate::Scopes>()
+      .http
+      .is_allowed(&options.url)
+    {
+      let client = clients()
+        .lock()
+        .unwrap()
+        .get(&client_id)
+        .ok_or(crate::Error::HttpClientNotInitialized)?
+        .clone();
+      let response = client.send(*options).await?;
+      Ok(response.read().await?)
+    } else {
+      Err(crate::Error::UrlNotAllowed(options.url))
+    }
   }
 }
diff --git a/core/tauri/src/error.rs b/core/tauri/src/error.rs
@@ -87,6 +87,9 @@ pub enum Error {
   /// The user did not allow sending notifications.
   #[error("sending notification was not allowed by the user")]
   NotificationNotAllowed,
+  /// URL not allowed by the scope.
+  #[error("url not allowed on the configured scope: {0}")]
+  UrlNotAllowed(url::Url),
 }
 
 impl From<serde_json::Error> for Error {
diff --git a/core/tauri/src/scope/http.rs b/core/tauri/src/scope/http.rs
@@ -0,0 +1,30 @@
+// Copyright 2019-2021 Tauri Programme within The Commons Conservancy
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-License-Identifier: MIT
+
+use tauri_utils::config::HttpAllowlistScope;
+use url::Url;
+
+/// Scope for filesystem access.
+#[derive(Debug, Clone)]
+pub struct Scope {
+  allowed_urls: Vec<Url>,
+}
+
+impl Scope {
+  /// Creates a new scope from the allowlist's `http` scope configuration.
+  pub fn for_http_api(scope: &HttpAllowlistScope) -> Self {
+    Self {
+      allowed_urls: scope.0.clone(),
+    }
+  }
+
+  /// Determines if the given URL is allowed on this scope.
+  pub fn is_allowed(&self, url: &Url) -> bool {
+    self.allowed_urls.iter().any(|allowed| {
+      allowed.scheme() == url.scheme()
+        && allowed.host() == url.host()
+        && allowed.port() == url.port()
+    })
+  }
+}
diff --git a/core/tauri/src/scope/mod.rs b/core/tauri/src/scope/mod.rs
@@ -3,13 +3,17 @@
 // SPDX-License-Identifier: MIT
 
 mod fs;
+mod http;
 mod shell;
 
+pub use self::http::Scope as HttpScope;
 pub use fs::Scope as FsScope;
 pub use shell::Scope as ShellScope;
 
 pub(crate) struct Scopes {
   pub fs: FsScope,
   #[cfg(protocol_asset)]
   pub asset_protocol: FsScope,
+  #[cfg(http_request)]
+  pub http: HttpScope,
 }
diff --git a/core/tauri/src/updater/core.rs b/core/tauri/src/updater/core.rs
@@ -305,7 +305,7 @@ impl<'a> UpdateBuilder<'a> {
       let resp = ClientBuilder::new()
         .build()?
         .send(
-          HttpRequestBuilder::new("GET", &fixed_link)
+          HttpRequestBuilder::new("GET", &fixed_link)?
             .headers(headers)
             // wait 20sec for the firewall
             .timeout(20),
@@ -459,7 +459,7 @@ impl Update {
     let resp = ClientBuilder::new()
       .build()?
       .send(
-        HttpRequestBuilder::new("GET", &url)
+        HttpRequestBuilder::new("GET", &url)?
           .headers(headers)
           // wait 20sec for the firewall
           .timeout(20),
diff --git a/examples/api/src-tauri/tauri.conf.json b/examples/api/src-tauri/tauri.conf.json
@@ -74,6 +74,9 @@
       "protocol": {
         "asset": true,
         "assetScope": ["$RESOURCE/**"]
+      },
+      "http": {
+        "scope": ["https://jsonplaceholder.typicode.com"]
       }
     },
     "windows": [
diff --git a/tooling/cli.rs/schema.json b/tooling/cli.rs/schema.json
@@ -77,7 +77,8 @@
           },
           "http": {
             "all": false,
-            "request": false
+            "request": false,
+            "scope": []
           },
           "notification": {
             "all": false
@@ -265,7 +266,8 @@
           "description": "HTTP API allowlist.",
           "default": {
             "all": false,
-            "request": false
+            "request": false,
+            "scope": []
           },
           "allOf": [
             {
@@ -1044,6 +1046,9 @@
     "HttpAllowlistConfig": {
       "description": "Allowlist for the HTTP APIs.",
       "type": "object",
+      "required": [
+        "scope"
+      ],
       "properties": {
         "all": {
           "description": "Use this flag to enable all HTTP API features.",
@@ -1054,10 +1059,26 @@
           "description": "Allows making HTTP requests.",
           "default": false,
           "type": "boolean"
+        },
+        "scope": {
+          "description": "The access scope for the HTTP APIs.",
+          "allOf": [
+            {
+              "$ref": "#/definitions/HttpAllowlistScope"
+            }
+          ]
         }
       },
       "additionalProperties": false
     },
+    "HttpAllowlistScope": {
+      "description": "HTTP API scope definition. It is a list of URLs that can be accessed by the webview when using the HTTP APIs.",
+      "type": "array",
+      "items": {
+        "type": "string",
+        "format": "uri"
+      }
+    },
     "MacConfig": {
       "description": "Configuration for the macOS bundles.",
       "type": "object",
@@ -1337,7 +1358,8 @@
             },
             "http": {
               "all": false,
-              "request": false
+              "request": false,
+              "scope": []
             },
             "notification": {
               "all": false

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"tauri": patch
 +---
++
 +`tauri::api::HttpRequestBuilder::new` now returns a `Result` to validate the url.
Original file line number	Diff line number	Diff line change
`@@ -87,6 +87,9 @@ pub enum Error {`
`87`	`87`	`/// The user did not allow sending notifications.`
`88`	`88`	`#[error("sending notification was not allowed by the user")]`
`89`	`89`	`NotificationNotAllowed,`
	`90`	`+ /// URL not allowed by the scope.`
	`91`	`+ #[error("url not allowed on the configured scope: {0}")]`
	`92`	`+ UrlNotAllowed(url::Url),`
`90`	`93`	`}`
`91`	`94`
`92`	`95`	`impl From<serde_json::Error> for Error {`