summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar default2024-11-12 09:01:30 +0100
committerGravatar default2024-11-12 09:01:30 +0100
commit19b9998f8c42918430f7c41ebd40b8339b9d7cd7 (patch)
tree8e2a88f826cc8bf61878f50292d68d1b21597915
parentmastoapi: a lot of proxy code. (diff)
downloadpenes-snac2-19b9998f8c42918430f7c41ebd40b8339b9d7cd7.tar.gz
penes-snac2-19b9998f8c42918430f7c41ebd40b8339b9d7cd7.tar.xz
penes-snac2-19b9998f8c42918430f7c41ebd40b8339b9d7cd7.zip
The proxy token seed is created on startup and never stored.
Diffstat
-rw-r--r--data.c17
-rw-r--r--html.c2
-rw-r--r--snac.c1
-rw-r--r--snac.h1
4 files changed, 7 insertions, 14 deletions
diff --git a/data.c b/data.c
index 30cff0a..1cd69a5 100644
--- a/data.c
+++ b/data.c
@@ -165,21 +165,12 @@ int srv_open(const char *basedir, int auto_upgrade)
165 write_default_css(); 165 write_default_css();
166 } 166 }
167 167
168 /* if proxy_media is set but there is no token seed, create one */ 168 /* create the proxy token seed */
169 if (xs_is_true(xs_dict_get(srv_config, "proxy_media")) && 169 {
170 xs_is_null(xs_dict_get(srv_config, "proxy_token_seed"))) {
171 char rnd[16]; 170 char rnd[16];
172 xs_rnd_buf(rnd, sizeof(rnd)); 171 xs_rnd_buf(rnd, sizeof(rnd));
173 xs *pts = xs_hex_enc(rnd, sizeof(rnd));
174
175 xs_dict_set(srv_config, "proxy_token_seed", pts);
176 172
177 if ((f = fopen(cfg_file, "w")) != NULL) { 173 srv_proxy_token_seed = xs_hex_enc(rnd, sizeof(rnd));
178 xs_json_dump(srv_config, 4, f);
179 fclose(f);
180
181 srv_log(xs_fmt("Created proxy_token_seed"));
182 }
183 } 174 }
184 175
185 return ret; 176 return ret;
@@ -3679,7 +3670,7 @@ xs_str *make_url(const char *href, const char *proxy, int by_token)
3679 xs *p = NULL; 3670 xs *p = NULL;
3680 3671
3681 if (by_token) { 3672 if (by_token) {
3682 xs *tks = xs_fmt("%s:%s", xs_dict_get(srv_config, "proxy_token_seed"), proxy); 3673 xs *tks = xs_fmt("%s:%s", srv_proxy_token_seed, proxy);
3683 xs *tk = xs_md5_hex(tks, strlen(tks)); 3674 xs *tk = xs_md5_hex(tks, strlen(tks));
3684 3675
3685 p = xs_fmt("%s/y/%s/", proxy, tk); 3676 p = xs_fmt("%s/y/%s/", proxy, tk);
diff --git a/html.c b/html.c
index ce4c0a8..d344745 100644
--- a/html.c
+++ b/html.c
@@ -3208,7 +3208,7 @@ int html_get_handler(const xs_dict *req, const char *q_path,
3208 } 3208 }
3209 else { 3209 else {
3210 /* proxy usage authorized by proxy_token */ 3210 /* proxy usage authorized by proxy_token */
3211 xs *tks = xs_fmt("%s:%s", xs_dict_get(srv_config, "proxy_token_seed"), snac.actor); 3211 xs *tks = xs_fmt("%s:%s", srv_proxy_token_seed, snac.actor);
3212 xs *tk = xs_md5_hex(tks, strlen(tks)); 3212 xs *tk = xs_md5_hex(tks, strlen(tks));
3213 xs *p = xs_fmt("y/%s/", tk); 3213 xs *p = xs_fmt("y/%s/", tk);
3214 3214
diff --git a/snac.c b/snac.c
index b9f1032..1ce563b 100644
--- a/snac.c
+++ b/snac.c
@@ -33,6 +33,7 @@
33xs_str *srv_basedir = NULL; 33xs_str *srv_basedir = NULL;
34xs_dict *srv_config = NULL; 34xs_dict *srv_config = NULL;
35xs_str *srv_baseurl = NULL; 35xs_str *srv_baseurl = NULL;
36xs_str *srv_proxy_token_seed = NULL;
36 37
37int dbglevel = 0; 38int dbglevel = 0;
38 39
diff --git a/snac.h b/snac.h
index 9658fc9..4fa2b46 100644
--- a/snac.h
+++ b/snac.h
@@ -26,6 +26,7 @@ extern double disk_layout;
26extern xs_str *srv_basedir; 26extern xs_str *srv_basedir;
27extern xs_dict *srv_config; 27extern xs_dict *srv_config;
28extern xs_str *srv_baseurl; 28extern xs_str *srv_baseurl;
29extern xs_str *srv_proxy_token_seed;
29 30
30extern int dbglevel; 31extern int dbglevel;
31 32
HIC SVNT DRACONES