X-Git-Url: https://git.plutz.net/?p=confetti;a=blobdiff_plain;f=session.sh;h=b9cef4d3dc2cdfd544b5499754bb9f489010f9b4;hp=0a2a2e8b6583ad95c1d95735de392f9d64e35615;hb=fcfbf01dba9c932dbb66abffa8f65bf1c7a15081;hpb=c0dcd45c3ecac33376e06b7ca470ae56f2ed5e19 diff --git a/session.sh b/session.sh index 0a2a2e8..b9cef4d 100755 --- a/session.sh +++ b/session.sh @@ -3,6 +3,13 @@ [ -n "$include_session" ] && return 0 include_session="$0" +if ! which uuencode >/dev/null; then + uuencode() { busybox uuencode "$@"; } +fi +if ! which sha256sum >/dev/null; then + sha256sum() { busybox sha256sum "$@"; } +fi + _DATE="$(date +%s)" SESSION_TIMEOUT="${SESSION_TIMEOUT:-7200}" @@ -25,10 +32,13 @@ slopecode(){ } session_mac(){ + local info + [ $# -eq 0 ] && info="$(cat)" || info="$*" + if which openssl >/dev/null; then - openssl dgst -sha1 -hmac "$(server_key)" -binary |slopecode + printf %s "$info" |openssl dgst -sha1 -hmac "$(server_key)" -binary |slopecode else - { cat; server_key; } |sha256sum |cut -d\ -f1 + { printf %s "$info"; server_key; } |sha256sum |cut -d\ -f1 fi } @@ -55,20 +65,17 @@ checkid(){ grep -m 1 -xE '[0-9a-zA-Z:=]{16}'; } transid(){ # transaction ID to modify a given file local file="$1" - { stat -c %F%i%n%N%s%Y "$file" 2>&- - printf %s "$SESSION_ID" - } | session_mac + session_mac "$(stat -c %F%i%n%N%s%Y "$file" 2>&-)" "$SESSION_ID" } update_session(){ - local session sid time sig serverkey checksig + local session sid time sig checksig - IFS=- read -r sid time sig <<-END + read -r sid time sig <<-END $(POST session_key || COOKIE session) END - serverkey="$(server_key)" - checksig="$(printf %s "$sid" "$time" |session_mac)" + checksig="$(session_mac "$sid" "$time")" if ! [ "$checksig" = "$sig" \ -a "$time" -ge "$_DATE" \ @@ -79,10 +86,27 @@ update_session(){ fi time=$(( $_DATE + $SESSION_TIMEOUT )) - sig="$(printf %s "$sid" "$time" |session_mac)" - printf %s\\n "${sid}-${time}-${sig}" + sig="$(session_mac "$sid" "$time")" + printf %s\\n "${sid} ${time} ${sig}" } SESSION_KEY="$(update_session)" SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly -SESSION_ID="${SESSION_KEY%%-*}" +SESSION_ID="${SESSION_KEY%% *}" + +SESSION_BIND() { + local key="$1" value="$2" + SET_COOKIE session "$key"="${value} $(session_mac "$value" "$SESSION_ID")" +} + +SESSION_VAR() { + local key="$1" + local value sig + value="$(COOKIE "$key")" + sig="${value##* }" value="${value% *}" + if [ "$sig" = "$(session_mac "$value" "$SESSION_ID")" ]; then + printf %s\\n "$value" + else + return 1 + fi +}