dps: Don't check client certs when not using SSL

Fixes #92
tkuester · Apr 5, 2024 · a4a3bb8 · a4a3bb8
1 parent b505193
commit a4a3bb8
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 12 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -10,7 +10,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
  - Support for GeoChat with custom groups
  - Support for Marti packets using UIDs
 
-## [0.9] - 2024/04/05
+### Fixed
+ - Don't check for client certificates in TCP only mode
+
+### Contributors
+ - Thanks to @dceejay and @lucasburlingham for reporting and helping fix #92 !
+
+## [0.10] - 2024/04/05
 
 ### Fixed
  - Fixed a critical bug in the data package server which would permit

diff --git a/taky/dps/__init__.py b/taky/dps/__init__.py
@@ -16,10 +16,11 @@ def requires_auth(func):
 
     @functools.wraps(func)
     def check_headers(*args, **kwargs):
-        if not flask.request.headers.get("X-USER"):
-            flask.abort(401)
-        if flask.request.headers.get("X-REVOKED"):
-            flask.abort(403)
+        if app.config["SSL"]:
+            if not flask.request.headers.get("X-USER"):
+                flask.abort(401)
+            if flask.request.headers.get("X-REVOKED"):
+                flask.abort(403)
 
         return func(*args, **kwargs)
 
@@ -30,12 +31,8 @@ def configure_app(config):
     app.config["HOSTNAME"] = config.get("taky", "hostname")
     app.config["NODEID"] = config.get("taky", "node_id")
     app.config["UPLOAD_PATH"] = config.get("dp_server", "upload_path")
-
-    cot_port = config.getint("cot_server", "port")
-    if config.getboolean("ssl", "enabled"):
-        app.config["COT_CONN_STR"] = f'ssl:{app.config["HOSTNAME"]}:{cot_port}'
-    else:
-        app.config["COT_CONN_STR"] = f'tcp:{app.config["HOSTNAME"]}:{cot_port}'
+    app.config["COT_PORT"] = config.getint("cot_server", "port")
+    app.config["SSL"] = config.getboolean("ssl", "enabled")
 
 
 try:

diff --git a/taky/dps/views/index.py b/taky/dps/views/index.py
@@ -9,10 +9,15 @@ def hello_world():
 @app.route("/Marti/api/clientEndPoints")
 @requires_auth
 def marti_api_client_endpoints():
+    method = "ssl" if app.config["SSL"] else "tcp"
+    hostname = app.config["HOSTNAME"]
+    cot_port = app.config["COT_PORT"]
+    conn_str = f"{method}:{hostname}:{cot_port}"
+
     return {
         "Matcher": "com.bbn.marti.remote.ClientEndpoint",
         "BaseUrl": "",
-        "ServerConnectString": app.config["COT_CONN_STR"],
+        "ServerConnectString": conn_str,
         "NotificationId": "",
         "type": "com.bbn.marti.remote.ClientEndpoint",
         "data": [