challenges: prevent unbounded growth of stored cookies by bundling all state onto a single JWT token

2025-05-03 17:30:39 +02:00
parent 2cb5972371
commit 0e62f80f9b
19 changed files with 273 additions and 177 deletions
--- a/lib/challenge/dnsbl/dnsbl.go
+++ b/lib/challenge/dnsbl/dnsbl.go
@@ -125,18 +125,10 @@ func FillRegistration(state challenge.StateInterface, reg *challenge.Registratio
 		}

 		if result.Bad() {
-			token, err := reg.IssueChallengeToken(state.PrivateKey(), key, nil, expiry, false)
-			if err != nil {
-				return challenge.VerifyResultFail
-			}
-			utils.SetCookie(data.CookiePrefix+reg.Name, token, expiry, w, r)
+			data.IssueChallengeToken(reg, key, nil, expiry, false)
 			return challenge.VerifyResultNotOK
 		} else {
-			token, err := reg.IssueChallengeToken(state.PrivateKey(), key, nil, expiry, true)
-			if err != nil {
-				return challenge.VerifyResultFail
-			}
-			utils.SetCookie(data.CookiePrefix+reg.Name, token, expiry, w, r)
+			data.IssueChallengeToken(reg, key, nil, expiry, true)
 			return challenge.VerifyResultOK
 		}
 	}