From 1465cefa179acfa37f3d06275c95523bb7fac6e2 Mon Sep 17 00:00:00 2001 From: Omar Roth Date: Sun, 11 Nov 2018 09:44:16 -0600 Subject: [PATCH] Move HMAC tokens into users.cr --- src/invidious/helpers/helpers.cr | 52 -------------------------------- src/invidious/users.cr | 52 ++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+), 52 deletions(-) diff --git a/src/invidious/helpers/helpers.cr b/src/invidious/helpers/helpers.cr index 877a9d32..92a2e1b1 100644 --- a/src/invidious/helpers/helpers.cr +++ b/src/invidious/helpers/helpers.cr @@ -389,55 +389,3 @@ def extract_items(nodeset, ucid = nil) return items end - -def create_response(user_id, operation, key, expire = 6.hours) - expire = Time.now + expire - nonce = Random::Secure.hex(4) - - challenge = "#{expire.to_unix}-#{nonce}-#{user_id}-#{operation}" - token = OpenSSL::HMAC.digest(:sha256, key, challenge) - - challenge = Base64.urlsafe_encode(challenge) - token = Base64.urlsafe_encode(token) - - return challenge, token -end - -def validate_response(challenge, token, user_id, operation, key) - if !challenge - raise "Hidden field \"challenge\" is a required field" - end - - if !token - raise "Hidden field \"token\" is a required field" - end - - challenge = Base64.decode_string(challenge) - if challenge.split("-").size == 4 - expire, nonce, challenge_user_id, challenge_operation = challenge.split("-") - - expire = expire.to_i? - expire ||= 0 - else - raise "Invalid challenge" - end - - challenge = OpenSSL::HMAC.digest(:sha256, HMAC_KEY, challenge) - challenge = Base64.urlsafe_encode(challenge) - - if challenge != token - raise "Invalid token" - end - - if challenge_operation != operation - raise "Invalid token" - end - - if challenge_user_id != user_id - raise "Invalid token" - end - - if expire < Time.now.to_unix - raise "Token is expired, please try again" - end -end diff --git a/src/invidious/users.cr b/src/invidious/users.cr index b354306f..f8c1c09a 100644 --- a/src/invidious/users.cr +++ b/src/invidious/users.cr @@ -195,3 +195,55 @@ def create_user(sid, email, password) return user end + +def create_response(user_id, operation, key, expire = 6.hours) + expire = Time.now + expire + nonce = Random::Secure.hex(4) + + challenge = "#{expire.to_unix}-#{nonce}-#{user_id}-#{operation}" + token = OpenSSL::HMAC.digest(:sha256, key, challenge) + + challenge = Base64.urlsafe_encode(challenge) + token = Base64.urlsafe_encode(token) + + return challenge, token +end + +def validate_response(challenge, token, user_id, operation, key) + if !challenge + raise "Hidden field \"challenge\" is a required field" + end + + if !token + raise "Hidden field \"token\" is a required field" + end + + challenge = Base64.decode_string(challenge) + if challenge.split("-").size == 4 + expire, nonce, challenge_user_id, challenge_operation = challenge.split("-") + + expire = expire.to_i? + expire ||= 0 + else + raise "Invalid challenge" + end + + challenge = OpenSSL::HMAC.digest(:sha256, HMAC_KEY, challenge) + challenge = Base64.urlsafe_encode(challenge) + + if challenge != token + raise "Invalid token" + end + + if challenge_operation != operation + raise "Invalid token" + end + + if challenge_user_id != user_id + raise "Invalid token" + end + + if expire < Time.now.to_unix + raise "Token is expired, please try again" + end +end