search

shubham1172 / remote-play

Media controller for PC
MIT License
31 stars 28 forks source link

HTTPs support for FastAPI #31

Closed shubham1172 closed 2 years ago

shubham1172 commented 2 years ago

We need to support HTTPs out of box. It is mandatory for using service workers that are going to be introduced in #4

BabdCatha commented 2 years ago

Hello !

I started working on this issue a few days ago, and I managed to make the connection over https work.

However, there are a few points that I would like to discuss before saying that the issue is fixed, just to make sure.

First, since I have to sign the certificate myself, and a valid certificate can't be obtained for an IP such as 0.0.0.0, the user is shown a warning message when trying to connect, saying that the certificate is invalid, and then provided with the option to continue or go back. It can be fixed, but it would require the user to manually add the CA to the list of authorized CAs on his device.

Second, when the user tries to go to http://x.x.x.x:8000 to connect, it should be redirected towards https://x.x.x.x:8000. This behavior works on desktop versions of browsers, but it doesn't on Android. This is apparently caused by the certificate being invalid on the https page. This could maybe be fixed by the user adding the CA to the list of authorized CAs on his device, or by creating a second server on another port, that would handle http trafic. As of now, when an Android user tries to visit the http version of the page, nothing loads.

Thank you for any feedback you can provide !

shubham1172 commented 2 years ago

Hello @BabdCatha, thank you for looking into the details!

One option can be to allow users to bring-your-own-certificate. That is, Remote-Play can be either started in HTTP mode by default, or the user can provide SSL Certs via cmd-line flags or environment variables and use it in HTTPS mode. They need to ensure that these certs are marked as trusted in their cert stores.

For second one, have you tried using the FastAPI's HTTPsRedirectMiddleware? This will automatically redirect all traffic on HTTP to HTTPS.

BabdCatha commented 2 years ago

Hey,

Thank you for your response, I will look into implementing what you described. I did indeed use HTTPsRedirectMiddleware to try to redirect trafic from HTTP to HTTPS, and it did work on desktop but not on mobile. I will try again with a trusted CA on my mobile, and see if it works in that case.