X-Git-Url: http://git.plutz.net/?p=cgilite;a=blobdiff_plain;f=session.sh;h=ee5c4993a72df047fe0fc67b3c384f2b5733be48;hp=ca931fad9aa662ec338820bdc88be9f5018aba24;hb=HEAD;hpb=38702dbb48387609925572f2269b222f87eb9c1a diff --git a/session.sh b/session.sh index ca931fa..c3a44e8 100755 --- a/session.sh +++ b/session.sh @@ -1,9 +1,23 @@ #!/bin/sh +# Copyright 2018 - 2022 Paul Hänsch +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +# IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + [ -n "$include_session" ] && return 0 include_session="$0" -_DATE="$(date +%s)" +export _DATE="$(date +%s)" SESSION_TIMEOUT="${SESSION_TIMEOUT:-7200}" if ! which uuencode >/dev/null; then @@ -75,6 +89,7 @@ checkid(){ { [ $# -gt 0 ] && printf %s "$*" || cat; } | grep -m 1 -xE '[0-9a-zA- update_session(){ local session sid time sig checksig + unset SESSION_KEY SESSION_ID read -r sid time sig <<-END $(POST session_key || COOKIE session) @@ -82,23 +97,38 @@ update_session(){ checksig="$(session_mac "$sid" "$time")" - if ! [ "$checksig" = "$sig" \ - -a "$time" -ge "$_DATE" \ - -a "$(printf %s "$sid" |checkid)" ] 2>&- + if [ "$checksig" = "$sig" \ + -a "$time" -ge "$_DATE" \ + -a "$(checkid "$sid")" ] 2>&- then - debug "Setting up new session" - sid="$(randomid)" + time=$(( $_DATE + $SESSION_TIMEOUT )) + sig="$(session_mac "$sid" "$time")" + + SESSION_KEY="${sid} ${time} ${sig}" + SESSION_ID="${sid}" + return 0 + else + return 1 fi +} + +new_session(){ + local sid time sig + + debug "Setting up new session" + sid="$(randomid)" time=$(( $_DATE + $SESSION_TIMEOUT )) sig="$(session_mac "$sid" "$time")" - printf %s\\n "${sid} ${time} ${sig}" + + SESSION_KEY="${sid} ${time} ${sig}" + SESSION_ID="${sid}" } SESSION_BIND() { # Set tamper-proof authenticated cookie local key="$1" value="$2" - SET_COOKIE session "$key"="${value} $(session_mac "$value" "$SESSION_ID")" + SET_COOKIE session "$key"="${value} $(session_mac "$value" "$SESSION_ID")" Path="/${_BASE#/}" SameSite=Strict HttpOnly } SESSION_VAR() { @@ -114,6 +144,9 @@ SESSION_VAR() { fi } -SESSION_KEY="$(update_session)" -SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly -SESSION_ID="${SESSION_KEY%% *}" +SESSION_COOKIE() { + [ "$1" = new ] && new_session + SET_COOKIE 0 session="$SESSION_KEY" Path="/${_BASE#/}" SameSite=Strict HttpOnly +} + +update_session || new_session