diff options
| author |  default | 2024-11-12 09:01:30 +0100 |
|---|---|---|
| committer | default | 2024-11-12 09:01:30 +0100 |
| commit | 19b9998f8c42918430f7c41ebd40b8339b9d7cd7 (patch) | |
| tree | 8e2a88f826cc8bf61878f50292d68d1b21597915 | |
| parent | mastoapi: a lot of proxy code. (diff) | |
| download | snac2-19b9998f8c42918430f7c41ebd40b8339b9d7cd7.tar.gz snac2-19b9998f8c42918430f7c41ebd40b8339b9d7cd7.tar.xz snac2-19b9998f8c42918430f7c41ebd40b8339b9d7cd7.zip | |
The proxy token seed is created on startup and never stored.
| -rw-r--r-- | data.c | 17 | ||||
| -rw-r--r-- | html.c | 2 | ||||
| -rw-r--r-- | snac.c | 1 | ||||
| -rw-r--r-- | snac.h | 1 |
4 files changed, 7 insertions, 14 deletions
| @@ -165,21 +165,12 @@ int srv_open(const char *basedir, int auto_upgrade) | |||
| 165 | write_default_css(); | 165 | write_default_css(); |
| 166 | } | 166 | } |
| 167 | 167 | ||
| 168 | /* if proxy_media is set but there is no token seed, create one */ | 168 | /* create the proxy token seed */ |
| 169 | if (xs_is_true(xs_dict_get(srv_config, "proxy_media")) && | 169 | { |
| 170 | xs_is_null(xs_dict_get(srv_config, "proxy_token_seed"))) { | ||
| 171 | char rnd[16]; | 170 | char rnd[16]; |
| 172 | xs_rnd_buf(rnd, sizeof(rnd)); | 171 | xs_rnd_buf(rnd, sizeof(rnd)); |
| 173 | xs *pts = xs_hex_enc(rnd, sizeof(rnd)); | ||
| 174 | |||
| 175 | xs_dict_set(srv_config, "proxy_token_seed", pts); | ||
| 176 | 172 | ||
| 177 | if ((f = fopen(cfg_file, "w")) != NULL) { | 173 | srv_proxy_token_seed = xs_hex_enc(rnd, sizeof(rnd)); |
| 178 | xs_json_dump(srv_config, 4, f); | ||
| 179 | fclose(f); | ||
| 180 | |||
| 181 | srv_log(xs_fmt("Created proxy_token_seed")); | ||
| 182 | } | ||
| 183 | } | 174 | } |
| 184 | 175 | ||
| 185 | return ret; | 176 | return ret; |
| @@ -3679,7 +3670,7 @@ xs_str *make_url(const char *href, const char *proxy, int by_token) | |||
| 3679 | xs *p = NULL; | 3670 | xs *p = NULL; |
| 3680 | 3671 | ||
| 3681 | if (by_token) { | 3672 | if (by_token) { |
| 3682 | xs *tks = xs_fmt("%s:%s", xs_dict_get(srv_config, "proxy_token_seed"), proxy); | 3673 | xs *tks = xs_fmt("%s:%s", srv_proxy_token_seed, proxy); |
| 3683 | xs *tk = xs_md5_hex(tks, strlen(tks)); | 3674 | xs *tk = xs_md5_hex(tks, strlen(tks)); |
| 3684 | 3675 | ||
| 3685 | p = xs_fmt("%s/y/%s/", proxy, tk); | 3676 | p = xs_fmt("%s/y/%s/", proxy, tk); |
| @@ -3208,7 +3208,7 @@ int html_get_handler(const xs_dict *req, const char *q_path, | |||
| 3208 | } | 3208 | } |
| 3209 | else { | 3209 | else { |
| 3210 | /* proxy usage authorized by proxy_token */ | 3210 | /* proxy usage authorized by proxy_token */ |
| 3211 | xs *tks = xs_fmt("%s:%s", xs_dict_get(srv_config, "proxy_token_seed"), snac.actor); | 3211 | xs *tks = xs_fmt("%s:%s", srv_proxy_token_seed, snac.actor); |
| 3212 | xs *tk = xs_md5_hex(tks, strlen(tks)); | 3212 | xs *tk = xs_md5_hex(tks, strlen(tks)); |
| 3213 | xs *p = xs_fmt("y/%s/", tk); | 3213 | xs *p = xs_fmt("y/%s/", tk); |
| 3214 | 3214 | ||
| @@ -33,6 +33,7 @@ | |||
| 33 | xs_str *srv_basedir = NULL; | 33 | xs_str *srv_basedir = NULL; |
| 34 | xs_dict *srv_config = NULL; | 34 | xs_dict *srv_config = NULL; |
| 35 | xs_str *srv_baseurl = NULL; | 35 | xs_str *srv_baseurl = NULL; |
| 36 | xs_str *srv_proxy_token_seed = NULL; | ||
| 36 | 37 | ||
| 37 | int dbglevel = 0; | 38 | int dbglevel = 0; |
| 38 | 39 | ||
| @@ -26,6 +26,7 @@ extern double disk_layout; | |||
| 26 | extern xs_str *srv_basedir; | 26 | extern xs_str *srv_basedir; |
| 27 | extern xs_dict *srv_config; | 27 | extern xs_dict *srv_config; |
| 28 | extern xs_str *srv_baseurl; | 28 | extern xs_str *srv_baseurl; |
| 29 | extern xs_str *srv_proxy_token_seed; | ||
| 29 | 30 | ||
| 30 | extern int dbglevel; | 31 | extern int dbglevel; |
| 31 | 32 | ||