From ad20d6359bc22fdd4de75e4eed76c7510c3c119f Mon Sep 17 00:00:00 2001
From: Omar Roth <omarroth@hotmail.com>
Date: Mon, 19 Nov 2018 18:41:11 -0600
Subject: Add 'expire' to filter invalid tokens

---
 src/invidious/users.cr | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/invidious/users.cr b/src/invidious/users.cr
index c8769090..b7cb3fbd 100644
--- a/src/invidious/users.cr
+++ b/src/invidious/users.cr
@@ -203,7 +203,7 @@ end
 def create_response(user_id, operation, key, db, expire = 6.hours)
   expire = Time.now + expire
   nonce = Random::Secure.hex(16)
-  db.exec("INSERT INTO nonces VALUES ($1) ON CONFLICT DO NOTHING", nonce)
+  db.exec("INSERT INTO nonces VALUES ($1, $2) ON CONFLICT DO NOTHING", nonce, expire)
 
   challenge = "#{expire.to_unix}-#{nonce}-#{user_id}-#{operation}"
   token = OpenSSL::HMAC.digest(:sha256, key, challenge)
-- 
cgit v1.2.3