summaryrefslogtreecommitdiff
path: root/client/client.go
diff options
context:
space:
mode:
Diffstat (limited to 'client/client.go')
-rw-r--r--client/client.go30
1 files changed, 29 insertions, 1 deletions
diff --git a/client/client.go b/client/client.go
index c443528..1a1e881 100644
--- a/client/client.go
+++ b/client/client.go
@@ -32,10 +32,34 @@ func (c *Client) logError(err error) {
}
func (c *Client) isLetsConnect() bool {
- // see https://git.sr.ht/~fkooman/vpn-user-portal/tree/v3/item/src/OAuth/ClientDb.php
+ // see https://git.sr.ht/~fkooman/vpn-user-portal/tree/v3/item/src/OAuth/VpnClientDb.php
return strings.HasPrefix(c.Name, "org.letsconnect-vpn.app")
}
+// isAllowedClientID checks if the 'clientID' is in the list of allowed client IDs
+func isAllowedClientID(clientID string) bool {
+ allowList := []string{
+ // eduVPN
+ "org.eduvpn.app.windows",
+ "org.eduvpn.app.android",
+ "org.eduvpn.app.ios",
+ "org.eduvpn.app.macos",
+ "org.eduvpn.app.linux",
+ // Let's Connect!
+ "org.letsconnect-vpn.app.windows",
+ "org.letsconnect-vpn.app.android",
+ "org.letsconnect-vpn.app.ios",
+ "org.letsconnect-vpn.app.macos",
+ "org.letsconnect-vpn.app.linux",
+ }
+ for _, x := range allowList {
+ if x == clientID {
+ return true
+ }
+ }
+ return false
+}
+
// Client is the main struct for the VPN client.
type Client struct {
// The name of the client
@@ -93,6 +117,10 @@ func (c *Client) Register(
return errors.Errorf("fsm attempt to register while in '%v'", c.FSM.Current)
}
+ if !isAllowedClientID(name) {
+ return errors.Errorf("client ID is not allowed: '%v', see https://git.sr.ht/~fkooman/vpn-user-portal/tree/v3/item/src/OAuth/VpnClientDb.php for a list of allowed IDs", name)
+ }
+
c.Name = name
// TODO: Verify language setting?