From ef8ea9eecfb022a17ff51362e255e88a49477cb2 Mon Sep 17 00:00:00 2001
From: Kelvin <kelvin@futo.org>
Date: Wed, 22 Nov 2023 16:05:27 +0100
Subject: [PATCH] Fix whitelist checking for dev-portal

---
 .../media/platforms/js/internal/JSHttpClient.kt    | 12 ++++++++++--
 .../platformplayer/developer/DeveloperEndpoints.kt | 14 ++++++++++++--
 app/src/unstable/assets/sources/kick               |  2 +-
 3 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/app/src/main/java/com/futo/platformplayer/api/media/platforms/js/internal/JSHttpClient.kt b/app/src/main/java/com/futo/platformplayer/api/media/platforms/js/internal/JSHttpClient.kt
index 134fcb7e..af7291ae 100644
--- a/app/src/main/java/com/futo/platformplayer/api/media/platforms/js/internal/JSHttpClient.kt
+++ b/app/src/main/java/com/futo/platformplayer/api/media/platforms/js/internal/JSHttpClient.kt
@@ -6,10 +6,13 @@ import com.futo.platformplayer.api.http.ManagedHttpClient
 import com.futo.platformplayer.api.media.platforms.js.JSClient
 import com.futo.platformplayer.api.media.platforms.js.SourceAuth
 import com.futo.platformplayer.api.media.platforms.js.SourceCaptchaData
+import com.futo.platformplayer.api.media.platforms.js.SourcePluginConfig
+import com.futo.platformplayer.engine.exceptions.ScriptImplementationException
 import com.futo.platformplayer.matchesDomain
 
 class JSHttpClient : ManagedHttpClient {
     private val _jsClient: JSClient?;
+    private val _jsConfig: SourcePluginConfig?;
     private val _auth: SourceAuth?;
     private val _captcha: SourceCaptchaData?;
 
@@ -20,8 +23,9 @@ class JSHttpClient : ManagedHttpClient {
 
     private var _currentCookieMap: HashMap<String, HashMap<String, String>>;
 
-    constructor(jsClient: JSClient?, auth: SourceAuth? = null, captcha: SourceCaptchaData? = null) : super() {
+    constructor(jsClient: JSClient?, auth: SourceAuth? = null, captcha: SourceCaptchaData? = null, config: SourcePluginConfig? = null) : super() {
         _jsClient = jsClient;
+        _jsConfig = config;
         _auth = auth;
         _captcha = captcha;
 
@@ -87,7 +91,11 @@ class JSHttpClient : ManagedHttpClient {
             }
         }
 
-        _jsClient?.validateUrlOrThrow(request.url.toString());
+        if(_jsClient != null)
+            _jsClient?.validateUrlOrThrow(request.url.toString());
+        else if (_jsConfig != null && !_jsConfig.isUrlAllowed(request.url.toString()))
+            throw ScriptImplementationException(_jsConfig, "Attempted to access non-whitelisted url: ${request.url.toString()}\nAdd it to your config");
+
         return newBuilder?.let { it.build() } ?: request;
     }
 
diff --git a/app/src/main/java/com/futo/platformplayer/developer/DeveloperEndpoints.kt b/app/src/main/java/com/futo/platformplayer/developer/DeveloperEndpoints.kt
index 95502b6d..92a48ebf 100644
--- a/app/src/main/java/com/futo/platformplayer/developer/DeveloperEndpoints.kt
+++ b/app/src/main/java/com/futo/platformplayer/developer/DeveloperEndpoints.kt
@@ -24,6 +24,7 @@ import com.google.gson.JsonArray
 import com.google.gson.JsonParser
 import kotlinx.serialization.encodeToString
 import kotlinx.serialization.json.Json
+import java.lang.reflect.InvocationTargetException
 import java.util.UUID
 import kotlin.reflect.jvm.jvmErasure
 
@@ -185,7 +186,11 @@ class DeveloperEndpoints(private val context: Context) {
         val config = context.readContentJson<SourcePluginConfig>()
         try {
             _testPluginVariables.clear();
-            _testPlugin = V8Plugin(StateApp.instance.context, config);
+
+            val client = JSHttpClient(null, null, null, config);
+            val clientAuth = JSHttpClient(null, null, null, config);
+            _testPlugin = V8Plugin(StateApp.instance.context, config, null, client, clientAuth);
+
             context.respondJson(200, testPluginOrThrow.getPackageVariables());
         }
         catch(ex: Throwable) {
@@ -235,7 +240,7 @@ class DeveloperEndpoints(private val context: Context) {
             }
             LoginActivity.showLogin(StateApp.instance.context, config) {
                 _testPluginVariables.clear();
-                _testPlugin = V8Plugin(StateApp.instance.context, config, null, JSHttpClient(null), JSHttpClient(null, it));
+                _testPlugin = V8Plugin(StateApp.instance.context, config, null, JSHttpClient(null, null, null, config), JSHttpClient(null, it, null, config));
 
             };
             context.respondCode(200, "Login started");
@@ -311,6 +316,11 @@ class DeveloperEndpoints(private val context: Context) {
             val json = wrapRemoteResult(callResult, false);
             context.respondCode(200, json, "application/json");
         }
+        catch(invocation: InvocationTargetException) {
+            val innerException = invocation.targetException;
+            Logger.e("DeveloperEndpoints", innerException.message, innerException);
+            context.respondCode(500, innerException::class.simpleName + ":" + innerException.message ?: "", "text/plain")
+        }
         catch(ilEx: IllegalArgumentException) {
             if(ilEx.message?.contains("does not exist") ?: false) {
                 context.respondCode(400, ilEx.message ?: "", "text/plain");
diff --git a/app/src/unstable/assets/sources/kick b/app/src/unstable/assets/sources/kick
index d0b7a2c1..12b84d2f 160000
--- a/app/src/unstable/assets/sources/kick
+++ b/app/src/unstable/assets/sources/kick
@@ -1 +1 @@
-Subproject commit d0b7a2c1b4939c27b4ec04ee52b5a16380c27afb
+Subproject commit 12b84d2ff179f9f4940c4232859b59b57e37fdc6