From: Paul Hänsch Date: Tue, 9 Feb 2021 20:44:39 +0000 (+0100) Subject: simplified mac function and cookie format X-Git-Url: https://git.plutz.net/?a=commitdiff_plain;h=621208650ef40272b76f4f649b461f47c33d97f9;p=cgilite simplified mac function and cookie format --- diff --git a/session.sh b/session.sh index 0a2a2e8..93cc2f4 100755 --- a/session.sh +++ b/session.sh @@ -25,10 +25,13 @@ slopecode(){ } session_mac(){ + local info + [ $# -eq 0 ] && info="$(cat)" || info="$*" + if which openssl >/dev/null; then - openssl dgst -sha1 -hmac "$(server_key)" -binary |slopecode + printf %s "$info" |openssl dgst -sha1 -hmac "$(server_key)" -binary |slopecode else - { cat; server_key; } |sha256sum |cut -d\ -f1 + { printf %s "$info"; server_key; } |sha256sum |cut -d\ -f1 fi } @@ -55,20 +58,17 @@ checkid(){ grep -m 1 -xE '[0-9a-zA-Z:=]{16}'; } transid(){ # transaction ID to modify a given file local file="$1" - { stat -c %F%i%n%N%s%Y "$file" 2>&- - printf %s "$SESSION_ID" - } | session_mac + session_mac "$(stat -c %F%i%n%N%s%Y "$file" 2>&-)" "$SESSION_ID" } update_session(){ - local session sid time sig serverkey checksig + local session sid time sig checksig - IFS=- read -r sid time sig <<-END + read -r sid time sig <<-END $(POST session_key || COOKIE session) END - serverkey="$(server_key)" - checksig="$(printf %s "$sid" "$time" |session_mac)" + checksig="$(session_mac "$sid" "$time")" if ! [ "$checksig" = "$sig" \ -a "$time" -ge "$_DATE" \ @@ -79,10 +79,10 @@ update_session(){ fi time=$(( $_DATE + $SESSION_TIMEOUT )) - sig="$(printf %s "$sid" "$time" |session_mac)" - printf %s\\n "${sid}-${time}-${sig}" + sig="$(session_mac "$sid" "$time")" + printf %s\\n "${sid} ${time} ${sig}" } SESSION_KEY="$(update_session)" SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly -SESSION_ID="${SESSION_KEY%%-*}" +SESSION_ID="${SESSION_KEY%% *}"