• file
• latest
• revisions
• annotate
• diff
• comparison
• raw

src/web/usercookie.lua@6279a7d40ae7 (annotated)

src/web/usercookie.lua

Tue, 09 Mar 2021 12:16:56 +0000

author

Matthew Wild <mwild1@gmail.com>

date

Tue, 09 Mar 2021 12:16:56 +0000

changeset 0

6279a7d40ae7

permissions

-rw-r--r--

Initial commit

0 6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	1	local hmac_sha256 = require"util.hashes".hmac_sha256;
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	2	local base64_encode = require"util.encodings".base64.encode;
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	3	local base64_decode = require"util.encodings".base64.decode;
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	4	local datetime = require"util.datetime";
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	5	local t_insert = table.insert;
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	6
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	7	local function generate(user, expires, key)
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	8	local data = ("%s %s"):format(datetime.date(expires), user);
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	9	local signature = hmac_sha256(key, data);
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	10	return base64_encode(data .. signature);
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	11	end
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	12
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	13	local function verify(cookie, key)
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	14	if not cookie then
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	15	return nil, "no value";
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	16	end
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	17	cookie = base64_decode(cookie);
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	18	if not cookie then
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	19	return nil, "invalid armor";
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	20	end
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	21	local data = cookie:sub(1, -33)
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	22	if cookie:sub(-32) ~= hmac_sha256(key, data) then
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	23	return nil, "invalid signature";
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	24	end
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	25	if data < datetime.date() then
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	26	return nil, "expired";
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	27	end
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	28	return data:sub(12); -- Strip date
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	29	end
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	30
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	31	local function cookiedecode(s)
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	32	local r = {};
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	33	if not s then return r; end
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	34	for k, v in s:gmatch("([%w!#$%%&'*+%-.^_`|~]+)=\"?([%w!#-+--/:<-@%]-`_]+)\"?") do
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	35	r[k] = v;
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	36	t_insert(r, { name = k, value = v });
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	37	end
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	38	return r;
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	39	end
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	40
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	41	return {
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	42	decode = cookiedecode;
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	43	generate = generate;
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	44	verify = verify;
6279a7d40ae7 Initial commit Matthew Wild <mwild1@gmail.com> parents: diff changeset	45	};