Merge commit '6455a7f85522fd319caa8cb7cffa93b4ee9ca4b9'

[confetti] / cgilite / session.sh

diff --git a/cgilite/session.sh b/cgilite/session.sh
index 0a2a2e8b6583ad95c1d95735de392f9d64e35615..b52ac0a5cc6fab71ba8a7926c27ac692a5c867de 100755 (executable)
--- a/cgilite/session.sh
+++ b/cgilite/session.sh
@@ -25,10 +25,13 @@ slopecode(){
 }
 
 session_mac(){
+  local info
+  [ $# -eq 0 ] && info="$(cat)" || info="$*"
+
   if which openssl >/dev/null; then
-    openssl dgst -sha1 -hmac "$(server_key)" -binary |slopecode
+    printf %s "$info" |openssl dgst -sha1 -hmac "$(server_key)" -binary |slopecode
   else
-    { cat; server_key; } |sha256sum |cut -d\  -f1
+    { printf %s "$info"; server_key; } |sha256sum |cut -d\  -f1
   fi
 }
 
@@ -55,20 +58,17 @@ checkid(){ grep -m 1 -xE '[0-9a-zA-Z:=]{16}'; }
 transid(){
   # transaction ID to modify a given file
   local file="$1"
-  { stat -c %F%i%n%N%s%Y "$file" 2>&-
-    printf %s "$SESSION_ID"
-  } | session_mac
+  session_mac "$(stat -c %F%i%n%N%s%Y "$file" 2>&-)" "$SESSION_ID"
 }
 
 update_session(){
-  local session sid time sig serverkey checksig
+  local session sid time sig checksig
 
-  IFS=- read -r sid time sig <<-END
+  read -r sid time sig <<-END
        $(POST session_key || COOKIE session)
        END
-  serverkey="$(server_key)"
   
-  checksig="$(printf %s "$sid" "$time" |session_mac)"
+  checksig="$(session_mac "$sid" "$time")"
   
   if ! [ "$checksig" = "$sig" \
     -a "$time" -ge "$_DATE" \
@@ -79,10 +79,27 @@ update_session(){
   fi
 
   time=$(( $_DATE + $SESSION_TIMEOUT ))
-  sig="$(printf %s "$sid" "$time" |session_mac)"
-  printf %s\\n "${sid}-${time}-${sig}"
+  sig="$(session_mac "$sid" "$time")"
+  printf %s\\n "${sid} ${time} ${sig}"
 }
 
 SESSION_KEY="$(update_session)"
 SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly
-SESSION_ID="${SESSION_KEY%%-*}"
+SESSION_ID="${SESSION_KEY%% *}"
+
+SESSION_BIND() {
+  local key="$1" value="$2"
+  SET_COOKIE session "$key"="${value} $(session_mac "$value" "$SESSION_ID")"
+}
+
+SESSION_VAR() {
+  local key="$1"
+  local value sig
+  value="$(COOKIE "$key")"
+  sig="${value##* }" value="${value% *}"
+  if [ "$sig" = "$(session_mac "$value" "$SESSION_ID")" ]; then
+    printf %s\\n "$value"
+  else
+    return 1
+  fi
+}