commit 0d751a419232cb5786320a88a8bd7de2798f1cc1 · foxwitch.net/core

+16 -1
knotserver/middleware.go
···

       5
       5
        
       	"crypto/sha256"

     

       6
       6
        
       	"encoding/hex"

     

       7
       7
        
       	"net/http"

     

       8
       8
       +
       	"time"

     

       8
       9
        
       )

     

       9
       10
        
       

     

       10
       11
        
       func (h *Handle) VerifySignature(next http.Handler) http.Handler {

     
···

       20
       21
        
       

     

       21
       22
        
       func (h *Handle) verifyHMAC(signature string, r *http.Request) bool {

     

       22
       23
        
       	secret := h.c.Secret

     

       23
       23
       -
       	message := r.Method + r.URL.Path + r.URL.RawQuery

     

       24
       24
       +
       	timestamp := r.Header.Get("X-Timestamp")

     

       25
       25
       +
       	if timestamp == "" {

     

       26
       26
       +
       		return false

     

       27
       27
       +
       	}

     

       28
       28
       +
       

     

       29
       29
       +
       	// Verify that the timestamp is not older than a minute

     

       30
       30
       +
       	reqTime, err := time.Parse(time.RFC3339, timestamp)

     

       31
       31
       +
       	if err != nil {

     

       32
       32
       +
       		return false

     

       33
       33
       +
       	}

     

       34
       34
       +
       	if time.Since(reqTime) > time.Minute {

     

       35
       35
       +
       		return false

     

       36
       36
       +
       	}

     

       37
       37
       +
       

     

       38
       38
       +
       	message := r.Method + r.URL.Path + timestamp

     

       24
       39
        
       

     

       25
       40
        
       	mac := hmac.New(sha256.New, []byte(secret))

     

       26
       41
        
       	mac.Write([]byte(message))