From ad2ecdfa5296a12a8aa38f39fce2414015a991ef Mon Sep 17 00:00:00 2001
From: Dreaded_X <tim@huizinga.dev>
Date: Sat, 16 Sep 2023 01:49:51 +0200
Subject: [PATCH] Verify that the url is https

---
 updater/src/error.rs |  5 ++++-
 updater/src/lib.rs   | 12 ++++++++----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/updater/src/error.rs b/updater/src/error.rs
index 38178f8..bf944bf 100644
--- a/updater/src/error.rs
+++ b/updater/src/error.rs
@@ -1,17 +1,18 @@
 use core::fmt::{Display, Write};
 
-use heapless::String;
 use defmt::{Format, Formatter};
 use embassy_boot::FirmwareUpdaterError;
 use embassy_net::{dns, tcp::ConnectError};
 use embedded_io_async::ReadExactError;
 use embedded_storage::nor_flash::NorFlashError;
 use embedded_tls::TlsError;
+use heapless::String;
 use rust_mqtt::packet::v5::reason_codes::ReasonCode;
 
 impl_tools::impl_scope! {
     #[derive(Debug)]
     pub enum Error<FE: NorFlashError + defmt::Format> {
+        InvalidScheme,
         Mqtt(ReasonCode),
         Dns(dns::Error),
         Connect(ConnectError),
@@ -78,6 +79,7 @@ impl_tools::impl_scope! {
     impl Format for Self {
         fn format(&self, f: Formatter) {
             match self {
+                Error::InvalidScheme => defmt::write!(f, "Invalid URL scheme"),
                 Error::Mqtt(error) => defmt::write!(f, "Mqtt: {}", error),
                 Error::Dns(error) => defmt::write!(f, "Dns: {}", error),
                 Error::Connect(error) => defmt::write!(f, "Connect: {}", error),
@@ -93,6 +95,7 @@ impl_tools::impl_scope! {
     impl Display for Self {
         fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> {
             match self {
+                Error::InvalidScheme => core::write!(f, "Invalid URL scheme"),
                 Error::Mqtt(error) => core::write!(f, "Mqtt: {}", error),
                 Error::Dns(error) => core::write!(f, "Dns: {:?}", error),
                 Error::Connect(error) => core::write!(f, "Connect: {:?}", error),
diff --git a/updater/src/lib.rs b/updater/src/lib.rs
index 9476dcd..706e82b 100644
--- a/updater/src/lib.rs
+++ b/updater/src/lib.rs
@@ -11,7 +11,7 @@ use embedded_io_async::{Read, Write};
 use embedded_storage::nor_flash::NorFlash;
 use embedded_tls::{Aes128GcmSha256, NoVerify, TlsConfig, TlsConnection, TlsContext};
 use heapless::Vec;
-use nourl::Url;
+use nourl::{Url, UrlScheme};
 use rand_core::{CryptoRng, RngCore};
 use reqwless::{
     request::{Method, Request, RequestBuilder},
@@ -150,6 +150,13 @@ where
             .send_message(self.topic_status, &status, QualityOfService::QoS1, false)
             .await?;
 
+        debug!("Making sure url is HTTPS");
+        if url.scheme() != UrlScheme::HTTPS {
+            return Err(Error::InvalidScheme);
+        }
+
+        // TODO: Clear out retained update message, currently gives implementation specific error
+
         let ip = stack.dns_query(url.host(), DnsQueryType::A).await?[0];
 
         let mut rx_buffer = [0; 1024];
@@ -227,9 +234,6 @@ where
         self.updater
             .verify_and_mark_updated(self.public_key, &signature, size)?;
 
-        // Update mqtt message should be send using retain
-        // TODO: Clear the message
-
         let status = Status::UpdateComplete.json();
         client
             .send_message(self.topic_status, &status, QualityOfService::QoS1, false)