YGGverse/Yoda
1
0
Fork 0
mirror of https://github.com/YGGverse/Yoda.git synced 2026-03-31 16:45:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

init profile TOFU features

Browse source
This commit is contained in:
yggverse 2025-07-23 02:13:10 +03:00
parent 5aa6b1464c
commit f831212d40
11 changed files with 403 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

9
Cargo.toml
View file

@ -1,6 +1,6 @@
[package] [package]
name = "Yoda" name = "Yoda"
version = "0.11.9" version = "0.12.0"
edition = "2024" edition = "2024"
license = "MIT" license = "MIT"
readme = "README.md" readme = "README.md"
@ -31,7 +31,8 @@ version = "0.9.1"
[dependencies] [dependencies]
ansi-parser = "0.9.1" ansi-parser = "0.9.1"
anyhow = "1.0.97" anyhow = "1.0.97"
ggemini = "0.18.0" async-channel = "2.5.0"
ggemini = "0.19.0"
ggemtext = "0.6.0" ggemtext = "0.6.0"
indexmap = "2.7.0" indexmap = "2.7.0"
itertools = "0.14.0" itertools = "0.14.0"
@ -44,7 +45,7 @@ r2d2_sqlite = "0.30.0"
syntect = "5.2.0" syntect = "5.2.0"
# development # development
# [patch.crates-io] [patch.crates-io]
# ggemini = { git = "https://github.com/YGGverse/ggemini.git" } ggemini = { git = "https://github.com/YGGverse/ggemini.git" }
# ggemtext = { git = "https://github.com/YGGverse/ggemtext.git" } # ggemtext = { git = "https://github.com/YGGverse/ggemtext.git" }
# plurify = { git = "https://github.com/YGGverse/plurify.git" } # plurify = { git = "https://github.com/YGGverse/plurify.git" }

13
README.md
View file

@ -21,11 +21,14 @@ GTK 4 / Libadwaita client written in Rust
* [ ] [Audio](#audio) * [ ] [Audio](#audio)
* [ ] [Video](#video) * [ ] [Video](#video)
* [x] Certificates * [x] Certificates
* [x] Generate new identity * [x] Server
* [x] Select for path * [x] [TOFU](https://en.wikipedia.org/wiki/Trust_on_first_use)
* [x] Export to PEM * [x] Client
* [x] Import from PEM * [x] Generate new identity
* [x] Delete * [x] Select for path
* [x] Export to PEM
* [x] Import from PEM
* [x] Delete
* [x] Custom search providers * [x] Custom search providers
* [ ] Downloads * [ ] Downloads
* [ ] Browser window * [ ] Browser window

45
src/app/browser/window/tab/item/client/driver/gemini.rs
View file

@ -11,7 +11,7 @@ use gtk::{
glib::{Priority, Uri}, glib::{Priority, Uri},
prelude::{ButtonExt, FileExt, SocketClientExt}, prelude::{ButtonExt, FileExt, SocketClientExt},
}; };
use sourceview::prelude::InputStreamExtManual; use sourceview::prelude::{ActionExt, InputStreamExtManual, TlsConnectionExt};
use std::{cell::Cell, path::MAIN_SEPARATOR, rc::Rc, time::Duration}; use std::{cell::Cell, path::MAIN_SEPARATOR, rc::Rc, time::Duration};
/// [Gemini protocol](https://geminiprotocol.net/docs/protocol-specification.gmi) client driver /// [Gemini protocol](https://geminiprotocol.net/docs/protocol-specification.gmi) client driver
@ -150,6 +150,8 @@ fn handle(
) { ) {
const EVENT_COMPLETED: &str = "Completed"; const EVENT_COMPLETED: &str = "Completed";
let uri = request.uri().clone(); let uri = request.uri().clone();
let server_certificates = this.page.profile.tofu.server_certificates(&uri);
let has_server_certificates = server_certificates.is_some();
this.client.request_async( this.client.request_async(
request, request,
Priority::DEFAULT, Priority::DEFAULT,
@ -160,6 +162,7 @@ fn handle(
.profile .profile
.identity .identity
.get(&uri.to_string()).map(|identity|identity.to_tls_certificate().unwrap()), .get(&uri.to_string()).map(|identity|identity.to_tls_certificate().unwrap()),
server_certificates,
{ {
let page = this.page.clone(); let page = this.page.clone();
let redirects = this.redirects.clone(); let redirects = this.redirects.clone();
@ -186,6 +189,12 @@ fn handle(
// * unwrap fails only on `connection.socket_connection.is_closed()` // * unwrap fails only on `connection.socket_connection.is_closed()`
// drop the panic as unexpected here. // drop the panic as unexpected here.
} }
// Register new peer certificate if the TOFU index is empty
if !has_server_certificates {
page.profile.tofu.add(
connection.tls_client_connection.peer_certificate().unwrap()
).unwrap() // expect new record
}
// Handle response // Handle response
match response { match response {
// https://geminiprotocol.net/docs/protocol-specification.gmi#input-expected // https://geminiprotocol.net/docs/protocol-specification.gmi#input-expected
@ -608,8 +617,38 @@ fn handle(
} }
} }
Err(e) => { Err(e) => {
let s = page.content.to_status_failure(); let s = match e {
s.set_description(Some(&e.to_string())); ggemini::client::Error::Request(connection, e) => match e {
ggemini::client::connection::Error::Request(_, e) => {
use gtk::gio::TlsError;
if e.kind::<TlsError>().is_some_and(|e| matches!(e, TlsError::BadCertificate)) {
page.content.to_status_tofu({
let p = page.clone();
move || {
p.profile.tofu.add(
connection.tls_client_connection.peer_certificate().unwrap()
).unwrap(); // expect new record
p.item_action.reload.activate(None)
}
})
} else {
let s = page.content.to_status_failure();
s.set_description(Some(&e.to_string()));
s
}
},
_ => {
let s = page.content.to_status_failure();
s.set_description(Some(&e.to_string()));
s
}
},
_ => {
let s = page.content.to_status_failure();
s.set_description(Some(&e.to_string()));
s
}
};
page.set_progress(0.0); page.set_progress(0.0);
page.set_title(&s.title()); page.set_title(&s.title());
if is_snap_history { if is_snap_history {

64
src/app/browser/window/tab/item/page/content.rs
View file

@ -51,9 +51,9 @@ impl Content {
/// * action removes previous children component from `Self` /// * action removes previous children component from `Self`
pub fn to_image(&self, paintable: &impl IsA<Paintable>) -> Image { pub fn to_image(&self, paintable: &impl IsA<Paintable>) -> Image {
self.clean(); self.clean();
let image = Image::new_from_paintable(paintable); let i = Image::new_from_paintable(paintable);
self.g_box.append(&image.picture); self.g_box.append(&i.picture);
image i
} }
/// Set new `content::Status` component for `Self` with new `status::Download` preset /// Set new `content::Status` component for `Self` with new `status::Download` preset
@ -66,9 +66,9 @@ impl Content {
on_choose: impl Fn(File, Rc<status::download::Action>) + 'static, on_choose: impl Fn(File, Rc<status::download::Action>) + 'static,
) -> StatusPage { ) -> StatusPage {
self.clean(); self.clean();
let status = status::download::build(initial_filename, cancellable, on_choose); let s = status::download::build(initial_filename, cancellable, on_choose);
self.g_box.append(&status); self.g_box.append(&s);
status s
} }
/// Set new `content::Status` component for `Self` with new `status::Failure` preset /// Set new `content::Status` component for `Self` with new `status::Failure` preset
@ -76,9 +76,19 @@ impl Content {
/// * action removes previous children component from `Self` /// * action removes previous children component from `Self`
pub fn to_status_failure(&self) -> StatusPage { pub fn to_status_failure(&self) -> StatusPage {
self.clean(); self.clean();
let status = status::failure::new(); let s = status::failure::new();
self.g_box.append(&status); self.g_box.append(&s);
status s
}
/// Set new `content::Status` component for `Self` with new `status::Tofu` preset
///
/// * action removes previous children component from `Self`
pub fn to_status_tofu(&self, on_accept: impl Fn() + 'static) -> StatusPage {
self.clean();
let s = status::tofu::build(on_accept);
self.g_box.append(&s);
s
} }
/// Set new `content::Status` component for `Self` with new `status::Mime` issue preset /// Set new `content::Status` component for `Self` with new `status::Mime` issue preset
@ -90,9 +100,9 @@ impl Content {
download: Option<(&Rc<ItemAction>, &Uri)>, download: Option<(&Rc<ItemAction>, &Uri)>,
) -> StatusPage { ) -> StatusPage {
self.clean(); self.clean();
let status = status::mime::build(mime, download); let s = status::mime::build(mime, download);
self.g_box.append(&status); self.g_box.append(&s);
status s
} }
/// Set new `content::Status` component for `Self` with new `status::Identity` preset /// Set new `content::Status` component for `Self` with new `status::Identity` preset
@ -100,9 +110,9 @@ impl Content {
/// * action removes previous children component from `Self` /// * action removes previous children component from `Self`
pub fn to_status_identity(&self) -> StatusPage { pub fn to_status_identity(&self) -> StatusPage {
self.clean(); self.clean();
let status = status::identity::build((&self.tab_action, &self.item_action)); let s = status::identity::build((&self.tab_action, &self.item_action));
self.g_box.append(&status); self.g_box.append(&s);
status s
} }
/// Set new `content::Status` component for `Self` with new `status::Loading` preset /// Set new `content::Status` component for `Self` with new `status::Loading` preset
@ -110,9 +120,9 @@ impl Content {
/// * action removes previous children component from `Self` /// * action removes previous children component from `Self`
pub fn to_status_loading(&self, show_with_delay: Option<Duration>) -> StatusPage { pub fn to_status_loading(&self, show_with_delay: Option<Duration>) -> StatusPage {
self.clean(); self.clean();
let status = status::loading::build(show_with_delay); let s = status::loading::build(show_with_delay);
self.g_box.append(&status); self.g_box.append(&s);
status s
} }
/// `text/gemini` /// `text/gemini`
@ -147,17 +157,17 @@ impl Content {
/// `text/plain` /// `text/plain`
pub fn to_text_plain(&self, data: &str) -> Text { pub fn to_text_plain(&self, data: &str) -> Text {
self.clean(); self.clean();
let text = Text::plain(data); let t = Text::plain(data);
self.g_box.append(&text.scrolled_window); self.g_box.append(&t.scrolled_window);
text t
} }
/// [text/nex](https://nightfall.city/nex/info/specification.txt) /// [text/nex](https://nightfall.city/nex/info/specification.txt)
pub fn to_text_nex(&self, base: &Uri, data: &str) -> Text { pub fn to_text_nex(&self, base: &Uri, data: &str) -> Text {
self.clean(); self.clean();
let text = Text::nex((&self.window_action, &self.item_action), base, data); let t = Text::nex((&self.window_action, &self.item_action), base, data);
self.g_box.append(&text.scrolled_window); self.g_box.append(&t.scrolled_window);
text t
} }
pub fn to_directory( pub fn to_directory(
@ -172,9 +182,9 @@ impl Content {
/// * system `source:` /// * system `source:`
pub fn to_text_source(&self, data: &str) -> Text { pub fn to_text_source(&self, data: &str) -> Text {
self.clean(); self.clean();
let text = Text::source(data); let t = Text::source(data);
self.g_box.append(&text.scrolled_window); self.g_box.append(&t.scrolled_window);
text t
} }
/// Remove all children components from `Self` /// Remove all children components from `Self`

1
src/app/browser/window/tab/item/page/content/status.rs
View file

@ -3,5 +3,6 @@ pub mod failure;
pub mod identity; pub mod identity;
pub mod loading; pub mod loading;
pub mod mime; pub mod mime;
pub mod tofu;
use super::{ItemAction, TabAction}; use super::{ItemAction, TabAction};

40
src/app/browser/window/tab/item/page/content/status/tofu.rs Normal file
View file

@ -0,0 +1,40 @@
use adw::StatusPage;
use gtk::{
Align, Button,
prelude::{BoxExt, ButtonExt, WidgetExt},
};
pub fn build(on_accept: impl Fn() + 'static) -> StatusPage {
let b = gtk::Box::builder()
.halign(Align::Center)
.orientation(gtk::Orientation::Horizontal)
.spacing(16)
.build();
b.append(&gtk::Label::builder().selectable(true).use_markup(true).label(
"<a href=\"https://geminiprotocol.net/docs/protocol-specification.gmi#tls-server-certificate-validation\" title=\"Gemini protocol specification (HTTP link)\">Read more...</a>"
).build());
b.append(&{
let b = Button::builder()
.css_classes(["warning"])
.label("Accept")
.tooltip_text("Add an exception")
.halign(Align::Center)
.build();
b.connect_clicked(move |this| {
this.set_sensitive(false);
on_accept()
});
b
});
StatusPage::builder()
.child(&b)
.icon_name("security-medium-symbolic")
.title("Server certificate has been changed")
.description("it could be a man-in-the-middle attack")
.build()
}

18
src/profile.rs
View file

@ -3,6 +3,7 @@ mod database;
mod history; mod history;
mod identity; mod identity;
mod search; mod search;
mod tofu;
use anyhow::Result; use anyhow::Result;
use bookmark::Bookmark; use bookmark::Bookmark;
@ -15,6 +16,7 @@ use r2d2_sqlite::SqliteConnectionManager;
use search::Search; use search::Search;
use sqlite::Transaction; use sqlite::Transaction;
use std::{fs::create_dir_all, path::PathBuf}; use std::{fs::create_dir_all, path::PathBuf};
use tofu::Tofu;
const VENDOR: &str = "YGGverse"; const VENDOR: &str = "YGGverse";
const APP_ID: &str = "Yoda"; const APP_ID: &str = "Yoda";
@ -24,11 +26,12 @@ const DB_NAME: &str = "database.sqlite3";
pub struct Profile { pub struct Profile {
pub bookmark: Bookmark, pub bookmark: Bookmark,
pub config_path: PathBuf,
pub database: Database, pub database: Database,
pub history: History, pub history: History,
pub identity: Identity, pub identity: Identity,
pub search: Search, pub search: Search,
pub config_path: PathBuf, pub tofu: Tofu,
} }
impl Profile { impl Profile {
@ -82,24 +85,28 @@ impl Profile {
// Init components // Init components
let bookmark = Bookmark::build(&database_pool, profile_id)?; let bookmark = Bookmark::build(&database_pool, profile_id)?;
let history = History::build(&database_pool, profile_id)?; let history = History::build(&database_pool, profile_id)?;
let search = Search::build(&database_pool, profile_id)?;
let identity = Identity::build(&database_pool, profile_id)?; let identity = Identity::build(&database_pool, profile_id)?;
let search = Search::build(&database_pool, profile_id)?;
let tofu = Tofu::init(&database_pool, profile_id)?;
// Result // Result
Ok(Self { Ok(Self {
bookmark, bookmark,
config_path,
database, database,
history, history,
identity, identity,
search, search,
config_path, tofu,
}) })
} }
// Actions // Actions
pub fn save(&self) -> Result<()> { pub fn save(&self) -> Result<()> {
self.history.save() self.history.save()?;
self.tofu.save()?;
Ok(())
} }
} }
@ -109,9 +116,10 @@ pub fn migrate(tx: &Transaction) -> Result<()> {
// Delegate migration to children components // Delegate migration to children components
bookmark::migrate(tx)?; bookmark::migrate(tx)?;
history::migrate(tx)?;
identity::migrate(tx)?; identity::migrate(tx)?;
search::migrate(tx)?; search::migrate(tx)?;
history::migrate(tx)?; tofu::migrate(tx)?;
// Success // Success
Ok(()) Ok(())

103
src/profile/tofu.rs Normal file
View file

@ -0,0 +1,103 @@
mod certificate;
mod database;
use anyhow::Result;
use certificate::Certificate;
use database::Database;
use gtk::{gio::TlsCertificate, glib::Uri};
use r2d2::Pool;
use r2d2_sqlite::SqliteConnectionManager;
use sourceview::prelude::TlsCertificateExt;
use sqlite::Transaction;
use std::sync::RwLock;
/// TOFU wrapper for the Gemini protocol
///
/// https://geminiprotocol.net/docs/protocol-specification.gmi#tls-server-certificate-validation
pub struct Tofu {
database: Database,
memory: RwLock<Vec<Certificate>>,
}
impl Tofu {
// Constructors
pub fn init(database_pool: &Pool<SqliteConnectionManager>, profile_id: i64) -> Result<Self> {
let database = Database::init(database_pool, profile_id);
let records = database.records()?;
let memory = RwLock::new(Vec::with_capacity(records.len()));
{
// build in-memory index...
let mut m = memory.write().unwrap();
for r in records {
m.push(Certificate::from_db(Some(r.id), &r.pem, r.time)?)
}
}
Ok(Self { database, memory })
}
// Actions
pub fn add(&self, tls_certificate: TlsCertificate) -> Result<()> {
self.memory
.write()
.unwrap()
.push(Certificate::from_tls_certificate(tls_certificate)?);
Ok(())
}
pub fn server_certificates(&self, uri: &Uri) -> Option<Vec<TlsCertificate>> {
fn f(subject_name: &str) -> String {
subject_name
.trim_start_matches("CN=")
.trim_start_matches('*')
.trim_matches('.')
.to_lowercase()
}
if let Some(h) = uri.host() {
let k = f(&h);
let m = self.memory.read().unwrap();
let b: Vec<TlsCertificate> = m
.iter()
.filter_map(|certificate| {
let tls_certificate = certificate.tls_certificate();
if k.ends_with(&f(&tls_certificate.subject_name().unwrap())) {
Some(tls_certificate.clone())
} else {
None
}
})
.collect();
if !b.is_empty() {
return Some(b);
}
}
None
}
/// Save in-memory index to the permanent database (on app close)
pub fn save(&self) -> Result<()> {
for c in self.memory.read().unwrap().iter() {
if c.id().is_none() {
self.database.add(c.time(), &c.pem())?;
}
}
Ok(())
}
}
// Tools
pub fn migrate(tx: &Transaction) -> Result<()> {
// Migrate self components
database::init(tx)?;
// Delegate migration to childs
// nothing yet...
// Success
Ok(())
}

52
src/profile/tofu/certificate.rs Normal file
View file

@ -0,0 +1,52 @@
use anyhow::Result;
use gtk::{
gio::TlsCertificate,
glib::{DateTime, GString},
};
use sourceview::prelude::TlsCertificateExt;
#[derive(PartialEq, Eq, Hash)]
pub struct Certificate {
id: Option<i64>,
time: DateTime,
tls_certificate: TlsCertificate,
}
impl Certificate {
// Constructors
pub fn from_db(id: Option<i64>, pem: &str, time: DateTime) -> Result<Self> {
Ok(Self {
id,
time,
tls_certificate: TlsCertificate::from_pem(pem)?,
})
}
pub fn from_tls_certificate(tls_certificate: TlsCertificate) -> Result<Self> {
Ok(Self {
id: None,
time: DateTime::now_local()?,
tls_certificate,
})
}
// Getters
pub fn pem(&self) -> GString {
self.tls_certificate.certificate_pem().unwrap()
}
pub fn id(&self) -> Option<i64> {
self.id
}
pub fn time(&self) -> &DateTime {
&self.time
}
pub fn tls_certificate(&self) -> &TlsCertificate {
&self.tls_certificate
}
}

97
src/profile/tofu/database.rs Normal file
View file

@ -0,0 +1,97 @@
mod row;
use anyhow::Result;
use gtk::glib::DateTime;
use r2d2::Pool;
use r2d2_sqlite::SqliteConnectionManager;
use row::Row;
use sqlite::Transaction;
pub struct Database {
pool: Pool<SqliteConnectionManager>,
profile_id: i64,
}
impl Database {
// Constructors
/// Create new `Self`
pub fn init(pool: &Pool<SqliteConnectionManager>, profile_id: i64) -> Self {
Self {
pool: pool.clone(),
profile_id,
}
}
// Getters
/// Get records from database with optional filter by `request`
pub fn records(&self) -> Result<Vec<Row>> {
select(&self.pool.get()?.unchecked_transaction()?, self.profile_id)
}
// Setters
/// Create new record in database
/// * return last insert ID on success
pub fn add(&self, time: &DateTime, pem: &str) -> Result<i64> {
let mut connection = self.pool.get()?;
let tx = connection.transaction()?;
let id = insert(&tx, self.profile_id, time, pem)?;
tx.commit()?;
Ok(id)
}
}
// Low-level DB API
pub fn init(tx: &Transaction) -> Result<usize> {
Ok(tx.execute(
"CREATE TABLE IF NOT EXISTS `profile_tofu`
(
`id` INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
`profile_id` INTEGER NOT NULL,
`time` INTEGER NOT NULL,
`pem` TEXT NOT NULL,
FOREIGN KEY (`profile_id`) REFERENCES `profile` (`id`)
)",
[],
)?)
}
pub fn insert(tx: &Transaction, profile_id: i64, time: &DateTime, pem: &str) -> Result<i64> {
tx.execute(
"INSERT INTO `profile_tofu` (
`profile_id`,
`time`,
`pem`
) VALUES (?, ?, ?)",
(profile_id, time.to_unix(), pem),
)?;
Ok(tx.last_insert_rowid())
}
pub fn select(tx: &Transaction, profile_id: i64) -> Result<Vec<Row>> {
let mut stmt = tx.prepare(
"SELECT `id`, `profile_id`, `time`, `pem` FROM `profile_tofu` WHERE `profile_id` = ?",
)?;
let result = stmt.query_map([profile_id], |row| {
Ok(Row {
id: row.get(0)?,
//profile_id: row.get(1)?,
time: DateTime::from_unix_local(row.get(2)?).unwrap(),
pem: row.get(3)?,
})
})?;
let mut records = Vec::new();
for record in result {
let table = record?;
records.push(table);
}
Ok(records)
}

5
src/profile/tofu/database/row.rs Normal file
View file

@ -0,0 +1,5 @@
pub struct Row {
pub id: i64,
pub pem: String,
pub time: gtk::glib::DateTime,
}