mike/hello-agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 7 Wiki Activity

Implement signed API communication to improve security
build-windows / build-hello-agent-x64 (push) Successful in 4m52s
Details
build-windows / sign-hello-agent-x64 (push) Successful in 5s
Details
build-windows / validate-hello-agent-x64 (push) Successful in 6s
Details

Browse Source
This commit is contained in:
Mike Müller
2026-05-22 12:49:52 +02:00
parent fb00ac1101
commit 6807fe2bc0
9 changed files with 184 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/unattended_password.rs
+12 -1
View File
@@ -111,7 +111,18 @@ async fn try_report(password: &str) -> Result<()> {
})
.to_string();
let resp = librustdesk::common::post_request(url, body, "")
// Same per-peer signature gate as heartbeat / sysinfo. Once this peer's
// `managed` flag has flipped to 1 server-side, unsigned posts here
// would be rejected — and we want unattended-password to keep landing
// through the same TOFU lifecycle as the other endpoints.
let headers = librustdesk::hbbs_http::sign::build_signed_headers(
"POST",
"/api/unattended-password",
body.as_bytes(),
)
.unwrap_or_default();
let resp = librustdesk::common::post_request(url, body, &headers)
.await
.map_err(|e| anyhow!("post: {e}"))?;
let trimmed = resp.trim();