From 47a1cf6b49b7c063f1ac3f5e3b401c71de45230e Mon Sep 17 00:00:00 2001
From: =?utf8?q?Paul=20H=C3=A4nsch?= <paul@plutz.net>
Date: Sat, 13 Feb 2021 22:06:49 +0100
Subject: [PATCH] introduce functions for cookie based cryptographically signed
 session variables

---
 session.sh | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/session.sh b/session.sh
index 93cc2f4..b52ac0a 100755
--- a/session.sh
+++ b/session.sh
@@ -86,3 +86,20 @@ update_session(){
 SESSION_KEY="$(update_session)"
 SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly
 SESSION_ID="${SESSION_KEY%% *}"
+
+SESSION_BIND() {
+  local key="$1" value="$2"
+  SET_COOKIE session "$key"="${value} $(session_mac "$value" "$SESSION_ID")"
+}
+
+SESSION_VAR() {
+  local key="$1"
+  local value sig
+  value="$(COOKIE "$key")"
+  sig="${value##* }" value="${value% *}"
+  if [ "$sig" = "$(session_mac "$value" "$SESSION_ID")" ]; then
+    printf %s\\n "$value"
+  else
+    return 1
+  fi
+}
-- 
2.39.2