From aad0f90a9daf4219b06e874d23efc923bc9b09b6 Mon Sep 17 00:00:00 2001
From: Omar Roth <omarroth@hotmail.com>
Date: Wed, 10 Apr 2019 16:58:46 -0500
Subject: Add 'sign_token'

---
 src/invidious/users.cr | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'src')

diff --git a/src/invidious/users.cr b/src/invidious/users.cr
index 40f24870..ce0bd0ab 100644
--- a/src/invidious/users.cr
+++ b/src/invidious/users.cr
@@ -211,6 +211,25 @@ def create_response(user_id, operation, key, db, expire = 6.hours)
   return challenge, token
 end
 
+def sign_token(key, hash)
+  string_to_sign = [] of String
+  hash.each do |key, value|
+    if key == "signature"
+      next
+    end
+
+    case value
+    when Array
+      string_to_sign << "#{key}=#{value.sort.join(",")}"
+    else
+      string_to_sign << "#{key}=#{value}"
+    end
+  end
+
+  string_to_sign = string_to_sign.sort.join("\n")
+  return Base64.encode(OpenSSL::HMAC.digest(:sha256, key, string_to_sign)).strip
+end
+
 def validate_response(challenge, token, user_id, operation, key, db, locale)
   if !challenge
     raise translate(locale, "Hidden field \"challenge\" is a required field")
-- 
cgit v1.2.3