Add random hash to headers

humhub · Feb 9, 2023 · 46f8f2c · 46f8f2c
1 parent 8ba3801
commit 46f8f2c
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 7 deletions.
diff --git a/lib/models/hum_hub.dart b/lib/models/hum_hub.dart
@@ -1,3 +1,5 @@
+import 'dart:math';
+
 import 'package:flutter_riverpod/flutter_riverpod.dart';
 import 'package:humhub/models/manifest.dart';
 import 'package:humhub/util/api_provider.dart';
@@ -7,18 +9,25 @@ enum RedirectAction { opener, webView }
 class HumHub {
   Manifest? manifest;
   bool isHideDialog;
+  String? randomHash;
 
-  HumHub({this.manifest, this.isHideDialog = false});
+  HumHub({
+    this.manifest,
+    this.isHideDialog = false,
+    this.randomHash,
+  });
 
   Map<String, dynamic> toJson() => {
         'manifest': manifest != null ? manifest!.toJson() : null,
         'isHideDialog': isHideDialog,
+        'randomHash': randomHash,
       };
 
   factory HumHub.fromJson(Map<String, dynamic> json) {
     return HumHub(
       manifest: Manifest.fromJson(json['manifest']),
       isHideDialog: json['isHideDialog'] as bool,
+      randomHash: json['randomHash'],
     );
   }
 
@@ -39,4 +48,11 @@ class HumHub {
       return RedirectAction.webView;
     }
   }
+
+  static String generateHash(int length) {
+    final random = Random.secure();
+    const characters = '0123456789abcdef';
+    return List.generate(
+        length, (_) => characters[random.nextInt(characters.length)]).join();
+  }
 }
diff --git a/lib/pages/opener.dart b/lib/pages/opener.dart
@@ -119,9 +119,14 @@ class OpenerState extends ConsumerState<Opener> {
     } else {
       Manifest manifest = asyncData.value!;
       // Set the manifestStateProvider with the manifest value so that it's globally accessible
+      // Generate hash and save it to store
+      String lastUrl = await ref.read(humHubProvider).getLastUrl();
+      String currentUrl = urlTextController.text;
+      String hash = HumHub.generateHash(32);
+      if (lastUrl == currentUrl) hash = ref.read(humHubProvider).randomHash ?? hash;
       ref
           .read(humHubProvider)
-          .setInstance(HumHub(manifest: manifest));
+          .setInstance(HumHub(manifest: manifest, randomHash: hash));
       redirect();
     }
   }

diff --git a/lib/pages/web_view.dart b/lib/pages/web_view.dart
@@ -10,6 +10,8 @@ import 'package:humhub/util/providers.dart';
 import 'package:url_launcher/url_launcher.dart';
 import 'package:webview_flutter/webview_flutter.dart';
 
+import '../models/hum_hub.dart';
+
 
 class WebViewApp extends ConsumerStatefulWidget {
   final Manifest manifest;
@@ -40,7 +42,9 @@ class WebViewAppState extends ConsumerState<WebViewApp> {
   @override
   Widget build(BuildContext context) {
     final initialRequest = URLRequest(
-        url: Uri.parse(widget.manifest.baseUrl), headers: customHeader);
+        url: Uri.parse(widget.manifest.baseUrl), headers: customHeaders);
+    //Append random hash to customHeaders in this state the header should always exist.
+    customHeaders.addAll({'x-humhub-app-token': ref.read(humHubProvider).randomHash!});
     return WillPopScope(
       onWillPop: () => inAppWebViewController.exitApp(context, ref),
       child: Scaffold(
@@ -71,7 +75,7 @@ class WebViewAppState extends ConsumerState<WebViewApp> {
         action.iosWKNavigationType == IOSWKNavigationType.LINK_ACTIVATED) {
       controller.loadUrl(
           urlRequest:
-              URLRequest(url: action.request.url, headers: customHeader));
+              URLRequest(url: action.request.url, headers: customHeaders));
       return NavigationActionPolicy.CANCEL;
     }
     return NavigationActionPolicy.ALLOW;
@@ -91,6 +95,9 @@ class WebViewAppState extends ConsumerState<WebViewApp> {
                 MaterialPageRoute(builder: (context) => const Opener()),
                 (Route<dynamic> route) => false);
           }
+          else{
+            ref.read(humHubProvider).setHash(HumHub.generateHash(32));
+          }
         },
       ),
     );
@@ -100,13 +107,13 @@ class WebViewAppState extends ConsumerState<WebViewApp> {
   Future<AjaxRequest?> shouldInterceptAjaxRequest(
       InAppWebViewController controller, AjaxRequest ajaxReq) async {
     // Append headers on every AJAX request
-    ajaxReq.headers = AjaxRequestHeaders(customHeader);
+    ajaxReq.headers = AjaxRequestHeaders(customHeaders);
     return ajaxReq;
   }
 
   Future<FetchRequest?> shouldInterceptFetchRequest(
       InAppWebViewController controller, FetchRequest fetchReq) async {
-    fetchReq.headers?.addAll(customHeader);
+    fetchReq.headers?.addAll(customHeaders);
     return fetchReq;
   }
 }
diff --git a/lib/util/const.dart b/lib/util/const.dart
@@ -7,4 +7,4 @@ class StorageKeys{
   static String lastInstanceUrl = "humHubLastUrl";
 }
 
-var customHeader = {'my-header-value-01': '111111', 'my-header-value-02': '222222'};
+var customHeaders = {'my-header-value-01': '111111', 'my-header-value-02': '222222'};
diff --git a/lib/util/providers.dart b/lib/util/providers.dart
@@ -16,6 +16,7 @@ class HumHubNotifier extends ChangeNotifier {
 
   bool get isHideDialog => _humHubInstance.isHideDialog;
   Manifest? get manifest => _humHubInstance.manifest;
+  String? get randomHash => _humHubInstance.randomHash;
 
   void setIsHideDialog(bool isHide) {
     _humHubInstance.isHideDialog = isHide;
@@ -32,6 +33,13 @@ class HumHubNotifier extends ChangeNotifier {
   void setInstance(HumHub instance) {
     _humHubInstance.manifest = instance.manifest;
     _humHubInstance.isHideDialog = instance.isHideDialog;
+    _humHubInstance.randomHash = instance.randomHash;
+    _updateSafeStorage();
+    notifyListeners();
+  }
+
+  void setHash(String hash) {
+    _humHubInstance.randomHash = hash;
     _updateSafeStorage();
     notifyListeners();
   }