From: Paul Hänsch <paul@plutz.net>
Date: Tue, 9 Feb 2021 20:44:39 +0000 (+0100)
Subject: simplified mac function and cookie format
X-Git-Url: http://git.plutz.net/?p=cgilite;a=commitdiff_plain;h=621208650ef40272b76f4f649b461f47c33d97f9

simplified mac function and cookie format
---

diff --git a/session.sh b/session.sh
index 0a2a2e8..93cc2f4 100755
--- a/session.sh
+++ b/session.sh
@@ -25,10 +25,13 @@ slopecode(){
 }
 
 session_mac(){
+  local info
+  [ $# -eq 0 ] && info="$(cat)" || info="$*"
+
   if which openssl >/dev/null; then
-    openssl dgst -sha1 -hmac "$(server_key)" -binary |slopecode
+    printf %s "$info" |openssl dgst -sha1 -hmac "$(server_key)" -binary |slopecode
   else
-    { cat; server_key; } |sha256sum |cut -d\  -f1
+    { printf %s "$info"; server_key; } |sha256sum |cut -d\  -f1
   fi
 }
 
@@ -55,20 +58,17 @@ checkid(){ grep -m 1 -xE '[0-9a-zA-Z:=]{16}'; }
 transid(){
   # transaction ID to modify a given file
   local file="$1"
-  { stat -c %F%i%n%N%s%Y "$file" 2>&-
-    printf %s "$SESSION_ID"
-  } | session_mac
+  session_mac "$(stat -c %F%i%n%N%s%Y "$file" 2>&-)" "$SESSION_ID"
 }
 
 update_session(){
-  local session sid time sig serverkey checksig
+  local session sid time sig checksig
 
-  IFS=- read -r sid time sig <<-END
+  read -r sid time sig <<-END
 	$(POST session_key || COOKIE session)
 	END
-  serverkey="$(server_key)"
   
-  checksig="$(printf %s "$sid" "$time" |session_mac)"
+  checksig="$(session_mac "$sid" "$time")"
   
   if ! [ "$checksig" = "$sig" \
     -a "$time" -ge "$_DATE" \
@@ -79,10 +79,10 @@ update_session(){
   fi
 
   time=$(( $_DATE + $SESSION_TIMEOUT ))
-  sig="$(printf %s "$sid" "$time" |session_mac)"
-  printf %s\\n "${sid}-${time}-${sig}"
+  sig="$(session_mac "$sid" "$time")"
+  printf %s\\n "${sid} ${time} ${sig}"
 }
 
 SESSION_KEY="$(update_session)"
 SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly
-SESSION_ID="${SESSION_KEY%%-*}"
+SESSION_ID="${SESSION_KEY%% *}"