Skip to content
This repository has been archived by the owner on Nov 29, 2024. It is now read-only.

Commit

Permalink
HTTP + OAuth API: Enforce TLS >= 1.3
Browse files Browse the repository at this point in the history
  • Loading branch information
jwijenbergh committed Sep 25, 2024
1 parent dd0aa6d commit 4607cb9
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 2 deletions.
7 changes: 6 additions & 1 deletion internal/api/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,11 @@ type API struct {
func NewAPI(ctx context.Context, clientID string, sd ServerData, cb Callbacks, tokens *eduoauth.Token) (*API, error) {
cr := customRedirect(clientID)
// Construct OAuth

transp := sd.Transport
if transp == nil {
transp = httpw.TLS13Transport()
}
o := eduoauth.OAuth{
ClientID: clientID,
EndpointFunc: func(ctx context.Context) (*eduoauth.EndpointResponse, error) {
Expand All @@ -81,7 +86,7 @@ func NewAPI(ctx context.Context, clientID string, sd ServerData, cb Callbacks, t
TokensUpdated: func(tok eduoauth.Token) {
cb.TokensUpdated(sd.ID, sd.Type, tok)
},
Transport: sd.Transport,
Transport: transp,
UserAgent: httpw.UserAgent,
}

Expand Down
13 changes: 12 additions & 1 deletion internal/http/http.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package http

import (
"context"
"crypto/tls"
"errors"
"fmt"
"io"
Expand Down Expand Up @@ -146,12 +147,22 @@ type Client struct {
Timeout time.Duration
}

// TLS13Transport returns a http.Transport with the minimum TLS version set to 1.3
func TLS13Transport() *http.Transport {
return &http.Transport{
TLSClientConfig: &tls.Config{MinVersion: tls.VersionTLS13},
}
}

// NewClient returns a HTTP client with some default settings
func NewClient(client *http.Client) *Client {
c := client
if c == nil {
c = &http.Client{}
c = &http.Client{
Transport: TLS13Transport(),
}
}

// ReadLimit denotes the maximum amount of bytes that are read in HTTP responses
// This is used to prevent servers from sending huge amounts of data
// A limit of 16MB, although maybe much larger than needed, ensures that we do not run into problems
Expand Down

0 comments on commit 4607cb9

Please sign in to comment.