Merge pull request #19 from dchristl/dev

Dev

.github/workflows/build.yaml

@@ -46,6 +46,7 @@ jobs:
         run: |
           mkdir -p ./headless_haystack/build/webapplication
           cp ./webserver/FindMy_proxy.py ./headless_haystack/build/webapplication
+          cp ./webserver/rename_me.pem  ./headless_haystack/build/webapplication
           cp ./webserver/apple_cryptography.py  ./headless_haystack/build/webapplication
           cp -R ./headless_haystack/build/web ./headless_haystack/build/webapplication
           cd ./headless_haystack/build/webapplication

OSX-KVM/README.md

@@ -107,7 +107,7 @@ nano apple_cryptography.py
 ```
 > You have now two options. You can use the application directly at [my GitHub-Page](https://dchristl.github.io/headless-haystack/) or you can host your own application on your Mac.
 
-If you want to use the Github-Pages, you just have to brows to the page and import your JSON-file. All inputs are local only, so no data will be transferred outside your client. 
+If you want to use the Github-Pages, you just have to browse to the page and import your JSON-file. All inputs are local only, so no data will be transferred outside your client. 
 
 For self hosting you can run a simple HTTP-Server in the 'web'- folder on port 6443
 ```
@@ -121,3 +121,18 @@ python -m http.server 6443
 ```
 
 You should now able to browse to [http://localhost:56443/](http://localhost:56443/) on your host and use headless haystack
+
+> **Note**
+> If you want to use Headless Haystack not on the same machine your MacOs is running or you want to use SSL, some extra steps are needed. You need a valid certificate, called certificate.pem in the server's folder (i.e. created with [Let's Encrypt](https://letsencrypt.org/) ) or you can rename the file rename_me.pem to certificate.pem and use my self signed one. After that restart the service: 
+```
+mv rename_me.pem certificate.pem
+./FindMy_proxy.py
+```
+Go to your client where you want to run Headless Haystack and point your browser to your FindMyProxy-Server (i.e. https://myserver:56176). You should see something like that:
+![Certificate error](firefox_cert.png)
+
+Go to 'Advanced' and 'Accept the Risk and continue'. You should see a directory listing now. Use Headless Haystack now normally, but change the Fetch location server setting, according to your needs. Use now https instead!
+
+![changed_setting](firefox_ok.png)
+
+This have to be repeated for every other client once!

headless_haystack/lib/findMy/reports_fetcher.dart

@@ -1,4 +1,5 @@
 import 'dart:convert';
+import 'dart:io';
 
 import 'package:http/http.dart' as http;
 import 'package:logger/logger.dart';
@@ -17,18 +18,25 @@ class ReportsFetcher {
       [String? url]) async {
     var keys = hashedAdvertisementKeys.toList(growable: false);
     logger.i('Using ${keys.length} key(s) to ask webservice');
-    final response = await http.post(Uri.parse(url as String),
-        headers: <String, String>{
-          "Content-Type": "application/json",
-        },
-        body: jsonEncode(<String, dynamic>{
-          "ids": keys,
-          "days": daysToFetch,
-        }));
+    var httpClient = HttpClient();
+    /*Ignore certificate errors*/
+    httpClient.badCertificateCallback =
+        (X509Certificate cert, String host, int port) => true;
+
+    final request = await httpClient.postUrl(Uri.parse(url as String));
+    var body = jsonEncode(<String, dynamic>{
+      "ids": keys,
+      "days": daysToFetch,
+    });
+    request.headers.set(HttpHeaders.contentTypeHeader, "application/json");
+    request.headers
+        .set(HttpHeaders.contentLengthHeader, utf8.encode(body).length);
+    request.write(body);
+    final response = await request.close();
 
     if (response.statusCode == 200) {
-      var out = await jsonDecode(response.body)["results"];
-      logger.i('Found ${out.length} reports');
+      String body = await response.transform(utf8.decoder).join();
+      var out = await jsonDecode(body)["results"];
       return out;
     } else {
       throw Exception(

headless_haystack/lib/preferences/preferences_page.dart

@@ -73,7 +73,7 @@ class _PreferencesPageState extends State<PreferencesPage> {
     return TextInputSettingsTile(
       initialValue: 'http://localhost:56176',
       settingKey: haystackurl,
-      title: 'Url to Headless Haystack server',
+      title: 'Url to Fetch location server',
       validator: (String? url) {
         if (url != null &&
             url.startsWith(RegExp('http[s]?://', caseSensitive: false))) {

webserver/FindMy_proxy.py

@@ -98,8 +98,15 @@ def do_POST(self):
     Handler = ServerHandler
 
     httpd = six.moves.socketserver.TCPServer(("", PORT), Handler)
+    cert = 'certificate.pem'
+    if os.path.isfile(cert):
+        print("Certificate file "+ cert + " exists, so using SSL")
+        httpd.socket = ssl.wrap_socket(httpd.socket, certfile=cert, server_side=True)
+        print("serving at port " + str(PORT) + " over HTTPS")
+    else:
+       print("Certificate file "+ cert + " not found, so not using SSL") 
+       print("serving at port " + str(PORT) + " over HTTP")
 
-    print("serving at port " + str(PORT))
 
     try:
         httpd.serve_forever()

webserver/rename_me.pem

@@ -0,0 +1,47 @@
+-----BEGIN CERTIFICATE-----
+MIIDGTCCAgGgAwIBAgIUMoCTzYoASTKRvlYk8R6StkETVJ8wDQYJKoZIhvcNAQEL
+BQAwHDEaMBgGA1UEAwwRaGVhZGxlc3NfaGF5c3RhY2swHhcNMjMwNzAzMTEwMjI3
+WhcNMzMwNjMwMTEwMjI3WjAcMRowGAYDVQQDDBFoZWFkbGVzc19oYXlzdGFjazCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPAPB1uf9RdgAjsmRNGe4nh
+oNDTiGj7/V9Sn3p2NtG2YV8uD+V8zOeFrv1hEh3LqgCkaXA+8xu8y+CcA1stvlC3
+6PfGHCEGTqZj3NQ96BBkRDuPepKHecwsWJrUDcFGrjEot9jImgMPTqocQHDQdiEe
+VN/0Ndh5ZOSf3gVJAitkrVbTiAKq6n3fmxh+vW28hQDVu/MKpSIQtk75d4nxq3SN
+gAvIRSXtg7q+weIYivnFGD2R6+DuB1Y+OXqBHhMXWZHt3DXkJHNDKzeQoyWpV/VR
+Rn9iw4iWVC1aMyjEXt0EL87tv5Y9A8AzQrU+5bUk1w//Vx54hh1lQQLn6rxTYLMC
+AwEAAaNTMFEwHQYDVR0OBBYEFES0Por2w1dhSw2nZTql8Pmdkco4MB8GA1UdIwQY
+MBaAFES0Por2w1dhSw2nZTql8Pmdkco4MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBADp8/v6LMsVwI6qRZv2kDt/WnWdKuj+qd9+RdIU8MyfIOwhy
+L4r1kLMK/bU6zYAKGs4a1E3CkH44oVz3z/+14gxjXikgxLKWlwZg3BLOlcUhcEcI
+4LcqHpFbVgj8zKZJZykutxlOemApWm64qdCnP7tmrFiC64m3rgOzlzu4Wp35c02l
+W9D+kmqEXziHTMwBFUA+Z78DzuyndlmDP8vrJiP6ehPboKspSW70uW8k/dr+uQVj
+4tkjQhMap1px/Go7sr/M5EVt/Z/cOq3NT3OgSP+8j30LLz5+4Ln/MHUBe974NUYb
+UL5AWi3WwG0oZY66eQsjMLgEVC7WcJcMUdtWIqk=
+-----END CERTIFICATE-----
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCzwDwdbn/UXYAI
+7JkTRnuJ4aDQ04ho+/1fUp96djbRtmFfLg/lfMznha79YRIdy6oApGlwPvMbvMvg
+nANbLb5Qt+j3xhwhBk6mY9zUPegQZEQ7j3qSh3nMLFia1A3BRq4xKLfYyJoDD06q
+HEBw0HYhHlTf9DXYeWTkn94FSQIrZK1W04gCqup935sYfr1tvIUA1bvzCqUiELZO
++XeJ8at0jYALyEUl7YO6vsHiGIr5xRg9kevg7gdWPjl6gR4TF1mR7dw15CRzQys3
+kKMlqVf1UUZ/YsOIllQtWjMoxF7dBC/O7b+WPQPAM0K1PuW1JNcP/1ceeIYdZUEC
+5+q8U2CzAgMBAAECggEAHo2AylHjaXHhFuM8W6Hh0rxmrMgfyhR26zJsiBC63ad9
+4oM+UXgGjh3Tch8DSMw637QSdfFFOkQ7dTife2qJjEfOUfs7AcQEL1UPDoZdQRgB
+3wvSvkBHzBQHlX2QvvboGdP9d9wVDYsXCGQX8fUE9zkkHRLx6hMsOo4P218e/sfr
+njMcr9D4szi4+nIHPm7i/rbc9Fpda5z/YJdZisYiec0bJGCfuM1FmaahtQTc3wE8
+nmkCmIsa7cvP5RHj9T83D5vugIO7SkXiETMTxLIcYR/DvpJSiMeSoxf4vl6BA6sB
+rJNm9yqzdEas2LYP96P8tWiFiLbZhin614VKuPEBOQKBgQDZnbhU++XbxJBErTOv
+PKaD1VcPAqyp/tZWiRovx+q8v4q8JUb3XTftBGCxy1KyzlJPFVcnbCEWxlTIqiCJ
+/gad2uMC6IUuvnL8mfpkedA8yljinEMGamlpyWN93P5aJobuuZcIT7WMHSqpfj05
+nnQHwEnWskl19y0hWXbpiQ2g+wKBgQDTdL4+HdbeHTA3YQgp//60BPhPxJGl7Gtn
+p0pV5mnz+5Wd74rIBe5+HNjd2TFgWS28VIjVrfNLzNRojg7m/t96MBuiVQ2Ew8Iw
+rpb4LnEmCFh9S/l75QewFUjnjFhgnG2SuPPE4PuIEamaQGthzAaIkN38CJL67+/2
+Wl8KCu9hqQKBgE/OGWWBI2CfC1FEO2oOUfqS6GRm1K9a93uwt9vB8wHZNKWe/hGF
+LBdNvbA2IlPUejbqWpXof5H8lecpDNnOQNrvBMVyRDVKPp0IUt06FvXUNxiTubjG
+mXXkFwp3WwfwjRdLFGpF4QxLPfP+ibFxvJeDGxETPQF37iMGzicCze61AoGAIX9m
++9QiS8F39+3pKy4gnUgERi6vnAdd5Ge+AOmlcz8xrnlaFOHLrDLJsCtOBSNbeXAy
+1Rbfaeyi4YVPmwxZPrQMTKUIpTWVt7yQsfQ5fHrp+b9lYFkh5KUajYPQJE3jldCy
+3Ud+0UlrAsKdwDpf9pZsdBavog0MiIw8bgzZazECgYBtsWVF39D9BZPAYs3UgZqL
+IzyxI34JcGDeOj/iiU7F1d0CjCEOYJsZBBhHhJfU2EBfF97h9tbJAFt6AdNTFOIB
+J94eSsCTgOq5qNBWKvx5mVXAqBaWC8v1BRghnoMXolc1kVJk0K0m7/GdAOl4ARTS
+xM4RbRkKVlks0jj7K2ZFig==
+-----END PRIVATE KEY-----