microcosm.blue
bad-example.com
+32
-3
reflector/src/main.rs
+32
-3
reflector/src/main.rs
···
1
1
use clap::Parser;
2
2
use poem::{
3
-
EndpointExt, Route, Server, get, handler,
3
+
EndpointExt, Response, Route, Server, get, handler,
4
+
http::StatusCode,
4
5
listener::TcpListener,
5
6
middleware::{AddData, Tracing},
6
-
web::{Data, Json, TypedHeader, headers::Host},
7
+
web::{Data, Json, Query, TypedHeader, headers::Host},
7
8
};
8
-
use serde::Serialize;
9
+
use serde::{Deserialize, Serialize};
9
10
10
11
#[handler]
11
12
fn hello() -> String {
···
33
34
})
34
35
}
35
36
37
+
#[derive(Deserialize)]
38
+
struct AskQuery {
39
+
domain: String,
40
+
}
41
+
#[handler]
42
+
fn ask_caddy(
43
+
Data(parent): Data<&Option<String>>,
44
+
Query(AskQuery { domain }): Query<AskQuery>,
45
+
) -> Response {
46
+
if let Some(parent) = parent {
47
+
if let Some(prefix) = domain.strip_suffix(&format!(".{parent}")) {
48
+
if !prefix.contains('.') {
49
+
// no sub-sub-domains allowed
50
+
return Response::builder().body("ok");
51
+
}
52
+
}
53
+
};
54
+
Response::builder()
55
+
.status(StatusCode::FORBIDDEN)
56
+
.body("nope")
57
+
}
58
+
36
59
/// Slingshot record edge cache
37
60
#[derive(Parser, Debug, Clone)]
38
61
#[command(version, about, long_about = None)]
···
50
73
/// The HTTPS endpoint for the service
51
74
#[arg(long)]
52
75
service_endpoint: String,
76
+
/// The parent domain; requests should come from subdomains of this
77
+
#[arg(long)]
78
+
domain: Option<String>,
53
79
}
54
80
55
81
impl From<Args> for DidService {
···
68
94
log::info!("ɹoʇɔǝʅⅎǝɹ");
69
95
70
96
let args = Args::parse();
97
+
let domain = args.domain.clone();
71
98
let service: DidService = args.into();
72
99
73
100
Server::new(TcpListener::bind("0.0.0.0:3001"))
···
75
102
Route::new()
76
103
.at("/", get(hello))
77
104
.at("/.well-known/did.json", get(did_doc))
105
+
.at("/ask", get(ask_caddy))
78
106
.with(AddData::new(service))
107
+
.with(AddData::new(domain))
79
108
.with(Tracing),
80
109
)
81
110
.await