X-Git-Url: https://git.plutz.net/?p=confetti;a=blobdiff_plain;f=cgilite%2Fsession.sh;fp=cgilite%2Fsession.sh;h=12788d3eb534292349b8146ac1c50db80118398b;hp=0000000000000000000000000000000000000000;hb=5ab459e666f2526f671fe222cd1646a4e6798b27;hpb=5fb7c241229b8788d4d7fefd4d20ad43c75ce557 diff --git a/cgilite/session.sh b/cgilite/session.sh new file mode 100755 index 0000000..12788d3 --- /dev/null +++ b/cgilite/session.sh @@ -0,0 +1,83 @@ +#!/bin/sh + +[ -n "$include_session" ] && return 0 +include_session="$0" + +_DATE="$(date +%s)" +SESSION_TIMEOUT="${SESSION_TIMEOUT:-7200}" + +server_key(){ + IDFILE="${IDFILE:-${_DATA:-.}/serverkey}" + if [ "$(stat -c %s "$IDFILE")" -ne 512 ] || ! cat "$IDFILE"; then + dd count=1 bs=512 if=/dev/urandom \ + | tee "$IDFILE" + fi 2>&- +} + +slopecode(){ + # 6-Bit Code that retains sort order of input data, while beeing safe to use + # in ascii transmissions, unix file names, HTTP URLs, and HTML attributes + + uuencode -m - | sed ' + 1d;$d; + y;ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/;0123456789:=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz; + ' +} + +randomid(){ + dd bs=12 count=1 if=/dev/urandom 2>&- \ + | slopecode +} + +timeid(){ + d=$(($_DATE % 4294967296)) + { printf "$( + printf \\%o \ + $((d / 16777216 % 256)) \ + $((d / 65536 % 256)) \ + $((d / 256 % 256)) \ + $((d % 256)) + )" + dd bs=8 count=1 if=/dev/urandom 2>&- + } | slopecode +} + +checkid(){ grep -m 1 -xE '[0-9a-zA-Z:=]{16}'; } + +transid(){ + # transaction ID to modify a given file + local file="$1" + { stat -c %F%i%n%N%s%Y "$file" 2>&- + printf %s "$SESSION_ID" + server_key + } | sha256sum | cut -d\ -f1 +} + +update_session(){ + local session sid time sig serverkey checksig + + IFS=- read -r sid time sig <<-END + $(POST session_key || COOKIE session) + END + serverkey="$(server_key)" + + checksig="$(printf %s "$sid" "$time" "$serverkey" | sha256sum)" + checksig="${checksig%% *}" + + if ! [ "$checksig" = "$sig" \ + -a "$time" -ge "$_DATE" \ + -a "$(printf %s "$sid" |checkid)" ] 2>&- + then + debug "Setting up new session" + sid="$(randomid)" + fi + + time=$(( $_DATE + $SESSION_TIMEOUT )) + sig="$(printf %s "$sid" "$time" "$serverkey" |sha256sum)" + sig="${sig%% *}" + printf %s\\n "${sid}-${time}-${sig}" +} + +SESSION_KEY="$(update_session)" +SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly +SESSION_ID="${SESSION_KEY%%-*}"