diff options
| author | Omar Roth <omarroth@hotmail.com> | 2018-11-11 09:44:16 -0600 |
|---|---|---|
| committer | Omar Roth <omarroth@hotmail.com> | 2018-11-11 09:44:16 -0600 |
| commit | 1465cefa179acfa37f3d06275c95523bb7fac6e2 (patch) | |
| tree | 93d952ffba026d2b79ffe67fcb63ec6f2e2d3ffc /src | |
| parent | dcddb6fb83df5a0ae0381466897e7fbeb91fe94e (diff) | |
| download | invidious-1465cefa179acfa37f3d06275c95523bb7fac6e2.tar.gz invidious-1465cefa179acfa37f3d06275c95523bb7fac6e2.tar.bz2 invidious-1465cefa179acfa37f3d06275c95523bb7fac6e2.zip | |
Move HMAC tokens into users.cr
Diffstat (limited to 'src')
| -rw-r--r-- | src/invidious/helpers/helpers.cr | 52 | ||||
| -rw-r--r-- | src/invidious/users.cr | 52 |
2 files changed, 52 insertions, 52 deletions
diff --git a/src/invidious/helpers/helpers.cr b/src/invidious/helpers/helpers.cr index 877a9d32..92a2e1b1 100644 --- a/src/invidious/helpers/helpers.cr +++ b/src/invidious/helpers/helpers.cr @@ -389,55 +389,3 @@ def extract_items(nodeset, ucid = nil) return items end - -def create_response(user_id, operation, key, expire = 6.hours) - expire = Time.now + expire - nonce = Random::Secure.hex(4) - - challenge = "#{expire.to_unix}-#{nonce}-#{user_id}-#{operation}" - token = OpenSSL::HMAC.digest(:sha256, key, challenge) - - challenge = Base64.urlsafe_encode(challenge) - token = Base64.urlsafe_encode(token) - - return challenge, token -end - -def validate_response(challenge, token, user_id, operation, key) - if !challenge - raise "Hidden field \"challenge\" is a required field" - end - - if !token - raise "Hidden field \"token\" is a required field" - end - - challenge = Base64.decode_string(challenge) - if challenge.split("-").size == 4 - expire, nonce, challenge_user_id, challenge_operation = challenge.split("-") - - expire = expire.to_i? - expire ||= 0 - else - raise "Invalid challenge" - end - - challenge = OpenSSL::HMAC.digest(:sha256, HMAC_KEY, challenge) - challenge = Base64.urlsafe_encode(challenge) - - if challenge != token - raise "Invalid token" - end - - if challenge_operation != operation - raise "Invalid token" - end - - if challenge_user_id != user_id - raise "Invalid token" - end - - if expire < Time.now.to_unix - raise "Token is expired, please try again" - end -end diff --git a/src/invidious/users.cr b/src/invidious/users.cr index b354306f..f8c1c09a 100644 --- a/src/invidious/users.cr +++ b/src/invidious/users.cr @@ -195,3 +195,55 @@ def create_user(sid, email, password) return user end + +def create_response(user_id, operation, key, expire = 6.hours) + expire = Time.now + expire + nonce = Random::Secure.hex(4) + + challenge = "#{expire.to_unix}-#{nonce}-#{user_id}-#{operation}" + token = OpenSSL::HMAC.digest(:sha256, key, challenge) + + challenge = Base64.urlsafe_encode(challenge) + token = Base64.urlsafe_encode(token) + + return challenge, token +end + +def validate_response(challenge, token, user_id, operation, key) + if !challenge + raise "Hidden field \"challenge\" is a required field" + end + + if !token + raise "Hidden field \"token\" is a required field" + end + + challenge = Base64.decode_string(challenge) + if challenge.split("-").size == 4 + expire, nonce, challenge_user_id, challenge_operation = challenge.split("-") + + expire = expire.to_i? + expire ||= 0 + else + raise "Invalid challenge" + end + + challenge = OpenSSL::HMAC.digest(:sha256, HMAC_KEY, challenge) + challenge = Base64.urlsafe_encode(challenge) + + if challenge != token + raise "Invalid token" + end + + if challenge_operation != operation + raise "Invalid token" + end + + if challenge_user_id != user_id + raise "Invalid token" + end + + if expire < Time.now.to_unix + raise "Token is expired, please try again" + end +end |