Yessiest
/
landline
1
1
Fork 0
Code Issues 2 Pull Requests Projects 1 Releases Wiki Activity

HMAC cookie signing

This commit is contained in:
Yessiest 2023-09-20 10:55:45 +04:00
parent 04400bdd67
commit 757d34661c
1 changed files with 37 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
lib/landline/util/cookie.rb
View File

@ -3,6 +3,7 @@
require_relative 'parseutils' require_relative 'parseutils'
require_relative 'errors' require_relative 'errors'
require 'date' require 'date'
require 'openssl'
HeaderRegexp = Landline::Util::HeaderRegexp HeaderRegexp = Landline::Util::HeaderRegexp
ParserCommon = Landline::Util::ParserCommon ParserCommon = Landline::Util::ParserCommon
@ -29,15 +30,22 @@ module Landline
raise Landline::ParsingError, "invalid cookie value: #{value}" raise Landline::ParsingError, "invalid cookie value: #{value}"
end end
# Make param keys strings
params.transform_keys!(&:to_s)
# Primary cookie parameters # Primary cookie parameters
@key = key @key = key
@value = value @value = value
setup_params(params) setup_params(params)
# Cookie signing parameters
setup_hmac(params)
end end
# Convert cookie to "Set-Cookie: " string representation. # Convert cookie to "Set-Cookie: " string representation.
# @return [String] # @return [String]
def to_s def to_s
sign(@hmac, algorithm: @algorithm, sep: @sep) if @hmac
ParserCommon.make_value( ParserCommon.make_value(
"#{key.to_s.strip}=#{value.to_s.strip}", "#{key.to_s.strip}=#{value.to_s.strip}",
{ {
@ -58,6 +66,26 @@ module Landline
"#{key.to_s.strip}=#{value.to_s.strip}" "#{key.to_s.strip}=#{value.to_s.strip}"
end end
# Sign the cookie value with HMAC
# @param key [String] HMAC signing key
# @param algorithm [String] Hash algorithm to use
# @param sep [String] Hash separator
def sign(key, algorithm: "sha256", sep: "&")
@value += sep + ::OpenSSL::HMAC.base64digest(algorithm, key, @value)
end
# Verify HMAC signature
# @param key [String] HMAC signing key
# @param algorithm [String] Hash algorithm
# @param sep [String] Hash separator
# @return [Boolean] whether value is signed and valid
def verify(key, algorithm: "sha256", sep: "&")
val, sig = @value.match(/\A(.*)#{sep}([A-Za-z0-9+\/=]+)\Z/).to_a[1..]
return false unless val and sig
sig == ::OpenSSL::HMAC.base64digest(algorithm, key, val)
end
attr_accessor :key, :value attr_accessor :key, :value
attr_reader :domain, :path, :expires, :maxage, :samesite, :secure, :httponly attr_reader :domain, :path, :expires, :maxage, :samesite, :secure, :httponly
@ -66,7 +94,7 @@ module Landline
# @return [Cookie] # @return [Cookie]
def self.from_setcookie_string(data) def self.from_setcookie_string(data)
kvpair, params = parse_value(data, regexp: HeaderRegexp::COOKIE_PARAM) kvpair, params = parse_value(data, regexp: HeaderRegexp::COOKIE_PARAM)
key, value = kvpair.split("=").map(&:strip) key, value = kvpair.match(/([^=]+)=?(.*)/).to_a[1..].map(&:strip)
Cookie.new(key, value, params) Cookie.new(key, value, params)
end end
@ -76,7 +104,8 @@ module Landline
def self.from_cookie_string(data) def self.from_cookie_string(data)
hash = {} hash = {}
data.split(";").map do |cookiestr| data.split(";").map do |cookiestr|
cookie = Cookie.new(*cookiestr.split("=").map(&:strip)) key, value = cookiestr.match(/([^=]+)=?(.*)/).to_a[1..].map(&:strip)
cookie = Cookie.new(key, value)
if hash[cookie.key] if hash[cookie.key]
hash[cookie.key].append(cookie) hash[cookie.key].append(cookie)
else else
@ -88,6 +117,12 @@ module Landline
private private
def setup_hmac(params)
@hmac = params['hmac']
@algorithm = (params['algorithm'] or "sha256")
@sep = (params['sep'] or "&")
end
def setup_params(params) def setup_params(params)
# Extended cookie params # Extended cookie params
params.transform_keys!(&:downcase) params.transform_keys!(&:downcase)