fix: add tls override for websockets incase of self signed certs
This commit is contained in:
cogwheel0
@@ -114,7 +114,8 @@ sealed class Model with _$Model {
|
||||
|
||||
// Extract toolIds from info.meta.toolIds (OpenWebUI format)
|
||||
List<String>? toolIds;
|
||||
final infoMeta = (infoSection?['meta'] as Map<String, dynamic>?) ??
|
||||
final infoMeta =
|
||||
(infoSection?['meta'] as Map<String, dynamic>?) ??
|
||||
(metaSection) ??
|
||||
(mergedMetadata['meta'] as Map<String, dynamic>?);
|
||||
if (infoMeta != null) {
|
||||
|
||||
@@ -26,7 +26,8 @@ class BackgroundStreamingHandler {
|
||||
// Callbacks for platform-specific events
|
||||
void Function(List<String> streamIds)? onStreamsSuspending;
|
||||
void Function()? onBackgroundTaskExpiring;
|
||||
void Function(List<String> streamIds, int estimatedSeconds)? onBackgroundTaskExtended;
|
||||
void Function(List<String> streamIds, int estimatedSeconds)?
|
||||
onBackgroundTaskExtended;
|
||||
void Function()? onBackgroundKeepAlive;
|
||||
bool Function()? shouldContinueInBackground;
|
||||
|
||||
|
||||
@@ -62,7 +62,8 @@ class PersistentStreamingService with WidgetsBindingObserver {
|
||||
_saveStreamStatesForRecovery();
|
||||
};
|
||||
|
||||
_backgroundHandler.onBackgroundTaskExtended = (streamIds, estimatedSeconds) {
|
||||
_backgroundHandler
|
||||
.onBackgroundTaskExtended = (streamIds, estimatedSeconds) {
|
||||
DebugLogger.stream(
|
||||
'PersistentStreaming: Background task extended for $estimatedSeconds seconds',
|
||||
);
|
||||
|
||||
@@ -3,6 +3,7 @@ import 'package:socket_io_client/socket_io_client.dart' as io;
|
||||
|
||||
import '../models/server_config.dart';
|
||||
import '../utils/debug_logger.dart';
|
||||
import 'socket_tls_override.dart';
|
||||
|
||||
typedef SocketChatEventHandler =
|
||||
void Function(
|
||||
@@ -120,7 +121,11 @@ class SocketService with WidgetsBindingObserver {
|
||||
builder.setExtraHeaders(extraHeaders);
|
||||
}
|
||||
|
||||
_socket = io.io(base, builder.build());
|
||||
_socket = createSocketWithOptionalBadCertOverride(
|
||||
base,
|
||||
builder,
|
||||
serverConfig,
|
||||
);
|
||||
|
||||
_bindCoreSocketHandlers();
|
||||
}
|
||||
|
||||
12
lib/core/services/socket_tls_override.dart
Normal file
12
lib/core/services/socket_tls_override.dart
Normal file
@@ -0,0 +1,12 @@
|
||||
import 'package:socket_io_client/socket_io_client.dart' as io;
|
||||
|
||||
import '../models/server_config.dart';
|
||||
import 'socket_tls_override_impl_stub.dart'
|
||||
if (dart.library.io) 'socket_tls_override_impl_io.dart'
|
||||
as impl;
|
||||
|
||||
io.Socket createSocketWithOptionalBadCertOverride(
|
||||
String base,
|
||||
io.OptionBuilder builder,
|
||||
ServerConfig serverConfig,
|
||||
) => impl.createSocketWithOptionalBadCertOverride(base, builder, serverConfig);
|
||||
54
lib/core/services/socket_tls_override_impl_io.dart
Normal file
54
lib/core/services/socket_tls_override_impl_io.dart
Normal file
@@ -0,0 +1,54 @@
|
||||
import 'dart:io'
|
||||
show HttpOverrides, SecurityContext, HttpClient, X509Certificate;
|
||||
import 'package:socket_io_client/socket_io_client.dart' as io;
|
||||
|
||||
import '../models/server_config.dart';
|
||||
|
||||
io.Socket createSocketWithOptionalBadCertOverride(
|
||||
String base,
|
||||
io.OptionBuilder builder,
|
||||
ServerConfig serverConfig,
|
||||
) {
|
||||
if (!serverConfig.allowSelfSignedCertificates) {
|
||||
return io.io(base, builder.build());
|
||||
}
|
||||
|
||||
final target = _tryParseUri(base);
|
||||
if (target == null || !(target.scheme == 'https' || target.scheme == 'wss')) {
|
||||
return io.io(base, builder.build());
|
||||
}
|
||||
|
||||
final host = target.host.toLowerCase();
|
||||
final port = target.hasPort ? target.port : null;
|
||||
return HttpOverrides.runWithHttpOverrides<io.Socket>(
|
||||
() => io.io(base, builder.build()),
|
||||
_ScopedBadCertOverrides(host: host, port: port),
|
||||
);
|
||||
}
|
||||
|
||||
Uri? _tryParseUri(String url) {
|
||||
try {
|
||||
final parsed = Uri.parse(url);
|
||||
if (parsed.hasScheme) return parsed;
|
||||
} catch (_) {}
|
||||
return null;
|
||||
}
|
||||
|
||||
class _ScopedBadCertOverrides extends HttpOverrides {
|
||||
_ScopedBadCertOverrides({required this.host, this.port});
|
||||
|
||||
final String host;
|
||||
final int? port;
|
||||
|
||||
@override
|
||||
HttpClient createHttpClient(SecurityContext? context) {
|
||||
final client = super.createHttpClient(context);
|
||||
client.badCertificateCallback =
|
||||
(X509Certificate cert, String requestHost, int requestPort) {
|
||||
if (requestHost.toLowerCase() != host) return false;
|
||||
if (port == null) return true;
|
||||
return requestPort == port;
|
||||
};
|
||||
return client;
|
||||
}
|
||||
}
|
||||
12
lib/core/services/socket_tls_override_impl_stub.dart
Normal file
12
lib/core/services/socket_tls_override_impl_stub.dart
Normal file
@@ -0,0 +1,12 @@
|
||||
import 'package:socket_io_client/socket_io_client.dart' as io;
|
||||
|
||||
import '../models/server_config.dart';
|
||||
|
||||
io.Socket createSocketWithOptionalBadCertOverride(
|
||||
String base,
|
||||
io.OptionBuilder builder,
|
||||
ServerConfig serverConfig,
|
||||
) {
|
||||
// Web and other non-IO platforms: no TLS override possible/needed
|
||||
return io.io(base, builder.build());
|
||||
}
|
||||
Reference in New Issue
Block a user