tauri-apps / tauri

Build smaller, faster, and more secure desktop and mobile applications with a web frontend.
https://tauri.app
Apache License 2.0
85.77k stars 2.6k forks source link

[bug] is SSL Pinning supported in tauri.app ? #5535

Open ne0z opened 2 years ago

ne0z commented 2 years ago

Describe the bug

Hi there, is tauri.app support for SSL pinning? I previously tried https://gist.github.com/arvindkumarbadwal/0b81f4bc7a22f9be17556f823d7ee8f6 but no success at all. There is an error: Error: Module "https" has been externalized for browser compatibility. Cannot access "https.Agent" in client code.

tried this solution: https://dev.to/0xbf/vite-module-path-has-been-externalized-for-browser-compatibility-2bo6 (I replace path-browserify with https-browserify. But show another error:

TypeError: undefined is not a constructor (evaluating 'new https.Agent(options)')

Reproduction

vite.config.js

import { defineConfig } from "vite";
import react from "@vitejs/plugin-react";

// https://vitejs.dev/config/
export default defineConfig({
  plugins: [react()],

  // Vite options tailored for Tauri development and only applied in `tauri dev` or `tauri build`
  // prevent vite from obscuring rust errors
  clearScreen: false,
  // tauri expects a fixed port, fail if that port is not available
  server: {
    port: 1420,
    strictPort: true,
  },
  // to make use of `TAURI_DEBUG` and other env variables
  // https://tauri.studio/v1/api/config#buildconfig.beforedevcommand
  envPrefix: ["VITE_", "TAURI_"],
  build: {
    // Tauri supports es2021
    target: ["es2021", "chrome100", "safari13"],
    // don't minify for debug builds
    minify: !process.env.TAURI_DEBUG ? "esbuild" : false,
    // produce sourcemaps for debug builds
    sourcemap: !!process.env.TAURI_DEBUG,
  },
  resolve: {
    alias: {
      https: "https-browserify",
    },
  },
});

App.jsx


import crypto from 'crypto';
import https from 'https';
import tls from 'tls';
.....

function sha256(s) {
  return crypto.createHash('sha256').update(s).digest('base64');
}

import crypto from 'crypto';
import https from 'https';
import tls from 'tls';
.....

function sha256(s) {
    return crypto.createHash('sha256').update(s).digest('base64');
}

const options = {
    rejectUnauthorized: true,
    checkServerIdentity: function (host, cert) {
        // Make sure the certificate is issued to the host we are connected to
        const err = tls.checkServerIdentity(host, cert);
        if (err) {
            return err;
        }

        // Pin the public key, similar to HPKP pin-sha25 pinning
        const pubkey256 = 'ORH27mxcLwxnNpR7e0i6pdDPWLXdpeWgr5bEfFVbxW8=';
        if (sha256(cert.pubkey) !== pubkey256) {
            return new Error('Certificate verification error');
        }
    },
};
const agent = new https.Agent(options);

axios.get('https://api.github.com', { httpsAgent: agent })
    .then(response => {
        console.log('All OK. Server matched our pinned cert or public key')
    })
    .catch(error => {
        console.error(error.message)
    });

Expected behavior

No response

Platform and versions

Environment › OS: Mac OS 12.6.0 X64 › Node.js: 18.6.0 › npm: 8.13.2 › pnpm: 7.14.2 › yarn: 1.22.19 › rustup: 1.25.1 › rustc: 1.64.0 › cargo: 1.64.0 › Rust toolchain: stable-aarch64-apple-darwin

Packages › @tauri-apps/cli [NPM]: 1.1.1 › @tauri-apps/api [NPM]: 1.1.0 › tauri [RUST]: 1.1.1, › tauri-build [RUST]: 1.1.1, › tao [RUST]: 0.14.0, › wry [RUST]: 0.21.1,

App › build-type: bundle › CSP: unset › distDir: ../dist › devPath: http://localhost:1420/ › framework: React

App directory structure ├─ node_modules ├─ public ├─ src-tauri ├─ .vscode └─ src

Stack trace

No response

Additional context

No response

mylylyl commented 1 year ago

curious abt it as well!

dathacky commented 1 year ago

+1