X-Git-Url: https://git.plutz.net/?p=cgilite;a=blobdiff_plain;f=session.sh;h=b52ac0a5cc6fab71ba8a7926c27ac692a5c867de;hp=60ae57734a6b1e659460139c7b1b497fae5d866b;hb=47a1cf6b49b7c063f1ac3f5e3b401c71de45230e;hpb=3fe2a9ceb477adf245f6cc8f72fb61282e42c904 diff --git a/session.sh b/session.sh index 60ae577..b52ac0a 100755 --- a/session.sh +++ b/session.sh @@ -3,6 +3,9 @@ [ -n "$include_session" ] && return 0 include_session="$0" +_DATE="$(date +%s)" +SESSION_TIMEOUT="${SESSION_TIMEOUT:-7200}" + server_key(){ IDFILE="${IDFILE:-${_DATA:-.}/serverkey}" if [ "$(stat -c %s "$IDFILE")" -ne 512 ] || ! cat "$IDFILE"; then @@ -21,13 +24,24 @@ slopecode(){ ' } +session_mac(){ + local info + [ $# -eq 0 ] && info="$(cat)" || info="$*" + + if which openssl >/dev/null; then + printf %s "$info" |openssl dgst -sha1 -hmac "$(server_key)" -binary |slopecode + else + { printf %s "$info"; server_key; } |sha256sum |cut -d\ -f1 + fi +} + randomid(){ dd bs=12 count=1 if=/dev/urandom 2>&- \ | slopecode } timeid(){ - d=$(($(date +%s) % 4294967296)) + d=$(($_DATE % 4294967296)) { printf "$( printf \\%o \ $((d / 16777216 % 256)) \ @@ -39,34 +53,53 @@ timeid(){ } | slopecode } -checkid(){ grep -m 1 -xE '[0-9a-zA-Z:_]{16}'; } +checkid(){ grep -m 1 -xE '[0-9a-zA-Z:=]{16}'; } + +transid(){ + # transaction ID to modify a given file + local file="$1" + session_mac "$(stat -c %F%i%n%N%s%Y "$file" 2>&-)" "$SESSION_ID" +} update_session(){ - local session sid time sig serverkey checksig + local session sid time sig checksig - IFS=- read -r sid time sig <<-END - $(COOKIE session) + read -r sid time sig <<-END + $(POST session_key || COOKIE session) END - serverkey="$(server_key)" - checksig="$(printf %s "$sid" "$time" "$serverkey" | sha256sum)" - checksig="${checksig%% *}" - d=$(date +%s) + checksig="$(session_mac "$sid" "$time")" - if [ "$checksig" != "$sig" \ - -o "$time" -lt "$d" \ - -o ! "$(printf %s "$sid" |checkid)" ] 2>&- + if ! [ "$checksig" = "$sig" \ + -a "$time" -ge "$_DATE" \ + -a "$(printf %s "$sid" |checkid)" ] 2>&- then - debug Setting up new session + debug "Setting up new session" sid="$(randomid)" fi - time=$(( $(date +%s) + 7200 )) - sig="$(printf %s "$sid" "$time" "$serverkey" |sha256sum)" - sig="${sig%% *}" - printf %s\\n "${sid}-${time}-${sig}" + time=$(( $_DATE + $SESSION_TIMEOUT )) + sig="$(session_mac "$sid" "$time")" + printf %s\\n "${sid} ${time} ${sig}" +} + +SESSION_KEY="$(update_session)" +SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly +SESSION_ID="${SESSION_KEY%% *}" + +SESSION_BIND() { + local key="$1" value="$2" + SET_COOKIE session "$key"="${value} $(session_mac "$value" "$SESSION_ID")" } -SESSION_ID="$(update_session)" -SET_COOKIE 0 session="$SESSION_ID" Path=/ SameSite=Strict HttpOnly -SESSION_ID="${SESSION_ID%%-*}" +SESSION_VAR() { + local key="$1" + local value sig + value="$(COOKIE "$key")" + sig="${value##* }" value="${value% *}" + if [ "$sig" = "$(session_mac "$value" "$SESSION_ID")" ]; then + printf %s\\n "$value" + else + return 1 + fi +}