Yessiest
/
landline
1
1
Fork 0
Code Issues 2 Pull Requests Projects 1 Releases Wiki Activity

Better method naming, HMAC verification and generation fixes, example of using HMAC in cookies

This commit is contained in:
Yessiest 2023-09-20 11:15:33 +04:00
parent 757d34661c
commit 56e3907250
5 changed files with 37 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
examples/cookies-hmac/cookie.ru Normal file
View File

@ -0,0 +1,27 @@
# frozen_string_literal: true
$LOAD_PATH.unshift("#{File.dirname(__FILE__)}/lib")
require 'securerandom'
require 'landline'
require 'landline/util/cookie'
require 'irb'
KEY = SecureRandom.base64(64).freeze
app = Landline::Server.new do
get "/set-cookie" do
cookie "test", (rand * 500).floor.to_s, { hmac: KEY }
header "content-type", "text/plain"
"Cookie set! Visit /get-cookie to view it"
end
get "/get-cookie" do
header "content-type", "text/plain"
if request.cookies.dig('test', 0)&.verify(KEY)
"Cookie is valid and generated by server"
else
"Cookie either doesn't exist or is forged"
end
end
end
run app

1
examples/cookies-hmac/lib Symbolic link
View File

@ -0,0 +1 @@
../../lib

3
examples/cookies-hmac/readme.txt Normal file
View File

@ -0,0 +1,3 @@
shows basic usage of unsigned cookies
please note that this does not sign cookies.

2
lib/landline/response.rb
View File

@ -26,7 +26,7 @@ module Landline
def finalize def finalize
@cookies.each do |_, cookie_array| @cookies.each do |_, cookie_array|
cookie_array.each do |cookie| cookie_array.each do |cookie|
add_header("set-cookie", cookie.to_s) add_header("set-cookie", cookie.finalize)
end end
end end
[@status, @headers, @body] [@status, @headers, @body]

7
lib/landline/util/cookie.rb
View File

@ -44,7 +44,7 @@ module Landline
# Convert cookie to "Set-Cookie: " string representation. # Convert cookie to "Set-Cookie: " string representation.
# @return [String] # @return [String]
def to_s def finalize
sign(@hmac, algorithm: @algorithm, sep: @sep) if @hmac sign(@hmac, algorithm: @algorithm, sep: @sep) if @hmac
ParserCommon.make_value( ParserCommon.make_value(
"#{key.to_s.strip}=#{value.to_s.strip}", "#{key.to_s.strip}=#{value.to_s.strip}",
@ -62,7 +62,8 @@ module Landline
# Convert cookie to "Cookie: " string representation (no params) # Convert cookie to "Cookie: " string representation (no params)
# @return [String] # @return [String]
def to_short def finalize_short
sign(@hmac, algorithm: @algorithm, sep: @sep) if @hmac
"#{key.to_s.strip}=#{value.to_s.strip}" "#{key.to_s.strip}=#{value.to_s.strip}"
end end
@ -103,6 +104,8 @@ module Landline
# @return [Hash{String => Cookie}] # @return [Hash{String => Cookie}]
def self.from_cookie_string(data) def self.from_cookie_string(data)
hash = {} hash = {}
return hash if data.nil?
data.split(";").map do |cookiestr| data.split(";").map do |cookiestr|
key, value = cookiestr.match(/([^=]+)=?(.*)/).to_a[1..].map(&:strip) key, value = cookiestr.match(/([^=]+)=?(.*)/).to_a[1..].map(&:strip)
cookie = Cookie.new(key, value) cookie = Cookie.new(key, value)