From 3004ece1f8153fdf8ddb283e5d767dd5b5c2e179 Mon Sep 17 00:00:00 2001
From: Sebastian <sebasjm@gmail.com>
Date: Mon, 24 Apr 2023 12:42:45 -0300
Subject: prevent http request without enable it explicitly

---
 packages/taler-util/src/http-common.ts     |  1 +
 packages/taler-util/src/http-impl.node.ts  | 12 ++++++++++++
 packages/taler-util/src/http-impl.qtart.ts | 12 ++++++++++++
 3 files changed, 25 insertions(+)

(limited to 'packages/taler-util/src')

diff --git a/packages/taler-util/src/http-common.ts b/packages/taler-util/src/http-common.ts
index 9aaad12c7..8da4003b5 100644
--- a/packages/taler-util/src/http-common.ts
+++ b/packages/taler-util/src/http-common.ts
@@ -423,6 +423,7 @@ export function getExpiry(
 
 export interface HttpLibArgs {
   enableThrottling?: boolean;
+  allowHttp?: boolean;
 }
 
 export function encodeBody(body: any): ArrayBuffer {
diff --git a/packages/taler-util/src/http-impl.node.ts b/packages/taler-util/src/http-impl.node.ts
index 6dfce934f..4df1feaf0 100644
--- a/packages/taler-util/src/http-impl.node.ts
+++ b/packages/taler-util/src/http-impl.node.ts
@@ -49,9 +49,11 @@ const textDecoder = new TextDecoder();
 export class HttpLibImpl implements HttpRequestLibrary {
   private throttle = new RequestThrottler();
   private throttlingEnabled = true;
+  private allowHttp = false;
 
   constructor(args?: HttpLibArgs) {
     this.throttlingEnabled = args?.enableThrottling ?? false;
+    this.allowHttp = args?.allowHttp ?? false;
   }
 
   /**
@@ -78,6 +80,16 @@ export class HttpLibImpl implements HttpRequestLibrary {
         `request to origin ${parsedUrl.origin} was throttled`,
       );
     }
+    if (!this.allowHttp && parsedUrl.protocol !== "https:") {
+      throw TalerError.fromDetail(
+        TalerErrorCode.WALLET_NETWORK_ERROR,
+        {
+          requestMethod: method,
+          requestUrl: url,
+        },
+        `request to ${parsedUrl.origin} is not possible with protocol ${parsedUrl.protocol}`,
+      );
+    }
     let timeoutMs: number | undefined;
     if (typeof opt?.timeout?.d_ms === "number") {
       timeoutMs = opt.timeout.d_ms;
diff --git a/packages/taler-util/src/http-impl.qtart.ts b/packages/taler-util/src/http-impl.qtart.ts
index ee3d1f725..3a963b35a 100644
--- a/packages/taler-util/src/http-impl.qtart.ts
+++ b/packages/taler-util/src/http-impl.qtart.ts
@@ -41,9 +41,11 @@ const textDecoder = new TextDecoder();
 export class HttpLibImpl implements HttpRequestLibrary {
   private throttle = new RequestThrottler();
   private throttlingEnabled = true;
+  private allowHttp = false;
 
   constructor(args?: HttpLibArgs) {
     this.throttlingEnabled = args?.enableThrottling ?? false;
+    this.allowHttp = args?.allowHttp ?? false;
   }
 
   /**
@@ -70,6 +72,16 @@ export class HttpLibImpl implements HttpRequestLibrary {
         `request to origin ${parsedUrl.origin} was throttled`,
       );
     }
+    if (!this.allowHttp && parsedUrl.protocol !== "https") {
+      throw TalerError.fromDetail(
+        TalerErrorCode.WALLET_NETWORK_ERROR,
+        {
+          requestMethod: method,
+          requestUrl: url,
+        },
+        `request to ${parsedUrl.origin} is not possible with protocol ${parsedUrl.protocol}`,
+      );
+    }
 
     let data: ArrayBuffer | undefined = undefined;
     const requestHeadersMap = { ...getDefaultHeaders(method), ...opt?.headers };
-- 
cgit v1.2.3