From 9f005dbdc1fa750a234a8cec929f52fe57cfba56 Mon Sep 17 00:00:00 2001 From: Jon Lee Date: Sat, 11 Jan 2025 08:17:45 +0000 Subject: [PATCH 1/3] feat(backend): add assetlinks.json endpoint for Android --- .../backend/src/server/WellKnownServerService.ts | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/packages/backend/src/server/WellKnownServerService.ts b/packages/backend/src/server/WellKnownServerService.ts index 8e326da89a6..f89448f453c 100644 --- a/packages/backend/src/server/WellKnownServerService.ts +++ b/packages/backend/src/server/WellKnownServerService.ts @@ -93,6 +93,19 @@ export class WellKnownServerService { return this.oauth2ProviderService.generateRFC8414(); }); + fastify.get('/.well-known/assetlinks.json', async (request, reply) => { + reply.header('Content-Type', 'application/json'); + return { + relation: ['delegate_permission/common.handle_all_urls'], + target: { + namespace: 'android_app', + package_name: 'place.stella.twa', + sha256_cert_fingerprints: + ['0E:14:9F:91:C0:EF:07:E9:90:48:74:BB:F9:54:41:C2:F4:01:BE:C8:86:F8:5F:D5:53:3B:5D:E1:44:BA:98:0C'], + }, + }; + }); + /* TODO fastify.get('/.well-known/change-password', async (request, reply) => { }); From c96fb91fcea5925efa130569c5c8ae681ffa51c5 Mon Sep 17 00:00:00 2001 From: Jon Lee Date: Sat, 11 Jan 2025 15:07:02 +0000 Subject: [PATCH 2/3] enhance(backend): add additional SHA256 fingerprint for Asset Links --- packages/backend/src/server/WellKnownServerService.ts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/packages/backend/src/server/WellKnownServerService.ts b/packages/backend/src/server/WellKnownServerService.ts index f89448f453c..7a2ac0e791a 100644 --- a/packages/backend/src/server/WellKnownServerService.ts +++ b/packages/backend/src/server/WellKnownServerService.ts @@ -100,8 +100,10 @@ export class WellKnownServerService { target: { namespace: 'android_app', package_name: 'place.stella.twa', - sha256_cert_fingerprints: - ['0E:14:9F:91:C0:EF:07:E9:90:48:74:BB:F9:54:41:C2:F4:01:BE:C8:86:F8:5F:D5:53:3B:5D:E1:44:BA:98:0C'], + sha256_cert_fingerprints: [ + '0E:14:9F:91:C0:EF:07:E9:90:48:74:BB:F9:54:41:C2:F4:01:BE:C8:86:F8:5F:D5:53:3B:5D:E1:44:BA:98:0C', + '96:E2:C0:89:02:EA:C6:23:20:A9:6E:6A:1E:42:1B:47:DF:AF:A6:16:D0:D2:49:62:C6:38:35:4D:2E:78:9C:1B', + ], }, }; }); From 664c16a10bcde595dbab80be10071e68cf850cfa Mon Sep 17 00:00:00 2001 From: caipira113 Date: Sat, 1 Feb 2025 03:10:09 +0900 Subject: [PATCH 3/3] enhance(backend): restrict assetlinks.json access to stella.place --- packages/backend/src/server/WellKnownServerService.ts | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/packages/backend/src/server/WellKnownServerService.ts b/packages/backend/src/server/WellKnownServerService.ts index 7a2ac0e791a..a15a5a7e46d 100644 --- a/packages/backend/src/server/WellKnownServerService.ts +++ b/packages/backend/src/server/WellKnownServerService.ts @@ -94,6 +94,14 @@ export class WellKnownServerService { }); fastify.get('/.well-known/assetlinks.json', async (request, reply) => { + const allowedHost = 'stella.place'; + + const requestHost = request.hostname; + if (requestHost !== allowedHost) { + reply.code(404); + return; + } + reply.header('Content-Type', 'application/json'); return { relation: ['delegate_permission/common.handle_all_urls'],