Allow option to accept self-signed/invalid SSL certificates (#315)

* Allow option to accept self-signed/invalid SSL certificates

* Invalid SSL checkbox styling

Author: ChadThackray

src-tauri/src/ipc.rs

@@ -214,15 +214,23 @@ async fn proxy_fetch(
     let sound = req_headers.get("X-TrguiNG-Sound").is_some();
 
     if let Some(query) = req.uri().query() {
-        if let Some(url) = query
+        let params: Vec<(&str, &str)> = query
             .split('&')
-            .map(|p| {
-                let parts: Vec<&str> = p.split('=').collect();
-                (parts[0], parts[1])
+            .filter_map(|p| {
+                let mut parts = p.splitn(2, '=');
+                match (parts.next(), parts.next()) {
+                    (Some(k), Some(v)) => Some((k, v)),
+                    _ => None,
+                }
             })
-            .find_map(|p| if p.0 == "url" { Some(p.1) } else { None })
+            .collect();
+
+        let insecure = params.iter().any(|p| p.0 == "insecure" && p.1 == "true");
+
+        if let Some(url) = params.iter().find_map(|p| if p.0 == "url" { Some(p.1) } else { None })
         {
-            let client = app.state::<reqwest::Client>();
+            let clients = app.state::<crate::HttpClients>();
+            let client = if insecure { &clients.insecure } else { &clients.default };
 
             let url = urlencoding::decode(url).ok().unwrap().into_owned();
             let headers = req.headers().clone();

src-tauri/src/main.rs

@@ -162,14 +162,30 @@ fn setup(app: &mut App) -> Result<(), Box<dyn std::error::Error>> {
 
 static APP_USER_AGENT: &str = concat!(env!("CARGO_PKG_NAME"), "/", env!("CARGO_PKG_VERSION"));
 
-fn http_client() -> reqwest::Client {
+pub struct HttpClients {
+    pub default: reqwest::Client,
+    pub insecure: reqwest::Client,
+}
+
+fn client_builder() -> reqwest::ClientBuilder {
     reqwest::Client::builder()
         .user_agent(APP_USER_AGENT)
         .connect_timeout(Duration::from_secs(10))
         .read_timeout(Duration::from_secs(40))
         .timeout(Duration::from_secs(60))
+}
+
+fn http_clients() -> HttpClients {
+    let default = client_builder()
         .build()
-        .expect("Failed to initialize http client")
+        .expect("Failed to initialize http client");
+
+    let insecure = client_builder()
+        .danger_accept_invalid_certs(true)
+        .build()
+        .expect("Failed to initialize insecure http client");
+
+    HttpClients { default, insecure }
 }
 
 fn main() {
@@ -204,7 +220,7 @@ fn main() {
         .manage(PollerHandle::default())
         .manage(MmdbReaderHandle::default())
         .manage(CreationRequestsHandle::default())
-        .manage(http_client())
+        .manage(http_clients())
         .setup(setup);
 
     #[cfg(target_os = "macos")]

src-tauri/src/poller.rs

@@ -30,6 +30,8 @@ struct Connection {
     url: String,
     username: String,
     password: String,
+    #[serde(default)]
+    accept_invalid_certs: bool,
 }
 #[derive(Deserialize, Debug, Clone, PartialEq)]
 pub struct PollerConfig {
@@ -153,7 +155,8 @@ async fn poll(
     toast: bool,
     sound: bool,
 ) -> Result<String, Option<String>> {
-    let client = app.state::<reqwest::Client>();
+    let clients = app.state::<crate::HttpClients>();
+    let client = if connection.accept_invalid_certs { &clients.insecure } else { &clients.default };
 
     let mut req = client
         .post(connection.url.clone())

src/components/modals/settings.tsx

@@ -17,7 +17,7 @@
  */
 
 import {
-    ActionIcon, Box, Button, Flex, Grid, Group, PasswordInput, SegmentedControl,
+    ActionIcon, Box, Button, Checkbox, Flex, Grid, Group, PasswordInput, SegmentedControl,
     Stack, Switch, Tabs, Text, Textarea, TextInput,
 } from "@mantine/core";
 import type { ServerConfig, WindowCloseOption, WindowMinimizeOption } from "config";
@@ -72,7 +72,7 @@ function ServerListPanel({ form, current, setCurrent }: ServerListPanelProps) {
                 <ActionIcon variant="light"
                     onClick={() => {
                         form.insertListItem("servers", {
-                            connection: { url: "", username: "", password: "" },
+                            connection: { url: "", username: "", password: "", acceptInvalidCerts: false },
                             name: "new",
                             pathMappings: [],
                             expandedDirFilters: [],
@@ -142,6 +142,12 @@ function ServerPanel(props: ServerPanelProps) {
                 placeholder="http://1.2.3.4:9091/transmission/rpc"
                 autoComplete="off" autoCorrect="off" autoCapitalize="off" spellCheck="false" />
 
+            <Checkbox
+                my="md"
+                label="Accept invalid SSL certificates"
+                {...props.form.getInputProps(`servers.${props.current}.connection.acceptInvalidCerts`, { type: "checkbox" })}
+            />
+
             <Grid>
                 <Grid.Col span={6}>
                     <TextInput

src/config.ts

@@ -28,6 +28,7 @@ export interface ServerConnection {
     url: string,
     username: string,
     password: string,
+    acceptInvalidCerts?: boolean,
 }
 
 export interface PathMapping {

src/rpc/client.ts

@@ -78,6 +78,7 @@ export class TransmissionClient {
     headers: Record<string, string>;
     timeout: number;
     sessionInfo: SessionInfo;
+    insecure: boolean;
     ipsBatcher: Batcher<IpLookupResult, string>;
 
     constructor(connection: ServerConnection, toastNotifications: boolean, toastNotificationSound: boolean, timeout = 15) {
@@ -96,6 +97,7 @@ export class TransmissionClient {
             this.headers.Authorization = auth;
         }
         this.timeout = timeout;
+        this.insecure = connection.acceptInvalidCerts === true;
         this.sessionInfo = {};
         this.hostname = "unknown";
         try {
@@ -124,9 +126,10 @@ export class TransmissionClient {
     }
 
     async _sendRpc(data: Record<string, unknown>) {
+        const insecureParam = this.insecure ? "&insecure=true" : "";
         const url = this.url === ""
             ? "../rpc"
-            : `${RUST_BACKEND}/${data.method === "torrent-get" ? "torrentget" : "post"}?url=${this.url}`;
+            : `${RUST_BACKEND}/${data.method === "torrent-get" ? "torrentget" : "post"}?url=${this.url}${insecureParam}`;
         const body = JSON.stringify(data);
         let response = await fetch(
             url, { method: "POST", redirect: "manual", headers: this.headers, body });