Better method naming, HMAC verification and generation fixes, example of using HMAC in cookies

This commit is contained in:
Yessiest 2023-09-20 11:15:33 +04:00
parent 757d34661c
commit 56e3907250
5 changed files with 37 additions and 3 deletions

View File

@ -0,0 +1,27 @@
# frozen_string_literal: true
$LOAD_PATH.unshift("#{File.dirname(__FILE__)}/lib")
require 'securerandom'
require 'landline'
require 'landline/util/cookie'
require 'irb'
KEY = SecureRandom.base64(64).freeze
app = Landline::Server.new do
get "/set-cookie" do
cookie "test", (rand * 500).floor.to_s, { hmac: KEY }
header "content-type", "text/plain"
"Cookie set! Visit /get-cookie to view it"
end
get "/get-cookie" do
header "content-type", "text/plain"
if request.cookies.dig('test', 0)&.verify(KEY)
"Cookie is valid and generated by server"
else
"Cookie either doesn't exist or is forged"
end
end
end
run app

1
examples/cookies-hmac/lib Symbolic link
View File

@ -0,0 +1 @@
../../lib

View File

@ -0,0 +1,3 @@
shows basic usage of unsigned cookies
please note that this does not sign cookies.

View File

@ -26,7 +26,7 @@ module Landline
def finalize
@cookies.each do |_, cookie_array|
cookie_array.each do |cookie|
add_header("set-cookie", cookie.to_s)
add_header("set-cookie", cookie.finalize)
end
end
[@status, @headers, @body]

View File

@ -44,7 +44,7 @@ module Landline
# Convert cookie to "Set-Cookie: " string representation.
# @return [String]
def to_s
def finalize
sign(@hmac, algorithm: @algorithm, sep: @sep) if @hmac
ParserCommon.make_value(
"#{key.to_s.strip}=#{value.to_s.strip}",
@ -62,7 +62,8 @@ module Landline
# Convert cookie to "Cookie: " string representation (no params)
# @return [String]
def to_short
def finalize_short
sign(@hmac, algorithm: @algorithm, sep: @sep) if @hmac
"#{key.to_s.strip}=#{value.to_s.strip}"
end
@ -103,6 +104,8 @@ module Landline
# @return [Hash{String => Cookie}]
def self.from_cookie_string(data)
hash = {}
return hash if data.nil?
data.split(";").map do |cookiestr|
key, value = cookiestr.match(/([^=]+)=?(.*)/).to_a[1..].map(&:strip)
cookie = Cookie.new(key, value)