set content disposition for cert (#2527)

* set content disposition for cert * update content type for cert * remove unnecessary frontend download attr
Start9Labs · Nov 20, 2023 · efdc558 · efdc558
1 parent 04bd1cf
commit efdc558
Show file tree

Hide file tree

Showing 7 changed files with 16 additions and 17 deletions.
diff --git a/core/startos/src/db/model.rs b/core/startos/src/db/model.rs
@@ -22,7 +22,7 @@ use crate::net::utils::{get_iface_ipv4_addr, get_iface_ipv6_addr};
 use crate::prelude::*;
 use crate::s9pk::manifest::{Manifest, PackageId};
 use crate::status::Status;
-use crate::util::cpupower::{get_preferred_governor, Governor};
+use crate::util::cpupower::{Governor};
 use crate::util::Version;
 use crate::version::{Current, VersionT};
 use crate::{ARCH, PLATFORM};

diff --git a/core/startos/src/init.rs b/core/startos/src/init.rs
@@ -4,7 +4,7 @@ use std::path::Path;
 use std::time::{Duration, SystemTime};
 
 use color_eyre::eyre::eyre;
-use helpers::NonDetachingJoinHandle;
+
 use models::ResultExt;
 use rand::random;
 use sqlx::{Pool, Postgres};
@@ -18,9 +18,9 @@ use crate::disk::mount::util::unmount;
 use crate::install::PKG_ARCHIVE_DIR;
 use crate::middleware::auth::LOCAL_AUTH_COOKIE_PATH;
 use crate::prelude::*;
-use crate::sound::BEP;
+
 use crate::util::cpupower::{
-    current_governor, get_available_governors, get_preferred_governor, set_governor,
+    get_available_governors, get_preferred_governor, set_governor,
 };
 use crate::util::docker::{create_bridge_network, CONTAINER_DATADIR, CONTAINER_TOOL};
 use crate::util::Invoke;

diff --git a/core/startos/src/net/keys.rs b/core/startos/src/net/keys.rs
@@ -280,7 +280,7 @@ pub fn test_keygen() {
     key.openssl_key_nistp256();
 }
 
-fn display_requires_reboot(arg: RequiresReboot, matches: &ArgMatches) {
+fn display_requires_reboot(arg: RequiresReboot, _matches: &ArgMatches) {
     if arg.0 {
         println!("Server must be restarted for changes to take effect");
     }

diff --git a/core/startos/src/net/static_server.rs b/core/startos/src/net/static_server.rs
@@ -23,6 +23,7 @@ use tokio_util::io::ReaderStream;
 use crate::context::{DiagnosticContext, InstallContext, RpcContext, SetupContext};
 use crate::core::rpc_continuations::RequestGuid;
 use crate::db::subscribe;
+use crate::hostname::Hostname;
 use crate::install::PKG_PUBLIC_DIR;
 use crate::middleware::auth::{auth as auth_middleware, HasValidSession};
 use crate::middleware::cors::cors;
@@ -339,7 +340,8 @@ async fn main_embassy_ui(req: Request<Body>, ctx: RpcContext) -> Result<Response
             .await
         }
         (&Method::GET, Some(("eos", "local.crt"))) => {
-            cert_send(&ctx.account.read().await.root_ca_cert)
+            let account = ctx.account.read().await;
+            cert_send(&account.root_ca_cert, &account.hostname)
         }
         (&Method::GET, _) => {
             let uri_path = UiMode::Main.path(
@@ -405,7 +407,7 @@ fn bad_request() -> Response<Body> {
         .unwrap()
 }
 
-fn cert_send(cert: &X509) -> Result<Response<Body>, Error> {
+fn cert_send(cert: &X509, hostname: &Hostname) -> Result<Response<Body>, Error> {
     let pem = cert.to_pem()?;
     Response::builder()
         .status(StatusCode::OK)
@@ -417,8 +419,12 @@ fn cert_send(cert: &X509) -> Result<Response<Body>, Error> {
             )
             .to_lowercase(),
         )
-        .header(http::header::CONTENT_TYPE, "application/x-pem-file")
+        .header(http::header::CONTENT_TYPE, "application/x-x509-ca-cert")
         .header(http::header::CONTENT_LENGTH, pem.len())
+        .header(
+            http::header::CONTENT_DISPOSITION,
+            format!("attachment; filename={}.crt", &hostname.0),
+        )
         .body(Body::from(pem))
         .with_kind(ErrorKind::Network)
 }

diff --git a/web/projects/ui/src/app/pages/login/ca-wizard/ca-wizard.component.html b/web/projects/ui/src/app/pages/login/ca-wizard/ca-wizard.component.html
@@ -100,7 +100,4 @@ <h1>Root CA Trusted!</h1>
 <a
   id="install-cert"
   href="/eos/local.crt"
-  [download]="
-    config.isLocal() ? document.location.hostname + '.crt' : 'startos.crt'
-  "
 ></a>
diff --git a/web/projects/ui/src/app/pages/server-routes/lan/lan.page.html b/web/projects/ui/src/app/pages/server-routes/lan/lan.page.html
@@ -26,7 +26,7 @@ <h2>
       </ion-label>
     </ion-item>
 
-    <ion-item button (click)="installCert()" [disabled]="!(crtName$ | async)">
+    <ion-item button (click)="installCert()">
       <ion-icon slot="start" name="download-outline" size="large"></ion-icon>
       <ion-label>
         <h1>Download Root CA</h1>
@@ -35,5 +35,5 @@ <h1>Download Root CA</h1>
   </ion-item-group>
 
   <!-- hidden element for downloading cert -->
-  <a id="install-cert" href="/eos/local.crt" [download]="crtName$ | async"></a>
+  <a id="install-cert" href="/eos/local.crt"></a>
 </ion-content>
diff --git a/web/projects/ui/src/app/pages/server-routes/lan/lan.page.ts b/web/projects/ui/src/app/pages/server-routes/lan/lan.page.ts
@@ -10,10 +10,6 @@ import { DataModel } from 'src/app/services/patch-db/data-model'
   changeDetection: ChangeDetectionStrategy.OnPush,
 })
 export class LANPage {
-  readonly crtName$ = this.patch
-    .watch$('server-info', 'lan-address')
-    .pipe(map(addr => `${new URL(addr).hostname}.crt`))
-
   constructor(private readonly patch: PatchDB<DataModel>) {}
 
   installCert(): void {