ospab
/
ostp
mirror of https://github.com/ospab/ostp.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: add X-Ostp-Server validation to UoT handshake

This commit is contained in:
ospab 2026-05-21 13:15:49 +03:00
parent e7ad24bb13
commit 1bc63c4094
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ostp-client/src/transport/xhttp.rs
View File

@ -125,9 +125,12 @@ pub async fn connect_xhttp(
if buf[..header_len].windows(4).any(|w| w == b"\r\n\r\n") { break; }
}
let resp = String::from_utf8_lossy(&buf[..header_len]);
if !resp.contains("200 OK") {
if !resp.starts_with("HTTP/1.1 200 OK") {
anyhow::bail!("xHTTP handshake failed: expected 200 OK, got: {}", resp.lines().next().unwrap_or(""));
}
if !resp.to_ascii_lowercase().contains("x-ostp-server:") {
anyhow::bail!("xHTTP handshake failed: endpoint is not an OSTP server (missing X-Ostp-Server header)");
}
// Extract leftover payload if any
let headers_end = buf[..header_len].windows(4).position(|w| w == b"\r\n\r\n").unwrap() + 4;
@ -150,9 +153,12 @@ pub async fn connect_xhttp(
if buf[..header_len].windows(4).any(|w| w == b"\r\n\r\n") { break; }
}
let resp = String::from_utf8_lossy(&buf[..header_len]);
if !resp.contains("200 OK") {
if !resp.starts_with("HTTP/1.1 200 OK") {
anyhow::bail!("xHTTP handshake failed: expected 200 OK, got: {}", resp.lines().next().unwrap_or(""));
}
if !resp.to_ascii_lowercase().contains("x-ostp-server:") {
anyhow::bail!("xHTTP handshake failed: endpoint is not an OSTP server (missing X-Ostp-Server header)");
}
let headers_end = buf[..header_len].windows(4).position(|w| w == b"\r\n\r\n").unwrap() + 4;
let leftover = buf[headers_end..header_len].to_vec();

2
ostp-server/src/transport/uot.rs
View File

@ -108,7 +108,7 @@ pub async fn handle_tcp_connection(
}
// Reply 200 OK
let response = "HTTP/1.1 200 OK\r\nContent-Length: 99999999999\r\nConnection: keep-alive\r\n\r\n";
let response = "HTTP/1.1 200 OK\r\nX-Ostp-Server: 1\r\nContent-Length: 99999999999\r\nConnection: keep-alive\r\n\r\n";
stream.write_all(response.as_bytes()).await?;
info!("UoT client authenticated from {}", peer_addr);