X-Git-Url: http://git.plutz.net/?p=cgilite;a=blobdiff_plain;f=session.sh;fp=session.sh;h=25a65987c3671df4f4c8499279a71487edad5775;hp=0000000000000000000000000000000000000000;hb=e2678dc719c2dcda2de9a6079ac63837681e1a26;hpb=d0c60cf4f8431e100a0a326931388e6d11a5fd56 diff --git a/session.sh b/session.sh new file mode 100755 index 0000000..25a6598 --- /dev/null +++ b/session.sh @@ -0,0 +1,72 @@ +#!/bin/sh + +[ -n "$include_session" ] && return 0 +include_session="$0" + +server_key(){ + IDFILE="${IDFILE:-${_DATA:-.}/serverkey}" + if [ "$(stat -c %s "$IDFILE")" -ne 512 ] || ! cat "$IDFILE"; then + dd count=1 bs=512 if=/dev/urandom \ + | tee "$IDFILE" + fi 2>&- +} + +slopecode(){ + # 6-Bit Code that retains sort order of input data, while beeing safe to use + # in ascii transmissions, unix file names, HTTP URLs, and HTML attributes + + uuencode -m - | sed ' + 1d;$d; + y;ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/;0123456789:=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz; + ' +} + +randomid(){ + dd bs=12 count=1 if=/dev/urandom 2>&- \ + | slopecode +} + +timeid(){ + d=$(($(date +%s) % 4294967296)) + { printf "$( + printf \\%o \ + $((d / 16777216 % 256)) \ + $((d / 65536 % 256)) \ + $((d / 256 % 256)) \ + $((d % 256)) + )" + dd bs=8 count=1 if=/dev/urandom 2>&- + } | slopecode +} + +checkid(){ grep -m 1 -xE '[0-9a-zA-Z:=]{16}'; } + +update_session(){ + local session sid time sig serverkey checksig + + IFS=- read -r sid time sig <<-END + $(COOKIE session) + END + serverkey="$(server_key)" + + checksig="$(printf %s "$sid" "$time" "$serverkey" | sha256sum)" + checksig="${checksig%% *}" + d=$(date +%s) + + if [ "$checksig" != "$sig" \ + -o "$time" -lt "$d" \ + -o ! "$(printf %s "$sid" |checkid)" ] 2>&- + then + debug Setting up new session + sid="$(randomid)" + fi + + time=$(( $(date +%s) + 7200 )) + sig="$(printf %s "$sid" "$time" "$serverkey" |sha256sum)" + sig="${sig%% *}" + printf %s\\n "${sid}-${time}-${sig}" +} + +SESSION_ID="$(update_session)" +SET_COOKIE 0 session="$SESSION_ID" Path=/ SameSite=Strict HttpOnly +SESSION_ID="${SESSION_ID%%-*}"