Squashed 'cgilite/' changes from c207699..80b3d8c

[confetti] / session.sh

diff --git a/session.sh b/session.sh
index 12788d3eb534292349b8146ac1c50db80118398b..b9cef4d3dc2cdfd544b5499754bb9f489010f9b4 100755 (executable)
--- a/session.sh
+++ b/session.sh
@@ -3,6 +3,13 @@
 [ -n "$include_session" ] && return 0
 include_session="$0"
 
+if ! which uuencode >/dev/null; then
+  uuencode() { busybox uuencode "$@"; }
+fi
+if ! which sha256sum >/dev/null; then
+  sha256sum() { busybox sha256sum "$@"; }
+fi
+
 _DATE="$(date +%s)"
 SESSION_TIMEOUT="${SESSION_TIMEOUT:-7200}"
 
@@ -24,6 +31,17 @@ slopecode(){
   '
 }
 
+session_mac(){
+  local info
+  [ $# -eq 0 ] && info="$(cat)" || info="$*"
+
+  if which openssl >/dev/null; then
+    printf %s "$info" |openssl dgst -sha1 -hmac "$(server_key)" -binary |slopecode
+  else
+    { printf %s "$info"; server_key; } |sha256sum |cut -d\  -f1
+  fi
+}
+
 randomid(){
   dd bs=12 count=1 if=/dev/urandom 2>&- \
   | slopecode
@@ -47,22 +65,17 @@ checkid(){ grep -m 1 -xE '[0-9a-zA-Z:=]{16}'; }
 transid(){
   # transaction ID to modify a given file
   local file="$1"
-  { stat -c %F%i%n%N%s%Y "$file" 2>&-
-    printf %s "$SESSION_ID"
-    server_key
-  } | sha256sum | cut -d\  -f1
+  session_mac "$(stat -c %F%i%n%N%s%Y "$file" 2>&-)" "$SESSION_ID"
 }
 
 update_session(){
-  local session sid time sig serverkey checksig
+  local session sid time sig checksig
 
-  IFS=- read -r sid time sig <<-END
+  read -r sid time sig <<-END
        $(POST session_key || COOKIE session)
        END
-  serverkey="$(server_key)"
   
-  checksig="$(printf %s "$sid" "$time" "$serverkey" | sha256sum)"
-  checksig="${checksig%% *}"
+  checksig="$(session_mac "$sid" "$time")"
   
   if ! [ "$checksig" = "$sig" \
     -a "$time" -ge "$_DATE" \
@@ -73,11 +86,27 @@ update_session(){
   fi
 
   time=$(( $_DATE + $SESSION_TIMEOUT ))
-  sig="$(printf %s "$sid" "$time" "$serverkey" |sha256sum)"
-  sig="${sig%% *}"
-  printf %s\\n "${sid}-${time}-${sig}"
+  sig="$(session_mac "$sid" "$time")"
+  printf %s\\n "${sid} ${time} ${sig}"
 }
 
 SESSION_KEY="$(update_session)"
 SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly
-SESSION_ID="${SESSION_KEY%%-*}"
+SESSION_ID="${SESSION_KEY%% *}"
+
+SESSION_BIND() {
+  local key="$1" value="$2"
+  SET_COOKIE session "$key"="${value} $(session_mac "$value" "$SESSION_ID")"
+}
+
+SESSION_VAR() {
+  local key="$1"
+  local value sig
+  value="$(COOKIE "$key")"
+  sig="${value##* }" value="${value% *}"
+  if [ "$sig" = "$(session_mac "$value" "$SESSION_ID")" ]; then
+    printf %s\\n "$value"
+  else
+    return 1
+  fi
+}