immich/mobile/lib/utils/http_ssl_cert_override.dart

import 'dart:io';
import 'package:immich_mobile/modules/settings/services/app_settings.service.dart';
import 'package:immich_mobile/shared/models/store.dart';
import 'package:logging/logging.dart';

class HttpSSLCertOverride extends HttpOverrides {
  @override
  HttpClient createHttpClient(SecurityContext? context) {
    return super.createHttpClient(context)
      ..badCertificateCallback = (X509Certificate cert, String host, int port) {
        var log = Logger("HttpSSLCertOverride");

        AppSettingsEnum setting = AppSettingsEnum.allowSelfSignedSSLCert;
        
        // Check if user has allowed self signed SSL certificates.
        bool selfSignedCertsAllowed =
            Store.get(setting.storeKey as StoreKey<bool>, setting.defaultValue);

        bool isLoggedIn = Store.tryGet(StoreKey.currentUser) != null;

        // Conduct server host checks if user is logged in to avoid making
        // insecure SSL connections to services that are not the immich server.
        if (isLoggedIn && selfSignedCertsAllowed) {
          String serverHost =
              Uri.parse(Store.tryGet(StoreKey.serverEndpoint) ?? "").host;

          selfSignedCertsAllowed &= serverHost.contains(host);
        }

        if (!selfSignedCertsAllowed) {
          log.severe("Invalid SSL certificate for $host:$port");
        }

        return selfSignedCertsAllowed;
      };
  }
}
feat(mobile): allow self-signed certificate on the mobile app (#4051) * WIP: self-signed certs accept * WIP: format * WIP: pushing up adding settings menu * Add serverEndpointURL check * Add translation update * Handle errors properly * format * typo * cleanup * styling and permission * remove deadcode * put pack condition * styling * remove hiding settings options * format + match drop shadow * match color * remove deadcode --------- Co-authored-by: Alex <alex.tran1502@gmail.com> 2023-09-12 16:51:43 +02:00			`import 'dart:io';`
			`import 'package:immich_mobile/modules/settings/services/app_settings.service.dart';`
			`import 'package:immich_mobile/shared/models/store.dart';`
			`import 'package:logging/logging.dart';`

			`class HttpSSLCertOverride extends HttpOverrides {`
			`@override`
			`HttpClient createHttpClient(SecurityContext? context) {`
			`return super.createHttpClient(context)`
			`..badCertificateCallback = (X509Certificate cert, String host, int port) {`
			`var log = Logger("HttpSSLCertOverride");`

			`AppSettingsEnum setting = AppSettingsEnum.allowSelfSignedSSLCert;`

			`// Check if user has allowed self signed SSL certificates.`
			`bool selfSignedCertsAllowed =`
			`Store.get(setting.storeKey as StoreKey<bool>, setting.defaultValue);`

			`bool isLoggedIn = Store.tryGet(StoreKey.currentUser) != null;`

			`// Conduct server host checks if user is logged in to avoid making`
			`// insecure SSL connections to services that are not the immich server.`
			`if (isLoggedIn && selfSignedCertsAllowed) {`
			`String serverHost =`
			`Uri.parse(Store.tryGet(StoreKey.serverEndpoint) ?? "").host;`

			`selfSignedCertsAllowed &= serverHost.contains(host);`
			`}`

			`if (!selfSignedCertsAllowed) {`
			`log.severe("Invalid SSL certificate for $host:$port");`
			`}`

			`return selfSignedCertsAllowed;`
			`};`
			`}`
			`}`