[ -n "$include_session" ] && return 0
include_session="$0"
+if ! which uuencode >/dev/null; then
+ uuencode() { busybox uuencode "$@"; }
+fi
+if ! which sha256sum >/dev/null; then
+ sha256sum() { busybox sha256sum "$@"; }
+fi
+
+_DATE="$(date +%s)"
+SESSION_TIMEOUT="${SESSION_TIMEOUT:-7200}"
+
server_key(){
IDFILE="${IDFILE:-${_DATA:-.}/serverkey}"
- if ! grep -m1 -xE '.{512}' "$IDFILE"; then
+ if [ "$(stat -c %s "$IDFILE")" -ne 512 ] || ! cat "$IDFILE"; then
dd count=1 bs=512 if=/dev/urandom \
| tee "$IDFILE"
fi 2>&-
'
}
+session_mac(){
+ local info
+ [ $# -eq 0 ] && info="$(cat)" || info="$*"
+
+ if which openssl >/dev/null; then
+ printf %s "$info" |openssl dgst -sha1 -hmac "$(server_key)" -binary |slopecode
+ else
+ { printf %s "$info"; server_key; } |sha256sum |cut -d\ -f1
+ fi
+}
+
randomid(){
- dd bs=12 count=1 if=/dev/urandom \
- | slopecode 2>&-
+ dd bs=12 count=1 if=/dev/urandom 2>&- \
+ | slopecode
}
timeid(){
- d=$(($(date +%s) % 4294967296))
+ d=$(($_DATE % 4294967296))
{ printf "$(
printf \\%o \
$((d / 16777216 % 256)) \
$((d / 256 % 256)) \
$((d % 256))
)"
- dd bs=8 count=1 if=/dev/urandom
- } | slopecode 2>&-
+ dd bs=8 count=1 if=/dev/urandom 2>&-
+ } | slopecode
}
-checkid(){ grep -m 1 -xE '[0-9a-zA-Z:_]{16}'; }
+checkid(){ grep -m 1 -xE '[0-9a-zA-Z:=]{16}'; }
+
+transid(){
+ # transaction ID to modify a given file
+ local file="$1"
+ session_mac "$(stat -c %F%i%n%N%s%Y "$file" 2>&-)" "$SESSION_ID"
+}
update_session(){
- local session sid time sig serverkey checksig
+ local session sid time sig checksig
- IFS=- read -r sid time sig <<-END
- $(COOKIE session)
+ read -r sid time sig <<-END
+ $(POST session_key || COOKIE session)
END
- serverkey="$(server_key)"
- checksig="$(printf %s "$sid" "$time" "$serverkey" | sha256sum)"
- checksig="${checksig%% *}"
- d=$(date +%s)
+ checksig="$(session_mac "$sid" "$time")"
- if [ "$checksig" != "$sig" -o "$time" -lt "$d" ] 2>&-; then
+ if ! [ "$checksig" = "$sig" \
+ -a "$time" -ge "$_DATE" \
+ -a "$(printf %s "$sid" |checkid)" ] 2>&-
+ then
+ debug "Setting up new session"
sid="$(randomid)"
fi
- time=$(( $(date +%s) + 7200 ))
- sig="$(printf %s "$sid" "$time" "$serverkey" |sha256sum)"
- sig="${sig%% *}"
- printf %s\\n "${sid}-${time}-${sig}"
+ time=$(( $_DATE + $SESSION_TIMEOUT ))
+ sig="$(session_mac "$sid" "$time")"
+ printf %s\\n "${sid} ${time} ${sig}"
+}
+
+SESSION_KEY="$(update_session)"
+SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly
+SESSION_ID="${SESSION_KEY%% *}"
+
+SESSION_BIND() {
+ local key="$1" value="$2"
+ SET_COOKIE session "$key"="${value} $(session_mac "$value" "$SESSION_ID")"
}
-SESSION_ID="$(update_session)"
-SET_COOKIE 0 "session=$SESSION_ID" HttpOnly
-SESSION_ID="${SESSION_ID%%-*}"
+SESSION_VAR() {
+ local key="$1"
+ local value sig
+ value="$(COOKIE "$key")"
+ sig="${value##* }" value="${value% *}"
+ if [ "$sig" = "$(session_mac "$value" "$SESSION_ID")" ]; then
+ printf %s\\n "$value"
+ else
+ return 1
+ fi
+}