X-Git-Url: https://git.plutz.net/?a=blobdiff_plain;ds=sidebyside;f=session.sh;h=0a2a2e8b6583ad95c1d95735de392f9d64e35615;hb=a836764660cf5db4cc02ffd9ea1ddb30aaa432f5;hp=8ed8d8808e0655cc8b89c6ce7bb0df318b0b571f;hpb=506e2f9f146c13919e65a9bbbd844391b96bbe9d;p=cgilite

diff --git a/session.sh b/session.sh
index 8ed8d88..0a2a2e8 100755
--- a/session.sh
+++ b/session.sh
@@ -3,6 +3,9 @@
 [ -n "$include_session" ] && return 0
 include_session="$0"
 
+_DATE="$(date +%s)"
+SESSION_TIMEOUT="${SESSION_TIMEOUT:-7200}"
+
 server_key(){
   IDFILE="${IDFILE:-${_DATA:-.}/serverkey}"
   if [ "$(stat -c %s "$IDFILE")" -ne 512 ] || ! cat "$IDFILE"; then
@@ -21,13 +24,21 @@ slopecode(){
   '
 }
 
+session_mac(){
+  if which openssl >/dev/null; then
+    openssl dgst -sha1 -hmac "$(server_key)" -binary |slopecode
+  else
+    { cat; server_key; } |sha256sum |cut -d\  -f1
+  fi
+}
+
 randomid(){
   dd bs=12 count=1 if=/dev/urandom 2>&- \
   | slopecode
 }
 
 timeid(){
-  d=$(($(date +%s) % 4294967296))
+  d=$(($_DATE % 4294967296))
   { printf "$(
       printf \\%o \
         $((d / 16777216 % 256)) \
@@ -46,36 +57,32 @@ transid(){
   local file="$1"
   { stat -c %F%i%n%N%s%Y "$file" 2>&-
     printf %s "$SESSION_ID"
-    server_key
-  } | sha256sum | cut -d\  -f1
+  } | session_mac
 }
 
 update_session(){
   local session sid time sig serverkey checksig
 
   IFS=- read -r sid time sig <<-END
-	$(COOKIE session)
+	$(POST session_key || COOKIE session)
 	END
   serverkey="$(server_key)"
   
-  checksig="$(printf %s "$sid" "$time" "$serverkey" | sha256sum)"
-  checksig="${checksig%% *}"
-  d=$(date +%s)
+  checksig="$(printf %s "$sid" "$time" |session_mac)"
   
   if ! [ "$checksig" = "$sig" \
-    -a "$time" -ge "$d" \
+    -a "$time" -ge "$_DATE" \
     -a "$(printf %s "$sid" |checkid)" ] 2>&-
   then
-    debug Setting up new session
+    debug "Setting up new session"
     sid="$(randomid)"
   fi
 
-  time=$(( $(date +%s) + 7200 ))
-  sig="$(printf %s "$sid" "$time" "$serverkey" |sha256sum)"
-  sig="${sig%% *}"
+  time=$(( $_DATE + $SESSION_TIMEOUT ))
+  sig="$(printf %s "$sid" "$time" |session_mac)"
   printf %s\\n "${sid}-${time}-${sig}"
 }
 
-SESSION_ID="$(update_session)"
-SET_COOKIE 0 session="$SESSION_ID" Path=/ SameSite=Strict HttpOnly
-SESSION_ID="${SESSION_ID%%-*}"
+SESSION_KEY="$(update_session)"
+SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly
+SESSION_ID="${SESSION_KEY%%-*}"